diff --git a/api-config.yaml b/api-config.yaml
index b1918a1150..def378c730 100644
--- a/api-config.yaml
+++ b/api-config.yaml
@@ -599,12 +599,13 @@ apiMap:
   - kind: CatalogSource
     group: operators.coreos.com
     version: v1alpha1
+# ERROR (objects/index.adoc): "xref:../operatorhub_apis/olm-operator-openshift-io-v1.adoc#olm-operator-openshift-io-v1[`array (OLM)`]" appears to try to reference a file not included in the "openshift-enterprise" distro
 #  - kind: ClusterCatalog
-#    group: catalogd.operatorframework.io
-#    version: v1alpha1
+#    group: olm.operatorframework.io
+#    version: v1
 #  - kind: ClusterExtension
 #    group: olm.operatorframework.io
-#    version: v1alpha1
+#    version: v1
   - kind: ClusterServiceVersion
     group: operators.coreos.com
     version: v1alpha1
@@ -613,7 +614,7 @@ apiMap:
     version: v1alpha1
 #  - kind: OLM
 #    group: operator.openshift.io
-#    version: v1alpha1
+#    version: v1
   - kind: OLMConfig
     group: operators.coreos.com
     version: v1
diff --git a/rest_api/authorization_apis/localsubjectaccessreview-authorization-k8s-io-v1.adoc b/rest_api/authorization_apis/localsubjectaccessreview-authorization-k8s-io-v1.adoc
index c663bd7b1f..0629994bdb 100644
--- a/rest_api/authorization_apis/localsubjectaccessreview-authorization-k8s-io-v1.adoc
+++ b/rest_api/authorization_apis/localsubjectaccessreview-authorization-k8s-io-v1.adoc
@@ -150,10 +150,18 @@ Type::
 |===
 | Property | Type | Description
 
+| `fieldSelector`
+| `object`
+| FieldSelectorAttributes indicates a field limited access. Webhook authors are encouraged to * ensure rawSelector and requirements are not both set * consider the requirements field if set * not try to parse or consider the rawSelector field if set. This is to avoid another CVE-2022-2880 (i.e. getting different systems to agree on how exactly to parse a query is not something we want), see https://www.oxeye.io/resources/golang-parameter-smuggling-attack for more details. For the *SubjectAccessReview endpoints of the kube-apiserver: * If rawSelector is empty and requirements are empty, the request is not limited. * If rawSelector is present and requirements are empty, the rawSelector will be parsed and limited if the parsing succeeds. * If rawSelector is empty and requirements are present, the requirements should be honored * If rawSelector is present and requirements are present, the request is invalid.
+
 | `group`
 | `string`
 | Group is the API Group of the Resource.  "*" means all.
 
+| `labelSelector`
+| `object`
+| LabelSelectorAttributes indicates a label limited access. Webhook authors are encouraged to * ensure rawSelector and requirements are not both set * consider the requirements field if set * not try to parse or consider the rawSelector field if set. This is to avoid another CVE-2022-2880 (i.e. getting different systems to agree on how exactly to parse a query is not something we want), see https://www.oxeye.io/resources/golang-parameter-smuggling-attack for more details. For the *SubjectAccessReview endpoints of the kube-apiserver: * If rawSelector is empty and requirements are empty, the request is not limited. * If rawSelector is present and requirements are empty, the rawSelector will be parsed and limited if the parsing succeeds. * If rawSelector is empty and requirements are present, the requirements should be honored * If rawSelector is present and requirements are present, the request is invalid.
+
 | `name`
 | `string`
 | Name is the name of the resource being requested for a "get" or deleted for a "delete". "" (empty) means all.
@@ -178,6 +186,58 @@ Type::
 | `string`
 | Version is the API Version of the Resource.  "*" means all.
 
+|===
+=== .spec.resourceAttributes.fieldSelector
+Description::
++
+--
+FieldSelectorAttributes indicates a field limited access. Webhook authors are encouraged to * ensure rawSelector and requirements are not both set * consider the requirements field if set * not try to parse or consider the rawSelector field if set. This is to avoid another CVE-2022-2880 (i.e. getting different systems to agree on how exactly to parse a query is not something we want), see https://www.oxeye.io/resources/golang-parameter-smuggling-attack for more details. For the *SubjectAccessReview endpoints of the kube-apiserver: * If rawSelector is empty and requirements are empty, the request is not limited. * If rawSelector is present and requirements are empty, the rawSelector will be parsed and limited if the parsing succeeds. * If rawSelector is empty and requirements are present, the requirements should be honored * If rawSelector is present and requirements are present, the request is invalid.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `rawSelector`
+| `string`
+| rawSelector is the serialization of a field selector that would be included in a query parameter. Webhook implementations are encouraged to ignore rawSelector. The kube-apiserver's *SubjectAccessReview will parse the rawSelector as long as the requirements are not present.
+
+| `requirements`
+| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-FieldSelectorRequirement[`array (FieldSelectorRequirement)`]
+| requirements is the parsed interpretation of a field selector. All requirements must be met for a resource instance to match the selector. Webhook implementations should handle requirements, but how to handle them is up to the webhook. Since requirements can only limit the request, it is safe to authorize as unlimited request if the requirements are not understood.
+
+|===
+=== .spec.resourceAttributes.labelSelector
+Description::
++
+--
+LabelSelectorAttributes indicates a label limited access. Webhook authors are encouraged to * ensure rawSelector and requirements are not both set * consider the requirements field if set * not try to parse or consider the rawSelector field if set. This is to avoid another CVE-2022-2880 (i.e. getting different systems to agree on how exactly to parse a query is not something we want), see https://www.oxeye.io/resources/golang-parameter-smuggling-attack for more details. For the *SubjectAccessReview endpoints of the kube-apiserver: * If rawSelector is empty and requirements are empty, the request is not limited. * If rawSelector is present and requirements are empty, the rawSelector will be parsed and limited if the parsing succeeds. * If rawSelector is empty and requirements are present, the requirements should be honored * If rawSelector is present and requirements are present, the request is invalid.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `rawSelector`
+| `string`
+| rawSelector is the serialization of a field selector that would be included in a query parameter. Webhook implementations are encouraged to ignore rawSelector. The kube-apiserver's *SubjectAccessReview will parse the rawSelector as long as the requirements are not present.
+
+| `requirements`
+| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-LabelSelectorRequirement[`array (LabelSelectorRequirement)`]
+| requirements is the parsed interpretation of a label selector. All requirements must be met for a resource instance to match the selector. Webhook implementations should handle requirements, but how to handle them is up to the webhook. Since requirements can only limit the request, it is safe to authorize as unlimited request if the requirements are not understood.
+
 |===
 === .status
 Description::
diff --git a/rest_api/authorization_apis/selfsubjectaccessreview-authorization-k8s-io-v1.adoc b/rest_api/authorization_apis/selfsubjectaccessreview-authorization-k8s-io-v1.adoc
index 0a88f821cd..6f3022daec 100644
--- a/rest_api/authorization_apis/selfsubjectaccessreview-authorization-k8s-io-v1.adoc
+++ b/rest_api/authorization_apis/selfsubjectaccessreview-authorization-k8s-io-v1.adoc
@@ -117,10 +117,18 @@ Type::
 |===
 | Property | Type | Description
 
+| `fieldSelector`
+| `object`
+| FieldSelectorAttributes indicates a field limited access. Webhook authors are encouraged to * ensure rawSelector and requirements are not both set * consider the requirements field if set * not try to parse or consider the rawSelector field if set. This is to avoid another CVE-2022-2880 (i.e. getting different systems to agree on how exactly to parse a query is not something we want), see https://www.oxeye.io/resources/golang-parameter-smuggling-attack for more details. For the *SubjectAccessReview endpoints of the kube-apiserver: * If rawSelector is empty and requirements are empty, the request is not limited. * If rawSelector is present and requirements are empty, the rawSelector will be parsed and limited if the parsing succeeds. * If rawSelector is empty and requirements are present, the requirements should be honored * If rawSelector is present and requirements are present, the request is invalid.
+
 | `group`
 | `string`
 | Group is the API Group of the Resource.  "*" means all.
 
+| `labelSelector`
+| `object`
+| LabelSelectorAttributes indicates a label limited access. Webhook authors are encouraged to * ensure rawSelector and requirements are not both set * consider the requirements field if set * not try to parse or consider the rawSelector field if set. This is to avoid another CVE-2022-2880 (i.e. getting different systems to agree on how exactly to parse a query is not something we want), see https://www.oxeye.io/resources/golang-parameter-smuggling-attack for more details. For the *SubjectAccessReview endpoints of the kube-apiserver: * If rawSelector is empty and requirements are empty, the request is not limited. * If rawSelector is present and requirements are empty, the rawSelector will be parsed and limited if the parsing succeeds. * If rawSelector is empty and requirements are present, the requirements should be honored * If rawSelector is present and requirements are present, the request is invalid.
+
 | `name`
 | `string`
 | Name is the name of the resource being requested for a "get" or deleted for a "delete". "" (empty) means all.
@@ -145,6 +153,58 @@ Type::
 | `string`
 | Version is the API Version of the Resource.  "*" means all.
 
+|===
+=== .spec.resourceAttributes.fieldSelector
+Description::
++
+--
+FieldSelectorAttributes indicates a field limited access. Webhook authors are encouraged to * ensure rawSelector and requirements are not both set * consider the requirements field if set * not try to parse or consider the rawSelector field if set. This is to avoid another CVE-2022-2880 (i.e. getting different systems to agree on how exactly to parse a query is not something we want), see https://www.oxeye.io/resources/golang-parameter-smuggling-attack for more details. For the *SubjectAccessReview endpoints of the kube-apiserver: * If rawSelector is empty and requirements are empty, the request is not limited. * If rawSelector is present and requirements are empty, the rawSelector will be parsed and limited if the parsing succeeds. * If rawSelector is empty and requirements are present, the requirements should be honored * If rawSelector is present and requirements are present, the request is invalid.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `rawSelector`
+| `string`
+| rawSelector is the serialization of a field selector that would be included in a query parameter. Webhook implementations are encouraged to ignore rawSelector. The kube-apiserver's *SubjectAccessReview will parse the rawSelector as long as the requirements are not present.
+
+| `requirements`
+| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-FieldSelectorRequirement[`array (FieldSelectorRequirement)`]
+| requirements is the parsed interpretation of a field selector. All requirements must be met for a resource instance to match the selector. Webhook implementations should handle requirements, but how to handle them is up to the webhook. Since requirements can only limit the request, it is safe to authorize as unlimited request if the requirements are not understood.
+
+|===
+=== .spec.resourceAttributes.labelSelector
+Description::
++
+--
+LabelSelectorAttributes indicates a label limited access. Webhook authors are encouraged to * ensure rawSelector and requirements are not both set * consider the requirements field if set * not try to parse or consider the rawSelector field if set. This is to avoid another CVE-2022-2880 (i.e. getting different systems to agree on how exactly to parse a query is not something we want), see https://www.oxeye.io/resources/golang-parameter-smuggling-attack for more details. For the *SubjectAccessReview endpoints of the kube-apiserver: * If rawSelector is empty and requirements are empty, the request is not limited. * If rawSelector is present and requirements are empty, the rawSelector will be parsed and limited if the parsing succeeds. * If rawSelector is empty and requirements are present, the requirements should be honored * If rawSelector is present and requirements are present, the request is invalid.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `rawSelector`
+| `string`
+| rawSelector is the serialization of a field selector that would be included in a query parameter. Webhook implementations are encouraged to ignore rawSelector. The kube-apiserver's *SubjectAccessReview will parse the rawSelector as long as the requirements are not present.
+
+| `requirements`
+| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-LabelSelectorRequirement[`array (LabelSelectorRequirement)`]
+| requirements is the parsed interpretation of a label selector. All requirements must be met for a resource instance to match the selector. Webhook implementations should handle requirements, but how to handle them is up to the webhook. Since requirements can only limit the request, it is safe to authorize as unlimited request if the requirements are not understood.
+
 |===
 === .status
 Description::
diff --git a/rest_api/authorization_apis/subjectaccessreview-authorization-k8s-io-v1.adoc b/rest_api/authorization_apis/subjectaccessreview-authorization-k8s-io-v1.adoc
index 16cf6e7662..b9efdeef17 100644
--- a/rest_api/authorization_apis/subjectaccessreview-authorization-k8s-io-v1.adoc
+++ b/rest_api/authorization_apis/subjectaccessreview-authorization-k8s-io-v1.adoc
@@ -150,10 +150,18 @@ Type::
 |===
 | Property | Type | Description
 
+| `fieldSelector`
+| `object`
+| FieldSelectorAttributes indicates a field limited access. Webhook authors are encouraged to * ensure rawSelector and requirements are not both set * consider the requirements field if set * not try to parse or consider the rawSelector field if set. This is to avoid another CVE-2022-2880 (i.e. getting different systems to agree on how exactly to parse a query is not something we want), see https://www.oxeye.io/resources/golang-parameter-smuggling-attack for more details. For the *SubjectAccessReview endpoints of the kube-apiserver: * If rawSelector is empty and requirements are empty, the request is not limited. * If rawSelector is present and requirements are empty, the rawSelector will be parsed and limited if the parsing succeeds. * If rawSelector is empty and requirements are present, the requirements should be honored * If rawSelector is present and requirements are present, the request is invalid.
+
 | `group`
 | `string`
 | Group is the API Group of the Resource.  "*" means all.
 
+| `labelSelector`
+| `object`
+| LabelSelectorAttributes indicates a label limited access. Webhook authors are encouraged to * ensure rawSelector and requirements are not both set * consider the requirements field if set * not try to parse or consider the rawSelector field if set. This is to avoid another CVE-2022-2880 (i.e. getting different systems to agree on how exactly to parse a query is not something we want), see https://www.oxeye.io/resources/golang-parameter-smuggling-attack for more details. For the *SubjectAccessReview endpoints of the kube-apiserver: * If rawSelector is empty and requirements are empty, the request is not limited. * If rawSelector is present and requirements are empty, the rawSelector will be parsed and limited if the parsing succeeds. * If rawSelector is empty and requirements are present, the requirements should be honored * If rawSelector is present and requirements are present, the request is invalid.
+
 | `name`
 | `string`
 | Name is the name of the resource being requested for a "get" or deleted for a "delete". "" (empty) means all.
@@ -178,6 +186,58 @@ Type::
 | `string`
 | Version is the API Version of the Resource.  "*" means all.
 
+|===
+=== .spec.resourceAttributes.fieldSelector
+Description::
++
+--
+FieldSelectorAttributes indicates a field limited access. Webhook authors are encouraged to * ensure rawSelector and requirements are not both set * consider the requirements field if set * not try to parse or consider the rawSelector field if set. This is to avoid another CVE-2022-2880 (i.e. getting different systems to agree on how exactly to parse a query is not something we want), see https://www.oxeye.io/resources/golang-parameter-smuggling-attack for more details. For the *SubjectAccessReview endpoints of the kube-apiserver: * If rawSelector is empty and requirements are empty, the request is not limited. * If rawSelector is present and requirements are empty, the rawSelector will be parsed and limited if the parsing succeeds. * If rawSelector is empty and requirements are present, the requirements should be honored * If rawSelector is present and requirements are present, the request is invalid.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `rawSelector`
+| `string`
+| rawSelector is the serialization of a field selector that would be included in a query parameter. Webhook implementations are encouraged to ignore rawSelector. The kube-apiserver's *SubjectAccessReview will parse the rawSelector as long as the requirements are not present.
+
+| `requirements`
+| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-FieldSelectorRequirement[`array (FieldSelectorRequirement)`]
+| requirements is the parsed interpretation of a field selector. All requirements must be met for a resource instance to match the selector. Webhook implementations should handle requirements, but how to handle them is up to the webhook. Since requirements can only limit the request, it is safe to authorize as unlimited request if the requirements are not understood.
+
+|===
+=== .spec.resourceAttributes.labelSelector
+Description::
++
+--
+LabelSelectorAttributes indicates a label limited access. Webhook authors are encouraged to * ensure rawSelector and requirements are not both set * consider the requirements field if set * not try to parse or consider the rawSelector field if set. This is to avoid another CVE-2022-2880 (i.e. getting different systems to agree on how exactly to parse a query is not something we want), see https://www.oxeye.io/resources/golang-parameter-smuggling-attack for more details. For the *SubjectAccessReview endpoints of the kube-apiserver: * If rawSelector is empty and requirements are empty, the request is not limited. * If rawSelector is present and requirements are empty, the rawSelector will be parsed and limited if the parsing succeeds. * If rawSelector is empty and requirements are present, the requirements should be honored * If rawSelector is present and requirements are present, the request is invalid.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `rawSelector`
+| `string`
+| rawSelector is the serialization of a field selector that would be included in a query parameter. Webhook implementations are encouraged to ignore rawSelector. The kube-apiserver's *SubjectAccessReview will parse the rawSelector as long as the requirements are not present.
+
+| `requirements`
+| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-LabelSelectorRequirement[`array (LabelSelectorRequirement)`]
+| requirements is the parsed interpretation of a label selector. All requirements must be met for a resource instance to match the selector. Webhook implementations should handle requirements, but how to handle them is up to the webhook. Since requirements can only limit the request, it is safe to authorize as unlimited request if the requirements are not understood.
+
 |===
 === .status
 Description::
diff --git a/rest_api/autoscale_apis/clusterautoscaler-autoscaling-openshift-io-v1.adoc b/rest_api/autoscale_apis/clusterautoscaler-autoscaling-openshift-io-v1.adoc
index 58dce6ca8c..9c6586622e 100644
--- a/rest_api/autoscale_apis/clusterautoscaler-autoscaling-openshift-io-v1.adoc
+++ b/rest_api/autoscale_apis/clusterautoscaler-autoscaling-openshift-io-v1.adoc
@@ -65,15 +65,36 @@ Type::
 
 | `balanceSimilarNodeGroups`
 | `boolean`
-| BalanceSimilarNodeGroups enables/disables the `--balance-similar-node-groups` cluster-autoscaler feature. This feature will automatically identify node groups with the same instance type and the same set of labels and try to keep the respective sizes of those node groups balanced.
+| BalanceSimilarNodeGroups enables/disables the
+`--balance-similar-node-groups` cluster-autoscaler feature.
+This feature will automatically identify node groups with
+the same instance type and the same set of labels and try
+to keep the respective sizes of those node groups balanced.
 
 | `balancingIgnoredLabels`
 | `array (string)`
-| BalancingIgnoredLabels sets "--balancing-ignore-label <label name>" flag on cluster-autoscaler for each listed label. This option specifies labels that cluster autoscaler should ignore when considering node group similarity. For example, if you have nodes with "topology.ebs.csi.aws.com/zone" label, you can add name of this label here to prevent cluster autoscaler from spliting nodes into different node groups based on its value.
+| BalancingIgnoredLabels sets "--balancing-ignore-label <label name>" flag on cluster-autoscaler for each listed label.
+This option specifies labels that cluster autoscaler should ignore when considering node group similarity.
+For example, if you have nodes with "topology.ebs.csi.aws.com/zone" label, you can add name of this label here
+to prevent cluster autoscaler from spliting nodes into different node groups based on its value.
 
 | `expanders`
 | `array (string)`
-| Sets the type and order of expanders to be used during scale out operations. This option specifies an ordered list, highest priority first, of expanders that will be used by the cluster autoscaler to select node groups for expansion when scaling out. Expanders instruct the autoscaler on how to choose node groups when scaling out the cluster. They can be specified in order so that the result from the first expander is used as the input to the second, and so forth. For example, if set to `[LeastWaste, Random]` the autoscaler will first evaluate node groups to determine which will have the least resource waste, if multiple groups are selected the autoscaler will then randomly choose between those groups to determine the group for scaling. The following expanders are available: * LeastWaste - selects the node group that will have the least idle CPU (if tied, unused memory) after scale-up. * Priority - selects the node group that has the highest priority assigned by the user. For details, please see https://github.com/openshift/kubernetes-autoscaler/blob/master/cluster-autoscaler/expander/priority/readme.md * Random - selects the node group randomly. If not specified, the default value is `Random`, available options are: `LeastWaste`, `Priority`, `Random`.
+| Sets the type and order of expanders to be used during scale out operations.
+This option specifies an ordered list, highest priority first, of expanders that
+will be used by the cluster autoscaler to select node groups for expansion
+when scaling out.
+Expanders instruct the autoscaler on how to choose node groups when scaling out
+the cluster. They can be specified in order so that the result from the first expander
+is used as the input to the second, and so forth. For example, if set to `[LeastWaste, Random]`
+the autoscaler will first evaluate node groups to determine which will have the least
+resource waste, if multiple groups are selected the autoscaler will then randomly choose
+between those groups to determine the group for scaling.
+The following expanders are available:
+* LeastWaste - selects the node group that will have the least idle CPU (if tied, unused memory) after scale-up.
+* Priority - selects the node group that has the highest priority assigned by the user. For details, please see https://github.com/openshift/kubernetes-autoscaler/blob/master/cluster-autoscaler/expander/priority/readme.md
+* Random - selects the node group randomly.
+If not specified, the default value is `Random`, available options are: `LeastWaste`, `Priority`, `Random`.
 
 | `ignoreDaemonsetsUtilization`
 | `boolean`
@@ -81,8 +102,10 @@ Type::
 
 | `logVerbosity`
 | `integer`
-| Sets the autoscaler log level. Default value is 1, level 4 is recommended for DEBUGGING and level 6 will enable almost everything. 
- This option has priority over log level set by the `CLUSTER_AUTOSCALER_VERBOSITY` environment variable.
+| Sets the autoscaler log level.
+Default value is 1, level 4 is recommended for DEBUGGING and level 6 will enable almost everything.
+
+This option has priority over log level set by the `CLUSTER_AUTOSCALER_VERBOSITY` environment variable.
 
 | `maxNodeProvisionTime`
 | `string`
@@ -94,7 +117,9 @@ Type::
 
 | `podPriorityThreshold`
 | `integer`
-| To allow users to schedule "best-effort" pods, which shouldn't trigger Cluster Autoscaler actions, but only run when there are spare resources available, More info: https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#how-does-cluster-autoscaler-work-with-pod-priority-and-preemption
+| To allow users to schedule "best-effort" pods, which shouldn't trigger
+Cluster Autoscaler actions, but only run when there are spare resources available,
+More info: https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#how-does-cluster-autoscaler-work-with-pod-priority-and-preemption
 
 | `resourceLimits`
 | `object`
@@ -128,11 +153,13 @@ Type::
 
 | `cores`
 | `object`
-| Minimum and maximum number of cores in cluster, in the format <min>:<max>. Cluster autoscaler will not scale the cluster beyond these numbers.
+| Minimum and maximum number of cores in cluster, in the format <min>:<max>.
+Cluster autoscaler will not scale the cluster beyond these numbers.
 
 | `gpus`
 | `array`
-| Minimum and maximum number of different GPUs in cluster, in the format <gpu_type>:<min>:<max>. Cluster autoscaler will not scale the cluster beyond these numbers. Can be passed multiple times.
+| Minimum and maximum number of different GPUs in cluster, in the format <gpu_type>:<min>:<max>.
+Cluster autoscaler will not scale the cluster beyond these numbers. Can be passed multiple times.
 
 | `gpus[]`
 | `object`
@@ -140,18 +167,21 @@ Type::
 
 | `maxNodesTotal`
 | `integer`
-| Maximum number of nodes in all node groups. Cluster autoscaler will not grow the cluster beyond this number.
+| Maximum number of nodes in all node groups.
+Cluster autoscaler will not grow the cluster beyond this number.
 
 | `memory`
 | `object`
-| Minimum and maximum number of GiB of memory in cluster, in the format <min>:<max>. Cluster autoscaler will not scale the cluster beyond these numbers.
+| Minimum and maximum number of GiB of memory in cluster, in the format <min>:<max>.
+Cluster autoscaler will not scale the cluster beyond these numbers.
 
 |===
 === .spec.resourceLimits.cores
 Description::
 +
 --
-Minimum and maximum number of cores in cluster, in the format <min>:<max>. Cluster autoscaler will not scale the cluster beyond these numbers.
+Minimum and maximum number of cores in cluster, in the format <min>:<max>.
+Cluster autoscaler will not scale the cluster beyond these numbers.
 --
 
 Type::
@@ -180,7 +210,8 @@ Required::
 Description::
 +
 --
-Minimum and maximum number of different GPUs in cluster, in the format <gpu_type>:<min>:<max>. Cluster autoscaler will not scale the cluster beyond these numbers. Can be passed multiple times.
+Minimum and maximum number of different GPUs in cluster, in the format <gpu_type>:<min>:<max>.
+Cluster autoscaler will not scale the cluster beyond these numbers. Can be passed multiple times.
 --
 
 Type::
@@ -220,14 +251,19 @@ Required::
 
 | `type`
 | `string`
-| The type of GPU to associate with the minimum and maximum limits. This value is used by the Cluster Autoscaler to identify Nodes that will have GPU capacity by searching for it as a label value on the Node objects. For example, Nodes that carry the label key `cluster-api/accelerator` with the label value being the same as the Type field will be counted towards the resource limits by the Cluster Autoscaler.
+| The type of GPU to associate with the minimum and maximum limits.
+This value is used by the Cluster Autoscaler to identify Nodes that will have GPU capacity by searching
+for it as a label value on the Node objects. For example, Nodes that carry the label key
+`cluster-api/accelerator` with the label value being the same as the Type field will be counted towards
+the resource limits by the Cluster Autoscaler.
 
 |===
 === .spec.resourceLimits.memory
 Description::
 +
 --
-Minimum and maximum number of GiB of memory in cluster, in the format <min>:<max>. Cluster autoscaler will not scale the cluster beyond these numbers.
+Minimum and maximum number of GiB of memory in cluster, in the format <min>:<max>.
+Cluster autoscaler will not scale the cluster beyond these numbers.
 --
 
 Type::
diff --git a/rest_api/autoscale_apis/machineautoscaler-autoscaling-openshift-io-v1beta1.adoc b/rest_api/autoscale_apis/machineautoscaler-autoscaling-openshift-io-v1beta1.adoc
index 9537b93f4a..cef537b35b 100644
--- a/rest_api/autoscale_apis/machineautoscaler-autoscaling-openshift-io-v1beta1.adoc
+++ b/rest_api/autoscale_apis/machineautoscaler-autoscaling-openshift-io-v1beta1.adoc
@@ -102,15 +102,22 @@ Required::
 
 | `apiVersion`
 | `string`
-| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+| APIVersion defines the versioned schema of this representation of an
+object. Servers should convert recognized schemas to the latest internal
+value, and may reject unrecognized values. More info:
+https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
 
 | `kind`
 | `string`
-| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+| Kind is a string value representing the REST resource this object
+represents. Servers may infer this from the endpoint the client submits
+requests to. Cannot be updated. In CamelCase. More info:
+https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
 
 | `name`
 | `string`
-| Name specifies a name of an object, e.g. worker-us-east-1a. Scalable resources are expected to exist under a single namespace.
+| Name specifies a name of an object, e.g. worker-us-east-1a.
+Scalable resources are expected to exist under a single namespace.
 
 |===
 === .status
@@ -157,15 +164,22 @@ Required::
 
 | `apiVersion`
 | `string`
-| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+| APIVersion defines the versioned schema of this representation of an
+object. Servers should convert recognized schemas to the latest internal
+value, and may reject unrecognized values. More info:
+https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
 
 | `kind`
 | `string`
-| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+| Kind is a string value representing the REST resource this object
+represents. Servers may infer this from the endpoint the client submits
+requests to. Cannot be updated. In CamelCase. More info:
+https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
 
 | `name`
 | `string`
-| Name specifies a name of an object, e.g. worker-us-east-1a. Scalable resources are expected to exist under a single namespace.
+| Name specifies a name of an object, e.g. worker-us-east-1a.
+Scalable resources are expected to exist under a single namespace.
 
 |===
 
diff --git a/rest_api/cluster_apis/ipaddress-ipam-cluster-x-k8s-io-v1beta1.adoc b/rest_api/cluster_apis/ipaddress-ipam-cluster-x-k8s-io-v1beta1.adoc
index dbfa9e692d..cd7b1e1f52 100644
--- a/rest_api/cluster_apis/ipaddress-ipam-cluster-x-k8s-io-v1beta1.adoc
+++ b/rest_api/cluster_apis/ipaddress-ipam-cluster-x-k8s-io-v1beta1.adoc
@@ -105,8 +105,12 @@ Type::
 | `name`
 | `string`
 | Name of the referent.
-More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
 TODO: Add other useful fields. apiVersion, kind, uid?
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 |===
 === .spec.poolRef
diff --git a/rest_api/cluster_apis/ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1.adoc b/rest_api/cluster_apis/ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1.adoc
index 5e8df9f119..d9dcebb52f 100644
--- a/rest_api/cluster_apis/ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1.adoc
+++ b/rest_api/cluster_apis/ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1.adoc
@@ -65,6 +65,10 @@ Required::
 |===
 | Property | Type | Description
 
+| `clusterName`
+| `string`
+| ClusterName is the name of the Cluster this object belongs to.
+
 | `poolRef`
 | `object`
 | PoolRef is a reference to the pool from which an IP address should be created.
@@ -155,8 +159,12 @@ Type::
 | `name`
 | `string`
 | Name of the referent.
-More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
 TODO: Add other useful fields. apiVersion, kind, uid?
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 |===
 === .status.conditions
diff --git a/rest_api/config_apis/apiserver-config-openshift-io-v1.adoc b/rest_api/config_apis/apiserver-config-openshift-io-v1.adoc
index 6bc65bd3ff..ccd034c641 100644
--- a/rest_api/config_apis/apiserver-config-openshift-io-v1.adoc
+++ b/rest_api/config_apis/apiserver-config-openshift-io-v1.adoc
@@ -11,8 +11,11 @@ toc::[]
 Description::
 +
 --
-APIServer holds configuration (like serving certificates, client CA and CORS domains) shared by all API servers in the system, among them especially kube-apiserver and openshift-apiserver. The canonical name of an instance is 'cluster'. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+APIServer holds configuration (like serving certificates, client CA and CORS domains)
+shared by all API servers in the system, among them especially kube-apiserver
+and openshift-apiserver. The canonical name of an instance is 'cluster'.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -68,15 +71,23 @@ Type::
 
 | `additionalCORSAllowedOrigins`
 | `array (string)`
-| additionalCORSAllowedOrigins lists additional, user-defined regular expressions describing hosts for which the API server allows access using the CORS headers. This may be needed to access the API and the integrated OAuth server from JavaScript applications. The values are regular expressions that correspond to the Golang regular expression language.
+| additionalCORSAllowedOrigins lists additional, user-defined regular expressions describing hosts for which the
+API server allows access using the CORS headers. This may be needed to access the API and the integrated OAuth
+server from JavaScript applications.
+The values are regular expressions that correspond to the Golang regular expression language.
 
 | `audit`
 | `object`
-| audit specifies the settings for audit configuration to be applied to all OpenShift-provided API servers in the cluster.
+| audit specifies the settings for audit configuration to be applied to all OpenShift-provided
+API servers in the cluster.
 
 | `clientCA`
 | `object`
-| clientCA references a ConfigMap containing a certificate bundle for the signers that will be recognized for incoming client certificates in addition to the operator managed signers. If this is empty, then only operator managed signers are valid. You usually only have to set this if you have your own PKI you wish to honor client certificates from. The ConfigMap must exist in the openshift-config namespace and contain the following required fields: - ConfigMap.Data["ca-bundle.crt"] - CA bundle.
+| clientCA references a ConfigMap containing a certificate bundle for the signers that will be recognized for
+incoming client certificates in addition to the operator managed signers. If this is empty, then only operator managed signers are valid.
+You usually only have to set this if you have your own PKI you wish to honor client certificates from.
+The ConfigMap must exist in the openshift-config namespace and contain the following required fields:
+- ConfigMap.Data["ca-bundle.crt"] - CA bundle.
 
 | `encryption`
 | `object`
@@ -84,19 +95,24 @@ Type::
 
 | `servingCerts`
 | `object`
-| servingCert is the TLS cert info for serving secure traffic. If not specified, operator managed certificates will be used for serving secure traffic.
+| servingCert is the TLS cert info for serving secure traffic. If not specified, operator managed certificates
+will be used for serving secure traffic.
 
 | `tlsSecurityProfile`
 | `object`
-| tlsSecurityProfile specifies settings for TLS connections for externally exposed servers. 
- If unset, a default (which may change between releases) is chosen. Note that only Old, Intermediate and Custom profiles are currently supported, and the maximum available minTLSVersion is VersionTLS12.
+| tlsSecurityProfile specifies settings for TLS connections for externally exposed servers.
+
+If unset, a default (which may change between releases) is chosen. Note that only Old,
+Intermediate and Custom profiles are currently supported, and the maximum available
+minTLSVersion is VersionTLS12.
 
 |===
 === .spec.audit
 Description::
 +
 --
-audit specifies the settings for audit configuration to be applied to all OpenShift-provided API servers in the cluster.
+audit specifies the settings for audit configuration to be applied to all OpenShift-provided
+API servers in the cluster.
 --
 
 Type::
@@ -111,25 +127,47 @@ Type::
 
 | `customRules`
 | `array`
-| customRules specify profiles per group. These profile take precedence over the top-level profile field if they apply. They are evaluation from top to bottom and the first one that matches, applies.
+| customRules specify profiles per group. These profile take precedence over the
+top-level profile field if they apply. They are evaluation from top to bottom and
+the first one that matches, applies.
 
 | `customRules[]`
 | `object`
-| AuditCustomRule describes a custom rule for an audit profile that takes precedence over the top-level profile.
+| AuditCustomRule describes a custom rule for an audit profile that takes precedence over
+the top-level profile.
 
 | `profile`
 | `string`
-| profile specifies the name of the desired top-level audit profile to be applied to all requests sent to any of the OpenShift-provided API servers in the cluster (kube-apiserver, openshift-apiserver and oauth-apiserver), with the exception of those requests that match one or more of the customRules. 
- The following profiles are provided: - Default: default policy which means MetaData level logging with the exception of events (not logged at all), oauthaccesstokens and oauthauthorizetokens (both logged at RequestBody level). - WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for write requests (create, update, patch). - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response HTTP payloads for read requests (get, list). - None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens. 
- Warning: It is not recommended to disable audit logging by using the `None` profile unless you are fully aware of the risks of not logging data that can be beneficial when troubleshooting issues. If you disable audit logging and a support situation arises, you might need to enable audit logging and reproduce the issue in order to troubleshoot properly. 
- If unset, the 'Default' profile is used as the default.
+| profile specifies the name of the desired top-level audit profile to be applied to all requests
+sent to any of the OpenShift-provided API servers in the cluster (kube-apiserver,
+openshift-apiserver and oauth-apiserver), with the exception of those requests that match
+one or more of the customRules.
+
+The following profiles are provided:
+- Default: default policy which means MetaData level logging with the exception of events
+  (not logged at all), oauthaccesstokens and oauthauthorizetokens (both logged at RequestBody
+  level).
+- WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for
+write requests (create, update, patch).
+- AllRequestBodies: like 'WriteRequestBodies', but also logs request and response
+HTTP payloads for read requests (get, list).
+- None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens.
+
+Warning: It is not recommended to disable audit logging by using the `None` profile unless you
+are fully aware of the risks of not logging data that can be beneficial when troubleshooting issues.
+If you disable audit logging and a support situation arises, you might need to enable audit logging
+and reproduce the issue in order to troubleshoot properly.
+
+If unset, the 'Default' profile is used as the default.
 
 |===
 === .spec.audit.customRules
 Description::
 +
 --
-customRules specify profiles per group. These profile take precedence over the top-level profile field if they apply. They are evaluation from top to bottom and the first one that matches, applies.
+customRules specify profiles per group. These profile take precedence over the
+top-level profile field if they apply. They are evaluation from top to bottom and
+the first one that matches, applies.
 --
 
 Type::
@@ -142,7 +180,8 @@ Type::
 Description::
 +
 --
-AuditCustomRule describes a custom rule for an audit profile that takes precedence over the top-level profile.
+AuditCustomRule describes a custom rule for an audit profile that takes precedence over
+the top-level profile.
 --
 
 Type::
@@ -164,16 +203,29 @@ Required::
 
 | `profile`
 | `string`
-| profile specifies the name of the desired audit policy configuration to be deployed to all OpenShift-provided API servers in the cluster. 
- The following profiles are provided: - Default: the existing default policy. - WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for write requests (create, update, patch). - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response HTTP payloads for read requests (get, list). - None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens. 
- If unset, the 'Default' profile is used as the default.
+| profile specifies the name of the desired audit policy configuration to be deployed to
+all OpenShift-provided API servers in the cluster.
+
+The following profiles are provided:
+- Default: the existing default policy.
+- WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for
+write requests (create, update, patch).
+- AllRequestBodies: like 'WriteRequestBodies', but also logs request and response
+HTTP payloads for read requests (get, list).
+- None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens.
+
+If unset, the 'Default' profile is used as the default.
 
 |===
 === .spec.clientCA
 Description::
 +
 --
-clientCA references a ConfigMap containing a certificate bundle for the signers that will be recognized for incoming client certificates in addition to the operator managed signers. If this is empty, then only operator managed signers are valid. You usually only have to set this if you have your own PKI you wish to honor client certificates from. The ConfigMap must exist in the openshift-config namespace and contain the following required fields: - ConfigMap.Data["ca-bundle.crt"] - CA bundle.
+clientCA references a ConfigMap containing a certificate bundle for the signers that will be recognized for
+incoming client certificates in addition to the operator managed signers. If this is empty, then only operator managed signers are valid.
+You usually only have to set this if you have your own PKI you wish to honor client certificates from.
+The ConfigMap must exist in the openshift-config namespace and contain the following required fields:
+- ConfigMap.Data["ca-bundle.crt"] - CA bundle.
 --
 
 Type::
@@ -212,16 +264,27 @@ Type::
 
 | `type`
 | `string`
-| type defines what encryption type should be used to encrypt resources at the datastore layer. When this field is unset (i.e. when it is set to the empty string), identity is implied. The behavior of unset can and will change over time.  Even if encryption is enabled by default, the meaning of unset may change to a different encryption type based on changes in best practices. 
- When encryption is enabled, all sensitive resources shipped with the platform are encrypted. This list of sensitive resources can and will change over time.  The current authoritative list is: 
- 1. secrets 2. configmaps 3. routes.route.openshift.io 4. oauthaccesstokens.oauth.openshift.io 5. oauthauthorizetokens.oauth.openshift.io
+| type defines what encryption type should be used to encrypt resources at the datastore layer.
+When this field is unset (i.e. when it is set to the empty string), identity is implied.
+The behavior of unset can and will change over time.  Even if encryption is enabled by default,
+the meaning of unset may change to a different encryption type based on changes in best practices.
+
+When encryption is enabled, all sensitive resources shipped with the platform are encrypted.
+This list of sensitive resources can and will change over time.  The current authoritative list is:
+
+  1. secrets
+  2. configmaps
+  3. routes.route.openshift.io
+  4. oauthaccesstokens.oauth.openshift.io
+  5. oauthauthorizetokens.oauth.openshift.io
 
 |===
 === .spec.servingCerts
 Description::
 +
 --
-servingCert is the TLS cert info for serving secure traffic. If not specified, operator managed certificates will be used for serving secure traffic.
+servingCert is the TLS cert info for serving secure traffic. If not specified, operator managed certificates
+will be used for serving secure traffic.
 --
 
 Type::
@@ -236,7 +299,9 @@ Type::
 
 | `namedCertificates`
 | `array`
-| namedCertificates references secrets containing the TLS cert info for serving secure traffic to specific hostnames. If no named certificates are provided, or no named certificates match the server name as understood by a client, the defaultServingCertificate will be used.
+| namedCertificates references secrets containing the TLS cert info for serving secure traffic to specific hostnames.
+If no named certificates are provided, or no named certificates match the server name as understood by a client,
+the defaultServingCertificate will be used.
 
 | `namedCertificates[]`
 | `object`
@@ -247,7 +312,9 @@ Type::
 Description::
 +
 --
-namedCertificates references secrets containing the TLS cert info for serving secure traffic to specific hostnames. If no named certificates are provided, or no named certificates match the server name as understood by a client, the defaultServingCertificate will be used.
+namedCertificates references secrets containing the TLS cert info for serving secure traffic to specific hostnames.
+If no named certificates are provided, or no named certificates match the server name as understood by a client,
+the defaultServingCertificate will be used.
 --
 
 Type::
@@ -275,18 +342,26 @@ Type::
 
 | `names`
 | `array (string)`
-| names is a optional list of explicit DNS names (leading wildcards allowed) that should use this certificate to serve secure traffic. If no names are provided, the implicit names will be extracted from the certificates. Exact names trump over wildcard names. Explicit names defined here trump over extracted implicit names.
+| names is a optional list of explicit DNS names (leading wildcards allowed) that should use this certificate to
+serve secure traffic. If no names are provided, the implicit names will be extracted from the certificates.
+Exact names trump over wildcard names. Explicit names defined here trump over extracted implicit names.
 
 | `servingCertificate`
 | `object`
-| servingCertificate references a kubernetes.io/tls type secret containing the TLS cert info for serving secure traffic. The secret must exist in the openshift-config namespace and contain the following required fields: - Secret.Data["tls.key"] - TLS private key. - Secret.Data["tls.crt"] - TLS certificate.
+| servingCertificate references a kubernetes.io/tls type secret containing the TLS cert info for serving secure traffic.
+The secret must exist in the openshift-config namespace and contain the following required fields:
+- Secret.Data["tls.key"] - TLS private key.
+- Secret.Data["tls.crt"] - TLS certificate.
 
 |===
 === .spec.servingCerts.namedCertificates[].servingCertificate
 Description::
 +
 --
-servingCertificate references a kubernetes.io/tls type secret containing the TLS cert info for serving secure traffic. The secret must exist in the openshift-config namespace and contain the following required fields: - Secret.Data["tls.key"] - TLS private key. - Secret.Data["tls.crt"] - TLS certificate.
+servingCertificate references a kubernetes.io/tls type secret containing the TLS cert info for serving secure traffic.
+The secret must exist in the openshift-config namespace and contain the following required fields:
+- Secret.Data["tls.key"] - TLS private key.
+- Secret.Data["tls.crt"] - TLS certificate.
 --
 
 Type::
@@ -310,8 +385,11 @@ Required::
 Description::
 +
 --
-tlsSecurityProfile specifies settings for TLS connections for externally exposed servers. 
- If unset, a default (which may change between releases) is chosen. Note that only Old, Intermediate and Custom profiles are currently supported, and the maximum available minTLSVersion is VersionTLS12.
+tlsSecurityProfile specifies settings for TLS connections for externally exposed servers.
+
+If unset, a default (which may change between releases) is chosen. Note that only Old,
+Intermediate and Custom profiles are currently supported, and the maximum available
+minTLSVersion is VersionTLS12.
 --
 
 Type::
@@ -326,87 +404,158 @@ Type::
 
 | `custom`
 | ``
-| custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this: 
- ciphers: 
- - ECDHE-ECDSA-CHACHA20-POLY1305 
- - ECDHE-RSA-CHACHA20-POLY1305 
- - ECDHE-RSA-AES128-GCM-SHA256 
- - ECDHE-ECDSA-AES128-GCM-SHA256 
- minTLSVersion: VersionTLS11
+| custom is a user-defined TLS security profile. Be extremely careful using a custom
+profile as invalid configurations can be catastrophic. An example custom profile
+looks like this:
+
+  ciphers:
+
+    - ECDHE-ECDSA-CHACHA20-POLY1305
+
+    - ECDHE-RSA-CHACHA20-POLY1305
+
+    - ECDHE-RSA-AES128-GCM-SHA256
+
+    - ECDHE-ECDSA-AES128-GCM-SHA256
+
+  minTLSVersion: VersionTLS11
 
 | `intermediate`
 | ``
-| intermediate is a TLS security profile based on: 
- https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 
- and looks like this (yaml): 
- ciphers: 
- - TLS_AES_128_GCM_SHA256 
- - TLS_AES_256_GCM_SHA384 
- - TLS_CHACHA20_POLY1305_SHA256 
- - ECDHE-ECDSA-AES128-GCM-SHA256 
- - ECDHE-RSA-AES128-GCM-SHA256 
- - ECDHE-ECDSA-AES256-GCM-SHA384 
- - ECDHE-RSA-AES256-GCM-SHA384 
- - ECDHE-ECDSA-CHACHA20-POLY1305 
- - ECDHE-RSA-CHACHA20-POLY1305 
- - DHE-RSA-AES128-GCM-SHA256 
- - DHE-RSA-AES256-GCM-SHA384 
- minTLSVersion: VersionTLS12
+| intermediate is a TLS security profile based on:
+
+https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29
+
+and looks like this (yaml):
+
+  ciphers:
+
+    - TLS_AES_128_GCM_SHA256
+
+    - TLS_AES_256_GCM_SHA384
+
+    - TLS_CHACHA20_POLY1305_SHA256
+
+    - ECDHE-ECDSA-AES128-GCM-SHA256
+
+    - ECDHE-RSA-AES128-GCM-SHA256
+
+    - ECDHE-ECDSA-AES256-GCM-SHA384
+
+    - ECDHE-RSA-AES256-GCM-SHA384
+
+    - ECDHE-ECDSA-CHACHA20-POLY1305
+
+    - ECDHE-RSA-CHACHA20-POLY1305
+
+    - DHE-RSA-AES128-GCM-SHA256
+
+    - DHE-RSA-AES256-GCM-SHA384
+
+  minTLSVersion: VersionTLS12
 
 | `modern`
 | ``
-| modern is a TLS security profile based on: 
- https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility 
- and looks like this (yaml): 
- ciphers: 
- - TLS_AES_128_GCM_SHA256 
- - TLS_AES_256_GCM_SHA384 
- - TLS_CHACHA20_POLY1305_SHA256 
- minTLSVersion: VersionTLS13
+| modern is a TLS security profile based on:
+
+https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
+
+and looks like this (yaml):
+
+  ciphers:
+
+    - TLS_AES_128_GCM_SHA256
+
+    - TLS_AES_256_GCM_SHA384
+
+    - TLS_CHACHA20_POLY1305_SHA256
+
+  minTLSVersion: VersionTLS13
 
 | `old`
 | ``
-| old is a TLS security profile based on: 
- https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility 
- and looks like this (yaml): 
- ciphers: 
- - TLS_AES_128_GCM_SHA256 
- - TLS_AES_256_GCM_SHA384 
- - TLS_CHACHA20_POLY1305_SHA256 
- - ECDHE-ECDSA-AES128-GCM-SHA256 
- - ECDHE-RSA-AES128-GCM-SHA256 
- - ECDHE-ECDSA-AES256-GCM-SHA384 
- - ECDHE-RSA-AES256-GCM-SHA384 
- - ECDHE-ECDSA-CHACHA20-POLY1305 
- - ECDHE-RSA-CHACHA20-POLY1305 
- - DHE-RSA-AES128-GCM-SHA256 
- - DHE-RSA-AES256-GCM-SHA384 
- - DHE-RSA-CHACHA20-POLY1305 
- - ECDHE-ECDSA-AES128-SHA256 
- - ECDHE-RSA-AES128-SHA256 
- - ECDHE-ECDSA-AES128-SHA 
- - ECDHE-RSA-AES128-SHA 
- - ECDHE-ECDSA-AES256-SHA384 
- - ECDHE-RSA-AES256-SHA384 
- - ECDHE-ECDSA-AES256-SHA 
- - ECDHE-RSA-AES256-SHA 
- - DHE-RSA-AES128-SHA256 
- - DHE-RSA-AES256-SHA256 
- - AES128-GCM-SHA256 
- - AES256-GCM-SHA384 
- - AES128-SHA256 
- - AES256-SHA256 
- - AES128-SHA 
- - AES256-SHA 
- - DES-CBC3-SHA 
- minTLSVersion: VersionTLS10
+| old is a TLS security profile based on:
+
+https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility
+
+and looks like this (yaml):
+
+  ciphers:
+
+    - TLS_AES_128_GCM_SHA256
+
+    - TLS_AES_256_GCM_SHA384
+
+    - TLS_CHACHA20_POLY1305_SHA256
+
+    - ECDHE-ECDSA-AES128-GCM-SHA256
+
+    - ECDHE-RSA-AES128-GCM-SHA256
+
+    - ECDHE-ECDSA-AES256-GCM-SHA384
+
+    - ECDHE-RSA-AES256-GCM-SHA384
+
+    - ECDHE-ECDSA-CHACHA20-POLY1305
+
+    - ECDHE-RSA-CHACHA20-POLY1305
+
+    - DHE-RSA-AES128-GCM-SHA256
+
+    - DHE-RSA-AES256-GCM-SHA384
+
+    - DHE-RSA-CHACHA20-POLY1305
+
+    - ECDHE-ECDSA-AES128-SHA256
+
+    - ECDHE-RSA-AES128-SHA256
+
+    - ECDHE-ECDSA-AES128-SHA
+
+    - ECDHE-RSA-AES128-SHA
+
+    - ECDHE-ECDSA-AES256-SHA384
+
+    - ECDHE-RSA-AES256-SHA384
+
+    - ECDHE-ECDSA-AES256-SHA
+
+    - ECDHE-RSA-AES256-SHA
+
+    - DHE-RSA-AES128-SHA256
+
+    - DHE-RSA-AES256-SHA256
+
+    - AES128-GCM-SHA256
+
+    - AES256-GCM-SHA384
+
+    - AES128-SHA256
+
+    - AES256-SHA256
+
+    - AES128-SHA
+
+    - AES256-SHA
+
+    - DES-CBC3-SHA
+
+  minTLSVersion: VersionTLS10
 
 | `type`
 | `string`
-| type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. Old, Intermediate and Modern are TLS security profiles based on: 
- https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations 
- The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure.  Depending on precisely which ciphers are available to a process, the list may be reduced. 
- Note that the Modern profile is currently not supported because it is not yet well adopted by common software libraries.
+| type is one of Old, Intermediate, Modern or Custom. Custom provides
+the ability to specify individual TLS security profile parameters.
+Old, Intermediate and Modern are TLS security profiles based on:
+
+https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations
+
+The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers
+are found to be insecure.  Depending on precisely which ciphers are available to a process, the list may be
+reduced.
+
+Note that the Modern profile is currently not supported because it is not
+yet well adopted by common software libraries.
 
 |===
 === .status
diff --git a/rest_api/config_apis/authentication-config-openshift-io-v1.adoc b/rest_api/config_apis/authentication-config-openshift-io-v1.adoc
index cb4cffbe9a..1da2388d9d 100644
--- a/rest_api/config_apis/authentication-config-openshift-io-v1.adoc
+++ b/rest_api/config_apis/authentication-config-openshift-io-v1.adoc
@@ -11,8 +11,10 @@ toc::[]
 Description::
 +
 --
-Authentication specifies cluster-wide settings for authentication (like OAuth and webhook token authenticators). The canonical name of an instance is `cluster`. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+Authentication specifies cluster-wide settings for authentication (like OAuth and
+webhook token authenticators). The canonical name of an instance is `cluster`.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -68,20 +70,44 @@ Type::
 
 | `oauthMetadata`
 | `object`
-| oauthMetadata contains the discovery endpoint data for OAuth 2.0 Authorization Server Metadata for an external OAuth server. This discovery document can be viewed from its served location: oc get --raw '/.well-known/oauth-authorization-server' For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 If oauthMetadata.name is non-empty, this value has precedence over any metadata reference stored in status. The key "oauthMetadata" is used to locate the data. If specified and the config map or expected key is not found, no metadata is served. If the specified metadata is not valid, no metadata is served. The namespace for this config map is openshift-config.
+| oauthMetadata contains the discovery endpoint data for OAuth 2.0
+Authorization Server Metadata for an external OAuth server.
+This discovery document can be viewed from its served location:
+oc get --raw '/.well-known/oauth-authorization-server'
+For further details, see the IETF Draft:
+https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2
+If oauthMetadata.name is non-empty, this value has precedence
+over any metadata reference stored in status.
+The key "oauthMetadata" is used to locate the data.
+If specified and the config map or expected key is not found, no metadata is served.
+If the specified metadata is not valid, no metadata is served.
+The namespace for this config map is openshift-config.
 
 | `serviceAccountIssuer`
 | `string`
-| serviceAccountIssuer is the identifier of the bound service account token issuer. The default is https://kubernetes.default.svc WARNING: Updating this field will not result in immediate invalidation of all bound tokens with the previous issuer value. Instead, the tokens issued by previous service account issuer will continue to be trusted for a time period chosen by the platform (currently set to 24h). This time period is subject to change over time. This allows internal components to transition to use new service account issuer without service distruption.
+| serviceAccountIssuer is the identifier of the bound service account token
+issuer.
+The default is https://kubernetes.default.svc
+WARNING: Updating this field will not result in immediate invalidation of all bound tokens with the
+previous issuer value. Instead, the tokens issued by previous service account issuer will continue to
+be trusted for a time period chosen by the platform (currently set to 24h).
+This time period is subject to change over time.
+This allows internal components to transition to use new service account issuer without service distruption.
 
 | `type`
 | `string`
-| type identifies the cluster managed, user facing authentication mode in use. Specifically, it manages the component that responds to login attempts. The default is IntegratedOAuth.
+| type identifies the cluster managed, user facing authentication mode in use.
+Specifically, it manages the component that responds to login attempts.
+The default is IntegratedOAuth.
 
 | `webhookTokenAuthenticator`
 | `object`
-| webhookTokenAuthenticator configures a remote token reviewer. These remote authentication webhooks can be used to verify bearer tokens via the tokenreviews.authentication.k8s.io REST API. This is required to honor bearer tokens that are provisioned by an external authentication service. 
- Can only be set if "Type" is set to "None".
+| webhookTokenAuthenticator configures a remote token reviewer.
+These remote authentication webhooks can be used to verify bearer tokens
+via the tokenreviews.authentication.k8s.io REST API. This is required to
+honor bearer tokens that are provisioned by an external authentication service.
+
+Can only be set if "Type" is set to "None".
 
 | `webhookTokenAuthenticators`
 | `array`
@@ -89,14 +115,26 @@ Type::
 
 | `webhookTokenAuthenticators[]`
 | `object`
-| deprecatedWebhookTokenAuthenticator holds the necessary configuration options for a remote token authenticator. It's the same as WebhookTokenAuthenticator but it's missing the 'required' validation on KubeConfig field.
+| deprecatedWebhookTokenAuthenticator holds the necessary configuration options for a remote token authenticator.
+It's the same as WebhookTokenAuthenticator but it's missing the 'required' validation on KubeConfig field.
 
 |===
 === .spec.oauthMetadata
 Description::
 +
 --
-oauthMetadata contains the discovery endpoint data for OAuth 2.0 Authorization Server Metadata for an external OAuth server. This discovery document can be viewed from its served location: oc get --raw '/.well-known/oauth-authorization-server' For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 If oauthMetadata.name is non-empty, this value has precedence over any metadata reference stored in status. The key "oauthMetadata" is used to locate the data. If specified and the config map or expected key is not found, no metadata is served. If the specified metadata is not valid, no metadata is served. The namespace for this config map is openshift-config.
+oauthMetadata contains the discovery endpoint data for OAuth 2.0
+Authorization Server Metadata for an external OAuth server.
+This discovery document can be viewed from its served location:
+oc get --raw '/.well-known/oauth-authorization-server'
+For further details, see the IETF Draft:
+https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2
+If oauthMetadata.name is non-empty, this value has precedence
+over any metadata reference stored in status.
+The key "oauthMetadata" is used to locate the data.
+If specified and the config map or expected key is not found, no metadata is served.
+If the specified metadata is not valid, no metadata is served.
+The namespace for this config map is openshift-config.
 --
 
 Type::
@@ -120,8 +158,12 @@ Required::
 Description::
 +
 --
-webhookTokenAuthenticator configures a remote token reviewer. These remote authentication webhooks can be used to verify bearer tokens via the tokenreviews.authentication.k8s.io REST API. This is required to honor bearer tokens that are provisioned by an external authentication service. 
- Can only be set if "Type" is set to "None".
+webhookTokenAuthenticator configures a remote token reviewer.
+These remote authentication webhooks can be used to verify bearer tokens
+via the tokenreviews.authentication.k8s.io REST API. This is required to
+honor bearer tokens that are provisioned by an external authentication service.
+
+Can only be set if "Type" is set to "None".
 --
 
 Type::
@@ -138,20 +180,34 @@ Required::
 
 | `kubeConfig`
 | `object`
-| kubeConfig references a secret that contains kube config file data which describes how to access the remote webhook service. The namespace for the referenced secret is openshift-config. 
- For further details, see: 
- https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication 
- The key "kubeConfig" is used to locate the data. If the secret or expected key is not found, the webhook is not honored. If the specified kube config data is not valid, the webhook is not honored.
+| kubeConfig references a secret that contains kube config file data which
+describes how to access the remote webhook service.
+The namespace for the referenced secret is openshift-config.
+
+For further details, see:
+
+https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication
+
+The key "kubeConfig" is used to locate the data.
+If the secret or expected key is not found, the webhook is not honored.
+If the specified kube config data is not valid, the webhook is not honored.
 
 |===
 === .spec.webhookTokenAuthenticator.kubeConfig
 Description::
 +
 --
-kubeConfig references a secret that contains kube config file data which describes how to access the remote webhook service. The namespace for the referenced secret is openshift-config. 
- For further details, see: 
- https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication 
- The key "kubeConfig" is used to locate the data. If the secret or expected key is not found, the webhook is not honored. If the specified kube config data is not valid, the webhook is not honored.
+kubeConfig references a secret that contains kube config file data which
+describes how to access the remote webhook service.
+The namespace for the referenced secret is openshift-config.
+
+For further details, see:
+
+https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication
+
+The key "kubeConfig" is used to locate the data.
+If the secret or expected key is not found, the webhook is not honored.
+If the specified kube config data is not valid, the webhook is not honored.
 --
 
 Type::
@@ -188,7 +244,8 @@ Type::
 Description::
 +
 --
-deprecatedWebhookTokenAuthenticator holds the necessary configuration options for a remote token authenticator. It's the same as WebhookTokenAuthenticator but it's missing the 'required' validation on KubeConfig field.
+deprecatedWebhookTokenAuthenticator holds the necessary configuration options for a remote token authenticator.
+It's the same as WebhookTokenAuthenticator but it's missing the 'required' validation on KubeConfig field.
 --
 
 Type::
@@ -203,14 +260,26 @@ Type::
 
 | `kubeConfig`
 | `object`
-| kubeConfig contains kube config file data which describes how to access the remote webhook service. For further details, see: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication The key "kubeConfig" is used to locate the data. If the secret or expected key is not found, the webhook is not honored. If the specified kube config data is not valid, the webhook is not honored. The namespace for this secret is determined by the point of use.
+| kubeConfig contains kube config file data which describes how to access the remote webhook service.
+For further details, see:
+https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication
+The key "kubeConfig" is used to locate the data.
+If the secret or expected key is not found, the webhook is not honored.
+If the specified kube config data is not valid, the webhook is not honored.
+The namespace for this secret is determined by the point of use.
 
 |===
 === .spec.webhookTokenAuthenticators[].kubeConfig
 Description::
 +
 --
-kubeConfig contains kube config file data which describes how to access the remote webhook service. For further details, see: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication The key "kubeConfig" is used to locate the data. If the secret or expected key is not found, the webhook is not honored. If the specified kube config data is not valid, the webhook is not honored. The namespace for this secret is determined by the point of use.
+kubeConfig contains kube config file data which describes how to access the remote webhook service.
+For further details, see:
+https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication
+The key "kubeConfig" is used to locate the data.
+If the secret or expected key is not found, the webhook is not honored.
+If the specified kube config data is not valid, the webhook is not honored.
+The namespace for this secret is determined by the point of use.
 --
 
 Type::
@@ -249,14 +318,38 @@ Type::
 
 | `integratedOAuthMetadata`
 | `object`
-| integratedOAuthMetadata contains the discovery endpoint data for OAuth 2.0 Authorization Server Metadata for the in-cluster integrated OAuth server. This discovery document can be viewed from its served location: oc get --raw '/.well-known/oauth-authorization-server' For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 This contains the observed value based on cluster state. An explicitly set value in spec.oauthMetadata has precedence over this field. This field has no meaning if authentication spec.type is not set to IntegratedOAuth. The key "oauthMetadata" is used to locate the data. If the config map or expected key is not found, no metadata is served. If the specified metadata is not valid, no metadata is served. The namespace for this config map is openshift-config-managed.
+| integratedOAuthMetadata contains the discovery endpoint data for OAuth 2.0
+Authorization Server Metadata for the in-cluster integrated OAuth server.
+This discovery document can be viewed from its served location:
+oc get --raw '/.well-known/oauth-authorization-server'
+For further details, see the IETF Draft:
+https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2
+This contains the observed value based on cluster state.
+An explicitly set value in spec.oauthMetadata has precedence over this field.
+This field has no meaning if authentication spec.type is not set to IntegratedOAuth.
+The key "oauthMetadata" is used to locate the data.
+If the config map or expected key is not found, no metadata is served.
+If the specified metadata is not valid, no metadata is served.
+The namespace for this config map is openshift-config-managed.
 
 |===
 === .status.integratedOAuthMetadata
 Description::
 +
 --
-integratedOAuthMetadata contains the discovery endpoint data for OAuth 2.0 Authorization Server Metadata for the in-cluster integrated OAuth server. This discovery document can be viewed from its served location: oc get --raw '/.well-known/oauth-authorization-server' For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 This contains the observed value based on cluster state. An explicitly set value in spec.oauthMetadata has precedence over this field. This field has no meaning if authentication spec.type is not set to IntegratedOAuth. The key "oauthMetadata" is used to locate the data. If the config map or expected key is not found, no metadata is served. If the specified metadata is not valid, no metadata is served. The namespace for this config map is openshift-config-managed.
+integratedOAuthMetadata contains the discovery endpoint data for OAuth 2.0
+Authorization Server Metadata for the in-cluster integrated OAuth server.
+This discovery document can be viewed from its served location:
+oc get --raw '/.well-known/oauth-authorization-server'
+For further details, see the IETF Draft:
+https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2
+This contains the observed value based on cluster state.
+An explicitly set value in spec.oauthMetadata has precedence over this field.
+This field has no meaning if authentication spec.type is not set to IntegratedOAuth.
+The key "oauthMetadata" is used to locate the data.
+If the config map or expected key is not found, no metadata is served.
+If the specified metadata is not valid, no metadata is served.
+The namespace for this config map is openshift-config-managed.
 --
 
 Type::
diff --git a/rest_api/config_apis/build-config-openshift-io-v1.adoc b/rest_api/config_apis/build-config-openshift-io-v1.adoc
index bf00179fc2..0aef1f0a48 100644
--- a/rest_api/config_apis/build-config-openshift-io-v1.adoc
+++ b/rest_api/config_apis/build-config-openshift-io-v1.adoc
@@ -11,9 +11,12 @@ toc::[]
 Description::
 +
 --
-Build configures the behavior of OpenShift builds for the entire cluster. This includes default settings that can be overridden in BuildConfig objects, and overrides which are applied to all builds. 
- The canonical name is "cluster" 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+Build configures the behavior of OpenShift builds for the entire cluster.
+This includes default settings that can be overridden in BuildConfig objects, and overrides which are applied to all builds.
+
+The canonical name is "cluster"
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -65,8 +68,12 @@ Type::
 
 | `additionalTrustedCA`
 | `object`
-| AdditionalTrustedCA is a reference to a ConfigMap containing additional CAs that should be trusted for image pushes and pulls during builds. The namespace for this config map is openshift-config. 
- DEPRECATED: Additional CAs for image pull and push should be set on image.config.openshift.io/cluster instead.
+| AdditionalTrustedCA is a reference to a ConfigMap containing additional CAs that
+should be trusted for image pushes and pulls during builds.
+The namespace for this config map is openshift-config.
+
+DEPRECATED: Additional CAs for image pull and push should be set on
+image.config.openshift.io/cluster instead.
 
 | `buildDefaults`
 | `object`
@@ -81,8 +88,12 @@ Type::
 Description::
 +
 --
-AdditionalTrustedCA is a reference to a ConfigMap containing additional CAs that should be trusted for image pushes and pulls during builds. The namespace for this config map is openshift-config. 
- DEPRECATED: Additional CAs for image pull and push should be set on image.config.openshift.io/cluster instead.
+AdditionalTrustedCA is a reference to a ConfigMap containing additional CAs that
+should be trusted for image pushes and pulls during builds.
+The namespace for this config map is openshift-config.
+
+DEPRECATED: Additional CAs for image pull and push should be set on
+image.config.openshift.io/cluster instead.
 --
 
 Type::
@@ -121,12 +132,16 @@ Type::
 
 | `defaultProxy`
 | `object`
-| DefaultProxy contains the default proxy settings for all build operations, including image pull/push and source download. 
- Values can be overrode by setting the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` environment variables in the build config's strategy.
+| DefaultProxy contains the default proxy settings for all build operations, including image pull/push
+and source download.
+
+Values can be overrode by setting the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` environment variables
+in the build config's strategy.
 
 | `env`
 | `array`
-| Env is a set of default environment variables that will be applied to the build if the specified variables do not exist on the build
+| Env is a set of default environment variables that will be applied to the
+build if the specified variables do not exist on the build
 
 | `env[]`
 | `object`
@@ -134,12 +149,16 @@ Type::
 
 | `gitProxy`
 | `object`
-| GitProxy contains the proxy settings for git operations only. If set, this will override any Proxy settings for all git commands, such as git clone. 
- Values that are not set here will be inherited from DefaultProxy.
+| GitProxy contains the proxy settings for git operations only. If set, this will override
+any Proxy settings for all git commands, such as git clone.
+
+Values that are not set here will be inherited from DefaultProxy.
 
 | `imageLabels`
 | `array`
-| ImageLabels is a list of docker labels that are applied to the resulting image. User can override a default label by providing a label with the same name in their Build/BuildConfig.
+| ImageLabels is a list of docker labels that are applied to the resulting image.
+User can override a default label by providing a label with the same name in their
+Build/BuildConfig.
 
 | `imageLabels[]`
 | `object`
@@ -154,8 +173,11 @@ Type::
 Description::
 +
 --
-DefaultProxy contains the default proxy settings for all build operations, including image pull/push and source download. 
- Values can be overrode by setting the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` environment variables in the build config's strategy.
+DefaultProxy contains the default proxy settings for all build operations, including image pull/push
+and source download.
+
+Values can be overrode by setting the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` environment variables
+in the build config's strategy.
 --
 
 Type::
@@ -178,7 +200,8 @@ Type::
 
 | `noProxy`
 | `string`
-| noProxy is a comma-separated list of hostnames and/or CIDRs and/or IPs for which the proxy should not be used. Empty means unset and will not result in an env var.
+| noProxy is a comma-separated list of hostnames and/or CIDRs and/or IPs for which the proxy should not be used.
+Empty means unset and will not result in an env var.
 
 | `readinessEndpoints`
 | `array (string)`
@@ -186,18 +209,58 @@ Type::
 
 | `trustedCA`
 | `object`
-| trustedCA is a reference to a ConfigMap containing a CA certificate bundle. The trustedCA field should only be consumed by a proxy validator. The validator is responsible for reading the certificate bundle from the required key "ca-bundle.crt", merging it with the system default trust bundle, and writing the merged trust bundle to a ConfigMap named "trusted-ca-bundle" in the "openshift-config-managed" namespace. Clients that expect to make proxy connections must use the trusted-ca-bundle for all HTTPS requests to the proxy, and may use the trusted-ca-bundle for non-proxy HTTPS requests as well. 
- The namespace for the ConfigMap referenced by trustedCA is "openshift-config". Here is an example ConfigMap (in yaml): 
- apiVersion: v1 kind: ConfigMap metadata: name: user-ca-bundle namespace: openshift-config data: ca-bundle.crt: \| -----BEGIN CERTIFICATE----- Custom CA certificate bundle. -----END CERTIFICATE-----
+| trustedCA is a reference to a ConfigMap containing a CA certificate bundle.
+The trustedCA field should only be consumed by a proxy validator. The
+validator is responsible for reading the certificate bundle from the required
+key "ca-bundle.crt", merging it with the system default trust bundle,
+and writing the merged trust bundle to a ConfigMap named "trusted-ca-bundle"
+in the "openshift-config-managed" namespace. Clients that expect to make
+proxy connections must use the trusted-ca-bundle for all HTTPS requests to
+the proxy, and may use the trusted-ca-bundle for non-proxy HTTPS requests as
+well.
+
+The namespace for the ConfigMap referenced by trustedCA is
+"openshift-config". Here is an example ConfigMap (in yaml):
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: user-ca-bundle
+ namespace: openshift-config
+ data:
+   ca-bundle.crt: \|
+     -----BEGIN CERTIFICATE-----
+     Custom CA certificate bundle.
+     -----END CERTIFICATE-----
 
 |===
 === .spec.buildDefaults.defaultProxy.trustedCA
 Description::
 +
 --
-trustedCA is a reference to a ConfigMap containing a CA certificate bundle. The trustedCA field should only be consumed by a proxy validator. The validator is responsible for reading the certificate bundle from the required key "ca-bundle.crt", merging it with the system default trust bundle, and writing the merged trust bundle to a ConfigMap named "trusted-ca-bundle" in the "openshift-config-managed" namespace. Clients that expect to make proxy connections must use the trusted-ca-bundle for all HTTPS requests to the proxy, and may use the trusted-ca-bundle for non-proxy HTTPS requests as well. 
- The namespace for the ConfigMap referenced by trustedCA is "openshift-config". Here is an example ConfigMap (in yaml): 
- apiVersion: v1 kind: ConfigMap metadata: name: user-ca-bundle namespace: openshift-config data: ca-bundle.crt: \| -----BEGIN CERTIFICATE----- Custom CA certificate bundle. -----END CERTIFICATE-----
+trustedCA is a reference to a ConfigMap containing a CA certificate bundle.
+The trustedCA field should only be consumed by a proxy validator. The
+validator is responsible for reading the certificate bundle from the required
+key "ca-bundle.crt", merging it with the system default trust bundle,
+and writing the merged trust bundle to a ConfigMap named "trusted-ca-bundle"
+in the "openshift-config-managed" namespace. Clients that expect to make
+proxy connections must use the trusted-ca-bundle for all HTTPS requests to
+the proxy, and may use the trusted-ca-bundle for non-proxy HTTPS requests as
+well.
+
+The namespace for the ConfigMap referenced by trustedCA is
+"openshift-config". Here is an example ConfigMap (in yaml):
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: user-ca-bundle
+ namespace: openshift-config
+ data:
+   ca-bundle.crt: \|
+     -----BEGIN CERTIFICATE-----
+     Custom CA certificate bundle.
+     -----END CERTIFICATE-----
 --
 
 Type::
@@ -221,7 +284,8 @@ Required::
 Description::
 +
 --
-Env is a set of default environment variables that will be applied to the build if the specified variables do not exist on the build
+Env is a set of default environment variables that will be applied to the
+build if the specified variables do not exist on the build
 --
 
 Type::
@@ -255,7 +319,15 @@ Required::
 
 | `value`
 | `string`
-| Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
+| Variable references $(VAR_NAME) are expanded
+using the previously defined environment variables in the container and
+any service environment variables. If a variable cannot be resolved,
+the reference in the input string will be unchanged. Double $$ are reduced
+to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+Escaped references will never be expanded, regardless of whether the variable
+exists or not.
+Defaults to "".
 
 | `valueFrom`
 | `object`
@@ -285,11 +357,13 @@ Type::
 
 | `fieldRef`
 | `object`
-| Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+| Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
 
 | `resourceFieldRef`
 | `object`
-| Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+| Selects a resource of the container: only resources limits and requests
+(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
 
 | `secretKeyRef`
 | `object`
@@ -321,7 +395,11 @@ Required::
 
 | `name`
 | `string`
-| Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 
 | `optional`
 | `boolean`
@@ -332,7 +410,8 @@ Required::
 Description::
 +
 --
-Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
 --
 
 Type::
@@ -360,7 +439,8 @@ Required::
 Description::
 +
 --
-Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+Selects a resource of the container: only resources limits and requests
+(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
 --
 
 Type::
@@ -413,7 +493,11 @@ Required::
 
 | `name`
 | `string`
-| Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 
 | `optional`
 | `boolean`
@@ -424,8 +508,10 @@ Required::
 Description::
 +
 --
-GitProxy contains the proxy settings for git operations only. If set, this will override any Proxy settings for all git commands, such as git clone. 
- Values that are not set here will be inherited from DefaultProxy.
+GitProxy contains the proxy settings for git operations only. If set, this will override
+any Proxy settings for all git commands, such as git clone.
+
+Values that are not set here will be inherited from DefaultProxy.
 --
 
 Type::
@@ -448,7 +534,8 @@ Type::
 
 | `noProxy`
 | `string`
-| noProxy is a comma-separated list of hostnames and/or CIDRs and/or IPs for which the proxy should not be used. Empty means unset and will not result in an env var.
+| noProxy is a comma-separated list of hostnames and/or CIDRs and/or IPs for which the proxy should not be used.
+Empty means unset and will not result in an env var.
 
 | `readinessEndpoints`
 | `array (string)`
@@ -456,18 +543,58 @@ Type::
 
 | `trustedCA`
 | `object`
-| trustedCA is a reference to a ConfigMap containing a CA certificate bundle. The trustedCA field should only be consumed by a proxy validator. The validator is responsible for reading the certificate bundle from the required key "ca-bundle.crt", merging it with the system default trust bundle, and writing the merged trust bundle to a ConfigMap named "trusted-ca-bundle" in the "openshift-config-managed" namespace. Clients that expect to make proxy connections must use the trusted-ca-bundle for all HTTPS requests to the proxy, and may use the trusted-ca-bundle for non-proxy HTTPS requests as well. 
- The namespace for the ConfigMap referenced by trustedCA is "openshift-config". Here is an example ConfigMap (in yaml): 
- apiVersion: v1 kind: ConfigMap metadata: name: user-ca-bundle namespace: openshift-config data: ca-bundle.crt: \| -----BEGIN CERTIFICATE----- Custom CA certificate bundle. -----END CERTIFICATE-----
+| trustedCA is a reference to a ConfigMap containing a CA certificate bundle.
+The trustedCA field should only be consumed by a proxy validator. The
+validator is responsible for reading the certificate bundle from the required
+key "ca-bundle.crt", merging it with the system default trust bundle,
+and writing the merged trust bundle to a ConfigMap named "trusted-ca-bundle"
+in the "openshift-config-managed" namespace. Clients that expect to make
+proxy connections must use the trusted-ca-bundle for all HTTPS requests to
+the proxy, and may use the trusted-ca-bundle for non-proxy HTTPS requests as
+well.
+
+The namespace for the ConfigMap referenced by trustedCA is
+"openshift-config". Here is an example ConfigMap (in yaml):
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: user-ca-bundle
+ namespace: openshift-config
+ data:
+   ca-bundle.crt: \|
+     -----BEGIN CERTIFICATE-----
+     Custom CA certificate bundle.
+     -----END CERTIFICATE-----
 
 |===
 === .spec.buildDefaults.gitProxy.trustedCA
 Description::
 +
 --
-trustedCA is a reference to a ConfigMap containing a CA certificate bundle. The trustedCA field should only be consumed by a proxy validator. The validator is responsible for reading the certificate bundle from the required key "ca-bundle.crt", merging it with the system default trust bundle, and writing the merged trust bundle to a ConfigMap named "trusted-ca-bundle" in the "openshift-config-managed" namespace. Clients that expect to make proxy connections must use the trusted-ca-bundle for all HTTPS requests to the proxy, and may use the trusted-ca-bundle for non-proxy HTTPS requests as well. 
- The namespace for the ConfigMap referenced by trustedCA is "openshift-config". Here is an example ConfigMap (in yaml): 
- apiVersion: v1 kind: ConfigMap metadata: name: user-ca-bundle namespace: openshift-config data: ca-bundle.crt: \| -----BEGIN CERTIFICATE----- Custom CA certificate bundle. -----END CERTIFICATE-----
+trustedCA is a reference to a ConfigMap containing a CA certificate bundle.
+The trustedCA field should only be consumed by a proxy validator. The
+validator is responsible for reading the certificate bundle from the required
+key "ca-bundle.crt", merging it with the system default trust bundle,
+and writing the merged trust bundle to a ConfigMap named "trusted-ca-bundle"
+in the "openshift-config-managed" namespace. Clients that expect to make
+proxy connections must use the trusted-ca-bundle for all HTTPS requests to
+the proxy, and may use the trusted-ca-bundle for non-proxy HTTPS requests as
+well.
+
+The namespace for the ConfigMap referenced by trustedCA is
+"openshift-config". Here is an example ConfigMap (in yaml):
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: user-ca-bundle
+ namespace: openshift-config
+ data:
+   ca-bundle.crt: \|
+     -----BEGIN CERTIFICATE-----
+     Custom CA certificate bundle.
+     -----END CERTIFICATE-----
 --
 
 Type::
@@ -491,7 +618,9 @@ Required::
 Description::
 +
 --
-ImageLabels is a list of docker labels that are applied to the resulting image. User can override a default label by providing a label with the same name in their Build/BuildConfig.
+ImageLabels is a list of docker labels that are applied to the resulting image.
+User can override a default label by providing a label with the same name in their
+Build/BuildConfig.
 --
 
 Type::
@@ -545,9 +674,13 @@ Type::
 
 | `claims`
 | `array`
-| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
- This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
- This field is immutable. It can only be set for containers.
+| Claims lists the names of resources, defined in spec.resourceClaims,
+that are used by this container.
+
+This is an alpha field and requires enabling the
+DynamicResourceAllocation feature gate.
+
+This field is immutable. It can only be set for containers.
 
 | `claims[]`
 | `object`
@@ -555,20 +688,28 @@ Type::
 
 | `limits`
 | `integer-or-string`
-| Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+| Limits describes the maximum amount of compute resources allowed.
+More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
 | `requests`
 | `integer-or-string`
-| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+| Requests describes the minimum amount of compute resources required.
+If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+otherwise to an implementation-defined value. Requests cannot exceed Limits.
+More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
 |===
 === .spec.buildDefaults.resources.claims
 Description::
 +
 --
-Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
- This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
- This field is immutable. It can only be set for containers.
+Claims lists the names of resources, defined in spec.resourceClaims,
+that are used by this container.
+
+This is an alpha field and requires enabling the
+DynamicResourceAllocation feature gate.
+
+This field is immutable. It can only be set for containers.
 --
 
 Type::
@@ -598,7 +739,15 @@ Required::
 
 | `name`
 | `string`
-| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+| Name must match the name of one entry in pod.spec.resourceClaims of
+the Pod where this field is used. It makes that resource available
+inside a container.
+
+| `request`
+| `string`
+| Request is the name chosen for a request in the referenced claim.
+If empty, everything from the claim is made available, otherwise
+only the result of this request.
 
 |===
 === .spec.buildOverrides
@@ -620,11 +769,16 @@ Type::
 
 | `forcePull`
 | `boolean`
-| ForcePull overrides, if set, the equivalent value in the builds, i.e. false disables force pull for all builds, true enables force pull for all builds, independently of what each build specifies itself
+| ForcePull overrides, if set, the equivalent value in the builds,
+i.e. false disables force pull for all builds,
+true enables force pull for all builds,
+independently of what each build specifies itself
 
 | `imageLabels`
 | `array`
-| ImageLabels is a list of docker labels that are applied to the resulting image. If user provided a label in their Build/BuildConfig with the same name as one in this list, the user's label will be overwritten.
+| ImageLabels is a list of docker labels that are applied to the resulting image.
+If user provided a label in their Build/BuildConfig with the same name as one in this
+list, the user's label will be overwritten.
 
 | `imageLabels[]`
 | `object`
@@ -636,18 +790,22 @@ Type::
 
 | `tolerations`
 | `array`
-| Tolerations is a list of Tolerations that will override any existing tolerations set on a build pod.
+| Tolerations is a list of Tolerations that will override any existing
+tolerations set on a build pod.
 
 | `tolerations[]`
 | `object`
-| The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
+| The pod this Toleration is attached to tolerates any taint that matches
+the triple <key,value,effect> using the matching operator <operator>.
 
 |===
 === .spec.buildOverrides.imageLabels
 Description::
 +
 --
-ImageLabels is a list of docker labels that are applied to the resulting image. If user provided a label in their Build/BuildConfig with the same name as one in this list, the user's label will be overwritten.
+ImageLabels is a list of docker labels that are applied to the resulting image.
+If user provided a label in their Build/BuildConfig with the same name as one in this
+list, the user's label will be overwritten.
 --
 
 Type::
@@ -686,7 +844,8 @@ Type::
 Description::
 +
 --
-Tolerations is a list of Tolerations that will override any existing tolerations set on a build pod.
+Tolerations is a list of Tolerations that will override any existing
+tolerations set on a build pod.
 --
 
 Type::
@@ -699,7 +858,8 @@ Type::
 Description::
 +
 --
-The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
+The pod this Toleration is attached to tolerates any taint that matches
+the triple <key,value,effect> using the matching operator <operator>.
 --
 
 Type::
@@ -714,23 +874,32 @@ Type::
 
 | `effect`
 | `string`
-| Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+| Effect indicates the taint effect to match. Empty means match all taint effects.
+When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
 
 | `key`
 | `string`
-| Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+| Key is the taint key that the toleration applies to. Empty means match all taint keys.
+If the key is empty, operator must be Exists; this combination means to match all values and all keys.
 
 | `operator`
 | `string`
-| Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
+| Operator represents a key's relationship to the value.
+Valid operators are Exists and Equal. Defaults to Equal.
+Exists is equivalent to wildcard for value, so that a pod can
+tolerate all taints of a particular category.
 
 | `tolerationSeconds`
 | `integer`
-| TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
+| TolerationSeconds represents the period of time the toleration (which must be
+of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+it is not set, which means tolerate the taint forever (do not evict). Zero and
+negative values will be treated as 0 (evict immediately) by the system.
 
 | `value`
 | `string`
-| Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
+| Value is the taint value the toleration matches to.
+If the operator is Exists, the value should be empty, otherwise just a regular string.
 
 |===
 
diff --git a/rest_api/config_apis/clusteroperator-config-openshift-io-v1.adoc b/rest_api/config_apis/clusteroperator-config-openshift-io-v1.adoc
index 83f4bdab7b..860ee17c77 100644
--- a/rest_api/config_apis/clusteroperator-config-openshift-io-v1.adoc
+++ b/rest_api/config_apis/clusteroperator-config-openshift-io-v1.adoc
@@ -11,8 +11,11 @@ toc::[]
 Description::
 +
 --
-ClusterOperator is the Custom Resource object which holds the current state of an operator. This object is used by operators to convey their state to the rest of the cluster. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ClusterOperator is the Custom Resource object which holds the current state
+of an operator. This object is used by operators to convey their state to
+the rest of the cluster.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -46,7 +49,8 @@ Required::
 
 | `status`
 | `object`
-| status holds the information about the state of an operator.  It is consistent with status information across the Kubernetes ecosystem.
+| status holds the information about the state of an operator.  It is consistent with status information across
+the Kubernetes ecosystem.
 
 |===
 === .spec
@@ -66,7 +70,8 @@ Type::
 Description::
 +
 --
-status holds the information about the state of an operator.  It is consistent with status information across the Kubernetes ecosystem.
+status holds the information about the state of an operator.  It is consistent with status information across
+the Kubernetes ecosystem.
 --
 
 Type::
@@ -85,15 +90,20 @@ Type::
 
 | `conditions[]`
 | `object`
-| ClusterOperatorStatusCondition represents the state of the operator's managed and monitored components.
+| ClusterOperatorStatusCondition represents the state of the operator's
+managed and monitored components.
 
 | `extension`
 | ``
-| extension contains any additional status information specific to the operator which owns this status object.
+| extension contains any additional status information specific to the
+operator which owns this status object.
 
 | `relatedObjects`
 | `array`
-| relatedObjects is a list of objects that are "interesting" or related to this operator.  Common uses are: 1. the detailed resource driving the operator 2. operator namespaces 3. operand namespaces
+| relatedObjects is a list of objects that are "interesting" or related to this operator.  Common uses are:
+1. the detailed resource driving the operator
+2. operator namespaces
+3. operand namespaces
 
 | `relatedObjects[]`
 | `object`
@@ -101,7 +111,9 @@ Type::
 
 | `versions`
 | `array`
-| versions is a slice of operator and operand version tuples.  Operators which manage multiple operands will have multiple operand entries in the array.  Available operators must report the version of the operator itself with the name "operator". An operator reports a new "operator" version when it has rolled out the new version to all of its operands.
+| versions is a slice of operator and operand version tuples.  Operators which manage multiple operands will have multiple
+operand entries in the array.  Available operators must report the version of the operator itself with the name "operator".
+An operator reports a new "operator" version when it has rolled out the new version to all of its operands.
 
 | `versions[]`
 | `object`
@@ -125,7 +137,8 @@ Type::
 Description::
 +
 --
-ClusterOperatorStatusCondition represents the state of the operator's managed and monitored components.
+ClusterOperatorStatusCondition represents the state of the operator's
+managed and monitored components.
 --
 
 Type::
@@ -148,7 +161,9 @@ Required::
 
 | `message`
 | `string`
-| message provides additional information about the current condition. This is only to be consumed by humans.  It may contain Line Feed characters (U+000A), which should be rendered as new lines.
+| message provides additional information about the current condition.
+This is only to be consumed by humans.  It may contain Line Feed
+characters (U+000A), which should be rendered as new lines.
 
 | `reason`
 | `string`
@@ -167,7 +182,10 @@ Required::
 Description::
 +
 --
-relatedObjects is a list of objects that are "interesting" or related to this operator.  Common uses are: 1. the detailed resource driving the operator 2. operator namespaces 3. operand namespaces
+relatedObjects is a list of objects that are "interesting" or related to this operator.  Common uses are:
+1. the detailed resource driving the operator
+2. operator namespaces
+3. operand namespaces
 --
 
 Type::
@@ -218,7 +236,9 @@ Required::
 Description::
 +
 --
-versions is a slice of operator and operand version tuples.  Operators which manage multiple operands will have multiple operand entries in the array.  Available operators must report the version of the operator itself with the name "operator". An operator reports a new "operator" version when it has rolled out the new version to all of its operands.
+versions is a slice of operator and operand version tuples.  Operators which manage multiple operands will have multiple
+operand entries in the array.  Available operators must report the version of the operator itself with the name "operator".
+An operator reports a new "operator" version when it has rolled out the new version to all of its operands.
 --
 
 Type::
@@ -253,7 +273,9 @@ Required::
 
 | `version`
 | `string`
-| version indicates which version of a particular operand is currently being managed.  It must always match the Available operand.  If 1.0.0 is Available, then this must indicate 1.0.0 even if the operator is trying to rollout 1.1.0
+| version indicates which version of a particular operand is currently being managed.  It must always match the Available
+operand.  If 1.0.0 is Available, then this must indicate 1.0.0 even if the operator is trying to rollout
+1.1.0
 
 |===
 
diff --git a/rest_api/config_apis/clusterversion-config-openshift-io-v1.adoc b/rest_api/config_apis/clusterversion-config-openshift-io-v1.adoc
index c998906421..a9e42b7ccb 100644
--- a/rest_api/config_apis/clusterversion-config-openshift-io-v1.adoc
+++ b/rest_api/config_apis/clusterversion-config-openshift-io-v1.adoc
@@ -11,8 +11,10 @@ toc::[]
 Description::
 +
 --
-ClusterVersion is the configuration for the ClusterVersionOperator. This is where parameters related to automatic updates can be set. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ClusterVersion is the configuration for the ClusterVersionOperator. This is where
+parameters related to automatic updates can be set.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -42,18 +44,21 @@ Required::
 
 | `spec`
 | `object`
-| spec is the desired state of the cluster version - the operator will work to ensure that the desired version is applied to the cluster.
+| spec is the desired state of the cluster version - the operator will work
+to ensure that the desired version is applied to the cluster.
 
 | `status`
 | `object`
-| status contains information about the available updates and any in-progress updates.
+| status contains information about the available updates and any in-progress
+updates.
 
 |===
 === .spec
 Description::
 +
 --
-spec is the desired state of the cluster version - the operator will work to ensure that the desired version is applied to the cluster.
+spec is the desired state of the cluster version - the operator will work
+to ensure that the desired version is applied to the cluster.
 --
 
 Type::
@@ -70,40 +75,70 @@ Required::
 
 | `capabilities`
 | `object`
-| capabilities configures the installation of optional, core cluster components.  A null value here is identical to an empty object; see the child properties for default semantics.
+| capabilities configures the installation of optional, core
+cluster components.  A null value here is identical to an
+empty object; see the child properties for default semantics.
 
 | `channel`
 | `string`
-| channel is an identifier for explicitly requesting that a non-default set of updates be applied to this cluster. The default channel will be contain stable updates that are appropriate for production clusters.
+| channel is an identifier for explicitly requesting that a non-default
+set of updates be applied to this cluster. The default channel will be
+contain stable updates that are appropriate for production clusters.
 
 | `clusterID`
 | `string`
-| clusterID uniquely identifies this cluster. This is expected to be an RFC4122 UUID value (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx in hexadecimal values). This is a required field.
+| clusterID uniquely identifies this cluster. This is expected to be
+an RFC4122 UUID value (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx in
+hexadecimal values). This is a required field.
 
 | `desiredUpdate`
 | `object`
-| desiredUpdate is an optional field that indicates the desired value of the cluster version. Setting this value will trigger an upgrade (if the current version does not match the desired version). The set of recommended update values is listed as part of available updates in status, and setting values outside that range may cause the upgrade to fail. 
- Some of the fields are inter-related with restrictions and meanings described here. 1. image is specified, version is specified, architecture is specified. API validation error. 2. image is specified, version is specified, architecture is not specified. You should not do this. version is silently ignored and image is used. 3. image is specified, version is not specified, architecture is specified. API validation error. 4. image is specified, version is not specified, architecture is not specified. image is used. 5. image is not specified, version is specified, architecture is specified. version and desired architecture are used to select an image. 6. image is not specified, version is specified, architecture is not specified. version and current architecture are used to select an image. 7. image is not specified, version is not specified, architecture is specified. API validation error. 8. image is not specified, version is not specified, architecture is not specified. API validation error. 
- If an upgrade fails the operator will halt and report status about the failing component. Setting the desired update value back to the previous version will cause a rollback to be attempted. Not all rollbacks will succeed.
+| desiredUpdate is an optional field that indicates the desired value of
+the cluster version. Setting this value will trigger an upgrade (if
+the current version does not match the desired version). The set of
+recommended update values is listed as part of available updates in
+status, and setting values outside that range may cause the upgrade
+to fail.
+
+Some of the fields are inter-related with restrictions and meanings described here.
+1. image is specified, version is specified, architecture is specified. API validation error.
+2. image is specified, version is specified, architecture is not specified. You should not do this. version is silently ignored and image is used.
+3. image is specified, version is not specified, architecture is specified. API validation error.
+4. image is specified, version is not specified, architecture is not specified. image is used.
+5. image is not specified, version is specified, architecture is specified. version and desired architecture are used to select an image.
+6. image is not specified, version is specified, architecture is not specified. version and current architecture are used to select an image.
+7. image is not specified, version is not specified, architecture is specified. API validation error.
+8. image is not specified, version is not specified, architecture is not specified. API validation error.
+
+If an upgrade fails the operator will halt and report status
+about the failing component. Setting the desired update value back to
+the previous version will cause a rollback to be attempted. Not all
+rollbacks will succeed.
 
 | `overrides`
 | `array`
-| overrides is list of overides for components that are managed by cluster version operator. Marking a component unmanaged will prevent the operator from creating or updating the object.
+| overrides is list of overides for components that are managed by
+cluster version operator. Marking a component unmanaged will prevent
+the operator from creating or updating the object.
 
 | `overrides[]`
 | `object`
-| ComponentOverride allows overriding cluster version operator's behavior for a component.
+| ComponentOverride allows overriding cluster version operator's behavior
+for a component.
 
 | `upstream`
 | `string`
-| upstream may be used to specify the preferred update server. By default it will use the appropriate update server for the cluster and region.
+| upstream may be used to specify the preferred update server. By default
+it will use the appropriate update server for the cluster and region.
 
 |===
 === .spec.capabilities
 Description::
 +
 --
-capabilities configures the installation of optional, core cluster components.  A null value here is identical to an empty object; see the child properties for default semantics.
+capabilities configures the installation of optional, core
+cluster components.  A null value here is identical to an
+empty object; see the child properties for default semantics.
 --
 
 Type::
@@ -118,20 +153,44 @@ Type::
 
 | `additionalEnabledCapabilities`
 | `array (string)`
-| additionalEnabledCapabilities extends the set of managed capabilities beyond the baseline defined in baselineCapabilitySet.  The default is an empty set.
+| additionalEnabledCapabilities extends the set of managed
+capabilities beyond the baseline defined in
+baselineCapabilitySet.  The default is an empty set.
 
 | `baselineCapabilitySet`
 | `string`
-| baselineCapabilitySet selects an initial set of optional capabilities to enable, which can be extended via additionalEnabledCapabilities.  If unset, the cluster will choose a default, and the default may change over time. The current default is vCurrent.
+| baselineCapabilitySet selects an initial set of
+optional capabilities to enable, which can be extended via
+additionalEnabledCapabilities.  If unset, the cluster will
+choose a default, and the default may change over time.
+The current default is vCurrent.
 
 |===
 === .spec.desiredUpdate
 Description::
 +
 --
-desiredUpdate is an optional field that indicates the desired value of the cluster version. Setting this value will trigger an upgrade (if the current version does not match the desired version). The set of recommended update values is listed as part of available updates in status, and setting values outside that range may cause the upgrade to fail. 
- Some of the fields are inter-related with restrictions and meanings described here. 1. image is specified, version is specified, architecture is specified. API validation error. 2. image is specified, version is specified, architecture is not specified. You should not do this. version is silently ignored and image is used. 3. image is specified, version is not specified, architecture is specified. API validation error. 4. image is specified, version is not specified, architecture is not specified. image is used. 5. image is not specified, version is specified, architecture is specified. version and desired architecture are used to select an image. 6. image is not specified, version is specified, architecture is not specified. version and current architecture are used to select an image. 7. image is not specified, version is not specified, architecture is specified. API validation error. 8. image is not specified, version is not specified, architecture is not specified. API validation error. 
- If an upgrade fails the operator will halt and report status about the failing component. Setting the desired update value back to the previous version will cause a rollback to be attempted. Not all rollbacks will succeed.
+desiredUpdate is an optional field that indicates the desired value of
+the cluster version. Setting this value will trigger an upgrade (if
+the current version does not match the desired version). The set of
+recommended update values is listed as part of available updates in
+status, and setting values outside that range may cause the upgrade
+to fail.
+
+Some of the fields are inter-related with restrictions and meanings described here.
+1. image is specified, version is specified, architecture is specified. API validation error.
+2. image is specified, version is specified, architecture is not specified. You should not do this. version is silently ignored and image is used.
+3. image is specified, version is not specified, architecture is specified. API validation error.
+4. image is specified, version is not specified, architecture is not specified. image is used.
+5. image is not specified, version is specified, architecture is specified. version and desired architecture are used to select an image.
+6. image is not specified, version is specified, architecture is not specified. version and current architecture are used to select an image.
+7. image is not specified, version is not specified, architecture is specified. API validation error.
+8. image is not specified, version is not specified, architecture is not specified. API validation error.
+
+If an upgrade fails the operator will halt and report status
+about the failing component. Setting the desired update value back to
+the previous version will cause a rollback to be attempted. Not all
+rollbacks will succeed.
 --
 
 Type::
@@ -146,26 +205,45 @@ Type::
 
 | `architecture`
 | `string`
-| architecture is an optional field that indicates the desired value of the cluster architecture. In this context cluster architecture means either a single architecture or a multi architecture. architecture can only be set to Multi thereby only allowing updates from single to multi architecture. If architecture is set, image cannot be set and version must be set. Valid values are 'Multi' and empty.
+| architecture is an optional field that indicates the desired
+value of the cluster architecture. In this context cluster
+architecture means either a single architecture or a multi
+architecture. architecture can only be set to Multi thereby
+only allowing updates from single to multi architecture. If
+architecture is set, image cannot be set and version must be
+set.
+Valid values are 'Multi' and empty.
 
 | `force`
 | `boolean`
-| force allows an administrator to update to an image that has failed verification or upgradeable checks. This option should only be used when the authenticity of the provided image has been verified out of band because the provided image will run with full administrative access to the cluster. Do not use this flag with images that comes from unknown or potentially malicious sources.
+| force allows an administrator to update to an image that has failed
+verification or upgradeable checks. This option should only
+be used when the authenticity of the provided image has been verified out
+of band because the provided image will run with full administrative access
+to the cluster. Do not use this flag with images that comes from unknown
+or potentially malicious sources.
 
 | `image`
 | `string`
-| image is a container image location that contains the update. image should be used when the desired version does not exist in availableUpdates or history. When image is set, version is ignored. When image is set, version should be empty. When image is set, architecture cannot be specified.
+| image is a container image location that contains the update.
+image should be used when the desired version does not exist in availableUpdates or history.
+When image is set, version is ignored. When image is set, version should be empty.
+When image is set, architecture cannot be specified.
 
 | `version`
 | `string`
-| version is a semantic version identifying the update version. version is ignored if image is specified and required if architecture is specified.
+| version is a semantic version identifying the update version.
+version is ignored if image is specified and required if
+architecture is specified.
 
 |===
 === .spec.overrides
 Description::
 +
 --
-overrides is list of overides for components that are managed by cluster version operator. Marking a component unmanaged will prevent the operator from creating or updating the object.
+overrides is list of overides for components that are managed by
+cluster version operator. Marking a component unmanaged will prevent
+the operator from creating or updating the object.
 --
 
 Type::
@@ -178,7 +256,8 @@ Type::
 Description::
 +
 --
-ComponentOverride allows overriding cluster version operator's behavior for a component.
+ComponentOverride allows overriding cluster version operator's behavior
+for a component.
 --
 
 Type::
@@ -211,18 +290,22 @@ Required::
 
 | `namespace`
 | `string`
-| namespace is the component's namespace. If the resource is cluster scoped, the namespace should be empty.
+| namespace is the component's namespace. If the resource is cluster
+scoped, the namespace should be empty.
 
 | `unmanaged`
 | `boolean`
-| unmanaged controls if cluster version operator should stop managing the resources in this cluster. Default: false
+| unmanaged controls if cluster version operator should stop managing the
+resources in this cluster.
+Default: false
 
 |===
 === .status
 Description::
 +
 --
-status contains information about the available updates and any in-progress updates.
+status contains information about the available updates and any in-progress
+updates.
 --
 
 Type::
@@ -241,7 +324,11 @@ Required::
 
 | `availableUpdates`
 | ``
-| availableUpdates contains updates recommended for this cluster. Updates which appear in conditionalUpdates but not in availableUpdates may expose this cluster to known issues. This list may be empty if no updates are recommended, if the update service is unavailable, or if an invalid channel has been specified.
+| availableUpdates contains updates recommended for this
+cluster. Updates which appear in conditionalUpdates but not in
+availableUpdates may expose this cluster to known issues. This list
+may be empty if no updates are recommended, if the update service
+is unavailable, or if an invalid channel has been specified.
 
 | `capabilities`
 | `object`
@@ -249,27 +336,50 @@ Required::
 
 | `conditionalUpdates`
 | `array`
-| conditionalUpdates contains the list of updates that may be recommended for this cluster if it meets specific required conditions. Consumers interested in the set of updates that are actually recommended for this cluster should use availableUpdates. This list may be empty if no updates are recommended, if the update service is unavailable, or if an empty or invalid channel has been specified.
+| conditionalUpdates contains the list of updates that may be
+recommended for this cluster if it meets specific required
+conditions. Consumers interested in the set of updates that are
+actually recommended for this cluster should use
+availableUpdates. This list may be empty if no updates are
+recommended, if the update service is unavailable, or if an empty
+or invalid channel has been specified.
 
 | `conditionalUpdates[]`
 | `object`
-| ConditionalUpdate represents an update which is recommended to some clusters on the version the current cluster is reconciling, but which may not be recommended for the current cluster.
+| ConditionalUpdate represents an update which is recommended to some
+clusters on the version the current cluster is reconciling, but which
+may not be recommended for the current cluster.
 
 | `conditions`
 | `array`
-| conditions provides information about the cluster version. The condition "Available" is set to true if the desiredUpdate has been reached. The condition "Progressing" is set to true if an update is being applied. The condition "Degraded" is set to true if an update is currently blocked by a temporary or permanent error. Conditions are only valid for the current desiredUpdate when metadata.generation is equal to status.generation.
+| conditions provides information about the cluster version. The condition
+"Available" is set to true if the desiredUpdate has been reached. The
+condition "Progressing" is set to true if an update is being applied.
+The condition "Degraded" is set to true if an update is currently blocked
+by a temporary or permanent error. Conditions are only valid for the
+current desiredUpdate when metadata.generation is equal to
+status.generation.
 
 | `conditions[]`
 | `object`
-| ClusterOperatorStatusCondition represents the state of the operator's managed and monitored components.
+| ClusterOperatorStatusCondition represents the state of the operator's
+managed and monitored components.
 
 | `desired`
 | `object`
-| desired is the version that the cluster is reconciling towards. If the cluster is not yet fully initialized desired will be set with the information available, which may be an image or a tag.
+| desired is the version that the cluster is reconciling towards.
+If the cluster is not yet fully initialized desired will be set
+with the information available, which may be an image or a tag.
 
 | `history`
 | `array`
-| history contains a list of the most recent versions applied to the cluster. This value may be empty during cluster startup, and then will be updated when a new update is being applied. The newest update is first in the list and it is ordered by recency. Updates in the history have state Completed if the rollout completed - if an update was failing or halfway applied the state will be Partial. Only a limited amount of update history is preserved.
+| history contains a list of the most recent versions applied to the cluster.
+This value may be empty during cluster startup, and then will be updated
+when a new update is being applied. The newest update is first in the
+list and it is ordered by recency. Updates in the history have state
+Completed if the rollout completed - if an update was failing or halfway
+applied the state will be Partial. Only a limited amount of update history
+is preserved.
 
 | `history[]`
 | `object`
@@ -277,11 +387,15 @@ Required::
 
 | `observedGeneration`
 | `integer`
-| observedGeneration reports which version of the spec is being synced. If this value is not equal to metadata.generation, then the desired and conditions fields may represent a previous version.
+| observedGeneration reports which version of the spec is being synced.
+If this value is not equal to metadata.generation, then the desired
+and conditions fields may represent a previous version.
 
 | `versionHash`
 | `string`
-| versionHash is a fingerprint of the content that the cluster will be updated with. It is used by the operator to avoid unnecessary work and is for internal use only.
+| versionHash is a fingerprint of the content that the cluster will be
+updated with. It is used by the operator to avoid unnecessary work
+and is for internal use only.
 
 |===
 === .status.capabilities
@@ -314,7 +428,13 @@ Type::
 Description::
 +
 --
-conditionalUpdates contains the list of updates that may be recommended for this cluster if it meets specific required conditions. Consumers interested in the set of updates that are actually recommended for this cluster should use availableUpdates. This list may be empty if no updates are recommended, if the update service is unavailable, or if an empty or invalid channel has been specified.
+conditionalUpdates contains the list of updates that may be
+recommended for this cluster if it meets specific required
+conditions. Consumers interested in the set of updates that are
+actually recommended for this cluster should use
+availableUpdates. This list may be empty if no updates are
+recommended, if the update service is unavailable, or if an empty
+or invalid channel has been specified.
 --
 
 Type::
@@ -327,7 +447,9 @@ Type::
 Description::
 +
 --
-ConditionalUpdate represents an update which is recommended to some clusters on the version the current cluster is reconciling, but which may not be recommended for the current cluster.
+ConditionalUpdate represents an update which is recommended to some
+clusters on the version the current cluster is reconciling, but which
+may not be recommended for the current cluster.
 --
 
 Type::
@@ -345,13 +467,13 @@ Required::
 
 | `conditions`
 | `array`
-| conditions represents the observations of the conditional update's current status. Known types are: * Recommended, for whether the update is recommended for the current cluster.
+| conditions represents the observations of the conditional update's
+current status. Known types are:
+* Recommended, for whether the update is recommended for the current cluster.
 
 | `conditions[]`
 | `object`
-| Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions.  For example, 
- type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` 
- // other fields }
+| Condition contains details for one aspect of the current state of this API Resource.
 
 | `release`
 | `object`
@@ -359,18 +481,25 @@ Required::
 
 | `risks`
 | `array`
-| risks represents the range of issues associated with updating to the target release. The cluster-version operator will evaluate all entries, and only recommend the update if there is at least one entry and all entries recommend the update.
+| risks represents the range of issues associated with
+updating to the target release. The cluster-version
+operator will evaluate all entries, and only recommend the
+update if there is at least one entry and all entries
+recommend the update.
 
 | `risks[]`
 | `object`
-| ConditionalUpdateRisk represents a reason and cluster-state for not recommending a conditional update.
+| ConditionalUpdateRisk represents a reason and cluster-state
+for not recommending a conditional update.
 
 |===
 === .status.conditionalUpdates[].conditions
 Description::
 +
 --
-conditions represents the observations of the conditional update's current status. Known types are: * Recommended, for whether the update is recommended for the current cluster.
+conditions represents the observations of the conditional update's
+current status. Known types are:
+* Recommended, for whether the update is recommended for the current cluster.
 --
 
 Type::
@@ -383,9 +512,7 @@ Type::
 Description::
 +
 --
-Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions.  For example, 
- type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` 
- // other fields }
+Condition contains details for one aspect of the current state of this API Resource.
 --
 
 Type::
@@ -406,19 +533,27 @@ Required::
 
 | `lastTransitionTime`
 | `string`
-| lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
+| lastTransitionTime is the last time the condition transitioned from one status to another.
+This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
 
 | `message`
 | `string`
-| message is a human readable message indicating details about the transition. This may be an empty string.
+| message is a human readable message indicating details about the transition.
+This may be an empty string.
 
 | `observedGeneration`
 | `integer`
-| observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
+| observedGeneration represents the .metadata.generation that the condition was set based upon.
+For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+with respect to the current state of the instance.
 
 | `reason`
 | `string`
-| reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
+| reason contains a programmatic identifier indicating the reason for the condition's last transition.
+Producers of specific condition types may define expected values and meanings for this field,
+and whether the values are considered a guaranteed API.
+The value should be a CamelCase string.
+This field may not be empty.
 
 | `status`
 | `string`
@@ -426,7 +561,7 @@ Required::
 
 | `type`
 | `string`
-| type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+| type of condition in CamelCase or in foo.example.com/CamelCase.
 
 |===
 === .status.conditionalUpdates[].release
@@ -439,6 +574,9 @@ release is the target of the update.
 Type::
   `object`
 
+Required::
+  - `image`
+  - `version`
 
 
 
@@ -448,26 +586,38 @@ Type::
 
 | `channels`
 | `array (string)`
-| channels is the set of Cincinnati channels to which the release currently belongs.
+| channels is the set of Cincinnati channels to which the release
+currently belongs.
 
 | `image`
 | `string`
-| image is a container image location that contains the update. When this field is part of spec, image is optional if version is specified and the availableUpdates field contains a matching version.
+| image is a container image location that contains the update. When this
+field is part of spec, image is optional if version is specified and the
+availableUpdates field contains a matching version.
 
 | `url`
 | `string`
-| url contains information about this release. This URL is set by the 'url' metadata property on a release or the metadata returned by the update API and should be displayed as a link in user interfaces. The URL field may not be set for test or nightly releases.
+| url contains information about this release. This URL is set by
+the 'url' metadata property on a release or the metadata returned by
+the update API and should be displayed as a link in user
+interfaces. The URL field may not be set for test or nightly
+releases.
 
 | `version`
 | `string`
-| version is a semantic version identifying the update version. When this field is part of spec, version is optional if image is specified.
+| version is a semantic version identifying the update version. When this
+field is part of spec, version is optional if image is specified.
 
 |===
 === .status.conditionalUpdates[].risks
 Description::
 +
 --
-risks represents the range of issues associated with updating to the target release. The cluster-version operator will evaluate all entries, and only recommend the update if there is at least one entry and all entries recommend the update.
+risks represents the range of issues associated with
+updating to the target release. The cluster-version
+operator will evaluate all entries, and only recommend the
+update if there is at least one entry and all entries
+recommend the update.
 --
 
 Type::
@@ -480,7 +630,8 @@ Type::
 Description::
 +
 --
-ConditionalUpdateRisk represents a reason and cluster-state for not recommending a conditional update.
+ConditionalUpdateRisk represents a reason and cluster-state
+for not recommending a conditional update.
 --
 
 Type::
@@ -500,19 +651,33 @@ Required::
 
 | `matchingRules`
 | `array`
-| matchingRules is a slice of conditions for deciding which clusters match the risk and which do not. The slice is ordered by decreasing precedence. The cluster-version operator will walk the slice in order, and stop after the first it can successfully evaluate. If no condition can be successfully evaluated, the update will not be recommended.
+| matchingRules is a slice of conditions for deciding which
+clusters match the risk and which do not. The slice is
+ordered by decreasing precedence. The cluster-version
+operator will walk the slice in order, and stop after the
+first it can successfully evaluate. If no condition can be
+successfully evaluated, the update will not be recommended.
 
 | `matchingRules[]`
 | `object`
-| ClusterCondition is a union of typed cluster conditions.  The 'type' property determines which of the type-specific properties are relevant. When evaluated on a cluster, the condition may match, not match, or fail to evaluate.
+| ClusterCondition is a union of typed cluster conditions.  The 'type'
+property determines which of the type-specific properties are relevant.
+When evaluated on a cluster, the condition may match, not match, or
+fail to evaluate.
 
 | `message`
 | `string`
-| message provides additional information about the risk of updating, in the event that matchingRules match the cluster state. This is only to be consumed by humans. It may contain Line Feed characters (U+000A), which should be rendered as new lines.
+| message provides additional information about the risk of
+updating, in the event that matchingRules match the cluster
+state. This is only to be consumed by humans. It may
+contain Line Feed characters (U+000A), which should be
+rendered as new lines.
 
 | `name`
 | `string`
-| name is the CamelCase reason for not recommending a conditional update, in the event that matchingRules match the cluster state.
+| name is the CamelCase reason for not recommending a
+conditional update, in the event that matchingRules match the
+cluster state.
 
 | `url`
 | `string`
@@ -523,7 +688,12 @@ Required::
 Description::
 +
 --
-matchingRules is a slice of conditions for deciding which clusters match the risk and which do not. The slice is ordered by decreasing precedence. The cluster-version operator will walk the slice in order, and stop after the first it can successfully evaluate. If no condition can be successfully evaluated, the update will not be recommended.
+matchingRules is a slice of conditions for deciding which
+clusters match the risk and which do not. The slice is
+ordered by decreasing precedence. The cluster-version
+operator will walk the slice in order, and stop after the
+first it can successfully evaluate. If no condition can be
+successfully evaluated, the update will not be recommended.
 --
 
 Type::
@@ -536,7 +706,10 @@ Type::
 Description::
 +
 --
-ClusterCondition is a union of typed cluster conditions.  The 'type' property determines which of the type-specific properties are relevant. When evaluated on a cluster, the condition may match, not match, or fail to evaluate.
+ClusterCondition is a union of typed cluster conditions.  The 'type'
+property determines which of the type-specific properties are relevant.
+When evaluated on a cluster, the condition may match, not match, or
+fail to evaluate.
 --
 
 Type::
@@ -557,7 +730,8 @@ Required::
 
 | `type`
 | `string`
-| type represents the cluster-condition type. This defines the members and semantics of any additional properties.
+| type represents the cluster-condition type. This defines
+the members and semantics of any additional properties.
 
 |===
 === .status.conditionalUpdates[].risks[].matchingRules[].promql
@@ -581,14 +755,24 @@ Required::
 
 | `promql`
 | `string`
-| PromQL is a PromQL query classifying clusters. This query query should return a 1 in the match case and a 0 in the does-not-match case. Queries which return no time series, or which return values besides 0 or 1, are evaluation failures.
+| PromQL is a PromQL query classifying clusters. This query
+query should return a 1 in the match case and a 0 in the
+does-not-match case. Queries which return no time
+series, or which return values besides 0 or 1, are
+evaluation failures.
 
 |===
 === .status.conditions
 Description::
 +
 --
-conditions provides information about the cluster version. The condition "Available" is set to true if the desiredUpdate has been reached. The condition "Progressing" is set to true if an update is being applied. The condition "Degraded" is set to true if an update is currently blocked by a temporary or permanent error. Conditions are only valid for the current desiredUpdate when metadata.generation is equal to status.generation.
+conditions provides information about the cluster version. The condition
+"Available" is set to true if the desiredUpdate has been reached. The
+condition "Progressing" is set to true if an update is being applied.
+The condition "Degraded" is set to true if an update is currently blocked
+by a temporary or permanent error. Conditions are only valid for the
+current desiredUpdate when metadata.generation is equal to
+status.generation.
 --
 
 Type::
@@ -601,7 +785,8 @@ Type::
 Description::
 +
 --
-ClusterOperatorStatusCondition represents the state of the operator's managed and monitored components.
+ClusterOperatorStatusCondition represents the state of the operator's
+managed and monitored components.
 --
 
 Type::
@@ -624,7 +809,9 @@ Required::
 
 | `message`
 | `string`
-| message provides additional information about the current condition. This is only to be consumed by humans.  It may contain Line Feed characters (U+000A), which should be rendered as new lines.
+| message provides additional information about the current condition.
+This is only to be consumed by humans.  It may contain Line Feed
+characters (U+000A), which should be rendered as new lines.
 
 | `reason`
 | `string`
@@ -643,12 +830,17 @@ Required::
 Description::
 +
 --
-desired is the version that the cluster is reconciling towards. If the cluster is not yet fully initialized desired will be set with the information available, which may be an image or a tag.
+desired is the version that the cluster is reconciling towards.
+If the cluster is not yet fully initialized desired will be set
+with the information available, which may be an image or a tag.
 --
 
 Type::
   `object`
 
+Required::
+  - `image`
+  - `version`
 
 
 
@@ -658,26 +850,40 @@ Type::
 
 | `channels`
 | `array (string)`
-| channels is the set of Cincinnati channels to which the release currently belongs.
+| channels is the set of Cincinnati channels to which the release
+currently belongs.
 
 | `image`
 | `string`
-| image is a container image location that contains the update. When this field is part of spec, image is optional if version is specified and the availableUpdates field contains a matching version.
+| image is a container image location that contains the update. When this
+field is part of spec, image is optional if version is specified and the
+availableUpdates field contains a matching version.
 
 | `url`
 | `string`
-| url contains information about this release. This URL is set by the 'url' metadata property on a release or the metadata returned by the update API and should be displayed as a link in user interfaces. The URL field may not be set for test or nightly releases.
+| url contains information about this release. This URL is set by
+the 'url' metadata property on a release or the metadata returned by
+the update API and should be displayed as a link in user
+interfaces. The URL field may not be set for test or nightly
+releases.
 
 | `version`
 | `string`
-| version is a semantic version identifying the update version. When this field is part of spec, version is optional if image is specified.
+| version is a semantic version identifying the update version. When this
+field is part of spec, version is optional if image is specified.
 
 |===
 === .status.history
 Description::
 +
 --
-history contains a list of the most recent versions applied to the cluster. This value may be empty during cluster startup, and then will be updated when a new update is being applied. The newest update is first in the list and it is ordered by recency. Updates in the history have state Completed if the rollout completed - if an update was failing or halfway applied the state will be Partial. Only a limited amount of update history is preserved.
+history contains a list of the most recent versions applied to the cluster.
+This value may be empty during cluster startup, and then will be updated
+when a new update is being applied. The newest update is first in the
+list and it is ordered by recency. Updates in the history have state
+Completed if the rollout completed - if an update was failing or halfway
+applied the state will be Partial. Only a limited amount of update history
+is preserved.
 --
 
 Type::
@@ -710,15 +916,23 @@ Required::
 
 | `acceptedRisks`
 | `string`
-| acceptedRisks records risks which were accepted to initiate the update. For example, it may menition an Upgradeable=False or missing signature that was overriden via desiredUpdate.force, or an update that was initiated despite not being in the availableUpdates set of recommended update targets.
+| acceptedRisks records risks which were accepted to initiate the update.
+For example, it may menition an Upgradeable=False or missing signature
+that was overriden via desiredUpdate.force, or an update that was
+initiated despite not being in the availableUpdates set of recommended
+update targets.
 
 | `completionTime`
 | ``
-| completionTime, if set, is when the update was fully applied. The update that is currently being applied will have a null completion time. Completion time will always be set for entries that are not the current update (usually to the started time of the next update).
+| completionTime, if set, is when the update was fully applied. The update
+that is currently being applied will have a null completion time.
+Completion time will always be set for entries that are not the current
+update (usually to the started time of the next update).
 
 | `image`
 | `string`
-| image is a container image location that contains the update. This value is always populated.
+| image is a container image location that contains the update. This value
+is always populated.
 
 | `startedTime`
 | `string`
@@ -726,15 +940,23 @@ Required::
 
 | `state`
 | `string`
-| state reflects whether the update was fully applied. The Partial state indicates the update is not fully applied, while the Completed state indicates the update was successfully rolled out at least once (all parts of the update successfully applied).
+| state reflects whether the update was fully applied. The Partial state
+indicates the update is not fully applied, while the Completed state
+indicates the update was successfully rolled out at least once (all
+parts of the update successfully applied).
 
 | `verified`
 | `boolean`
-| verified indicates whether the provided update was properly verified before it was installed. If this is false the cluster may not be trusted. Verified does not cover upgradeable checks that depend on the cluster state at the time when the update target was accepted.
+| verified indicates whether the provided update was properly verified
+before it was installed. If this is false the cluster may not be trusted.
+Verified does not cover upgradeable checks that depend on the cluster
+state at the time when the update target was accepted.
 
 | `version`
 | `string`
-| version is a semantic version identifying the update version. If the requested image does not define a version, or if a failure occurs retrieving the image, this value may be empty.
+| version is a semantic version identifying the update version. If the
+requested image does not define a version, or if a failure occurs
+retrieving the image, this value may be empty.
 
 |===
 
diff --git a/rest_api/config_apis/config-apis-index.adoc b/rest_api/config_apis/config-apis-index.adoc
index 84ed12d576..f350784458 100644
--- a/rest_api/config_apis/config-apis-index.adoc
+++ b/rest_api/config_apis/config-apis-index.adoc
@@ -12,8 +12,11 @@ toc::[]
 Description::
 +
 --
-APIServer holds configuration (like serving certificates, client CA and CORS domains) shared by all API servers in the system, among them especially kube-apiserver and openshift-apiserver. The canonical name of an instance is 'cluster'. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+APIServer holds configuration (like serving certificates, client CA and CORS domains)
+shared by all API servers in the system, among them especially kube-apiserver
+and openshift-apiserver. The canonical name of an instance is 'cluster'.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -24,8 +27,10 @@ Type::
 Description::
 +
 --
-Authentication specifies cluster-wide settings for authentication (like OAuth and webhook token authenticators). The canonical name of an instance is `cluster`. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+Authentication specifies cluster-wide settings for authentication (like OAuth and
+webhook token authenticators). The canonical name of an instance is `cluster`.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -36,9 +41,12 @@ Type::
 Description::
 +
 --
-Build configures the behavior of OpenShift builds for the entire cluster. This includes default settings that can be overridden in BuildConfig objects, and overrides which are applied to all builds. 
- The canonical name is "cluster" 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+Build configures the behavior of OpenShift builds for the entire cluster.
+This includes default settings that can be overridden in BuildConfig objects, and overrides which are applied to all builds.
+
+The canonical name is "cluster"
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -49,8 +57,11 @@ Type::
 Description::
 +
 --
-ClusterOperator is the Custom Resource object which holds the current state of an operator. This object is used by operators to convey their state to the rest of the cluster. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ClusterOperator is the Custom Resource object which holds the current state
+of an operator. This object is used by operators to convey their state to
+the rest of the cluster.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -61,8 +72,10 @@ Type::
 Description::
 +
 --
-ClusterVersion is the configuration for the ClusterVersionOperator. This is where parameters related to automatic updates can be set. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ClusterVersion is the configuration for the ClusterVersionOperator. This is where
+parameters related to automatic updates can be set.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -73,8 +86,11 @@ Type::
 Description::
 +
 --
-Console holds cluster-wide configuration for the web console, including the logout URL, and reports the public URL of the console. The canonical name is `cluster`. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+Console holds cluster-wide configuration for the web console, including the
+logout URL, and reports the public URL of the console. The canonical name is
+`cluster`.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -85,8 +101,9 @@ Type::
 Description::
 +
 --
-DNS holds cluster-wide information about DNS. The canonical name is `cluster` 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+DNS holds cluster-wide information about DNS. The canonical name is `cluster`
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -97,8 +114,9 @@ Type::
 Description::
 +
 --
-Feature holds cluster-wide information about feature gates.  The canonical name is `cluster` 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+Feature holds cluster-wide information about feature gates.  The canonical name is `cluster`
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -109,8 +127,9 @@ Type::
 Description::
 +
 --
-HelmChartRepository holds cluster-wide configuration for proxied Helm chart repository 
- Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).
+HelmChartRepository holds cluster-wide configuration for proxied Helm chart repository
+
+Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -121,8 +140,14 @@ Type::
 Description::
 +
 --
-Image governs policies related to imagestream imports and runtime configuration for external registries. It allows cluster admins to configure which registries OpenShift is allowed to import images from, extra CA trust bundles for external registries, and policies to block or allow registry hostnames. When exposing OpenShift's image registry to the public, this also lets cluster admins specify the external hostname. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+Image governs policies related to imagestream imports and runtime configuration
+for external registries. It allows cluster admins to configure which registries
+OpenShift is allowed to import images from, extra CA trust bundles for external
+registries, and policies to block or allow registry hostnames.
+When exposing OpenShift's image registry to the public, this also lets cluster
+admins specify the external hostname.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -133,8 +158,10 @@ Type::
 Description::
 +
 --
-ImageDigestMirrorSet holds cluster-wide information about how to handle registry mirror rules on using digest pull specification. When multiple policies are defined, the outcome of the behavior is defined on each field. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ImageDigestMirrorSet holds cluster-wide information about how to handle registry mirror rules on using digest pull specification.
+When multiple policies are defined, the outcome of the behavior is defined on each field.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -145,8 +172,10 @@ Type::
 Description::
 +
 --
-ImageContentPolicy holds cluster-wide information about how to handle registry mirror rules. When multiple policies are defined, the outcome of the behavior is defined on each field. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ImageContentPolicy holds cluster-wide information about how to handle registry mirror rules.
+When multiple policies are defined, the outcome of the behavior is defined on each field.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -157,8 +186,10 @@ Type::
 Description::
 +
 --
-ImageTagMirrorSet holds cluster-wide information about how to handle registry mirror rules on using tag pull specification. When multiple policies are defined, the outcome of the behavior is defined on each field. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ImageTagMirrorSet holds cluster-wide information about how to handle registry mirror rules on using tag pull specification.
+When multiple policies are defined, the outcome of the behavior is defined on each field.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -169,8 +200,9 @@ Type::
 Description::
 +
 --
-Infrastructure holds cluster-wide information about Infrastructure.  The canonical name is `cluster` 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+Infrastructure holds cluster-wide information about Infrastructure.  The canonical name is `cluster`
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -181,8 +213,10 @@ Type::
 Description::
 +
 --
-Ingress holds cluster-wide information about ingress, including the default ingress domain used for routes. The canonical name is `cluster`. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+Ingress holds cluster-wide information about ingress, including the default ingress domain
+used for routes. The canonical name is `cluster`.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -193,8 +227,10 @@ Type::
 Description::
 +
 --
-Network holds cluster-wide information about Network. The canonical name is `cluster`. It is used to configure the desired network configuration, such as: IP address pools for services/pod IPs, network plugin, etc. Please view network.spec for an explanation on what applies when configuring this resource. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+Network holds cluster-wide information about Network. The canonical name is `cluster`. It is used to configure the desired network configuration, such as: IP address pools for services/pod IPs, network plugin, etc.
+Please view network.spec for an explanation on what applies when configuring this resource.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -205,8 +241,9 @@ Type::
 Description::
 +
 --
-Node holds cluster-wide information about node specific features. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+Node holds cluster-wide information about node specific features.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -217,8 +254,11 @@ Type::
 Description::
 +
 --
-OAuth holds cluster-wide information about OAuth.  The canonical name is `cluster`. It is used to configure the integrated OAuth server. This configuration is only honored when the top level Authentication config has type set to IntegratedOAuth. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+OAuth holds cluster-wide information about OAuth.  The canonical name is `cluster`.
+It is used to configure the integrated OAuth server.
+This configuration is only honored when the top level Authentication config has type set to IntegratedOAuth.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -241,8 +281,9 @@ Type::
 Description::
 +
 --
-Project holds cluster-wide information about Project.  The canonical name is `cluster` 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+Project holds cluster-wide information about Project.  The canonical name is `cluster`
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -253,8 +294,9 @@ Type::
 Description::
 +
 --
-ProjectHelmChartRepository holds namespace-wide configuration for proxied Helm chart repository 
- Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).
+ProjectHelmChartRepository holds namespace-wide configuration for proxied Helm chart repository
+
+Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -265,8 +307,9 @@ Type::
 Description::
 +
 --
-Proxy holds cluster-wide information on how to configure default proxies for the cluster. The canonical name is `cluster` 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+Proxy holds cluster-wide information on how to configure default proxies for the cluster. The canonical name is `cluster`
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -277,8 +320,10 @@ Type::
 Description::
 +
 --
-Scheduler holds cluster-wide config information to run the Kubernetes Scheduler and influence its placement decisions. The canonical name for this config is `cluster`. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+Scheduler holds cluster-wide config information to run the Kubernetes Scheduler
+and influence its placement decisions. The canonical name for this config is `cluster`.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
diff --git a/rest_api/config_apis/console-config-openshift-io-v1.adoc b/rest_api/config_apis/console-config-openshift-io-v1.adoc
index 16e64471fe..27811bea9a 100644
--- a/rest_api/config_apis/console-config-openshift-io-v1.adoc
+++ b/rest_api/config_apis/console-config-openshift-io-v1.adoc
@@ -11,8 +11,11 @@ toc::[]
 Description::
 +
 --
-Console holds cluster-wide configuration for the web console, including the logout URL, and reports the public URL of the console. The canonical name is `cluster`. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+Console holds cluster-wide configuration for the web console, including the
+logout URL, and reports the public URL of the console. The canonical name is
+`cluster`.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -90,7 +93,16 @@ Type::
 
 | `logoutRedirect`
 | `string`
-| An optional, absolute URL to redirect web browsers to after logging out of the console. If not specified, it will redirect to the default login page. This is required when using an identity provider that supports single sign-on (SSO) such as: - OpenID (Keycloak, Azure) - RequestHeader (GSSAPI, SSPI, SAML) - OAuth (GitHub, GitLab, Google) Logging out of the console will destroy the user's token. The logoutRedirect provides the user the option to perform single logout (SLO) through the identity provider to destroy their single sign-on session.
+| An optional, absolute URL to redirect web browsers to after logging out of
+the console. If not specified, it will redirect to the default login page.
+This is required when using an identity provider that supports single
+sign-on (SSO) such as:
+- OpenID (Keycloak, Azure)
+- RequestHeader (GSSAPI, SSPI, SAML)
+- OAuth (GitHub, GitLab, Google)
+Logging out of the console will destroy the user's token. The logoutRedirect
+provides the user the option to perform single logout (SLO) through the identity
+provider to destroy their single sign-on session.
 
 |===
 === .status
@@ -112,7 +124,8 @@ Type::
 
 | `consoleURL`
 | `string`
-| The URL for the console. This will be derived from the host for the route that is created for the console.
+| The URL for the console. This will be derived from the host for the route that
+is created for the console.
 
 |===
 
diff --git a/rest_api/config_apis/dns-config-openshift-io-v1.adoc b/rest_api/config_apis/dns-config-openshift-io-v1.adoc
index b2782dc5a9..de23fddb1d 100644
--- a/rest_api/config_apis/dns-config-openshift-io-v1.adoc
+++ b/rest_api/config_apis/dns-config-openshift-io-v1.adoc
@@ -11,8 +11,9 @@ toc::[]
 Description::
 +
 --
-DNS holds cluster-wide information about DNS. The canonical name is `cluster` 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+DNS holds cluster-wide information about DNS. The canonical name is `cluster`
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -68,32 +69,48 @@ Type::
 
 | `baseDomain`
 | `string`
-| baseDomain is the base domain of the cluster. All managed DNS records will be sub-domains of this base. 
- For example, given the base domain `openshift.example.com`, an API server DNS record may be created for `cluster-api.openshift.example.com`. 
- Once set, this field cannot be changed.
+| baseDomain is the base domain of the cluster. All managed DNS records will
+be sub-domains of this base.
+
+For example, given the base domain `openshift.example.com`, an API server
+DNS record may be created for `cluster-api.openshift.example.com`.
+
+Once set, this field cannot be changed.
 
 | `platform`
 | `object`
-| platform holds configuration specific to the underlying infrastructure provider for DNS. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time.
+| platform holds configuration specific to the underlying
+infrastructure provider for DNS.
+When omitted, this means the user has no opinion and the platform is left
+to choose reasonable defaults. These defaults are subject to change over time.
 
 | `privateZone`
 | `object`
-| privateZone is the location where all the DNS records that are only available internally to the cluster exist. 
- If this field is nil, no private records should be created. 
- Once set, this field cannot be changed.
+| privateZone is the location where all the DNS records that are only available internally
+to the cluster exist.
+
+If this field is nil, no private records should be created.
+
+Once set, this field cannot be changed.
 
 | `publicZone`
 | `object`
-| publicZone is the location where all the DNS records that are publicly accessible to the internet exist. 
- If this field is nil, no public records should be created. 
- Once set, this field cannot be changed.
+| publicZone is the location where all the DNS records that are publicly accessible to
+the internet exist.
+
+If this field is nil, no public records should be created.
+
+Once set, this field cannot be changed.
 
 |===
 === .spec.platform
 Description::
 +
 --
-platform holds configuration specific to the underlying infrastructure provider for DNS. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time.
+platform holds configuration specific to the underlying
+infrastructure provider for DNS.
+When omitted, this means the user has no opinion and the platform is left
+to choose reasonable defaults. These defaults are subject to change over time.
 --
 
 Type::
@@ -114,8 +131,11 @@ Required::
 
 | `type`
 | `string`
-| type is the underlying infrastructure provider for the cluster. Allowed values: "", "AWS". 
- Individual components may not support all platforms, and must handle unrecognized platforms with best-effort defaults.
+| type is the underlying infrastructure provider for the cluster.
+Allowed values: "", "AWS".
+
+Individual components may not support all platforms,
+and must handle unrecognized platforms with best-effort defaults.
 
 |===
 === .spec.platform.aws
@@ -137,16 +157,21 @@ Type::
 
 | `privateZoneIAMRole`
 | `string`
-| privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing operations on the cluster's private hosted zone specified in the cluster DNS config. When left empty, no role should be assumed.
+| privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing
+operations on the cluster's private hosted zone specified in the cluster DNS config.
+When left empty, no role should be assumed.
 
 |===
 === .spec.privateZone
 Description::
 +
 --
-privateZone is the location where all the DNS records that are only available internally to the cluster exist. 
- If this field is nil, no private records should be created. 
- Once set, this field cannot be changed.
+privateZone is the location where all the DNS records that are only available internally
+to the cluster exist.
+
+If this field is nil, no private records should be created.
+
+Once set, this field cannot be changed.
 --
 
 Type::
@@ -161,24 +186,35 @@ Type::
 
 | `id`
 | `string`
-| id is the identifier that can be used to find the DNS hosted zone. 
- on AWS zone can be fetched using `ID` as id in [1] on Azure zone can be fetched using `ID` as a pre-determined name in [2], on GCP zone can be fetched using `ID` as a pre-determined name in [3]. 
- [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get
+| id is the identifier that can be used to find the DNS hosted zone.
+
+on AWS zone can be fetched using `ID` as id in [1]
+on Azure zone can be fetched using `ID` as a pre-determined name in [2],
+on GCP zone can be fetched using `ID` as a pre-determined name in [3].
+
+[1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options
+[2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show
+[3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get
 
 | `tags`
 | `object (string)`
-| tags can be used to query the DNS hosted zone. 
- on AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using `Tags` as tag-filters, 
- [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options
+| tags can be used to query the DNS hosted zone.
+
+on AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using `Tags` as tag-filters,
+
+[1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options
 
 |===
 === .spec.publicZone
 Description::
 +
 --
-publicZone is the location where all the DNS records that are publicly accessible to the internet exist. 
- If this field is nil, no public records should be created. 
- Once set, this field cannot be changed.
+publicZone is the location where all the DNS records that are publicly accessible to
+the internet exist.
+
+If this field is nil, no public records should be created.
+
+Once set, this field cannot be changed.
 --
 
 Type::
@@ -193,15 +229,23 @@ Type::
 
 | `id`
 | `string`
-| id is the identifier that can be used to find the DNS hosted zone. 
- on AWS zone can be fetched using `ID` as id in [1] on Azure zone can be fetched using `ID` as a pre-determined name in [2], on GCP zone can be fetched using `ID` as a pre-determined name in [3]. 
- [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get
+| id is the identifier that can be used to find the DNS hosted zone.
+
+on AWS zone can be fetched using `ID` as id in [1]
+on Azure zone can be fetched using `ID` as a pre-determined name in [2],
+on GCP zone can be fetched using `ID` as a pre-determined name in [3].
+
+[1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options
+[2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show
+[3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get
 
 | `tags`
 | `object (string)`
-| tags can be used to query the DNS hosted zone. 
- on AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using `Tags` as tag-filters, 
- [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options
+| tags can be used to query the DNS hosted zone.
+
+on AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using `Tags` as tag-filters,
+
+[1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options
 
 |===
 === .status
diff --git a/rest_api/config_apis/featuregate-config-openshift-io-v1.adoc b/rest_api/config_apis/featuregate-config-openshift-io-v1.adoc
index 418b32dd0c..7141ba1a19 100644
--- a/rest_api/config_apis/featuregate-config-openshift-io-v1.adoc
+++ b/rest_api/config_apis/featuregate-config-openshift-io-v1.adoc
@@ -11,8 +11,9 @@ toc::[]
 Description::
 +
 --
-Feature holds cluster-wide information about feature gates.  The canonical name is `cluster` 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+Feature holds cluster-wide information about feature gates.  The canonical name is `cluster`
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -68,11 +69,14 @@ Type::
 
 | `customNoUpgrade`
 | ``
-| customNoUpgrade allows the enabling or disabling of any feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE UNDONE, and PREVENTS UPGRADES. Because of its nature, this setting cannot be validated.  If you have any typos or accidentally apply invalid combinations your cluster may fail in an unrecoverable way.  featureSet must equal "CustomNoUpgrade" must be set to use this field.
+| customNoUpgrade allows the enabling or disabling of any feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE UNDONE, and PREVENTS UPGRADES.
+Because of its nature, this setting cannot be validated.  If you have any typos or accidentally apply invalid combinations
+your cluster may fail in an unrecoverable way.  featureSet must equal "CustomNoUpgrade" must be set to use this field.
 
 | `featureSet`
 | `string`
-| featureSet changes the list of features in the cluster.  The default is empty.  Be very careful adjusting this setting. Turning on or off features may cause irreversible changes in your cluster which cannot be undone.
+| featureSet changes the list of features in the cluster.  The default is empty.  Be very careful adjusting this setting.
+Turning on or off features may cause irreversible changes in your cluster which cannot be undone.
 
 |===
 === .status
@@ -94,17 +98,23 @@ Type::
 
 | `conditions`
 | `array`
-| conditions represent the observations of the current state. Known .status.conditions.type are: "DeterminationDegraded"
+| conditions represent the observations of the current state.
+Known .status.conditions.type are: "DeterminationDegraded"
 
 | `conditions[]`
 | `object`
-| Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions.  For example, 
- type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` 
- // other fields }
+| Condition contains details for one aspect of the current state of this API Resource.
 
 | `featureGates`
 | `array`
-| featureGates contains a list of enabled and disabled featureGates that are keyed by payloadVersion. Operators other than the CVO and cluster-config-operator, must read the .status.featureGates, locate the version they are managing, find the enabled/disabled featuregates and make the operand and operator match. The enabled/disabled values for a particular version may change during the life of the cluster as various .spec.featureSet values are selected. Operators may choose to restart their processes to pick up these changes, but remembering past enable/disable lists is beyond the scope of this API and is the responsibility of individual operators. Only featureGates with .version in the ClusterVersion.status will be present in this list.
+| featureGates contains a list of enabled and disabled featureGates that are keyed by payloadVersion.
+Operators other than the CVO and cluster-config-operator, must read the .status.featureGates, locate
+the version they are managing, find the enabled/disabled featuregates and make the operand and operator match.
+The enabled/disabled values for a particular version may change during the life of the cluster as various
+.spec.featureSet values are selected.
+Operators may choose to restart their processes to pick up these changes, but remembering past enable/disable
+lists is beyond the scope of this API and is the responsibility of individual operators.
+Only featureGates with .version in the ClusterVersion.status will be present in this list.
 
 | `featureGates[]`
 | `object`
@@ -115,7 +125,8 @@ Type::
 Description::
 +
 --
-conditions represent the observations of the current state. Known .status.conditions.type are: "DeterminationDegraded"
+conditions represent the observations of the current state.
+Known .status.conditions.type are: "DeterminationDegraded"
 --
 
 Type::
@@ -128,9 +139,7 @@ Type::
 Description::
 +
 --
-Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions.  For example, 
- type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` 
- // other fields }
+Condition contains details for one aspect of the current state of this API Resource.
 --
 
 Type::
@@ -151,19 +160,27 @@ Required::
 
 | `lastTransitionTime`
 | `string`
-| lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
+| lastTransitionTime is the last time the condition transitioned from one status to another.
+This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
 
 | `message`
 | `string`
-| message is a human readable message indicating details about the transition. This may be an empty string.
+| message is a human readable message indicating details about the transition.
+This may be an empty string.
 
 | `observedGeneration`
 | `integer`
-| observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
+| observedGeneration represents the .metadata.generation that the condition was set based upon.
+For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+with respect to the current state of the instance.
 
 | `reason`
 | `string`
-| reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
+| reason contains a programmatic identifier indicating the reason for the condition's last transition.
+Producers of specific condition types may define expected values and meanings for this field,
+and whether the values are considered a guaranteed API.
+The value should be a CamelCase string.
+This field may not be empty.
 
 | `status`
 | `string`
@@ -171,14 +188,21 @@ Required::
 
 | `type`
 | `string`
-| type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+| type of condition in CamelCase or in foo.example.com/CamelCase.
 
 |===
 === .status.featureGates
 Description::
 +
 --
-featureGates contains a list of enabled and disabled featureGates that are keyed by payloadVersion. Operators other than the CVO and cluster-config-operator, must read the .status.featureGates, locate the version they are managing, find the enabled/disabled featuregates and make the operand and operator match. The enabled/disabled values for a particular version may change during the life of the cluster as various .spec.featureSet values are selected. Operators may choose to restart their processes to pick up these changes, but remembering past enable/disable lists is beyond the scope of this API and is the responsibility of individual operators. Only featureGates with .version in the ClusterVersion.status will be present in this list.
+featureGates contains a list of enabled and disabled featureGates that are keyed by payloadVersion.
+Operators other than the CVO and cluster-config-operator, must read the .status.featureGates, locate
+the version they are managing, find the enabled/disabled featuregates and make the operand and operator match.
+The enabled/disabled values for a particular version may change during the life of the cluster as various
+.spec.featureSet values are selected.
+Operators may choose to restart their processes to pick up these changes, but remembering past enable/disable
+lists is beyond the scope of this API and is the responsibility of individual operators.
+Only featureGates with .version in the ClusterVersion.status will be present in this list.
 --
 
 Type::
diff --git a/rest_api/config_apis/helmchartrepository-helm-openshift-io-v1beta1.adoc b/rest_api/config_apis/helmchartrepository-helm-openshift-io-v1beta1.adoc
index 3f0f888e32..f9f9dc6e5d 100644
--- a/rest_api/config_apis/helmchartrepository-helm-openshift-io-v1beta1.adoc
+++ b/rest_api/config_apis/helmchartrepository-helm-openshift-io-v1beta1.adoc
@@ -11,8 +11,9 @@ toc::[]
 Description::
 +
 --
-HelmChartRepository holds cluster-wide configuration for proxied Helm chart repository 
- Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).
+HelmChartRepository holds cluster-wide configuration for proxied Helm chart repository
+
+Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -102,11 +103,19 @@ Type::
 
 | `ca`
 | `object`
-| ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key "ca-bundle.crt" is used to locate the data. If empty, the default system roots are used. The namespace for this config map is openshift-config.
+| ca is an optional reference to a config map by name containing the PEM-encoded CA bundle.
+It is used as a trust anchor to validate the TLS certificate presented by the remote server.
+The key "ca-bundle.crt" is used to locate the data.
+If empty, the default system roots are used.
+The namespace for this config map is openshift-config.
 
 | `tlsClientConfig`
 | `object`
-| tlsClientConfig is an optional reference to a secret by name that contains the PEM-encoded TLS client certificate and private key to present when connecting to the server. The key "tls.crt" is used to locate the client certificate. The key "tls.key" is used to locate the private key. The namespace for this secret is openshift-config.
+| tlsClientConfig is an optional reference to a secret by name that contains the
+PEM-encoded TLS client certificate and private key to present when connecting to the server.
+The key "tls.crt" is used to locate the client certificate.
+The key "tls.key" is used to locate the private key.
+The namespace for this secret is openshift-config.
 
 | `url`
 | `string`
@@ -117,7 +126,11 @@ Type::
 Description::
 +
 --
-ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key "ca-bundle.crt" is used to locate the data. If empty, the default system roots are used. The namespace for this config map is openshift-config.
+ca is an optional reference to a config map by name containing the PEM-encoded CA bundle.
+It is used as a trust anchor to validate the TLS certificate presented by the remote server.
+The key "ca-bundle.crt" is used to locate the data.
+If empty, the default system roots are used.
+The namespace for this config map is openshift-config.
 --
 
 Type::
@@ -141,7 +154,11 @@ Required::
 Description::
 +
 --
-tlsClientConfig is an optional reference to a secret by name that contains the PEM-encoded TLS client certificate and private key to present when connecting to the server. The key "tls.crt" is used to locate the client certificate. The key "tls.key" is used to locate the private key. The namespace for this secret is openshift-config.
+tlsClientConfig is an optional reference to a secret by name that contains the
+PEM-encoded TLS client certificate and private key to present when connecting to the server.
+The key "tls.crt" is used to locate the client certificate.
+The key "tls.key" is used to locate the private key.
+The namespace for this secret is openshift-config.
 --
 
 Type::
@@ -184,9 +201,7 @@ Type::
 
 | `conditions[]`
 | `object`
-| Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions.  For example, 
- type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` 
- // other fields }
+| Condition contains details for one aspect of the current state of this API Resource.
 
 |===
 === .status.conditions
@@ -206,9 +221,7 @@ Type::
 Description::
 +
 --
-Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions.  For example, 
- type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` 
- // other fields }
+Condition contains details for one aspect of the current state of this API Resource.
 --
 
 Type::
@@ -229,19 +242,27 @@ Required::
 
 | `lastTransitionTime`
 | `string`
-| lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
+| lastTransitionTime is the last time the condition transitioned from one status to another.
+This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
 
 | `message`
 | `string`
-| message is a human readable message indicating details about the transition. This may be an empty string.
+| message is a human readable message indicating details about the transition.
+This may be an empty string.
 
 | `observedGeneration`
 | `integer`
-| observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
+| observedGeneration represents the .metadata.generation that the condition was set based upon.
+For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+with respect to the current state of the instance.
 
 | `reason`
 | `string`
-| reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
+| reason contains a programmatic identifier indicating the reason for the condition's last transition.
+Producers of specific condition types may define expected values and meanings for this field,
+and whether the values are considered a guaranteed API.
+The value should be a CamelCase string.
+This field may not be empty.
 
 | `status`
 | `string`
@@ -249,7 +270,7 @@ Required::
 
 | `type`
 | `string`
-| type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+| type of condition in CamelCase or in foo.example.com/CamelCase.
 
 |===
 
diff --git a/rest_api/config_apis/image-config-openshift-io-v1.adoc b/rest_api/config_apis/image-config-openshift-io-v1.adoc
index 390f091e1d..e9d8544a95 100644
--- a/rest_api/config_apis/image-config-openshift-io-v1.adoc
+++ b/rest_api/config_apis/image-config-openshift-io-v1.adoc
@@ -11,8 +11,14 @@ toc::[]
 Description::
 +
 --
-Image governs policies related to imagestream imports and runtime configuration for external registries. It allows cluster admins to configure which registries OpenShift is allowed to import images from, extra CA trust bundles for external registries, and policies to block or allow registry hostnames. When exposing OpenShift's image registry to the public, this also lets cluster admins specify the external hostname. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+Image governs policies related to imagestream imports and runtime configuration
+for external registries. It allows cluster admins to configure which registries
+OpenShift is allowed to import images from, extra CA trust bundles for external
+registries, and policies to block or allow registry hostnames.
+When exposing OpenShift's image registry to the public, this also lets cluster
+admins specify the external hostname.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -68,30 +74,48 @@ Type::
 
 | `additionalTrustedCA`
 | `object`
-| additionalTrustedCA is a reference to a ConfigMap containing additional CAs that should be trusted during imagestream import, pod image pull, build image pull, and imageregistry pullthrough. The namespace for this config map is openshift-config.
+| additionalTrustedCA is a reference to a ConfigMap containing additional CAs that
+should be trusted during imagestream import, pod image pull, build image pull, and
+imageregistry pullthrough.
+The namespace for this config map is openshift-config.
 
 | `allowedRegistriesForImport`
 | `array`
-| allowedRegistriesForImport limits the container image registries that normal users may import images from. Set this list to the registries that you trust to contain valid Docker images and that you want applications to be able to import from. Users with permission to create Images or ImageStreamMappings via the API are not affected by this policy - typically only administrators or system integrations will have those permissions.
+| allowedRegistriesForImport limits the container image registries that normal users may import
+images from. Set this list to the registries that you trust to contain valid Docker
+images and that you want applications to be able to import from. Users with
+permission to create Images or ImageStreamMappings via the API are not affected by
+this policy - typically only administrators or system integrations will have those
+permissions.
 
 | `allowedRegistriesForImport[]`
 | `object`
-| RegistryLocation contains a location of the registry specified by the registry domain name. The domain name might include wildcards, like '*' or '??'.
+| RegistryLocation contains a location of the registry specified by the registry domain
+name. The domain name might include wildcards, like '*' or '??'.
 
 | `externalRegistryHostnames`
 | `array (string)`
-| externalRegistryHostnames provides the hostnames for the default external image registry. The external hostname should be set only when the image registry is exposed externally. The first value is used in 'publicDockerImageRepository' field in ImageStreams. The value must be in "hostname[:port]" format.
+| externalRegistryHostnames provides the hostnames for the default external image
+registry. The external hostname should be set only when the image registry
+is exposed externally. The first value is used in 'publicDockerImageRepository'
+field in ImageStreams. The value must be in "hostname[:port]" format.
 
 | `registrySources`
 | `object`
-| registrySources contains configuration that determines how the container runtime should treat individual registries when accessing images for builds+pods. (e.g. whether or not to allow insecure access).  It does not contain configuration for the internal cluster registry.
+| registrySources contains configuration that determines how the container runtime
+should treat individual registries when accessing images for builds+pods. (e.g.
+whether or not to allow insecure access).  It does not contain configuration for the
+internal cluster registry.
 
 |===
 === .spec.additionalTrustedCA
 Description::
 +
 --
-additionalTrustedCA is a reference to a ConfigMap containing additional CAs that should be trusted during imagestream import, pod image pull, build image pull, and imageregistry pullthrough. The namespace for this config map is openshift-config.
+additionalTrustedCA is a reference to a ConfigMap containing additional CAs that
+should be trusted during imagestream import, pod image pull, build image pull, and
+imageregistry pullthrough.
+The namespace for this config map is openshift-config.
 --
 
 Type::
@@ -115,7 +139,12 @@ Required::
 Description::
 +
 --
-allowedRegistriesForImport limits the container image registries that normal users may import images from. Set this list to the registries that you trust to contain valid Docker images and that you want applications to be able to import from. Users with permission to create Images or ImageStreamMappings via the API are not affected by this policy - typically only administrators or system integrations will have those permissions.
+allowedRegistriesForImport limits the container image registries that normal users may import
+images from. Set this list to the registries that you trust to contain valid Docker
+images and that you want applications to be able to import from. Users with
+permission to create Images or ImageStreamMappings via the API are not affected by
+this policy - typically only administrators or system integrations will have those
+permissions.
 --
 
 Type::
@@ -128,7 +157,8 @@ Type::
 Description::
 +
 --
-RegistryLocation contains a location of the registry specified by the registry domain name. The domain name might include wildcards, like '*' or '??'.
+RegistryLocation contains a location of the registry specified by the registry domain
+name. The domain name might include wildcards, like '*' or '??'.
 --
 
 Type::
@@ -143,18 +173,24 @@ Type::
 
 | `domainName`
 | `string`
-| domainName specifies a domain name for the registry In case the registry use non-standard (80 or 443) port, the port should be included in the domain name as well.
+| domainName specifies a domain name for the registry
+In case the registry use non-standard (80 or 443) port, the port should be included
+in the domain name as well.
 
 | `insecure`
 | `boolean`
-| insecure indicates whether the registry is secure (https) or insecure (http) By default (if not specified) the registry is assumed as secure.
+| insecure indicates whether the registry is secure (https) or insecure (http)
+By default (if not specified) the registry is assumed as secure.
 
 |===
 === .spec.registrySources
 Description::
 +
 --
-registrySources contains configuration that determines how the container runtime should treat individual registries when accessing images for builds+pods. (e.g. whether or not to allow insecure access).  It does not contain configuration for the internal cluster registry.
+registrySources contains configuration that determines how the container runtime
+should treat individual registries when accessing images for builds+pods. (e.g.
+whether or not to allow insecure access).  It does not contain configuration for the
+internal cluster registry.
 --
 
 Type::
@@ -169,17 +205,21 @@ Type::
 
 | `allowedRegistries`
 | `array (string)`
-| allowedRegistries are the only registries permitted for image pull and push actions. All other registries are denied. 
- Only one of BlockedRegistries or AllowedRegistries may be set.
+| allowedRegistries are the only registries permitted for image pull and push actions. All other registries are denied.
+
+Only one of BlockedRegistries or AllowedRegistries may be set.
 
 | `blockedRegistries`
 | `array (string)`
-| blockedRegistries cannot be used for image pull and push actions. All other registries are permitted. 
- Only one of BlockedRegistries or AllowedRegistries may be set.
+| blockedRegistries cannot be used for image pull and push actions. All other registries are permitted.
+
+Only one of BlockedRegistries or AllowedRegistries may be set.
 
 | `containerRuntimeSearchRegistries`
 | `array (string)`
-| containerRuntimeSearchRegistries are registries that will be searched when pulling images that do not have fully qualified domains in their pull specs. Registries will be searched in the order provided in the list. Note: this search list only works with the container runtime, i.e CRI-O. Will NOT work with builds or imagestream imports.
+| containerRuntimeSearchRegistries are registries that will be searched when pulling images that do not have fully qualified
+domains in their pull specs. Registries will be searched in the order provided in the list.
+Note: this search list only works with the container runtime, i.e CRI-O. Will NOT work with builds or imagestream imports.
 
 | `insecureRegistries`
 | `array (string)`
@@ -205,11 +245,17 @@ Type::
 
 | `externalRegistryHostnames`
 | `array (string)`
-| externalRegistryHostnames provides the hostnames for the default external image registry. The external hostname should be set only when the image registry is exposed externally. The first value is used in 'publicDockerImageRepository' field in ImageStreams. The value must be in "hostname[:port]" format.
+| externalRegistryHostnames provides the hostnames for the default external image
+registry. The external hostname should be set only when the image registry
+is exposed externally. The first value is used in 'publicDockerImageRepository'
+field in ImageStreams. The value must be in "hostname[:port]" format.
 
 | `internalRegistryHostname`
 | `string`
-| internalRegistryHostname sets the hostname for the default internal image registry. The value must be in "hostname[:port]" format. This value is set by the image registry operator which controls the internal registry hostname.
+| internalRegistryHostname sets the hostname for the default internal image
+registry. The value must be in "hostname[:port]" format.
+This value is set by the image registry operator which controls the internal registry
+hostname.
 
 |===
 
diff --git a/rest_api/config_apis/imagecontentpolicy-config-openshift-io-v1.adoc b/rest_api/config_apis/imagecontentpolicy-config-openshift-io-v1.adoc
index a85b98c7c5..cbd3f18449 100644
--- a/rest_api/config_apis/imagecontentpolicy-config-openshift-io-v1.adoc
+++ b/rest_api/config_apis/imagecontentpolicy-config-openshift-io-v1.adoc
@@ -11,8 +11,10 @@ toc::[]
 Description::
 +
 --
-ImageContentPolicy holds cluster-wide information about how to handle registry mirror rules. When multiple policies are defined, the outcome of the behavior is defined on each field. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ImageContentPolicy holds cluster-wide information about how to handle registry mirror rules.
+When multiple policies are defined, the outcome of the behavior is defined on each field.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -64,10 +66,24 @@ Type::
 
 | `repositoryDigestMirrors`
 | `array`
-| repositoryDigestMirrors allows images referenced by image digests in pods to be pulled from alternative mirrored repository locations. The image pull specification provided to the pod will be compared to the source locations described in RepositoryDigestMirrors and the image may be pulled down from any of the mirrors in the list instead of the specified repository allowing administrators to choose a potentially faster mirror. To pull image from mirrors by tags, should set the "allowMirrorByTags". 
- Each “source” repository is treated independently; configurations for different “source” repositories don’t interact. 
- If the "mirrors" is not specified, the image will continue to be pulled from the specified repository in the pull spec. 
- When multiple policies are defined for the same “source” repository, the sets of defined mirrors will be merged together, preserving the relative order of the mirrors, if possible. For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the mirrors will be used in the order `a, b, c, d, e`.  If the orders of mirror entries conflict (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified.
+| repositoryDigestMirrors allows images referenced by image digests in pods to be
+pulled from alternative mirrored repository locations. The image pull specification
+provided to the pod will be compared to the source locations described in RepositoryDigestMirrors
+and the image may be pulled down from any of the mirrors in the list instead of the
+specified repository allowing administrators to choose a potentially faster mirror.
+To pull image from mirrors by tags, should set the "allowMirrorByTags".
+
+Each “source” repository is treated independently; configurations for different “source”
+repositories don’t interact.
+
+If the "mirrors" is not specified, the image will continue to be pulled from the specified
+repository in the pull spec.
+
+When multiple policies are defined for the same “source” repository, the sets of defined
+mirrors will be merged together, preserving the relative order of the mirrors, if possible.
+For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the
+mirrors will be used in the order `a, b, c, d, e`.  If the orders of mirror entries conflict
+(e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified.
 
 | `repositoryDigestMirrors[]`
 | `object`
@@ -78,10 +94,24 @@ Type::
 Description::
 +
 --
-repositoryDigestMirrors allows images referenced by image digests in pods to be pulled from alternative mirrored repository locations. The image pull specification provided to the pod will be compared to the source locations described in RepositoryDigestMirrors and the image may be pulled down from any of the mirrors in the list instead of the specified repository allowing administrators to choose a potentially faster mirror. To pull image from mirrors by tags, should set the "allowMirrorByTags". 
- Each “source” repository is treated independently; configurations for different “source” repositories don’t interact. 
- If the "mirrors" is not specified, the image will continue to be pulled from the specified repository in the pull spec. 
- When multiple policies are defined for the same “source” repository, the sets of defined mirrors will be merged together, preserving the relative order of the mirrors, if possible. For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the mirrors will be used in the order `a, b, c, d, e`.  If the orders of mirror entries conflict (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified.
+repositoryDigestMirrors allows images referenced by image digests in pods to be
+pulled from alternative mirrored repository locations. The image pull specification
+provided to the pod will be compared to the source locations described in RepositoryDigestMirrors
+and the image may be pulled down from any of the mirrors in the list instead of the
+specified repository allowing administrators to choose a potentially faster mirror.
+To pull image from mirrors by tags, should set the "allowMirrorByTags".
+
+Each “source” repository is treated independently; configurations for different “source”
+repositories don’t interact.
+
+If the "mirrors" is not specified, the image will continue to be pulled from the specified
+repository in the pull spec.
+
+When multiple policies are defined for the same “source” repository, the sets of defined
+mirrors will be merged together, preserving the relative order of the mirrors, if possible.
+For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the
+mirrors will be used in the order `a, b, c, d, e`.  If the orders of mirror entries conflict
+(e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified.
 --
 
 Type::
@@ -111,11 +141,20 @@ Required::
 
 | `allowMirrorByTags`
 | `boolean`
-| allowMirrorByTags if true, the mirrors can be used to pull the images that are referenced by their tags. Default is false, the mirrors only work when pulling the images that are referenced by their digests. Pulling images by tag can potentially yield different images, depending on which endpoint we pull from. Forcing digest-pulls for mirrors avoids that issue.
+| allowMirrorByTags if true, the mirrors can be used to pull the images that are referenced by their tags. Default is false, the mirrors only work when pulling the images that are referenced by their digests.
+Pulling images by tag can potentially yield different images, depending on which endpoint
+we pull from. Forcing digest-pulls for mirrors avoids that issue.
 
 | `mirrors`
 | `array (string)`
-| mirrors is zero or more repositories that may also contain the same images. If the "mirrors" is not specified, the image will continue to be pulled from the specified repository in the pull spec. No mirror will be configured. The order of mirrors in this list is treated as the user's desired priority, while source is by default considered lower priority than all mirrors. Other cluster configuration, including (but not limited to) other repositoryDigestMirrors objects, may impact the exact order mirrors are contacted in, or some mirrors may be contacted in parallel, so this should be considered a preference rather than a guarantee of ordering.
+| mirrors is zero or more repositories that may also contain the same images.
+If the "mirrors" is not specified, the image will continue to be pulled from the specified
+repository in the pull spec. No mirror will be configured.
+The order of mirrors in this list is treated as the user's desired priority, while source
+is by default considered lower priority than all mirrors. Other cluster configuration,
+including (but not limited to) other repositoryDigestMirrors objects,
+may impact the exact order mirrors are contacted in, or some mirrors may be contacted
+in parallel, so this should be considered a preference rather than a guarantee of ordering.
 
 | `source`
 | `string`
diff --git a/rest_api/config_apis/imagedigestmirrorset-config-openshift-io-v1.adoc b/rest_api/config_apis/imagedigestmirrorset-config-openshift-io-v1.adoc
index e79ff42cd6..b3dea87be1 100644
--- a/rest_api/config_apis/imagedigestmirrorset-config-openshift-io-v1.adoc
+++ b/rest_api/config_apis/imagedigestmirrorset-config-openshift-io-v1.adoc
@@ -11,8 +11,10 @@ toc::[]
 Description::
 +
 --
-ImageDigestMirrorSet holds cluster-wide information about how to handle registry mirror rules on using digest pull specification. When multiple policies are defined, the outcome of the behavior is defined on each field. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ImageDigestMirrorSet holds cluster-wide information about how to handle registry mirror rules on using digest pull specification.
+When multiple policies are defined, the outcome of the behavior is defined on each field.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -68,10 +70,31 @@ Type::
 
 | `imageDigestMirrors`
 | `array`
-| imageDigestMirrors allows images referenced by image digests in pods to be pulled from alternative mirrored repository locations. The image pull specification provided to the pod will be compared to the source locations described in imageDigestMirrors and the image may be pulled down from any of the mirrors in the list instead of the specified repository allowing administrators to choose a potentially faster mirror. To use mirrors to pull images using tag specification, users should configure a list of mirrors using "ImageTagMirrorSet" CRD. 
- If the image pull specification matches the repository of "source" in multiple imagedigestmirrorset objects, only the objects which define the most specific namespace match will be used. For example, if there are objects using quay.io/libpod and quay.io/libpod/busybox as the "source", only the objects using quay.io/libpod/busybox are going to apply for pull specification quay.io/libpod/busybox. Each “source” repository is treated independently; configurations for different “source” repositories don’t interact. 
- If the "mirrors" is not specified, the image will continue to be pulled from the specified repository in the pull spec. 
- When multiple policies are defined for the same “source” repository, the sets of defined mirrors will be merged together, preserving the relative order of the mirrors, if possible. For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the mirrors will be used in the order `a, b, c, d, e`.  If the orders of mirror entries conflict (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified. Users who want to use a specific order of mirrors, should configure them into one list of mirrors using the expected order.
+| imageDigestMirrors allows images referenced by image digests in pods to be
+pulled from alternative mirrored repository locations. The image pull specification
+provided to the pod will be compared to the source locations described in imageDigestMirrors
+and the image may be pulled down from any of the mirrors in the list instead of the
+specified repository allowing administrators to choose a potentially faster mirror.
+To use mirrors to pull images using tag specification, users should configure
+a list of mirrors using "ImageTagMirrorSet" CRD.
+
+If the image pull specification matches the repository of "source" in multiple imagedigestmirrorset objects,
+only the objects which define the most specific namespace match will be used.
+For example, if there are objects using quay.io/libpod and quay.io/libpod/busybox as
+the "source", only the objects using quay.io/libpod/busybox are going to apply
+for pull specification quay.io/libpod/busybox.
+Each “source” repository is treated independently; configurations for different “source”
+repositories don’t interact.
+
+If the "mirrors" is not specified, the image will continue to be pulled from the specified
+repository in the pull spec.
+
+When multiple policies are defined for the same “source” repository, the sets of defined
+mirrors will be merged together, preserving the relative order of the mirrors, if possible.
+For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the
+mirrors will be used in the order `a, b, c, d, e`.  If the orders of mirror entries conflict
+(e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified.
+Users who want to use a specific order of mirrors, should configure them into one list of mirrors using the expected order.
 
 | `imageDigestMirrors[]`
 | `object`
@@ -82,10 +105,31 @@ Type::
 Description::
 +
 --
-imageDigestMirrors allows images referenced by image digests in pods to be pulled from alternative mirrored repository locations. The image pull specification provided to the pod will be compared to the source locations described in imageDigestMirrors and the image may be pulled down from any of the mirrors in the list instead of the specified repository allowing administrators to choose a potentially faster mirror. To use mirrors to pull images using tag specification, users should configure a list of mirrors using "ImageTagMirrorSet" CRD. 
- If the image pull specification matches the repository of "source" in multiple imagedigestmirrorset objects, only the objects which define the most specific namespace match will be used. For example, if there are objects using quay.io/libpod and quay.io/libpod/busybox as the "source", only the objects using quay.io/libpod/busybox are going to apply for pull specification quay.io/libpod/busybox. Each “source” repository is treated independently; configurations for different “source” repositories don’t interact. 
- If the "mirrors" is not specified, the image will continue to be pulled from the specified repository in the pull spec. 
- When multiple policies are defined for the same “source” repository, the sets of defined mirrors will be merged together, preserving the relative order of the mirrors, if possible. For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the mirrors will be used in the order `a, b, c, d, e`.  If the orders of mirror entries conflict (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified. Users who want to use a specific order of mirrors, should configure them into one list of mirrors using the expected order.
+imageDigestMirrors allows images referenced by image digests in pods to be
+pulled from alternative mirrored repository locations. The image pull specification
+provided to the pod will be compared to the source locations described in imageDigestMirrors
+and the image may be pulled down from any of the mirrors in the list instead of the
+specified repository allowing administrators to choose a potentially faster mirror.
+To use mirrors to pull images using tag specification, users should configure
+a list of mirrors using "ImageTagMirrorSet" CRD.
+
+If the image pull specification matches the repository of "source" in multiple imagedigestmirrorset objects,
+only the objects which define the most specific namespace match will be used.
+For example, if there are objects using quay.io/libpod and quay.io/libpod/busybox as
+the "source", only the objects using quay.io/libpod/busybox are going to apply
+for pull specification quay.io/libpod/busybox.
+Each “source” repository is treated independently; configurations for different “source”
+repositories don’t interact.
+
+If the "mirrors" is not specified, the image will continue to be pulled from the specified
+repository in the pull spec.
+
+When multiple policies are defined for the same “source” repository, the sets of defined
+mirrors will be merged together, preserving the relative order of the mirrors, if possible.
+For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the
+mirrors will be used in the order `a, b, c, d, e`.  If the orders of mirror entries conflict
+(e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified.
+Users who want to use a specific order of mirrors, should configure them into one list of mirrors using the expected order.
 --
 
 Type::
@@ -115,15 +159,43 @@ Required::
 
 | `mirrorSourcePolicy`
 | `string`
-| mirrorSourcePolicy defines the fallback policy if fails to pull image from the mirrors. If unset, the image will continue to be pulled from the the repository in the pull spec. sourcePolicy is valid configuration only when one or more mirrors are in the mirror list.
+| mirrorSourcePolicy defines the fallback policy if fails to pull image from the mirrors.
+If unset, the image will continue to be pulled from the the repository in the pull spec.
+sourcePolicy is valid configuration only when one or more mirrors are in the mirror list.
 
 | `mirrors`
 | `array (string)`
-| mirrors is zero or more locations that may also contain the same images. No mirror will be configured if not specified. Images can be pulled from these mirrors only if they are referenced by their digests. The mirrored location is obtained by replacing the part of the input reference that matches source by the mirrors entry, e.g. for registry.redhat.io/product/repo reference, a (source, mirror) pair *.redhat.io, mirror.local/redhat causes a mirror.local/redhat/product/repo repository to be used. The order of mirrors in this list is treated as the user's desired priority, while source is by default considered lower priority than all mirrors. If no mirror is specified or all image pulls from the mirror list fail, the image will continue to be pulled from the repository in the pull spec unless explicitly prohibited by "mirrorSourcePolicy" Other cluster configuration, including (but not limited to) other imageDigestMirrors objects, may impact the exact order mirrors are contacted in, or some mirrors may be contacted in parallel, so this should be considered a preference rather than a guarantee of ordering. "mirrors" uses one of the following formats: host[:port] host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo for more information about the format, see the document about the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table
+| mirrors is zero or more locations that may also contain the same images. No mirror will be configured if not specified.
+Images can be pulled from these mirrors only if they are referenced by their digests.
+The mirrored location is obtained by replacing the part of the input reference that
+matches source by the mirrors entry, e.g. for registry.redhat.io/product/repo reference,
+a (source, mirror) pair *.redhat.io, mirror.local/redhat causes a mirror.local/redhat/product/repo
+repository to be used.
+The order of mirrors in this list is treated as the user's desired priority, while source
+is by default considered lower priority than all mirrors.
+If no mirror is specified or all image pulls from the mirror list fail, the image will continue to be
+pulled from the repository in the pull spec unless explicitly prohibited by "mirrorSourcePolicy"
+Other cluster configuration, including (but not limited to) other imageDigestMirrors objects,
+may impact the exact order mirrors are contacted in, or some mirrors may be contacted
+in parallel, so this should be considered a preference rather than a guarantee of ordering.
+"mirrors" uses one of the following formats:
+host[:port]
+host[:port]/namespace[/namespace…]
+host[:port]/namespace[/namespace…]/repo
+for more information about the format, see the document about the location field:
+https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table
 
 | `source`
 | `string`
-| source matches the repository that users refer to, e.g. in image pull specifications. Setting source to a registry hostname e.g. docker.io. quay.io, or registry.redhat.io, will match the image pull specification of corressponding registry. "source" uses one of the following formats: host[:port] host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo [*.]host for more information about the format, see the document about the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table
+| source matches the repository that users refer to, e.g. in image pull specifications. Setting source to a registry hostname
+e.g. docker.io. quay.io, or registry.redhat.io, will match the image pull specification of corressponding registry.
+"source" uses one of the following formats:
+host[:port]
+host[:port]/namespace[/namespace…]
+host[:port]/namespace[/namespace…]/repo
+[*.]host
+for more information about the format, see the document about the location field:
+https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table
 
 |===
 === .status
diff --git a/rest_api/config_apis/imagetagmirrorset-config-openshift-io-v1.adoc b/rest_api/config_apis/imagetagmirrorset-config-openshift-io-v1.adoc
index a4e3774b0e..5cd6d71e3c 100644
--- a/rest_api/config_apis/imagetagmirrorset-config-openshift-io-v1.adoc
+++ b/rest_api/config_apis/imagetagmirrorset-config-openshift-io-v1.adoc
@@ -11,8 +11,10 @@ toc::[]
 Description::
 +
 --
-ImageTagMirrorSet holds cluster-wide information about how to handle registry mirror rules on using tag pull specification. When multiple policies are defined, the outcome of the behavior is defined on each field. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ImageTagMirrorSet holds cluster-wide information about how to handle registry mirror rules on using tag pull specification.
+When multiple policies are defined, the outcome of the behavior is defined on each field.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -68,10 +70,31 @@ Type::
 
 | `imageTagMirrors`
 | `array`
-| imageTagMirrors allows images referenced by image tags in pods to be pulled from alternative mirrored repository locations. The image pull specification provided to the pod will be compared to the source locations described in imageTagMirrors and the image may be pulled down from any of the mirrors in the list instead of the specified repository allowing administrators to choose a potentially faster mirror. To use mirrors to pull images using digest specification only, users should configure a list of mirrors using "ImageDigestMirrorSet" CRD. 
- If the image pull specification matches the repository of "source" in multiple imagetagmirrorset objects, only the objects which define the most specific namespace match will be used. For example, if there are objects using quay.io/libpod and quay.io/libpod/busybox as the "source", only the objects using quay.io/libpod/busybox are going to apply for pull specification quay.io/libpod/busybox. Each “source” repository is treated independently; configurations for different “source” repositories don’t interact. 
- If the "mirrors" is not specified, the image will continue to be pulled from the specified repository in the pull spec. 
- When multiple policies are defined for the same “source” repository, the sets of defined mirrors will be merged together, preserving the relative order of the mirrors, if possible. For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the mirrors will be used in the order `a, b, c, d, e`.  If the orders of mirror entries conflict (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified. Users who want to use a deterministic order of mirrors, should configure them into one list of mirrors using the expected order.
+| imageTagMirrors allows images referenced by image tags in pods to be
+pulled from alternative mirrored repository locations. The image pull specification
+provided to the pod will be compared to the source locations described in imageTagMirrors
+and the image may be pulled down from any of the mirrors in the list instead of the
+specified repository allowing administrators to choose a potentially faster mirror.
+To use mirrors to pull images using digest specification only, users should configure
+a list of mirrors using "ImageDigestMirrorSet" CRD.
+
+If the image pull specification matches the repository of "source" in multiple imagetagmirrorset objects,
+only the objects which define the most specific namespace match will be used.
+For example, if there are objects using quay.io/libpod and quay.io/libpod/busybox as
+the "source", only the objects using quay.io/libpod/busybox are going to apply
+for pull specification quay.io/libpod/busybox.
+Each “source” repository is treated independently; configurations for different “source”
+repositories don’t interact.
+
+If the "mirrors" is not specified, the image will continue to be pulled from the specified
+repository in the pull spec.
+
+When multiple policies are defined for the same “source” repository, the sets of defined
+mirrors will be merged together, preserving the relative order of the mirrors, if possible.
+For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the
+mirrors will be used in the order `a, b, c, d, e`.  If the orders of mirror entries conflict
+(e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified.
+Users who want to use a deterministic order of mirrors, should configure them into one list of mirrors using the expected order.
 
 | `imageTagMirrors[]`
 | `object`
@@ -82,10 +105,31 @@ Type::
 Description::
 +
 --
-imageTagMirrors allows images referenced by image tags in pods to be pulled from alternative mirrored repository locations. The image pull specification provided to the pod will be compared to the source locations described in imageTagMirrors and the image may be pulled down from any of the mirrors in the list instead of the specified repository allowing administrators to choose a potentially faster mirror. To use mirrors to pull images using digest specification only, users should configure a list of mirrors using "ImageDigestMirrorSet" CRD. 
- If the image pull specification matches the repository of "source" in multiple imagetagmirrorset objects, only the objects which define the most specific namespace match will be used. For example, if there are objects using quay.io/libpod and quay.io/libpod/busybox as the "source", only the objects using quay.io/libpod/busybox are going to apply for pull specification quay.io/libpod/busybox. Each “source” repository is treated independently; configurations for different “source” repositories don’t interact. 
- If the "mirrors" is not specified, the image will continue to be pulled from the specified repository in the pull spec. 
- When multiple policies are defined for the same “source” repository, the sets of defined mirrors will be merged together, preserving the relative order of the mirrors, if possible. For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the mirrors will be used in the order `a, b, c, d, e`.  If the orders of mirror entries conflict (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified. Users who want to use a deterministic order of mirrors, should configure them into one list of mirrors using the expected order.
+imageTagMirrors allows images referenced by image tags in pods to be
+pulled from alternative mirrored repository locations. The image pull specification
+provided to the pod will be compared to the source locations described in imageTagMirrors
+and the image may be pulled down from any of the mirrors in the list instead of the
+specified repository allowing administrators to choose a potentially faster mirror.
+To use mirrors to pull images using digest specification only, users should configure
+a list of mirrors using "ImageDigestMirrorSet" CRD.
+
+If the image pull specification matches the repository of "source" in multiple imagetagmirrorset objects,
+only the objects which define the most specific namespace match will be used.
+For example, if there are objects using quay.io/libpod and quay.io/libpod/busybox as
+the "source", only the objects using quay.io/libpod/busybox are going to apply
+for pull specification quay.io/libpod/busybox.
+Each “source” repository is treated independently; configurations for different “source”
+repositories don’t interact.
+
+If the "mirrors" is not specified, the image will continue to be pulled from the specified
+repository in the pull spec.
+
+When multiple policies are defined for the same “source” repository, the sets of defined
+mirrors will be merged together, preserving the relative order of the mirrors, if possible.
+For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the
+mirrors will be used in the order `a, b, c, d, e`.  If the orders of mirror entries conflict
+(e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified.
+Users who want to use a deterministic order of mirrors, should configure them into one list of mirrors using the expected order.
 --
 
 Type::
@@ -115,15 +159,45 @@ Required::
 
 | `mirrorSourcePolicy`
 | `string`
-| mirrorSourcePolicy defines the fallback policy if fails to pull image from the mirrors. If unset, the image will continue to be pulled from the repository in the pull spec. sourcePolicy is valid configuration only when one or more mirrors are in the mirror list.
+| mirrorSourcePolicy defines the fallback policy if fails to pull image from the mirrors.
+If unset, the image will continue to be pulled from the repository in the pull spec.
+sourcePolicy is valid configuration only when one or more mirrors are in the mirror list.
 
 | `mirrors`
 | `array (string)`
-| mirrors is zero or more locations that may also contain the same images. No mirror will be configured if not specified. Images can be pulled from these mirrors only if they are referenced by their tags. The mirrored location is obtained by replacing the part of the input reference that matches source by the mirrors entry, e.g. for registry.redhat.io/product/repo reference, a (source, mirror) pair *.redhat.io, mirror.local/redhat causes a mirror.local/redhat/product/repo repository to be used. Pulling images by tag can potentially yield different images, depending on which endpoint we pull from. Configuring a list of mirrors using "ImageDigestMirrorSet" CRD and forcing digest-pulls for mirrors avoids that issue. The order of mirrors in this list is treated as the user's desired priority, while source is by default considered lower priority than all mirrors. If no mirror is specified or all image pulls from the mirror list fail, the image will continue to be pulled from the repository in the pull spec unless explicitly prohibited by "mirrorSourcePolicy". Other cluster configuration, including (but not limited to) other imageTagMirrors objects, may impact the exact order mirrors are contacted in, or some mirrors may be contacted in parallel, so this should be considered a preference rather than a guarantee of ordering. "mirrors" uses one of the following formats: host[:port] host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo for more information about the format, see the document about the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table
+| mirrors is zero or more locations that may also contain the same images. No mirror will be configured if not specified.
+Images can be pulled from these mirrors only if they are referenced by their tags.
+The mirrored location is obtained by replacing the part of the input reference that
+matches source by the mirrors entry, e.g. for registry.redhat.io/product/repo reference,
+a (source, mirror) pair *.redhat.io, mirror.local/redhat causes a mirror.local/redhat/product/repo
+repository to be used.
+Pulling images by tag can potentially yield different images, depending on which endpoint we pull from.
+Configuring a list of mirrors using "ImageDigestMirrorSet" CRD and forcing digest-pulls for mirrors avoids that issue.
+The order of mirrors in this list is treated as the user's desired priority, while source
+is by default considered lower priority than all mirrors.
+If no mirror is specified or all image pulls from the mirror list fail, the image will continue to be
+pulled from the repository in the pull spec unless explicitly prohibited by "mirrorSourcePolicy".
+Other cluster configuration, including (but not limited to) other imageTagMirrors objects,
+may impact the exact order mirrors are contacted in, or some mirrors may be contacted
+in parallel, so this should be considered a preference rather than a guarantee of ordering.
+"mirrors" uses one of the following formats:
+host[:port]
+host[:port]/namespace[/namespace…]
+host[:port]/namespace[/namespace…]/repo
+for more information about the format, see the document about the location field:
+https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table
 
 | `source`
 | `string`
-| source matches the repository that users refer to, e.g. in image pull specifications. Setting source to a registry hostname e.g. docker.io. quay.io, or registry.redhat.io, will match the image pull specification of corressponding registry. "source" uses one of the following formats: host[:port] host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo [*.]host for more information about the format, see the document about the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table
+| source matches the repository that users refer to, e.g. in image pull specifications. Setting source to a registry hostname
+e.g. docker.io. quay.io, or registry.redhat.io, will match the image pull specification of corressponding registry.
+"source" uses one of the following formats:
+host[:port]
+host[:port]/namespace[/namespace…]
+host[:port]/namespace[/namespace…]/repo
+[*.]host
+for more information about the format, see the document about the location field:
+https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table
 
 |===
 === .status
diff --git a/rest_api/config_apis/infrastructure-config-openshift-io-v1.adoc b/rest_api/config_apis/infrastructure-config-openshift-io-v1.adoc
index afa483550b..9955ab177f 100644
--- a/rest_api/config_apis/infrastructure-config-openshift-io-v1.adoc
+++ b/rest_api/config_apis/infrastructure-config-openshift-io-v1.adoc
@@ -11,8 +11,9 @@ toc::[]
 Description::
 +
 --
-Infrastructure holds cluster-wide information about Infrastructure.  The canonical name is `cluster` 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+Infrastructure holds cluster-wide information about Infrastructure.  The canonical name is `cluster`
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -68,20 +69,41 @@ Type::
 
 | `cloudConfig`
 | `object`
-| cloudConfig is a reference to a ConfigMap containing the cloud provider configuration file. This configuration file is used to configure the Kubernetes cloud provider integration when using the built-in cloud provider integration or the external cloud controller manager. The namespace for this config map is openshift-config. 
- cloudConfig should only be consumed by the kube_cloud_config controller. The controller is responsible for using the user configuration in the spec for various platforms and combining that with the user provided ConfigMap in this field to create a stitched kube cloud config. The controller generates a ConfigMap `kube-cloud-config` in `openshift-config-managed` namespace with the kube cloud config is stored in `cloud.conf` key. All the clients are expected to use the generated ConfigMap only.
+| cloudConfig is a reference to a ConfigMap containing the cloud provider configuration file.
+This configuration file is used to configure the Kubernetes cloud provider integration
+when using the built-in cloud provider integration or the external cloud controller manager.
+The namespace for this config map is openshift-config.
+
+cloudConfig should only be consumed by the kube_cloud_config controller.
+The controller is responsible for using the user configuration in the spec
+for various platforms and combining that with the user provided ConfigMap in this field
+to create a stitched kube cloud config.
+The controller generates a ConfigMap `kube-cloud-config` in `openshift-config-managed` namespace
+with the kube cloud config is stored in `cloud.conf` key.
+All the clients are expected to use the generated ConfigMap only.
 
 | `platformSpec`
 | `object`
-| platformSpec holds desired information specific to the underlying infrastructure provider.
+| platformSpec holds desired information specific to the underlying
+infrastructure provider.
 
 |===
 === .spec.cloudConfig
 Description::
 +
 --
-cloudConfig is a reference to a ConfigMap containing the cloud provider configuration file. This configuration file is used to configure the Kubernetes cloud provider integration when using the built-in cloud provider integration or the external cloud controller manager. The namespace for this config map is openshift-config. 
- cloudConfig should only be consumed by the kube_cloud_config controller. The controller is responsible for using the user configuration in the spec for various platforms and combining that with the user provided ConfigMap in this field to create a stitched kube cloud config. The controller generates a ConfigMap `kube-cloud-config` in `openshift-config-managed` namespace with the kube cloud config is stored in `cloud.conf` key. All the clients are expected to use the generated ConfigMap only.
+cloudConfig is a reference to a ConfigMap containing the cloud provider configuration file.
+This configuration file is used to configure the Kubernetes cloud provider integration
+when using the built-in cloud provider integration or the external cloud controller manager.
+The namespace for this config map is openshift-config.
+
+cloudConfig should only be consumed by the kube_cloud_config controller.
+The controller is responsible for using the user configuration in the spec
+for various platforms and combining that with the user provided ConfigMap in this field
+to create a stitched kube cloud config.
+The controller generates a ConfigMap `kube-cloud-config` in `openshift-config-managed` namespace
+with the kube cloud config is stored in `cloud.conf` key.
+All the clients are expected to use the generated ConfigMap only.
 --
 
 Type::
@@ -107,7 +129,8 @@ Type::
 Description::
 +
 --
-platformSpec holds desired information specific to the underlying infrastructure provider.
+platformSpec holds desired information specific to the underlying
+infrastructure provider.
 --
 
 Type::
@@ -142,7 +165,8 @@ Type::
 
 | `external`
 | `object`
-| ExternalPlatformType represents generic infrastructure provider. Platform-specific components should be supplemented separately.
+| ExternalPlatformType represents generic infrastructure provider.
+Platform-specific components should be supplemented separately.
 
 | `gcp`
 | `object`
@@ -174,7 +198,14 @@ Type::
 
 | `type`
 | `string`
-| type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are "AWS", "Azure", "BareMetal", "GCP", "Libvirt", "OpenStack", "VSphere", "oVirt", "KubeVirt", "EquinixMetal", "PowerVS", "AlibabaCloud", "Nutanix" and "None". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform.
+| type is the underlying infrastructure provider for the cluster. This
+value controls whether infrastructure automation such as service load
+balancers, dynamic volume provisioning, machine creation and deletion, and
+other integrations are enabled. If None, no infrastructure automation is
+enabled. Allowed values are "AWS", "Azure", "BareMetal", "GCP", "Libvirt",
+"OpenStack", "VSphere", "oVirt", "KubeVirt", "EquinixMetal", "PowerVS",
+"AlibabaCloud", "Nutanix" and "None". Individual components may not support all platforms,
+and must handle unrecognized platforms as None if they do not support that platform.
 
 | `vsphere`
 | `object`
@@ -213,18 +244,23 @@ Type::
 
 | `serviceEndpoints`
 | `array`
-| serviceEndpoints list contains custom endpoints which will override default service endpoint of AWS Services. There must be only one ServiceEndpoint for a service.
+| serviceEndpoints list contains custom endpoints which will override default
+service endpoint of AWS Services.
+There must be only one ServiceEndpoint for a service.
 
 | `serviceEndpoints[]`
 | `object`
-| AWSServiceEndpoint store the configuration of a custom url to override existing defaults of AWS Services.
+| AWSServiceEndpoint store the configuration of a custom url to
+override existing defaults of AWS Services.
 
 |===
 === .spec.platformSpec.aws.serviceEndpoints
 Description::
 +
 --
-serviceEndpoints list contains custom endpoints which will override default service endpoint of AWS Services. There must be only one ServiceEndpoint for a service.
+serviceEndpoints list contains custom endpoints which will override default
+service endpoint of AWS Services.
+There must be only one ServiceEndpoint for a service.
 --
 
 Type::
@@ -237,7 +273,8 @@ Type::
 Description::
 +
 --
-AWSServiceEndpoint store the configuration of a custom url to override existing defaults of AWS Services.
+AWSServiceEndpoint store the configuration of a custom url to
+override existing defaults of AWS Services.
 --
 
 Type::
@@ -252,11 +289,15 @@ Type::
 
 | `name`
 | `string`
-| name is the name of the AWS service. The list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html This must be provided and cannot be empty.
+| name is the name of the AWS service.
+The list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html
+This must be provided and cannot be empty.
 
 | `url`
 | `string`
-| url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty.
+| url is fully qualified URI with scheme https, that overrides the default generated
+endpoint for a client.
+This must be provided and cannot be empty.
 
 |===
 === .spec.platformSpec.azure
@@ -291,15 +332,32 @@ Type::
 
 | `apiServerInternalIPs`
 | `array (string)`
-| apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.apiServerInternalIPs will be used. Once set, the list cannot be completely removed (but its second entry can).
+| apiServerInternalIPs are the IP addresses to contact the Kubernetes API
+server that can be used by components inside the cluster, like kubelets
+using the infrastructure rather than Kubernetes networking. These are the
+IPs for a self-hosted load balancer in front of the API servers.
+In dual stack clusters this list contains two IP addresses, one from IPv4
+family and one from IPv6.
+In single stack clusters a single IP address is expected.
+When omitted, values from the status.apiServerInternalIPs will be used.
+Once set, the list cannot be completely removed (but its second entry can).
 
 | `ingressIPs`
 | `array (string)`
-| ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.ingressIPs will be used. Once set, the list cannot be completely removed (but its second entry can).
+| ingressIPs are the external IPs which route to the default ingress
+controller. The IPs are suitable targets of a wildcard DNS record used to
+resolve default route host names.
+In dual stack clusters this list contains two IP addresses, one from IPv4
+family and one from IPv6.
+In single stack clusters a single IP address is expected.
+When omitted, values from the status.ingressIPs will be used.
+Once set, the list cannot be completely removed (but its second entry can).
 
 | `machineNetworks`
 | `array (string)`
-| machineNetworks are IP networks used to connect all the OpenShift cluster nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6, for example "10.0.0.0/8" or "fd00::/8".
+| machineNetworks are IP networks used to connect all the OpenShift cluster
+nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6,
+for example "10.0.0.0/8" or "fd00::/8".
 
 |===
 === .spec.platformSpec.equinixMetal
@@ -319,7 +377,8 @@ Type::
 Description::
 +
 --
-ExternalPlatformType represents generic infrastructure provider. Platform-specific components should be supplemented separately.
+ExternalPlatformType represents generic infrastructure provider.
+Platform-specific components should be supplemented separately.
 --
 
 Type::
@@ -334,7 +393,8 @@ Type::
 
 | `platformName`
 | `string`
-| PlatformName holds the arbitrary string representing the infrastructure provider name, expected to be set at the installation time. This field is solely for informational and reporting purposes and is not expected to be used for decision-making.
+| PlatformName holds the arbitrary string representing the infrastructure provider name, expected to be set at the installation time.
+This field is solely for informational and reporting purposes and is not expected to be used for decision-making.
 
 |===
 === .spec.platformSpec.gcp
@@ -398,7 +458,9 @@ Required::
 
 | `failureDomains`
 | `array`
-| failureDomains configures failure domains information for the Nutanix platform. When set, the failure domains defined here may be used to spread Machines across prism element clusters to improve fault tolerance of the cluster.
+| failureDomains configures failure domains information for the Nutanix platform.
+When set, the failure domains defined here may be used to spread Machines across
+prism element clusters to improve fault tolerance of the cluster.
 
 | `failureDomains[]`
 | `object`
@@ -406,11 +468,18 @@ Required::
 
 | `prismCentral`
 | `object`
-| prismCentral holds the endpoint address and port to access the Nutanix Prism Central. When a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy. Should you wish for communication with this endpoint not to be proxied, please add the endpoint to the proxy spec.noProxy list.
+| prismCentral holds the endpoint address and port to access the Nutanix Prism Central.
+When a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy.
+Should you wish for communication with this endpoint not to be proxied, please add the endpoint to the
+proxy spec.noProxy list.
 
 | `prismElements`
 | `array`
-| prismElements holds one or more endpoint address and port data to access the Nutanix Prism Elements (clusters) of the Nutanix Prism Central. Currently we only support one Prism Element (cluster) for an OpenShift cluster, where all the Nutanix resources (VMs, subnets, volumes, etc.) used in the OpenShift cluster are located. In the future, we may support Nutanix resources (VMs, etc.) spread over multiple Prism Elements (clusters) of the Prism Central.
+| prismElements holds one or more endpoint address and port data to access the Nutanix
+Prism Elements (clusters) of the Nutanix Prism Central. Currently we only support one
+Prism Element (cluster) for an OpenShift cluster, where all the Nutanix resources (VMs, subnets, volumes, etc.)
+used in the OpenShift cluster are located. In the future, we may support Nutanix resources (VMs, etc.)
+spread over multiple Prism Elements (clusters) of the Prism Central.
 
 | `prismElements[]`
 | `object`
@@ -421,7 +490,9 @@ Required::
 Description::
 +
 --
-failureDomains configures failure domains information for the Nutanix platform. When set, the failure domains defined here may be used to spread Machines across prism element clusters to improve fault tolerance of the cluster.
+failureDomains configures failure domains information for the Nutanix platform.
+When set, the failure domains defined here may be used to spread Machines across
+prism element clusters to improve fault tolerance of the cluster.
 --
 
 Type::
@@ -453,15 +524,24 @@ Required::
 
 | `cluster`
 | `object`
-| cluster is to identify the cluster (the Prism Element under management of the Prism Central), in which the Machine's VM will be created. The cluster identifier (uuid or name) can be obtained from the Prism Central console or using the prism_central API.
+| cluster is to identify the cluster (the Prism Element under management of the Prism Central),
+in which the Machine's VM will be created. The cluster identifier (uuid or name) can be obtained
+from the Prism Central console or using the prism_central API.
 
 | `name`
 | `string`
-| name defines the unique name of a failure domain. Name is required and must be at most 64 characters in length. It must consist of only lower case alphanumeric characters and hyphens (-). It must start and end with an alphanumeric character. This value is arbitrary and is used to identify the failure domain within the platform.
+| name defines the unique name of a failure domain.
+Name is required and must be at most 64 characters in length.
+It must consist of only lower case alphanumeric characters and hyphens (-).
+It must start and end with an alphanumeric character.
+This value is arbitrary and is used to identify the failure domain within the platform.
 
 | `subnets`
 | `array`
-| subnets holds a list of identifiers (one or more) of the cluster's network subnets for the Machine's VM to connect to. The subnet identifiers (uuid or name) can be obtained from the Prism Central console or using the prism_central API.
+| subnets holds a list of identifiers (one or more) of the cluster's network subnets
+If the feature gate NutanixMultiSubnets is enabled, up to 32 subnets may be configured.
+for the Machine's VM to connect to. The subnet identifiers (uuid or name) can be
+obtained from the Prism Central console or using the prism_central API.
 
 | `subnets[]`
 | `object`
@@ -472,7 +552,9 @@ Required::
 Description::
 +
 --
-cluster is to identify the cluster (the Prism Element under management of the Prism Central), in which the Machine's VM will be created. The cluster identifier (uuid or name) can be obtained from the Prism Central console or using the prism_central API.
+cluster is to identify the cluster (the Prism Element under management of the Prism Central),
+in which the Machine's VM will be created. The cluster identifier (uuid or name) can be obtained
+from the Prism Central console or using the prism_central API.
 --
 
 Type::
@@ -504,7 +586,10 @@ Required::
 Description::
 +
 --
-subnets holds a list of identifiers (one or more) of the cluster's network subnets for the Machine's VM to connect to. The subnet identifiers (uuid or name) can be obtained from the Prism Central console or using the prism_central API.
+subnets holds a list of identifiers (one or more) of the cluster's network subnets
+If the feature gate NutanixMultiSubnets is enabled, up to 32 subnets may be configured.
+for the Machine's VM to connect to. The subnet identifiers (uuid or name) can be
+obtained from the Prism Central console or using the prism_central API.
 --
 
 Type::
@@ -549,7 +634,10 @@ Required::
 Description::
 +
 --
-prismCentral holds the endpoint address and port to access the Nutanix Prism Central. When a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy. Should you wish for communication with this endpoint not to be proxied, please add the endpoint to the proxy spec.noProxy list.
+prismCentral holds the endpoint address and port to access the Nutanix Prism Central.
+When a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy.
+Should you wish for communication with this endpoint not to be proxied, please add the endpoint to the
+proxy spec.noProxy list.
 --
 
 Type::
@@ -578,7 +666,11 @@ Required::
 Description::
 +
 --
-prismElements holds one or more endpoint address and port data to access the Nutanix Prism Elements (clusters) of the Nutanix Prism Central. Currently we only support one Prism Element (cluster) for an OpenShift cluster, where all the Nutanix resources (VMs, subnets, volumes, etc.) used in the OpenShift cluster are located. In the future, we may support Nutanix resources (VMs, etc.) spread over multiple Prism Elements (clusters) of the Prism Central.
+prismElements holds one or more endpoint address and port data to access the Nutanix
+Prism Elements (clusters) of the Nutanix Prism Central. Currently we only support one
+Prism Element (cluster) for an OpenShift cluster, where all the Nutanix resources (VMs, subnets, volumes, etc.)
+used in the OpenShift cluster are located. In the future, we may support Nutanix resources (VMs, etc.)
+spread over multiple Prism Elements (clusters) of the Prism Central.
 --
 
 Type::
@@ -609,18 +701,25 @@ Required::
 
 | `endpoint`
 | `object`
-| endpoint holds the endpoint address and port data of the Prism Element (cluster). When a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy. Should you wish for communication with this endpoint not to be proxied, please add the endpoint to the proxy spec.noProxy list.
+| endpoint holds the endpoint address and port data of the Prism Element (cluster).
+When a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy.
+Should you wish for communication with this endpoint not to be proxied, please add the endpoint to the
+proxy spec.noProxy list.
 
 | `name`
 | `string`
-| name is the name of the Prism Element (cluster). This value will correspond with the cluster field configured on other resources (eg Machines, PVCs, etc).
+| name is the name of the Prism Element (cluster). This value will correspond with
+the cluster field configured on other resources (eg Machines, PVCs, etc).
 
 |===
 === .spec.platformSpec.nutanix.prismElements[].endpoint
 Description::
 +
 --
-endpoint holds the endpoint address and port data of the Prism Element (cluster). When a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy. Should you wish for communication with this endpoint not to be proxied, please add the endpoint to the proxy spec.noProxy list.
+endpoint holds the endpoint address and port data of the Prism Element (cluster).
+When a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy.
+Should you wish for communication with this endpoint not to be proxied, please add the endpoint to the
+proxy spec.noProxy list.
 --
 
 Type::
@@ -664,15 +763,32 @@ Type::
 
 | `apiServerInternalIPs`
 | `array (string)`
-| apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.apiServerInternalIPs will be used. Once set, the list cannot be completely removed (but its second entry can).
+| apiServerInternalIPs are the IP addresses to contact the Kubernetes API
+server that can be used by components inside the cluster, like kubelets
+using the infrastructure rather than Kubernetes networking. These are the
+IPs for a self-hosted load balancer in front of the API servers.
+In dual stack clusters this list contains two IP addresses, one from IPv4
+family and one from IPv6.
+In single stack clusters a single IP address is expected.
+When omitted, values from the status.apiServerInternalIPs will be used.
+Once set, the list cannot be completely removed (but its second entry can).
 
 | `ingressIPs`
 | `array (string)`
-| ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.ingressIPs will be used. Once set, the list cannot be completely removed (but its second entry can).
+| ingressIPs are the external IPs which route to the default ingress
+controller. The IPs are suitable targets of a wildcard DNS record used to
+resolve default route host names.
+In dual stack clusters this list contains two IP addresses, one from IPv4
+family and one from IPv6.
+In single stack clusters a single IP address is expected.
+When omitted, values from the status.ingressIPs will be used.
+Once set, the list cannot be completely removed (but its second entry can).
 
 | `machineNetworks`
 | `array (string)`
-| machineNetworks are IP networks used to connect all the OpenShift cluster nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6, for example "10.0.0.0/8" or "fd00::/8".
+| machineNetworks are IP networks used to connect all the OpenShift cluster
+nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6,
+for example "10.0.0.0/8" or "fd00::/8".
 
 |===
 === .spec.platformSpec.ovirt
@@ -707,18 +823,21 @@ Type::
 
 | `serviceEndpoints`
 | `array`
-| serviceEndpoints is a list of custom endpoints which will override the default service endpoints of a Power VS service.
+| serviceEndpoints is a list of custom endpoints which will override the default
+service endpoints of a Power VS service.
 
 | `serviceEndpoints[]`
 | `object`
-| PowervsServiceEndpoint stores the configuration of a custom url to override existing defaults of PowerVS Services.
+| PowervsServiceEndpoint stores the configuration of a custom url to
+override existing defaults of PowerVS Services.
 
 |===
 === .spec.platformSpec.powervs.serviceEndpoints
 Description::
 +
 --
-serviceEndpoints is a list of custom endpoints which will override the default service endpoints of a Power VS service.
+serviceEndpoints is a list of custom endpoints which will override the default
+service endpoints of a Power VS service.
 --
 
 Type::
@@ -731,7 +850,8 @@ Type::
 Description::
 +
 --
-PowervsServiceEndpoint stores the configuration of a custom url to override existing defaults of PowerVS Services.
+PowervsServiceEndpoint stores the configuration of a custom url to
+override existing defaults of PowerVS Services.
 --
 
 Type::
@@ -749,11 +869,17 @@ Required::
 
 | `name`
 | `string`
-| name is the name of the Power VS service. Few of the services are IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller Power Cloud - https://cloud.ibm.com/apidocs/power-cloud
+| name is the name of the Power VS service.
+Few of the services are
+IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api
+ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller
+Power Cloud - https://cloud.ibm.com/apidocs/power-cloud
 
 | `url`
 | `string`
-| url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty.
+| url is fully qualified URI with scheme https, that overrides the default generated
+endpoint for a client.
+This must be provided and cannot be empty.
 
 |===
 === .spec.platformSpec.vsphere
@@ -775,42 +901,73 @@ Type::
 
 | `apiServerInternalIPs`
 | `array (string)`
-| apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.apiServerInternalIPs will be used. Once set, the list cannot be completely removed (but its second entry can).
+| apiServerInternalIPs are the IP addresses to contact the Kubernetes API
+server that can be used by components inside the cluster, like kubelets
+using the infrastructure rather than Kubernetes networking. These are the
+IPs for a self-hosted load balancer in front of the API servers.
+In dual stack clusters this list contains two IP addresses, one from IPv4
+family and one from IPv6.
+In single stack clusters a single IP address is expected.
+When omitted, values from the status.apiServerInternalIPs will be used.
+Once set, the list cannot be completely removed (but its second entry can).
 
 | `failureDomains`
 | `array`
-| failureDomains contains the definition of region, zone and the vCenter topology. If this is omitted failure domains (regions and zones) will not be used.
+| failureDomains contains the definition of region, zone and the vCenter topology.
+If this is omitted failure domains (regions and zones) will not be used.
 
 | `failureDomains[]`
 | `object`
-| VSpherePlatformFailureDomainSpec holds the region and zone failure domain and the vCenter topology of that failure domain.
+| VSpherePlatformFailureDomainSpec holds the region and zone failure domain and
+the vCenter topology of that failure domain.
 
 | `ingressIPs`
 | `array (string)`
-| ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.ingressIPs will be used. Once set, the list cannot be completely removed (but its second entry can).
+| ingressIPs are the external IPs which route to the default ingress
+controller. The IPs are suitable targets of a wildcard DNS record used to
+resolve default route host names.
+In dual stack clusters this list contains two IP addresses, one from IPv4
+family and one from IPv6.
+In single stack clusters a single IP address is expected.
+When omitted, values from the status.ingressIPs will be used.
+Once set, the list cannot be completely removed (but its second entry can).
 
 | `machineNetworks`
 | `array (string)`
-| machineNetworks are IP networks used to connect all the OpenShift cluster nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6, for example "10.0.0.0/8" or "fd00::/8".
+| machineNetworks are IP networks used to connect all the OpenShift cluster
+nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6,
+for example "10.0.0.0/8" or "fd00::/8".
 
 | `nodeNetworking`
 | `object`
-| nodeNetworking contains the definition of internal and external network constraints for assigning the node's networking. If this field is omitted, networking defaults to the legacy address selection behavior which is to only support a single address and return the first one found.
+| nodeNetworking contains the definition of internal and external network constraints for
+assigning the node's networking.
+If this field is omitted, networking defaults to the legacy
+address selection behavior which is to only support a single address and
+return the first one found.
 
 | `vcenters`
 | `array`
-| vcenters holds the connection details for services to communicate with vCenter. Currently, only a single vCenter is supported. ---
+| vcenters holds the connection details for services to communicate with vCenter.
+Currently, only a single vCenter is supported, but in tech preview 3 vCenters are supported.
+Once the cluster has been installed, you are unable to change the current number of defined
+vCenters except in the case where the cluster has been upgraded from a version of OpenShift
+where the vsphere platform spec was not present.  You may make modifications to the existing
+vCenters that are defined in the vcenters list in order to match with any added or modified
+failure domains.
 
 | `vcenters[]`
 | `object`
-| VSpherePlatformVCenterSpec stores the vCenter connection fields. This is used by the vSphere CCM.
+| VSpherePlatformVCenterSpec stores the vCenter connection fields.
+This is used by the vSphere CCM.
 
 |===
 === .spec.platformSpec.vsphere.failureDomains
 Description::
 +
 --
-failureDomains contains the definition of region, zone and the vCenter topology. If this is omitted failure domains (regions and zones) will not be used.
+failureDomains contains the definition of region, zone and the vCenter topology.
+If this is omitted failure domains (regions and zones) will not be used.
 --
 
 Type::
@@ -823,7 +980,8 @@ Type::
 Description::
 +
 --
-VSpherePlatformFailureDomainSpec holds the region and zone failure domain and the vCenter topology of that failure domain.
+VSpherePlatformFailureDomainSpec holds the region and zone failure domain and
+the vCenter topology of that failure domain.
 --
 
 Type::
@@ -844,15 +1002,18 @@ Required::
 
 | `name`
 | `string`
-| name defines the arbitrary but unique name of a failure domain.
+| name defines the arbitrary but unique name
+of a failure domain.
 
 | `region`
 | `string`
-| region defines the name of a region tag that will be attached to a vCenter datacenter. The tag category in vCenter must be named openshift-region.
+| region defines the name of a region tag that will
+be attached to a vCenter datacenter. The tag
+category in vCenter must be named openshift-region.
 
 | `server`
 | `string`
-| server is the fully-qualified domain name or the IP address of the vCenter server. ---
+| server is the fully-qualified domain name or the IP address of the vCenter server.
 
 | `topology`
 | `object`
@@ -860,7 +1021,9 @@ Required::
 
 | `zone`
 | `string`
-| zone defines the name of a zone tag that will be attached to a vCenter cluster. The tag category in vCenter must be named openshift-zone.
+| zone defines the name of a zone tag that will
+be attached to a vCenter cluster. The tag
+category in vCenter must be named openshift-zone.
 
 |===
 === .spec.platformSpec.vsphere.failureDomains[].topology
@@ -887,39 +1050,69 @@ Required::
 
 | `computeCluster`
 | `string`
-| computeCluster the absolute path of the vCenter cluster in which virtual machine will be located. The absolute path is of the form /<datacenter>/host/<cluster>. The maximum length of the path is 2048 characters.
+| computeCluster the absolute path of the vCenter cluster
+in which virtual machine will be located.
+The absolute path is of the form /<datacenter>/host/<cluster>.
+The maximum length of the path is 2048 characters.
 
 | `datacenter`
 | `string`
-| datacenter is the name of vCenter datacenter in which virtual machines will be located. The maximum length of the datacenter name is 80 characters.
+| datacenter is the name of vCenter datacenter in which virtual machines will be located.
+The maximum length of the datacenter name is 80 characters.
 
 | `datastore`
 | `string`
-| datastore is the absolute path of the datastore in which the virtual machine is located. The absolute path is of the form /<datacenter>/datastore/<datastore> The maximum length of the path is 2048 characters.
+| datastore is the absolute path of the datastore in which the
+virtual machine is located.
+The absolute path is of the form /<datacenter>/datastore/<datastore>
+The maximum length of the path is 2048 characters.
 
 | `folder`
 | `string`
-| folder is the absolute path of the folder where virtual machines are located. The absolute path is of the form /<datacenter>/vm/<folder>. The maximum length of the path is 2048 characters.
+| folder is the absolute path of the folder where
+virtual machines are located. The absolute path
+is of the form /<datacenter>/vm/<folder>.
+The maximum length of the path is 2048 characters.
 
 | `networks`
 | `array (string)`
-| networks is the list of port group network names within this failure domain. Currently, we only support a single interface per RHCOS virtual machine. The available networks (port groups) can be listed using `govc ls 'network/*'` The single interface should be the absolute path of the form /<datacenter>/network/<portgroup>.
+| networks is the list of port group network names within this failure domain.
+If feature gate VSphereMultiNetworks is enabled, up to 10 network adapters may be defined.
+10 is the maximum number of virtual network devices which may be attached to a VM as defined by:
+https://configmax.esp.vmware.com/guest?vmwareproduct=vSphere&release=vSphere%208.0&categories=1-0
+The available networks (port groups) can be listed using
+`govc ls 'network/*'`
+Networks should be in the form of an absolute path:
+/<datacenter>/network/<portgroup>.
 
 | `resourcePool`
 | `string`
-| resourcePool is the absolute path of the resource pool where virtual machines will be created. The absolute path is of the form /<datacenter>/host/<cluster>/Resources/<resourcepool>. The maximum length of the path is 2048 characters.
+| resourcePool is the absolute path of the resource pool where virtual machines will be
+created. The absolute path is of the form /<datacenter>/host/<cluster>/Resources/<resourcepool>.
+The maximum length of the path is 2048 characters.
 
 | `template`
 | `string`
-| template is the full inventory path of the virtual machine or template that will be cloned when creating new machines in this failure domain. The maximum length of the path is 2048 characters. 
- When omitted, the template will be calculated by the control plane machineset operator based on the region and zone defined in VSpherePlatformFailureDomainSpec. For example, for zone=zonea, region=region1, and infrastructure name=test, the template path would be calculated as /<datacenter>/vm/test-rhcos-region1-zonea.
+| template is the full inventory path of the virtual machine or template
+that will be cloned when creating new machines in this failure domain.
+The maximum length of the path is 2048 characters.
+
+When omitted, the template will be calculated by the control plane
+machineset operator based on the region and zone defined in
+VSpherePlatformFailureDomainSpec.
+For example, for zone=zonea, region=region1, and infrastructure name=test,
+the template path would be calculated as /<datacenter>/vm/test-rhcos-region1-zonea.
 
 |===
 === .spec.platformSpec.vsphere.nodeNetworking
 Description::
 +
 --
-nodeNetworking contains the definition of internal and external network constraints for assigning the node's networking. If this field is omitted, networking defaults to the legacy address selection behavior which is to only support a single address and return the first one found.
+nodeNetworking contains the definition of internal and external network constraints for
+assigning the node's networking.
+If this field is omitted, networking defaults to the legacy
+address selection behavior which is to only support a single address and
+return the first one found.
 --
 
 Type::
@@ -960,15 +1153,22 @@ Type::
 
 | `excludeNetworkSubnetCidr`
 | `array (string)`
-| excludeNetworkSubnetCidr IP addresses in subnet ranges will be excluded when selecting the IP address from the VirtualMachine's VM for use in the status.addresses fields. ---
+| excludeNetworkSubnetCidr IP addresses in subnet ranges will be excluded when selecting
+the IP address from the VirtualMachine's VM for use in the status.addresses fields.
 
 | `network`
 | `string`
-| network VirtualMachine's VM Network names that will be used to when searching for status.addresses fields. Note that if internal.networkSubnetCIDR and external.networkSubnetCIDR are not set, then the vNIC associated to this network must only have a single IP address assigned to it. The available networks (port groups) can be listed using `govc ls 'network/*'`
+| network VirtualMachine's VM Network names that will be used to when searching
+for status.addresses fields. Note that if internal.networkSubnetCIDR and
+external.networkSubnetCIDR are not set, then the vNIC associated to this network must
+only have a single IP address assigned to it.
+The available networks (port groups) can be listed using
+`govc ls 'network/*'`
 
 | `networkSubnetCidr`
 | `array (string)`
-| networkSubnetCidr IP address on VirtualMachine's network interfaces included in the fields' CIDRs that will be used in respective status.addresses fields. ---
+| networkSubnetCidr IP address on VirtualMachine's network interfaces included in the fields' CIDRs
+that will be used in respective status.addresses fields.
 
 |===
 === .spec.platformSpec.vsphere.nodeNetworking.internal
@@ -990,22 +1190,35 @@ Type::
 
 | `excludeNetworkSubnetCidr`
 | `array (string)`
-| excludeNetworkSubnetCidr IP addresses in subnet ranges will be excluded when selecting the IP address from the VirtualMachine's VM for use in the status.addresses fields. ---
+| excludeNetworkSubnetCidr IP addresses in subnet ranges will be excluded when selecting
+the IP address from the VirtualMachine's VM for use in the status.addresses fields.
 
 | `network`
 | `string`
-| network VirtualMachine's VM Network names that will be used to when searching for status.addresses fields. Note that if internal.networkSubnetCIDR and external.networkSubnetCIDR are not set, then the vNIC associated to this network must only have a single IP address assigned to it. The available networks (port groups) can be listed using `govc ls 'network/*'`
+| network VirtualMachine's VM Network names that will be used to when searching
+for status.addresses fields. Note that if internal.networkSubnetCIDR and
+external.networkSubnetCIDR are not set, then the vNIC associated to this network must
+only have a single IP address assigned to it.
+The available networks (port groups) can be listed using
+`govc ls 'network/*'`
 
 | `networkSubnetCidr`
 | `array (string)`
-| networkSubnetCidr IP address on VirtualMachine's network interfaces included in the fields' CIDRs that will be used in respective status.addresses fields. ---
+| networkSubnetCidr IP address on VirtualMachine's network interfaces included in the fields' CIDRs
+that will be used in respective status.addresses fields.
 
 |===
 === .spec.platformSpec.vsphere.vcenters
 Description::
 +
 --
-vcenters holds the connection details for services to communicate with vCenter. Currently, only a single vCenter is supported. ---
+vcenters holds the connection details for services to communicate with vCenter.
+Currently, only a single vCenter is supported, but in tech preview 3 vCenters are supported.
+Once the cluster has been installed, you are unable to change the current number of defined
+vCenters except in the case where the cluster has been upgraded from a version of OpenShift
+where the vsphere platform spec was not present.  You may make modifications to the existing
+vCenters that are defined in the vcenters list in order to match with any added or modified
+failure domains.
 --
 
 Type::
@@ -1018,7 +1231,8 @@ Type::
 Description::
 +
 --
-VSpherePlatformVCenterSpec stores the vCenter connection fields. This is used by the vSphere CCM.
+VSpherePlatformVCenterSpec stores the vCenter connection fields.
+This is used by the vSphere CCM.
 --
 
 Type::
@@ -1036,15 +1250,23 @@ Required::
 
 | `datacenters`
 | `array (string)`
-| The vCenter Datacenters in which the RHCOS vm guests are located. This field will be used by the Cloud Controller Manager. Each datacenter listed here should be used within a topology.
+| The vCenter Datacenters in which the RHCOS
+vm guests are located. This field will
+be used by the Cloud Controller Manager.
+Each datacenter listed here should be used within
+a topology.
 
 | `port`
 | `integer`
-| port is the TCP port that will be used to communicate to the vCenter endpoint. When omitted, this means the user has no opinion and it is up to the platform to choose a sensible default, which is subject to change over time.
+| port is the TCP port that will be used to communicate to
+the vCenter endpoint.
+When omitted, this means the user has no opinion and
+it is up to the platform to choose a sensible default,
+which is subject to change over time.
 
 | `server`
 | `string`
-| server is the fully-qualified domain name or the IP address of the vCenter server. ---
+| server is the fully-qualified domain name or the IP address of the vCenter server.
 
 |===
 === .status
@@ -1066,47 +1288,76 @@ Type::
 
 | `apiServerInternalURI`
 | `string`
-| apiServerInternalURL is a valid URI with scheme 'https', address and optionally a port (defaulting to 443).  apiServerInternalURL can be used by components like kubelets, to contact the Kubernetes API server using the infrastructure provider rather than Kubernetes networking.
+| apiServerInternalURL is a valid URI with scheme 'https',
+address and optionally a port (defaulting to 443).  apiServerInternalURL can be used by components
+like kubelets, to contact the Kubernetes API server using the
+infrastructure provider rather than Kubernetes networking.
 
 | `apiServerURL`
 | `string`
-| apiServerURL is a valid URI with scheme 'https', address and optionally a port (defaulting to 443).  apiServerURL can be used by components like the web console to tell users where to find the Kubernetes API.
+| apiServerURL is a valid URI with scheme 'https', address and
+optionally a port (defaulting to 443).  apiServerURL can be used by components like the web console
+to tell users where to find the Kubernetes API.
 
 | `controlPlaneTopology`
 | `string`
-| controlPlaneTopology expresses the expectations for operands that normally run on control nodes. The default is 'HighlyAvailable', which represents the behavior operators have in a "normal" cluster. The 'SingleReplica' mode will be used in single-node deployments and the operators should not configure the operand for highly-available operation The 'External' mode indicates that the control plane is hosted externally to the cluster and that its components are not visible within the cluster.
+| controlPlaneTopology expresses the expectations for operands that normally run on control nodes.
+The default is 'HighlyAvailable', which represents the behavior operators have in a "normal" cluster.
+The 'SingleReplica' mode will be used in single-node deployments
+and the operators should not configure the operand for highly-available operation
+The 'External' mode indicates that the control plane is hosted externally to the cluster and that
+its components are not visible within the cluster.
 
 | `cpuPartitioning`
 | `string`
-| cpuPartitioning expresses if CPU partitioning is a currently enabled feature in the cluster. CPU Partitioning means that this cluster can support partitioning workloads to specific CPU Sets. Valid values are "None" and "AllNodes". When omitted, the default value is "None". The default value of "None" indicates that no nodes will be setup with CPU partitioning. The "AllNodes" value indicates that all nodes have been setup with CPU partitioning, and can then be further configured via the PerformanceProfile API.
+| cpuPartitioning expresses if CPU partitioning is a currently enabled feature in the cluster.
+CPU Partitioning means that this cluster can support partitioning workloads to specific CPU Sets.
+Valid values are "None" and "AllNodes". When omitted, the default value is "None".
+The default value of "None" indicates that no nodes will be setup with CPU partitioning.
+The "AllNodes" value indicates that all nodes have been setup with CPU partitioning,
+and can then be further configured via the PerformanceProfile API.
 
 | `etcdDiscoveryDomain`
 | `string`
-| etcdDiscoveryDomain is the domain used to fetch the SRV records for discovering etcd servers and clients. For more info: https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery deprecated: as of 4.7, this field is no longer set or honored.  It will be removed in a future release.
+| etcdDiscoveryDomain is the domain used to fetch the SRV records for discovering
+etcd servers and clients.
+For more info: https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery
+deprecated: as of 4.7, this field is no longer set or honored.  It will be removed in a future release.
 
 | `infrastructureName`
 | `string`
-| infrastructureName uniquely identifies a cluster with a human friendly name. Once set it should not be changed. Must be of max length 27 and must have only alphanumeric or hyphen characters.
+| infrastructureName uniquely identifies a cluster with a human friendly name.
+Once set it should not be changed. Must be of max length 27 and must have only
+alphanumeric or hyphen characters.
 
 | `infrastructureTopology`
 | `string`
-| infrastructureTopology expresses the expectations for infrastructure services that do not run on control plane nodes, usually indicated by a node selector for a `role` value other than `master`. The default is 'HighlyAvailable', which represents the behavior operators have in a "normal" cluster. The 'SingleReplica' mode will be used in single-node deployments and the operators should not configure the operand for highly-available operation NOTE: External topology mode is not applicable for this field.
+| infrastructureTopology expresses the expectations for infrastructure services that do not run on control
+plane nodes, usually indicated by a node selector for a `role` value
+other than `master`.
+The default is 'HighlyAvailable', which represents the behavior operators have in a "normal" cluster.
+The 'SingleReplica' mode will be used in single-node deployments
+and the operators should not configure the operand for highly-available operation
+NOTE: External topology mode is not applicable for this field.
 
 | `platform`
 | `string`
-| platform is the underlying infrastructure provider for the cluster. 
- Deprecated: Use platformStatus.type instead.
+| platform is the underlying infrastructure provider for the cluster.
+
+Deprecated: Use platformStatus.type instead.
 
 | `platformStatus`
 | `object`
-| platformStatus holds status information specific to the underlying infrastructure provider.
+| platformStatus holds status information specific to the underlying
+infrastructure provider.
 
 |===
 === .status.platformStatus
 Description::
 +
 --
-platformStatus holds status information specific to the underlying infrastructure provider.
+platformStatus holds status information specific to the underlying
+infrastructure provider.
 --
 
 Type::
@@ -1173,8 +1424,17 @@ Type::
 
 | `type`
 | `string`
-| type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are "AWS", "Azure", "BareMetal", "GCP", "Libvirt", "OpenStack", "VSphere", "oVirt", "EquinixMetal", "PowerVS", "AlibabaCloud", "Nutanix" and "None". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform. 
- This value will be synced with to the `status.platform` and `status.platformStatus.type`. Currently this value cannot be changed once set.
+| type is the underlying infrastructure provider for the cluster. This
+value controls whether infrastructure automation such as service load
+balancers, dynamic volume provisioning, machine creation and deletion, and
+other integrations are enabled. If None, no infrastructure automation is
+enabled. Allowed values are "AWS", "Azure", "BareMetal", "GCP", "Libvirt",
+"OpenStack", "VSphere", "oVirt", "EquinixMetal", "PowerVS", "AlibabaCloud", "Nutanix" and "None".
+Individual components may not support all platforms, and must handle
+unrecognized platforms as None if they do not support that platform.
+
+This value will be synced with to the `status.platform` and `status.platformStatus.type`.
+Currently this value cannot be changed once set.
 
 | `vsphere`
 | `object`
@@ -1282,7 +1542,10 @@ Type::
 
 | `resourceTags`
 | `array`
-| resourceTags is a list of additional tags to apply to AWS resources created for the cluster. See https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html for information on tagging AWS resources. AWS supports a maximum of 50 tags per resource. OpenShift reserves 25 tags for its use, leaving 25 tags available for the user.
+| resourceTags is a list of additional tags to apply to AWS resources created for the cluster.
+See https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html for information on tagging AWS resources.
+AWS supports a maximum of 50 tags per resource. OpenShift reserves 25 tags for its use, leaving 25 tags
+available for the user.
 
 | `resourceTags[]`
 | `object`
@@ -1290,18 +1553,24 @@ Type::
 
 | `serviceEndpoints`
 | `array`
-| ServiceEndpoints list contains custom endpoints which will override default service endpoint of AWS Services. There must be only one ServiceEndpoint for a service.
+| ServiceEndpoints list contains custom endpoints which will override default
+service endpoint of AWS Services.
+There must be only one ServiceEndpoint for a service.
 
 | `serviceEndpoints[]`
 | `object`
-| AWSServiceEndpoint store the configuration of a custom url to override existing defaults of AWS Services.
+| AWSServiceEndpoint store the configuration of a custom url to
+override existing defaults of AWS Services.
 
 |===
 === .status.platformStatus.aws.resourceTags
 Description::
 +
 --
-resourceTags is a list of additional tags to apply to AWS resources created for the cluster. See https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html for information on tagging AWS resources. AWS supports a maximum of 50 tags per resource. OpenShift reserves 25 tags for its use, leaving 25 tags available for the user.
+resourceTags is a list of additional tags to apply to AWS resources created for the cluster.
+See https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html for information on tagging AWS resources.
+AWS supports a maximum of 50 tags per resource. OpenShift reserves 25 tags for its use, leaving 25 tags
+available for the user.
 --
 
 Type::
@@ -1336,14 +1605,18 @@ Required::
 
 | `value`
 | `string`
-| value is the value of the tag. Some AWS service do not support empty values. Since tags are added to resources in many services, the length of the tag value must meet the requirements of all services.
+| value is the value of the tag.
+Some AWS service do not support empty values. Since tags are added to resources in many services, the
+length of the tag value must meet the requirements of all services.
 
 |===
 === .status.platformStatus.aws.serviceEndpoints
 Description::
 +
 --
-ServiceEndpoints list contains custom endpoints which will override default service endpoint of AWS Services. There must be only one ServiceEndpoint for a service.
+ServiceEndpoints list contains custom endpoints which will override default
+service endpoint of AWS Services.
+There must be only one ServiceEndpoint for a service.
 --
 
 Type::
@@ -1356,7 +1629,8 @@ Type::
 Description::
 +
 --
-AWSServiceEndpoint store the configuration of a custom url to override existing defaults of AWS Services.
+AWSServiceEndpoint store the configuration of a custom url to
+override existing defaults of AWS Services.
 --
 
 Type::
@@ -1371,11 +1645,15 @@ Type::
 
 | `name`
 | `string`
-| name is the name of the AWS service. The list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html This must be provided and cannot be empty.
+| name is the name of the AWS service.
+The list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html
+This must be provided and cannot be empty.
 
 | `url`
 | `string`
-| url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty.
+| url is fully qualified URI with scheme https, that overrides the default generated
+endpoint for a client.
+This must be provided and cannot be empty.
 
 |===
 === .status.platformStatus.azure
@@ -1401,11 +1679,14 @@ Type::
 
 | `cloudName`
 | `string`
-| cloudName is the name of the Azure cloud environment which can be used to configure the Azure SDK with the appropriate Azure API endpoints. If empty, the value is equal to `AzurePublicCloud`.
+| cloudName is the name of the Azure cloud environment which can be used to configure the Azure SDK
+with the appropriate Azure API endpoints.
+If empty, the value is equal to `AzurePublicCloud`.
 
 | `networkResourceGroupName`
 | `string`
-| networkResourceGroupName is the Resource Group for network resources like the Virtual Network and Subnets used by the cluster. If empty, the value is same as ResourceGroupName.
+| networkResourceGroupName is the Resource Group for network resources like the Virtual Network and Subnets used by the cluster.
+If empty, the value is same as ResourceGroupName.
 
 | `resourceGroupName`
 | `string`
@@ -1413,7 +1694,10 @@ Type::
 
 | `resourceTags`
 | `array`
-| resourceTags is a list of additional tags to apply to Azure resources created for the cluster. See https://docs.microsoft.com/en-us/rest/api/resources/tags for information on tagging Azure resources. Due to limitations on Automation, Content Delivery Network, DNS Azure resources, a maximum of 15 tags may be applied. OpenShift reserves 5 tags for internal use, allowing 10 tags for user configuration.
+| resourceTags is a list of additional tags to apply to Azure resources created for the cluster.
+See https://docs.microsoft.com/en-us/rest/api/resources/tags for information on tagging Azure resources.
+Due to limitations on Automation, Content Delivery Network, DNS Azure resources, a maximum of 15 tags
+may be applied. OpenShift reserves 5 tags for internal use, allowing 10 tags for user configuration.
 
 | `resourceTags[]`
 | `object`
@@ -1424,7 +1708,10 @@ Type::
 Description::
 +
 --
-resourceTags is a list of additional tags to apply to Azure resources created for the cluster. See https://docs.microsoft.com/en-us/rest/api/resources/tags for information on tagging Azure resources. Due to limitations on Automation, Content Delivery Network, DNS Azure resources, a maximum of 15 tags may be applied. OpenShift reserves 5 tags for internal use, allowing 10 tags for user configuration.
+resourceTags is a list of additional tags to apply to Azure resources created for the cluster.
+See https://docs.microsoft.com/en-us/rest/api/resources/tags for information on tagging Azure resources.
+Due to limitations on Automation, Content Delivery Network, DNS Azure resources, a maximum of 15 tags
+may be applied. OpenShift reserves 5 tags for internal use, allowing 10 tags for user configuration.
 --
 
 Type::
@@ -1455,11 +1742,14 @@ Required::
 
 | `key`
 | `string`
-| key is the key part of the tag. A tag key can have a maximum of 128 characters and cannot be empty. Key must begin with a letter, end with a letter, number or underscore, and must contain only alphanumeric characters and the following special characters `_ . -`.
+| key is the key part of the tag. A tag key can have a maximum of 128 characters and cannot be empty. Key
+must begin with a letter, end with a letter, number or underscore, and must contain only alphanumeric
+characters and the following special characters `_ . -`.
 
 | `value`
 | `string`
-| value is the value part of the tag. A tag value can have a maximum of 256 characters and cannot be empty. Value must contain only alphanumeric characters and the following special characters `_ + , - . / : ; < = > ? @`.
+| value is the value part of the tag. A tag value can have a maximum of 256 characters and cannot be empty. Value
+must contain only alphanumeric characters and the following special characters `_ + , - . / : ; < = > ? @`.
 
 |===
 === .status.platformStatus.baremetal
@@ -1481,21 +1771,34 @@ Type::
 
 | `apiServerInternalIP`
 | `string`
-| apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. 
- Deprecated: Use APIServerInternalIPs instead.
+| apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used
+by components inside the cluster, like kubelets using the infrastructure rather
+than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI
+points to. It is the IP for a self-hosted load balancer in front of the API servers.
+
+Deprecated: Use APIServerInternalIPs instead.
 
 | `apiServerInternalIPs`
 | `array (string)`
-| apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one.
+| apiServerInternalIPs are the IP addresses to contact the Kubernetes API
+server that can be used by components inside the cluster, like kubelets
+using the infrastructure rather than Kubernetes networking. These are the
+IPs for a self-hosted load balancer in front of the API servers. In dual
+stack clusters this list contains two IPs otherwise only one.
 
 | `ingressIP`
 | `string`
-| ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. 
- Deprecated: Use IngressIPs instead.
+| ingressIP is an external IP which routes to the default ingress controller.
+The IP is a suitable target of a wildcard DNS record used to resolve default route host names.
+
+Deprecated: Use IngressIPs instead.
 
 | `ingressIPs`
 | `array (string)`
-| ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.
+| ingressIPs are the external IPs which route to the default ingress
+controller. The IPs are suitable targets of a wildcard DNS record used to
+resolve default route host names. In dual stack clusters this list
+contains two IPs otherwise only one.
 
 | `loadBalancer`
 | `object`
@@ -1507,7 +1810,12 @@ Type::
 
 | `nodeDNSIP`
 | `string`
-| nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for BareMetal deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster.
+| nodeDNSIP is the IP address for the internal DNS used by the
+nodes. Unlike the one managed by the DNS operator, `NodeDNSIP`
+provides name resolution for the nodes themselves. There is no DNS-as-a-service for
+BareMetal deployments. In order to minimize necessary changes to the
+datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames
+to the nodes in the cluster.
 
 |===
 === .status.platformStatus.baremetal.loadBalancer
@@ -1529,7 +1837,15 @@ Type::
 
 | `type`
 | `string`
-| type defines the type of load balancer used by the cluster on BareMetal platform which can be a user-managed or openshift-managed load balancer that is to be used for the OpenShift API and Ingress endpoints. When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing defined in the machine config operator will be deployed. When set to UserManaged these static pods will not be deployed and it is expected that the load balancer is configured out of band by the deployer. When omitted, this means no opinion and the platform is left to choose a reasonable default. The default value is OpenShiftManagedDefault.
+| type defines the type of load balancer used by the cluster on BareMetal platform
+which can be a user-managed or openshift-managed load balancer
+that is to be used for the OpenShift API and Ingress endpoints.
+When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing
+defined in the machine config operator will be deployed.
+When set to UserManaged these static pods will not be deployed and it is expected that
+the load balancer is configured out of band by the deployer.
+When omitted, this means no opinion and the platform is left to choose a reasonable default.
+The default value is OpenShiftManagedDefault.
 
 |===
 === .status.platformStatus.equinixMetal
@@ -1551,11 +1867,15 @@ Type::
 
 | `apiServerInternalIP`
 | `string`
-| apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.
+| apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used
+by components inside the cluster, like kubelets using the infrastructure rather
+than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI
+points to. It is the IP for a self-hosted load balancer in front of the API servers.
 
 | `ingressIP`
 | `string`
-| ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.
+| ingressIP is an external IP which routes to the default ingress controller.
+The IP is a suitable target of a wildcard DNS record used to resolve default route host names.
 
 |===
 === .status.platformStatus.external
@@ -1577,14 +1897,18 @@ Type::
 
 | `cloudControllerManager`
 | `object`
-| cloudControllerManager contains settings specific to the external Cloud Controller Manager (a.k.a. CCM or CPI). When omitted, new nodes will be not tainted and no extra initialization from the cloud controller manager is expected.
+| cloudControllerManager contains settings specific to the external Cloud Controller Manager (a.k.a. CCM or CPI).
+When omitted, new nodes will be not tainted
+and no extra initialization from the cloud controller manager is expected.
 
 |===
 === .status.platformStatus.external.cloudControllerManager
 Description::
 +
 --
-cloudControllerManager contains settings specific to the external Cloud Controller Manager (a.k.a. CCM or CPI). When omitted, new nodes will be not tainted and no extra initialization from the cloud controller manager is expected.
+cloudControllerManager contains settings specific to the external Cloud Controller Manager (a.k.a. CCM or CPI).
+When omitted, new nodes will be not tainted
+and no extra initialization from the cloud controller manager is expected.
 --
 
 Type::
@@ -1599,8 +1923,15 @@ Type::
 
 | `state`
 | `string`
-| state determines whether or not an external Cloud Controller Manager is expected to be installed within the cluster. https://kubernetes.io/docs/tasks/administer-cluster/running-cloud-controller/#running-cloud-controller-manager 
- Valid values are "External", "None" and omitted. When set to "External", new nodes will be tainted as uninitialized when created, preventing them from running workloads until they are initialized by the cloud controller manager. When omitted or set to "None", new nodes will be not tainted and no extra initialization from the cloud controller manager is expected.
+| state determines whether or not an external Cloud Controller Manager is expected to
+be installed within the cluster.
+https://kubernetes.io/docs/tasks/administer-cluster/running-cloud-controller/#running-cloud-controller-manager
+
+Valid values are "External", "None" and omitted.
+When set to "External", new nodes will be tainted as uninitialized when created,
+preventing them from running workloads until they are initialized by the cloud controller manager.
+When omitted or set to "None", new nodes will be not tainted
+and no extra initialization from the cloud controller manager is expected.
 
 |===
 === .status.platformStatus.gcp
@@ -1630,7 +1961,10 @@ Type::
 
 | `resourceLabels`
 | `array`
-| resourceLabels is a list of additional labels to apply to GCP resources created for the cluster. See https://cloud.google.com/compute/docs/labeling-resources for information on labeling GCP resources. GCP supports a maximum of 64 labels per resource. OpenShift reserves 32 labels for internal use, allowing 32 labels for user configuration.
+| resourceLabels is a list of additional labels to apply to GCP resources created for the cluster.
+See https://cloud.google.com/compute/docs/labeling-resources for information on labeling GCP resources.
+GCP supports a maximum of 64 labels per resource. OpenShift reserves 32 labels for internal use,
+allowing 32 labels for user configuration.
 
 | `resourceLabels[]`
 | `object`
@@ -1638,7 +1972,9 @@ Type::
 
 | `resourceTags`
 | `array`
-| resourceTags is a list of additional tags to apply to GCP resources created for the cluster. See https://cloud.google.com/resource-manager/docs/tags/tags-overview for information on tagging GCP resources. GCP supports a maximum of 50 tags per resource.
+| resourceTags is a list of additional tags to apply to GCP resources created for the cluster.
+See https://cloud.google.com/resource-manager/docs/tags/tags-overview for information on
+tagging GCP resources. GCP supports a maximum of 50 tags per resource.
 
 | `resourceTags[]`
 | `object`
@@ -1649,7 +1985,10 @@ Type::
 Description::
 +
 --
-resourceLabels is a list of additional labels to apply to GCP resources created for the cluster. See https://cloud.google.com/compute/docs/labeling-resources for information on labeling GCP resources. GCP supports a maximum of 64 labels per resource. OpenShift reserves 32 labels for internal use, allowing 32 labels for user configuration.
+resourceLabels is a list of additional labels to apply to GCP resources created for the cluster.
+See https://cloud.google.com/compute/docs/labeling-resources for information on labeling GCP resources.
+GCP supports a maximum of 64 labels per resource. OpenShift reserves 32 labels for internal use,
+allowing 32 labels for user configuration.
 --
 
 Type::
@@ -1680,18 +2019,24 @@ Required::
 
 | `key`
 | `string`
-| key is the key part of the label. A label key can have a maximum of 63 characters and cannot be empty. Label key must begin with a lowercase letter, and must contain only lowercase letters, numeric characters, and the following special characters `_-`. Label key must not have the reserved prefixes `kubernetes-io` and `openshift-io`.
+| key is the key part of the label. A label key can have a maximum of 63 characters and cannot be empty.
+Label key must begin with a lowercase letter, and must contain only lowercase letters, numeric characters,
+and the following special characters `_-`. Label key must not have the reserved prefixes `kubernetes-io`
+and `openshift-io`.
 
 | `value`
 | `string`
-| value is the value part of the label. A label value can have a maximum of 63 characters and cannot be empty. Value must contain only lowercase letters, numeric characters, and the following special characters `_-`.
+| value is the value part of the label. A label value can have a maximum of 63 characters and cannot be empty.
+Value must contain only lowercase letters, numeric characters, and the following special characters `_-`.
 
 |===
 === .status.platformStatus.gcp.resourceTags
 Description::
 +
 --
-resourceTags is a list of additional tags to apply to GCP resources created for the cluster. See https://cloud.google.com/resource-manager/docs/tags/tags-overview for information on tagging GCP resources. GCP supports a maximum of 50 tags per resource.
+resourceTags is a list of additional tags to apply to GCP resources created for the cluster.
+See https://cloud.google.com/resource-manager/docs/tags/tags-overview for information on
+tagging GCP resources. GCP supports a maximum of 50 tags per resource.
 --
 
 Type::
@@ -1723,15 +2068,25 @@ Required::
 
 | `key`
 | `string`
-| key is the key part of the tag. A tag key can have a maximum of 63 characters and cannot be empty. Tag key must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `._-`.
+| key is the key part of the tag. A tag key can have a maximum of 63 characters and cannot be empty.
+Tag key must begin and end with an alphanumeric character, and must contain only uppercase, lowercase
+alphanumeric characters, and the following special characters `._-`.
 
 | `parentID`
 | `string`
-| parentID is the ID of the hierarchical resource where the tags are defined, e.g. at the Organization or the Project level. To find the Organization or Project ID refer to the following pages: https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id, https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects. An OrganizationID must consist of decimal numbers, and cannot have leading zeroes. A ProjectID must be 6 to 30 characters in length, can only contain lowercase letters, numbers, and hyphens, and must start with a letter, and cannot end with a hyphen.
+| parentID is the ID of the hierarchical resource where the tags are defined,
+e.g. at the Organization or the Project level. To find the Organization or Project ID refer to the following pages:
+https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id,
+https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects.
+An OrganizationID must consist of decimal numbers, and cannot have leading zeroes.
+A ProjectID must be 6 to 30 characters in length, can only contain lowercase letters, numbers,
+and hyphens, and must start with a letter, and cannot end with a hyphen.
 
 | `value`
 | `string`
-| value is the value part of the tag. A tag value can have a maximum of 63 characters and cannot be empty. Tag value must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `_-.@%=+:,*#&(){}[]` and spaces.
+| value is the value part of the tag. A tag value can have a maximum of 63 characters and cannot be empty.
+Tag value must begin and end with an alphanumeric character, and must contain only uppercase, lowercase
+alphanumeric characters, and the following special characters `_-.@%=+:,*#&(){}[]` and spaces.
 
 |===
 === .status.platformStatus.ibmcloud
@@ -1753,11 +2108,13 @@ Type::
 
 | `cisInstanceCRN`
 | `string`
-| CISInstanceCRN is the CRN of the Cloud Internet Services instance managing the DNS zone for the cluster's base domain
+| CISInstanceCRN is the CRN of the Cloud Internet Services instance managing
+the DNS zone for the cluster's base domain
 
 | `dnsInstanceCRN`
 | `string`
-| DNSInstanceCRN is the CRN of the DNS Services instance managing the DNS zone for the cluster's base domain
+| DNSInstanceCRN is the CRN of the DNS Services instance managing the DNS zone
+for the cluster's base domain
 
 | `location`
 | `string`
@@ -1773,18 +2130,23 @@ Type::
 
 | `serviceEndpoints`
 | `array`
-| serviceEndpoints is a list of custom endpoints which will override the default service endpoints of an IBM Cloud service. These endpoints are consumed by components within the cluster to reach the respective IBM Cloud Services.
+| serviceEndpoints is a list of custom endpoints which will override the default
+service endpoints of an IBM Cloud service. These endpoints are consumed by
+components within the cluster to reach the respective IBM Cloud Services.
 
 | `serviceEndpoints[]`
 | `object`
-| IBMCloudServiceEndpoint stores the configuration of a custom url to override existing defaults of IBM Cloud Services.
+| IBMCloudServiceEndpoint stores the configuration of a custom url to
+override existing defaults of IBM Cloud Services.
 
 |===
 === .status.platformStatus.ibmcloud.serviceEndpoints
 Description::
 +
 --
-serviceEndpoints is a list of custom endpoints which will override the default service endpoints of an IBM Cloud service. These endpoints are consumed by components within the cluster to reach the respective IBM Cloud Services.
+serviceEndpoints is a list of custom endpoints which will override the default
+service endpoints of an IBM Cloud service. These endpoints are consumed by
+components within the cluster to reach the respective IBM Cloud Services.
 --
 
 Type::
@@ -1797,7 +2159,8 @@ Type::
 Description::
 +
 --
-IBMCloudServiceEndpoint stores the configuration of a custom url to override existing defaults of IBM Cloud Services.
+IBMCloudServiceEndpoint stores the configuration of a custom url to
+override existing defaults of IBM Cloud Services.
 --
 
 Type::
@@ -1815,11 +2178,18 @@ Required::
 
 | `name`
 | `string`
-| name is the name of the IBM Cloud service. Possible values are: CIS, COS, COSConfig, DNSServices, GlobalCatalog, GlobalSearch, GlobalTagging, HyperProtect, IAM, KeyProtect, ResourceController, ResourceManager, or VPC. For example, the IBM Cloud Private IAM service could be configured with the service `name` of `IAM` and `url` of `https://private.iam.cloud.ibm.com` Whereas the IBM Cloud Private VPC service for US South (Dallas) could be configured with the service `name` of `VPC` and `url` of `https://us.south.private.iaas.cloud.ibm.com`
+| name is the name of the IBM Cloud service.
+Possible values are: CIS, COS, COSConfig, DNSServices, GlobalCatalog, GlobalSearch, GlobalTagging, HyperProtect, IAM, KeyProtect, ResourceController, ResourceManager, or VPC.
+For example, the IBM Cloud Private IAM service could be configured with the
+service `name` of `IAM` and `url` of `https://private.iam.cloud.ibm.com`
+Whereas the IBM Cloud Private VPC service for US South (Dallas) could be configured
+with the service `name` of `VPC` and `url` of `https://us.south.private.iaas.cloud.ibm.com`
 
 | `url`
 | `string`
-| url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty.
+| url is fully qualified URI with scheme https, that overrides the default generated
+endpoint for a client.
+This must be provided and cannot be empty.
 
 |===
 === .status.platformStatus.kubevirt
@@ -1841,11 +2211,15 @@ Type::
 
 | `apiServerInternalIP`
 | `string`
-| apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.
+| apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used
+by components inside the cluster, like kubelets using the infrastructure rather
+than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI
+points to. It is the IP for a self-hosted load balancer in front of the API servers.
 
 | `ingressIP`
 | `string`
-| ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.
+| ingressIP is an external IP which routes to the default ingress controller.
+The IP is a suitable target of a wildcard DNS record used to resolve default route host names.
 
 |===
 === .status.platformStatus.nutanix
@@ -1867,21 +2241,34 @@ Type::
 
 | `apiServerInternalIP`
 | `string`
-| apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. 
- Deprecated: Use APIServerInternalIPs instead.
+| apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used
+by components inside the cluster, like kubelets using the infrastructure rather
+than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI
+points to. It is the IP for a self-hosted load balancer in front of the API servers.
+
+Deprecated: Use APIServerInternalIPs instead.
 
 | `apiServerInternalIPs`
 | `array (string)`
-| apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one.
+| apiServerInternalIPs are the IP addresses to contact the Kubernetes API
+server that can be used by components inside the cluster, like kubelets
+using the infrastructure rather than Kubernetes networking. These are the
+IPs for a self-hosted load balancer in front of the API servers. In dual
+stack clusters this list contains two IPs otherwise only one.
 
 | `ingressIP`
 | `string`
-| ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. 
- Deprecated: Use IngressIPs instead.
+| ingressIP is an external IP which routes to the default ingress controller.
+The IP is a suitable target of a wildcard DNS record used to resolve default route host names.
+
+Deprecated: Use IngressIPs instead.
 
 | `ingressIPs`
 | `array (string)`
-| ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.
+| ingressIPs are the external IPs which route to the default ingress
+controller. The IPs are suitable targets of a wildcard DNS record used to
+resolve default route host names. In dual stack clusters this list
+contains two IPs otherwise only one.
 
 | `loadBalancer`
 | `object`
@@ -1907,7 +2294,15 @@ Type::
 
 | `type`
 | `string`
-| type defines the type of load balancer used by the cluster on Nutanix platform which can be a user-managed or openshift-managed load balancer that is to be used for the OpenShift API and Ingress endpoints. When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing defined in the machine config operator will be deployed. When set to UserManaged these static pods will not be deployed and it is expected that the load balancer is configured out of band by the deployer. When omitted, this means no opinion and the platform is left to choose a reasonable default. The default value is OpenShiftManagedDefault.
+| type defines the type of load balancer used by the cluster on Nutanix platform
+which can be a user-managed or openshift-managed load balancer
+that is to be used for the OpenShift API and Ingress endpoints.
+When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing
+defined in the machine config operator will be deployed.
+When set to UserManaged these static pods will not be deployed and it is expected that
+the load balancer is configured out of band by the deployer.
+When omitted, this means no opinion and the platform is left to choose a reasonable default.
+The default value is OpenShiftManagedDefault.
 
 |===
 === .status.platformStatus.openstack
@@ -1929,25 +2324,39 @@ Type::
 
 | `apiServerInternalIP`
 | `string`
-| apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. 
- Deprecated: Use APIServerInternalIPs instead.
+| apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used
+by components inside the cluster, like kubelets using the infrastructure rather
+than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI
+points to. It is the IP for a self-hosted load balancer in front of the API servers.
+
+Deprecated: Use APIServerInternalIPs instead.
 
 | `apiServerInternalIPs`
 | `array (string)`
-| apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one.
+| apiServerInternalIPs are the IP addresses to contact the Kubernetes API
+server that can be used by components inside the cluster, like kubelets
+using the infrastructure rather than Kubernetes networking. These are the
+IPs for a self-hosted load balancer in front of the API servers. In dual
+stack clusters this list contains two IPs otherwise only one.
 
 | `cloudName`
 | `string`
-| cloudName is the name of the desired OpenStack cloud in the client configuration file (`clouds.yaml`).
+| cloudName is the name of the desired OpenStack cloud in the
+client configuration file (`clouds.yaml`).
 
 | `ingressIP`
 | `string`
-| ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. 
- Deprecated: Use IngressIPs instead.
+| ingressIP is an external IP which routes to the default ingress controller.
+The IP is a suitable target of a wildcard DNS record used to resolve default route host names.
+
+Deprecated: Use IngressIPs instead.
 
 | `ingressIPs`
 | `array (string)`
-| ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.
+| ingressIPs are the external IPs which route to the default ingress
+controller. The IPs are suitable targets of a wildcard DNS record used to
+resolve default route host names. In dual stack clusters this list
+contains two IPs otherwise only one.
 
 | `loadBalancer`
 | `object`
@@ -1959,7 +2368,12 @@ Type::
 
 | `nodeDNSIP`
 | `string`
-| nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for OpenStack deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster.
+| nodeDNSIP is the IP address for the internal DNS used by the
+nodes. Unlike the one managed by the DNS operator, `NodeDNSIP`
+provides name resolution for the nodes themselves. There is no DNS-as-a-service for
+OpenStack deployments. In order to minimize necessary changes to the
+datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames
+to the nodes in the cluster.
 
 |===
 === .status.platformStatus.openstack.loadBalancer
@@ -1981,7 +2395,15 @@ Type::
 
 | `type`
 | `string`
-| type defines the type of load balancer used by the cluster on OpenStack platform which can be a user-managed or openshift-managed load balancer that is to be used for the OpenShift API and Ingress endpoints. When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing defined in the machine config operator will be deployed. When set to UserManaged these static pods will not be deployed and it is expected that the load balancer is configured out of band by the deployer. When omitted, this means no opinion and the platform is left to choose a reasonable default. The default value is OpenShiftManagedDefault.
+| type defines the type of load balancer used by the cluster on OpenStack platform
+which can be a user-managed or openshift-managed load balancer
+that is to be used for the OpenShift API and Ingress endpoints.
+When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing
+defined in the machine config operator will be deployed.
+When set to UserManaged these static pods will not be deployed and it is expected that
+the load balancer is configured out of band by the deployer.
+When omitted, this means no opinion and the platform is left to choose a reasonable default.
+The default value is OpenShiftManagedDefault.
 
 |===
 === .status.platformStatus.ovirt
@@ -2003,21 +2425,34 @@ Type::
 
 | `apiServerInternalIP`
 | `string`
-| apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. 
- Deprecated: Use APIServerInternalIPs instead.
+| apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used
+by components inside the cluster, like kubelets using the infrastructure rather
+than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI
+points to. It is the IP for a self-hosted load balancer in front of the API servers.
+
+Deprecated: Use APIServerInternalIPs instead.
 
 | `apiServerInternalIPs`
 | `array (string)`
-| apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one.
+| apiServerInternalIPs are the IP addresses to contact the Kubernetes API
+server that can be used by components inside the cluster, like kubelets
+using the infrastructure rather than Kubernetes networking. These are the
+IPs for a self-hosted load balancer in front of the API servers. In dual
+stack clusters this list contains two IPs otherwise only one.
 
 | `ingressIP`
 | `string`
-| ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. 
- Deprecated: Use IngressIPs instead.
+| ingressIP is an external IP which routes to the default ingress controller.
+The IP is a suitable target of a wildcard DNS record used to resolve default route host names.
+
+Deprecated: Use IngressIPs instead.
 
 | `ingressIPs`
 | `array (string)`
-| ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.
+| ingressIPs are the external IPs which route to the default ingress
+controller. The IPs are suitable targets of a wildcard DNS record used to
+resolve default route host names. In dual stack clusters this list
+contains two IPs otherwise only one.
 
 | `loadBalancer`
 | `object`
@@ -2047,7 +2482,15 @@ Type::
 
 | `type`
 | `string`
-| type defines the type of load balancer used by the cluster on Ovirt platform which can be a user-managed or openshift-managed load balancer that is to be used for the OpenShift API and Ingress endpoints. When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing defined in the machine config operator will be deployed. When set to UserManaged these static pods will not be deployed and it is expected that the load balancer is configured out of band by the deployer. When omitted, this means no opinion and the platform is left to choose a reasonable default. The default value is OpenShiftManagedDefault.
+| type defines the type of load balancer used by the cluster on Ovirt platform
+which can be a user-managed or openshift-managed load balancer
+that is to be used for the OpenShift API and Ingress endpoints.
+When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing
+defined in the machine config operator will be deployed.
+When set to UserManaged these static pods will not be deployed and it is expected that
+the load balancer is configured out of band by the deployer.
+When omitted, this means no opinion and the platform is left to choose a reasonable default.
+The default value is OpenShiftManagedDefault.
 
 |===
 === .status.platformStatus.powervs
@@ -2069,11 +2512,13 @@ Type::
 
 | `cisInstanceCRN`
 | `string`
-| CISInstanceCRN is the CRN of the Cloud Internet Services instance managing the DNS zone for the cluster's base domain
+| CISInstanceCRN is the CRN of the Cloud Internet Services instance managing
+the DNS zone for the cluster's base domain
 
 | `dnsInstanceCRN`
 | `string`
-| DNSInstanceCRN is the CRN of the DNS Services instance managing the DNS zone for the cluster's base domain
+| DNSInstanceCRN is the CRN of the DNS Services instance managing the DNS zone
+for the cluster's base domain
 
 | `region`
 | `string`
@@ -2081,26 +2526,34 @@ Type::
 
 | `resourceGroup`
 | `string`
-| resourceGroup is the resource group name for new IBMCloud resources created for a cluster. The resource group specified here will be used by cluster-image-registry-operator to set up a COS Instance in IBMCloud for the cluster registry. More about resource groups can be found here: https://cloud.ibm.com/docs/account?topic=account-rgs. When omitted, the image registry operator won't be able to configure storage, which results in the image registry cluster operator not being in an available state.
+| resourceGroup is the resource group name for new IBMCloud resources created for a cluster.
+The resource group specified here will be used by cluster-image-registry-operator to set up a COS Instance in IBMCloud for the cluster registry.
+More about resource groups can be found here: https://cloud.ibm.com/docs/account?topic=account-rgs.
+When omitted, the image registry operator won't be able to configure storage,
+which results in the image registry cluster operator not being in an available state.
 
 | `serviceEndpoints`
 | `array`
-| serviceEndpoints is a list of custom endpoints which will override the default service endpoints of a Power VS service.
+| serviceEndpoints is a list of custom endpoints which will override the default
+service endpoints of a Power VS service.
 
 | `serviceEndpoints[]`
 | `object`
-| PowervsServiceEndpoint stores the configuration of a custom url to override existing defaults of PowerVS Services.
+| PowervsServiceEndpoint stores the configuration of a custom url to
+override existing defaults of PowerVS Services.
 
 | `zone`
 | `string`
-| zone holds the default zone for the new Power VS resources created by the cluster. Note: Currently only single-zone OCP clusters are supported
+| zone holds the default zone for the new Power VS resources created by the cluster.
+Note: Currently only single-zone OCP clusters are supported
 
 |===
 === .status.platformStatus.powervs.serviceEndpoints
 Description::
 +
 --
-serviceEndpoints is a list of custom endpoints which will override the default service endpoints of a Power VS service.
+serviceEndpoints is a list of custom endpoints which will override the default
+service endpoints of a Power VS service.
 --
 
 Type::
@@ -2113,7 +2566,8 @@ Type::
 Description::
 +
 --
-PowervsServiceEndpoint stores the configuration of a custom url to override existing defaults of PowerVS Services.
+PowervsServiceEndpoint stores the configuration of a custom url to
+override existing defaults of PowerVS Services.
 --
 
 Type::
@@ -2131,11 +2585,17 @@ Required::
 
 | `name`
 | `string`
-| name is the name of the Power VS service. Few of the services are IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller Power Cloud - https://cloud.ibm.com/apidocs/power-cloud
+| name is the name of the Power VS service.
+Few of the services are
+IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api
+ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller
+Power Cloud - https://cloud.ibm.com/apidocs/power-cloud
 
 | `url`
 | `string`
-| url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty.
+| url is fully qualified URI with scheme https, that overrides the default generated
+endpoint for a client.
+This must be provided and cannot be empty.
 
 |===
 === .status.platformStatus.vsphere
@@ -2157,21 +2617,34 @@ Type::
 
 | `apiServerInternalIP`
 | `string`
-| apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. 
- Deprecated: Use APIServerInternalIPs instead.
+| apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used
+by components inside the cluster, like kubelets using the infrastructure rather
+than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI
+points to. It is the IP for a self-hosted load balancer in front of the API servers.
+
+Deprecated: Use APIServerInternalIPs instead.
 
 | `apiServerInternalIPs`
 | `array (string)`
-| apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one.
+| apiServerInternalIPs are the IP addresses to contact the Kubernetes API
+server that can be used by components inside the cluster, like kubelets
+using the infrastructure rather than Kubernetes networking. These are the
+IPs for a self-hosted load balancer in front of the API servers. In dual
+stack clusters this list contains two IPs otherwise only one.
 
 | `ingressIP`
 | `string`
-| ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. 
- Deprecated: Use IngressIPs instead.
+| ingressIP is an external IP which routes to the default ingress controller.
+The IP is a suitable target of a wildcard DNS record used to resolve default route host names.
+
+Deprecated: Use IngressIPs instead.
 
 | `ingressIPs`
 | `array (string)`
-| ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.
+| ingressIPs are the external IPs which route to the default ingress
+controller. The IPs are suitable targets of a wildcard DNS record used to
+resolve default route host names. In dual stack clusters this list
+contains two IPs otherwise only one.
 
 | `loadBalancer`
 | `object`
@@ -2183,7 +2656,12 @@ Type::
 
 | `nodeDNSIP`
 | `string`
-| nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for vSphere deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster.
+| nodeDNSIP is the IP address for the internal DNS used by the
+nodes. Unlike the one managed by the DNS operator, `NodeDNSIP`
+provides name resolution for the nodes themselves. There is no DNS-as-a-service for
+vSphere deployments. In order to minimize necessary changes to the
+datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames
+to the nodes in the cluster.
 
 |===
 === .status.platformStatus.vsphere.loadBalancer
@@ -2205,7 +2683,15 @@ Type::
 
 | `type`
 | `string`
-| type defines the type of load balancer used by the cluster on VSphere platform which can be a user-managed or openshift-managed load balancer that is to be used for the OpenShift API and Ingress endpoints. When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing defined in the machine config operator will be deployed. When set to UserManaged these static pods will not be deployed and it is expected that the load balancer is configured out of band by the deployer. When omitted, this means no opinion and the platform is left to choose a reasonable default. The default value is OpenShiftManagedDefault.
+| type defines the type of load balancer used by the cluster on VSphere platform
+which can be a user-managed or openshift-managed load balancer
+that is to be used for the OpenShift API and Ingress endpoints.
+When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing
+defined in the machine config operator will be deployed.
+When set to UserManaged these static pods will not be deployed and it is expected that
+the load balancer is configured out of band by the deployer.
+When omitted, this means no opinion and the platform is left to choose a reasonable default.
+The default value is OpenShiftManagedDefault.
 
 |===
 
diff --git a/rest_api/config_apis/ingress-config-openshift-io-v1.adoc b/rest_api/config_apis/ingress-config-openshift-io-v1.adoc
index f6d6465396..e7d30341a7 100644
--- a/rest_api/config_apis/ingress-config-openshift-io-v1.adoc
+++ b/rest_api/config_apis/ingress-config-openshift-io-v1.adoc
@@ -11,8 +11,10 @@ toc::[]
 Description::
 +
 --
-Ingress holds cluster-wide information about ingress, including the default ingress domain used for routes. The canonical name is `cluster`. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+Ingress holds cluster-wide information about ingress, including the default ingress domain
+used for routes. The canonical name is `cluster`.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -68,12 +70,24 @@ Type::
 
 | `appsDomain`
 | `string`
-| appsDomain is an optional domain to use instead of the one specified in the domain field when a Route is created without specifying an explicit host. If appsDomain is nonempty, this value is used to generate default host values for Route. Unlike domain, appsDomain may be modified after installation. This assumes a new ingresscontroller has been setup with a wildcard certificate.
+| appsDomain is an optional domain to use instead of the one specified
+in the domain field when a Route is created without specifying an explicit
+host. If appsDomain is nonempty, this value is used to generate default
+host values for Route. Unlike domain, appsDomain may be modified after
+installation.
+This assumes a new ingresscontroller has been setup with a wildcard
+certificate.
 
 | `componentRoutes`
 | `array`
-| componentRoutes is an optional list of routes that are managed by OpenShift components that a cluster-admin is able to configure the hostname and serving certificate for. The namespace and name of each route in this list should match an existing entry in the status.componentRoutes list. 
- To determine the set of configurable Routes, look at namespace and name of entries in the .status.componentRoutes list, where participating operators write the status of configurable routes.
+| componentRoutes is an optional list of routes that are managed by OpenShift components
+that a cluster-admin is able to configure the hostname and serving certificate for.
+The namespace and name of each route in this list should match an existing entry in the
+status.componentRoutes list.
+
+To determine the set of configurable Routes, look at namespace and name of entries in the
+.status.componentRoutes list, where participating operators write the status of
+configurable routes.
 
 | `componentRoutes[]`
 | `object`
@@ -81,21 +95,44 @@ Type::
 
 | `domain`
 | `string`
-| domain is used to generate a default host name for a route when the route's host name is empty. The generated host name will follow this pattern: "<route-name>.<route-namespace>.<domain>". 
- It is also used as the default wildcard domain suffix for ingress. The default ingresscontroller domain will follow this pattern: "*.<domain>". 
- Once set, changing domain is not currently supported.
+| domain is used to generate a default host name for a route when the
+route's host name is empty. The generated host name will follow this
+pattern: "<route-name>.<route-namespace>.<domain>".
+
+It is also used as the default wildcard domain suffix for ingress. The
+default ingresscontroller domain will follow this pattern: "*.<domain>".
+
+Once set, changing domain is not currently supported.
 
 | `loadBalancer`
 | `object`
-| loadBalancer contains the load balancer details in general which are not only specific to the underlying infrastructure provider of the current cluster and are required for Ingress Controller to work on OpenShift.
+| loadBalancer contains the load balancer details in general which are not only specific to the underlying infrastructure
+provider of the current cluster and are required for Ingress Controller to work on OpenShift.
 
 | `requiredHSTSPolicies`
 | `array`
-| requiredHSTSPolicies specifies HSTS policies that are required to be set on newly created  or updated routes matching the domainPattern/s and namespaceSelector/s that are specified in the policy. Each requiredHSTSPolicy must have at least a domainPattern and a maxAge to validate a route HSTS Policy route annotation, and affect route admission. 
- A candidate route is checked for HSTS Policies if it has the HSTS Policy route annotation: "haproxy.router.openshift.io/hsts_header" E.g. haproxy.router.openshift.io/hsts_header: max-age=31536000;preload;includeSubDomains 
- - For each candidate route, if it matches a requiredHSTSPolicy domainPattern and optional namespaceSelector, then the maxAge, preloadPolicy, and includeSubdomainsPolicy must be valid to be admitted.  Otherwise, the route is rejected. - The first match, by domainPattern and optional namespaceSelector, in the ordering of the RequiredHSTSPolicies determines the route's admission status. - If the candidate route doesn't match any requiredHSTSPolicy domainPattern and optional namespaceSelector, then it may use any HSTS Policy annotation. 
- The HSTS policy configuration may be changed after routes have already been created. An update to a previously admitted route may then fail if the updated route does not conform to the updated HSTS policy configuration. However, changing the HSTS policy configuration will not cause a route that is already admitted to stop working. 
- Note that if there are no RequiredHSTSPolicies, any HSTS Policy annotation on the route is valid.
+| requiredHSTSPolicies specifies HSTS policies that are required to be set on newly created  or updated routes
+matching the domainPattern/s and namespaceSelector/s that are specified in the policy.
+Each requiredHSTSPolicy must have at least a domainPattern and a maxAge to validate a route HSTS Policy route
+annotation, and affect route admission.
+
+A candidate route is checked for HSTS Policies if it has the HSTS Policy route annotation:
+"haproxy.router.openshift.io/hsts_header"
+E.g. haproxy.router.openshift.io/hsts_header: max-age=31536000;preload;includeSubDomains
+
+- For each candidate route, if it matches a requiredHSTSPolicy domainPattern and optional namespaceSelector,
+then the maxAge, preloadPolicy, and includeSubdomainsPolicy must be valid to be admitted.  Otherwise, the route
+is rejected.
+- The first match, by domainPattern and optional namespaceSelector, in the ordering of the RequiredHSTSPolicies
+determines the route's admission status.
+- If the candidate route doesn't match any requiredHSTSPolicy domainPattern and optional namespaceSelector,
+then it may use any HSTS Policy annotation.
+
+The HSTS policy configuration may be changed after routes have already been created. An update to a previously
+admitted route may then fail if the updated route does not conform to the updated HSTS policy configuration.
+However, changing the HSTS policy configuration will not cause a route that is already admitted to stop working.
+
+Note that if there are no RequiredHSTSPolicies, any HSTS Policy annotation on the route is valid.
 
 | `requiredHSTSPolicies[]`
 | `object`
@@ -106,8 +143,14 @@ Type::
 Description::
 +
 --
-componentRoutes is an optional list of routes that are managed by OpenShift components that a cluster-admin is able to configure the hostname and serving certificate for. The namespace and name of each route in this list should match an existing entry in the status.componentRoutes list. 
- To determine the set of configurable Routes, look at namespace and name of entries in the .status.componentRoutes list, where participating operators write the status of configurable routes.
+componentRoutes is an optional list of routes that are managed by OpenShift components
+that a cluster-admin is able to configure the hostname and serving certificate for.
+The namespace and name of each route in this list should match an existing entry in the
+status.componentRoutes list.
+
+To determine the set of configurable Routes, look at namespace and name of entries in the
+.status.componentRoutes list, where participating operators write the status of
+configurable routes.
 --
 
 Type::
@@ -143,24 +186,34 @@ Required::
 
 | `name`
 | `string`
-| name is the logical name of the route to customize. 
- The namespace and name of this componentRoute must match a corresponding entry in the list of status.componentRoutes if the route is to be customized.
+| name is the logical name of the route to customize.
+
+The namespace and name of this componentRoute must match a corresponding
+entry in the list of status.componentRoutes if the route is to be customized.
 
 | `namespace`
 | `string`
-| namespace is the namespace of the route to customize. 
- The namespace and name of this componentRoute must match a corresponding entry in the list of status.componentRoutes if the route is to be customized.
+| namespace is the namespace of the route to customize.
+
+The namespace and name of this componentRoute must match a corresponding
+entry in the list of status.componentRoutes if the route is to be customized.
 
 | `servingCertKeyPairSecret`
 | `object`
-| servingCertKeyPairSecret is a reference to a secret of type `kubernetes.io/tls` in the openshift-config namespace. The serving cert/key pair must match and will be used by the operator to fulfill the intent of serving with this name. If the custom hostname uses the default routing suffix of the cluster, the Secret specification for a serving certificate will not be needed.
+| servingCertKeyPairSecret is a reference to a secret of type `kubernetes.io/tls` in the openshift-config namespace.
+The serving cert/key pair must match and will be used by the operator to fulfill the intent of serving with this name.
+If the custom hostname uses the default routing suffix of the cluster,
+the Secret specification for a serving certificate will not be needed.
 
 |===
 === .spec.componentRoutes[].servingCertKeyPairSecret
 Description::
 +
 --
-servingCertKeyPairSecret is a reference to a secret of type `kubernetes.io/tls` in the openshift-config namespace. The serving cert/key pair must match and will be used by the operator to fulfill the intent of serving with this name. If the custom hostname uses the default routing suffix of the cluster, the Secret specification for a serving certificate will not be needed.
+servingCertKeyPairSecret is a reference to a secret of type `kubernetes.io/tls` in the openshift-config namespace.
+The serving cert/key pair must match and will be used by the operator to fulfill the intent of serving with this name.
+If the custom hostname uses the default routing suffix of the cluster,
+the Secret specification for a serving certificate will not be needed.
 --
 
 Type::
@@ -184,7 +237,8 @@ Required::
 Description::
 +
 --
-loadBalancer contains the load balancer details in general which are not only specific to the underlying infrastructure provider of the current cluster and are required for Ingress Controller to work on OpenShift.
+loadBalancer contains the load balancer details in general which are not only specific to the underlying infrastructure
+provider of the current cluster and are required for Ingress Controller to work on OpenShift.
 --
 
 Type::
@@ -199,14 +253,20 @@ Type::
 
 | `platform`
 | `object`
-| platform holds configuration specific to the underlying infrastructure provider for the ingress load balancers. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time.
+| platform holds configuration specific to the underlying
+infrastructure provider for the ingress load balancers.
+When omitted, this means the user has no opinion and the platform is left
+to choose reasonable defaults. These defaults are subject to change over time.
 
 |===
 === .spec.loadBalancer.platform
 Description::
 +
 --
-platform holds configuration specific to the underlying infrastructure provider for the ingress load balancers. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time.
+platform holds configuration specific to the underlying
+infrastructure provider for the ingress load balancers.
+When omitted, this means the user has no opinion and the platform is left
+to choose reasonable defaults. These defaults are subject to change over time.
 --
 
 Type::
@@ -225,7 +285,11 @@ Type::
 
 | `type`
 | `string`
-| type is the underlying infrastructure provider for the cluster. Allowed values are "AWS", "Azure", "BareMetal", "GCP", "Libvirt", "OpenStack", "VSphere", "oVirt", "KubeVirt", "EquinixMetal", "PowerVS", "AlibabaCloud", "Nutanix" and "None". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform.
+| type is the underlying infrastructure provider for the cluster.
+Allowed values are "AWS", "Azure", "BareMetal", "GCP", "Libvirt",
+"OpenStack", "VSphere", "oVirt", "KubeVirt", "EquinixMetal", "PowerVS",
+"AlibabaCloud", "Nutanix" and "None". Individual components may not support all platforms,
+and must handle unrecognized platforms as None if they do not support that platform.
 
 |===
 === .spec.loadBalancer.platform.aws
@@ -249,22 +313,49 @@ Required::
 
 | `type`
 | `string`
-| type allows user to set a load balancer type. When this field is set the default ingresscontroller will get created using the specified LBType. If this field is not set then the default ingress controller of LBType Classic will be created. Valid values are: 
- * "Classic": A Classic Load Balancer that makes routing decisions at either the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). See the following for additional details: 
- https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb 
- * "NLB": A Network Load Balancer that makes routing decisions at the transport layer (TCP/SSL). See the following for additional details: 
- https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb
+| type allows user to set a load balancer type.
+When this field is set the default ingresscontroller will get created using the specified LBType.
+If this field is not set then the default ingress controller of LBType Classic will be created.
+Valid values are:
+
+* "Classic": A Classic Load Balancer that makes routing decisions at either
+  the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). See
+  the following for additional details:
+
+    https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb
+
+* "NLB": A Network Load Balancer that makes routing decisions at the
+  transport layer (TCP/SSL). See the following for additional details:
+
+    https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb
 
 |===
 === .spec.requiredHSTSPolicies
 Description::
 +
 --
-requiredHSTSPolicies specifies HSTS policies that are required to be set on newly created  or updated routes matching the domainPattern/s and namespaceSelector/s that are specified in the policy. Each requiredHSTSPolicy must have at least a domainPattern and a maxAge to validate a route HSTS Policy route annotation, and affect route admission. 
- A candidate route is checked for HSTS Policies if it has the HSTS Policy route annotation: "haproxy.router.openshift.io/hsts_header" E.g. haproxy.router.openshift.io/hsts_header: max-age=31536000;preload;includeSubDomains 
- - For each candidate route, if it matches a requiredHSTSPolicy domainPattern and optional namespaceSelector, then the maxAge, preloadPolicy, and includeSubdomainsPolicy must be valid to be admitted.  Otherwise, the route is rejected. - The first match, by domainPattern and optional namespaceSelector, in the ordering of the RequiredHSTSPolicies determines the route's admission status. - If the candidate route doesn't match any requiredHSTSPolicy domainPattern and optional namespaceSelector, then it may use any HSTS Policy annotation. 
- The HSTS policy configuration may be changed after routes have already been created. An update to a previously admitted route may then fail if the updated route does not conform to the updated HSTS policy configuration. However, changing the HSTS policy configuration will not cause a route that is already admitted to stop working. 
- Note that if there are no RequiredHSTSPolicies, any HSTS Policy annotation on the route is valid.
+requiredHSTSPolicies specifies HSTS policies that are required to be set on newly created  or updated routes
+matching the domainPattern/s and namespaceSelector/s that are specified in the policy.
+Each requiredHSTSPolicy must have at least a domainPattern and a maxAge to validate a route HSTS Policy route
+annotation, and affect route admission.
+
+A candidate route is checked for HSTS Policies if it has the HSTS Policy route annotation:
+"haproxy.router.openshift.io/hsts_header"
+E.g. haproxy.router.openshift.io/hsts_header: max-age=31536000;preload;includeSubDomains
+
+- For each candidate route, if it matches a requiredHSTSPolicy domainPattern and optional namespaceSelector,
+then the maxAge, preloadPolicy, and includeSubdomainsPolicy must be valid to be admitted.  Otherwise, the route
+is rejected.
+- The first match, by domainPattern and optional namespaceSelector, in the ordering of the RequiredHSTSPolicies
+determines the route's admission status.
+- If the candidate route doesn't match any requiredHSTSPolicy domainPattern and optional namespaceSelector,
+then it may use any HSTS Policy annotation.
+
+The HSTS policy configuration may be changed after routes have already been created. An update to a previously
+admitted route may then fail if the updated route does not conform to the updated HSTS policy configuration.
+However, changing the HSTS policy configuration will not cause a route that is already admitted to stop working.
+
+Note that if there are no RequiredHSTSPolicies, any HSTS Policy annotation on the route is valid.
 --
 
 Type::
@@ -294,31 +385,52 @@ Required::
 
 | `domainPatterns`
 | `array (string)`
-| domainPatterns is a list of domains for which the desired HSTS annotations are required. If domainPatterns is specified and a route is created with a spec.host matching one of the domains, the route must specify the HSTS Policy components described in the matching RequiredHSTSPolicy. 
- The use of wildcards is allowed like this: *.foo.com matches everything under foo.com. foo.com only matches foo.com, so to cover foo.com and everything under it, you must specify *both*.
+| domainPatterns is a list of domains for which the desired HSTS annotations are required.
+If domainPatterns is specified and a route is created with a spec.host matching one of the domains,
+the route must specify the HSTS Policy components described in the matching RequiredHSTSPolicy.
+
+The use of wildcards is allowed like this: *.foo.com matches everything under foo.com.
+foo.com only matches foo.com, so to cover foo.com and everything under it, you must specify *both*.
 
 | `includeSubDomainsPolicy`
 | `string`
-| includeSubDomainsPolicy means the HSTS Policy should apply to any subdomains of the host's domain name.  Thus, for the host bar.foo.com, if includeSubDomainsPolicy was set to RequireIncludeSubDomains: - the host app.bar.foo.com would inherit the HSTS Policy of bar.foo.com - the host bar.foo.com would inherit the HSTS Policy of bar.foo.com - the host foo.com would NOT inherit the HSTS Policy of bar.foo.com - the host def.foo.com would NOT inherit the HSTS Policy of bar.foo.com
+| includeSubDomainsPolicy means the HSTS Policy should apply to any subdomains of the host's
+domain name.  Thus, for the host bar.foo.com, if includeSubDomainsPolicy was set to RequireIncludeSubDomains:
+- the host app.bar.foo.com would inherit the HSTS Policy of bar.foo.com
+- the host bar.foo.com would inherit the HSTS Policy of bar.foo.com
+- the host foo.com would NOT inherit the HSTS Policy of bar.foo.com
+- the host def.foo.com would NOT inherit the HSTS Policy of bar.foo.com
 
 | `maxAge`
 | `object`
-| maxAge is the delta time range in seconds during which hosts are regarded as HSTS hosts. If set to 0, it negates the effect, and hosts are removed as HSTS hosts. If set to 0 and includeSubdomains is specified, all subdomains of the host are also removed as HSTS hosts. maxAge is a time-to-live value, and if this policy is not refreshed on a client, the HSTS policy will eventually expire on that client.
+| maxAge is the delta time range in seconds during which hosts are regarded as HSTS hosts.
+If set to 0, it negates the effect, and hosts are removed as HSTS hosts.
+If set to 0 and includeSubdomains is specified, all subdomains of the host are also removed as HSTS hosts.
+maxAge is a time-to-live value, and if this policy is not refreshed on a client, the HSTS
+policy will eventually expire on that client.
 
 | `namespaceSelector`
 | `object`
-| namespaceSelector specifies a label selector such that the policy applies only to those routes that are in namespaces with labels that match the selector, and are in one of the DomainPatterns. Defaults to the empty LabelSelector, which matches everything.
+| namespaceSelector specifies a label selector such that the policy applies only to those routes that
+are in namespaces with labels that match the selector, and are in one of the DomainPatterns.
+Defaults to the empty LabelSelector, which matches everything.
 
 | `preloadPolicy`
 | `string`
-| preloadPolicy directs the client to include hosts in its host preload list so that it never needs to do an initial load to get the HSTS header (note that this is not defined in RFC 6797 and is therefore client implementation-dependent).
+| preloadPolicy directs the client to include hosts in its host preload list so that
+it never needs to do an initial load to get the HSTS header (note that this is not defined
+in RFC 6797 and is therefore client implementation-dependent).
 
 |===
 === .spec.requiredHSTSPolicies[].maxAge
 Description::
 +
 --
-maxAge is the delta time range in seconds during which hosts are regarded as HSTS hosts. If set to 0, it negates the effect, and hosts are removed as HSTS hosts. If set to 0 and includeSubdomains is specified, all subdomains of the host are also removed as HSTS hosts. maxAge is a time-to-live value, and if this policy is not refreshed on a client, the HSTS policy will eventually expire on that client.
+maxAge is the delta time range in seconds during which hosts are regarded as HSTS hosts.
+If set to 0, it negates the effect, and hosts are removed as HSTS hosts.
+If set to 0 and includeSubdomains is specified, all subdomains of the host are also removed as HSTS hosts.
+maxAge is a time-to-live value, and if this policy is not refreshed on a client, the HSTS
+policy will eventually expire on that client.
 --
 
 Type::
@@ -333,18 +445,24 @@ Type::
 
 | `largestMaxAge`
 | `integer`
-| The largest allowed value (in seconds) of the RequiredHSTSPolicy max-age This value can be left unspecified, in which case no upper limit is enforced.
+| The largest allowed value (in seconds) of the RequiredHSTSPolicy max-age
+This value can be left unspecified, in which case no upper limit is enforced.
 
 | `smallestMaxAge`
 | `integer`
-| The smallest allowed value (in seconds) of the RequiredHSTSPolicy max-age Setting max-age=0 allows the deletion of an existing HSTS header from a host.  This is a necessary tool for administrators to quickly correct mistakes. This value can be left unspecified, in which case no lower limit is enforced.
+| The smallest allowed value (in seconds) of the RequiredHSTSPolicy max-age
+Setting max-age=0 allows the deletion of an existing HSTS header from a host.  This is a necessary
+tool for administrators to quickly correct mistakes.
+This value can be left unspecified, in which case no lower limit is enforced.
 
 |===
 === .spec.requiredHSTSPolicies[].namespaceSelector
 Description::
 +
 --
-namespaceSelector specifies a label selector such that the policy applies only to those routes that are in namespaces with labels that match the selector, and are in one of the DomainPatterns. Defaults to the empty LabelSelector, which matches everything.
+namespaceSelector specifies a label selector such that the policy applies only to those routes that
+are in namespaces with labels that match the selector, and are in one of the DomainPatterns.
+Defaults to the empty LabelSelector, which matches everything.
 --
 
 Type::
@@ -363,11 +481,14 @@ Type::
 
 | `matchExpressions[]`
 | `object`
-| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+| A label selector requirement is a selector that contains values, a key, and an operator that
+relates the key and values.
 
 | `matchLabels`
 | `object (string)`
-| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+map is equivalent to an element of matchExpressions, whose key field is "key", the
+operator is "In", and the values array contains only "value". The requirements are ANDed.
 
 |===
 === .spec.requiredHSTSPolicies[].namespaceSelector.matchExpressions
@@ -387,7 +508,8 @@ Type::
 Description::
 +
 --
-A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+A label selector requirement is a selector that contains values, a key, and an operator that
+relates the key and values.
 --
 
 Type::
@@ -409,11 +531,15 @@ Required::
 
 | `operator`
 | `string`
-| operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+| operator represents a key's relationship to a set of values.
+Valid operators are In, NotIn, Exists and DoesNotExist.
 
 | `values`
 | `array (string)`
-| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+| values is an array of string values. If the operator is In or NotIn,
+the values array must be non-empty. If the operator is Exists or DoesNotExist,
+the values array must be empty. This array is replaced during a strategic
+merge patch.
 
 |===
 === .status
@@ -435,7 +561,8 @@ Type::
 
 | `componentRoutes`
 | `array`
-| componentRoutes is where participating operators place the current route status for routes whose hostnames and serving certificates can be customized by the cluster-admin.
+| componentRoutes is where participating operators place the current route status for routes whose
+hostnames and serving certificates can be customized by the cluster-admin.
 
 | `componentRoutes[]`
 | `object`
@@ -443,17 +570,26 @@ Type::
 
 | `defaultPlacement`
 | `string`
-| defaultPlacement is set at installation time to control which nodes will host the ingress router pods by default. The options are control-plane nodes or worker nodes. 
- This field works by dictating how the Cluster Ingress Operator will consider unset replicas and nodePlacement fields in IngressController resources when creating the corresponding Deployments. 
- See the documentation for the IngressController replicas and nodePlacement fields for more information. 
- When omitted, the default value is Workers
+| defaultPlacement is set at installation time to control which
+nodes will host the ingress router pods by default. The options are
+control-plane nodes or worker nodes.
+
+This field works by dictating how the Cluster Ingress Operator will
+consider unset replicas and nodePlacement fields in IngressController
+resources when creating the corresponding Deployments.
+
+See the documentation for the IngressController replicas and nodePlacement
+fields for more information.
+
+When omitted, the default value is Workers
 
 |===
 === .status.componentRoutes
 Description::
 +
 --
-componentRoutes is where participating operators place the current route status for routes whose hostnames and serving certificates can be customized by the cluster-admin.
+componentRoutes is where participating operators place the current route status for routes whose
+hostnames and serving certificates can be customized by the cluster-admin.
 --
 
 Type::
@@ -486,17 +622,22 @@ Required::
 
 | `conditions`
 | `array`
-| conditions are used to communicate the state of the componentRoutes entry. 
- Supported conditions include Available, Degraded and Progressing. 
- If available is true, the content served by the route can be accessed by users. This includes cases where a default may continue to serve content while the customized route specified by the cluster-admin is being configured. 
- If Degraded is true, that means something has gone wrong trying to handle the componentRoutes entry. The currentHostnames field may or may not be in effect. 
- If Progressing is true, that means the component is taking some action related to the componentRoutes entry.
+| conditions are used to communicate the state of the componentRoutes entry.
+
+Supported conditions include Available, Degraded and Progressing.
+
+If available is true, the content served by the route can be accessed by users. This includes cases
+where a default may continue to serve content while the customized route specified by the cluster-admin
+is being configured.
+
+If Degraded is true, that means something has gone wrong trying to handle the componentRoutes entry.
+The currentHostnames field may or may not be in effect.
+
+If Progressing is true, that means the component is taking some action related to the componentRoutes entry.
 
 | `conditions[]`
 | `object`
-| Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions.  For example, 
- type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` 
- // other fields }
+| Condition contains details for one aspect of the current state of this API Resource.
 
 | `consumingUsers`
 | `array (string)`
@@ -504,7 +645,8 @@ Required::
 
 | `currentHostnames`
 | `array (string)`
-| currentHostnames is the list of current names used by the route. Typically, this list should consist of a single hostname, but if multiple hostnames are supported by the route the operator may write multiple entries to this list.
+| currentHostnames is the list of current names used by the route. Typically, this list should consist of a single
+hostname, but if multiple hostnames are supported by the route the operator may write multiple entries to this list.
 
 | `defaultHostname`
 | `string`
@@ -512,13 +654,19 @@ Required::
 
 | `name`
 | `string`
-| name is the logical name of the route to customize. It does not have to be the actual name of a route resource but it cannot be renamed. 
- The namespace and name of this componentRoute must match a corresponding entry in the list of spec.componentRoutes if the route is to be customized.
+| name is the logical name of the route to customize. It does not have to be the actual name of a route resource
+but it cannot be renamed.
+
+The namespace and name of this componentRoute must match a corresponding
+entry in the list of spec.componentRoutes if the route is to be customized.
 
 | `namespace`
 | `string`
-| namespace is the namespace of the route to customize. It must be a real namespace. Using an actual namespace ensures that no two components will conflict and the same component can be installed multiple times. 
- The namespace and name of this componentRoute must match a corresponding entry in the list of spec.componentRoutes if the route is to be customized.
+| namespace is the namespace of the route to customize. It must be a real namespace. Using an actual namespace
+ensures that no two components will conflict and the same component can be installed multiple times.
+
+The namespace and name of this componentRoute must match a corresponding
+entry in the list of spec.componentRoutes if the route is to be customized.
 
 | `relatedObjects`
 | `array`
@@ -533,11 +681,18 @@ Required::
 Description::
 +
 --
-conditions are used to communicate the state of the componentRoutes entry. 
- Supported conditions include Available, Degraded and Progressing. 
- If available is true, the content served by the route can be accessed by users. This includes cases where a default may continue to serve content while the customized route specified by the cluster-admin is being configured. 
- If Degraded is true, that means something has gone wrong trying to handle the componentRoutes entry. The currentHostnames field may or may not be in effect. 
- If Progressing is true, that means the component is taking some action related to the componentRoutes entry.
+conditions are used to communicate the state of the componentRoutes entry.
+
+Supported conditions include Available, Degraded and Progressing.
+
+If available is true, the content served by the route can be accessed by users. This includes cases
+where a default may continue to serve content while the customized route specified by the cluster-admin
+is being configured.
+
+If Degraded is true, that means something has gone wrong trying to handle the componentRoutes entry.
+The currentHostnames field may or may not be in effect.
+
+If Progressing is true, that means the component is taking some action related to the componentRoutes entry.
 --
 
 Type::
@@ -550,9 +705,7 @@ Type::
 Description::
 +
 --
-Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions.  For example, 
- type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` 
- // other fields }
+Condition contains details for one aspect of the current state of this API Resource.
 --
 
 Type::
@@ -573,19 +726,27 @@ Required::
 
 | `lastTransitionTime`
 | `string`
-| lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
+| lastTransitionTime is the last time the condition transitioned from one status to another.
+This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
 
 | `message`
 | `string`
-| message is a human readable message indicating details about the transition. This may be an empty string.
+| message is a human readable message indicating details about the transition.
+This may be an empty string.
 
 | `observedGeneration`
 | `integer`
-| observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
+| observedGeneration represents the .metadata.generation that the condition was set based upon.
+For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+with respect to the current state of the instance.
 
 | `reason`
 | `string`
-| reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
+| reason contains a programmatic identifier indicating the reason for the condition's last transition.
+Producers of specific condition types may define expected values and meanings for this field,
+and whether the values are considered a guaranteed API.
+The value should be a CamelCase string.
+This field may not be empty.
 
 | `status`
 | `string`
@@ -593,7 +754,7 @@ Required::
 
 | `type`
 | `string`
-| type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+| type of condition in CamelCase or in foo.example.com/CamelCase.
 
 |===
 === .status.componentRoutes[].relatedObjects
diff --git a/rest_api/config_apis/network-config-openshift-io-v1.adoc b/rest_api/config_apis/network-config-openshift-io-v1.adoc
index 91f91c3e30..7a444af5af 100644
--- a/rest_api/config_apis/network-config-openshift-io-v1.adoc
+++ b/rest_api/config_apis/network-config-openshift-io-v1.adoc
@@ -11,8 +11,10 @@ toc::[]
 Description::
 +
 --
-Network holds cluster-wide information about Network. The canonical name is `cluster`. It is used to configure the desired network configuration, such as: IP address pools for services/pod IPs, network plugin, etc. Please view network.spec for an explanation on what applies when configuring this resource. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+Network holds cluster-wide information about Network. The canonical name is `cluster`. It is used to configure the desired network configuration, such as: IP address pools for services/pod IPs, network plugin, etc.
+Please view network.spec for an explanation on what applies when configuring this resource.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -42,7 +44,10 @@ Required::
 
 | `spec`
 | `object`
-| spec holds user settable values for configuration. As a general rule, this SHOULD NOT be read directly. Instead, you should consume the NetworkStatus, as it indicates the currently deployed configuration. Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each.
+| spec holds user settable values for configuration.
+As a general rule, this SHOULD NOT be read directly. Instead, you should
+consume the NetworkStatus, as it indicates the currently deployed configuration.
+Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each.
 
 | `status`
 | `object`
@@ -53,7 +58,10 @@ Required::
 Description::
 +
 --
-spec holds user settable values for configuration. As a general rule, this SHOULD NOT be read directly. Instead, you should consume the NetworkStatus, as it indicates the currently deployed configuration. Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each.
+spec holds user settable values for configuration.
+As a general rule, this SHOULD NOT be read directly. Instead, you should
+consume the NetworkStatus, as it indicates the currently deployed configuration.
+Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each.
 --
 
 Type::
@@ -68,39 +76,60 @@ Type::
 
 | `clusterNetwork`
 | `array`
-| IP address pool to use for pod IPs. This field is immutable after installation.
+| IP address pool to use for pod IPs.
+This field is immutable after installation.
 
 | `clusterNetwork[]`
 | `object`
-| ClusterNetworkEntry is a contiguous block of IP addresses from which pod IPs are allocated.
+| ClusterNetworkEntry is a contiguous block of IP addresses from which pod IPs
+are allocated.
 
 | `externalIP`
 | `object`
-| externalIP defines configuration for controllers that affect Service.ExternalIP. If nil, then ExternalIP is not allowed to be set.
+| externalIP defines configuration for controllers that
+affect Service.ExternalIP. If nil, then ExternalIP is
+not allowed to be set.
 
 | `networkDiagnostics`
 | `object`
-| networkDiagnostics defines network diagnostics configuration. 
- Takes precedence over spec.disableNetworkDiagnostics in network.operator.openshift.io. If networkDiagnostics is not specified or is empty, and the spec.disableNetworkDiagnostics flag in network.operator.openshift.io is set to true, the network diagnostics feature will be disabled.
+| networkDiagnostics defines network diagnostics configuration.
+
+Takes precedence over spec.disableNetworkDiagnostics in network.operator.openshift.io.
+If networkDiagnostics is not specified or is empty,
+and the spec.disableNetworkDiagnostics flag in network.operator.openshift.io is set to true,
+the network diagnostics feature will be disabled.
 
 | `networkType`
 | `string`
-| NetworkType is the plugin that is to be deployed (e.g. OVNKubernetes). This should match a value that the cluster-network-operator understands, or else no networking will be installed. Currently supported values are: - OVNKubernetes This field is immutable after installation.
+| NetworkType is the plugin that is to be deployed (e.g. OVNKubernetes).
+This should match a value that the cluster-network-operator understands,
+or else no networking will be installed.
+Currently supported values are:
+- OVNKubernetes
+This field is immutable after installation.
 
 | `serviceNetwork`
 | `array (string)`
-| IP address pool for services. Currently, we only support a single entry here. This field is immutable after installation.
+| IP address pool for services.
+Currently, we only support a single entry here.
+This field is immutable after installation.
 
 | `serviceNodePortRange`
 | `string`
-| The port range allowed for Services of type NodePort. If not specified, the default of 30000-32767 will be used. Such Services without a NodePort specified will have one automatically allocated from this range. This parameter can be updated after the cluster is installed.
+| The port range allowed for Services of type NodePort.
+If not specified, the default of 30000-32767 will be used.
+Such Services without a NodePort specified will have one
+automatically allocated from this range.
+This parameter can be updated after the cluster is
+installed.
 
 |===
 === .spec.clusterNetwork
 Description::
 +
 --
-IP address pool to use for pod IPs. This field is immutable after installation.
+IP address pool to use for pod IPs.
+This field is immutable after installation.
 --
 
 Type::
@@ -113,7 +142,8 @@ Type::
 Description::
 +
 --
-ClusterNetworkEntry is a contiguous block of IP addresses from which pod IPs are allocated.
+ClusterNetworkEntry is a contiguous block of IP addresses from which pod IPs
+are allocated.
 --
 
 Type::
@@ -132,14 +162,17 @@ Type::
 
 | `hostPrefix`
 | `integer`
-| The size (prefix) of block to allocate to each node. If this field is not used by the plugin, it can be left unset.
+| The size (prefix) of block to allocate to each node. If this
+field is not used by the plugin, it can be left unset.
 
 |===
 === .spec.externalIP
 Description::
 +
 --
-externalIP defines configuration for controllers that affect Service.ExternalIP. If nil, then ExternalIP is not allowed to be set.
+externalIP defines configuration for controllers that
+affect Service.ExternalIP. If nil, then ExternalIP is
+not allowed to be set.
 --
 
 Type::
@@ -154,18 +187,26 @@ Type::
 
 | `autoAssignCIDRs`
 | `array (string)`
-| autoAssignCIDRs is a list of CIDRs from which to automatically assign Service.ExternalIP. These are assigned when the service is of type LoadBalancer. In general, this is only useful for bare-metal clusters. In Openshift 3.x, this was misleadingly called "IngressIPs". Automatically assigned External IPs are not affected by any ExternalIPPolicy rules. Currently, only one entry may be provided.
+| autoAssignCIDRs is a list of CIDRs from which to automatically assign
+Service.ExternalIP. These are assigned when the service is of type
+LoadBalancer. In general, this is only useful for bare-metal clusters.
+In Openshift 3.x, this was misleadingly called "IngressIPs".
+Automatically assigned External IPs are not affected by any
+ExternalIPPolicy rules.
+Currently, only one entry may be provided.
 
 | `policy`
 | `object`
-| policy is a set of restrictions applied to the ExternalIP field. If nil or empty, then ExternalIP is not allowed to be set.
+| policy is a set of restrictions applied to the ExternalIP field.
+If nil or empty, then ExternalIP is not allowed to be set.
 
 |===
 === .spec.externalIP.policy
 Description::
 +
 --
-policy is a set of restrictions applied to the ExternalIP field. If nil or empty, then ExternalIP is not allowed to be set.
+policy is a set of restrictions applied to the ExternalIP field.
+If nil or empty, then ExternalIP is not allowed to be set.
 --
 
 Type::
@@ -184,15 +225,20 @@ Type::
 
 | `rejectedCIDRs`
 | `array (string)`
-| rejectedCIDRs is the list of disallowed CIDRs. These take precedence over allowedCIDRs.
+| rejectedCIDRs is the list of disallowed CIDRs. These take precedence
+over allowedCIDRs.
 
 |===
 === .spec.networkDiagnostics
 Description::
 +
 --
-networkDiagnostics defines network diagnostics configuration. 
- Takes precedence over spec.disableNetworkDiagnostics in network.operator.openshift.io. If networkDiagnostics is not specified or is empty, and the spec.disableNetworkDiagnostics flag in network.operator.openshift.io is set to true, the network diagnostics feature will be disabled.
+networkDiagnostics defines network diagnostics configuration.
+
+Takes precedence over spec.disableNetworkDiagnostics in network.operator.openshift.io.
+If networkDiagnostics is not specified or is empty,
+and the spec.disableNetworkDiagnostics flag in network.operator.openshift.io is set to true,
+the network diagnostics feature will be disabled.
 --
 
 Type::
@@ -207,26 +253,32 @@ Type::
 
 | `mode`
 | `string`
-| mode controls the network diagnostics mode 
- When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is All.
+| mode controls the network diagnostics mode
+
+When omitted, this means the user has no opinion and the platform is left
+to choose reasonable defaults. These defaults are subject to change over time.
+The current default is All.
 
 | `sourcePlacement`
 | `object`
-| sourcePlacement controls the scheduling of network diagnostics source deployment 
- See NetworkDiagnosticsSourcePlacement for more details about default values.
+| sourcePlacement controls the scheduling of network diagnostics source deployment
+
+See NetworkDiagnosticsSourcePlacement for more details about default values.
 
 | `targetPlacement`
 | `object`
-| targetPlacement controls the scheduling of network diagnostics target daemonset 
- See NetworkDiagnosticsTargetPlacement for more details about default values.
+| targetPlacement controls the scheduling of network diagnostics target daemonset
+
+See NetworkDiagnosticsTargetPlacement for more details about default values.
 
 |===
 === .spec.networkDiagnostics.sourcePlacement
 Description::
 +
 --
-sourcePlacement controls the scheduling of network diagnostics source deployment 
- See NetworkDiagnosticsSourcePlacement for more details about default values.
+sourcePlacement controls the scheduling of network diagnostics source deployment
+
+See NetworkDiagnosticsSourcePlacement for more details about default values.
 --
 
 Type::
@@ -241,25 +293,35 @@ Type::
 
 | `nodeSelector`
 | `object (string)`
-| nodeSelector is the node selector applied to network diagnostics components 
- When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is `kubernetes.io/os: linux`.
+| nodeSelector is the node selector applied to network diagnostics components
+
+When omitted, this means the user has no opinion and the platform is left
+to choose reasonable defaults. These defaults are subject to change over time.
+The current default is `kubernetes.io/os: linux`.
 
 | `tolerations`
 | `array`
-| tolerations is a list of tolerations applied to network diagnostics components 
- When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is an empty list.
+| tolerations is a list of tolerations applied to network diagnostics components
+
+When omitted, this means the user has no opinion and the platform is left
+to choose reasonable defaults. These defaults are subject to change over time.
+The current default is an empty list.
 
 | `tolerations[]`
 | `object`
-| The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
+| The pod this Toleration is attached to tolerates any taint that matches
+the triple <key,value,effect> using the matching operator <operator>.
 
 |===
 === .spec.networkDiagnostics.sourcePlacement.tolerations
 Description::
 +
 --
-tolerations is a list of tolerations applied to network diagnostics components 
- When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is an empty list.
+tolerations is a list of tolerations applied to network diagnostics components
+
+When omitted, this means the user has no opinion and the platform is left
+to choose reasonable defaults. These defaults are subject to change over time.
+The current default is an empty list.
 --
 
 Type::
@@ -272,7 +334,8 @@ Type::
 Description::
 +
 --
-The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
+The pod this Toleration is attached to tolerates any taint that matches
+the triple <key,value,effect> using the matching operator <operator>.
 --
 
 Type::
@@ -287,31 +350,41 @@ Type::
 
 | `effect`
 | `string`
-| Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+| Effect indicates the taint effect to match. Empty means match all taint effects.
+When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
 
 | `key`
 | `string`
-| Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+| Key is the taint key that the toleration applies to. Empty means match all taint keys.
+If the key is empty, operator must be Exists; this combination means to match all values and all keys.
 
 | `operator`
 | `string`
-| Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
+| Operator represents a key's relationship to the value.
+Valid operators are Exists and Equal. Defaults to Equal.
+Exists is equivalent to wildcard for value, so that a pod can
+tolerate all taints of a particular category.
 
 | `tolerationSeconds`
 | `integer`
-| TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
+| TolerationSeconds represents the period of time the toleration (which must be
+of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+it is not set, which means tolerate the taint forever (do not evict). Zero and
+negative values will be treated as 0 (evict immediately) by the system.
 
 | `value`
 | `string`
-| Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
+| Value is the taint value the toleration matches to.
+If the operator is Exists, the value should be empty, otherwise just a regular string.
 
 |===
 === .spec.networkDiagnostics.targetPlacement
 Description::
 +
 --
-targetPlacement controls the scheduling of network diagnostics target daemonset 
- See NetworkDiagnosticsTargetPlacement for more details about default values.
+targetPlacement controls the scheduling of network diagnostics target daemonset
+
+See NetworkDiagnosticsTargetPlacement for more details about default values.
 --
 
 Type::
@@ -326,25 +399,35 @@ Type::
 
 | `nodeSelector`
 | `object (string)`
-| nodeSelector is the node selector applied to network diagnostics components 
- When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is `kubernetes.io/os: linux`.
+| nodeSelector is the node selector applied to network diagnostics components
+
+When omitted, this means the user has no opinion and the platform is left
+to choose reasonable defaults. These defaults are subject to change over time.
+The current default is `kubernetes.io/os: linux`.
 
 | `tolerations`
 | `array`
-| tolerations is a list of tolerations applied to network diagnostics components 
- When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is `- operator: "Exists"` which means that all taints are tolerated.
+| tolerations is a list of tolerations applied to network diagnostics components
+
+When omitted, this means the user has no opinion and the platform is left
+to choose reasonable defaults. These defaults are subject to change over time.
+The current default is `- operator: "Exists"` which means that all taints are tolerated.
 
 | `tolerations[]`
 | `object`
-| The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
+| The pod this Toleration is attached to tolerates any taint that matches
+the triple <key,value,effect> using the matching operator <operator>.
 
 |===
 === .spec.networkDiagnostics.targetPlacement.tolerations
 Description::
 +
 --
-tolerations is a list of tolerations applied to network diagnostics components 
- When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is `- operator: "Exists"` which means that all taints are tolerated.
+tolerations is a list of tolerations applied to network diagnostics components
+
+When omitted, this means the user has no opinion and the platform is left
+to choose reasonable defaults. These defaults are subject to change over time.
+The current default is `- operator: "Exists"` which means that all taints are tolerated.
 --
 
 Type::
@@ -357,7 +440,8 @@ Type::
 Description::
 +
 --
-The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
+The pod this Toleration is attached to tolerates any taint that matches
+the triple <key,value,effect> using the matching operator <operator>.
 --
 
 Type::
@@ -372,23 +456,32 @@ Type::
 
 | `effect`
 | `string`
-| Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+| Effect indicates the taint effect to match. Empty means match all taint effects.
+When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
 
 | `key`
 | `string`
-| Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+| Key is the taint key that the toleration applies to. Empty means match all taint keys.
+If the key is empty, operator must be Exists; this combination means to match all values and all keys.
 
 | `operator`
 | `string`
-| Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
+| Operator represents a key's relationship to the value.
+Valid operators are Exists and Equal. Defaults to Equal.
+Exists is equivalent to wildcard for value, so that a pod can
+tolerate all taints of a particular category.
 
 | `tolerationSeconds`
 | `integer`
-| TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
+| TolerationSeconds represents the period of time the toleration (which must be
+of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+it is not set, which means tolerate the taint forever (do not evict). Zero and
+negative values will be treated as 0 (evict immediately) by the system.
 
 | `value`
 | `string`
-| Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
+| Value is the taint value the toleration matches to.
+If the operator is Exists, the value should be empty, otherwise just a regular string.
 
 |===
 === .status
@@ -414,7 +507,8 @@ Type::
 
 | `clusterNetwork[]`
 | `object`
-| ClusterNetworkEntry is a contiguous block of IP addresses from which pod IPs are allocated.
+| ClusterNetworkEntry is a contiguous block of IP addresses from which pod IPs
+are allocated.
 
 | `clusterNetworkMTU`
 | `integer`
@@ -422,13 +516,12 @@ Type::
 
 | `conditions`
 | `array`
-| conditions represents the observations of a network.config current state. Known .status.conditions.type are: "NetworkDiagnosticsAvailable"
+| conditions represents the observations of a network.config current state.
+Known .status.conditions.type are: "NetworkDiagnosticsAvailable"
 
 | `conditions[]`
 | `object`
-| Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions.  For example, 
- type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` 
- // other fields }
+| Condition contains details for one aspect of the current state of this API Resource.
 
 | `migration`
 | `object`
@@ -440,7 +533,8 @@ Type::
 
 | `serviceNetwork`
 | `array (string)`
-| IP address pool for services. Currently, we only support a single entry here.
+| IP address pool for services.
+Currently, we only support a single entry here.
 
 |===
 === .status.clusterNetwork
@@ -460,7 +554,8 @@ Type::
 Description::
 +
 --
-ClusterNetworkEntry is a contiguous block of IP addresses from which pod IPs are allocated.
+ClusterNetworkEntry is a contiguous block of IP addresses from which pod IPs
+are allocated.
 --
 
 Type::
@@ -479,14 +574,16 @@ Type::
 
 | `hostPrefix`
 | `integer`
-| The size (prefix) of block to allocate to each node. If this field is not used by the plugin, it can be left unset.
+| The size (prefix) of block to allocate to each node. If this
+field is not used by the plugin, it can be left unset.
 
 |===
 === .status.conditions
 Description::
 +
 --
-conditions represents the observations of a network.config current state. Known .status.conditions.type are: "NetworkDiagnosticsAvailable"
+conditions represents the observations of a network.config current state.
+Known .status.conditions.type are: "NetworkDiagnosticsAvailable"
 --
 
 Type::
@@ -499,9 +596,7 @@ Type::
 Description::
 +
 --
-Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions.  For example, 
- type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` 
- // other fields }
+Condition contains details for one aspect of the current state of this API Resource.
 --
 
 Type::
@@ -522,19 +617,27 @@ Required::
 
 | `lastTransitionTime`
 | `string`
-| lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
+| lastTransitionTime is the last time the condition transitioned from one status to another.
+This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
 
 | `message`
 | `string`
-| message is a human readable message indicating details about the transition. This may be an empty string.
+| message is a human readable message indicating details about the transition.
+This may be an empty string.
 
 | `observedGeneration`
 | `integer`
-| observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
+| observedGeneration represents the .metadata.generation that the condition was set based upon.
+For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+with respect to the current state of the instance.
 
 | `reason`
 | `string`
-| reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
+| reason contains a programmatic identifier indicating the reason for the condition's last transition.
+Producers of specific condition types may define expected values and meanings for this field,
+and whether the values are considered a guaranteed API.
+The value should be a CamelCase string.
+This field may not be empty.
 
 | `status`
 | `string`
@@ -542,7 +645,7 @@ Required::
 
 | `type`
 | `string`
-| type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+| type of condition in CamelCase or in foo.example.com/CamelCase.
 
 |===
 === .status.migration
@@ -568,7 +671,9 @@ Type::
 
 | `networkType`
 | `string`
-| NetworkType is the target plugin that is being deployed. DEPRECATED: network type migration is no longer supported, so this should always be unset.
+| NetworkType is the target plugin that is being deployed.
+DEPRECATED: network type migration is no longer supported,
+so this should always be unset.
 
 |===
 === .status.migration.mtu
diff --git a/rest_api/config_apis/node-config-openshift-io-v1.adoc b/rest_api/config_apis/node-config-openshift-io-v1.adoc
index 8b6f357eee..8648e55e3b 100644
--- a/rest_api/config_apis/node-config-openshift-io-v1.adoc
+++ b/rest_api/config_apis/node-config-openshift-io-v1.adoc
@@ -11,8 +11,9 @@ toc::[]
 Description::
 +
 --
-Node holds cluster-wide information about node specific features. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+Node holds cluster-wide information about node specific features.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -72,7 +73,8 @@ Type::
 
 | `workerLatencyProfile`
 | `string`
-| WorkerLatencyProfile determins the how fast the kubelet is updating the status and corresponding reaction of the cluster
+| WorkerLatencyProfile determins the how fast the kubelet is updating
+the status and corresponding reaction of the cluster
 
 |===
 === .status
@@ -88,6 +90,88 @@ Type::
 
 
 
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `conditions`
+| `array`
+| conditions contain the details and the current state of the nodes.config object
+
+| `conditions[]`
+| `object`
+| Condition contains details for one aspect of the current state of this API Resource.
+
+|===
+=== .status.conditions
+Description::
++
+--
+conditions contain the details and the current state of the nodes.config object
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.conditions[]
+Description::
++
+--
+Condition contains details for one aspect of the current state of this API Resource.
+--
+
+Type::
+  `object`
+
+Required::
+  - `lastTransitionTime`
+  - `message`
+  - `reason`
+  - `status`
+  - `type`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `lastTransitionTime`
+| `string`
+| lastTransitionTime is the last time the condition transitioned from one status to another.
+This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
+
+| `message`
+| `string`
+| message is a human readable message indicating details about the transition.
+This may be an empty string.
+
+| `observedGeneration`
+| `integer`
+| observedGeneration represents the .metadata.generation that the condition was set based upon.
+For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+with respect to the current state of the instance.
+
+| `reason`
+| `string`
+| reason contains a programmatic identifier indicating the reason for the condition's last transition.
+Producers of specific condition types may define expected values and meanings for this field,
+and whether the values are considered a guaranteed API.
+The value should be a CamelCase string.
+This field may not be empty.
+
+| `status`
+| `string`
+| status of the condition, one of True, False, Unknown.
+
+| `type`
+| `string`
+| type of condition in CamelCase or in foo.example.com/CamelCase.
+
+|===
 
 == API endpoints
 
diff --git a/rest_api/config_apis/oauth-config-openshift-io-v1.adoc b/rest_api/config_apis/oauth-config-openshift-io-v1.adoc
index edd2d1e40d..11625e62ba 100644
--- a/rest_api/config_apis/oauth-config-openshift-io-v1.adoc
+++ b/rest_api/config_apis/oauth-config-openshift-io-v1.adoc
@@ -11,8 +11,11 @@ toc::[]
 Description::
 +
 --
-OAuth holds cluster-wide information about OAuth.  The canonical name is `cluster`. It is used to configure the integrated OAuth server. This configuration is only honored when the top level Authentication config has type set to IntegratedOAuth. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+OAuth holds cluster-wide information about OAuth.  The canonical name is `cluster`.
+It is used to configure the integrated OAuth server.
+This configuration is only honored when the top level Authentication config has type set to IntegratedOAuth.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -68,7 +71,8 @@ Type::
 
 | `identityProviders`
 | `array`
-| identityProviders is an ordered list of ways for a user to identify themselves. When this list is empty, no identities are provisioned for users.
+| identityProviders is an ordered list of ways for a user to identify themselves.
+When this list is empty, no identities are provisioned for users.
 
 | `identityProviders[]`
 | `object`
@@ -87,7 +91,8 @@ Type::
 Description::
 +
 --
-identityProviders is an ordered list of ways for a user to identify themselves. When this list is empty, no identities are provisioned for users.
+identityProviders is an ordered list of ways for a user to identify themselves.
+When this list is empty, no identities are provisioned for users.
 --
 
 Type::
@@ -143,11 +148,15 @@ Type::
 
 | `mappingMethod`
 | `string`
-| mappingMethod determines how identities from this provider are mapped to users Defaults to "claim"
+| mappingMethod determines how identities from this provider are mapped to users
+Defaults to "claim"
 
 | `name`
 | `string`
-| name is used to qualify the identities returned by this provider. - It MUST be unique and not shared by any other identity provider used - It MUST be a valid path segment: name cannot equal "." or ".." or contain "/" or "%" or ":" Ref: https://godoc.org/github.com/openshift/origin/pkg/user/apis/user/validation#ValidateIdentityProviderName
+| name is used to qualify the identities returned by this provider.
+- It MUST be unique and not shared by any other identity provider used
+- It MUST be a valid path segment: name cannot equal "." or ".." or contain "/" or "%" or ":"
+  Ref: https://godoc.org/github.com/openshift/origin/pkg/user/apis/user/validation#ValidateIdentityProviderName
 
 | `openID`
 | `object`
@@ -181,15 +190,31 @@ Type::
 
 | `ca`
 | `object`
-| ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key "ca.crt" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config.
+| ca is an optional reference to a config map by name containing the PEM-encoded CA bundle.
+It is used as a trust anchor to validate the TLS certificate presented by the remote server.
+The key "ca.crt" is used to locate the data.
+If specified and the config map or expected key is not found, the identity provider is not honored.
+If the specified ca data is not valid, the identity provider is not honored.
+If empty, the default system roots are used.
+The namespace for this config map is openshift-config.
 
 | `tlsClientCert`
 | `object`
-| tlsClientCert is an optional reference to a secret by name that contains the PEM-encoded TLS client certificate to present when connecting to the server. The key "tls.crt" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. If the specified certificate data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config.
+| tlsClientCert is an optional reference to a secret by name that contains the
+PEM-encoded TLS client certificate to present when connecting to the server.
+The key "tls.crt" is used to locate the data.
+If specified and the secret or expected key is not found, the identity provider is not honored.
+If the specified certificate data is not valid, the identity provider is not honored.
+The namespace for this secret is openshift-config.
 
 | `tlsClientKey`
 | `object`
-| tlsClientKey is an optional reference to a secret by name that contains the PEM-encoded TLS private key for the client certificate referenced in tlsClientCert. The key "tls.key" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. If the specified certificate data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config.
+| tlsClientKey is an optional reference to a secret by name that contains the
+PEM-encoded TLS private key for the client certificate referenced in tlsClientCert.
+The key "tls.key" is used to locate the data.
+If specified and the secret or expected key is not found, the identity provider is not honored.
+If the specified certificate data is not valid, the identity provider is not honored.
+The namespace for this secret is openshift-config.
 
 | `url`
 | `string`
@@ -200,7 +225,13 @@ Type::
 Description::
 +
 --
-ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key "ca.crt" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config.
+ca is an optional reference to a config map by name containing the PEM-encoded CA bundle.
+It is used as a trust anchor to validate the TLS certificate presented by the remote server.
+The key "ca.crt" is used to locate the data.
+If specified and the config map or expected key is not found, the identity provider is not honored.
+If the specified ca data is not valid, the identity provider is not honored.
+If empty, the default system roots are used.
+The namespace for this config map is openshift-config.
 --
 
 Type::
@@ -224,7 +255,12 @@ Required::
 Description::
 +
 --
-tlsClientCert is an optional reference to a secret by name that contains the PEM-encoded TLS client certificate to present when connecting to the server. The key "tls.crt" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. If the specified certificate data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config.
+tlsClientCert is an optional reference to a secret by name that contains the
+PEM-encoded TLS client certificate to present when connecting to the server.
+The key "tls.crt" is used to locate the data.
+If specified and the secret or expected key is not found, the identity provider is not honored.
+If the specified certificate data is not valid, the identity provider is not honored.
+The namespace for this secret is openshift-config.
 --
 
 Type::
@@ -248,7 +284,12 @@ Required::
 Description::
 +
 --
-tlsClientKey is an optional reference to a secret by name that contains the PEM-encoded TLS private key for the client certificate referenced in tlsClientCert. The key "tls.key" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. If the specified certificate data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config.
+tlsClientKey is an optional reference to a secret by name that contains the
+PEM-encoded TLS private key for the client certificate referenced in tlsClientCert.
+The key "tls.key" is used to locate the data.
+If specified and the secret or expected key is not found, the identity provider is not honored.
+If the specified certificate data is not valid, the identity provider is not honored.
+The namespace for this secret is openshift-config.
 --
 
 Type::
@@ -287,7 +328,14 @@ Type::
 
 | `ca`
 | `object`
-| ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key "ca.crt" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. This can only be configured when hostname is set to a non-empty value. The namespace for this config map is openshift-config.
+| ca is an optional reference to a config map by name containing the PEM-encoded CA bundle.
+It is used as a trust anchor to validate the TLS certificate presented by the remote server.
+The key "ca.crt" is used to locate the data.
+If specified and the config map or expected key is not found, the identity provider is not honored.
+If the specified ca data is not valid, the identity provider is not honored.
+If empty, the default system roots are used.
+This can only be configured when hostname is set to a non-empty value.
+The namespace for this config map is openshift-config.
 
 | `clientID`
 | `string`
@@ -295,11 +343,16 @@ Type::
 
 | `clientSecret`
 | `object`
-| clientSecret is a required reference to the secret by name containing the oauth client secret. The key "clientSecret" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config.
+| clientSecret is a required reference to the secret by name containing the oauth client secret.
+The key "clientSecret" is used to locate the data.
+If the secret or expected key is not found, the identity provider is not honored.
+The namespace for this secret is openshift-config.
 
 | `hostname`
 | `string`
-| hostname is the optional domain (e.g. "mycompany.com") for use with a hosted instance of GitHub Enterprise. It must match the GitHub Enterprise settings value configured at /setup/settings#hostname.
+| hostname is the optional domain (e.g. "mycompany.com") for use with a hosted instance of
+GitHub Enterprise.
+It must match the GitHub Enterprise settings value configured at /setup/settings#hostname.
 
 | `organizations`
 | `array (string)`
@@ -314,7 +367,14 @@ Type::
 Description::
 +
 --
-ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key "ca.crt" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. This can only be configured when hostname is set to a non-empty value. The namespace for this config map is openshift-config.
+ca is an optional reference to a config map by name containing the PEM-encoded CA bundle.
+It is used as a trust anchor to validate the TLS certificate presented by the remote server.
+The key "ca.crt" is used to locate the data.
+If specified and the config map or expected key is not found, the identity provider is not honored.
+If the specified ca data is not valid, the identity provider is not honored.
+If empty, the default system roots are used.
+This can only be configured when hostname is set to a non-empty value.
+The namespace for this config map is openshift-config.
 --
 
 Type::
@@ -338,7 +398,10 @@ Required::
 Description::
 +
 --
-clientSecret is a required reference to the secret by name containing the oauth client secret. The key "clientSecret" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config.
+clientSecret is a required reference to the secret by name containing the oauth client secret.
+The key "clientSecret" is used to locate the data.
+If the secret or expected key is not found, the identity provider is not honored.
+The namespace for this secret is openshift-config.
 --
 
 Type::
@@ -377,7 +440,13 @@ Type::
 
 | `ca`
 | `object`
-| ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key "ca.crt" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config.
+| ca is an optional reference to a config map by name containing the PEM-encoded CA bundle.
+It is used as a trust anchor to validate the TLS certificate presented by the remote server.
+The key "ca.crt" is used to locate the data.
+If specified and the config map or expected key is not found, the identity provider is not honored.
+If the specified ca data is not valid, the identity provider is not honored.
+If empty, the default system roots are used.
+The namespace for this config map is openshift-config.
 
 | `clientID`
 | `string`
@@ -385,7 +454,10 @@ Type::
 
 | `clientSecret`
 | `object`
-| clientSecret is a required reference to the secret by name containing the oauth client secret. The key "clientSecret" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config.
+| clientSecret is a required reference to the secret by name containing the oauth client secret.
+The key "clientSecret" is used to locate the data.
+If the secret or expected key is not found, the identity provider is not honored.
+The namespace for this secret is openshift-config.
 
 | `url`
 | `string`
@@ -396,7 +468,13 @@ Type::
 Description::
 +
 --
-ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key "ca.crt" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config.
+ca is an optional reference to a config map by name containing the PEM-encoded CA bundle.
+It is used as a trust anchor to validate the TLS certificate presented by the remote server.
+The key "ca.crt" is used to locate the data.
+If specified and the config map or expected key is not found, the identity provider is not honored.
+If the specified ca data is not valid, the identity provider is not honored.
+If empty, the default system roots are used.
+The namespace for this config map is openshift-config.
 --
 
 Type::
@@ -420,7 +498,10 @@ Required::
 Description::
 +
 --
-clientSecret is a required reference to the secret by name containing the oauth client secret. The key "clientSecret" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config.
+clientSecret is a required reference to the secret by name containing the oauth client secret.
+The key "clientSecret" is used to locate the data.
+If the secret or expected key is not found, the identity provider is not honored.
+The namespace for this secret is openshift-config.
 --
 
 Type::
@@ -463,7 +544,10 @@ Type::
 
 | `clientSecret`
 | `object`
-| clientSecret is a required reference to the secret by name containing the oauth client secret. The key "clientSecret" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config.
+| clientSecret is a required reference to the secret by name containing the oauth client secret.
+The key "clientSecret" is used to locate the data.
+If the secret or expected key is not found, the identity provider is not honored.
+The namespace for this secret is openshift-config.
 
 | `hostedDomain`
 | `string`
@@ -474,7 +558,10 @@ Type::
 Description::
 +
 --
-clientSecret is a required reference to the secret by name containing the oauth client secret. The key "clientSecret" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config.
+clientSecret is a required reference to the secret by name containing the oauth client secret.
+The key "clientSecret" is used to locate the data.
+If the secret or expected key is not found, the identity provider is not honored.
+The namespace for this secret is openshift-config.
 --
 
 Type::
@@ -513,14 +600,22 @@ Type::
 
 | `fileData`
 | `object`
-| fileData is a required reference to a secret by name containing the data to use as the htpasswd file. The key "htpasswd" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. If the specified htpasswd data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config.
+| fileData is a required reference to a secret by name containing the data to use as the htpasswd file.
+The key "htpasswd" is used to locate the data.
+If the secret or expected key is not found, the identity provider is not honored.
+If the specified htpasswd data is not valid, the identity provider is not honored.
+The namespace for this secret is openshift-config.
 
 |===
 === .spec.identityProviders[].htpasswd.fileData
 Description::
 +
 --
-fileData is a required reference to a secret by name containing the data to use as the htpasswd file. The key "htpasswd" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. If the specified htpasswd data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config.
+fileData is a required reference to a secret by name containing the data to use as the htpasswd file.
+The key "htpasswd" is used to locate the data.
+If the secret or expected key is not found, the identity provider is not honored.
+If the specified htpasswd data is not valid, the identity provider is not honored.
+The namespace for this secret is openshift-config.
 --
 
 Type::
@@ -559,7 +654,13 @@ Type::
 
 | `ca`
 | `object`
-| ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key "ca.crt" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config.
+| ca is an optional reference to a config map by name containing the PEM-encoded CA bundle.
+It is used as a trust anchor to validate the TLS certificate presented by the remote server.
+The key "ca.crt" is used to locate the data.
+If specified and the config map or expected key is not found, the identity provider is not honored.
+If the specified ca data is not valid, the identity provider is not honored.
+If empty, the default system roots are used.
+The namespace for this config map is openshift-config.
 
 | `domainName`
 | `string`
@@ -567,11 +668,21 @@ Type::
 
 | `tlsClientCert`
 | `object`
-| tlsClientCert is an optional reference to a secret by name that contains the PEM-encoded TLS client certificate to present when connecting to the server. The key "tls.crt" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. If the specified certificate data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config.
+| tlsClientCert is an optional reference to a secret by name that contains the
+PEM-encoded TLS client certificate to present when connecting to the server.
+The key "tls.crt" is used to locate the data.
+If specified and the secret or expected key is not found, the identity provider is not honored.
+If the specified certificate data is not valid, the identity provider is not honored.
+The namespace for this secret is openshift-config.
 
 | `tlsClientKey`
 | `object`
-| tlsClientKey is an optional reference to a secret by name that contains the PEM-encoded TLS private key for the client certificate referenced in tlsClientCert. The key "tls.key" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. If the specified certificate data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config.
+| tlsClientKey is an optional reference to a secret by name that contains the
+PEM-encoded TLS private key for the client certificate referenced in tlsClientCert.
+The key "tls.key" is used to locate the data.
+If specified and the secret or expected key is not found, the identity provider is not honored.
+If the specified certificate data is not valid, the identity provider is not honored.
+The namespace for this secret is openshift-config.
 
 | `url`
 | `string`
@@ -582,7 +693,13 @@ Type::
 Description::
 +
 --
-ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key "ca.crt" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config.
+ca is an optional reference to a config map by name containing the PEM-encoded CA bundle.
+It is used as a trust anchor to validate the TLS certificate presented by the remote server.
+The key "ca.crt" is used to locate the data.
+If specified and the config map or expected key is not found, the identity provider is not honored.
+If the specified ca data is not valid, the identity provider is not honored.
+If empty, the default system roots are used.
+The namespace for this config map is openshift-config.
 --
 
 Type::
@@ -606,7 +723,12 @@ Required::
 Description::
 +
 --
-tlsClientCert is an optional reference to a secret by name that contains the PEM-encoded TLS client certificate to present when connecting to the server. The key "tls.crt" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. If the specified certificate data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config.
+tlsClientCert is an optional reference to a secret by name that contains the
+PEM-encoded TLS client certificate to present when connecting to the server.
+The key "tls.crt" is used to locate the data.
+If specified and the secret or expected key is not found, the identity provider is not honored.
+If the specified certificate data is not valid, the identity provider is not honored.
+The namespace for this secret is openshift-config.
 --
 
 Type::
@@ -630,7 +752,12 @@ Required::
 Description::
 +
 --
-tlsClientKey is an optional reference to a secret by name that contains the PEM-encoded TLS private key for the client certificate referenced in tlsClientCert. The key "tls.key" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. If the specified certificate data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config.
+tlsClientKey is an optional reference to a secret by name that contains the
+PEM-encoded TLS private key for the client certificate referenced in tlsClientCert.
+The key "tls.key" is used to locate the data.
+If specified and the secret or expected key is not found, the identity provider is not honored.
+If the specified certificate data is not valid, the identity provider is not honored.
+The namespace for this secret is openshift-config.
 --
 
 Type::
@@ -677,19 +804,35 @@ Type::
 
 | `bindPassword`
 | `object`
-| bindPassword is an optional reference to a secret by name containing a password to bind with during the search phase. The key "bindPassword" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config.
+| bindPassword is an optional reference to a secret by name
+containing a password to bind with during the search phase.
+The key "bindPassword" is used to locate the data.
+If specified and the secret or expected key is not found, the identity provider is not honored.
+The namespace for this secret is openshift-config.
 
 | `ca`
 | `object`
-| ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key "ca.crt" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config.
+| ca is an optional reference to a config map by name containing the PEM-encoded CA bundle.
+It is used as a trust anchor to validate the TLS certificate presented by the remote server.
+The key "ca.crt" is used to locate the data.
+If specified and the config map or expected key is not found, the identity provider is not honored.
+If the specified ca data is not valid, the identity provider is not honored.
+If empty, the default system roots are used.
+The namespace for this config map is openshift-config.
 
 | `insecure`
 | `boolean`
-| insecure, if true, indicates the connection should not use TLS WARNING: Should not be set to `true` with the URL scheme "ldaps://" as "ldaps://" URLs always attempt to connect using TLS, even when `insecure` is set to `true` When `true`, "ldap://" URLS connect insecurely. When `false`, "ldap://" URLs are upgraded to a TLS connection using StartTLS as specified in https://tools.ietf.org/html/rfc2830.
+| insecure, if true, indicates the connection should not use TLS
+WARNING: Should not be set to `true` with the URL scheme "ldaps://" as "ldaps://" URLs always
+         attempt to connect using TLS, even when `insecure` is set to `true`
+When `true`, "ldap://" URLS connect insecurely. When `false`, "ldap://" URLs are upgraded to
+a TLS connection using StartTLS as specified in https://tools.ietf.org/html/rfc2830.
 
 | `url`
 | `string`
-| url is an RFC 2255 URL which specifies the LDAP search parameters to use. The syntax of the URL is: ldap://host:port/basedn?attribute?scope?filter
+| url is an RFC 2255 URL which specifies the LDAP search parameters to use.
+The syntax of the URL is:
+ldap://host:port/basedn?attribute?scope?filter
 
 |===
 === .spec.identityProviders[].ldap.attributes
@@ -711,26 +854,37 @@ Type::
 
 | `email`
 | `array (string)`
-| email is the list of attributes whose values should be used as the email address. Optional. If unspecified, no email is set for the identity
+| email is the list of attributes whose values should be used as the email address. Optional.
+If unspecified, no email is set for the identity
 
 | `id`
 | `array (string)`
-| id is the list of attributes whose values should be used as the user ID. Required. First non-empty attribute is used. At least one attribute is required. If none of the listed attribute have a value, authentication fails. LDAP standard identity attribute is "dn"
+| id is the list of attributes whose values should be used as the user ID. Required.
+First non-empty attribute is used. At least one attribute is required. If none of the listed
+attribute have a value, authentication fails.
+LDAP standard identity attribute is "dn"
 
 | `name`
 | `array (string)`
-| name is the list of attributes whose values should be used as the display name. Optional. If unspecified, no display name is set for the identity LDAP standard display name attribute is "cn"
+| name is the list of attributes whose values should be used as the display name. Optional.
+If unspecified, no display name is set for the identity
+LDAP standard display name attribute is "cn"
 
 | `preferredUsername`
 | `array (string)`
-| preferredUsername is the list of attributes whose values should be used as the preferred username. LDAP standard login attribute is "uid"
+| preferredUsername is the list of attributes whose values should be used as the preferred username.
+LDAP standard login attribute is "uid"
 
 |===
 === .spec.identityProviders[].ldap.bindPassword
 Description::
 +
 --
-bindPassword is an optional reference to a secret by name containing a password to bind with during the search phase. The key "bindPassword" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config.
+bindPassword is an optional reference to a secret by name
+containing a password to bind with during the search phase.
+The key "bindPassword" is used to locate the data.
+If specified and the secret or expected key is not found, the identity provider is not honored.
+The namespace for this secret is openshift-config.
 --
 
 Type::
@@ -754,7 +908,13 @@ Required::
 Description::
 +
 --
-ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key "ca.crt" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config.
+ca is an optional reference to a config map by name containing the PEM-encoded CA bundle.
+It is used as a trust anchor to validate the TLS certificate presented by the remote server.
+The key "ca.crt" is used to locate the data.
+If specified and the config map or expected key is not found, the identity provider is not honored.
+If the specified ca data is not valid, the identity provider is not honored.
+If empty, the default system roots are used.
+The namespace for this config map is openshift-config.
 --
 
 Type::
@@ -793,7 +953,13 @@ Type::
 
 | `ca`
 | `object`
-| ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key "ca.crt" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config.
+| ca is an optional reference to a config map by name containing the PEM-encoded CA bundle.
+It is used as a trust anchor to validate the TLS certificate presented by the remote server.
+The key "ca.crt" is used to locate the data.
+If specified and the config map or expected key is not found, the identity provider is not honored.
+If the specified ca data is not valid, the identity provider is not honored.
+If empty, the default system roots are used.
+The namespace for this config map is openshift-config.
 
 | `claims`
 | `object`
@@ -805,7 +971,10 @@ Type::
 
 | `clientSecret`
 | `object`
-| clientSecret is a required reference to the secret by name containing the oauth client secret. The key "clientSecret" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config.
+| clientSecret is a required reference to the secret by name containing the oauth client secret.
+The key "clientSecret" is used to locate the data.
+If the secret or expected key is not found, the identity provider is not honored.
+The namespace for this secret is openshift-config.
 
 | `extraAuthorizeParameters`
 | `object (string)`
@@ -817,14 +986,21 @@ Type::
 
 | `issuer`
 | `string`
-| issuer is the URL that the OpenID Provider asserts as its Issuer Identifier. It must use the https scheme with no query or fragment component.
+| issuer is the URL that the OpenID Provider asserts as its Issuer Identifier.
+It must use the https scheme with no query or fragment component.
 
 |===
 === .spec.identityProviders[].openID.ca
 Description::
 +
 --
-ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key "ca.crt" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config.
+ca is an optional reference to a config map by name containing the PEM-encoded CA bundle.
+It is used as a trust anchor to validate the TLS certificate presented by the remote server.
+The key "ca.crt" is used to locate the data.
+If specified and the config map or expected key is not found, the identity provider is not honored.
+If the specified ca data is not valid, the identity provider is not honored.
+If empty, the default system roots are used.
+The namespace for this config map is openshift-config.
 --
 
 Type::
@@ -863,26 +1039,34 @@ Type::
 
 | `email`
 | `array (string)`
-| email is the list of claims whose values should be used as the email address. Optional. If unspecified, no email is set for the identity
+| email is the list of claims whose values should be used as the email address. Optional.
+If unspecified, no email is set for the identity
 
 | `groups`
 | `array (string)`
-| groups is the list of claims value of which should be used to synchronize groups from the OIDC provider to OpenShift for the user. If multiple claims are specified, the first one with a non-empty value is used.
+| groups is the list of claims value of which should be used to synchronize groups
+from the OIDC provider to OpenShift for the user.
+If multiple claims are specified, the first one with a non-empty value is used.
 
 | `name`
 | `array (string)`
-| name is the list of claims whose values should be used as the display name. Optional. If unspecified, no display name is set for the identity
+| name is the list of claims whose values should be used as the display name. Optional.
+If unspecified, no display name is set for the identity
 
 | `preferredUsername`
 | `array (string)`
-| preferredUsername is the list of claims whose values should be used as the preferred username. If unspecified, the preferred username is determined from the value of the sub claim
+| preferredUsername is the list of claims whose values should be used as the preferred username.
+If unspecified, the preferred username is determined from the value of the sub claim
 
 |===
 === .spec.identityProviders[].openID.clientSecret
 Description::
 +
 --
-clientSecret is a required reference to the secret by name containing the oauth client secret. The key "clientSecret" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config.
+clientSecret is a required reference to the secret by name containing the oauth client secret.
+The key "clientSecret" is used to locate the data.
+If the secret or expected key is not found, the identity provider is not honored.
+The namespace for this secret is openshift-config.
 --
 
 Type::
@@ -921,15 +1105,29 @@ Type::
 
 | `ca`
 | `object`
-| ca is a required reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. Specifically, it allows verification of incoming requests to prevent header spoofing. The key "ca.crt" is used to locate the data. If the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. The namespace for this config map is openshift-config.
+| ca is a required reference to a config map by name containing the PEM-encoded CA bundle.
+It is used as a trust anchor to validate the TLS certificate presented by the remote server.
+Specifically, it allows verification of incoming requests to prevent header spoofing.
+The key "ca.crt" is used to locate the data.
+If the config map or expected key is not found, the identity provider is not honored.
+If the specified ca data is not valid, the identity provider is not honored.
+The namespace for this config map is openshift-config.
 
 | `challengeURL`
 | `string`
-| challengeURL is a URL to redirect unauthenticated /authorize requests to Unauthenticated requests from OAuth clients which expect WWW-Authenticate challenges will be redirected here. ${url} is replaced with the current URL, escaped to be safe in a query parameter https://www.example.com/sso-login?then=${url} ${query} is replaced with the current query string https://www.example.com/auth-proxy/oauth/authorize?${query} Required when challenge is set to true.
+| challengeURL is a URL to redirect unauthenticated /authorize requests to
+Unauthenticated requests from OAuth clients which expect WWW-Authenticate challenges will be
+redirected here.
+${url} is replaced with the current URL, escaped to be safe in a query parameter
+  https://www.example.com/sso-login?then=${url}
+${query} is replaced with the current query string
+  https://www.example.com/auth-proxy/oauth/authorize?${query}
+Required when challenge is set to true.
 
 | `clientCommonNames`
 | `array (string)`
-| clientCommonNames is an optional list of common names to require a match from. If empty, any client certificate validated against the clientCA bundle is considered authoritative.
+| clientCommonNames is an optional list of common names to require a match from. If empty, any
+client certificate validated against the clientCA bundle is considered authoritative.
 
 | `emailHeaders`
 | `array (string)`
@@ -941,7 +1139,13 @@ Type::
 
 | `loginURL`
 | `string`
-| loginURL is a URL to redirect unauthenticated /authorize requests to Unauthenticated requests from OAuth clients which expect interactive logins will be redirected here ${url} is replaced with the current URL, escaped to be safe in a query parameter https://www.example.com/sso-login?then=${url} ${query} is replaced with the current query string https://www.example.com/auth-proxy/oauth/authorize?${query} Required when login is set to true.
+| loginURL is a URL to redirect unauthenticated /authorize requests to
+Unauthenticated requests from OAuth clients which expect interactive logins will be redirected here
+${url} is replaced with the current URL, escaped to be safe in a query parameter
+  https://www.example.com/sso-login?then=${url}
+${query} is replaced with the current query string
+  https://www.example.com/auth-proxy/oauth/authorize?${query}
+Required when login is set to true.
 
 | `nameHeaders`
 | `array (string)`
@@ -956,7 +1160,13 @@ Type::
 Description::
 +
 --
-ca is a required reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. Specifically, it allows verification of incoming requests to prevent header spoofing. The key "ca.crt" is used to locate the data. If the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. The namespace for this config map is openshift-config.
+ca is a required reference to a config map by name containing the PEM-encoded CA bundle.
+It is used as a trust anchor to validate the TLS certificate presented by the remote server.
+Specifically, it allows verification of incoming requests to prevent header spoofing.
+The key "ca.crt" is used to locate the data.
+If the config map or expected key is not found, the identity provider is not honored.
+If the specified ca data is not valid, the identity provider is not honored.
+The namespace for this config map is openshift-config.
 --
 
 Type::
@@ -995,22 +1205,45 @@ Type::
 
 | `error`
 | `object`
-| error is the name of a secret that specifies a go template to use to render error pages during the authentication or grant flow. The key "errors.html" is used to locate the template data. If specified and the secret or expected key is not found, the default error page is used. If the specified template is not valid, the default error page is used. If unspecified, the default error page is used. The namespace for this secret is openshift-config.
+| error is the name of a secret that specifies a go template to use to render error pages
+during the authentication or grant flow.
+The key "errors.html" is used to locate the template data.
+If specified and the secret or expected key is not found, the default error page is used.
+If the specified template is not valid, the default error page is used.
+If unspecified, the default error page is used.
+The namespace for this secret is openshift-config.
 
 | `login`
 | `object`
-| login is the name of a secret that specifies a go template to use to render the login page. The key "login.html" is used to locate the template data. If specified and the secret or expected key is not found, the default login page is used. If the specified template is not valid, the default login page is used. If unspecified, the default login page is used. The namespace for this secret is openshift-config.
+| login is the name of a secret that specifies a go template to use to render the login page.
+The key "login.html" is used to locate the template data.
+If specified and the secret or expected key is not found, the default login page is used.
+If the specified template is not valid, the default login page is used.
+If unspecified, the default login page is used.
+The namespace for this secret is openshift-config.
 
 | `providerSelection`
 | `object`
-| providerSelection is the name of a secret that specifies a go template to use to render the provider selection page. The key "providers.html" is used to locate the template data. If specified and the secret or expected key is not found, the default provider selection page is used. If the specified template is not valid, the default provider selection page is used. If unspecified, the default provider selection page is used. The namespace for this secret is openshift-config.
+| providerSelection is the name of a secret that specifies a go template to use to render
+the provider selection page.
+The key "providers.html" is used to locate the template data.
+If specified and the secret or expected key is not found, the default provider selection page is used.
+If the specified template is not valid, the default provider selection page is used.
+If unspecified, the default provider selection page is used.
+The namespace for this secret is openshift-config.
 
 |===
 === .spec.templates.error
 Description::
 +
 --
-error is the name of a secret that specifies a go template to use to render error pages during the authentication or grant flow. The key "errors.html" is used to locate the template data. If specified and the secret or expected key is not found, the default error page is used. If the specified template is not valid, the default error page is used. If unspecified, the default error page is used. The namespace for this secret is openshift-config.
+error is the name of a secret that specifies a go template to use to render error pages
+during the authentication or grant flow.
+The key "errors.html" is used to locate the template data.
+If specified and the secret or expected key is not found, the default error page is used.
+If the specified template is not valid, the default error page is used.
+If unspecified, the default error page is used.
+The namespace for this secret is openshift-config.
 --
 
 Type::
@@ -1034,7 +1267,12 @@ Required::
 Description::
 +
 --
-login is the name of a secret that specifies a go template to use to render the login page. The key "login.html" is used to locate the template data. If specified and the secret or expected key is not found, the default login page is used. If the specified template is not valid, the default login page is used. If unspecified, the default login page is used. The namespace for this secret is openshift-config.
+login is the name of a secret that specifies a go template to use to render the login page.
+The key "login.html" is used to locate the template data.
+If specified and the secret or expected key is not found, the default login page is used.
+If the specified template is not valid, the default login page is used.
+If unspecified, the default login page is used.
+The namespace for this secret is openshift-config.
 --
 
 Type::
@@ -1058,7 +1296,13 @@ Required::
 Description::
 +
 --
-providerSelection is the name of a secret that specifies a go template to use to render the provider selection page. The key "providers.html" is used to locate the template data. If specified and the secret or expected key is not found, the default provider selection page is used. If the specified template is not valid, the default provider selection page is used. If unspecified, the default provider selection page is used. The namespace for this secret is openshift-config.
+providerSelection is the name of a secret that specifies a go template to use to render
+the provider selection page.
+The key "providers.html" is used to locate the template data.
+If specified and the secret or expected key is not found, the default provider selection page is used.
+If the specified template is not valid, the default provider selection page is used.
+If unspecified, the default provider selection page is used.
+The namespace for this secret is openshift-config.
 --
 
 Type::
@@ -1097,8 +1341,19 @@ Type::
 
 | `accessTokenInactivityTimeout`
 | `string`
-| accessTokenInactivityTimeout defines the token inactivity timeout for tokens granted by any client. The value represents the maximum amount of time that can occur between consecutive uses of the token. Tokens become invalid if they are not used within this temporal window. The user will need to acquire a new token to regain access once a token times out. Takes valid time duration string such as "5m", "1.5h" or "2h45m". The minimum allowed value for duration is 300s (5 minutes). If the timeout is configured per client, then that value takes precedence. If the timeout value is not specified and the client does not override the value, then tokens are valid until their lifetime. 
- WARNING: existing tokens' timeout will not be affected (lowered) by changing this value
+| accessTokenInactivityTimeout defines the token inactivity timeout
+for tokens granted by any client.
+The value represents the maximum amount of time that can occur between
+consecutive uses of the token. Tokens become invalid if they are not
+used within this temporal window. The user will need to acquire a new
+token to regain access once a token times out. Takes valid time
+duration string such as "5m", "1.5h" or "2h45m". The minimum allowed
+value for duration is 300s (5 minutes). If the timeout is configured
+per client, then that value takes precedence. If the timeout value is
+not specified and the client does not override the value, then tokens
+are valid until their lifetime.
+
+WARNING: existing tokens' timeout will not be affected (lowered) by changing this value
 
 | `accessTokenInactivityTimeoutSeconds`
 | `integer`
diff --git a/rest_api/config_apis/project-config-openshift-io-v1.adoc b/rest_api/config_apis/project-config-openshift-io-v1.adoc
index bfee925276..8f7a964b07 100644
--- a/rest_api/config_apis/project-config-openshift-io-v1.adoc
+++ b/rest_api/config_apis/project-config-openshift-io-v1.adoc
@@ -11,8 +11,9 @@ toc::[]
 Description::
 +
 --
-Project holds cluster-wide information about Project.  The canonical name is `cluster` 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+Project holds cluster-wide information about Project.  The canonical name is `cluster`
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -72,14 +73,18 @@ Type::
 
 | `projectRequestTemplate`
 | `object`
-| projectRequestTemplate is the template to use for creating projects in response to projectrequest. This must point to a template in 'openshift-config' namespace. It is optional. If it is not specified, a default template is used.
+| projectRequestTemplate is the template to use for creating projects in response to projectrequest.
+This must point to a template in 'openshift-config' namespace. It is optional.
+If it is not specified, a default template is used.
 
 |===
 === .spec.projectRequestTemplate
 Description::
 +
 --
-projectRequestTemplate is the template to use for creating projects in response to projectrequest. This must point to a template in 'openshift-config' namespace. It is optional. If it is not specified, a default template is used.
+projectRequestTemplate is the template to use for creating projects in response to projectrequest.
+This must point to a template in 'openshift-config' namespace. It is optional.
+If it is not specified, a default template is used.
 --
 
 Type::
diff --git a/rest_api/config_apis/projecthelmchartrepository-helm-openshift-io-v1beta1.adoc b/rest_api/config_apis/projecthelmchartrepository-helm-openshift-io-v1beta1.adoc
index 1720bbb7c4..97fc1bc2c4 100644
--- a/rest_api/config_apis/projecthelmchartrepository-helm-openshift-io-v1beta1.adoc
+++ b/rest_api/config_apis/projecthelmchartrepository-helm-openshift-io-v1beta1.adoc
@@ -11,8 +11,9 @@ toc::[]
 Description::
 +
 --
-ProjectHelmChartRepository holds namespace-wide configuration for proxied Helm chart repository 
- Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).
+ProjectHelmChartRepository holds namespace-wide configuration for proxied Helm chart repository
+
+Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -102,15 +103,27 @@ Type::
 
 | `basicAuthConfig`
 | `object`
-| basicAuthConfig is an optional reference to a secret by name that contains the basic authentication credentials to present when connecting to the server. The key "username" is used locate the username. The key "password" is used to locate the password. The namespace for this secret must be same as the namespace where the project helm chart repository is getting instantiated.
+| basicAuthConfig is an optional reference to a secret by name that contains
+the basic authentication credentials to present when connecting to the server.
+The key "username" is used locate the username.
+The key "password" is used to locate the password.
+The namespace for this secret must be same as the namespace where the project helm chart repository is getting instantiated.
 
 | `ca`
 | `object`
-| ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key "ca-bundle.crt" is used to locate the data. If empty, the default system roots are used. The namespace for this configmap must be same as the namespace where the project helm chart repository is getting instantiated.
+| ca is an optional reference to a config map by name containing the PEM-encoded CA bundle.
+It is used as a trust anchor to validate the TLS certificate presented by the remote server.
+The key "ca-bundle.crt" is used to locate the data.
+If empty, the default system roots are used.
+The namespace for this configmap must be same as the namespace where the project helm chart repository is getting instantiated.
 
 | `tlsClientConfig`
 | `object`
-| tlsClientConfig is an optional reference to a secret by name that contains the PEM-encoded TLS client certificate and private key to present when connecting to the server. The key "tls.crt" is used to locate the client certificate. The key "tls.key" is used to locate the private key. The namespace for this secret must be same as the namespace where the project helm chart repository is getting instantiated.
+| tlsClientConfig is an optional reference to a secret by name that contains the
+PEM-encoded TLS client certificate and private key to present when connecting to the server.
+The key "tls.crt" is used to locate the client certificate.
+The key "tls.key" is used to locate the private key.
+The namespace for this secret must be same as the namespace where the project helm chart repository is getting instantiated.
 
 | `url`
 | `string`
@@ -121,7 +134,11 @@ Type::
 Description::
 +
 --
-basicAuthConfig is an optional reference to a secret by name that contains the basic authentication credentials to present when connecting to the server. The key "username" is used locate the username. The key "password" is used to locate the password. The namespace for this secret must be same as the namespace where the project helm chart repository is getting instantiated.
+basicAuthConfig is an optional reference to a secret by name that contains
+the basic authentication credentials to present when connecting to the server.
+The key "username" is used locate the username.
+The key "password" is used to locate the password.
+The namespace for this secret must be same as the namespace where the project helm chart repository is getting instantiated.
 --
 
 Type::
@@ -145,7 +162,11 @@ Required::
 Description::
 +
 --
-ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key "ca-bundle.crt" is used to locate the data. If empty, the default system roots are used. The namespace for this configmap must be same as the namespace where the project helm chart repository is getting instantiated.
+ca is an optional reference to a config map by name containing the PEM-encoded CA bundle.
+It is used as a trust anchor to validate the TLS certificate presented by the remote server.
+The key "ca-bundle.crt" is used to locate the data.
+If empty, the default system roots are used.
+The namespace for this configmap must be same as the namespace where the project helm chart repository is getting instantiated.
 --
 
 Type::
@@ -169,7 +190,11 @@ Required::
 Description::
 +
 --
-tlsClientConfig is an optional reference to a secret by name that contains the PEM-encoded TLS client certificate and private key to present when connecting to the server. The key "tls.crt" is used to locate the client certificate. The key "tls.key" is used to locate the private key. The namespace for this secret must be same as the namespace where the project helm chart repository is getting instantiated.
+tlsClientConfig is an optional reference to a secret by name that contains the
+PEM-encoded TLS client certificate and private key to present when connecting to the server.
+The key "tls.crt" is used to locate the client certificate.
+The key "tls.key" is used to locate the private key.
+The namespace for this secret must be same as the namespace where the project helm chart repository is getting instantiated.
 --
 
 Type::
@@ -212,9 +237,7 @@ Type::
 
 | `conditions[]`
 | `object`
-| Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions.  For example, 
- type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` 
- // other fields }
+| Condition contains details for one aspect of the current state of this API Resource.
 
 |===
 === .status.conditions
@@ -234,9 +257,7 @@ Type::
 Description::
 +
 --
-Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions.  For example, 
- type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` 
- // other fields }
+Condition contains details for one aspect of the current state of this API Resource.
 --
 
 Type::
@@ -257,19 +278,27 @@ Required::
 
 | `lastTransitionTime`
 | `string`
-| lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
+| lastTransitionTime is the last time the condition transitioned from one status to another.
+This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
 
 | `message`
 | `string`
-| message is a human readable message indicating details about the transition. This may be an empty string.
+| message is a human readable message indicating details about the transition.
+This may be an empty string.
 
 | `observedGeneration`
 | `integer`
-| observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
+| observedGeneration represents the .metadata.generation that the condition was set based upon.
+For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+with respect to the current state of the instance.
 
 | `reason`
 | `string`
-| reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
+| reason contains a programmatic identifier indicating the reason for the condition's last transition.
+Producers of specific condition types may define expected values and meanings for this field,
+and whether the values are considered a guaranteed API.
+The value should be a CamelCase string.
+This field may not be empty.
 
 | `status`
 | `string`
@@ -277,7 +306,7 @@ Required::
 
 | `type`
 | `string`
-| type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+| type of condition in CamelCase or in foo.example.com/CamelCase.
 
 |===
 
diff --git a/rest_api/config_apis/proxy-config-openshift-io-v1.adoc b/rest_api/config_apis/proxy-config-openshift-io-v1.adoc
index 2b5444f929..657b403cbd 100644
--- a/rest_api/config_apis/proxy-config-openshift-io-v1.adoc
+++ b/rest_api/config_apis/proxy-config-openshift-io-v1.adoc
@@ -11,8 +11,9 @@ toc::[]
 Description::
 +
 --
-Proxy holds cluster-wide information on how to configure default proxies for the cluster. The canonical name is `cluster` 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+Proxy holds cluster-wide information on how to configure default proxies for the cluster. The canonical name is `cluster`
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -76,7 +77,8 @@ Type::
 
 | `noProxy`
 | `string`
-| noProxy is a comma-separated list of hostnames and/or CIDRs and/or IPs for which the proxy should not be used. Empty means unset and will not result in an env var.
+| noProxy is a comma-separated list of hostnames and/or CIDRs and/or IPs for which the proxy should not be used.
+Empty means unset and will not result in an env var.
 
 | `readinessEndpoints`
 | `array (string)`
@@ -84,18 +86,58 @@ Type::
 
 | `trustedCA`
 | `object`
-| trustedCA is a reference to a ConfigMap containing a CA certificate bundle. The trustedCA field should only be consumed by a proxy validator. The validator is responsible for reading the certificate bundle from the required key "ca-bundle.crt", merging it with the system default trust bundle, and writing the merged trust bundle to a ConfigMap named "trusted-ca-bundle" in the "openshift-config-managed" namespace. Clients that expect to make proxy connections must use the trusted-ca-bundle for all HTTPS requests to the proxy, and may use the trusted-ca-bundle for non-proxy HTTPS requests as well. 
- The namespace for the ConfigMap referenced by trustedCA is "openshift-config". Here is an example ConfigMap (in yaml): 
- apiVersion: v1 kind: ConfigMap metadata: name: user-ca-bundle namespace: openshift-config data: ca-bundle.crt: \| -----BEGIN CERTIFICATE----- Custom CA certificate bundle. -----END CERTIFICATE-----
+| trustedCA is a reference to a ConfigMap containing a CA certificate bundle.
+The trustedCA field should only be consumed by a proxy validator. The
+validator is responsible for reading the certificate bundle from the required
+key "ca-bundle.crt", merging it with the system default trust bundle,
+and writing the merged trust bundle to a ConfigMap named "trusted-ca-bundle"
+in the "openshift-config-managed" namespace. Clients that expect to make
+proxy connections must use the trusted-ca-bundle for all HTTPS requests to
+the proxy, and may use the trusted-ca-bundle for non-proxy HTTPS requests as
+well.
+
+The namespace for the ConfigMap referenced by trustedCA is
+"openshift-config". Here is an example ConfigMap (in yaml):
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: user-ca-bundle
+ namespace: openshift-config
+ data:
+   ca-bundle.crt: \|
+     -----BEGIN CERTIFICATE-----
+     Custom CA certificate bundle.
+     -----END CERTIFICATE-----
 
 |===
 === .spec.trustedCA
 Description::
 +
 --
-trustedCA is a reference to a ConfigMap containing a CA certificate bundle. The trustedCA field should only be consumed by a proxy validator. The validator is responsible for reading the certificate bundle from the required key "ca-bundle.crt", merging it with the system default trust bundle, and writing the merged trust bundle to a ConfigMap named "trusted-ca-bundle" in the "openshift-config-managed" namespace. Clients that expect to make proxy connections must use the trusted-ca-bundle for all HTTPS requests to the proxy, and may use the trusted-ca-bundle for non-proxy HTTPS requests as well. 
- The namespace for the ConfigMap referenced by trustedCA is "openshift-config". Here is an example ConfigMap (in yaml): 
- apiVersion: v1 kind: ConfigMap metadata: name: user-ca-bundle namespace: openshift-config data: ca-bundle.crt: \| -----BEGIN CERTIFICATE----- Custom CA certificate bundle. -----END CERTIFICATE-----
+trustedCA is a reference to a ConfigMap containing a CA certificate bundle.
+The trustedCA field should only be consumed by a proxy validator. The
+validator is responsible for reading the certificate bundle from the required
+key "ca-bundle.crt", merging it with the system default trust bundle,
+and writing the merged trust bundle to a ConfigMap named "trusted-ca-bundle"
+in the "openshift-config-managed" namespace. Clients that expect to make
+proxy connections must use the trusted-ca-bundle for all HTTPS requests to
+the proxy, and may use the trusted-ca-bundle for non-proxy HTTPS requests as
+well.
+
+The namespace for the ConfigMap referenced by trustedCA is
+"openshift-config". Here is an example ConfigMap (in yaml):
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: user-ca-bundle
+ namespace: openshift-config
+ data:
+   ca-bundle.crt: \|
+     -----BEGIN CERTIFICATE-----
+     Custom CA certificate bundle.
+     -----END CERTIFICATE-----
 --
 
 Type::
diff --git a/rest_api/config_apis/scheduler-config-openshift-io-v1.adoc b/rest_api/config_apis/scheduler-config-openshift-io-v1.adoc
index 0d555b9e72..7ce5407945 100644
--- a/rest_api/config_apis/scheduler-config-openshift-io-v1.adoc
+++ b/rest_api/config_apis/scheduler-config-openshift-io-v1.adoc
@@ -11,8 +11,10 @@ toc::[]
 Description::
 +
 --
-Scheduler holds cluster-wide config information to run the Kubernetes Scheduler and influence its placement decisions. The canonical name for this config is `cluster`. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+Scheduler holds cluster-wide config information to run the Kubernetes Scheduler
+and influence its placement decisions. The canonical name for this config is `cluster`.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -68,27 +70,64 @@ Type::
 
 | `defaultNodeSelector`
 | `string`
-| defaultNodeSelector helps set the cluster-wide default node selector to restrict pod placement to specific nodes. This is applied to the pods created in all namespaces and creates an intersection with any existing nodeSelectors already set on a pod, additionally constraining that pod's selector. For example, defaultNodeSelector: "type=user-node,region=east" would set nodeSelector field in pod spec to "type=user-node,region=east" to all pods created in all namespaces. Namespaces having project-wide node selectors won't be impacted even if this field is set. This adds an annotation section to the namespace. For example, if a new namespace is created with node-selector='type=user-node,region=east', the annotation openshift.io/node-selector: type=user-node,region=east gets added to the project. When the openshift.io/node-selector annotation is set on the project the value is used in preference to the value we are setting for defaultNodeSelector field. For instance, openshift.io/node-selector: "type=user-node,region=west" means that the default of "type=user-node,region=east" set in defaultNodeSelector would not be applied.
+| defaultNodeSelector helps set the cluster-wide default node selector to
+restrict pod placement to specific nodes. This is applied to the pods
+created in all namespaces and creates an intersection with any existing
+nodeSelectors already set on a pod, additionally constraining that pod's selector.
+For example,
+defaultNodeSelector: "type=user-node,region=east" would set nodeSelector
+field in pod spec to "type=user-node,region=east" to all pods created
+in all namespaces. Namespaces having project-wide node selectors won't be
+impacted even if this field is set. This adds an annotation section to
+the namespace.
+For example, if a new namespace is created with
+node-selector='type=user-node,region=east',
+the annotation openshift.io/node-selector: type=user-node,region=east
+gets added to the project. When the openshift.io/node-selector annotation
+is set on the project the value is used in preference to the value we are setting
+for defaultNodeSelector field.
+For instance,
+openshift.io/node-selector: "type=user-node,region=west" means
+that the default of "type=user-node,region=east" set in defaultNodeSelector
+would not be applied.
 
 | `mastersSchedulable`
 | `boolean`
-| MastersSchedulable allows masters nodes to be schedulable. When this flag is turned on, all the master nodes in the cluster will be made schedulable, so that workload pods can run on them. The default value for this field is false, meaning none of the master nodes are schedulable. Important Note: Once the workload pods start running on the master nodes, extreme care must be taken to ensure that cluster-critical control plane components are not impacted. Please turn on this field after doing due diligence.
+| MastersSchedulable allows masters nodes to be schedulable. When this flag is
+turned on, all the master nodes in the cluster will be made schedulable,
+so that workload pods can run on them. The default value for this field is false,
+meaning none of the master nodes are schedulable.
+Important Note: Once the workload pods start running on the master nodes,
+extreme care must be taken to ensure that cluster-critical control plane components
+are not impacted.
+Please turn on this field after doing due diligence.
 
 | `policy`
 | `object`
-| DEPRECATED: the scheduler Policy API has been deprecated and will be removed in a future release. policy is a reference to a ConfigMap containing scheduler policy which has user specified predicates and priorities. If this ConfigMap is not available scheduler will default to use DefaultAlgorithmProvider. The namespace for this configmap is openshift-config.
+| DEPRECATED: the scheduler Policy API has been deprecated and will be removed in a future release.
+policy is a reference to a ConfigMap containing scheduler policy which has
+user specified predicates and priorities. If this ConfigMap is not available
+scheduler will default to use DefaultAlgorithmProvider.
+The namespace for this configmap is openshift-config.
 
 | `profile`
 | `string`
-| profile sets which scheduling profile should be set in order to configure scheduling decisions for new pods. 
- Valid values are "LowNodeUtilization", "HighNodeUtilization", "NoScoring" Defaults to "LowNodeUtilization"
+| profile sets which scheduling profile should be set in order to configure scheduling
+decisions for new pods.
+
+Valid values are "LowNodeUtilization", "HighNodeUtilization", "NoScoring"
+Defaults to "LowNodeUtilization"
 
 |===
 === .spec.policy
 Description::
 +
 --
-DEPRECATED: the scheduler Policy API has been deprecated and will be removed in a future release. policy is a reference to a ConfigMap containing scheduler policy which has user specified predicates and priorities. If this ConfigMap is not available scheduler will default to use DefaultAlgorithmProvider. The namespace for this configmap is openshift-config.
+DEPRECATED: the scheduler Policy API has been deprecated and will be removed in a future release.
+policy is a reference to a ConfigMap containing scheduler policy which has
+user specified predicates and priorities. If this ConfigMap is not available
+scheduler will default to use DefaultAlgorithmProvider.
+The namespace for this configmap is openshift-config.
 --
 
 Type::
diff --git a/rest_api/console_apis/console-apis-index.adoc b/rest_api/console_apis/console-apis-index.adoc
index 6e8aacc941..b6f381daed 100644
--- a/rest_api/console_apis/console-apis-index.adoc
+++ b/rest_api/console_apis/console-apis-index.adoc
@@ -12,8 +12,9 @@ toc::[]
 Description::
 +
 --
-ConsoleCLIDownload is an extension for configuring openshift web console command line interface (CLI) downloads. 
- Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).
+ConsoleCLIDownload is an extension for configuring openshift web console command line interface (CLI) downloads.
+
+Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -24,8 +25,9 @@ Type::
 Description::
 +
 --
-ConsoleExternalLogLink is an extension for customizing OpenShift web console log links. 
- Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).
+ConsoleExternalLogLink is an extension for customizing OpenShift web console log links.
+
+Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -36,8 +38,9 @@ Type::
 Description::
 +
 --
-ConsoleLink is an extension for customizing OpenShift web console links. 
- Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).
+ConsoleLink is an extension for customizing OpenShift web console links.
+
+Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -48,8 +51,9 @@ Type::
 Description::
 +
 --
-ConsoleNotification is the extension for configuring openshift web console notifications. 
- Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).
+ConsoleNotification is the extension for configuring openshift web console notifications.
+
+Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -60,8 +64,10 @@ Type::
 Description::
 +
 --
-ConsolePlugin is an extension for customizing OpenShift web console by dynamically loading code from another service running on the cluster. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ConsolePlugin is an extension for customizing OpenShift web console by
+dynamically loading code from another service running on the cluster.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -72,8 +78,10 @@ Type::
 Description::
 +
 --
-ConsoleQuickStart is an extension for guiding user through various workflows in the OpenShift web console. 
- Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).
+ConsoleQuickStart is an extension for guiding user through various
+workflows in the OpenShift web console.
+
+Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -84,8 +92,9 @@ Type::
 Description::
 +
 --
-ConsoleSample is an extension to customizing OpenShift web console by adding samples. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ConsoleSample is an extension to customizing OpenShift web console by adding samples.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -96,8 +105,9 @@ Type::
 Description::
 +
 --
-ConsoleYAMLSample is an extension for customizing OpenShift web console YAML samples. 
- Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).
+ConsoleYAMLSample is an extension for customizing OpenShift web console YAML samples.
+
+Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).
 --
 
 Type::
diff --git a/rest_api/console_apis/consoleclidownload-console-openshift-io-v1.adoc b/rest_api/console_apis/consoleclidownload-console-openshift-io-v1.adoc
index 5cdb373f3a..22d57e18ed 100644
--- a/rest_api/console_apis/consoleclidownload-console-openshift-io-v1.adoc
+++ b/rest_api/console_apis/consoleclidownload-console-openshift-io-v1.adoc
@@ -11,8 +11,9 @@ toc::[]
 Description::
 +
 --
-ConsoleCLIDownload is an extension for configuring openshift web console command line interface (CLI) downloads. 
- Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).
+ConsoleCLIDownload is an extension for configuring openshift web console command line interface (CLI) downloads.
+
+Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).
 --
 
 Type::
diff --git a/rest_api/console_apis/consoleexternalloglink-console-openshift-io-v1.adoc b/rest_api/console_apis/consoleexternalloglink-console-openshift-io-v1.adoc
index a6cf82f84c..403408adfb 100644
--- a/rest_api/console_apis/consoleexternalloglink-console-openshift-io-v1.adoc
+++ b/rest_api/console_apis/consoleexternalloglink-console-openshift-io-v1.adoc
@@ -11,8 +11,9 @@ toc::[]
 Description::
 +
 --
-ConsoleExternalLogLink is an extension for customizing OpenShift web console log links. 
- Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).
+ConsoleExternalLogLink is an extension for customizing OpenShift web console log links.
+
+Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -42,14 +43,16 @@ Required::
 
 | `spec`
 | `object`
-| ConsoleExternalLogLinkSpec is the desired log link configuration. The log link will appear on the logs tab of the pod details page.
+| ConsoleExternalLogLinkSpec is the desired log link configuration.
+The log link will appear on the logs tab of the pod details page.
 
 |===
 === .spec
 Description::
 +
 --
-ConsoleExternalLogLinkSpec is the desired log link configuration. The log link will appear on the logs tab of the pod details page.
+ConsoleExternalLogLinkSpec is the desired log link configuration.
+The log link will appear on the logs tab of the pod details page.
 --
 
 Type::
@@ -67,12 +70,28 @@ Required::
 
 | `hrefTemplate`
 | `string`
-| hrefTemplate is an absolute secure URL (must use https) for the log link including variables to be replaced. Variables are specified in the URL with the format ${variableName}, for instance, ${containerName} and will be replaced with the corresponding values from the resource. Resource is a pod. Supported variables are: - ${resourceName} - name of the resource which containes the logs - ${resourceUID} - UID of the resource which contains the logs - e.g. `11111111-2222-3333-4444-555555555555` - ${containerName} - name of the resource's container that contains the logs - ${resourceNamespace} - namespace of the resource that contains the logs - ${resourceNamespaceUID} - namespace UID of the resource that contains the logs - ${podLabels} - JSON representation of labels matching the pod with the logs - e.g. `{"key1":"value1","key2":"value2"}` 
- e.g., https://example.com/logs?resourceName=${resourceName}&containerName=${containerName}&resourceNamespace=${resourceNamespace}&podLabels=${podLabels}
+| hrefTemplate is an absolute secure URL (must use https) for the log link including
+variables to be replaced. Variables are specified in the URL with the format ${variableName},
+for instance, ${containerName} and will be replaced with the corresponding values
+from the resource. Resource is a pod.
+Supported variables are:
+- ${resourceName} - name of the resource which containes the logs
+- ${resourceUID} - UID of the resource which contains the logs
+              - e.g. `11111111-2222-3333-4444-555555555555`
+- ${containerName} - name of the resource's container that contains the logs
+- ${resourceNamespace} - namespace of the resource that contains the logs
+- ${resourceNamespaceUID} - namespace UID of the resource that contains the logs
+- ${podLabels} - JSON representation of labels matching the pod with the logs
+            - e.g. `{"key1":"value1","key2":"value2"}`
+
+e.g., https://example.com/logs?resourceName=${resourceName}&containerName=${containerName}&resourceNamespace=${resourceNamespace}&podLabels=${podLabels}
 
 | `namespaceFilter`
 | `string`
-| namespaceFilter is a regular expression used to restrict a log link to a matching set of namespaces (e.g., `^openshift-`). The string is converted into a regular expression using the JavaScript RegExp constructor. If not specified, links will be displayed for all the namespaces.
+| namespaceFilter is a regular expression used to restrict a log link to a
+matching set of namespaces (e.g., `^openshift-`). The string is converted
+into a regular expression using the JavaScript RegExp constructor.
+If not specified, links will be displayed for all the namespaces.
 
 | `text`
 | `string`
diff --git a/rest_api/console_apis/consolelink-console-openshift-io-v1.adoc b/rest_api/console_apis/consolelink-console-openshift-io-v1.adoc
index 13bd236e5a..ede9216226 100644
--- a/rest_api/console_apis/consolelink-console-openshift-io-v1.adoc
+++ b/rest_api/console_apis/consolelink-console-openshift-io-v1.adoc
@@ -11,8 +11,9 @@ toc::[]
 Description::
 +
 --
-ConsoleLink is an extension for customizing OpenShift web console links. 
- Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).
+ConsoleLink is an extension for customizing OpenShift web console links.
+
+Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -68,7 +69,8 @@ Required::
 
 | `applicationMenu`
 | `object`
-| applicationMenu holds information about section and icon used for the link in the application menu, and it is applicable only when location is set to ApplicationMenu.
+| applicationMenu holds information about section and icon used for the link in the
+application menu, and it is applicable only when location is set to ApplicationMenu.
 
 | `href`
 | `string`
@@ -80,7 +82,9 @@ Required::
 
 | `namespaceDashboard`
 | `object`
-| namespaceDashboard holds information about namespaces in which the dashboard link should appear, and it is applicable only when location is set to NamespaceDashboard. If not specified, the link will appear in all namespaces.
+| namespaceDashboard holds information about namespaces in which the dashboard link should
+appear, and it is applicable only when location is set to NamespaceDashboard.
+If not specified, the link will appear in all namespaces.
 
 | `text`
 | `string`
@@ -91,7 +95,8 @@ Required::
 Description::
 +
 --
-applicationMenu holds information about section and icon used for the link in the application menu, and it is applicable only when location is set to ApplicationMenu.
+applicationMenu holds information about section and icon used for the link in the
+application menu, and it is applicable only when location is set to ApplicationMenu.
 --
 
 Type::
@@ -108,18 +113,23 @@ Required::
 
 | `imageURL`
 | `string`
-| imageUrl is the URL for the icon used in front of the link in the application menu. The URL must be an HTTPS URL or a Data URI. The image should be square and will be shown at 24x24 pixels.
+| imageUrl is the URL for the icon used in front of the link in the application menu.
+The URL must be an HTTPS URL or a Data URI. The image should be square and will be shown at 24x24 pixels.
 
 | `section`
 | `string`
-| section is the section of the application menu in which the link should appear. This can be any text that will appear as a subheading in the application menu dropdown. A new section will be created if the text does not match text of an existing section.
+| section is the section of the application menu in which the link should appear.
+This can be any text that will appear as a subheading in the application menu dropdown.
+A new section will be created if the text does not match text of an existing section.
 
 |===
 === .spec.namespaceDashboard
 Description::
 +
 --
-namespaceDashboard holds information about namespaces in which the dashboard link should appear, and it is applicable only when location is set to NamespaceDashboard. If not specified, the link will appear in all namespaces.
+namespaceDashboard holds information about namespaces in which the dashboard link should
+appear, and it is applicable only when location is set to NamespaceDashboard.
+If not specified, the link will appear in all namespaces.
 --
 
 Type::
@@ -134,7 +144,8 @@ Type::
 
 | `namespaceSelector`
 | `object`
-| namespaceSelector is used to select the Namespaces that should contain dashboard link by label. If the namespace labels match, dashboard link will be shown for the namespaces.
+| namespaceSelector is used to select the Namespaces that should contain dashboard link by label.
+If the namespace labels match, dashboard link will be shown for the namespaces.
 
 | `namespaces`
 | `array (string)`
@@ -145,7 +156,8 @@ Type::
 Description::
 +
 --
-namespaceSelector is used to select the Namespaces that should contain dashboard link by label. If the namespace labels match, dashboard link will be shown for the namespaces.
+namespaceSelector is used to select the Namespaces that should contain dashboard link by label.
+If the namespace labels match, dashboard link will be shown for the namespaces.
 --
 
 Type::
@@ -164,11 +176,14 @@ Type::
 
 | `matchExpressions[]`
 | `object`
-| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+| A label selector requirement is a selector that contains values, a key, and an operator that
+relates the key and values.
 
 | `matchLabels`
 | `object (string)`
-| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+map is equivalent to an element of matchExpressions, whose key field is "key", the
+operator is "In", and the values array contains only "value". The requirements are ANDed.
 
 |===
 === .spec.namespaceDashboard.namespaceSelector.matchExpressions
@@ -188,7 +203,8 @@ Type::
 Description::
 +
 --
-A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+A label selector requirement is a selector that contains values, a key, and an operator that
+relates the key and values.
 --
 
 Type::
@@ -210,11 +226,15 @@ Required::
 
 | `operator`
 | `string`
-| operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+| operator represents a key's relationship to a set of values.
+Valid operators are In, NotIn, Exists and DoesNotExist.
 
 | `values`
 | `array (string)`
-| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+| values is an array of string values. If the operator is In or NotIn,
+the values array must be non-empty. If the operator is Exists or DoesNotExist,
+the values array must be empty. This array is replaced during a strategic
+merge patch.
 
 |===
 
diff --git a/rest_api/console_apis/consolenotification-console-openshift-io-v1.adoc b/rest_api/console_apis/consolenotification-console-openshift-io-v1.adoc
index 1d8bce0c7e..5cce9acd88 100644
--- a/rest_api/console_apis/consolenotification-console-openshift-io-v1.adoc
+++ b/rest_api/console_apis/consolenotification-console-openshift-io-v1.adoc
@@ -11,8 +11,9 @@ toc::[]
 Description::
 +
 --
-ConsoleNotification is the extension for configuring openshift web console notifications. 
- Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).
+ConsoleNotification is the extension for configuring openshift web console notifications.
+
+Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -78,7 +79,8 @@ Required::
 
 | `location`
 | `string`
-| location is the location of the notification in the console. Valid values are: "BannerTop", "BannerBottom", "BannerTopBottom".
+| location is the location of the notification in the console.
+Valid values are: "BannerTop", "BannerBottom", "BannerTopBottom".
 
 | `text`
 | `string`
diff --git a/rest_api/console_apis/consoleplugin-console-openshift-io-v1.adoc b/rest_api/console_apis/consoleplugin-console-openshift-io-v1.adoc
index 40ed2180b2..221e01ad58 100644
--- a/rest_api/console_apis/consoleplugin-console-openshift-io-v1.adoc
+++ b/rest_api/console_apis/consoleplugin-console-openshift-io-v1.adoc
@@ -11,8 +11,10 @@ toc::[]
 Description::
 +
 --
-ConsolePlugin is an extension for customizing OpenShift web console by dynamically loading code from another service running on the cluster. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ConsolePlugin is an extension for customizing OpenShift web console by
+dynamically loading code from another service running on the cluster.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -72,7 +74,8 @@ Required::
 
 | `displayName`
 | `string`
-| displayName is the display name of the plugin. The dispalyName should be between 1 and 128 characters.
+| displayName is the display name of the plugin.
+The dispalyName should be between 1 and 128 characters.
 
 | `i18n`
 | `object`
@@ -80,11 +83,13 @@ Required::
 
 | `proxy`
 | `array`
-| proxy is a list of proxies that describe various service type to which the plugin needs to connect to.
+| proxy is a list of proxies that describe various service type
+to which the plugin needs to connect to.
 
 | `proxy[]`
 | `object`
-| ConsolePluginProxy holds information on various service types to which console's backend will proxy the plugin's requests.
+| ConsolePluginProxy holds information on various service types
+to which console's backend will proxy the plugin's requests.
 
 |===
 === .spec.backend
@@ -108,19 +113,25 @@ Required::
 
 | `service`
 | `object`
-| service is a Kubernetes Service that exposes the plugin using a deployment with an HTTP server. The Service must use HTTPS and Service serving certificate. The console backend will proxy the plugins assets from the Service using the service CA bundle.
+| service is a Kubernetes Service that exposes the plugin using a
+deployment with an HTTP server. The Service must use HTTPS and
+Service serving certificate. The console backend will proxy the
+plugins assets from the Service using the service CA bundle.
 
 | `type`
 | `string`
-| type is the backend type which servers the console's plugin. Currently only "Service" is supported. 
- ---
+| type is the backend type which servers the console's plugin. Currently only "Service" is supported.
+
 
 |===
 === .spec.backend.service
 Description::
 +
 --
-service is a Kubernetes Service that exposes the plugin using a deployment with an HTTP server. The Service must use HTTPS and Service serving certificate. The console backend will proxy the plugins assets from the Service using the service CA bundle.
+service is a Kubernetes Service that exposes the plugin using a
+deployment with an HTTP server. The Service must use HTTPS and
+Service serving certificate. The console backend will proxy the
+plugins assets from the Service using the service CA bundle.
 --
 
 Type::
@@ -139,7 +150,9 @@ Required::
 
 | `basePath`
 | `string`
-| basePath is the path to the plugin's assets. The primary asset it the manifest file called `plugin-manifest.json`, which is a JSON document that contains metadata about the plugin and the extensions.
+| basePath is the path to the plugin's assets. The primary asset it the
+manifest file called `plugin-manifest.json`, which is a JSON document
+that contains metadata about the plugin and the extensions.
 
 | `name`
 | `string`
@@ -175,14 +188,19 @@ Required::
 
 | `loadType`
 | `string`
-| loadType indicates how the plugin's localization resource should be loaded. Valid values are Preload, Lazy and the empty string. When set to Preload, all localization resources are fetched when the plugin is loaded. When set to Lazy, localization resources are lazily loaded as and when they are required by the console. When omitted or set to the empty string, the behaviour is equivalent to Lazy type.
+| loadType indicates how the plugin's localization resource should be loaded.
+Valid values are Preload, Lazy and the empty string.
+When set to Preload, all localization resources are fetched when the plugin is loaded.
+When set to Lazy, localization resources are lazily loaded as and when they are required by the console.
+When omitted or set to the empty string, the behaviour is equivalent to Lazy type.
 
 |===
 === .spec.proxy
 Description::
 +
 --
-proxy is a list of proxies that describe various service type to which the plugin needs to connect to.
+proxy is a list of proxies that describe various service type
+to which the plugin needs to connect to.
 --
 
 Type::
@@ -195,7 +213,8 @@ Type::
 Description::
 +
 --
-ConsolePluginProxy holds information on various service types to which console's backend will proxy the plugin's requests.
+ConsolePluginProxy holds information on various service types
+to which console's backend will proxy the plugin's requests.
 --
 
 Type::
@@ -213,18 +232,26 @@ Required::
 
 | `alias`
 | `string`
-| alias is a proxy name that identifies the plugin's proxy. An alias name should be unique per plugin. The console backend exposes following proxy endpoint: 
- /api/proxy/plugin/<plugin-name>/<proxy-alias>/<request-path>?<optional-query-parameters> 
- Request example path: 
- /api/proxy/plugin/acm/search/pods?namespace=openshift-apiserver
+| alias is a proxy name that identifies the plugin's proxy. An alias name
+should be unique per plugin. The console backend exposes following
+proxy endpoint:
+
+/api/proxy/plugin/<plugin-name>/<proxy-alias>/<request-path>?<optional-query-parameters>
+
+Request example path:
+
+/api/proxy/plugin/acm/search/pods?namespace=openshift-apiserver
 
 | `authorization`
 | `string`
-| authorization provides information about authorization type, which the proxied request should contain
+| authorization provides information about authorization type,
+which the proxied request should contain
 
 | `caCertificate`
 | `string`
-| caCertificate provides the cert authority certificate contents, in case the proxied Service is using custom service CA. By default, the service CA bundle provided by the service-ca operator is used.
+| caCertificate provides the cert authority certificate contents,
+in case the proxied Service is using custom service CA.
+By default, the service CA bundle provided by the service-ca operator is used.
 
 | `endpoint`
 | `object`
@@ -252,19 +279,27 @@ Required::
 
 | `service`
 | `object`
-| service is an in-cluster Service that the plugin will connect to. The Service must use HTTPS. The console backend exposes an endpoint in order to proxy communication between the plugin and the Service. Note: service field is required for now, since currently only "Service" type is supported.
+| service is an in-cluster Service that the plugin will connect to.
+The Service must use HTTPS. The console backend exposes an endpoint
+in order to proxy communication between the plugin and the Service.
+Note: service field is required for now, since currently only "Service"
+type is supported.
 
 | `type`
 | `string`
-| type is the type of the console plugin's proxy. Currently only "Service" is supported. 
- ---
+| type is the type of the console plugin's proxy. Currently only "Service" is supported.
+
 
 |===
 === .spec.proxy[].endpoint.service
 Description::
 +
 --
-service is an in-cluster Service that the plugin will connect to. The Service must use HTTPS. The console backend exposes an endpoint in order to proxy communication between the plugin and the Service. Note: service field is required for now, since currently only "Service" type is supported.
+service is an in-cluster Service that the plugin will connect to.
+The Service must use HTTPS. The console backend exposes an endpoint
+in order to proxy communication between the plugin and the Service.
+Note: service field is required for now, since currently only "Service"
+type is supported.
 --
 
 Type::
@@ -291,7 +326,8 @@ Required::
 
 | `port`
 | `integer`
-| port on which the Service that the plugin needs to connect to is listening on.
+| port on which the Service that the plugin needs to connect to
+is listening on.
 
 |===
 
diff --git a/rest_api/console_apis/consolequickstart-console-openshift-io-v1.adoc b/rest_api/console_apis/consolequickstart-console-openshift-io-v1.adoc
index 5486c9379b..6a20099186 100644
--- a/rest_api/console_apis/consolequickstart-console-openshift-io-v1.adoc
+++ b/rest_api/console_apis/consolequickstart-console-openshift-io-v1.adoc
@@ -11,8 +11,10 @@ toc::[]
 Description::
 +
 --
-ConsoleQuickStart is an extension for guiding user through various workflows in the OpenShift web console. 
- Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).
+ConsoleQuickStart is an extension for guiding user through various
+workflows in the OpenShift web console.
+
+Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -70,7 +72,9 @@ Required::
 
 | `accessReviewResources`
 | `array`
-| accessReviewResources contains a list of resources that the user's access will be reviewed against in order for the user to complete the Quick Start. The Quick Start will be hidden if any of the access reviews fail.
+| accessReviewResources contains a list of resources that the user's access
+will be reviewed against in order for the user to complete the Quick Start.
+The Quick Start will be hidden if any of the access reviews fail.
 
 | `accessReviewResources[]`
 | `object`
@@ -94,7 +98,8 @@ Required::
 
 | `icon`
 | `string`
-| icon is a base64 encoded image that will be displayed beside the Quick Start display name. The icon should be an vector image for easy scaling. The size of the icon should be 40x40.
+| icon is a base64 encoded image that will be displayed beside the Quick Start display name.
+The icon should be an vector image for easy scaling. The size of the icon should be 40x40.
 
 | `introduction`
 | `string`
@@ -125,7 +130,9 @@ Required::
 Description::
 +
 --
-accessReviewResources contains a list of resources that the user's access will be reviewed against in order for the user to complete the Quick Start. The Quick Start will be hidden if any of the access reviews fail.
+accessReviewResources contains a list of resources that the user's access
+will be reviewed against in order for the user to complete the Quick Start.
+The Quick Start will be hidden if any of the access reviews fail.
 --
 
 Type::
@@ -151,17 +158,34 @@ Type::
 |===
 | Property | Type | Description
 
+| `fieldSelector`
+| `object`
+| fieldSelector describes the limitation on access based on field.  It can only limit access, not broaden it.
+
+This field  is alpha-level. To use this field, you must enable the
+`AuthorizeWithSelectors` feature gate (disabled by default).
+
 | `group`
 | `string`
 | Group is the API Group of the Resource.  "*" means all.
 
+| `labelSelector`
+| `object`
+| labelSelector describes the limitation on access based on labels.  It can only limit access, not broaden it.
+
+This field  is alpha-level. To use this field, you must enable the
+`AuthorizeWithSelectors` feature gate (disabled by default).
+
 | `name`
 | `string`
 | Name is the name of the resource being requested for a "get" or deleted for a "delete". "" (empty) means all.
 
 | `namespace`
 | `string`
-| Namespace is the namespace of the action being requested.  Currently, there is no distinction between no namespace and all namespaces "" (empty) is defaulted for LocalSubjectAccessReviews "" (empty) is empty for cluster-scoped resources "" (empty) means "all" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview
+| Namespace is the namespace of the action being requested.  Currently, there is no distinction between no namespace and all namespaces
+"" (empty) is defaulted for LocalSubjectAccessReviews
+"" (empty) is empty for cluster-scoped resources
+"" (empty) means "all" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview
 
 | `resource`
 | `string`
@@ -179,6 +203,196 @@ Type::
 | `string`
 | Version is the API Version of the Resource.  "*" means all.
 
+|===
+=== .spec.accessReviewResources[].fieldSelector
+Description::
++
+--
+fieldSelector describes the limitation on access based on field.  It can only limit access, not broaden it.
+
+This field  is alpha-level. To use this field, you must enable the
+`AuthorizeWithSelectors` feature gate (disabled by default).
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `rawSelector`
+| `string`
+| rawSelector is the serialization of a field selector that would be included in a query parameter.
+Webhook implementations are encouraged to ignore rawSelector.
+The kube-apiserver's *SubjectAccessReview will parse the rawSelector as long as the requirements are not present.
+
+| `requirements`
+| `array`
+| requirements is the parsed interpretation of a field selector.
+All requirements must be met for a resource instance to match the selector.
+Webhook implementations should handle requirements, but how to handle them is up to the webhook.
+Since requirements can only limit the request, it is safe to authorize as unlimited request if the requirements
+are not understood.
+
+| `requirements[]`
+| `object`
+| FieldSelectorRequirement is a selector that contains values, a key, and an operator that
+relates the key and values.
+
+|===
+=== .spec.accessReviewResources[].fieldSelector.requirements
+Description::
++
+--
+requirements is the parsed interpretation of a field selector.
+All requirements must be met for a resource instance to match the selector.
+Webhook implementations should handle requirements, but how to handle them is up to the webhook.
+Since requirements can only limit the request, it is safe to authorize as unlimited request if the requirements
+are not understood.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.accessReviewResources[].fieldSelector.requirements[]
+Description::
++
+--
+FieldSelectorRequirement is a selector that contains values, a key, and an operator that
+relates the key and values.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `operator`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| key is the field selector key that the requirement applies to.
+
+| `operator`
+| `string`
+| operator represents a key's relationship to a set of values.
+Valid operators are In, NotIn, Exists, DoesNotExist.
+The list of operators may grow in the future.
+
+| `values`
+| `array (string)`
+| values is an array of string values.
+If the operator is In or NotIn, the values array must be non-empty.
+If the operator is Exists or DoesNotExist, the values array must be empty.
+
+|===
+=== .spec.accessReviewResources[].labelSelector
+Description::
++
+--
+labelSelector describes the limitation on access based on labels.  It can only limit access, not broaden it.
+
+This field  is alpha-level. To use this field, you must enable the
+`AuthorizeWithSelectors` feature gate (disabled by default).
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `rawSelector`
+| `string`
+| rawSelector is the serialization of a field selector that would be included in a query parameter.
+Webhook implementations are encouraged to ignore rawSelector.
+The kube-apiserver's *SubjectAccessReview will parse the rawSelector as long as the requirements are not present.
+
+| `requirements`
+| `array`
+| requirements is the parsed interpretation of a label selector.
+All requirements must be met for a resource instance to match the selector.
+Webhook implementations should handle requirements, but how to handle them is up to the webhook.
+Since requirements can only limit the request, it is safe to authorize as unlimited request if the requirements
+are not understood.
+
+| `requirements[]`
+| `object`
+| A label selector requirement is a selector that contains values, a key, and an operator that
+relates the key and values.
+
+|===
+=== .spec.accessReviewResources[].labelSelector.requirements
+Description::
++
+--
+requirements is the parsed interpretation of a label selector.
+All requirements must be met for a resource instance to match the selector.
+Webhook implementations should handle requirements, but how to handle them is up to the webhook.
+Since requirements can only limit the request, it is safe to authorize as unlimited request if the requirements
+are not understood.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.accessReviewResources[].labelSelector.requirements[]
+Description::
++
+--
+A label selector requirement is a selector that contains values, a key, and an operator that
+relates the key and values.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `operator`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| key is the label key that the selector applies to.
+
+| `operator`
+| `string`
+| operator represents a key's relationship to a set of values.
+Valid operators are In, NotIn, Exists and DoesNotExist.
+
+| `values`
+| `array (string)`
+| values is an array of string values. If the operator is In or NotIn,
+the values array must be non-empty. If the operator is Exists or DoesNotExist,
+the values array must be empty. This array is replaced during a strategic
+merge patch.
+
 |===
 === .spec.tasks
 Description::
@@ -219,7 +433,8 @@ Required::
 
 | `review`
 | `object`
-| review contains instructions to validate the task is complete. The user will select 'Yes' or 'No'. using a radio button, which indicates whether the step was completed successfully.
+| review contains instructions to validate the task is complete. The user will select 'Yes' or 'No'.
+using a radio button, which indicates whether the step was completed successfully.
 
 | `summary`
 | `object`
@@ -234,7 +449,8 @@ Required::
 Description::
 +
 --
-review contains instructions to validate the task is complete. The user will select 'Yes' or 'No'. using a radio button, which indicates whether the step was completed successfully.
+review contains instructions to validate the task is complete. The user will select 'Yes' or 'No'.
+using a radio button, which indicates whether the step was completed successfully.
 --
 
 Type::
@@ -256,7 +472,8 @@ Required::
 
 | `instructions`
 | `string`
-| instructions contains steps that user needs to take in order to validate his work after going through a task. (includes markdown)
+| instructions contains steps that user needs to take in order
+to validate his work after going through a task. (includes markdown)
 
 |===
 === .spec.tasks[].summary
diff --git a/rest_api/console_apis/consolesample-console-openshift-io-v1.adoc b/rest_api/console_apis/consolesample-console-openshift-io-v1.adoc
index 9d1011c84c..8227b820db 100644
--- a/rest_api/console_apis/consolesample-console-openshift-io-v1.adoc
+++ b/rest_api/console_apis/consolesample-console-openshift-io-v1.adoc
@@ -11,8 +11,9 @@ toc::[]
 Description::
 +
 --
-ConsoleSample is an extension to customizing OpenShift web console by adding samples. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ConsoleSample is an extension to customizing OpenShift web console by adding samples.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -70,63 +71,91 @@ Required::
 
 | `abstract`
 | `string`
-| abstract is a short introduction to the sample. 
- It is required and must be no more than 100 characters in length. 
- The abstract is shown on the sample card tile below the title and provider and is limited to three lines of content.
+| abstract is a short introduction to the sample.
+
+It is required and must be no more than 100 characters in length.
+
+The abstract is shown on the sample card tile below the title and provider
+and is limited to three lines of content.
 
 | `description`
 | `string`
-| description is a long form explanation of the sample. 
- It is required and can have a maximum length of **4096** characters. 
- It is a README.md-like content for additional information, links, pre-conditions, and other instructions. It will be rendered as Markdown so that it can contain line breaks, links, and other simple formatting.
+| description is a long form explanation of the sample.
+
+It is required and can have a maximum length of **4096** characters.
+
+It is a README.md-like content for additional information, links, pre-conditions, and other instructions.
+It will be rendered as Markdown so that it can contain line breaks, links, and other simple formatting.
 
 | `icon`
 | `string`
-| icon is an optional base64 encoded image and shown beside the sample title. 
- The format must follow the data: URL format and can have a maximum size of **10 KB**. 
- data:[<mediatype>][;base64],<base64 encoded image> 
- For example: 
- data:image;base64,             plus the base64 encoded image. 
- Vector images can also be used. SVG icons must start with: 
- data:image/svg+xml;base64,     plus the base64 encoded SVG image. 
- All sample catalog icons will be shown on a white background (also when the dark theme is used). The web console ensures that different aspect ratios work correctly. Currently, the surface of the icon is at most 40x100px. 
- For more information on the data URL format, please visit https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/Data_URLs.
+| icon is an optional base64 encoded image and shown beside the sample title.
+
+The format must follow the data: URL format and can have a maximum size of **10 KB**.
+
+  data:[<mediatype>][;base64],<base64 encoded image>
+
+For example:
+
+  data:image;base64,             plus the base64 encoded image.
+
+Vector images can also be used. SVG icons must start with:
+
+  data:image/svg+xml;base64,     plus the base64 encoded SVG image.
+
+All sample catalog icons will be shown on a white background (also when the dark theme is used).
+The web console ensures that different aspect ratios work correctly.
+Currently, the surface of the icon is at most 40x100px.
+
+For more information on the data URL format, please visit
+https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/Data_URLs.
 
 | `provider`
 | `string`
-| provider is an optional label to honor who provides the sample. 
- It is optional and must be no more than 50 characters in length. 
- A provider can be a company like "Red Hat" or an organization like "CNCF" or "Knative". 
- Currently, the provider is only shown on the sample card tile below the title with the prefix "Provided by "
+| provider is an optional label to honor who provides the sample.
+
+It is optional and must be no more than 50 characters in length.
+
+A provider can be a company like "Red Hat" or an organization like "CNCF" or "Knative".
+
+Currently, the provider is only shown on the sample card tile below the title with the prefix "Provided by "
 
 | `source`
 | `object`
-| source defines where to deploy the sample service from. The sample may be sourced from an external git repository or container image.
+| source defines where to deploy the sample service from.
+The sample may be sourced from an external git repository or container image.
 
 | `tags`
 | `array (string)`
-| tags are optional string values that can be used to find samples in the samples catalog. 
- Examples of common tags may be "Java", "Quarkus", etc. 
- They will be displayed on the samples details page.
+| tags are optional string values that can be used to find samples in the samples catalog.
+
+Examples of common tags may be "Java", "Quarkus", etc.
+
+They will be displayed on the samples details page.
 
 | `title`
 | `string`
-| title is the display name of the sample. 
- It is required and must be no more than 50 characters in length.
+| title is the display name of the sample.
+
+It is required and must be no more than 50 characters in length.
 
 | `type`
 | `string`
-| type is an optional label to group multiple samples. 
- It is optional and must be no more than 20 characters in length. 
- Recommendation is a singular term like "Builder Image", "Devfile" or "Serverless Function". 
- Currently, the type is shown a badge on the sample card tile in the top right corner.
+| type is an optional label to group multiple samples.
+
+It is optional and must be no more than 20 characters in length.
+
+Recommendation is a singular term like "Builder Image", "Devfile" or "Serverless Function".
+
+Currently, the type is shown a badge on the sample card tile in the top right corner.
 
 |===
 === .spec.source
 Description::
 +
 --
-source defines where to deploy the sample service from. The sample may be sourced from an external git repository or container image.
+source defines where to deploy the sample service from.
+The sample may be sourced from an external git repository or container image.
 --
 
 Type::
@@ -175,8 +204,16 @@ Required::
 
 | `image`
 | `string`
-| reference to a container image that provides a HTTP service. The service must be exposed on the default port (8080) unless otherwise configured with the port field. 
- Supported formats: - <repository-name>/<image-name> - docker.io/<repository-name>/<image-name> - quay.io/<repository-name>/<image-name> - quay.io/<repository-name>/<image-name>@sha256:<image hash> - quay.io/<repository-name>/<image-name>:<tag>
+| reference to a container image that provides a HTTP service.
+The service must be exposed on the default port (8080) unless
+otherwise configured with the port field.
+
+Supported formats:
+  - <repository-name>/<image-name>
+  - docker.io/<repository-name>/<image-name>
+  - quay.io/<repository-name>/<image-name>
+  - quay.io/<repository-name>/<image-name>@sha256:<image hash>
+  - quay.io/<repository-name>/<image-name>:<tag>
 
 | `service`
 | `object`
@@ -202,7 +239,10 @@ Type::
 
 | `targetPort`
 | `integer`
-| targetPort is the port that the service listens on for HTTP requests. This port will be used for Service and Route created for this sample. Port must be in the range 1 to 65535. Default port is 8080.
+| targetPort is the port that the service listens on for HTTP requests.
+This port will be used for Service and Route created for this sample.
+Port must be in the range 1 to 65535.
+Default port is 8080.
 
 |===
 === .spec.source.gitImport
@@ -254,18 +294,31 @@ Required::
 
 | `contextDir`
 | `string`
-| contextDir is used to specify a directory within the repository to build the component. Must start with `/` and have a maximum length of 256 characters. When omitted, the default value is to build from the root of the repository.
+| contextDir is used to specify a directory within the repository to build the
+component.
+Must start with `/` and have a maximum length of 256 characters.
+When omitted, the default value is to build from the root of the repository.
 
 | `revision`
 | `string`
-| revision is the git revision at which to clone the git repository Can be used to clone a specific branch, tag or commit SHA. Must be at most 256 characters in length. When omitted the repository's default branch is used.
+| revision is the git revision at which to clone the git repository
+Can be used to clone a specific branch, tag or commit SHA.
+Must be at most 256 characters in length.
+When omitted the repository's default branch is used.
 
 | `url`
 | `string`
-| url of the Git repository that contains a HTTP service. The HTTP service must be exposed on the default port (8080) unless otherwise configured with the port field. 
- Only public repositories on GitHub, GitLab and Bitbucket are currently supported: 
- - https://github.com/<org>/<repository> - https://gitlab.com/<org>/<repository> - https://bitbucket.org/<org>/<repository> 
- The url must have a maximum length of 256 characters.
+| url of the Git repository that contains a HTTP service.
+The HTTP service must be exposed on the default port (8080) unless
+otherwise configured with the port field.
+
+Only public repositories on GitHub, GitLab and Bitbucket are currently supported:
+
+  - https://github.com/<org>/<repository>
+  - https://gitlab.com/<org>/<repository>
+  - https://bitbucket.org/<org>/<repository>
+
+The url must have a maximum length of 256 characters.
 
 |===
 === .spec.source.gitImport.service
@@ -287,7 +340,10 @@ Type::
 
 | `targetPort`
 | `integer`
-| targetPort is the port that the service listens on for HTTP requests. This port will be used for Service created for this sample. Port must be in the range 1 to 65535. Default port is 8080.
+| targetPort is the port that the service listens on for HTTP requests.
+This port will be used for Service created for this sample.
+Port must be in the range 1 to 65535.
+Default port is 8080.
 
 |===
 
diff --git a/rest_api/console_apis/consoleyamlsample-console-openshift-io-v1.adoc b/rest_api/console_apis/consoleyamlsample-console-openshift-io-v1.adoc
index 8144e71a77..df63a16fbb 100644
--- a/rest_api/console_apis/consoleyamlsample-console-openshift-io-v1.adoc
+++ b/rest_api/console_apis/consoleyamlsample-console-openshift-io-v1.adoc
@@ -11,8 +11,9 @@ toc::[]
 Description::
 +
 --
-ConsoleYAMLSample is an extension for customizing OpenShift web console YAML samples. 
- Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).
+ConsoleYAMLSample is an extension for customizing OpenShift web console YAML samples.
+
+Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -43,14 +44,18 @@ Required::
 
 | `spec`
 | `object`
-| ConsoleYAMLSampleSpec is the desired YAML sample configuration. Samples will appear with their descriptions in a samples sidebar when creating a resources in the web console.
+| ConsoleYAMLSampleSpec is the desired YAML sample configuration.
+Samples will appear with their descriptions in a samples sidebar
+when creating a resources in the web console.
 
 |===
 === .spec
 Description::
 +
 --
-ConsoleYAMLSampleSpec is the desired YAML sample configuration. Samples will appear with their descriptions in a samples sidebar when creating a resources in the web console.
+ConsoleYAMLSampleSpec is the desired YAML sample configuration.
+Samples will appear with their descriptions in a samples sidebar
+when creating a resources in the web console.
 --
 
 Type::
@@ -74,11 +79,14 @@ Required::
 
 | `snippet`
 | `boolean`
-| snippet indicates that the YAML sample is not the full YAML resource definition, but a fragment that can be inserted into the existing YAML document at the user's cursor.
+| snippet indicates that the YAML sample is not the full YAML resource
+definition, but a fragment that can be inserted into the existing
+YAML document at the user's cursor.
 
 | `targetResource`
 | `object`
-| targetResource contains apiVersion and kind of the resource YAML sample is representating.
+| targetResource contains apiVersion and kind of the resource
+YAML sample is representating.
 
 | `title`
 | `string`
@@ -93,7 +101,8 @@ Required::
 Description::
 +
 --
-targetResource contains apiVersion and kind of the resource YAML sample is representating.
+targetResource contains apiVersion and kind of the resource
+YAML sample is representating.
 --
 
 Type::
@@ -108,11 +117,18 @@ Type::
 
 | `apiVersion`
 | `string`
-| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+| APIVersion defines the versioned schema of this representation of an object.
+Servers should convert recognized schemas to the latest internal value, and
+may reject unrecognized values.
+More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
 
 | `kind`
 | `string`
-| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+| Kind is a string value representing the REST resource this object represents.
+Servers may infer this from the endpoint the client submits requests to.
+Cannot be updated.
+In CamelCase.
+More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
 
 |===
 
diff --git a/rest_api/machine_apis/containerruntimeconfig-machineconfiguration-openshift-io-v1.adoc b/rest_api/machine_apis/containerruntimeconfig-machineconfiguration-openshift-io-v1.adoc
index a441893799..cb22ac7b5f 100644
--- a/rest_api/machine_apis/containerruntimeconfig-machineconfiguration-openshift-io-v1.adoc
+++ b/rest_api/machine_apis/containerruntimeconfig-machineconfiguration-openshift-io-v1.adoc
@@ -11,8 +11,9 @@ toc::[]
 Description::
 +
 --
-ContainerRuntimeConfig describes a customized Container Runtime configuration. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ContainerRuntimeConfig describes a customized Container Runtime configuration.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -74,7 +75,8 @@ Required::
 
 | `machineConfigPoolSelector`
 | `object`
-| MachineConfigPoolSelector selects which pools the ContainerRuntimeConfig shoud apply to. A nil selector will result in no pools being selected.
+| MachineConfigPoolSelector selects which pools the ContainerRuntimeConfig shoud apply to.
+A nil selector will result in no pools being selected.
 
 |===
 === .spec.containerRuntimeConfig
@@ -100,15 +102,19 @@ Type::
 
 | `logLevel`
 | `string`
-| logLevel specifies the verbosity of the logs based on the level it is set to. Options are fatal, panic, error, warn, info, and debug.
+| logLevel specifies the verbosity of the logs based on the level it is set to.
+Options are fatal, panic, error, warn, info, and debug.
 
 | `logSizeMax`
 | `integer-or-string`
-| logSizeMax specifies the Maximum size allowed for the container log file. Negative numbers indicate that no size limit is imposed. If it is positive, it must be >= 8192 to match/exceed conmon's read buffer.
+| logSizeMax specifies the Maximum size allowed for the container log file.
+Negative numbers indicate that no size limit is imposed.
+If it is positive, it must be >= 8192 to match/exceed conmon's read buffer.
 
 | `overlaySize`
 | `integer-or-string`
-| overlaySize specifies the maximum size of a container image. This flag can be used to set quota on the size of container images. (default: 10GB)
+| overlaySize specifies the maximum size of a container image.
+This flag can be used to set quota on the size of container images. (default: 10GB)
 
 | `pidsLimit`
 | `integer`
@@ -119,7 +125,8 @@ Type::
 Description::
 +
 --
-MachineConfigPoolSelector selects which pools the ContainerRuntimeConfig shoud apply to. A nil selector will result in no pools being selected.
+MachineConfigPoolSelector selects which pools the ContainerRuntimeConfig shoud apply to.
+A nil selector will result in no pools being selected.
 --
 
 Type::
@@ -138,11 +145,14 @@ Type::
 
 | `matchExpressions[]`
 | `object`
-| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+| A label selector requirement is a selector that contains values, a key, and an operator that
+relates the key and values.
 
 | `matchLabels`
 | `object (string)`
-| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+map is equivalent to an element of matchExpressions, whose key field is "key", the
+operator is "In", and the values array contains only "value". The requirements are ANDed.
 
 |===
 === .spec.machineConfigPoolSelector.matchExpressions
@@ -162,7 +172,8 @@ Type::
 Description::
 +
 --
-A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+A label selector requirement is a selector that contains values, a key, and an operator that
+relates the key and values.
 --
 
 Type::
@@ -184,11 +195,15 @@ Required::
 
 | `operator`
 | `string`
-| operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+| operator represents a key's relationship to a set of values.
+Valid operators are In, NotIn, Exists and DoesNotExist.
 
 | `values`
 | `array (string)`
-| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+| values is an array of string values. If the operator is In or NotIn,
+the values array must be non-empty. If the operator is Exists or DoesNotExist,
+the values array must be empty. This array is replaced during a strategic
+merge patch.
 
 |===
 === .status
@@ -257,7 +272,8 @@ Type::
 
 | `message`
 | `string`
-| message provides additional information about the current condition. This is only to be consumed by humans.
+| message provides additional information about the current condition.
+This is only to be consumed by humans.
 
 | `reason`
 | `string`
diff --git a/rest_api/machine_apis/controllerconfig-machineconfiguration-openshift-io-v1.adoc b/rest_api/machine_apis/controllerconfig-machineconfiguration-openshift-io-v1.adoc
index 93b2f030ea..dbe6c6d4ea 100644
--- a/rest_api/machine_apis/controllerconfig-machineconfiguration-openshift-io-v1.adoc
+++ b/rest_api/machine_apis/controllerconfig-machineconfiguration-openshift-io-v1.adoc
@@ -11,8 +11,10 @@ toc::[]
 Description::
 +
 --
-ControllerConfig describes configuration for MachineConfigController. This is currently only used to drive the MachineConfig objects generated by the TemplateController. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ControllerConfig describes configuration for MachineConfigController.
+This is currently only used to drive the MachineConfig objects generated by the TemplateController.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -77,7 +79,8 @@ Required::
 
 | `additionalTrustBundle`
 | ``
-| additionalTrustBundle is a certificate bundle that will be added to the nodes trusted certificate store.
+| additionalTrustBundle is a certificate bundle that will be added to the nodes
+trusted certificate store.
 
 | `baseOSContainerImage`
 | `string`
@@ -133,7 +136,8 @@ Required::
 
 | `internalRegistryPullSecret`
 | ``
-| internalRegistryPullSecret is the pull secret for the internal registry, used by rpm-ostree to pull images from the internal registry if present
+| internalRegistryPullSecret is the pull secret for the internal registry, used by
+rpm-ostree to pull images from the internal registry if present
 
 | `ipFamilies`
 | `string`
@@ -149,7 +153,11 @@ Required::
 
 | `networkType`
 | `string`
-| networkType holds the type of network the cluster is using XXX: this is temporary and will be dropped as soon as possible in favor of a better support to start network related services the proper way. Nobody is also changing this once the cluster is up and running the first time, so, disallow regeneration if this changes.
+| networkType holds the type of network the cluster is using
+XXX: this is temporary and will be dropped as soon as possible in favor of a better support
+to start network related services the proper way.
+Nobody is also changing this once the cluster is up and running the first time, so, disallow
+regeneration if this changes.
 
 | `osImageURL`
 | `string`
@@ -165,7 +173,8 @@ Required::
 
 | `pullSecret`
 | `object`
-| pullSecret is the default pull secret that needs to be installed on all machines.
+| pullSecret is the default pull secret that needs to be installed
+on all machines.
 
 | `releaseImage`
 | `string`
@@ -332,7 +341,8 @@ Required::
 Description::
 +
 --
-pullSecret is the default pull secret that needs to be installed on all machines.
+pullSecret is the default pull secret that needs to be installed
+on all machines.
 --
 
 Type::
@@ -351,27 +361,38 @@ Type::
 
 | `fieldPath`
 | `string`
-| If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.
+| If referring to a piece of an object instead of an entire object, this string
+should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+For example, if the object reference is to a container within a pod, this would take on a value like:
+"spec.containers{name}" (where "name" refers to the name of the container that triggered
+the event) or if no container name is specified "spec.containers[2]" (container with
+index 2 in this pod). This syntax is chosen only to have some well-defined way of
+referencing a part of an object.
 
 | `kind`
 | `string`
-| Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+| Kind of the referent.
+More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
 
 | `name`
 | `string`
-| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+| Name of the referent.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 
 | `namespace`
 | `string`
-| Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+| Namespace of the referent.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
 
 | `resourceVersion`
 | `string`
-| Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+| Specific resourceVersion to which this reference is made, if any.
+More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
 
 | `uid`
 | `string`
-| UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+| UID of the referent.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
 
 |===
 === .status
@@ -451,7 +472,8 @@ Required::
 
 | `message`
 | `string`
-| message provides additional information about the current condition. This is only to be consumed by humans.
+| message provides additional information about the current condition.
+This is only to be consumed by humans.
 
 | `reason`
 | `string`
diff --git a/rest_api/machine_apis/controlplanemachineset-machine-openshift-io-v1.adoc b/rest_api/machine_apis/controlplanemachineset-machine-openshift-io-v1.adoc
index e3388d665b..36e8f1078c 100644
--- a/rest_api/machine_apis/controlplanemachineset-machine-openshift-io-v1.adoc
+++ b/rest_api/machine_apis/controlplanemachineset-machine-openshift-io-v1.adoc
@@ -11,7 +11,8 @@ toc::[]
 Description::
 +
 --
-ControlPlaneMachineSet ensures that a specified number of control plane machine replicas are running at any given time. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ControlPlaneMachineSet ensures that a specified number of control plane machine replicas are running at any given time.
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -69,30 +70,49 @@ Required::
 
 | `replicas`
 | `integer`
-| Replicas defines how many Control Plane Machines should be created by this ControlPlaneMachineSet. This field is immutable and cannot be changed after cluster installation. The ControlPlaneMachineSet only operates with 3 or 5 node control planes, 3 and 5 are the only valid values for this field.
+| Replicas defines how many Control Plane Machines should be
+created by this ControlPlaneMachineSet.
+This field is immutable and cannot be changed after cluster
+installation.
+The ControlPlaneMachineSet only operates with 3 or 5 node control planes,
+3 and 5 are the only valid values for this field.
 
 | `selector`
 | `object`
-| Label selector for Machines. Existing Machines selected by this selector will be the ones affected by this ControlPlaneMachineSet. It must match the template's labels. This field is considered immutable after creation of the resource.
+| Label selector for Machines. Existing Machines selected by this
+selector will be the ones affected by this ControlPlaneMachineSet.
+It must match the template's labels.
+This field is considered immutable after creation of the resource.
 
 | `state`
 | `string`
-| State defines whether the ControlPlaneMachineSet is Active or Inactive. When Inactive, the ControlPlaneMachineSet will not take any action on the state of the Machines within the cluster. When Active, the ControlPlaneMachineSet will reconcile the Machines and will update the Machines as necessary. Once Active, a ControlPlaneMachineSet cannot be made Inactive. To prevent further action please remove the ControlPlaneMachineSet.
+| State defines whether the ControlPlaneMachineSet is Active or Inactive.
+When Inactive, the ControlPlaneMachineSet will not take any action on the
+state of the Machines within the cluster.
+When Active, the ControlPlaneMachineSet will reconcile the Machines and
+will update the Machines as necessary.
+Once Active, a ControlPlaneMachineSet cannot be made Inactive. To prevent
+further action please remove the ControlPlaneMachineSet.
 
 | `strategy`
 | `object`
-| Strategy defines how the ControlPlaneMachineSet will update Machines when it detects a change to the ProviderSpec.
+| Strategy defines how the ControlPlaneMachineSet will update
+Machines when it detects a change to the ProviderSpec.
 
 | `template`
 | `object`
-| Template describes the Control Plane Machines that will be created by this ControlPlaneMachineSet.
+| Template describes the Control Plane Machines that will be created
+by this ControlPlaneMachineSet.
 
 |===
 === .spec.selector
 Description::
 +
 --
-Label selector for Machines. Existing Machines selected by this selector will be the ones affected by this ControlPlaneMachineSet. It must match the template's labels. This field is considered immutable after creation of the resource.
+Label selector for Machines. Existing Machines selected by this
+selector will be the ones affected by this ControlPlaneMachineSet.
+It must match the template's labels.
+This field is considered immutable after creation of the resource.
 --
 
 Type::
@@ -111,11 +131,14 @@ Type::
 
 | `matchExpressions[]`
 | `object`
-| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+| A label selector requirement is a selector that contains values, a key, and an operator that
+relates the key and values.
 
 | `matchLabels`
 | `object (string)`
-| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+map is equivalent to an element of matchExpressions, whose key field is "key", the
+operator is "In", and the values array contains only "value". The requirements are ANDed.
 
 |===
 === .spec.selector.matchExpressions
@@ -135,7 +158,8 @@ Type::
 Description::
 +
 --
-A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+A label selector requirement is a selector that contains values, a key, and an operator that
+relates the key and values.
 --
 
 Type::
@@ -157,18 +181,23 @@ Required::
 
 | `operator`
 | `string`
-| operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+| operator represents a key's relationship to a set of values.
+Valid operators are In, NotIn, Exists and DoesNotExist.
 
 | `values`
 | `array (string)`
-| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+| values is an array of string values. If the operator is In or NotIn,
+the values array must be non-empty. If the operator is Exists or DoesNotExist,
+the values array must be empty. This array is replaced during a strategic
+merge patch.
 
 |===
 === .spec.strategy
 Description::
 +
 --
-Strategy defines how the ControlPlaneMachineSet will update Machines when it detects a change to the ProviderSpec.
+Strategy defines how the ControlPlaneMachineSet will update
+Machines when it detects a change to the ProviderSpec.
 --
 
 Type::
@@ -183,14 +212,18 @@ Type::
 
 | `type`
 | `string`
-| Type defines the type of update strategy that should be used when updating Machines owned by the ControlPlaneMachineSet. Valid values are "RollingUpdate" and "OnDelete". The current default value is "RollingUpdate".
+| Type defines the type of update strategy that should be
+used when updating Machines owned by the ControlPlaneMachineSet.
+Valid values are "RollingUpdate" and "OnDelete".
+The current default value is "RollingUpdate".
 
 |===
 === .spec.template
 Description::
 +
 --
-Template describes the Control Plane Machines that will be created by this ControlPlaneMachineSet.
+Template describes the Control Plane Machines that will be created
+by this ControlPlaneMachineSet.
 --
 
 Type::
@@ -207,18 +240,21 @@ Required::
 
 | `machineType`
 | `string`
-| MachineType determines the type of Machines that should be managed by the ControlPlaneMachineSet. Currently, the only valid value is machines_v1beta1_machine_openshift_io.
+| MachineType determines the type of Machines that should be managed by the ControlPlaneMachineSet.
+Currently, the only valid value is machines_v1beta1_machine_openshift_io.
 
 | `machines_v1beta1_machine_openshift_io`
 | `object`
-| OpenShiftMachineV1Beta1Machine defines the template for creating Machines from the v1beta1.machine.openshift.io API group.
+| OpenShiftMachineV1Beta1Machine defines the template for creating Machines
+from the v1beta1.machine.openshift.io API group.
 
 |===
 === .spec.template.machines_v1beta1_machine_openshift_io
 Description::
 +
 --
-OpenShiftMachineV1Beta1Machine defines the template for creating Machines from the v1beta1.machine.openshift.io API group.
+OpenShiftMachineV1Beta1Machine defines the template for creating Machines
+from the v1beta1.machine.openshift.io API group.
 --
 
 Type::
@@ -236,22 +272,37 @@ Required::
 
 | `failureDomains`
 | `object`
-| FailureDomains is the list of failure domains (sometimes called availability zones) in which the ControlPlaneMachineSet should balance the Control Plane Machines. This will be merged into the ProviderSpec given in the template. This field is optional on platforms that do not require placement information.
+| FailureDomains is the list of failure domains (sometimes called
+availability zones) in which the ControlPlaneMachineSet should balance
+the Control Plane Machines.
+This will be merged into the ProviderSpec given in the template.
+This field is optional on platforms that do not require placement information.
 
 | `metadata`
 | `object`
-| ObjectMeta is the standard object metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata Labels are required to match the ControlPlaneMachineSet selector.
+| ObjectMeta is the standard object metadata
+More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+Labels are required to match the ControlPlaneMachineSet selector.
 
 | `spec`
 | `object`
-| Spec contains the desired configuration of the Control Plane Machines. The ProviderSpec within contains platform specific details for creating the Control Plane Machines. The ProviderSe should be complete apart from the platform specific failure domain field. This will be overriden when the Machines are created based on the FailureDomains field.
+| Spec contains the desired configuration of the Control Plane Machines.
+The ProviderSpec within contains platform specific details
+for creating the Control Plane Machines.
+The ProviderSe should be complete apart from the platform specific
+failure domain field. This will be overriden when the Machines
+are created based on the FailureDomains field.
 
 |===
 === .spec.template.machines_v1beta1_machine_openshift_io.failureDomains
 Description::
 +
 --
-FailureDomains is the list of failure domains (sometimes called availability zones) in which the ControlPlaneMachineSet should balance the Control Plane Machines. This will be merged into the ProviderSpec given in the template. This field is optional on platforms that do not require placement information.
+FailureDomains is the list of failure domains (sometimes called
+availability zones) in which the ControlPlaneMachineSet should balance
+the Control Plane Machines.
+This will be merged into the ProviderSpec given in the template.
+This field is optional on platforms that do not require placement information.
 --
 
 Type::
@@ -308,7 +359,8 @@ Required::
 
 | `platform`
 | `string`
-| Platform identifies the platform for which the FailureDomain represents. Currently supported values are AWS, Azure, GCP, OpenStack, VSphere and Nutanix.
+| Platform identifies the platform for which the FailureDomain represents.
+Currently supported values are AWS, Azure, GCP, OpenStack, VSphere and Nutanix.
 
 | `vsphere`
 | `array`
@@ -497,11 +549,13 @@ Required::
 
 | `subnet`
 | `string`
-| subnet is the name of the network subnet in which the VM will be created. When omitted, the subnet value from the machine providerSpec template will be used.
+| subnet is the name of the network subnet in which the VM will be created.
+When omitted, the subnet value from the machine providerSpec template will be used.
 
 | `zone`
 | `string`
-| Availability Zone for the virtual machine. If nil, the virtual machine should be deployed to no zone.
+| Availability Zone for the virtual machine.
+If nil, the virtual machine should be deployed to no zone.
 
 |===
 === .spec.template.machines_v1beta1_machine_openshift_io.failureDomains.gcp
@@ -575,7 +629,8 @@ Required::
 
 | `name`
 | `string`
-| name of the failure domain in which the nutanix machine provider will create the VM. Failure domains are defined in a cluster's config.openshift.io/Infrastructure resource.
+| name of the failure domain in which the nutanix machine provider will create the VM.
+Failure domains are defined in a cluster's config.openshift.io/Infrastructure resource.
 
 |===
 === .spec.template.machines_v1beta1_machine_openshift_io.failureDomains.openstack
@@ -610,18 +665,25 @@ Type::
 
 | `availabilityZone`
 | `string`
-| availabilityZone is the nova availability zone in which the OpenStack machine provider will create the VM. If not specified, the VM will be created in the default availability zone specified in the nova configuration. Availability zone names must NOT contain : since it is used by admin users to specify hosts where instances are launched in server creation. Also, it must not contain spaces otherwise it will lead to node that belongs to this availability zone register failure, see kubernetes/cloud-provider-openstack#1379 for further information. The maximum length of availability zone name is 63 as per labels limits.
+| availabilityZone is the nova availability zone in which the OpenStack machine provider will create the VM.
+If not specified, the VM will be created in the default availability zone specified in the nova configuration.
+Availability zone names must NOT contain : since it is used by admin users to specify hosts where instances
+are launched in server creation. Also, it must not contain spaces otherwise it will lead to node that belongs
+to this availability zone register failure, see kubernetes/cloud-provider-openstack#1379 for further information.
+The maximum length of availability zone name is 63 as per labels limits.
 
 | `rootVolume`
 | `object`
-| rootVolume contains settings that will be used by the OpenStack machine provider to create the root volume attached to the VM. If not specified, no root volume will be created.
+| rootVolume contains settings that will be used by the OpenStack machine provider to create the root volume attached to the VM.
+If not specified, no root volume will be created.
 
 |===
 === .spec.template.machines_v1beta1_machine_openshift_io.failureDomains.openstack[].rootVolume
 Description::
 +
 --
-rootVolume contains settings that will be used by the OpenStack machine provider to create the root volume attached to the VM. If not specified, no root volume will be created.
+rootVolume contains settings that will be used by the OpenStack machine provider to create the root volume attached to the VM.
+If not specified, no root volume will be created.
 --
 
 Type::
@@ -638,11 +700,20 @@ Required::
 
 | `availabilityZone`
 | `string`
-| availabilityZone specifies the Cinder availability zone where the root volume will be created. If not specifified, the root volume will be created in the availability zone specified by the volume type in the cinder configuration. If the volume type (configured in the OpenStack cluster) does not specify an availability zone, the root volume will be created in the default availability zone specified in the cinder configuration. See https://docs.openstack.org/cinder/latest/admin/availability-zone-type.html for more details. If the OpenStack cluster is deployed with the cross_az_attach configuration option set to false, the root volume will have to be in the same availability zone as the VM (defined by OpenStackFailureDomain.AvailabilityZone). Availability zone names must NOT contain spaces otherwise it will lead to volume that belongs to this availability zone register failure, see kubernetes/cloud-provider-openstack#1379 for further information. The maximum length of availability zone name is 63 as per labels limits.
+| availabilityZone specifies the Cinder availability zone where the root volume will be created.
+If not specifified, the root volume will be created in the availability zone specified by the volume type in the cinder configuration.
+If the volume type (configured in the OpenStack cluster) does not specify an availability zone, the root volume will be created in the default availability
+zone specified in the cinder configuration. See https://docs.openstack.org/cinder/latest/admin/availability-zone-type.html for more details.
+If the OpenStack cluster is deployed with the cross_az_attach configuration option set to false, the root volume will have to be in the same
+availability zone as the VM (defined by OpenStackFailureDomain.AvailabilityZone).
+Availability zone names must NOT contain spaces otherwise it will lead to volume that belongs to this availability zone register failure,
+see kubernetes/cloud-provider-openstack#1379 for further information.
+The maximum length of availability zone name is 63 as per labels limits.
 
 | `volumeType`
 | `string`
-| volumeType specifies the type of the root volume that will be provisioned. The maximum length of a volume type name is 255 characters, as per the OpenStack limit.
+| volumeType specifies the type of the root volume that will be provisioned.
+The maximum length of a volume type name is 255 characters, as per the OpenStack limit.
 
 |===
 === .spec.template.machines_v1beta1_machine_openshift_io.failureDomains.vsphere
@@ -679,14 +750,19 @@ Required::
 
 | `name`
 | `string`
-| name of the failure domain in which the vSphere machine provider will create the VM. Failure domains are defined in a cluster's config.openshift.io/Infrastructure resource. When balancing machines across failure domains, the control plane machine set will inject configuration from the Infrastructure resource into the machine providerSpec to allocate the machine to a failure domain.
+| name of the failure domain in which the vSphere machine provider will create the VM.
+Failure domains are defined in a cluster's config.openshift.io/Infrastructure resource.
+When balancing machines across failure domains, the control plane machine set will inject configuration from the
+Infrastructure resource into the machine providerSpec to allocate the machine to a failure domain.
 
 |===
 === .spec.template.machines_v1beta1_machine_openshift_io.metadata
 Description::
 +
 --
-ObjectMeta is the standard object metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata Labels are required to match the ControlPlaneMachineSet selector.
+ObjectMeta is the standard object metadata
+More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+Labels are required to match the ControlPlaneMachineSet selector.
 --
 
 Type::
@@ -703,18 +779,31 @@ Required::
 
 | `annotations`
 | `object (string)`
-| Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations
+| Annotations is an unstructured key value map stored with a resource that may be
+set by external tools to store and retrieve arbitrary metadata. They are not
+queryable and should be preserved when modifying objects.
+More info: http://kubernetes.io/docs/user-guide/annotations
 
 | `labels`
 | `object (string)`
-| Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels. This field must contain both the 'machine.openshift.io/cluster-api-machine-role' and 'machine.openshift.io/cluster-api-machine-type' labels, both with a value of 'master'. It must also contain a label with the key 'machine.openshift.io/cluster-api-cluster'.
+| Map of string keys and values that can be used to organize and categorize
+(scope and select) objects. May match selectors of replication controllers
+and services.
+More info: http://kubernetes.io/docs/user-guide/labels.
+This field must contain both the 'machine.openshift.io/cluster-api-machine-role' and 'machine.openshift.io/cluster-api-machine-type' labels, both with a value of 'master'.
+It must also contain a label with the key 'machine.openshift.io/cluster-api-cluster'.
 
 |===
 === .spec.template.machines_v1beta1_machine_openshift_io.spec
 Description::
 +
 --
-Spec contains the desired configuration of the Control Plane Machines. The ProviderSpec within contains platform specific details for creating the Control Plane Machines. The ProviderSe should be complete apart from the platform specific failure domain field. This will be overriden when the Machines are created based on the FailureDomains field.
+Spec contains the desired configuration of the Control Plane Machines.
+The ProviderSpec within contains platform specific details
+for creating the Control Plane Machines.
+The ProviderSe should be complete apart from the platform specific
+failure domain field. This will be overriden when the Machines
+are created based on the FailureDomains field.
 --
 
 Type::
@@ -729,15 +818,27 @@ Type::
 
 | `lifecycleHooks`
 | `object`
-| LifecycleHooks allow users to pause operations on the machine at certain predefined points within the machine lifecycle.
+| LifecycleHooks allow users to pause operations on the machine at
+certain predefined points within the machine lifecycle.
 
 | `metadata`
 | `object`
-| ObjectMeta will autopopulate the Node created. Use this to indicate what labels, annotations, name prefix, etc., should be used when creating the Node.
+| ObjectMeta will autopopulate the Node created. Use this to
+indicate what labels, annotations, name prefix, etc., should be used
+when creating the Node.
 
 | `providerID`
 | `string`
-| ProviderID is the identification ID of the machine provided by the provider. This field must match the provider ID as seen on the node object corresponding to this machine. This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a generic out-of-tree provider for autoscaler, this field is required by autoscaler to be able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver and then a comparison is done to find out unregistered machines and are marked for delete. This field will be set by the actuators and consumed by higher level entities like autoscaler that will be interfacing with cluster-api as generic provider.
+| ProviderID is the identification ID of the machine provided by the provider.
+This field must match the provider ID as seen on the node object corresponding to this machine.
+This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler
+with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out
+machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a
+generic out-of-tree provider for autoscaler, this field is required by autoscaler to be
+able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver
+and then a comparison is done to find out unregistered machines and are marked for delete.
+This field will be set by the actuators and consumed by higher level entities like autoscaler that will
+be interfacing with cluster-api as generic provider.
 
 | `providerSpec`
 | `object`
@@ -745,18 +846,25 @@ Type::
 
 | `taints`
 | `array`
-| The list of the taints to be applied to the corresponding Node in additive manner. This list will not overwrite any other taints added to the Node on an ongoing basis by other entities. These taints should be actively reconciled e.g. if you ask the machine controller to apply a taint and then manually remove the taint the machine controller will put it back) but not have the machine controller remove any taints
+| The list of the taints to be applied to the corresponding Node in additive
+manner. This list will not overwrite any other taints added to the Node on
+an ongoing basis by other entities. These taints should be actively reconciled
+e.g. if you ask the machine controller to apply a taint and then manually remove
+the taint the machine controller will put it back) but not have the machine controller
+remove any taints
 
 | `taints[]`
 | `object`
-| The node this Taint is attached to has the "effect" on any pod that does not tolerate the Taint.
+| The node this Taint is attached to has the "effect" on
+any pod that does not tolerate the Taint.
 
 |===
 === .spec.template.machines_v1beta1_machine_openshift_io.spec.lifecycleHooks
 Description::
 +
 --
-LifecycleHooks allow users to pause operations on the machine at certain predefined points within the machine lifecycle.
+LifecycleHooks allow users to pause operations on the machine at
+certain predefined points within the machine lifecycle.
 --
 
 Type::
@@ -771,7 +879,8 @@ Type::
 
 | `preDrain`
 | `array`
-| PreDrain hooks prevent the machine from being drained. This also blocks further lifecycle events, such as termination.
+| PreDrain hooks prevent the machine from being drained.
+This also blocks further lifecycle events, such as termination.
 
 | `preDrain[]`
 | `object`
@@ -779,7 +888,8 @@ Type::
 
 | `preTerminate`
 | `array`
-| PreTerminate hooks prevent the machine from being terminated. PreTerminate hooks be actioned after the Machine has been drained.
+| PreTerminate hooks prevent the machine from being terminated.
+PreTerminate hooks be actioned after the Machine has been drained.
 
 | `preTerminate[]`
 | `object`
@@ -790,7 +900,8 @@ Type::
 Description::
 +
 --
-PreDrain hooks prevent the machine from being drained. This also blocks further lifecycle events, such as termination.
+PreDrain hooks prevent the machine from being drained.
+This also blocks further lifecycle events, such as termination.
 --
 
 Type::
@@ -821,18 +932,26 @@ Required::
 
 | `name`
 | `string`
-| Name defines a unique name for the lifcycle hook. The name should be unique and descriptive, ideally 1-3 words, in CamelCase or it may be namespaced, eg. foo.example.com/CamelCase. Names must be unique and should only be managed by a single entity.
+| Name defines a unique name for the lifcycle hook.
+The name should be unique and descriptive, ideally 1-3 words, in CamelCase or
+it may be namespaced, eg. foo.example.com/CamelCase.
+Names must be unique and should only be managed by a single entity.
 
 | `owner`
 | `string`
-| Owner defines the owner of the lifecycle hook. This should be descriptive enough so that users can identify who/what is responsible for blocking the lifecycle. This could be the name of a controller (e.g. clusteroperator/etcd) or an administrator managing the hook.
+| Owner defines the owner of the lifecycle hook.
+This should be descriptive enough so that users can identify
+who/what is responsible for blocking the lifecycle.
+This could be the name of a controller (e.g. clusteroperator/etcd)
+or an administrator managing the hook.
 
 |===
 === .spec.template.machines_v1beta1_machine_openshift_io.spec.lifecycleHooks.preTerminate
 Description::
 +
 --
-PreTerminate hooks prevent the machine from being terminated. PreTerminate hooks be actioned after the Machine has been drained.
+PreTerminate hooks prevent the machine from being terminated.
+PreTerminate hooks be actioned after the Machine has been drained.
 --
 
 Type::
@@ -863,18 +982,27 @@ Required::
 
 | `name`
 | `string`
-| Name defines a unique name for the lifcycle hook. The name should be unique and descriptive, ideally 1-3 words, in CamelCase or it may be namespaced, eg. foo.example.com/CamelCase. Names must be unique and should only be managed by a single entity.
+| Name defines a unique name for the lifcycle hook.
+The name should be unique and descriptive, ideally 1-3 words, in CamelCase or
+it may be namespaced, eg. foo.example.com/CamelCase.
+Names must be unique and should only be managed by a single entity.
 
 | `owner`
 | `string`
-| Owner defines the owner of the lifecycle hook. This should be descriptive enough so that users can identify who/what is responsible for blocking the lifecycle. This could be the name of a controller (e.g. clusteroperator/etcd) or an administrator managing the hook.
+| Owner defines the owner of the lifecycle hook.
+This should be descriptive enough so that users can identify
+who/what is responsible for blocking the lifecycle.
+This could be the name of a controller (e.g. clusteroperator/etcd)
+or an administrator managing the hook.
 
 |===
 === .spec.template.machines_v1beta1_machine_openshift_io.spec.metadata
 Description::
 +
 --
-ObjectMeta will autopopulate the Node created. Use this to indicate what labels, annotations, name prefix, etc., should be used when creating the Node.
+ObjectMeta will autopopulate the Node created. Use this to
+indicate what labels, annotations, name prefix, etc., should be used
+when creating the Node.
 --
 
 Type::
@@ -889,41 +1017,78 @@ Type::
 
 | `annotations`
 | `object (string)`
-| Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations
+| Annotations is an unstructured key value map stored with a resource that may be
+set by external tools to store and retrieve arbitrary metadata. They are not
+queryable and should be preserved when modifying objects.
+More info: http://kubernetes.io/docs/user-guide/annotations
 
 | `generateName`
 | `string`
-| GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. 
- If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). 
- Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
+| GenerateName is an optional prefix, used by the server, to generate a unique
+name ONLY IF the Name field has not been provided.
+If this field is used, the name returned to the client will be different
+than the name passed. This value will also be combined with a unique suffix.
+The provided value has the same validation rules as the Name field,
+and may be truncated by the length of the suffix required to make the value
+unique on the server.
+
+If this field is specified and the generated name exists, the server will
+NOT return a 409 - instead, it will either return 201 Created or 500 with Reason
+ServerTimeout indicating a unique name could not be found in the time allotted, and the client
+should retry (optionally after the time indicated in the Retry-After header).
+
+Applied only if Name is not specified.
+More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
 
 | `labels`
 | `object (string)`
-| Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels
+| Map of string keys and values that can be used to organize and categorize
+(scope and select) objects. May match selectors of replication controllers
+and services.
+More info: http://kubernetes.io/docs/user-guide/labels
 
 | `name`
 | `string`
-| Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names
+| Name must be unique within a namespace. Is required when creating resources, although
+some resources may allow a client to request the generation of an appropriate name
+automatically. Name is primarily intended for creation idempotence and configuration
+definition.
+Cannot be updated.
+More info: http://kubernetes.io/docs/user-guide/identifiers#names
 
 | `namespace`
 | `string`
-| Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. 
- Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces
+| Namespace defines the space within each name must be unique. An empty namespace is
+equivalent to the "default" namespace, but "default" is the canonical representation.
+Not all objects are required to be scoped to a namespace - the value of this field for
+those objects will be empty.
+
+Must be a DNS_LABEL.
+Cannot be updated.
+More info: http://kubernetes.io/docs/user-guide/namespaces
 
 | `ownerReferences`
 | `array`
-| List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
+| List of objects depended by this object. If ALL objects in the list have
+been deleted, this object will be garbage collected. If this object is managed by a controller,
+then an entry in this list will point to this controller, with the controller field set to true.
+There cannot be more than one managing controller.
 
 | `ownerReferences[]`
 | `object`
-| OwnerReference contains enough information to let you identify an owning object. An owning object must be in the same namespace as the dependent, or be cluster-scoped, so there is no namespace field.
+| OwnerReference contains enough information to let you identify an owning
+object. An owning object must be in the same namespace as the dependent, or
+be cluster-scoped, so there is no namespace field.
 
 |===
 === .spec.template.machines_v1beta1_machine_openshift_io.spec.metadata.ownerReferences
 Description::
 +
 --
-List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
+List of objects depended by this object. If ALL objects in the list have
+been deleted, this object will be garbage collected. If this object is managed by a controller,
+then an entry in this list will point to this controller, with the controller field set to true.
+There cannot be more than one managing controller.
 --
 
 Type::
@@ -936,7 +1101,9 @@ Type::
 Description::
 +
 --
-OwnerReference contains enough information to let you identify an owning object. An owning object must be in the same namespace as the dependent, or be cluster-scoped, so there is no namespace field.
+OwnerReference contains enough information to let you identify an owning
+object. An owning object must be in the same namespace as the dependent, or
+be cluster-scoped, so there is no namespace field.
 --
 
 Type::
@@ -960,7 +1127,14 @@ Required::
 
 | `blockOwnerDeletion`
 | `boolean`
-| If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion for how the garbage collector interacts with this field and enforces the foreground deletion. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.
+| If true, AND if the owner has the "foregroundDeletion" finalizer, then
+the owner cannot be deleted from the key-value store until this
+reference is removed.
+See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion
+for how the garbage collector interacts with this field and enforces the foreground deletion.
+Defaults to false.
+To set this field, a user needs "delete" permission of the owner,
+otherwise 422 (Unprocessable Entity) will be returned.
 
 | `controller`
 | `boolean`
@@ -968,15 +1142,18 @@ Required::
 
 | `kind`
 | `string`
-| Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+| Kind of the referent.
+More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
 
 | `name`
 | `string`
-| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
+| Name of the referent.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
 
 | `uid`
 | `string`
-| UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
+| UID of the referent.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
 
 |===
 === .spec.template.machines_v1beta1_machine_openshift_io.spec.providerSpec
@@ -998,14 +1175,22 @@ Type::
 
 | `value`
 | ``
-| Value is an inlined, serialized representation of the resource configuration. It is recommended that providers maintain their own versioned API types that should be serialized/deserialized from this field, akin to component config.
+| Value is an inlined, serialized representation of the resource
+configuration. It is recommended that providers maintain their own
+versioned API types that should be serialized/deserialized from this
+field, akin to component config.
 
 |===
 === .spec.template.machines_v1beta1_machine_openshift_io.spec.taints
 Description::
 +
 --
-The list of the taints to be applied to the corresponding Node in additive manner. This list will not overwrite any other taints added to the Node on an ongoing basis by other entities. These taints should be actively reconciled e.g. if you ask the machine controller to apply a taint and then manually remove the taint the machine controller will put it back) but not have the machine controller remove any taints
+The list of the taints to be applied to the corresponding Node in additive
+manner. This list will not overwrite any other taints added to the Node on
+an ongoing basis by other entities. These taints should be actively reconciled
+e.g. if you ask the machine controller to apply a taint and then manually remove
+the taint the machine controller will put it back) but not have the machine controller
+remove any taints
 --
 
 Type::
@@ -1018,7 +1203,8 @@ Type::
 Description::
 +
 --
-The node this Taint is attached to has the "effect" on any pod that does not tolerate the Taint.
+The node this Taint is attached to has the "effect" on
+any pod that does not tolerate the Taint.
 --
 
 Type::
@@ -1036,7 +1222,9 @@ Required::
 
 | `effect`
 | `string`
-| Required. The effect of the taint on pods that do not tolerate the taint. Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
+| Required. The effect of the taint on pods
+that do not tolerate the taint.
+Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
 
 | `key`
 | `string`
@@ -1044,7 +1232,8 @@ Required::
 
 | `timeAdded`
 | `string`
-| TimeAdded represents the time at which the taint was added. It is only written for NoExecute taints.
+| TimeAdded represents the time at which the taint was added.
+It is only written for NoExecute taints.
 
 | `value`
 | `string`
@@ -1070,40 +1259,58 @@ Type::
 
 | `conditions`
 | `array`
-| Conditions represents the observations of the ControlPlaneMachineSet's current state. Known .status.conditions.type are: Available, Degraded and Progressing.
+| Conditions represents the observations of the ControlPlaneMachineSet's current state.
+Known .status.conditions.type are: Available, Degraded and Progressing.
 
 | `conditions[]`
 | `object`
-| Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions.  For example, 
- type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` 
- // other fields }
+| Condition contains details for one aspect of the current state of this API Resource.
 
 | `observedGeneration`
 | `integer`
-| ObservedGeneration is the most recent generation observed for this ControlPlaneMachineSet. It corresponds to the ControlPlaneMachineSets's generation, which is updated on mutation by the API Server.
+| ObservedGeneration is the most recent generation observed for this
+ControlPlaneMachineSet. It corresponds to the ControlPlaneMachineSets's generation,
+which is updated on mutation by the API Server.
 
 | `readyReplicas`
 | `integer`
-| ReadyReplicas is the number of Control Plane Machines created by the ControlPlaneMachineSet controller which are ready. Note that this value may be higher than the desired number of replicas while rolling updates are in-progress.
+| ReadyReplicas is the number of Control Plane Machines created by the
+ControlPlaneMachineSet controller which are ready.
+Note that this value may be higher than the desired number of replicas
+while rolling updates are in-progress.
 
 | `replicas`
 | `integer`
-| Replicas is the number of Control Plane Machines created by the ControlPlaneMachineSet controller. Note that during update operations this value may differ from the desired replica count.
+| Replicas is the number of Control Plane Machines created by the
+ControlPlaneMachineSet controller.
+Note that during update operations this value may differ from the
+desired replica count.
 
 | `unavailableReplicas`
 | `integer`
-| UnavailableReplicas is the number of Control Plane Machines that are still required before the ControlPlaneMachineSet reaches the desired available capacity. When this value is non-zero, the number of ReadyReplicas is less than the desired Replicas.
+| UnavailableReplicas is the number of Control Plane Machines that are
+still required before the ControlPlaneMachineSet reaches the desired
+available capacity. When this value is non-zero, the number of
+ReadyReplicas is less than the desired Replicas.
 
 | `updatedReplicas`
 | `integer`
-| UpdatedReplicas is the number of non-terminated Control Plane Machines created by the ControlPlaneMachineSet controller that have the desired provider spec and are ready. This value is set to 0 when a change is detected to the desired spec. When the update strategy is RollingUpdate, this will also coincide with starting the process of updating the Machines. When the update strategy is OnDelete, this value will remain at 0 until a user deletes an existing replica and its replacement has become ready.
+| UpdatedReplicas is the number of non-terminated Control Plane Machines
+created by the ControlPlaneMachineSet controller that have the desired
+provider spec and are ready.
+This value is set to 0 when a change is detected to the desired spec.
+When the update strategy is RollingUpdate, this will also coincide
+with starting the process of updating the Machines.
+When the update strategy is OnDelete, this value will remain at 0 until
+a user deletes an existing replica and its replacement has become ready.
 
 |===
 === .status.conditions
 Description::
 +
 --
-Conditions represents the observations of the ControlPlaneMachineSet's current state. Known .status.conditions.type are: Available, Degraded and Progressing.
+Conditions represents the observations of the ControlPlaneMachineSet's current state.
+Known .status.conditions.type are: Available, Degraded and Progressing.
 --
 
 Type::
@@ -1116,9 +1323,7 @@ Type::
 Description::
 +
 --
-Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions.  For example, 
- type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` 
- // other fields }
+Condition contains details for one aspect of the current state of this API Resource.
 --
 
 Type::
@@ -1139,19 +1344,27 @@ Required::
 
 | `lastTransitionTime`
 | `string`
-| lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
+| lastTransitionTime is the last time the condition transitioned from one status to another.
+This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
 
 | `message`
 | `string`
-| message is a human readable message indicating details about the transition. This may be an empty string.
+| message is a human readable message indicating details about the transition.
+This may be an empty string.
 
 | `observedGeneration`
 | `integer`
-| observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
+| observedGeneration represents the .metadata.generation that the condition was set based upon.
+For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+with respect to the current state of the instance.
 
 | `reason`
 | `string`
-| reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
+| reason contains a programmatic identifier indicating the reason for the condition's last transition.
+Producers of specific condition types may define expected values and meanings for this field,
+and whether the values are considered a guaranteed API.
+The value should be a CamelCase string.
+This field may not be empty.
 
 | `status`
 | `string`
@@ -1159,7 +1372,7 @@ Required::
 
 | `type`
 | `string`
-| type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+| type of condition in CamelCase or in foo.example.com/CamelCase.
 
 |===
 
diff --git a/rest_api/machine_apis/kubeletconfig-machineconfiguration-openshift-io-v1.adoc b/rest_api/machine_apis/kubeletconfig-machineconfiguration-openshift-io-v1.adoc
index 7ac41eba0b..67df3ab135 100644
--- a/rest_api/machine_apis/kubeletconfig-machineconfiguration-openshift-io-v1.adoc
+++ b/rest_api/machine_apis/kubeletconfig-machineconfiguration-openshift-io-v1.adoc
@@ -11,8 +11,9 @@ toc::[]
 Description::
 +
 --
-KubeletConfig describes a customized Kubelet configuration. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+KubeletConfig describes a customized Kubelet configuration.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -72,7 +73,10 @@ Type::
 
 | `kubeletConfig`
 | ``
-| kubeletConfig fields are defined in kubernetes upstream. Please refer to the types defined in the version/commit used by OpenShift of the upstream kubernetes. It's important to note that, since the fields of the kubelet configuration are directly fetched from upstream the validation of those values is handled directly by the kubelet. Please refer to the upstream version of the relevant kubernetes for the valid values of these fields. Invalid values of the kubelet configuration fields may render cluster nodes unusable.
+| kubeletConfig fields are defined in kubernetes upstream. Please refer to the types defined in the version/commit used by
+OpenShift of the upstream kubernetes. It's important to note that, since the fields of the kubelet configuration are directly fetched from
+upstream the validation of those values is handled directly by the kubelet. Please refer to the upstream version of the relevant kubernetes
+for the valid values of these fields. Invalid values of the kubelet configuration fields may render cluster nodes unusable.
 
 | `logLevel`
 | `integer`
@@ -80,18 +84,22 @@ Type::
 
 | `machineConfigPoolSelector`
 | `object`
-| MachineConfigPoolSelector selects which pools the KubeletConfig shoud apply to. A nil selector will result in no pools being selected.
+| MachineConfigPoolSelector selects which pools the KubeletConfig shoud apply to.
+A nil selector will result in no pools being selected.
 
 | `tlsSecurityProfile`
 | `object`
-| If unset, the default is based on the apiservers.config.openshift.io/cluster resource. Note that only Old and Intermediate profiles are currently supported, and the maximum available minTLSVersion is VersionTLS12.
+| If unset, the default is based on the apiservers.config.openshift.io/cluster resource.
+Note that only Old and Intermediate profiles are currently supported, and
+the maximum available minTLSVersion is VersionTLS12.
 
 |===
 === .spec.machineConfigPoolSelector
 Description::
 +
 --
-MachineConfigPoolSelector selects which pools the KubeletConfig shoud apply to. A nil selector will result in no pools being selected.
+MachineConfigPoolSelector selects which pools the KubeletConfig shoud apply to.
+A nil selector will result in no pools being selected.
 --
 
 Type::
@@ -110,11 +118,14 @@ Type::
 
 | `matchExpressions[]`
 | `object`
-| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+| A label selector requirement is a selector that contains values, a key, and an operator that
+relates the key and values.
 
 | `matchLabels`
 | `object (string)`
-| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+map is equivalent to an element of matchExpressions, whose key field is "key", the
+operator is "In", and the values array contains only "value". The requirements are ANDed.
 
 |===
 === .spec.machineConfigPoolSelector.matchExpressions
@@ -134,7 +145,8 @@ Type::
 Description::
 +
 --
-A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+A label selector requirement is a selector that contains values, a key, and an operator that
+relates the key and values.
 --
 
 Type::
@@ -156,18 +168,24 @@ Required::
 
 | `operator`
 | `string`
-| operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+| operator represents a key's relationship to a set of values.
+Valid operators are In, NotIn, Exists and DoesNotExist.
 
 | `values`
 | `array (string)`
-| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+| values is an array of string values. If the operator is In or NotIn,
+the values array must be non-empty. If the operator is Exists or DoesNotExist,
+the values array must be empty. This array is replaced during a strategic
+merge patch.
 
 |===
 === .spec.tlsSecurityProfile
 Description::
 +
 --
-If unset, the default is based on the apiservers.config.openshift.io/cluster resource. Note that only Old and Intermediate profiles are currently supported, and the maximum available minTLSVersion is VersionTLS12.
+If unset, the default is based on the apiservers.config.openshift.io/cluster resource.
+Note that only Old and Intermediate profiles are currently supported, and
+the maximum available minTLSVersion is VersionTLS12.
 --
 
 Type::
@@ -182,87 +200,158 @@ Type::
 
 | `custom`
 | ``
-| custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this: 
- ciphers: 
- - ECDHE-ECDSA-CHACHA20-POLY1305 
- - ECDHE-RSA-CHACHA20-POLY1305 
- - ECDHE-RSA-AES128-GCM-SHA256 
- - ECDHE-ECDSA-AES128-GCM-SHA256 
- minTLSVersion: VersionTLS11
+| custom is a user-defined TLS security profile. Be extremely careful using a custom
+profile as invalid configurations can be catastrophic. An example custom profile
+looks like this:
+
+  ciphers:
+
+    - ECDHE-ECDSA-CHACHA20-POLY1305
+
+    - ECDHE-RSA-CHACHA20-POLY1305
+
+    - ECDHE-RSA-AES128-GCM-SHA256
+
+    - ECDHE-ECDSA-AES128-GCM-SHA256
+
+  minTLSVersion: VersionTLS11
 
 | `intermediate`
 | ``
-| intermediate is a TLS security profile based on: 
- https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 
- and looks like this (yaml): 
- ciphers: 
- - TLS_AES_128_GCM_SHA256 
- - TLS_AES_256_GCM_SHA384 
- - TLS_CHACHA20_POLY1305_SHA256 
- - ECDHE-ECDSA-AES128-GCM-SHA256 
- - ECDHE-RSA-AES128-GCM-SHA256 
- - ECDHE-ECDSA-AES256-GCM-SHA384 
- - ECDHE-RSA-AES256-GCM-SHA384 
- - ECDHE-ECDSA-CHACHA20-POLY1305 
- - ECDHE-RSA-CHACHA20-POLY1305 
- - DHE-RSA-AES128-GCM-SHA256 
- - DHE-RSA-AES256-GCM-SHA384 
- minTLSVersion: VersionTLS12
+| intermediate is a TLS security profile based on:
+
+https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29
+
+and looks like this (yaml):
+
+  ciphers:
+
+    - TLS_AES_128_GCM_SHA256
+
+    - TLS_AES_256_GCM_SHA384
+
+    - TLS_CHACHA20_POLY1305_SHA256
+
+    - ECDHE-ECDSA-AES128-GCM-SHA256
+
+    - ECDHE-RSA-AES128-GCM-SHA256
+
+    - ECDHE-ECDSA-AES256-GCM-SHA384
+
+    - ECDHE-RSA-AES256-GCM-SHA384
+
+    - ECDHE-ECDSA-CHACHA20-POLY1305
+
+    - ECDHE-RSA-CHACHA20-POLY1305
+
+    - DHE-RSA-AES128-GCM-SHA256
+
+    - DHE-RSA-AES256-GCM-SHA384
+
+  minTLSVersion: VersionTLS12
 
 | `modern`
 | ``
-| modern is a TLS security profile based on: 
- https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility 
- and looks like this (yaml): 
- ciphers: 
- - TLS_AES_128_GCM_SHA256 
- - TLS_AES_256_GCM_SHA384 
- - TLS_CHACHA20_POLY1305_SHA256 
- minTLSVersion: VersionTLS13
+| modern is a TLS security profile based on:
+
+https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
+
+and looks like this (yaml):
+
+  ciphers:
+
+    - TLS_AES_128_GCM_SHA256
+
+    - TLS_AES_256_GCM_SHA384
+
+    - TLS_CHACHA20_POLY1305_SHA256
+
+  minTLSVersion: VersionTLS13
 
 | `old`
 | ``
-| old is a TLS security profile based on: 
- https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility 
- and looks like this (yaml): 
- ciphers: 
- - TLS_AES_128_GCM_SHA256 
- - TLS_AES_256_GCM_SHA384 
- - TLS_CHACHA20_POLY1305_SHA256 
- - ECDHE-ECDSA-AES128-GCM-SHA256 
- - ECDHE-RSA-AES128-GCM-SHA256 
- - ECDHE-ECDSA-AES256-GCM-SHA384 
- - ECDHE-RSA-AES256-GCM-SHA384 
- - ECDHE-ECDSA-CHACHA20-POLY1305 
- - ECDHE-RSA-CHACHA20-POLY1305 
- - DHE-RSA-AES128-GCM-SHA256 
- - DHE-RSA-AES256-GCM-SHA384 
- - DHE-RSA-CHACHA20-POLY1305 
- - ECDHE-ECDSA-AES128-SHA256 
- - ECDHE-RSA-AES128-SHA256 
- - ECDHE-ECDSA-AES128-SHA 
- - ECDHE-RSA-AES128-SHA 
- - ECDHE-ECDSA-AES256-SHA384 
- - ECDHE-RSA-AES256-SHA384 
- - ECDHE-ECDSA-AES256-SHA 
- - ECDHE-RSA-AES256-SHA 
- - DHE-RSA-AES128-SHA256 
- - DHE-RSA-AES256-SHA256 
- - AES128-GCM-SHA256 
- - AES256-GCM-SHA384 
- - AES128-SHA256 
- - AES256-SHA256 
- - AES128-SHA 
- - AES256-SHA 
- - DES-CBC3-SHA 
- minTLSVersion: VersionTLS10
+| old is a TLS security profile based on:
+
+https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility
+
+and looks like this (yaml):
+
+  ciphers:
+
+    - TLS_AES_128_GCM_SHA256
+
+    - TLS_AES_256_GCM_SHA384
+
+    - TLS_CHACHA20_POLY1305_SHA256
+
+    - ECDHE-ECDSA-AES128-GCM-SHA256
+
+    - ECDHE-RSA-AES128-GCM-SHA256
+
+    - ECDHE-ECDSA-AES256-GCM-SHA384
+
+    - ECDHE-RSA-AES256-GCM-SHA384
+
+    - ECDHE-ECDSA-CHACHA20-POLY1305
+
+    - ECDHE-RSA-CHACHA20-POLY1305
+
+    - DHE-RSA-AES128-GCM-SHA256
+
+    - DHE-RSA-AES256-GCM-SHA384
+
+    - DHE-RSA-CHACHA20-POLY1305
+
+    - ECDHE-ECDSA-AES128-SHA256
+
+    - ECDHE-RSA-AES128-SHA256
+
+    - ECDHE-ECDSA-AES128-SHA
+
+    - ECDHE-RSA-AES128-SHA
+
+    - ECDHE-ECDSA-AES256-SHA384
+
+    - ECDHE-RSA-AES256-SHA384
+
+    - ECDHE-ECDSA-AES256-SHA
+
+    - ECDHE-RSA-AES256-SHA
+
+    - DHE-RSA-AES128-SHA256
+
+    - DHE-RSA-AES256-SHA256
+
+    - AES128-GCM-SHA256
+
+    - AES256-GCM-SHA384
+
+    - AES128-SHA256
+
+    - AES256-SHA256
+
+    - AES128-SHA
+
+    - AES256-SHA
+
+    - DES-CBC3-SHA
+
+  minTLSVersion: VersionTLS10
 
 | `type`
 | `string`
-| type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. Old, Intermediate and Modern are TLS security profiles based on: 
- https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations 
- The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure.  Depending on precisely which ciphers are available to a process, the list may be reduced. 
- Note that the Modern profile is currently not supported because it is not yet well adopted by common software libraries.
+| type is one of Old, Intermediate, Modern or Custom. Custom provides
+the ability to specify individual TLS security profile parameters.
+Old, Intermediate and Modern are TLS security profiles based on:
+
+https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations
+
+The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers
+are found to be insecure.  Depending on precisely which ciphers are available to a process, the list may be
+reduced.
+
+Note that the Modern profile is currently not supported because it is not
+yet well adopted by common software libraries.
 
 |===
 === .status
@@ -331,7 +420,8 @@ Type::
 
 | `message`
 | `string`
-| message provides additional information about the current condition. This is only to be consumed by humans.
+| message provides additional information about the current condition.
+This is only to be consumed by humans.
 
 | `reason`
 | `string`
diff --git a/rest_api/machine_apis/machine-apis-index.adoc b/rest_api/machine_apis/machine-apis-index.adoc
index 30df6f4138..37ff3c2781 100644
--- a/rest_api/machine_apis/machine-apis-index.adoc
+++ b/rest_api/machine_apis/machine-apis-index.adoc
@@ -12,8 +12,9 @@ toc::[]
 Description::
 +
 --
-ContainerRuntimeConfig describes a customized Container Runtime configuration. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ContainerRuntimeConfig describes a customized Container Runtime configuration.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -24,8 +25,10 @@ Type::
 Description::
 +
 --
-ControllerConfig describes configuration for MachineConfigController. This is currently only used to drive the MachineConfig objects generated by the TemplateController. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ControllerConfig describes configuration for MachineConfigController.
+This is currently only used to drive the MachineConfig objects generated by the TemplateController.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -36,7 +39,8 @@ Type::
 Description::
 +
 --
-ControlPlaneMachineSet ensures that a specified number of control plane machine replicas are running at any given time. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ControlPlaneMachineSet ensures that a specified number of control plane machine replicas are running at any given time.
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -47,8 +51,9 @@ Type::
 Description::
 +
 --
-KubeletConfig describes a customized Kubelet configuration. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+KubeletConfig describes a customized Kubelet configuration.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -59,8 +64,9 @@ Type::
 Description::
 +
 --
-MachineConfig defines the configuration for a machine 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+MachineConfig defines the configuration for a machine
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -71,8 +77,9 @@ Type::
 Description::
 +
 --
-MachineConfigPool describes a pool of MachineConfigs. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+MachineConfigPool describes a pool of MachineConfigs.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -83,7 +90,8 @@ Type::
 Description::
 +
 --
-MachineHealthCheck is the Schema for the machinehealthchecks API Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).
+MachineHealthCheck is the Schema for the machinehealthchecks API
+Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -94,7 +102,8 @@ Type::
 Description::
 +
 --
-Machine is the Schema for the machines API Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).
+Machine is the Schema for the machines API
+Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -105,7 +114,8 @@ Type::
 Description::
 +
 --
-MachineSet ensures that a specified number of machines replicas are running at any given time. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).
+MachineSet ensures that a specified number of machines replicas are running at any given time.
+Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).
 --
 
 Type::
diff --git a/rest_api/machine_apis/machine-machine-openshift-io-v1beta1.adoc b/rest_api/machine_apis/machine-machine-openshift-io-v1beta1.adoc
index 7e86ba006b..8b44dc45ea 100644
--- a/rest_api/machine_apis/machine-machine-openshift-io-v1beta1.adoc
+++ b/rest_api/machine_apis/machine-machine-openshift-io-v1beta1.adoc
@@ -11,7 +11,8 @@ toc::[]
 Description::
 +
 --
-Machine is the Schema for the machines API Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).
+Machine is the Schema for the machines API
+Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -65,15 +66,27 @@ Type::
 
 | `lifecycleHooks`
 | `object`
-| LifecycleHooks allow users to pause operations on the machine at certain predefined points within the machine lifecycle.
+| LifecycleHooks allow users to pause operations on the machine at
+certain predefined points within the machine lifecycle.
 
 | `metadata`
 | `object`
-| ObjectMeta will autopopulate the Node created. Use this to indicate what labels, annotations, name prefix, etc., should be used when creating the Node.
+| ObjectMeta will autopopulate the Node created. Use this to
+indicate what labels, annotations, name prefix, etc., should be used
+when creating the Node.
 
 | `providerID`
 | `string`
-| ProviderID is the identification ID of the machine provided by the provider. This field must match the provider ID as seen on the node object corresponding to this machine. This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a generic out-of-tree provider for autoscaler, this field is required by autoscaler to be able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver and then a comparison is done to find out unregistered machines and are marked for delete. This field will be set by the actuators and consumed by higher level entities like autoscaler that will be interfacing with cluster-api as generic provider.
+| ProviderID is the identification ID of the machine provided by the provider.
+This field must match the provider ID as seen on the node object corresponding to this machine.
+This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler
+with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out
+machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a
+generic out-of-tree provider for autoscaler, this field is required by autoscaler to be
+able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver
+and then a comparison is done to find out unregistered machines and are marked for delete.
+This field will be set by the actuators and consumed by higher level entities like autoscaler that will
+be interfacing with cluster-api as generic provider.
 
 | `providerSpec`
 | `object`
@@ -81,18 +94,25 @@ Type::
 
 | `taints`
 | `array`
-| The list of the taints to be applied to the corresponding Node in additive manner. This list will not overwrite any other taints added to the Node on an ongoing basis by other entities. These taints should be actively reconciled e.g. if you ask the machine controller to apply a taint and then manually remove the taint the machine controller will put it back) but not have the machine controller remove any taints
+| The list of the taints to be applied to the corresponding Node in additive
+manner. This list will not overwrite any other taints added to the Node on
+an ongoing basis by other entities. These taints should be actively reconciled
+e.g. if you ask the machine controller to apply a taint and then manually remove
+the taint the machine controller will put it back) but not have the machine controller
+remove any taints
 
 | `taints[]`
 | `object`
-| The node this Taint is attached to has the "effect" on any pod that does not tolerate the Taint.
+| The node this Taint is attached to has the "effect" on
+any pod that does not tolerate the Taint.
 
 |===
 === .spec.lifecycleHooks
 Description::
 +
 --
-LifecycleHooks allow users to pause operations on the machine at certain predefined points within the machine lifecycle.
+LifecycleHooks allow users to pause operations on the machine at
+certain predefined points within the machine lifecycle.
 --
 
 Type::
@@ -107,7 +127,8 @@ Type::
 
 | `preDrain`
 | `array`
-| PreDrain hooks prevent the machine from being drained. This also blocks further lifecycle events, such as termination.
+| PreDrain hooks prevent the machine from being drained.
+This also blocks further lifecycle events, such as termination.
 
 | `preDrain[]`
 | `object`
@@ -115,7 +136,8 @@ Type::
 
 | `preTerminate`
 | `array`
-| PreTerminate hooks prevent the machine from being terminated. PreTerminate hooks be actioned after the Machine has been drained.
+| PreTerminate hooks prevent the machine from being terminated.
+PreTerminate hooks be actioned after the Machine has been drained.
 
 | `preTerminate[]`
 | `object`
@@ -126,7 +148,8 @@ Type::
 Description::
 +
 --
-PreDrain hooks prevent the machine from being drained. This also blocks further lifecycle events, such as termination.
+PreDrain hooks prevent the machine from being drained.
+This also blocks further lifecycle events, such as termination.
 --
 
 Type::
@@ -157,18 +180,26 @@ Required::
 
 | `name`
 | `string`
-| Name defines a unique name for the lifcycle hook. The name should be unique and descriptive, ideally 1-3 words, in CamelCase or it may be namespaced, eg. foo.example.com/CamelCase. Names must be unique and should only be managed by a single entity.
+| Name defines a unique name for the lifcycle hook.
+The name should be unique and descriptive, ideally 1-3 words, in CamelCase or
+it may be namespaced, eg. foo.example.com/CamelCase.
+Names must be unique and should only be managed by a single entity.
 
 | `owner`
 | `string`
-| Owner defines the owner of the lifecycle hook. This should be descriptive enough so that users can identify who/what is responsible for blocking the lifecycle. This could be the name of a controller (e.g. clusteroperator/etcd) or an administrator managing the hook.
+| Owner defines the owner of the lifecycle hook.
+This should be descriptive enough so that users can identify
+who/what is responsible for blocking the lifecycle.
+This could be the name of a controller (e.g. clusteroperator/etcd)
+or an administrator managing the hook.
 
 |===
 === .spec.lifecycleHooks.preTerminate
 Description::
 +
 --
-PreTerminate hooks prevent the machine from being terminated. PreTerminate hooks be actioned after the Machine has been drained.
+PreTerminate hooks prevent the machine from being terminated.
+PreTerminate hooks be actioned after the Machine has been drained.
 --
 
 Type::
@@ -199,18 +230,27 @@ Required::
 
 | `name`
 | `string`
-| Name defines a unique name for the lifcycle hook. The name should be unique and descriptive, ideally 1-3 words, in CamelCase or it may be namespaced, eg. foo.example.com/CamelCase. Names must be unique and should only be managed by a single entity.
+| Name defines a unique name for the lifcycle hook.
+The name should be unique and descriptive, ideally 1-3 words, in CamelCase or
+it may be namespaced, eg. foo.example.com/CamelCase.
+Names must be unique and should only be managed by a single entity.
 
 | `owner`
 | `string`
-| Owner defines the owner of the lifecycle hook. This should be descriptive enough so that users can identify who/what is responsible for blocking the lifecycle. This could be the name of a controller (e.g. clusteroperator/etcd) or an administrator managing the hook.
+| Owner defines the owner of the lifecycle hook.
+This should be descriptive enough so that users can identify
+who/what is responsible for blocking the lifecycle.
+This could be the name of a controller (e.g. clusteroperator/etcd)
+or an administrator managing the hook.
 
 |===
 === .spec.metadata
 Description::
 +
 --
-ObjectMeta will autopopulate the Node created. Use this to indicate what labels, annotations, name prefix, etc., should be used when creating the Node.
+ObjectMeta will autopopulate the Node created. Use this to
+indicate what labels, annotations, name prefix, etc., should be used
+when creating the Node.
 --
 
 Type::
@@ -225,41 +265,78 @@ Type::
 
 | `annotations`
 | `object (string)`
-| Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations
+| Annotations is an unstructured key value map stored with a resource that may be
+set by external tools to store and retrieve arbitrary metadata. They are not
+queryable and should be preserved when modifying objects.
+More info: http://kubernetes.io/docs/user-guide/annotations
 
 | `generateName`
 | `string`
-| GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. 
- If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). 
- Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
+| GenerateName is an optional prefix, used by the server, to generate a unique
+name ONLY IF the Name field has not been provided.
+If this field is used, the name returned to the client will be different
+than the name passed. This value will also be combined with a unique suffix.
+The provided value has the same validation rules as the Name field,
+and may be truncated by the length of the suffix required to make the value
+unique on the server.
+
+If this field is specified and the generated name exists, the server will
+NOT return a 409 - instead, it will either return 201 Created or 500 with Reason
+ServerTimeout indicating a unique name could not be found in the time allotted, and the client
+should retry (optionally after the time indicated in the Retry-After header).
+
+Applied only if Name is not specified.
+More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
 
 | `labels`
 | `object (string)`
-| Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels
+| Map of string keys and values that can be used to organize and categorize
+(scope and select) objects. May match selectors of replication controllers
+and services.
+More info: http://kubernetes.io/docs/user-guide/labels
 
 | `name`
 | `string`
-| Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names
+| Name must be unique within a namespace. Is required when creating resources, although
+some resources may allow a client to request the generation of an appropriate name
+automatically. Name is primarily intended for creation idempotence and configuration
+definition.
+Cannot be updated.
+More info: http://kubernetes.io/docs/user-guide/identifiers#names
 
 | `namespace`
 | `string`
-| Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. 
- Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces
+| Namespace defines the space within each name must be unique. An empty namespace is
+equivalent to the "default" namespace, but "default" is the canonical representation.
+Not all objects are required to be scoped to a namespace - the value of this field for
+those objects will be empty.
+
+Must be a DNS_LABEL.
+Cannot be updated.
+More info: http://kubernetes.io/docs/user-guide/namespaces
 
 | `ownerReferences`
 | `array`
-| List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
+| List of objects depended by this object. If ALL objects in the list have
+been deleted, this object will be garbage collected. If this object is managed by a controller,
+then an entry in this list will point to this controller, with the controller field set to true.
+There cannot be more than one managing controller.
 
 | `ownerReferences[]`
 | `object`
-| OwnerReference contains enough information to let you identify an owning object. An owning object must be in the same namespace as the dependent, or be cluster-scoped, so there is no namespace field.
+| OwnerReference contains enough information to let you identify an owning
+object. An owning object must be in the same namespace as the dependent, or
+be cluster-scoped, so there is no namespace field.
 
 |===
 === .spec.metadata.ownerReferences
 Description::
 +
 --
-List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
+List of objects depended by this object. If ALL objects in the list have
+been deleted, this object will be garbage collected. If this object is managed by a controller,
+then an entry in this list will point to this controller, with the controller field set to true.
+There cannot be more than one managing controller.
 --
 
 Type::
@@ -272,7 +349,9 @@ Type::
 Description::
 +
 --
-OwnerReference contains enough information to let you identify an owning object. An owning object must be in the same namespace as the dependent, or be cluster-scoped, so there is no namespace field.
+OwnerReference contains enough information to let you identify an owning
+object. An owning object must be in the same namespace as the dependent, or
+be cluster-scoped, so there is no namespace field.
 --
 
 Type::
@@ -296,7 +375,14 @@ Required::
 
 | `blockOwnerDeletion`
 | `boolean`
-| If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion for how the garbage collector interacts with this field and enforces the foreground deletion. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.
+| If true, AND if the owner has the "foregroundDeletion" finalizer, then
+the owner cannot be deleted from the key-value store until this
+reference is removed.
+See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion
+for how the garbage collector interacts with this field and enforces the foreground deletion.
+Defaults to false.
+To set this field, a user needs "delete" permission of the owner,
+otherwise 422 (Unprocessable Entity) will be returned.
 
 | `controller`
 | `boolean`
@@ -304,15 +390,18 @@ Required::
 
 | `kind`
 | `string`
-| Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+| Kind of the referent.
+More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
 
 | `name`
 | `string`
-| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
+| Name of the referent.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
 
 | `uid`
 | `string`
-| UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
+| UID of the referent.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
 
 |===
 === .spec.providerSpec
@@ -334,14 +423,22 @@ Type::
 
 | `value`
 | ``
-| Value is an inlined, serialized representation of the resource configuration. It is recommended that providers maintain their own versioned API types that should be serialized/deserialized from this field, akin to component config.
+| Value is an inlined, serialized representation of the resource
+configuration. It is recommended that providers maintain their own
+versioned API types that should be serialized/deserialized from this
+field, akin to component config.
 
 |===
 === .spec.taints
 Description::
 +
 --
-The list of the taints to be applied to the corresponding Node in additive manner. This list will not overwrite any other taints added to the Node on an ongoing basis by other entities. These taints should be actively reconciled e.g. if you ask the machine controller to apply a taint and then manually remove the taint the machine controller will put it back) but not have the machine controller remove any taints
+The list of the taints to be applied to the corresponding Node in additive
+manner. This list will not overwrite any other taints added to the Node on
+an ongoing basis by other entities. These taints should be actively reconciled
+e.g. if you ask the machine controller to apply a taint and then manually remove
+the taint the machine controller will put it back) but not have the machine controller
+remove any taints
 --
 
 Type::
@@ -354,7 +451,8 @@ Type::
 Description::
 +
 --
-The node this Taint is attached to has the "effect" on any pod that does not tolerate the Taint.
+The node this Taint is attached to has the "effect" on
+any pod that does not tolerate the Taint.
 --
 
 Type::
@@ -372,7 +470,9 @@ Required::
 
 | `effect`
 | `string`
-| Required. The effect of the taint on pods that do not tolerate the taint. Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
+| Required. The effect of the taint on pods
+that do not tolerate the taint.
+Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
 
 | `key`
 | `string`
@@ -380,7 +480,8 @@ Required::
 
 | `timeAdded`
 | `string`
-| TimeAdded represents the time at which the taint was added. It is only written for NoExecute taints.
+| TimeAdded represents the time at which the taint was added.
+It is only written for NoExecute taints.
 
 | `value`
 | `string`
@@ -422,19 +523,48 @@ Type::
 
 | `errorMessage`
 | `string`
-| ErrorMessage will be set in the event that there is a terminal problem reconciling the Machine and will contain a more verbose string suitable for logging and human consumption. 
- This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. 
- Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output.
+| ErrorMessage will be set in the event that there is a terminal problem
+reconciling the Machine and will contain a more verbose string suitable
+for logging and human consumption.
+
+This field should not be set for transitive errors that a controller
+faces that are expected to be fixed automatically over
+time (like service outages), but instead indicate that something is
+fundamentally wrong with the Machine's spec or the configuration of
+the controller, and that manual intervention is required. Examples
+of terminal errors would be invalid combinations of settings in the
+spec, values that are unsupported by the controller, or the
+responsible controller itself being critically misconfigured.
+
+Any transient errors that occur during the reconciliation of Machines
+can be added as events to the Machine object and/or logged in the
+controller's output.
 
 | `errorReason`
 | `string`
-| ErrorReason will be set in the event that there is a terminal problem reconciling the Machine and will contain a succinct value suitable for machine interpretation. 
- This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. 
- Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output.
+| ErrorReason will be set in the event that there is a terminal problem
+reconciling the Machine and will contain a succinct value suitable
+for machine interpretation.
+
+This field should not be set for transitive errors that a controller
+faces that are expected to be fixed automatically over
+time (like service outages), but instead indicate that something is
+fundamentally wrong with the Machine's spec or the configuration of
+the controller, and that manual intervention is required. Examples
+of terminal errors would be invalid combinations of settings in the
+spec, values that are unsupported by the controller, or the
+responsible controller itself being critically misconfigured.
+
+Any transient errors that occur during the reconciliation of Machines
+can be added as events to the Machine object and/or logged in the
+controller's output.
 
 | `lastOperation`
 | `object`
-| LastOperation describes the last-operation performed by the machine-controller. This API should be useful as a history in terms of the latest operation performed on the specific machine. It should also convey the state of the latest-operation for example if it is still on-going, failed or completed successfully.
+| LastOperation describes the last-operation performed by the machine-controller.
+This API should be useful as a history in terms of the latest operation performed on the
+specific machine. It should also convey the state of the latest-operation for example if
+it is still on-going, failed or completed successfully.
 
 | `lastUpdated`
 | `string`
@@ -446,11 +576,15 @@ Type::
 
 | `phase`
 | `string`
-| Phase represents the current phase of machine actuation. One of: Failed, Provisioning, Provisioned, Running, Deleting
+| Phase represents the current phase of machine actuation.
+One of: Failed, Provisioning, Provisioned, Running, Deleting
 
 | `providerStatus`
 | ``
-| ProviderStatus details a Provider-specific status. It is recommended that providers maintain their own versioned API types that should be serialized/deserialized from this field.
+| ProviderStatus details a Provider-specific status.
+It is recommended that providers maintain their
+own versioned API types that should be
+serialized/deserialized from this field.
 
 |===
 === .status.addresses
@@ -519,6 +653,8 @@ Type::
   `object`
 
 Required::
+  - `lastTransitionTime`
+  - `status`
   - `type`
 
 
@@ -529,19 +665,26 @@ Required::
 
 | `lastTransitionTime`
 | `string`
-| Last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+| Last time the condition transitioned from one status to another.
+This should be when the underlying condition changed. If that is not known, then using the time when
+the API field changed is acceptable.
 
 | `message`
 | `string`
-| A human readable message indicating details about the transition. This field may be empty.
+| A human readable message indicating details about the transition.
+This field may be empty.
 
 | `reason`
 | `string`
-| The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty.
+| The reason for the condition's last transition in CamelCase.
+The specific API may choose whether or not this field is considered a guaranteed API.
+This field may not be empty.
 
 | `severity`
 | `string`
-| Severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False.
+| Severity provides an explicit classification of Reason code, so the users or machines can immediately
+understand the current situation and act accordingly.
+The Severity field MUST be set only when Status=False.
 
 | `status`
 | `string`
@@ -549,14 +692,19 @@ Required::
 
 | `type`
 | `string`
-| Type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important.
+| Type of condition in CamelCase or in foo.example.com/CamelCase.
+Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+can be useful (see .node.status.conditions), the ability to deconflict is important.
 
 |===
 === .status.lastOperation
 Description::
 +
 --
-LastOperation describes the last-operation performed by the machine-controller. This API should be useful as a history in terms of the latest operation performed on the specific machine. It should also convey the state of the latest-operation for example if it is still on-going, failed or completed successfully.
+LastOperation describes the last-operation performed by the machine-controller.
+This API should be useful as a history in terms of the latest operation performed on the
+specific machine. It should also convey the state of the latest-operation for example if
+it is still on-going, failed or completed successfully.
 --
 
 Type::
@@ -579,11 +727,13 @@ Type::
 
 | `state`
 | `string`
-| State is the current status of the last performed operation. E.g. Processing, Failed, Successful etc
+| State is the current status of the last performed operation.
+E.g. Processing, Failed, Successful etc
 
 | `type`
 | `string`
-| Type is the type of operation which was last performed. E.g. Create, Delete, Update etc
+| Type is the type of operation which was last performed.
+E.g. Create, Delete, Update etc
 
 |===
 === .status.nodeRef
@@ -609,27 +759,38 @@ Type::
 
 | `fieldPath`
 | `string`
-| If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.
+| If referring to a piece of an object instead of an entire object, this string
+should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+For example, if the object reference is to a container within a pod, this would take on a value like:
+"spec.containers{name}" (where "name" refers to the name of the container that triggered
+the event) or if no container name is specified "spec.containers[2]" (container with
+index 2 in this pod). This syntax is chosen only to have some well-defined way of
+referencing a part of an object.
 
 | `kind`
 | `string`
-| Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+| Kind of the referent.
+More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
 
 | `name`
 | `string`
-| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+| Name of the referent.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 
 | `namespace`
 | `string`
-| Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+| Namespace of the referent.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
 
 | `resourceVersion`
 | `string`
-| Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+| Specific resourceVersion to which this reference is made, if any.
+More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
 
 | `uid`
 | `string`
-| UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+| UID of the referent.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
 
 |===
 
diff --git a/rest_api/machine_apis/machineconfig-machineconfiguration-openshift-io-v1.adoc b/rest_api/machine_apis/machineconfig-machineconfiguration-openshift-io-v1.adoc
index 935dc03723..fd7bbf2a41 100644
--- a/rest_api/machine_apis/machineconfig-machineconfiguration-openshift-io-v1.adoc
+++ b/rest_api/machine_apis/machineconfig-machineconfiguration-openshift-io-v1.adoc
@@ -11,8 +11,9 @@ toc::[]
 Description::
 +
 --
-MachineConfig defines the configuration for a machine 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+MachineConfig defines the configuration for a machine
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -62,7 +63,8 @@ Type::
 
 | `baseOSExtensionsContainerImage`
 | `string`
-| BaseOSExtensionsContainerImage specifies the remote location that will be used to fetch the extensions container matching a new-format OS image
+| BaseOSExtensionsContainerImage specifies the remote location that will be used
+to fetch the extensions container matching a new-format OS image
 
 | `config`
 | ``
@@ -82,11 +84,13 @@ Type::
 
 | `kernelType`
 | `string`
-| kernelType contains which kernel we want to be running like default (traditional), realtime, 64k-pages (aarch64 only).
+| kernelType contains which kernel we want to be running like default
+(traditional), realtime, 64k-pages (aarch64 only).
 
 | `osImageURL`
 | `string`
-| OSImageURL specifies the remote location that will be used to fetch the OS.
+| OSImageURL specifies the remote location that will be used to
+fetch the OS.
 
 |===
 
diff --git a/rest_api/machine_apis/machineconfigpool-machineconfiguration-openshift-io-v1.adoc b/rest_api/machine_apis/machineconfigpool-machineconfiguration-openshift-io-v1.adoc
index 9204f53ca3..84f4b77a71 100644
--- a/rest_api/machine_apis/machineconfigpool-machineconfiguration-openshift-io-v1.adoc
+++ b/rest_api/machine_apis/machineconfigpool-machineconfiguration-openshift-io-v1.adoc
@@ -11,8 +11,9 @@ toc::[]
 Description::
 +
 --
-MachineConfigPool describes a pool of MachineConfigs. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+MachineConfigPool describes a pool of MachineConfigs.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -72,12 +73,22 @@ Type::
 
 | `machineConfigSelector`
 | `object`
-| machineConfigSelector specifies a label selector for MachineConfigs. Refer https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ on how label and selectors work.
+| machineConfigSelector specifies a label selector for MachineConfigs.
+Refer https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ on how label and selectors work.
 
 | `maxUnavailable`
 | `integer-or-string`
-| maxUnavailable defines either an integer number or percentage of nodes in the pool that can go Unavailable during an update. This includes nodes Unavailable for any reason, including user initiated cordons, failing nodes, etc. The default value is 1. 
- A value larger than 1 will mean multiple nodes going unavailable during the update, which may affect your workload stress on the remaining nodes. You cannot set this value to 0 to stop updates (it will default back to 1); to stop updates, use the 'paused' property instead. Drain will respect Pod Disruption Budgets (PDBs) such as etcd quorum guards, even if maxUnavailable is greater than one.
+| maxUnavailable defines either an integer number or percentage
+of nodes in the pool that can go Unavailable during an update.
+This includes nodes Unavailable for any reason, including user
+initiated cordons, failing nodes, etc. The default value is 1.
+
+A value larger than 1 will mean multiple nodes going unavailable during
+the update, which may affect your workload stress on the remaining nodes.
+You cannot set this value to 0 to stop updates (it will default back to 1);
+to stop updates, use the 'paused' property instead. Drain will respect
+Pod Disruption Budgets (PDBs) such as etcd quorum guards, even if
+maxUnavailable is greater than one.
 
 | `nodeSelector`
 | `object`
@@ -85,7 +96,8 @@ Type::
 
 | `paused`
 | `boolean`
-| paused specifies whether or not changes to this machine config pool should be stopped. This includes generating new desiredMachineConfig and update of machines.
+| paused specifies whether or not changes to this machine config pool should be stopped.
+This includes generating new desiredMachineConfig and update of machines.
 
 |===
 === .spec.configuration
@@ -111,23 +123,33 @@ Type::
 
 | `fieldPath`
 | `string`
-| If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.
+| If referring to a piece of an object instead of an entire object, this string
+should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+For example, if the object reference is to a container within a pod, this would take on a value like:
+"spec.containers{name}" (where "name" refers to the name of the container that triggered
+the event) or if no container name is specified "spec.containers[2]" (container with
+index 2 in this pod). This syntax is chosen only to have some well-defined way of
+referencing a part of an object.
 
 | `kind`
 | `string`
-| Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+| Kind of the referent.
+More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
 
 | `name`
 | `string`
-| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+| Name of the referent.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 
 | `namespace`
 | `string`
-| Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+| Namespace of the referent.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
 
 | `resourceVersion`
 | `string`
-| Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+| Specific resourceVersion to which this reference is made, if any.
+More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
 
 | `source`
 | `array`
@@ -135,12 +157,12 @@ Type::
 
 | `source[]`
 | `object`
-| ObjectReference contains enough information to let you inspect or modify the referred object. --- New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. 1. Ignored fields.  It includes many fields which are not generally honored.  For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. 2. Invalid usage help.  It is impossible to add specific help for individual usage.  In most embedded usages, there are particular restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". Those cannot be well described when embedded. 3. Inconsistent validation.  Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. 4. The fields are both imprecise and overly precise.  Kind is not a precise mapping to a URL. This can produce ambiguity during interpretation and require a REST mapping.  In most cases, the dependency is on the group,resource tuple and the version of the actual struct is irrelevant. 5. We cannot easily change it.  Because this type is embedded in many locations, updates to this type will affect numerous schemas.  Don't make new APIs embed an underspecified API type they do not control. 
- Instead of using this type, create a locally provided and used type that is well-focused on your reference. For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 .
+| ObjectReference contains enough information to let you inspect or modify the referred object.
 
 | `uid`
 | `string`
-| UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+| UID of the referent.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
 
 |===
 === .spec.configuration.source
@@ -160,8 +182,7 @@ Type::
 Description::
 +
 --
-ObjectReference contains enough information to let you inspect or modify the referred object. --- New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. 1. Ignored fields.  It includes many fields which are not generally honored.  For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. 2. Invalid usage help.  It is impossible to add specific help for individual usage.  In most embedded usages, there are particular restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". Those cannot be well described when embedded. 3. Inconsistent validation.  Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. 4. The fields are both imprecise and overly precise.  Kind is not a precise mapping to a URL. This can produce ambiguity during interpretation and require a REST mapping.  In most cases, the dependency is on the group,resource tuple and the version of the actual struct is irrelevant. 5. We cannot easily change it.  Because this type is embedded in many locations, updates to this type will affect numerous schemas.  Don't make new APIs embed an underspecified API type they do not control. 
- Instead of using this type, create a locally provided and used type that is well-focused on your reference. For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 .
+ObjectReference contains enough information to let you inspect or modify the referred object.
 --
 
 Type::
@@ -180,34 +201,46 @@ Type::
 
 | `fieldPath`
 | `string`
-| If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.
+| If referring to a piece of an object instead of an entire object, this string
+should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+For example, if the object reference is to a container within a pod, this would take on a value like:
+"spec.containers{name}" (where "name" refers to the name of the container that triggered
+the event) or if no container name is specified "spec.containers[2]" (container with
+index 2 in this pod). This syntax is chosen only to have some well-defined way of
+referencing a part of an object.
 
 | `kind`
 | `string`
-| Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+| Kind of the referent.
+More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
 
 | `name`
 | `string`
-| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+| Name of the referent.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 
 | `namespace`
 | `string`
-| Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+| Namespace of the referent.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
 
 | `resourceVersion`
 | `string`
-| Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+| Specific resourceVersion to which this reference is made, if any.
+More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
 
 | `uid`
 | `string`
-| UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+| UID of the referent.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
 
 |===
 === .spec.machineConfigSelector
 Description::
 +
 --
-machineConfigSelector specifies a label selector for MachineConfigs. Refer https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ on how label and selectors work.
+machineConfigSelector specifies a label selector for MachineConfigs.
+Refer https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ on how label and selectors work.
 --
 
 Type::
@@ -226,11 +259,14 @@ Type::
 
 | `matchExpressions[]`
 | `object`
-| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+| A label selector requirement is a selector that contains values, a key, and an operator that
+relates the key and values.
 
 | `matchLabels`
 | `object (string)`
-| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+map is equivalent to an element of matchExpressions, whose key field is "key", the
+operator is "In", and the values array contains only "value". The requirements are ANDed.
 
 |===
 === .spec.machineConfigSelector.matchExpressions
@@ -250,7 +286,8 @@ Type::
 Description::
 +
 --
-A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+A label selector requirement is a selector that contains values, a key, and an operator that
+relates the key and values.
 --
 
 Type::
@@ -272,11 +309,15 @@ Required::
 
 | `operator`
 | `string`
-| operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+| operator represents a key's relationship to a set of values.
+Valid operators are In, NotIn, Exists and DoesNotExist.
 
 | `values`
 | `array (string)`
-| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+| values is an array of string values. If the operator is In or NotIn,
+the values array must be non-empty. If the operator is Exists or DoesNotExist,
+the values array must be empty. This array is replaced during a strategic
+merge patch.
 
 |===
 === .spec.nodeSelector
@@ -302,11 +343,14 @@ Type::
 
 | `matchExpressions[]`
 | `object`
-| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+| A label selector requirement is a selector that contains values, a key, and an operator that
+relates the key and values.
 
 | `matchLabels`
 | `object (string)`
-| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+map is equivalent to an element of matchExpressions, whose key field is "key", the
+operator is "In", and the values array contains only "value". The requirements are ANDed.
 
 |===
 === .spec.nodeSelector.matchExpressions
@@ -326,7 +370,8 @@ Type::
 Description::
 +
 --
-A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+A label selector requirement is a selector that contains values, a key, and an operator that
+relates the key and values.
 --
 
 Type::
@@ -348,11 +393,15 @@ Required::
 
 | `operator`
 | `string`
-| operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+| operator represents a key's relationship to a set of values.
+Valid operators are In, NotIn, Exists and DoesNotExist.
 
 | `values`
 | `array (string)`
-| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+| values is an array of string values. If the operator is In or NotIn,
+the values array must be non-empty. If the operator is Exists or DoesNotExist,
+the values array must be empty. This array is replaced during a strategic
+merge patch.
 
 |===
 === .status
@@ -394,7 +443,8 @@ Type::
 
 | `degradedMachineCount`
 | `integer`
-| degradedMachineCount represents the total number of machines marked degraded (or unreconcilable). A node is marked degraded if applying a configuration failed..
+| degradedMachineCount represents the total number of machines marked degraded (or unreconcilable).
+A node is marked degraded if applying a configuration failed..
 
 | `machineCount`
 | `integer`
@@ -410,7 +460,8 @@ Type::
 
 | `unavailableMachineCount`
 | `integer`
-| unavailableMachineCount represents the total number of unavailable (non-ready) machines targeted by the pool. A node is marked unavailable if it is in updating state or NodeReady condition is false.
+| unavailableMachineCount represents the total number of unavailable (non-ready) machines targeted by the pool.
+A node is marked unavailable if it is in updating state or NodeReady condition is false.
 
 | `updatedMachineCount`
 | `integer`
@@ -495,15 +546,18 @@ Type::
 
 | `lastTransitionTime`
 | ``
-| lastTransitionTime is the timestamp corresponding to the last status change of this condition.
+| lastTransitionTime is the timestamp corresponding to the last status
+change of this condition.
 
 | `message`
 | `string`
-| message is a human readable description of the details of the last transition, complementing reason.
+| message is a human readable description of the details of the last
+transition, complementing reason.
 
 | `reason`
 | `string`
-| reason is a brief machine readable explanation for the condition's last transition.
+| reason is a brief machine readable explanation for the condition's last
+transition.
 
 | `status`
 | `string`
@@ -537,23 +591,33 @@ Type::
 
 | `fieldPath`
 | `string`
-| If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.
+| If referring to a piece of an object instead of an entire object, this string
+should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+For example, if the object reference is to a container within a pod, this would take on a value like:
+"spec.containers{name}" (where "name" refers to the name of the container that triggered
+the event) or if no container name is specified "spec.containers[2]" (container with
+index 2 in this pod). This syntax is chosen only to have some well-defined way of
+referencing a part of an object.
 
 | `kind`
 | `string`
-| Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+| Kind of the referent.
+More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
 
 | `name`
 | `string`
-| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+| Name of the referent.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 
 | `namespace`
 | `string`
-| Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+| Namespace of the referent.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
 
 | `resourceVersion`
 | `string`
-| Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+| Specific resourceVersion to which this reference is made, if any.
+More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
 
 | `source`
 | `array`
@@ -561,12 +625,12 @@ Type::
 
 | `source[]`
 | `object`
-| ObjectReference contains enough information to let you inspect or modify the referred object. --- New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. 1. Ignored fields.  It includes many fields which are not generally honored.  For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. 2. Invalid usage help.  It is impossible to add specific help for individual usage.  In most embedded usages, there are particular restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". Those cannot be well described when embedded. 3. Inconsistent validation.  Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. 4. The fields are both imprecise and overly precise.  Kind is not a precise mapping to a URL. This can produce ambiguity during interpretation and require a REST mapping.  In most cases, the dependency is on the group,resource tuple and the version of the actual struct is irrelevant. 5. We cannot easily change it.  Because this type is embedded in many locations, updates to this type will affect numerous schemas.  Don't make new APIs embed an underspecified API type they do not control. 
- Instead of using this type, create a locally provided and used type that is well-focused on your reference. For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 .
+| ObjectReference contains enough information to let you inspect or modify the referred object.
 
 | `uid`
 | `string`
-| UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+| UID of the referent.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
 
 |===
 === .status.configuration.source
@@ -586,8 +650,7 @@ Type::
 Description::
 +
 --
-ObjectReference contains enough information to let you inspect or modify the referred object. --- New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. 1. Ignored fields.  It includes many fields which are not generally honored.  For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. 2. Invalid usage help.  It is impossible to add specific help for individual usage.  In most embedded usages, there are particular restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". Those cannot be well described when embedded. 3. Inconsistent validation.  Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. 4. The fields are both imprecise and overly precise.  Kind is not a precise mapping to a URL. This can produce ambiguity during interpretation and require a REST mapping.  In most cases, the dependency is on the group,resource tuple and the version of the actual struct is irrelevant. 5. We cannot easily change it.  Because this type is embedded in many locations, updates to this type will affect numerous schemas.  Don't make new APIs embed an underspecified API type they do not control. 
- Instead of using this type, create a locally provided and used type that is well-focused on your reference. For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 .
+ObjectReference contains enough information to let you inspect or modify the referred object.
 --
 
 Type::
@@ -606,27 +669,38 @@ Type::
 
 | `fieldPath`
 | `string`
-| If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.
+| If referring to a piece of an object instead of an entire object, this string
+should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+For example, if the object reference is to a container within a pod, this would take on a value like:
+"spec.containers{name}" (where "name" refers to the name of the container that triggered
+the event) or if no container name is specified "spec.containers[2]" (container with
+index 2 in this pod). This syntax is chosen only to have some well-defined way of
+referencing a part of an object.
 
 | `kind`
 | `string`
-| Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+| Kind of the referent.
+More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
 
 | `name`
 | `string`
-| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+| Name of the referent.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 
 | `namespace`
 | `string`
-| Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+| Namespace of the referent.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
 
 | `resourceVersion`
 | `string`
-| Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+| Specific resourceVersion to which this reference is made, if any.
+More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
 
 | `uid`
 | `string`
-| UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+| UID of the referent.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
 
 |===
 
diff --git a/rest_api/machine_apis/machinehealthcheck-machine-openshift-io-v1beta1.adoc b/rest_api/machine_apis/machinehealthcheck-machine-openshift-io-v1beta1.adoc
index 003d0e8b8e..614090fd0c 100644
--- a/rest_api/machine_apis/machinehealthcheck-machine-openshift-io-v1beta1.adoc
+++ b/rest_api/machine_apis/machinehealthcheck-machine-openshift-io-v1beta1.adoc
@@ -11,7 +11,8 @@ toc::[]
 Description::
 +
 --
-MachineHealthCheck is the Schema for the machinehealthchecks API Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).
+MachineHealthCheck is the Schema for the machinehealthchecks API
+Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -65,36 +66,59 @@ Type::
 
 | `maxUnhealthy`
 | `integer-or-string`
-| Any farther remediation is only allowed if at most "MaxUnhealthy" machines selected by "selector" are not healthy. Expects either a postive integer value or a percentage value. Percentage values must be positive whole numbers and are capped at 100%. Both 0 and 0% are valid and will block all remediation.
+| Any farther remediation is only allowed if at most "MaxUnhealthy" machines selected by
+"selector" are not healthy.
+Expects either a postive integer value or a percentage value.
+Percentage values must be positive whole numbers and are capped at 100%.
+Both 0 and 0% are valid and will block all remediation.
 
 | `nodeStartupTimeout`
 | `string`
-| Machines older than this duration without a node will be considered to have failed and will be remediated. To prevent Machines without Nodes from being removed, disable startup checks by setting this value explicitly to "0". Expects an unsigned duration string of decimal numbers each with optional fraction and a unit suffix, eg "300ms", "1.5h" or "2h45m". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h".
+| Machines older than this duration without a node will be considered to have
+failed and will be remediated.
+To prevent Machines without Nodes from being removed, disable startup checks
+by setting this value explicitly to "0".
+Expects an unsigned duration string of decimal numbers each with optional
+fraction and a unit suffix, eg "300ms", "1.5h" or "2h45m".
+Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h".
 
 | `remediationTemplate`
 | `object`
-| RemediationTemplate is a reference to a remediation template provided by an infrastructure provider. 
- This field is completely optional, when filled, the MachineHealthCheck controller creates a new object from the template referenced and hands off remediation of the machine to a controller that lives outside of Machine API Operator.
+| RemediationTemplate is a reference to a remediation template
+provided by an infrastructure provider.
+
+This field is completely optional, when filled, the MachineHealthCheck controller
+creates a new object from the template referenced and hands off remediation of the machine to
+a controller that lives outside of Machine API Operator.
 
 | `selector`
 | `object`
-| Label selector to match machines whose health will be exercised. Note: An empty selector will match all machines.
+| Label selector to match machines whose health will be exercised.
+Note: An empty selector will match all machines.
 
 | `unhealthyConditions`
 | `array`
-| UnhealthyConditions contains a list of the conditions that determine whether a node is considered unhealthy.  The conditions are combined in a logical OR, i.e. if any of the conditions is met, the node is unhealthy.
+| UnhealthyConditions contains a list of the conditions that determine
+whether a node is considered unhealthy.  The conditions are combined in a
+logical OR, i.e. if any of the conditions is met, the node is unhealthy.
 
 | `unhealthyConditions[]`
 | `object`
-| UnhealthyCondition represents a Node condition type and value with a timeout specified as a duration.  When the named condition has been in the given status for at least the timeout value, a node is considered unhealthy.
+| UnhealthyCondition represents a Node condition type and value with a timeout
+specified as a duration.  When the named condition has been in the given
+status for at least the timeout value, a node is considered unhealthy.
 
 |===
 === .spec.remediationTemplate
 Description::
 +
 --
-RemediationTemplate is a reference to a remediation template provided by an infrastructure provider. 
- This field is completely optional, when filled, the MachineHealthCheck controller creates a new object from the template referenced and hands off remediation of the machine to a controller that lives outside of Machine API Operator.
+RemediationTemplate is a reference to a remediation template
+provided by an infrastructure provider.
+
+This field is completely optional, when filled, the MachineHealthCheck controller
+creates a new object from the template referenced and hands off remediation of the machine to
+a controller that lives outside of Machine API Operator.
 --
 
 Type::
@@ -113,34 +137,46 @@ Type::
 
 | `fieldPath`
 | `string`
-| If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.
+| If referring to a piece of an object instead of an entire object, this string
+should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+For example, if the object reference is to a container within a pod, this would take on a value like:
+"spec.containers{name}" (where "name" refers to the name of the container that triggered
+the event) or if no container name is specified "spec.containers[2]" (container with
+index 2 in this pod). This syntax is chosen only to have some well-defined way of
+referencing a part of an object.
 
 | `kind`
 | `string`
-| Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+| Kind of the referent.
+More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
 
 | `name`
 | `string`
-| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+| Name of the referent.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 
 | `namespace`
 | `string`
-| Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+| Namespace of the referent.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
 
 | `resourceVersion`
 | `string`
-| Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+| Specific resourceVersion to which this reference is made, if any.
+More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
 
 | `uid`
 | `string`
-| UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+| UID of the referent.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
 
 |===
 === .spec.selector
 Description::
 +
 --
-Label selector to match machines whose health will be exercised. Note: An empty selector will match all machines.
+Label selector to match machines whose health will be exercised.
+Note: An empty selector will match all machines.
 --
 
 Type::
@@ -159,11 +195,14 @@ Type::
 
 | `matchExpressions[]`
 | `object`
-| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+| A label selector requirement is a selector that contains values, a key, and an operator that
+relates the key and values.
 
 | `matchLabels`
 | `object (string)`
-| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+map is equivalent to an element of matchExpressions, whose key field is "key", the
+operator is "In", and the values array contains only "value". The requirements are ANDed.
 
 |===
 === .spec.selector.matchExpressions
@@ -183,7 +222,8 @@ Type::
 Description::
 +
 --
-A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+A label selector requirement is a selector that contains values, a key, and an operator that
+relates the key and values.
 --
 
 Type::
@@ -205,18 +245,24 @@ Required::
 
 | `operator`
 | `string`
-| operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+| operator represents a key's relationship to a set of values.
+Valid operators are In, NotIn, Exists and DoesNotExist.
 
 | `values`
 | `array (string)`
-| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+| values is an array of string values. If the operator is In or NotIn,
+the values array must be non-empty. If the operator is Exists or DoesNotExist,
+the values array must be empty. This array is replaced during a strategic
+merge patch.
 
 |===
 === .spec.unhealthyConditions
 Description::
 +
 --
-UnhealthyConditions contains a list of the conditions that determine whether a node is considered unhealthy.  The conditions are combined in a logical OR, i.e. if any of the conditions is met, the node is unhealthy.
+UnhealthyConditions contains a list of the conditions that determine
+whether a node is considered unhealthy.  The conditions are combined in a
+logical OR, i.e. if any of the conditions is met, the node is unhealthy.
 --
 
 Type::
@@ -229,7 +275,9 @@ Type::
 Description::
 +
 --
-UnhealthyCondition represents a Node condition type and value with a timeout specified as a duration.  When the named condition has been in the given status for at least the timeout value, a node is considered unhealthy.
+UnhealthyCondition represents a Node condition type and value with a timeout
+specified as a duration.  When the named condition has been in the given
+status for at least the timeout value, a node is considered unhealthy.
 --
 
 Type::
@@ -248,7 +296,9 @@ Type::
 
 | `timeout`
 | `string`
-| Expects an unsigned duration string of decimal numbers each with optional fraction and a unit suffix, eg "300ms", "1.5h" or "2h45m". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h".
+| Expects an unsigned duration string of decimal numbers each with optional
+fraction and a unit suffix, eg "300ms", "1.5h" or "2h45m".
+Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h".
 
 | `type`
 | `string`
@@ -290,7 +340,8 @@ Type::
 
 | `remediationsAllowed`
 | `integer`
-| RemediationsAllowed is the number of further remediations allowed by this machine health check before maxUnhealthy short circuiting will be applied
+| RemediationsAllowed is the number of further remediations allowed by this machine health check before
+maxUnhealthy short circuiting will be applied
 
 |===
 === .status.conditions
@@ -317,6 +368,8 @@ Type::
   `object`
 
 Required::
+  - `lastTransitionTime`
+  - `status`
   - `type`
 
 
@@ -327,19 +380,26 @@ Required::
 
 | `lastTransitionTime`
 | `string`
-| Last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+| Last time the condition transitioned from one status to another.
+This should be when the underlying condition changed. If that is not known, then using the time when
+the API field changed is acceptable.
 
 | `message`
 | `string`
-| A human readable message indicating details about the transition. This field may be empty.
+| A human readable message indicating details about the transition.
+This field may be empty.
 
 | `reason`
 | `string`
-| The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty.
+| The reason for the condition's last transition in CamelCase.
+The specific API may choose whether or not this field is considered a guaranteed API.
+This field may not be empty.
 
 | `severity`
 | `string`
-| Severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False.
+| Severity provides an explicit classification of Reason code, so the users or machines can immediately
+understand the current situation and act accordingly.
+The Severity field MUST be set only when Status=False.
 
 | `status`
 | `string`
@@ -347,7 +407,9 @@ Required::
 
 | `type`
 | `string`
-| Type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important.
+| Type of condition in CamelCase or in foo.example.com/CamelCase.
+Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+can be useful (see .node.status.conditions), the ability to deconflict is important.
 
 |===
 
diff --git a/rest_api/machine_apis/machineset-machine-openshift-io-v1beta1.adoc b/rest_api/machine_apis/machineset-machine-openshift-io-v1beta1.adoc
index 3da7834b51..e748a191f4 100644
--- a/rest_api/machine_apis/machineset-machine-openshift-io-v1beta1.adoc
+++ b/rest_api/machine_apis/machineset-machine-openshift-io-v1beta1.adoc
@@ -11,7 +11,8 @@ toc::[]
 Description::
 +
 --
-MachineSet ensures that a specified number of machines replicas are running at any given time. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).
+MachineSet ensures that a specified number of machines replicas are running at any given time.
+Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -65,30 +66,41 @@ Type::
 
 | `deletePolicy`
 | `string`
-| DeletePolicy defines the policy used to identify nodes to delete when downscaling. Defaults to "Random".  Valid values are "Random, "Newest", "Oldest"
+| DeletePolicy defines the policy used to identify nodes to delete when downscaling.
+Defaults to "Random".  Valid values are "Random, "Newest", "Oldest"
 
 | `minReadySeconds`
 | `integer`
-| MinReadySeconds is the minimum number of seconds for which a newly created machine should be ready. Defaults to 0 (machine will be considered available as soon as it is ready)
+| MinReadySeconds is the minimum number of seconds for which a newly created machine should be ready.
+Defaults to 0 (machine will be considered available as soon as it is ready)
 
 | `replicas`
 | `integer`
-| Replicas is the number of desired replicas. This is a pointer to distinguish between explicit zero and unspecified. Defaults to 1.
+| Replicas is the number of desired replicas.
+This is a pointer to distinguish between explicit zero and unspecified.
+Defaults to 1.
 
 | `selector`
 | `object`
-| Selector is a label query over machines that should match the replica count. Label keys and values that must match in order to be controlled by this MachineSet. It must match the machine template's labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
+| Selector is a label query over machines that should match the replica count.
+Label keys and values that must match in order to be controlled by this MachineSet.
+It must match the machine template's labels.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
 
 | `template`
 | `object`
-| Template is the object that describes the machine that will be created if insufficient replicas are detected.
+| Template is the object that describes the machine that will be created if
+insufficient replicas are detected.
 
 |===
 === .spec.selector
 Description::
 +
 --
-Selector is a label query over machines that should match the replica count. Label keys and values that must match in order to be controlled by this MachineSet. It must match the machine template's labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
+Selector is a label query over machines that should match the replica count.
+Label keys and values that must match in order to be controlled by this MachineSet.
+It must match the machine template's labels.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
 --
 
 Type::
@@ -107,11 +119,14 @@ Type::
 
 | `matchExpressions[]`
 | `object`
-| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+| A label selector requirement is a selector that contains values, a key, and an operator that
+relates the key and values.
 
 | `matchLabels`
 | `object (string)`
-| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+map is equivalent to an element of matchExpressions, whose key field is "key", the
+operator is "In", and the values array contains only "value". The requirements are ANDed.
 
 |===
 === .spec.selector.matchExpressions
@@ -131,7 +146,8 @@ Type::
 Description::
 +
 --
-A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+A label selector requirement is a selector that contains values, a key, and an operator that
+relates the key and values.
 --
 
 Type::
@@ -153,18 +169,23 @@ Required::
 
 | `operator`
 | `string`
-| operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+| operator represents a key's relationship to a set of values.
+Valid operators are In, NotIn, Exists and DoesNotExist.
 
 | `values`
 | `array (string)`
-| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+| values is an array of string values. If the operator is In or NotIn,
+the values array must be non-empty. If the operator is Exists or DoesNotExist,
+the values array must be empty. This array is replaced during a strategic
+merge patch.
 
 |===
 === .spec.template
 Description::
 +
 --
-Template is the object that describes the machine that will be created if insufficient replicas are detected.
+Template is the object that describes the machine that will be created if
+insufficient replicas are detected.
 --
 
 Type::
@@ -179,18 +200,21 @@ Type::
 
 | `metadata`
 | `object`
-| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+| Standard object's metadata.
+More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `spec`
 | `object`
-| Specification of the desired behavior of the machine. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+| Specification of the desired behavior of the machine.
+More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
 
 |===
 === .spec.template.metadata
 Description::
 +
 --
-Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+Standard object's metadata.
+More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 --
 
 Type::
@@ -205,41 +229,78 @@ Type::
 
 | `annotations`
 | `object (string)`
-| Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations
+| Annotations is an unstructured key value map stored with a resource that may be
+set by external tools to store and retrieve arbitrary metadata. They are not
+queryable and should be preserved when modifying objects.
+More info: http://kubernetes.io/docs/user-guide/annotations
 
 | `generateName`
 | `string`
-| GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. 
- If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). 
- Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
+| GenerateName is an optional prefix, used by the server, to generate a unique
+name ONLY IF the Name field has not been provided.
+If this field is used, the name returned to the client will be different
+than the name passed. This value will also be combined with a unique suffix.
+The provided value has the same validation rules as the Name field,
+and may be truncated by the length of the suffix required to make the value
+unique on the server.
+
+If this field is specified and the generated name exists, the server will
+NOT return a 409 - instead, it will either return 201 Created or 500 with Reason
+ServerTimeout indicating a unique name could not be found in the time allotted, and the client
+should retry (optionally after the time indicated in the Retry-After header).
+
+Applied only if Name is not specified.
+More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
 
 | `labels`
 | `object (string)`
-| Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels
+| Map of string keys and values that can be used to organize and categorize
+(scope and select) objects. May match selectors of replication controllers
+and services.
+More info: http://kubernetes.io/docs/user-guide/labels
 
 | `name`
 | `string`
-| Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names
+| Name must be unique within a namespace. Is required when creating resources, although
+some resources may allow a client to request the generation of an appropriate name
+automatically. Name is primarily intended for creation idempotence and configuration
+definition.
+Cannot be updated.
+More info: http://kubernetes.io/docs/user-guide/identifiers#names
 
 | `namespace`
 | `string`
-| Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. 
- Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces
+| Namespace defines the space within each name must be unique. An empty namespace is
+equivalent to the "default" namespace, but "default" is the canonical representation.
+Not all objects are required to be scoped to a namespace - the value of this field for
+those objects will be empty.
+
+Must be a DNS_LABEL.
+Cannot be updated.
+More info: http://kubernetes.io/docs/user-guide/namespaces
 
 | `ownerReferences`
 | `array`
-| List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
+| List of objects depended by this object. If ALL objects in the list have
+been deleted, this object will be garbage collected. If this object is managed by a controller,
+then an entry in this list will point to this controller, with the controller field set to true.
+There cannot be more than one managing controller.
 
 | `ownerReferences[]`
 | `object`
-| OwnerReference contains enough information to let you identify an owning object. An owning object must be in the same namespace as the dependent, or be cluster-scoped, so there is no namespace field.
+| OwnerReference contains enough information to let you identify an owning
+object. An owning object must be in the same namespace as the dependent, or
+be cluster-scoped, so there is no namespace field.
 
 |===
 === .spec.template.metadata.ownerReferences
 Description::
 +
 --
-List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
+List of objects depended by this object. If ALL objects in the list have
+been deleted, this object will be garbage collected. If this object is managed by a controller,
+then an entry in this list will point to this controller, with the controller field set to true.
+There cannot be more than one managing controller.
 --
 
 Type::
@@ -252,7 +313,9 @@ Type::
 Description::
 +
 --
-OwnerReference contains enough information to let you identify an owning object. An owning object must be in the same namespace as the dependent, or be cluster-scoped, so there is no namespace field.
+OwnerReference contains enough information to let you identify an owning
+object. An owning object must be in the same namespace as the dependent, or
+be cluster-scoped, so there is no namespace field.
 --
 
 Type::
@@ -276,7 +339,14 @@ Required::
 
 | `blockOwnerDeletion`
 | `boolean`
-| If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion for how the garbage collector interacts with this field and enforces the foreground deletion. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.
+| If true, AND if the owner has the "foregroundDeletion" finalizer, then
+the owner cannot be deleted from the key-value store until this
+reference is removed.
+See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion
+for how the garbage collector interacts with this field and enforces the foreground deletion.
+Defaults to false.
+To set this field, a user needs "delete" permission of the owner,
+otherwise 422 (Unprocessable Entity) will be returned.
 
 | `controller`
 | `boolean`
@@ -284,22 +354,26 @@ Required::
 
 | `kind`
 | `string`
-| Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+| Kind of the referent.
+More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
 
 | `name`
 | `string`
-| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
+| Name of the referent.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
 
 | `uid`
 | `string`
-| UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
+| UID of the referent.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
 
 |===
 === .spec.template.spec
 Description::
 +
 --
-Specification of the desired behavior of the machine. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+Specification of the desired behavior of the machine.
+More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
 --
 
 Type::
@@ -314,15 +388,27 @@ Type::
 
 | `lifecycleHooks`
 | `object`
-| LifecycleHooks allow users to pause operations on the machine at certain predefined points within the machine lifecycle.
+| LifecycleHooks allow users to pause operations on the machine at
+certain predefined points within the machine lifecycle.
 
 | `metadata`
 | `object`
-| ObjectMeta will autopopulate the Node created. Use this to indicate what labels, annotations, name prefix, etc., should be used when creating the Node.
+| ObjectMeta will autopopulate the Node created. Use this to
+indicate what labels, annotations, name prefix, etc., should be used
+when creating the Node.
 
 | `providerID`
 | `string`
-| ProviderID is the identification ID of the machine provided by the provider. This field must match the provider ID as seen on the node object corresponding to this machine. This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a generic out-of-tree provider for autoscaler, this field is required by autoscaler to be able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver and then a comparison is done to find out unregistered machines and are marked for delete. This field will be set by the actuators and consumed by higher level entities like autoscaler that will be interfacing with cluster-api as generic provider.
+| ProviderID is the identification ID of the machine provided by the provider.
+This field must match the provider ID as seen on the node object corresponding to this machine.
+This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler
+with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out
+machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a
+generic out-of-tree provider for autoscaler, this field is required by autoscaler to be
+able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver
+and then a comparison is done to find out unregistered machines and are marked for delete.
+This field will be set by the actuators and consumed by higher level entities like autoscaler that will
+be interfacing with cluster-api as generic provider.
 
 | `providerSpec`
 | `object`
@@ -330,18 +416,25 @@ Type::
 
 | `taints`
 | `array`
-| The list of the taints to be applied to the corresponding Node in additive manner. This list will not overwrite any other taints added to the Node on an ongoing basis by other entities. These taints should be actively reconciled e.g. if you ask the machine controller to apply a taint and then manually remove the taint the machine controller will put it back) but not have the machine controller remove any taints
+| The list of the taints to be applied to the corresponding Node in additive
+manner. This list will not overwrite any other taints added to the Node on
+an ongoing basis by other entities. These taints should be actively reconciled
+e.g. if you ask the machine controller to apply a taint and then manually remove
+the taint the machine controller will put it back) but not have the machine controller
+remove any taints
 
 | `taints[]`
 | `object`
-| The node this Taint is attached to has the "effect" on any pod that does not tolerate the Taint.
+| The node this Taint is attached to has the "effect" on
+any pod that does not tolerate the Taint.
 
 |===
 === .spec.template.spec.lifecycleHooks
 Description::
 +
 --
-LifecycleHooks allow users to pause operations on the machine at certain predefined points within the machine lifecycle.
+LifecycleHooks allow users to pause operations on the machine at
+certain predefined points within the machine lifecycle.
 --
 
 Type::
@@ -356,7 +449,8 @@ Type::
 
 | `preDrain`
 | `array`
-| PreDrain hooks prevent the machine from being drained. This also blocks further lifecycle events, such as termination.
+| PreDrain hooks prevent the machine from being drained.
+This also blocks further lifecycle events, such as termination.
 
 | `preDrain[]`
 | `object`
@@ -364,7 +458,8 @@ Type::
 
 | `preTerminate`
 | `array`
-| PreTerminate hooks prevent the machine from being terminated. PreTerminate hooks be actioned after the Machine has been drained.
+| PreTerminate hooks prevent the machine from being terminated.
+PreTerminate hooks be actioned after the Machine has been drained.
 
 | `preTerminate[]`
 | `object`
@@ -375,7 +470,8 @@ Type::
 Description::
 +
 --
-PreDrain hooks prevent the machine from being drained. This also blocks further lifecycle events, such as termination.
+PreDrain hooks prevent the machine from being drained.
+This also blocks further lifecycle events, such as termination.
 --
 
 Type::
@@ -406,18 +502,26 @@ Required::
 
 | `name`
 | `string`
-| Name defines a unique name for the lifcycle hook. The name should be unique and descriptive, ideally 1-3 words, in CamelCase or it may be namespaced, eg. foo.example.com/CamelCase. Names must be unique and should only be managed by a single entity.
+| Name defines a unique name for the lifcycle hook.
+The name should be unique and descriptive, ideally 1-3 words, in CamelCase or
+it may be namespaced, eg. foo.example.com/CamelCase.
+Names must be unique and should only be managed by a single entity.
 
 | `owner`
 | `string`
-| Owner defines the owner of the lifecycle hook. This should be descriptive enough so that users can identify who/what is responsible for blocking the lifecycle. This could be the name of a controller (e.g. clusteroperator/etcd) or an administrator managing the hook.
+| Owner defines the owner of the lifecycle hook.
+This should be descriptive enough so that users can identify
+who/what is responsible for blocking the lifecycle.
+This could be the name of a controller (e.g. clusteroperator/etcd)
+or an administrator managing the hook.
 
 |===
 === .spec.template.spec.lifecycleHooks.preTerminate
 Description::
 +
 --
-PreTerminate hooks prevent the machine from being terminated. PreTerminate hooks be actioned after the Machine has been drained.
+PreTerminate hooks prevent the machine from being terminated.
+PreTerminate hooks be actioned after the Machine has been drained.
 --
 
 Type::
@@ -448,18 +552,27 @@ Required::
 
 | `name`
 | `string`
-| Name defines a unique name for the lifcycle hook. The name should be unique and descriptive, ideally 1-3 words, in CamelCase or it may be namespaced, eg. foo.example.com/CamelCase. Names must be unique and should only be managed by a single entity.
+| Name defines a unique name for the lifcycle hook.
+The name should be unique and descriptive, ideally 1-3 words, in CamelCase or
+it may be namespaced, eg. foo.example.com/CamelCase.
+Names must be unique and should only be managed by a single entity.
 
 | `owner`
 | `string`
-| Owner defines the owner of the lifecycle hook. This should be descriptive enough so that users can identify who/what is responsible for blocking the lifecycle. This could be the name of a controller (e.g. clusteroperator/etcd) or an administrator managing the hook.
+| Owner defines the owner of the lifecycle hook.
+This should be descriptive enough so that users can identify
+who/what is responsible for blocking the lifecycle.
+This could be the name of a controller (e.g. clusteroperator/etcd)
+or an administrator managing the hook.
 
 |===
 === .spec.template.spec.metadata
 Description::
 +
 --
-ObjectMeta will autopopulate the Node created. Use this to indicate what labels, annotations, name prefix, etc., should be used when creating the Node.
+ObjectMeta will autopopulate the Node created. Use this to
+indicate what labels, annotations, name prefix, etc., should be used
+when creating the Node.
 --
 
 Type::
@@ -474,41 +587,78 @@ Type::
 
 | `annotations`
 | `object (string)`
-| Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations
+| Annotations is an unstructured key value map stored with a resource that may be
+set by external tools to store and retrieve arbitrary metadata. They are not
+queryable and should be preserved when modifying objects.
+More info: http://kubernetes.io/docs/user-guide/annotations
 
 | `generateName`
 | `string`
-| GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. 
- If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). 
- Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
+| GenerateName is an optional prefix, used by the server, to generate a unique
+name ONLY IF the Name field has not been provided.
+If this field is used, the name returned to the client will be different
+than the name passed. This value will also be combined with a unique suffix.
+The provided value has the same validation rules as the Name field,
+and may be truncated by the length of the suffix required to make the value
+unique on the server.
+
+If this field is specified and the generated name exists, the server will
+NOT return a 409 - instead, it will either return 201 Created or 500 with Reason
+ServerTimeout indicating a unique name could not be found in the time allotted, and the client
+should retry (optionally after the time indicated in the Retry-After header).
+
+Applied only if Name is not specified.
+More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
 
 | `labels`
 | `object (string)`
-| Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels
+| Map of string keys and values that can be used to organize and categorize
+(scope and select) objects. May match selectors of replication controllers
+and services.
+More info: http://kubernetes.io/docs/user-guide/labels
 
 | `name`
 | `string`
-| Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names
+| Name must be unique within a namespace. Is required when creating resources, although
+some resources may allow a client to request the generation of an appropriate name
+automatically. Name is primarily intended for creation idempotence and configuration
+definition.
+Cannot be updated.
+More info: http://kubernetes.io/docs/user-guide/identifiers#names
 
 | `namespace`
 | `string`
-| Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. 
- Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces
+| Namespace defines the space within each name must be unique. An empty namespace is
+equivalent to the "default" namespace, but "default" is the canonical representation.
+Not all objects are required to be scoped to a namespace - the value of this field for
+those objects will be empty.
+
+Must be a DNS_LABEL.
+Cannot be updated.
+More info: http://kubernetes.io/docs/user-guide/namespaces
 
 | `ownerReferences`
 | `array`
-| List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
+| List of objects depended by this object. If ALL objects in the list have
+been deleted, this object will be garbage collected. If this object is managed by a controller,
+then an entry in this list will point to this controller, with the controller field set to true.
+There cannot be more than one managing controller.
 
 | `ownerReferences[]`
 | `object`
-| OwnerReference contains enough information to let you identify an owning object. An owning object must be in the same namespace as the dependent, or be cluster-scoped, so there is no namespace field.
+| OwnerReference contains enough information to let you identify an owning
+object. An owning object must be in the same namespace as the dependent, or
+be cluster-scoped, so there is no namespace field.
 
 |===
 === .spec.template.spec.metadata.ownerReferences
 Description::
 +
 --
-List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
+List of objects depended by this object. If ALL objects in the list have
+been deleted, this object will be garbage collected. If this object is managed by a controller,
+then an entry in this list will point to this controller, with the controller field set to true.
+There cannot be more than one managing controller.
 --
 
 Type::
@@ -521,7 +671,9 @@ Type::
 Description::
 +
 --
-OwnerReference contains enough information to let you identify an owning object. An owning object must be in the same namespace as the dependent, or be cluster-scoped, so there is no namespace field.
+OwnerReference contains enough information to let you identify an owning
+object. An owning object must be in the same namespace as the dependent, or
+be cluster-scoped, so there is no namespace field.
 --
 
 Type::
@@ -545,7 +697,14 @@ Required::
 
 | `blockOwnerDeletion`
 | `boolean`
-| If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion for how the garbage collector interacts with this field and enforces the foreground deletion. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.
+| If true, AND if the owner has the "foregroundDeletion" finalizer, then
+the owner cannot be deleted from the key-value store until this
+reference is removed.
+See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion
+for how the garbage collector interacts with this field and enforces the foreground deletion.
+Defaults to false.
+To set this field, a user needs "delete" permission of the owner,
+otherwise 422 (Unprocessable Entity) will be returned.
 
 | `controller`
 | `boolean`
@@ -553,15 +712,18 @@ Required::
 
 | `kind`
 | `string`
-| Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+| Kind of the referent.
+More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
 
 | `name`
 | `string`
-| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
+| Name of the referent.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
 
 | `uid`
 | `string`
-| UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
+| UID of the referent.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
 
 |===
 === .spec.template.spec.providerSpec
@@ -583,14 +745,22 @@ Type::
 
 | `value`
 | ``
-| Value is an inlined, serialized representation of the resource configuration. It is recommended that providers maintain their own versioned API types that should be serialized/deserialized from this field, akin to component config.
+| Value is an inlined, serialized representation of the resource
+configuration. It is recommended that providers maintain their own
+versioned API types that should be serialized/deserialized from this
+field, akin to component config.
 
 |===
 === .spec.template.spec.taints
 Description::
 +
 --
-The list of the taints to be applied to the corresponding Node in additive manner. This list will not overwrite any other taints added to the Node on an ongoing basis by other entities. These taints should be actively reconciled e.g. if you ask the machine controller to apply a taint and then manually remove the taint the machine controller will put it back) but not have the machine controller remove any taints
+The list of the taints to be applied to the corresponding Node in additive
+manner. This list will not overwrite any other taints added to the Node on
+an ongoing basis by other entities. These taints should be actively reconciled
+e.g. if you ask the machine controller to apply a taint and then manually remove
+the taint the machine controller will put it back) but not have the machine controller
+remove any taints
 --
 
 Type::
@@ -603,7 +773,8 @@ Type::
 Description::
 +
 --
-The node this Taint is attached to has the "effect" on any pod that does not tolerate the Taint.
+The node this Taint is attached to has the "effect" on
+any pod that does not tolerate the Taint.
 --
 
 Type::
@@ -621,7 +792,9 @@ Required::
 
 | `effect`
 | `string`
-| Required. The effect of the taint on pods that do not tolerate the taint. Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
+| Required. The effect of the taint on pods
+that do not tolerate the taint.
+Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
 
 | `key`
 | `string`
@@ -629,7 +802,8 @@ Required::
 
 | `timeAdded`
 | `string`
-| TimeAdded represents the time at which the taint was added. It is only written for NoExecute taints.
+| TimeAdded represents the time at which the taint was added.
+It is only written for NoExecute taints.
 
 | `value`
 | `string`
@@ -671,9 +845,24 @@ Type::
 
 | `errorReason`
 | `string`
-| In the event that there is a terminal problem reconciling the replicas, both ErrorReason and ErrorMessage will be set. ErrorReason will be populated with a succinct value suitable for machine interpretation, while ErrorMessage will contain a more verbose string suitable for logging and human consumption. 
- These fields should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the MachineTemplate's spec or the configuration of the machine controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the machine controller, or the responsible machine controller itself being critically misconfigured. 
- Any transient errors that occur during the reconciliation of Machines can be added as events to the MachineSet object and/or logged in the controller's output.
+| In the event that there is a terminal problem reconciling the
+replicas, both ErrorReason and ErrorMessage will be set. ErrorReason
+will be populated with a succinct value suitable for machine
+interpretation, while ErrorMessage will contain a more verbose
+string suitable for logging and human consumption.
+
+These fields should not be set for transitive errors that a
+controller faces that are expected to be fixed automatically over
+time (like service outages), but instead indicate that something is
+fundamentally wrong with the MachineTemplate's spec or the configuration of
+the machine controller, and that manual intervention is required. Examples
+of terminal errors would be invalid combinations of settings in the
+spec, values that are unsupported by the machine controller, or the
+responsible machine controller itself being critically misconfigured.
+
+Any transient errors that occur during the reconciliation of Machines
+can be added as events to the MachineSet object and/or logged in the
+controller's output.
 
 | `fullyLabeledReplicas`
 | `integer`
@@ -716,6 +905,8 @@ Type::
   `object`
 
 Required::
+  - `lastTransitionTime`
+  - `status`
   - `type`
 
 
@@ -726,19 +917,26 @@ Required::
 
 | `lastTransitionTime`
 | `string`
-| Last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+| Last time the condition transitioned from one status to another.
+This should be when the underlying condition changed. If that is not known, then using the time when
+the API field changed is acceptable.
 
 | `message`
 | `string`
-| A human readable message indicating details about the transition. This field may be empty.
+| A human readable message indicating details about the transition.
+This field may be empty.
 
 | `reason`
 | `string`
-| The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty.
+| The reason for the condition's last transition in CamelCase.
+The specific API may choose whether or not this field is considered a guaranteed API.
+This field may not be empty.
 
 | `severity`
 | `string`
-| Severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False.
+| Severity provides an explicit classification of Reason code, so the users or machines can immediately
+understand the current situation and act accordingly.
+The Severity field MUST be set only when Status=False.
 
 | `status`
 | `string`
@@ -746,7 +944,9 @@ Required::
 
 | `type`
 | `string`
-| Type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important.
+| Type of condition in CamelCase or in foo.example.com/CamelCase.
+Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+can be useful (see .node.status.conditions), the ability to deconflict is important.
 
 |===
 
diff --git a/rest_api/metadata_apis/lease-coordination-k8s-io-v1.adoc b/rest_api/metadata_apis/lease-coordination-k8s-io-v1.adoc
index 7983803419..5789193980 100644
--- a/rest_api/metadata_apis/lease-coordination-k8s-io-v1.adoc
+++ b/rest_api/metadata_apis/lease-coordination-k8s-io-v1.adoc
@@ -65,20 +65,28 @@ Type::
 
 | `holderIdentity`
 | `string`
-| holderIdentity contains the identity of the holder of a current lease.
+| holderIdentity contains the identity of the holder of a current lease. If Coordinated Leader Election is used, the holder identity must be equal to the elected LeaseCandidate.metadata.name field.
 
 | `leaseDurationSeconds`
 | `integer`
-| leaseDurationSeconds is a duration that candidates for a lease need to wait to force acquire it. This is measure against time of last observed renewTime.
+| leaseDurationSeconds is a duration that candidates for a lease need to wait to force acquire it. This is measured against the time of last observed renewTime.
 
 | `leaseTransitions`
 | `integer`
 | leaseTransitions is the number of transitions of a lease between holders.
 
+| `preferredHolder`
+| `string`
+| PreferredHolder signals to a lease holder that the lease has a more optimal holder and should be given up. This field can only be set if Strategy is also set.
+
 | `renewTime`
 | xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-MicroTime[`MicroTime`]
 | renewTime is a time when the current holder of a lease has last updated the lease.
 
+| `strategy`
+| `string`
+| Strategy indicates the strategy for picking the leader for coordinated leader election. If the field is not specified, there is no active coordination for this lease. (Alpha) Using this field requires the CoordinatedLeaderElection feature gate to be enabled.
+
 |===
 
 == API endpoints
diff --git a/rest_api/monitoring_apis/alertingrule-monitoring-openshift-io-v1.adoc b/rest_api/monitoring_apis/alertingrule-monitoring-openshift-io-v1.adoc
index d7b3b2e617..d3ecb11b8c 100644
--- a/rest_api/monitoring_apis/alertingrule-monitoring-openshift-io-v1.adoc
+++ b/rest_api/monitoring_apis/alertingrule-monitoring-openshift-io-v1.adoc
@@ -11,11 +11,28 @@ toc::[]
 Description::
 +
 --
-AlertingRule represents a set of user-defined Prometheus rule groups containing alerting rules.  This resource is the supported method for cluster admins to create alerts based on metrics recorded by the platform monitoring stack in OpenShift, i.e. the Prometheus instance deployed to the openshift-monitoring namespace.  You might use this to create custom alerting rules not shipped with OpenShift based on metrics from components such as the node_exporter, which provides machine-level metrics such as CPU usage, or kube-state-metrics, which provides metrics on Kubernetes usage. 
- The API is mostly compatible with the upstream PrometheusRule type from the prometheus-operator.  The primary difference being that recording rules are not allowed here -- only alerting rules.  For each AlertingRule resource created, a corresponding PrometheusRule will be created in the openshift-monitoring namespace.  OpenShift requires admins to use the AlertingRule resource rather than the upstream type in order to allow better OpenShift specific defaulting and validation, while not modifying the upstream APIs directly. 
- You can find upstream API documentation for PrometheusRule resources here: 
- https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+AlertingRule represents a set of user-defined Prometheus rule groups containing
+alerting rules.  This resource is the supported method for cluster admins to
+create alerts based on metrics recorded by the platform monitoring stack in
+OpenShift, i.e. the Prometheus instance deployed to the openshift-monitoring
+namespace.  You might use this to create custom alerting rules not shipped with
+OpenShift based on metrics from components such as the node_exporter, which
+provides machine-level metrics such as CPU usage, or kube-state-metrics, which
+provides metrics on Kubernetes usage.
+
+The API is mostly compatible with the upstream PrometheusRule type from the
+prometheus-operator.  The primary difference being that recording rules are not
+allowed here -- only alerting rules.  For each AlertingRule resource created, a
+corresponding PrometheusRule will be created in the openshift-monitoring
+namespace.  OpenShift requires admins to use the AlertingRule resource rather
+than the upstream type in order to allow better OpenShift specific defaulting
+and validation, while not modifying the upstream APIs directly.
+
+You can find upstream API documentation for PrometheusRule resources here:
+
+https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -73,8 +90,20 @@ Required::
 
 | `groups`
 | `array`
-| groups is a list of grouped alerting rules.  Rule groups are the unit at which Prometheus parallelizes rule processing.  All rules in a single group share a configured evaluation interval.  All rules in the group will be processed together on this interval, sequentially, and all rules will be processed. 
- It's common to group related alerting rules into a single AlertingRule resources, and within that resource, closely related alerts, or simply alerts with the same interval, into individual groups.  You are also free to create AlertingRule resources with only a single rule group, but be aware that this can have a performance impact on Prometheus if the group is extremely large or has very complex query expressions to evaluate. Spreading very complex rules across multiple groups to allow them to be processed in parallel is also a common use-case.
+| groups is a list of grouped alerting rules.  Rule groups are the unit at
+which Prometheus parallelizes rule processing.  All rules in a single group
+share a configured evaluation interval.  All rules in the group will be
+processed together on this interval, sequentially, and all rules will be
+processed.
+
+It's common to group related alerting rules into a single AlertingRule
+resources, and within that resource, closely related alerts, or simply
+alerts with the same interval, into individual groups.  You are also free
+to create AlertingRule resources with only a single rule group, but be
+aware that this can have a performance impact on Prometheus if the group is
+extremely large or has very complex query expressions to evaluate.
+Spreading very complex rules across multiple groups to allow them to be
+processed in parallel is also a common use-case.
 
 | `groups[]`
 | `object`
@@ -85,8 +114,20 @@ Required::
 Description::
 +
 --
-groups is a list of grouped alerting rules.  Rule groups are the unit at which Prometheus parallelizes rule processing.  All rules in a single group share a configured evaluation interval.  All rules in the group will be processed together on this interval, sequentially, and all rules will be processed. 
- It's common to group related alerting rules into a single AlertingRule resources, and within that resource, closely related alerts, or simply alerts with the same interval, into individual groups.  You are also free to create AlertingRule resources with only a single rule group, but be aware that this can have a performance impact on Prometheus if the group is extremely large or has very complex query expressions to evaluate. Spreading very complex rules across multiple groups to allow them to be processed in parallel is also a common use-case.
+groups is a list of grouped alerting rules.  Rule groups are the unit at
+which Prometheus parallelizes rule processing.  All rules in a single group
+share a configured evaluation interval.  All rules in the group will be
+processed together on this interval, sequentially, and all rules will be
+processed.
+
+It's common to group related alerting rules into a single AlertingRule
+resources, and within that resource, closely related alerts, or simply
+alerts with the same interval, into individual groups.  You are also free
+to create AlertingRule resources with only a single rule group, but be
+aware that this can have a performance impact on Prometheus if the group is
+extremely large or has very complex query expressions to evaluate.
+Spreading very complex rules across multiple groups to allow them to be
+processed in parallel is also a common use-case.
 --
 
 Type::
@@ -117,7 +158,12 @@ Required::
 
 | `interval`
 | `string`
-| interval is how often rules in the group are evaluated.  If not specified, it defaults to the global.evaluation_interval configured in Prometheus, which itself defaults to 30 seconds.  You can check if this value has been modified from the default on your cluster by inspecting the platform Prometheus configuration: The relevant field in that resource is: spec.evaluationInterval
+| interval is how often rules in the group are evaluated.  If not specified,
+it defaults to the global.evaluation_interval configured in Prometheus,
+which itself defaults to 30 seconds.  You can check if this value has been
+modified from the default on your cluster by inspecting the platform
+Prometheus configuration:
+The relevant field in that resource is: spec.evaluationInterval
 
 | `name`
 | `string`
@@ -125,18 +171,24 @@ Required::
 
 | `rules`
 | `array`
-| rules is a list of sequentially evaluated alerting rules.  Prometheus may process rule groups in parallel, but rules within a single group are always processed sequentially, and all rules are processed.
+| rules is a list of sequentially evaluated alerting rules.  Prometheus may
+process rule groups in parallel, but rules within a single group are always
+processed sequentially, and all rules are processed.
 
 | `rules[]`
 | `object`
-| Rule describes an alerting rule. See Prometheus documentation: - https://www.prometheus.io/docs/prometheus/latest/configuration/alerting_rules
+| Rule describes an alerting rule.
+See Prometheus documentation:
+- https://www.prometheus.io/docs/prometheus/latest/configuration/alerting_rules
 
 |===
 === .spec.groups[].rules
 Description::
 +
 --
-rules is a list of sequentially evaluated alerting rules.  Prometheus may process rule groups in parallel, but rules within a single group are always processed sequentially, and all rules are processed.
+rules is a list of sequentially evaluated alerting rules.  Prometheus may
+process rule groups in parallel, but rules within a single group are always
+processed sequentially, and all rules are processed.
 --
 
 Type::
@@ -149,7 +201,9 @@ Type::
 Description::
 +
 --
-Rule describes an alerting rule. See Prometheus documentation: - https://www.prometheus.io/docs/prometheus/latest/configuration/alerting_rules
+Rule describes an alerting rule.
+See Prometheus documentation:
+- https://www.prometheus.io/docs/prometheus/latest/configuration/alerting_rules
 --
 
 Type::
@@ -167,23 +221,41 @@ Required::
 
 | `alert`
 | `string`
-| alert is the name of the alert. Must be a valid label value, i.e. may contain any Unicode character.
+| alert is the name of the alert. Must be a valid label value, i.e. may
+contain any Unicode character.
 
 | `annotations`
 | `object (string)`
-| annotations to add to each alert.  These are values that can be used to store longer additional information that you won't query on, such as alert descriptions or runbook links.
+| annotations to add to each alert.  These are values that can be used to
+store longer additional information that you won't query on, such as alert
+descriptions or runbook links.
 
 | `expr`
 | `integer-or-string`
-| expr is the PromQL expression to evaluate. Every evaluation cycle this is evaluated at the current time, and all resultant time series become pending or firing alerts.  This is most often a string representing a PromQL expression, e.g.: mapi_current_pending_csr > mapi_max_pending_csr In rare cases this could be a simple integer, e.g. a simple "1" if the intent is to create an alert that is always firing.  This is sometimes used to create an always-firing "Watchdog" alert in order to ensure the alerting pipeline is functional.
+| expr is the PromQL expression to evaluate. Every evaluation cycle this is
+evaluated at the current time, and all resultant time series become pending
+or firing alerts.  This is most often a string representing a PromQL
+expression, e.g.: mapi_current_pending_csr > mapi_max_pending_csr
+In rare cases this could be a simple integer, e.g. a simple "1" if the
+intent is to create an alert that is always firing.  This is sometimes used
+to create an always-firing "Watchdog" alert in order to ensure the alerting
+pipeline is functional.
 
 | `for`
 | `string`
-| for is the time period after which alerts are considered firing after first returning results.  Alerts which have not yet fired for long enough are considered pending.
+| for is the time period after which alerts are considered firing after first
+returning results.  Alerts which have not yet fired for long enough are
+considered pending.
 
 | `labels`
 | `object (string)`
-| labels to add or overwrite for each alert.  The results of the PromQL expression for the alert will result in an existing set of labels for the alert, after evaluating the expression, for any label specified here with the same name as a label in that set, the label here wins and overwrites the previous value.  These should typically be short identifying values that may be useful to query against.  A common example is the alert severity, where one sets `severity: warning` under the `labels` key:
+| labels to add or overwrite for each alert.  The results of the PromQL
+expression for the alert will result in an existing set of labels for the
+alert, after evaluating the expression, for any label specified here with
+the same name as a label in that set, the label here wins and overwrites
+the previous value.  These should typically be short identifying values
+that may be useful to query against.  A common example is the alert
+severity, where one sets `severity: warning` under the `labels` key:
 
 |===
 === .status
@@ -209,14 +281,18 @@ Type::
 
 | `prometheusRule`
 | `object`
-| prometheusRule is the generated PrometheusRule for this AlertingRule.  Each AlertingRule instance results in a generated PrometheusRule object in the same namespace, which is always the openshift-monitoring namespace.
+| prometheusRule is the generated PrometheusRule for this AlertingRule.  Each
+AlertingRule instance results in a generated PrometheusRule object in the
+same namespace, which is always the openshift-monitoring namespace.
 
 |===
 === .status.prometheusRule
 Description::
 +
 --
-prometheusRule is the generated PrometheusRule for this AlertingRule.  Each AlertingRule instance results in a generated PrometheusRule object in the same namespace, which is always the openshift-monitoring namespace.
+prometheusRule is the generated PrometheusRule for this AlertingRule.  Each
+AlertingRule instance results in a generated PrometheusRule object in the
+same namespace, which is always the openshift-monitoring namespace.
 --
 
 Type::
diff --git a/rest_api/monitoring_apis/alertmanager-monitoring-coreos-com-v1.adoc b/rest_api/monitoring_apis/alertmanager-monitoring-coreos-com-v1.adoc
index b656250cf5..20d18a5f14 100644
--- a/rest_api/monitoring_apis/alertmanager-monitoring-coreos-com-v1.adoc
+++ b/rest_api/monitoring_apis/alertmanager-monitoring-coreos-com-v1.adoc
@@ -11,7 +11,11 @@ toc::[]
 Description::
 +
 --
-Alertmanager describes an Alertmanager cluster.
+The `Alertmanager` custom resource definition (CRD) defines a desired [Alertmanager](https://prometheus.io/docs/alerting) setup to run in a Kubernetes cluster. It allows to specify many options such as the number of replicas, persistent storage and many more.
+
+For each `Alertmanager` resource, the Operator deploys a `StatefulSet` in the same namespace. When there are two or more configured replicas, the Operator runs the Alertmanager instances in high-availability mode.
+
+The resource defines via label and namespace selectors which `AlertmanagerConfig` objects should be associated to the deployed Alertmanager instances.
 --
 
 Type::
@@ -79,8 +83,8 @@ Type::
 
 | `alertmanagerConfigMatcherStrategy`
 | `object`
-| The AlertmanagerConfigMatcherStrategy defines how AlertmanagerConfig objects match the alerts.
-In the future more options may be added.
+| AlertmanagerConfigMatcherStrategy defines how AlertmanagerConfig objects
+process incoming alerts.
 
 | `alertmanagerConfigNamespaceSelector`
 | `object`
@@ -95,10 +99,8 @@ check own namespace.
 | `object`
 | alertmanagerConfiguration specifies the configuration of Alertmanager.
 
-
 If defined, it takes precedence over the `configSecret` field.
 
-
 This is an *experimental feature*, it may change in any upcoming release
 in a breaking way.
 
@@ -148,13 +150,11 @@ The ConfigMaps are mounted into `/etc/alertmanager/configmaps/<configmap-name>`
 Alertmanager object, which contains the configuration for this Alertmanager
 instance. If empty, it defaults to `alertmanager-<alertmanager-name>`.
 
-
 The Alertmanager configuration should be available under the
 `alertmanager.yaml` key. Additional keys from the original secret are
 copied to the generated secret and mounted into the
 `/etc/alertmanager/config` directory in the `alertmanager` container.
 
-
 If either the secret or the `alertmanager.yaml` key is missing, the
 operator provisions a minimal Alertmanager configuration with one empty
 receiver (effectively dropping alert notifications).
@@ -174,6 +174,14 @@ this behaviour may break at any time without notice.
 | `object`
 | A single application container that you want to run within a pod.
 
+| `dnsConfig`
+| `object`
+| Defines the DNS configuration for the pods.
+
+| `dnsPolicy`
+| `string`
+| Defines the DNS policy for the pods.
+
 | `enableFeatures`
 | `array (string)`
 | Enable access to Alertmanager feature flags. By default, no features are enabled.
@@ -181,7 +189,6 @@ Enabling features which are disabled by default is entirely outside the
 scope of what the maintainers will support and by doing so, you accept
 that this behaviour may break at any time without notice.
 
-
 It requires Alertmanager >= 0.27.0.
 
 | `externalUrl`
@@ -277,7 +284,6 @@ goint to be performed, except for delete actions.
 | `object`
 | PodMetadata configures labels and annotations which are propagated to the Alertmanager pods.
 
-
 The following items are reserved and cannot be overridden:
 * "alertmanager" label, set to the name of the Alertmanager instance.
 * "app.kubernetes.io/instance" label, set to the name of the Alertmanager instance.
@@ -989,7 +995,7 @@ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incomin
 pod labels will be ignored. The default value is empty.
 The same key is forbidden to exist in both matchLabelKeys and labelSelector.
 Also, matchLabelKeys cannot be set when labelSelector isn't set.
-This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `mismatchLabelKeys`
 | `array (string)`
@@ -1001,7 +1007,7 @@ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incomin
 pod labels will be ignored. The default value is empty.
 The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
 Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
-This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `namespaceSelector`
 | `object`
@@ -1258,7 +1264,7 @@ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incomin
 pod labels will be ignored. The default value is empty.
 The same key is forbidden to exist in both matchLabelKeys and labelSelector.
 Also, matchLabelKeys cannot be set when labelSelector isn't set.
-This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `mismatchLabelKeys`
 | `array (string)`
@@ -1270,7 +1276,7 @@ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incomin
 pod labels will be ignored. The default value is empty.
 The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
 Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
-This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `namespaceSelector`
 | `object`
@@ -1607,7 +1613,7 @@ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incomin
 pod labels will be ignored. The default value is empty.
 The same key is forbidden to exist in both matchLabelKeys and labelSelector.
 Also, matchLabelKeys cannot be set when labelSelector isn't set.
-This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `mismatchLabelKeys`
 | `array (string)`
@@ -1619,7 +1625,7 @@ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incomin
 pod labels will be ignored. The default value is empty.
 The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
 Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
-This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `namespaceSelector`
 | `object`
@@ -1876,7 +1882,7 @@ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incomin
 pod labels will be ignored. The default value is empty.
 The same key is forbidden to exist in both matchLabelKeys and labelSelector.
 Also, matchLabelKeys cannot be set when labelSelector isn't set.
-This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `mismatchLabelKeys`
 | `array (string)`
@@ -1888,7 +1894,7 @@ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incomin
 pod labels will be ignored. The default value is empty.
 The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
 Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
-This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `namespaceSelector`
 | `object`
@@ -2091,8 +2097,8 @@ merge patch.
 Description::
 +
 --
-The AlertmanagerConfigMatcherStrategy defines how AlertmanagerConfig objects match the alerts.
-In the future more options may be added.
+AlertmanagerConfigMatcherStrategy defines how AlertmanagerConfig objects
+process incoming alerts.
 --
 
 Type::
@@ -2107,9 +2113,11 @@ Type::
 
 | `type`
 | `string`
-| If set to `OnNamespace`, the operator injects a label matcher matching the namespace of the AlertmanagerConfig object for all its routes and inhibition rules.
-`None` will not add any additional matchers other than the ones specified in the AlertmanagerConfig.
-Default is `OnNamespace`.
+| AlertmanagerConfigMatcherStrategyType defines the strategy used by
+AlertmanagerConfig objects to match alerts in the routes and inhibition
+rules.
+
+The default value is `OnNamespace`.
 
 |===
 === .spec.alertmanagerConfigNamespaceSelector
@@ -2287,10 +2295,8 @@ Description::
 --
 alertmanagerConfiguration specifies the configuration of Alertmanager.
 
-
 If defined, it takes precedence over the `configSecret` field.
 
-
 This is an *experimental feature*, it may change in any upcoming release
 in a breaking way.
 --
@@ -2410,13 +2416,42 @@ object and accessible by the Prometheus Operator.
 | `boolean`
 | FollowRedirects specifies whether the client should follow HTTP 3xx redirects.
 
+| `noProxy`
+| `string`
+| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names
+that should be excluded from proxying. IP and domain names can
+contain port numbers.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
 | `oauth2`
 | `object`
 | OAuth2 client credentials used to fetch a token for the targets.
 
-| `proxyURL`
+| `proxyConnectHeader`
+| `object`
+| ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyConnectHeader{}`
+| `array`
+| 
+
+| `proxyConnectHeader{}[]`
+| `object`
+| SecretKeySelector selects a key of a Secret.
+
+| `proxyFromEnvironment`
+| `boolean`
+| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyUrl`
 | `string`
-| Optional proxy URL.
+| `proxyURL` defines the HTTP proxy server to use.
 
 | `tlsConfig`
 | `object`
@@ -2449,10 +2484,8 @@ Type::
 | `string`
 | Defines the authentication type. The value is case-insensitive.
 
-
 "Basic" is not a supported value.
 
-
 Default: "Bearer"
 
 |===
@@ -2485,9 +2518,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -2553,9 +2584,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -2592,9 +2621,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -2633,9 +2660,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -2678,10 +2703,48 @@ client's secret.
 | `endpointParams` configures the HTTP parameters to append to the token
 URL.
 
+| `noProxy`
+| `string`
+| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names
+that should be excluded from proxying. IP and domain names can
+contain port numbers.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyConnectHeader`
+| `object`
+| ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyConnectHeader{}`
+| `array`
+| 
+
+| `proxyConnectHeader{}[]`
+| `object`
+| SecretKeySelector selects a key of a Secret.
+
+| `proxyFromEnvironment`
+| `boolean`
+| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyUrl`
+| `string`
+| `proxyURL` defines the HTTP proxy server to use.
+
 | `scopes`
 | `array (string)`
 | `scopes` defines the OAuth2 scopes used for the token request.
 
+| `tlsConfig`
+| `object`
+| TLS configuration to use when connecting to the OAuth2 server.
+It requires Prometheus >= v2.43.0.
+
 | `tokenUrl`
 | `string`
 | `tokenURL` configures the URL to fetch the token from.
@@ -2743,9 +2806,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -2781,9 +2842,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -2820,9 +2879,420 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.alertmanagerConfiguration.global.httpConfig.oauth2.proxyConnectHeader
+Description::
++
+--
+ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+--
+
+Type::
+  `object`
+
+
+
+
+=== .spec.alertmanagerConfiguration.global.httpConfig.oauth2.proxyConnectHeader{}
+Description::
++
+--
+
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.alertmanagerConfiguration.global.httpConfig.oauth2.proxyConnectHeader{}[]
+Description::
++
+--
+SecretKeySelector selects a key of a Secret.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.alertmanagerConfiguration.global.httpConfig.oauth2.tlsConfig
+Description::
++
+--
+TLS configuration to use when connecting to the OAuth2 server.
+It requires Prometheus >= v2.43.0.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `ca`
+| `object`
+| Certificate authority used when verifying server certificates.
+
+| `cert`
+| `object`
+| Client certificate to present when doing client-authentication.
+
+| `insecureSkipVerify`
+| `boolean`
+| Disable target certificate validation.
+
+| `keySecret`
+| `object`
+| Secret containing the client key file for the targets.
+
+| `maxVersion`
+| `string`
+| Maximum acceptable TLS version.
+
+It requires Prometheus >= v2.41.0.
+
+| `minVersion`
+| `string`
+| Minimum acceptable TLS version.
+
+It requires Prometheus >= v2.35.0.
+
+| `serverName`
+| `string`
+| Used to verify the hostname for the targets.
+
+|===
+=== .spec.alertmanagerConfiguration.global.httpConfig.oauth2.tlsConfig.ca
+Description::
++
+--
+Certificate authority used when verifying server certificates.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMap`
+| `object`
+| ConfigMap containing data to use for the targets.
+
+| `secret`
+| `object`
+| Secret containing data to use for the targets.
+
+|===
+=== .spec.alertmanagerConfiguration.global.httpConfig.oauth2.tlsConfig.ca.configMap
+Description::
++
+--
+ConfigMap containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key to select.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
+
+|===
+=== .spec.alertmanagerConfiguration.global.httpConfig.oauth2.tlsConfig.ca.secret
+Description::
++
+--
+Secret containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.alertmanagerConfiguration.global.httpConfig.oauth2.tlsConfig.cert
+Description::
++
+--
+Client certificate to present when doing client-authentication.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMap`
+| `object`
+| ConfigMap containing data to use for the targets.
+
+| `secret`
+| `object`
+| Secret containing data to use for the targets.
+
+|===
+=== .spec.alertmanagerConfiguration.global.httpConfig.oauth2.tlsConfig.cert.configMap
+Description::
++
+--
+ConfigMap containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key to select.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
+
+|===
+=== .spec.alertmanagerConfiguration.global.httpConfig.oauth2.tlsConfig.cert.secret
+Description::
++
+--
+Secret containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.alertmanagerConfiguration.global.httpConfig.oauth2.tlsConfig.keySecret
+Description::
++
+--
+Secret containing the client key file for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.alertmanagerConfiguration.global.httpConfig.proxyConnectHeader
+Description::
++
+--
+ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+--
+
+Type::
+  `object`
+
+
+
+
+=== .spec.alertmanagerConfiguration.global.httpConfig.proxyConnectHeader{}
+Description::
++
+--
+
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.alertmanagerConfiguration.global.httpConfig.proxyConnectHeader{}[]
+Description::
++
+--
+SecretKeySelector selects a key of a Secret.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 
 | `optional`
 | `boolean`
@@ -2862,6 +3332,18 @@ Type::
 | `object`
 | Secret containing the client key file for the targets.
 
+| `maxVersion`
+| `string`
+| Maximum acceptable TLS version.
+
+It requires Prometheus >= v2.41.0.
+
+| `minVersion`
+| `string`
+| Minimum acceptable TLS version.
+
+It requires Prometheus >= v2.35.0.
+
 | `serverName`
 | `string`
 | Used to verify the hostname for the targets.
@@ -2922,9 +3404,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -2960,9 +3440,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -3024,9 +3502,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -3062,9 +3538,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -3100,9 +3574,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -3138,9 +3610,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -3176,9 +3646,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -3214,9 +3682,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -3303,9 +3769,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -3341,9 +3805,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -3447,9 +3909,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -3485,9 +3945,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -3864,9 +4322,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -3964,9 +4420,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -4044,9 +4498,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -4076,9 +4528,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -4682,7 +5132,6 @@ Required::
 | Service is the name of the service to place in the gRPC HealthCheckRequest
 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
 
-
 If this is not specified, the default behavior is defined by gRPC.
 
 |===
@@ -5003,7 +5452,6 @@ Required::
 | Service is the name of the service to place in the gRPC HealthCheckRequest
 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
 
-
 If this is not specified, the default behavior is defined by gRPC.
 
 |===
@@ -5196,11 +5644,9 @@ Type::
 | Claims lists the names of resources, defined in spec.resourceClaims,
 that are used by this container.
 
-
 This is an alpha field and requires enabling the
 DynamicResourceAllocation feature gate.
 
-
 This field is immutable. It can only be set for containers.
 
 | `claims[]`
@@ -5227,11 +5673,9 @@ Description::
 Claims lists the names of resources, defined in spec.resourceClaims,
 that are used by this container.
 
-
 This is an alpha field and requires enabling the
 DynamicResourceAllocation feature gate.
 
-
 This field is immutable. It can only be set for containers.
 --
 
@@ -5266,6 +5710,12 @@ Required::
 the Pod where this field is used. It makes that resource available
 inside a container.
 
+| `request`
+| `string`
+| Request is the name chosen for a request in the referenced claim.
+If empty, everything from the claim is made available, otherwise
+only the result of this request.
+
 |===
 === .spec.containers[].securityContext
 Description::
@@ -5318,7 +5768,7 @@ Note that this field cannot be set when spec.os.name is windows.
 | `procMount`
 | `string`
 | procMount denotes the type of proc mount to use for the containers.
-The default is DefaultProcMount which uses the container runtime defaults for
+The default value is Default which uses the container runtime defaults for
 readonly paths and masked paths.
 This requires the ProcMountType feature flag to be enabled.
 Note that this field cannot be set when spec.os.name is windows.
@@ -5514,7 +5964,6 @@ Must be set if type is "Localhost". Must NOT be set for any other type.
 | type indicates which kind of seccomp profile will be applied.
 Valid options are:
 
-
 Localhost - a profile defined in a file on the node should be used.
 RuntimeDefault - the container runtime default profile should be used.
 Unconfined - no profile should be applied.
@@ -5698,7 +6147,6 @@ Required::
 | Service is the name of the service to place in the gRPC HealthCheckRequest
 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
 
-
 If this is not specified, the default behavior is defined by gRPC.
 
 |===
@@ -5927,10 +6375,8 @@ Defaults to false.
 | RecursiveReadOnly specifies whether read-only mounts should be handled
 recursively.
 
-
 If ReadOnly is false, this field has no meaning and must be unspecified.
 
-
 If ReadOnly is true, and this field is set to Disabled, the mount is not made
 recursively read-only.  If this field is set to IfPossible, the mount is made
 recursively read-only, if it is supported by the container runtime.  If this
@@ -5938,11 +6384,9 @@ field is set to Enabled, the mount is made recursively read-only if it is
 supported by the container runtime, otherwise the pod will not be started and
 an error will be generated to indicate the reason.
 
-
 If this field is set to IfPossible or Enabled, MountPropagation must be set to
 None (or be unspecified, which defaults to None).
 
-
 If this field is not specified, it is treated as an equivalent of Disabled.
 
 | `subPath`
@@ -5957,6 +6401,89 @@ Behaves similarly to SubPath but environment variable references $(VAR_NAME) are
 Defaults to "" (volume's root).
 SubPathExpr and SubPath are mutually exclusive.
 
+|===
+=== .spec.dnsConfig
+Description::
++
+--
+Defines the DNS configuration for the pods.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `nameservers`
+| `array (string)`
+| A list of DNS name server IP addresses.
+This will be appended to the base nameservers generated from DNSPolicy.
+
+| `options`
+| `array`
+| A list of DNS resolver options.
+This will be merged with the base options generated from DNSPolicy.
+Resolution options given in Options
+will override those that appear in the base DNSPolicy.
+
+| `options[]`
+| `object`
+| PodDNSConfigOption defines DNS resolver options of a pod.
+
+| `searches`
+| `array (string)`
+| A list of DNS search domains for host-name lookup.
+This will be appended to the base search paths generated from DNSPolicy.
+
+|===
+=== .spec.dnsConfig.options
+Description::
++
+--
+A list of DNS resolver options.
+This will be merged with the base options generated from DNSPolicy.
+Resolution options given in Options
+will override those that appear in the base DNSPolicy.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.dnsConfig.options[]
+Description::
++
+--
+PodDNSConfigOption defines DNS resolver options of a pod.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name is required and must be unique.
+
+| `value`
+| `string`
+| Value is optional.
+
 |===
 === .spec.hostAliases
 Description::
@@ -6040,9 +6567,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 |===
 === .spec.initContainers
@@ -6416,9 +6941,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -6516,9 +7039,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -6596,9 +7117,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -6628,9 +7147,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -7234,7 +7751,6 @@ Required::
 | Service is the name of the service to place in the gRPC HealthCheckRequest
 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
 
-
 If this is not specified, the default behavior is defined by gRPC.
 
 |===
@@ -7555,7 +8071,6 @@ Required::
 | Service is the name of the service to place in the gRPC HealthCheckRequest
 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
 
-
 If this is not specified, the default behavior is defined by gRPC.
 
 |===
@@ -7748,11 +8263,9 @@ Type::
 | Claims lists the names of resources, defined in spec.resourceClaims,
 that are used by this container.
 
-
 This is an alpha field and requires enabling the
 DynamicResourceAllocation feature gate.
 
-
 This field is immutable. It can only be set for containers.
 
 | `claims[]`
@@ -7779,11 +8292,9 @@ Description::
 Claims lists the names of resources, defined in spec.resourceClaims,
 that are used by this container.
 
-
 This is an alpha field and requires enabling the
 DynamicResourceAllocation feature gate.
 
-
 This field is immutable. It can only be set for containers.
 --
 
@@ -7818,6 +8329,12 @@ Required::
 the Pod where this field is used. It makes that resource available
 inside a container.
 
+| `request`
+| `string`
+| Request is the name chosen for a request in the referenced claim.
+If empty, everything from the claim is made available, otherwise
+only the result of this request.
+
 |===
 === .spec.initContainers[].securityContext
 Description::
@@ -7870,7 +8387,7 @@ Note that this field cannot be set when spec.os.name is windows.
 | `procMount`
 | `string`
 | procMount denotes the type of proc mount to use for the containers.
-The default is DefaultProcMount which uses the container runtime defaults for
+The default value is Default which uses the container runtime defaults for
 readonly paths and masked paths.
 This requires the ProcMountType feature flag to be enabled.
 Note that this field cannot be set when spec.os.name is windows.
@@ -8066,7 +8583,6 @@ Must be set if type is "Localhost". Must NOT be set for any other type.
 | type indicates which kind of seccomp profile will be applied.
 Valid options are:
 
-
 Localhost - a profile defined in a file on the node should be used.
 RuntimeDefault - the container runtime default profile should be used.
 Unconfined - no profile should be applied.
@@ -8250,7 +8766,6 @@ Required::
 | Service is the name of the service to place in the gRPC HealthCheckRequest
 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
 
-
 If this is not specified, the default behavior is defined by gRPC.
 
 |===
@@ -8479,10 +8994,8 @@ Defaults to false.
 | RecursiveReadOnly specifies whether read-only mounts should be handled
 recursively.
 
-
 If ReadOnly is false, this field has no meaning and must be unspecified.
 
-
 If ReadOnly is true, and this field is set to Disabled, the mount is not made
 recursively read-only.  If this field is set to IfPossible, the mount is made
 recursively read-only, if it is supported by the container runtime.  If this
@@ -8490,11 +9003,9 @@ field is set to Enabled, the mount is made recursively read-only if it is
 supported by the container runtime, otherwise the pod will not be started and
 an error will be generated to indicate the reason.
 
-
 If this field is set to IfPossible or Enabled, MountPropagation must be set to
 None (or be unspecified, which defaults to None).
 
-
 If this field is not specified, it is treated as an equivalent of Disabled.
 
 | `subPath`
@@ -8516,7 +9027,6 @@ Description::
 --
 PodMetadata configures labels and annotations which are propagated to the Alertmanager pods.
 
-
 The following items are reserved and cannot be overridden:
 * "alertmanager" label, set to the name of the Alertmanager instance.
 * "app.kubernetes.io/instance" label, set to the name of the Alertmanager instance.
@@ -8582,11 +9092,9 @@ Type::
 | Claims lists the names of resources, defined in spec.resourceClaims,
 that are used by this container.
 
-
 This is an alpha field and requires enabling the
 DynamicResourceAllocation feature gate.
 
-
 This field is immutable. It can only be set for containers.
 
 | `claims[]`
@@ -8613,11 +9121,9 @@ Description::
 Claims lists the names of resources, defined in spec.resourceClaims,
 that are used by this container.
 
-
 This is an alpha field and requires enabling the
 DynamicResourceAllocation feature gate.
 
-
 This field is immutable. It can only be set for containers.
 --
 
@@ -8652,6 +9158,12 @@ Required::
 the Pod where this field is used. It makes that resource available
 inside a container.
 
+| `request`
+| `string`
+| Request is the name chosen for a request in the referenced claim.
+If empty, everything from the claim is made available, otherwise
+only the result of this request.
+
 |===
 === .spec.securityContext
 Description::
@@ -8682,12 +9194,10 @@ Note that this field cannot be set when spec.os.name is windows.
 Some volume types allow the Kubelet to change the ownership of that volume
 to be owned by the pod:
 
-
 1. The owning GID will be the FSGroup
 2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
 3. The permission bits are OR'd with rw-rw----
 
-
 If unset, the Kubelet will not modify the ownership and permissions of any volume.
 Note that this field cannot be set when spec.os.name is windows.
 
@@ -8744,12 +9254,22 @@ Note that this field cannot be set when spec.os.name is windows.
 
 | `supplementalGroups`
 | `array (integer)`
-| A list of groups applied to the first process run in each container, in addition
-to the container's primary GID, the fsGroup (if specified), and group memberships
-defined in the container image for the uid of the container process. If unspecified,
-no additional groups are added to any container. Note that group memberships
-defined in the container image for the uid of the container process are still effective,
-even if they are not included in this list.
+| A list of groups applied to the first process run in each container, in
+addition to the container's primary GID and fsGroup (if specified).  If
+the SupplementalGroupsPolicy feature is enabled, the
+supplementalGroupsPolicy field determines whether these are in addition
+to or instead of any group memberships defined in the container image.
+If unspecified, no additional groups are added, though group memberships
+defined in the container image may still be used, depending on the
+supplementalGroupsPolicy field.
+Note that this field cannot be set when spec.os.name is windows.
+
+| `supplementalGroupsPolicy`
+| `string`
+| Defines how supplemental groups of the first container processes are calculated.
+Valid values are "Merge" and "Strict". If not specified, "Merge" is used.
+(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled
+and the container runtime must implement support for this feature.
 Note that this field cannot be set when spec.os.name is windows.
 
 | `sysctls`
@@ -8877,7 +9397,6 @@ Must be set if type is "Localhost". Must NOT be set for any other type.
 | type indicates which kind of seccomp profile will be applied.
 Valid options are:
 
-
 Localhost - a profile defined in a file on the node should be used.
 RuntimeDefault - the container runtime default profile should be used.
 Unconfined - no profile should be applied.
@@ -9080,7 +9599,6 @@ pod.  The name of the PVC will be `<pod name>-<volume name>` where
 entry. Pod validation will reject the pod if the concatenated name
 is not valid for a PVC (for example, too long).
 
-
 An existing PVC with that name that is not owned by the pod
 will *not* be used for the pod to avoid using an unrelated
 volume by mistake. Starting the pod is then blocked until
@@ -9090,11 +9608,9 @@ owner reference to the pod once the pod exists. Normally
 this should not be necessary, but it may be useful when
 manually reconstructing a broken cluster.
 
-
 This field is read-only and no changes will be made by Kubernetes
 to the PVC after it has been created.
 
-
 Required, must not be nil.
 
 |===
@@ -9110,7 +9626,6 @@ pod.  The name of the PVC will be `<pod name>-<volume name>` where
 entry. Pod validation will reject the pod if the concatenated name
 is not valid for a PVC (for example, too long).
 
-
 An existing PVC with that name that is not owned by the pod
 will *not* be used for the pod to avoid using an unrelated
 volume by mistake. Starting the pod is then blocked until
@@ -9120,11 +9635,9 @@ owner reference to the pod once the pod exists. Normally
 this should not be necessary, but it may be useful when
 manually reconstructing a broken cluster.
 
-
 This field is read-only and no changes will be made by Kubernetes
 to the PVC after it has been created.
 
-
 Required, must not be nil.
 --
 
@@ -9261,7 +9774,7 @@ If the resource referred to by volumeAttributesClass does not exist, this Persis
 set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource
 exists.
 More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/
-(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
+(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
 
 | `volumeMode`
 | `string`
@@ -9675,7 +10188,7 @@ If the resource referred to by volumeAttributesClass does not exist, this Persis
 set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource
 exists.
 More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/
-(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
+(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
 
 | `volumeMode`
 | `string`
@@ -9942,7 +10455,6 @@ Key names follow standard Kubernetes label syntax. Valid values are either:
 Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered
 reserved and hence may not be used.
 
-
 ClaimResourceStatus can be in any of following states:
 	- ControllerResizeInProgress:
 		State set when resize controller starts resizing the volume in control-plane.
@@ -9964,13 +10476,11 @@ For example: if expanding a PVC for more capacity - this field can be one of the
      - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeFailed"
 When this field is not set, it means that no resize operation is in progress for the given PVC.
 
-
 A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus
 should ignore the update for the purpose it was designed. For example - a controller that
 only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid
 resources associated with PVC.
 
-
 This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
 
 | `allocatedResources`
@@ -9983,7 +10493,6 @@ Key names follow standard Kubernetes label syntax. Valid values are either:
 Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered
 reserved and hence may not be used.
 
-
 Capacity reported here may be larger than the actual capacity when a volume expansion operation
 is requested.
 For storage quota, the larger value from allocatedResources and PVC.spec.resources is used.
@@ -9992,13 +10501,11 @@ If a volume expansion capacity request is lowered, allocatedResources is only
 lowered if there are no expansion operations in progress and if the actual volume capacity
 is equal or lower than the requested capacity.
 
-
 A controller that receives PVC update with previously unknown resourceName
 should ignore the update for the purpose it was designed. For example - a controller that
 only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid
 resources associated with PVC.
 
-
 This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
 
 | `capacity`
@@ -10018,13 +10525,13 @@ resized then the Condition will be set to 'Resizing'.
 | `string`
 | currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.
 When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim
-This is an alpha field and requires enabling VolumeAttributesClass feature.
+This is a beta field and requires enabling VolumeAttributesClass feature (off by default).
 
 | `modifyVolumeStatus`
 | `object`
 | ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.
 When this is unset, there is no ModifyVolume operation being attempted.
-This is an alpha field and requires enabling VolumeAttributesClass feature.
+This is a beta field and requires enabling VolumeAttributesClass feature (off by default).
 
 | `phase`
 | `string`
@@ -10089,7 +10596,15 @@ persistent volume is being resized.
 
 | `type`
 | `string`
-| PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type
+| PersistentVolumeClaimConditionType defines the condition of PV claim.
+Valid values are:
+  - "Resizing", "FileSystemResizePending"
+
+If RecoverVolumeExpansionFailure feature gate is enabled, then following additional values can be expected:
+  - "ControllerResizeError", "NodeResizeError"
+
+If VolumeAttributesClass feature gate is enabled, then following additional values can be expected:
+  - "ModifyVolumeError", "ModifyingVolume"
 
 |===
 === .spec.storage.volumeClaimTemplate.status.modifyVolumeStatus
@@ -10098,7 +10613,7 @@ Description::
 --
 ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.
 When this is unset, there is no ModifyVolume operation being attempted.
-This is an alpha field and requires enabling VolumeAttributesClass feature.
+This is a beta field and requires enabling VolumeAttributesClass feature (off by default).
 --
 
 Type::
@@ -10243,7 +10758,6 @@ MatchLabelKeys cannot be set when LabelSelector isn't set.
 Keys that don't exist in the incoming pod labels will
 be ignored. A null or empty list means only match against labelSelector.
 
-
 This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
 
 | `maxSkew`
@@ -10279,7 +10793,6 @@ If value is nil, the constraint behaves as if MinDomains is equal to 1.
 Valid values are integers greater than 0.
 When value is not nil, WhenUnsatisfiable must be DoNotSchedule.
 
-
 For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same
 labelSelector spread as 2/2/2:
 \| zone1 \| zone2 \| zone3 \|
@@ -10296,7 +10809,6 @@ when calculating pod topology spread skew. Options are:
 - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.
 - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.
 
-
 If this value is nil, the behavior is equivalent to the Honor policy.
 This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
 
@@ -10308,7 +10820,6 @@ pod topology spread skew. Options are:
 has a toleration, are included.
 - Ignore: node taints are ignored. All nodes are included.
 
-
 If this value is nil, the behavior is equivalent to the Ignore policy.
 This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
 
@@ -10496,10 +11007,8 @@ Defaults to false.
 | RecursiveReadOnly specifies whether read-only mounts should be handled
 recursively.
 
-
 If ReadOnly is false, this field has no meaning and must be unspecified.
 
-
 If ReadOnly is true, and this field is set to Disabled, the mount is not made
 recursively read-only.  If this field is set to IfPossible, the mount is made
 recursively read-only, if it is supported by the container runtime.  If this
@@ -10507,11 +11016,9 @@ field is set to Enabled, the mount is made recursively read-only if it is
 supported by the container runtime, otherwise the pod will not be started and
 an error will be generated to indicate the reason.
 
-
 If this field is set to IfPossible or Enabled, MountPropagation must be set to
 None (or be unspecified, which defaults to None).
 
-
 If this field is not specified, it is treated as an equivalent of Disabled.
 
 | `subPath`
@@ -10607,7 +11114,6 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
 The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,
 and deleted when the pod is removed.
 
-
 Use this if:
 a) the volume is only needed while the pod runs,
 b) features of normal volumes like restoring from snapshot or capacity
@@ -10618,17 +11124,14 @@ d) the storage driver supports dynamic volume provisioning through
    information on the connection between this volume type
    and PersistentVolumeClaim).
 
-
 Use PersistentVolumeClaim or one of the vendor-specific
 APIs for volumes that persist for longer than the lifecycle
 of an individual pod.
 
-
 Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to
 be used that way - see the documentation of the driver for
 more information.
 
-
 A pod can use both types of ephemeral volumes and
 persistent volumes at the same time.
 
@@ -10670,9 +11173,23 @@ machine that is directly exposed to the container. This is generally
 used for system agents or other privileged things that are allowed
 to see the host machine. Most containers will NOT need this.
 More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
----
-TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not
-mount host directories as read/write.
+
+| `image`
+| `object`
+| image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.
+The volume is resolved at pod startup depending on which PullPolicy value is provided:
+
+- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.
+- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.
+- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.
+
+The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.
+A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.
+The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.
+The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.
+The volume will be mounted read-only (ro) and non-executable files (noexec).
+Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).
+The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.
 
 | `iscsi`
 | `object`
@@ -10763,7 +11280,6 @@ Required::
 Tip: Ensure that the filesystem type is supported by the host operating system.
 Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
-TODO: how do we prevent errors in the filesystem from compromising the machine
 
 | `partition`
 | `integer`
@@ -10939,9 +11455,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 |===
 === .spec.volumes[].cinder
@@ -11012,9 +11526,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 |===
 === .spec.volumes[].configMap
@@ -11064,9 +11576,7 @@ relative and may not contain the '..' path or start with '..'.
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -11209,9 +11719,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 |===
 === .spec.volumes[].downwardAPI
@@ -11410,7 +11918,6 @@ ephemeral represents a volume that is handled by a cluster storage driver.
 The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,
 and deleted when the pod is removed.
 
-
 Use this if:
 a) the volume is only needed while the pod runs,
 b) features of normal volumes like restoring from snapshot or capacity
@@ -11421,17 +11928,14 @@ d) the storage driver supports dynamic volume provisioning through
    information on the connection between this volume type
    and PersistentVolumeClaim).
 
-
 Use PersistentVolumeClaim or one of the vendor-specific
 APIs for volumes that persist for longer than the lifecycle
 of an individual pod.
 
-
 Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to
 be used that way - see the documentation of the driver for
 more information.
 
-
 A pod can use both types of ephemeral volumes and
 persistent volumes at the same time.
 --
@@ -11456,7 +11960,6 @@ pod.  The name of the PVC will be `<pod name>-<volume name>` where
 entry. Pod validation will reject the pod if the concatenated name
 is not valid for a PVC (for example, too long).
 
-
 An existing PVC with that name that is not owned by the pod
 will *not* be used for the pod to avoid using an unrelated
 volume by mistake. Starting the pod is then blocked until
@@ -11466,11 +11969,9 @@ owner reference to the pod once the pod exists. Normally
 this should not be necessary, but it may be useful when
 manually reconstructing a broken cluster.
 
-
 This field is read-only and no changes will be made by Kubernetes
 to the PVC after it has been created.
 
-
 Required, must not be nil.
 
 |===
@@ -11486,7 +11987,6 @@ pod.  The name of the PVC will be `<pod name>-<volume name>` where
 entry. Pod validation will reject the pod if the concatenated name
 is not valid for a PVC (for example, too long).
 
-
 An existing PVC with that name that is not owned by the pod
 will *not* be used for the pod to avoid using an unrelated
 volume by mistake. Starting the pod is then blocked until
@@ -11496,11 +11996,9 @@ owner reference to the pod once the pod exists. Normally
 this should not be necessary, but it may be useful when
 manually reconstructing a broken cluster.
 
-
 This field is read-only and no changes will be made by Kubernetes
 to the PVC after it has been created.
 
-
 Required, must not be nil.
 --
 
@@ -11637,7 +12135,7 @@ If the resource referred to by volumeAttributesClass does not exist, this Persis
 set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource
 exists.
 More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/
-(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
+(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
 
 | `volumeMode`
 | `string`
@@ -11894,7 +12392,6 @@ Type::
 | fsType is the filesystem type to mount.
 Must be a filesystem type supported by the host operating system.
 Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
-TODO: how do we prevent errors in the filesystem from compromising the machine
 
 | `lun`
 | `integer`
@@ -11990,9 +12487,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 |===
 === .spec.volumes[].flocker
@@ -12049,7 +12544,6 @@ Required::
 Tip: Ensure that the filesystem type is supported by the host operating system.
 Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
-TODO: how do we prevent errors in the filesystem from compromising the machine
 
 | `partition`
 | `integer`
@@ -12156,9 +12650,6 @@ machine that is directly exposed to the container. This is generally
 used for system agents or other privileged things that are allowed
 to see the host machine. Most containers will NOT need this.
 More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
----
-TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not
-mount host directories as read/write.
 --
 
 Type::
@@ -12185,6 +12676,54 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
 Defaults to ""
 More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
 
+|===
+=== .spec.volumes[].image
+Description::
++
+--
+image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.
+The volume is resolved at pod startup depending on which PullPolicy value is provided:
+
+- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.
+- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.
+- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.
+
+The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.
+A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.
+The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.
+The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.
+The volume will be mounted read-only (ro) and non-executable files (noexec).
+Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).
+The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `pullPolicy`
+| `string`
+| Policy for pulling OCI objects. Possible values are:
+Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.
+Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.
+IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.
+Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+
+| `reference`
+| `string`
+| Required: Image or artifact reference to be used.
+Behaves in the same way as pod.spec.containers[*].image.
+Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.
+More info: https://kubernetes.io/docs/concepts/containers/images
+This field is optional to allow higher level config management to default or override
+container images in workload controllers like Deployments and StatefulSets.
+
 |===
 === .spec.volumes[].iscsi
 Description::
@@ -12223,7 +12762,6 @@ Required::
 Tip: Ensure that the filesystem type is supported by the host operating system.
 Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
-TODO: how do we prevent errors in the filesystem from compromising the machine
 
 | `initiatorName`
 | `string`
@@ -12287,9 +12825,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 |===
 === .spec.volumes[].nfs
@@ -12455,18 +12991,21 @@ mode, like fsGroup, and the result can be other mode bits set.
 
 | `sources`
 | `array`
-| sources is the list of volume projections
+| sources is the list of volume projections. Each entry in this list
+handles one source.
 
 | `sources[]`
 | `object`
-| Projection that may be projected along with other supported volume types
+| Projection that may be projected along with other supported volume types.
+Exactly one of these fields must be set.
 
 |===
 === .spec.volumes[].projected.sources
 Description::
 +
 --
-sources is the list of volume projections
+sources is the list of volume projections. Each entry in this list
+handles one source.
 --
 
 Type::
@@ -12479,7 +13018,8 @@ Type::
 Description::
 +
 --
-Projection that may be projected along with other supported volume types
+Projection that may be projected along with other supported volume types.
+Exactly one of these fields must be set.
 --
 
 Type::
@@ -12497,14 +13037,11 @@ Type::
 | ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field
 of ClusterTrustBundle objects in an auto-updating file.
 
-
 Alpha, gated by the ClusterTrustBundleProjection feature gate.
 
-
 ClusterTrustBundle objects can either be selected by name, or by the
 combination of signer name and a label selector.
 
-
 Kubelet performs aggressive normalization of the PEM contents written
 into the pod filesystem.  Esoteric PEM features such as inter-block
 comments and block headers are stripped.  Certificates are deduplicated.
@@ -12535,14 +13072,11 @@ Description::
 ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field
 of ClusterTrustBundle objects in an auto-updating file.
 
-
 Alpha, gated by the ClusterTrustBundleProjection feature gate.
 
-
 ClusterTrustBundle objects can either be selected by name, or by the
 combination of signer name and a label selector.
 
-
 Kubelet performs aggressive normalization of the PEM contents written
 into the pod filesystem.  Esoteric PEM features such as inter-block
 comments and block headers are stripped.  Certificates are deduplicated.
@@ -12717,9 +13251,7 @@ relative and may not contain the '..' path or start with '..'.
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -12965,9 +13497,7 @@ relative and may not contain the '..' path or start with '..'.
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -13153,7 +13683,6 @@ Required::
 Tip: Ensure that the filesystem type is supported by the host operating system.
 Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
-TODO: how do we prevent errors in the filesystem from compromising the machine
 
 | `image`
 | `string`
@@ -13223,9 +13752,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 |===
 === .spec.volumes[].scaleIO
@@ -13321,9 +13848,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 |===
 === .spec.volumes[].secret
@@ -13510,9 +14035,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 |===
 === .spec.volumes[].vsphereVolume
@@ -13677,9 +14200,6 @@ Defines the TLS parameters for HTTPS.
 Type::
   `object`
 
-Required::
-  - `cert`
-  - `keySecret`
 
 
 
@@ -13691,6 +14211,11 @@ Required::
 | `object`
 | Contains the TLS certificate for the server.
 
+| `certFile`
+| `string`
+| Path to the TLS certificate file in the Prometheus container for the server.
+Mutually exclusive with `cert`.
+
 | `cipherSuites`
 | `array (string)`
 | List of supported cipher suites for TLS versions up to TLS 1.2. If empty,
@@ -13703,6 +14228,11 @@ in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants
 For more detail on clientAuth options:
 https://golang.org/pkg/crypto/tls/#ClientAuthType
 
+| `clientCAFile`
+| `string`
+| Path to the CA certificate file for client certificate authentication to the server.
+Mutually exclusive with `client_ca`.
+
 | `client_ca`
 | `object`
 | Contains the CA certificate for client certificate authentication to the server.
@@ -13713,6 +14243,11 @@ https://golang.org/pkg/crypto/tls/#ClientAuthType
 order. Available curves are documented in the go documentation:
 https://golang.org/pkg/crypto/tls/#CurveID
 
+| `keyFile`
+| `string`
+| Path to the TLS key file in the Prometheus container for the server.
+Mutually exclusive with `keySecret`.
+
 | `keySecret`
 | `object`
 | Secret containing the TLS key for the server.
@@ -13788,9 +14323,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -13826,9 +14359,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -13890,9 +14421,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -13928,9 +14457,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -13966,9 +14493,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -14024,6 +14549,10 @@ being performed. Only delete actions will be performed.
 | Total number of non-terminated pods targeted by this Alertmanager
 object (their labels match the selector).
 
+| `selector`
+| `string`
+| The selector used to match the pods targeted by this Alertmanager object.
+
 | `unavailableReplicas`
 | `integer`
 | Total number of unavailable pods targeted by this Alertmanager object.
@@ -14114,6 +14643,10 @@ The following API endpoints are available:
 - `GET`: read the specified Alertmanager
 - `PATCH`: partially update the specified Alertmanager
 - `PUT`: replace the specified Alertmanager
+* `/apis/monitoring.coreos.com/v1/namespaces/{namespace}/alertmanagers/{name}/scale`
+- `GET`: read scale of the specified Alertmanager
+- `PATCH`: partially update scale of the specified Alertmanager
+- `PUT`: replace scale of the specified Alertmanager
 * `/apis/monitoring.coreos.com/v1/namespaces/{namespace}/alertmanagers/{name}/status`
 - `GET`: read status of the specified Alertmanager
 - `PATCH`: partially update status of the specified Alertmanager
@@ -14358,6 +14891,108 @@ Description::
 |===
 
 
+=== /apis/monitoring.coreos.com/v1/namespaces/{namespace}/alertmanagers/{name}/scale
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the Alertmanager
+|===
+
+
+HTTP method::
+  `GET`
+
+Description::
+  read scale of the specified Alertmanager
+
+
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../autoscale_apis/scale-autoscaling-v1.adoc#scale-autoscaling-v1[`Scale`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update scale of the specified Alertmanager
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../autoscale_apis/scale-autoscaling-v1.adoc#scale-autoscaling-v1[`Scale`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace scale of the specified Alertmanager
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../autoscale_apis/scale-autoscaling-v1.adoc#scale-autoscaling-v1[`Scale`] schema
+| 
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../autoscale_apis/scale-autoscaling-v1.adoc#scale-autoscaling-v1[`Scale`] schema
+| 201 - Created
+| xref:../autoscale_apis/scale-autoscaling-v1.adoc#scale-autoscaling-v1[`Scale`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
 === /apis/monitoring.coreos.com/v1/namespaces/{namespace}/alertmanagers/{name}/status
 
 .Global path parameters
diff --git a/rest_api/monitoring_apis/alertmanagerconfig-monitoring-coreos-com-v1beta1.adoc b/rest_api/monitoring_apis/alertmanagerconfig-monitoring-coreos-com-v1beta1.adoc
index 823a057235..3f3a2e72d2 100644
--- a/rest_api/monitoring_apis/alertmanagerconfig-monitoring-coreos-com-v1beta1.adoc
+++ b/rest_api/monitoring_apis/alertmanagerconfig-monitoring-coreos-com-v1beta1.adoc
@@ -11,8 +11,9 @@ toc::[]
 Description::
 +
 --
-AlertmanagerConfig configures the Prometheus Alertmanager,
-specifying how alerts should be grouped, inhibited and notified to external systems.
+The `AlertmanagerConfig` custom resource definition (CRD) defines how `Alertmanager` objects process Prometheus alerts. It allows to specify alert grouping and routing, notification receivers and inhibition rules.
+
+`Alertmanager` objects select `AlertmanagerConfig` objects using label and namespace selectors.
 --
 
 Type::
@@ -433,6 +434,8 @@ See https://prometheus.io/docs/alerting/latest/configuration/#discord_config
 Type::
   `object`
 
+Required::
+  - `apiURL`
 
 
 
@@ -494,9 +497,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -541,13 +542,42 @@ object and accessible by the Prometheus Operator.
 | `boolean`
 | FollowRedirects specifies whether the client should follow HTTP 3xx redirects.
 
+| `noProxy`
+| `string`
+| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names
+that should be excluded from proxying. IP and domain names can
+contain port numbers.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
 | `oauth2`
 | `object`
 | OAuth2 client credentials used to fetch a token for the targets.
 
-| `proxyURL`
+| `proxyConnectHeader`
+| `object`
+| ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyConnectHeader{}`
+| `array`
+| 
+
+| `proxyConnectHeader{}[]`
+| `object`
+| SecretKeySelector selects a key of a Secret.
+
+| `proxyFromEnvironment`
+| `boolean`
+| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyUrl`
 | `string`
-| Optional proxy URL.
+| `proxyURL` defines the HTTP proxy server to use.
 
 | `tlsConfig`
 | `object`
@@ -580,10 +610,8 @@ Type::
 | `string`
 | Defines the authentication type. The value is case-insensitive.
 
-
 "Basic" is not a supported value.
 
-
 Default: "Bearer"
 
 |===
@@ -616,9 +644,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -684,9 +710,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -723,9 +747,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -800,10 +822,48 @@ client's secret.
 | `endpointParams` configures the HTTP parameters to append to the token
 URL.
 
+| `noProxy`
+| `string`
+| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names
+that should be excluded from proxying. IP and domain names can
+contain port numbers.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyConnectHeader`
+| `object`
+| ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyConnectHeader{}`
+| `array`
+| 
+
+| `proxyConnectHeader{}[]`
+| `object`
+| SecretKeySelector selects a key of a Secret.
+
+| `proxyFromEnvironment`
+| `boolean`
+| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyUrl`
+| `string`
+| `proxyURL` defines the HTTP proxy server to use.
+
 | `scopes`
 | `array (string)`
 | `scopes` defines the OAuth2 scopes used for the token request.
 
+| `tlsConfig`
+| `object`
+| TLS configuration to use when connecting to the OAuth2 server.
+It requires Prometheus >= v2.43.0.
+
 | `tokenUrl`
 | `string`
 | `tokenURL` configures the URL to fetch the token from.
@@ -865,9 +925,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -903,9 +961,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -942,9 +998,420 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].discordConfigs[].httpConfig.oauth2.proxyConnectHeader
+Description::
++
+--
+ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+--
+
+Type::
+  `object`
+
+
+
+
+=== .spec.receivers[].discordConfigs[].httpConfig.oauth2.proxyConnectHeader{}
+Description::
++
+--
+
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.receivers[].discordConfigs[].httpConfig.oauth2.proxyConnectHeader{}[]
+Description::
++
+--
+SecretKeySelector selects a key of a Secret.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].discordConfigs[].httpConfig.oauth2.tlsConfig
+Description::
++
+--
+TLS configuration to use when connecting to the OAuth2 server.
+It requires Prometheus >= v2.43.0.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `ca`
+| `object`
+| Certificate authority used when verifying server certificates.
+
+| `cert`
+| `object`
+| Client certificate to present when doing client-authentication.
+
+| `insecureSkipVerify`
+| `boolean`
+| Disable target certificate validation.
+
+| `keySecret`
+| `object`
+| Secret containing the client key file for the targets.
+
+| `maxVersion`
+| `string`
+| Maximum acceptable TLS version.
+
+It requires Prometheus >= v2.41.0.
+
+| `minVersion`
+| `string`
+| Minimum acceptable TLS version.
+
+It requires Prometheus >= v2.35.0.
+
+| `serverName`
+| `string`
+| Used to verify the hostname for the targets.
+
+|===
+=== .spec.receivers[].discordConfigs[].httpConfig.oauth2.tlsConfig.ca
+Description::
++
+--
+Certificate authority used when verifying server certificates.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMap`
+| `object`
+| ConfigMap containing data to use for the targets.
+
+| `secret`
+| `object`
+| Secret containing data to use for the targets.
+
+|===
+=== .spec.receivers[].discordConfigs[].httpConfig.oauth2.tlsConfig.ca.configMap
+Description::
++
+--
+ConfigMap containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key to select.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
+
+|===
+=== .spec.receivers[].discordConfigs[].httpConfig.oauth2.tlsConfig.ca.secret
+Description::
++
+--
+Secret containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].discordConfigs[].httpConfig.oauth2.tlsConfig.cert
+Description::
++
+--
+Client certificate to present when doing client-authentication.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMap`
+| `object`
+| ConfigMap containing data to use for the targets.
+
+| `secret`
+| `object`
+| Secret containing data to use for the targets.
+
+|===
+=== .spec.receivers[].discordConfigs[].httpConfig.oauth2.tlsConfig.cert.configMap
+Description::
++
+--
+ConfigMap containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key to select.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
+
+|===
+=== .spec.receivers[].discordConfigs[].httpConfig.oauth2.tlsConfig.cert.secret
+Description::
++
+--
+Secret containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].discordConfigs[].httpConfig.oauth2.tlsConfig.keySecret
+Description::
++
+--
+Secret containing the client key file for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].discordConfigs[].httpConfig.proxyConnectHeader
+Description::
++
+--
+ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+--
+
+Type::
+  `object`
+
+
+
+
+=== .spec.receivers[].discordConfigs[].httpConfig.proxyConnectHeader{}
+Description::
++
+--
+
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.receivers[].discordConfigs[].httpConfig.proxyConnectHeader{}[]
+Description::
++
+--
+SecretKeySelector selects a key of a Secret.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 
 | `optional`
 | `boolean`
@@ -984,6 +1451,18 @@ Type::
 | `object`
 | Secret containing the client key file for the targets.
 
+| `maxVersion`
+| `string`
+| Maximum acceptable TLS version.
+
+It requires Prometheus >= v2.41.0.
+
+| `minVersion`
+| `string`
+| Minimum acceptable TLS version.
+
+It requires Prometheus >= v2.35.0.
+
 | `serverName`
 | `string`
 | Used to verify the hostname for the targets.
@@ -1044,9 +1523,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -1082,9 +1559,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -1146,9 +1621,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -1184,9 +1657,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -1222,9 +1693,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -1466,6 +1935,18 @@ Type::
 | `object`
 | Secret containing the client key file for the targets.
 
+| `maxVersion`
+| `string`
+| Maximum acceptable TLS version.
+
+It requires Prometheus >= v2.41.0.
+
+| `minVersion`
+| `string`
+| Minimum acceptable TLS version.
+
+It requires Prometheus >= v2.35.0.
+
 | `serverName`
 | `string`
 | Used to verify the hostname for the targets.
@@ -1526,9 +2007,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -1564,9 +2043,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -1628,9 +2105,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -1666,9 +2141,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -1704,9 +2177,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -1811,13 +2282,42 @@ object and accessible by the Prometheus Operator.
 | `boolean`
 | FollowRedirects specifies whether the client should follow HTTP 3xx redirects.
 
+| `noProxy`
+| `string`
+| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names
+that should be excluded from proxying. IP and domain names can
+contain port numbers.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
 | `oauth2`
 | `object`
 | OAuth2 client credentials used to fetch a token for the targets.
 
-| `proxyURL`
+| `proxyConnectHeader`
+| `object`
+| ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyConnectHeader{}`
+| `array`
+| 
+
+| `proxyConnectHeader{}[]`
+| `object`
+| SecretKeySelector selects a key of a Secret.
+
+| `proxyFromEnvironment`
+| `boolean`
+| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyUrl`
 | `string`
-| Optional proxy URL.
+| `proxyURL` defines the HTTP proxy server to use.
 
 | `tlsConfig`
 | `object`
@@ -1850,10 +2350,8 @@ Type::
 | `string`
 | Defines the authentication type. The value is case-insensitive.
 
-
 "Basic" is not a supported value.
 
-
 Default: "Bearer"
 
 |===
@@ -1886,9 +2384,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -1954,9 +2450,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -1993,9 +2487,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -2070,10 +2562,48 @@ client's secret.
 | `endpointParams` configures the HTTP parameters to append to the token
 URL.
 
+| `noProxy`
+| `string`
+| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names
+that should be excluded from proxying. IP and domain names can
+contain port numbers.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyConnectHeader`
+| `object`
+| ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyConnectHeader{}`
+| `array`
+| 
+
+| `proxyConnectHeader{}[]`
+| `object`
+| SecretKeySelector selects a key of a Secret.
+
+| `proxyFromEnvironment`
+| `boolean`
+| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyUrl`
+| `string`
+| `proxyURL` defines the HTTP proxy server to use.
+
 | `scopes`
 | `array (string)`
 | `scopes` defines the OAuth2 scopes used for the token request.
 
+| `tlsConfig`
+| `object`
+| TLS configuration to use when connecting to the OAuth2 server.
+It requires Prometheus >= v2.43.0.
+
 | `tokenUrl`
 | `string`
 | `tokenURL` configures the URL to fetch the token from.
@@ -2135,9 +2665,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -2173,9 +2701,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -2212,9 +2738,420 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].msteamsConfigs[].httpConfig.oauth2.proxyConnectHeader
+Description::
++
+--
+ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+--
+
+Type::
+  `object`
+
+
+
+
+=== .spec.receivers[].msteamsConfigs[].httpConfig.oauth2.proxyConnectHeader{}
+Description::
++
+--
+
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.receivers[].msteamsConfigs[].httpConfig.oauth2.proxyConnectHeader{}[]
+Description::
++
+--
+SecretKeySelector selects a key of a Secret.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].msteamsConfigs[].httpConfig.oauth2.tlsConfig
+Description::
++
+--
+TLS configuration to use when connecting to the OAuth2 server.
+It requires Prometheus >= v2.43.0.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `ca`
+| `object`
+| Certificate authority used when verifying server certificates.
+
+| `cert`
+| `object`
+| Client certificate to present when doing client-authentication.
+
+| `insecureSkipVerify`
+| `boolean`
+| Disable target certificate validation.
+
+| `keySecret`
+| `object`
+| Secret containing the client key file for the targets.
+
+| `maxVersion`
+| `string`
+| Maximum acceptable TLS version.
+
+It requires Prometheus >= v2.41.0.
+
+| `minVersion`
+| `string`
+| Minimum acceptable TLS version.
+
+It requires Prometheus >= v2.35.0.
+
+| `serverName`
+| `string`
+| Used to verify the hostname for the targets.
+
+|===
+=== .spec.receivers[].msteamsConfigs[].httpConfig.oauth2.tlsConfig.ca
+Description::
++
+--
+Certificate authority used when verifying server certificates.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMap`
+| `object`
+| ConfigMap containing data to use for the targets.
+
+| `secret`
+| `object`
+| Secret containing data to use for the targets.
+
+|===
+=== .spec.receivers[].msteamsConfigs[].httpConfig.oauth2.tlsConfig.ca.configMap
+Description::
++
+--
+ConfigMap containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key to select.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
+
+|===
+=== .spec.receivers[].msteamsConfigs[].httpConfig.oauth2.tlsConfig.ca.secret
+Description::
++
+--
+Secret containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].msteamsConfigs[].httpConfig.oauth2.tlsConfig.cert
+Description::
++
+--
+Client certificate to present when doing client-authentication.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMap`
+| `object`
+| ConfigMap containing data to use for the targets.
+
+| `secret`
+| `object`
+| Secret containing data to use for the targets.
+
+|===
+=== .spec.receivers[].msteamsConfigs[].httpConfig.oauth2.tlsConfig.cert.configMap
+Description::
++
+--
+ConfigMap containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key to select.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
+
+|===
+=== .spec.receivers[].msteamsConfigs[].httpConfig.oauth2.tlsConfig.cert.secret
+Description::
++
+--
+Secret containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].msteamsConfigs[].httpConfig.oauth2.tlsConfig.keySecret
+Description::
++
+--
+Secret containing the client key file for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].msteamsConfigs[].httpConfig.proxyConnectHeader
+Description::
++
+--
+ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+--
+
+Type::
+  `object`
+
+
+
+
+=== .spec.receivers[].msteamsConfigs[].httpConfig.proxyConnectHeader{}
+Description::
++
+--
+
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.receivers[].msteamsConfigs[].httpConfig.proxyConnectHeader{}[]
+Description::
++
+--
+SecretKeySelector selects a key of a Secret.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 
 | `optional`
 | `boolean`
@@ -2254,6 +3191,18 @@ Type::
 | `object`
 | Secret containing the client key file for the targets.
 
+| `maxVersion`
+| `string`
+| Maximum acceptable TLS version.
+
+It requires Prometheus >= v2.41.0.
+
+| `minVersion`
+| `string`
+| Minimum acceptable TLS version.
+
+It requires Prometheus >= v2.35.0.
+
 | `serverName`
 | `string`
 | Used to verify the hostname for the targets.
@@ -2314,9 +3263,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -2352,9 +3299,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -2416,9 +3361,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -2454,9 +3397,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -2492,9 +3433,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -2530,9 +3469,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -2749,13 +3686,42 @@ object and accessible by the Prometheus Operator.
 | `boolean`
 | FollowRedirects specifies whether the client should follow HTTP 3xx redirects.
 
+| `noProxy`
+| `string`
+| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names
+that should be excluded from proxying. IP and domain names can
+contain port numbers.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
 | `oauth2`
 | `object`
 | OAuth2 client credentials used to fetch a token for the targets.
 
-| `proxyURL`
+| `proxyConnectHeader`
+| `object`
+| ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyConnectHeader{}`
+| `array`
+| 
+
+| `proxyConnectHeader{}[]`
+| `object`
+| SecretKeySelector selects a key of a Secret.
+
+| `proxyFromEnvironment`
+| `boolean`
+| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyUrl`
 | `string`
-| Optional proxy URL.
+| `proxyURL` defines the HTTP proxy server to use.
 
 | `tlsConfig`
 | `object`
@@ -2788,10 +3754,8 @@ Type::
 | `string`
 | Defines the authentication type. The value is case-insensitive.
 
-
 "Basic" is not a supported value.
 
-
 Default: "Bearer"
 
 |===
@@ -2824,9 +3788,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -2892,9 +3854,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -2931,9 +3891,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -3008,10 +3966,48 @@ client's secret.
 | `endpointParams` configures the HTTP parameters to append to the token
 URL.
 
+| `noProxy`
+| `string`
+| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names
+that should be excluded from proxying. IP and domain names can
+contain port numbers.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyConnectHeader`
+| `object`
+| ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyConnectHeader{}`
+| `array`
+| 
+
+| `proxyConnectHeader{}[]`
+| `object`
+| SecretKeySelector selects a key of a Secret.
+
+| `proxyFromEnvironment`
+| `boolean`
+| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyUrl`
+| `string`
+| `proxyURL` defines the HTTP proxy server to use.
+
 | `scopes`
 | `array (string)`
 | `scopes` defines the OAuth2 scopes used for the token request.
 
+| `tlsConfig`
+| `object`
+| TLS configuration to use when connecting to the OAuth2 server.
+It requires Prometheus >= v2.43.0.
+
 | `tokenUrl`
 | `string`
 | `tokenURL` configures the URL to fetch the token from.
@@ -3073,9 +4069,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -3111,9 +4105,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -3150,9 +4142,420 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].opsgenieConfigs[].httpConfig.oauth2.proxyConnectHeader
+Description::
++
+--
+ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+--
+
+Type::
+  `object`
+
+
+
+
+=== .spec.receivers[].opsgenieConfigs[].httpConfig.oauth2.proxyConnectHeader{}
+Description::
++
+--
+
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.receivers[].opsgenieConfigs[].httpConfig.oauth2.proxyConnectHeader{}[]
+Description::
++
+--
+SecretKeySelector selects a key of a Secret.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].opsgenieConfigs[].httpConfig.oauth2.tlsConfig
+Description::
++
+--
+TLS configuration to use when connecting to the OAuth2 server.
+It requires Prometheus >= v2.43.0.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `ca`
+| `object`
+| Certificate authority used when verifying server certificates.
+
+| `cert`
+| `object`
+| Client certificate to present when doing client-authentication.
+
+| `insecureSkipVerify`
+| `boolean`
+| Disable target certificate validation.
+
+| `keySecret`
+| `object`
+| Secret containing the client key file for the targets.
+
+| `maxVersion`
+| `string`
+| Maximum acceptable TLS version.
+
+It requires Prometheus >= v2.41.0.
+
+| `minVersion`
+| `string`
+| Minimum acceptable TLS version.
+
+It requires Prometheus >= v2.35.0.
+
+| `serverName`
+| `string`
+| Used to verify the hostname for the targets.
+
+|===
+=== .spec.receivers[].opsgenieConfigs[].httpConfig.oauth2.tlsConfig.ca
+Description::
++
+--
+Certificate authority used when verifying server certificates.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMap`
+| `object`
+| ConfigMap containing data to use for the targets.
+
+| `secret`
+| `object`
+| Secret containing data to use for the targets.
+
+|===
+=== .spec.receivers[].opsgenieConfigs[].httpConfig.oauth2.tlsConfig.ca.configMap
+Description::
++
+--
+ConfigMap containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key to select.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
+
+|===
+=== .spec.receivers[].opsgenieConfigs[].httpConfig.oauth2.tlsConfig.ca.secret
+Description::
++
+--
+Secret containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].opsgenieConfigs[].httpConfig.oauth2.tlsConfig.cert
+Description::
++
+--
+Client certificate to present when doing client-authentication.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMap`
+| `object`
+| ConfigMap containing data to use for the targets.
+
+| `secret`
+| `object`
+| Secret containing data to use for the targets.
+
+|===
+=== .spec.receivers[].opsgenieConfigs[].httpConfig.oauth2.tlsConfig.cert.configMap
+Description::
++
+--
+ConfigMap containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key to select.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
+
+|===
+=== .spec.receivers[].opsgenieConfigs[].httpConfig.oauth2.tlsConfig.cert.secret
+Description::
++
+--
+Secret containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].opsgenieConfigs[].httpConfig.oauth2.tlsConfig.keySecret
+Description::
++
+--
+Secret containing the client key file for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].opsgenieConfigs[].httpConfig.proxyConnectHeader
+Description::
++
+--
+ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+--
+
+Type::
+  `object`
+
+
+
+
+=== .spec.receivers[].opsgenieConfigs[].httpConfig.proxyConnectHeader{}
+Description::
++
+--
+
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.receivers[].opsgenieConfigs[].httpConfig.proxyConnectHeader{}[]
+Description::
++
+--
+SecretKeySelector selects a key of a Secret.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 
 | `optional`
 | `boolean`
@@ -3192,6 +4595,18 @@ Type::
 | `object`
 | Secret containing the client key file for the targets.
 
+| `maxVersion`
+| `string`
+| Maximum acceptable TLS version.
+
+It requires Prometheus >= v2.41.0.
+
+| `minVersion`
+| `string`
+| Minimum acceptable TLS version.
+
+It requires Prometheus >= v2.35.0.
+
 | `serverName`
 | `string`
 | Used to verify the hostname for the targets.
@@ -3252,9 +4667,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -3290,9 +4703,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -3354,9 +4765,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -3392,9 +4801,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -3430,9 +4837,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -3684,13 +5089,42 @@ object and accessible by the Prometheus Operator.
 | `boolean`
 | FollowRedirects specifies whether the client should follow HTTP 3xx redirects.
 
+| `noProxy`
+| `string`
+| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names
+that should be excluded from proxying. IP and domain names can
+contain port numbers.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
 | `oauth2`
 | `object`
 | OAuth2 client credentials used to fetch a token for the targets.
 
-| `proxyURL`
+| `proxyConnectHeader`
+| `object`
+| ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyConnectHeader{}`
+| `array`
+| 
+
+| `proxyConnectHeader{}[]`
+| `object`
+| SecretKeySelector selects a key of a Secret.
+
+| `proxyFromEnvironment`
+| `boolean`
+| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyUrl`
 | `string`
-| Optional proxy URL.
+| `proxyURL` defines the HTTP proxy server to use.
 
 | `tlsConfig`
 | `object`
@@ -3723,10 +5157,8 @@ Type::
 | `string`
 | Defines the authentication type. The value is case-insensitive.
 
-
 "Basic" is not a supported value.
 
-
 Default: "Bearer"
 
 |===
@@ -3759,9 +5191,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -3827,9 +5257,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -3866,9 +5294,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -3943,10 +5369,48 @@ client's secret.
 | `endpointParams` configures the HTTP parameters to append to the token
 URL.
 
+| `noProxy`
+| `string`
+| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names
+that should be excluded from proxying. IP and domain names can
+contain port numbers.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyConnectHeader`
+| `object`
+| ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyConnectHeader{}`
+| `array`
+| 
+
+| `proxyConnectHeader{}[]`
+| `object`
+| SecretKeySelector selects a key of a Secret.
+
+| `proxyFromEnvironment`
+| `boolean`
+| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyUrl`
+| `string`
+| `proxyURL` defines the HTTP proxy server to use.
+
 | `scopes`
 | `array (string)`
 | `scopes` defines the OAuth2 scopes used for the token request.
 
+| `tlsConfig`
+| `object`
+| TLS configuration to use when connecting to the OAuth2 server.
+It requires Prometheus >= v2.43.0.
+
 | `tokenUrl`
 | `string`
 | `tokenURL` configures the URL to fetch the token from.
@@ -4008,9 +5472,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -4046,9 +5508,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -4085,9 +5545,420 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].pagerdutyConfigs[].httpConfig.oauth2.proxyConnectHeader
+Description::
++
+--
+ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+--
+
+Type::
+  `object`
+
+
+
+
+=== .spec.receivers[].pagerdutyConfigs[].httpConfig.oauth2.proxyConnectHeader{}
+Description::
++
+--
+
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.receivers[].pagerdutyConfigs[].httpConfig.oauth2.proxyConnectHeader{}[]
+Description::
++
+--
+SecretKeySelector selects a key of a Secret.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].pagerdutyConfigs[].httpConfig.oauth2.tlsConfig
+Description::
++
+--
+TLS configuration to use when connecting to the OAuth2 server.
+It requires Prometheus >= v2.43.0.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `ca`
+| `object`
+| Certificate authority used when verifying server certificates.
+
+| `cert`
+| `object`
+| Client certificate to present when doing client-authentication.
+
+| `insecureSkipVerify`
+| `boolean`
+| Disable target certificate validation.
+
+| `keySecret`
+| `object`
+| Secret containing the client key file for the targets.
+
+| `maxVersion`
+| `string`
+| Maximum acceptable TLS version.
+
+It requires Prometheus >= v2.41.0.
+
+| `minVersion`
+| `string`
+| Minimum acceptable TLS version.
+
+It requires Prometheus >= v2.35.0.
+
+| `serverName`
+| `string`
+| Used to verify the hostname for the targets.
+
+|===
+=== .spec.receivers[].pagerdutyConfigs[].httpConfig.oauth2.tlsConfig.ca
+Description::
++
+--
+Certificate authority used when verifying server certificates.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMap`
+| `object`
+| ConfigMap containing data to use for the targets.
+
+| `secret`
+| `object`
+| Secret containing data to use for the targets.
+
+|===
+=== .spec.receivers[].pagerdutyConfigs[].httpConfig.oauth2.tlsConfig.ca.configMap
+Description::
++
+--
+ConfigMap containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key to select.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
+
+|===
+=== .spec.receivers[].pagerdutyConfigs[].httpConfig.oauth2.tlsConfig.ca.secret
+Description::
++
+--
+Secret containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].pagerdutyConfigs[].httpConfig.oauth2.tlsConfig.cert
+Description::
++
+--
+Client certificate to present when doing client-authentication.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMap`
+| `object`
+| ConfigMap containing data to use for the targets.
+
+| `secret`
+| `object`
+| Secret containing data to use for the targets.
+
+|===
+=== .spec.receivers[].pagerdutyConfigs[].httpConfig.oauth2.tlsConfig.cert.configMap
+Description::
++
+--
+ConfigMap containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key to select.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
+
+|===
+=== .spec.receivers[].pagerdutyConfigs[].httpConfig.oauth2.tlsConfig.cert.secret
+Description::
++
+--
+Secret containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].pagerdutyConfigs[].httpConfig.oauth2.tlsConfig.keySecret
+Description::
++
+--
+Secret containing the client key file for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].pagerdutyConfigs[].httpConfig.proxyConnectHeader
+Description::
++
+--
+ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+--
+
+Type::
+  `object`
+
+
+
+
+=== .spec.receivers[].pagerdutyConfigs[].httpConfig.proxyConnectHeader{}
+Description::
++
+--
+
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.receivers[].pagerdutyConfigs[].httpConfig.proxyConnectHeader{}[]
+Description::
++
+--
+SecretKeySelector selects a key of a Secret.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 
 | `optional`
 | `boolean`
@@ -4127,6 +5998,18 @@ Type::
 | `object`
 | Secret containing the client key file for the targets.
 
+| `maxVersion`
+| `string`
+| Maximum acceptable TLS version.
+
+It requires Prometheus >= v2.41.0.
+
+| `minVersion`
+| `string`
+| Minimum acceptable TLS version.
+
+It requires Prometheus >= v2.35.0.
+
 | `serverName`
 | `string`
 | Used to verify the hostname for the targets.
@@ -4187,9 +6070,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -4225,9 +6106,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -4289,9 +6168,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -4327,9 +6204,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -4365,9 +6240,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -4671,13 +6544,42 @@ object and accessible by the Prometheus Operator.
 | `boolean`
 | FollowRedirects specifies whether the client should follow HTTP 3xx redirects.
 
+| `noProxy`
+| `string`
+| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names
+that should be excluded from proxying. IP and domain names can
+contain port numbers.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
 | `oauth2`
 | `object`
 | OAuth2 client credentials used to fetch a token for the targets.
 
-| `proxyURL`
+| `proxyConnectHeader`
+| `object`
+| ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyConnectHeader{}`
+| `array`
+| 
+
+| `proxyConnectHeader{}[]`
+| `object`
+| SecretKeySelector selects a key of a Secret.
+
+| `proxyFromEnvironment`
+| `boolean`
+| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyUrl`
 | `string`
-| Optional proxy URL.
+| `proxyURL` defines the HTTP proxy server to use.
 
 | `tlsConfig`
 | `object`
@@ -4710,10 +6612,8 @@ Type::
 | `string`
 | Defines the authentication type. The value is case-insensitive.
 
-
 "Basic" is not a supported value.
 
-
 Default: "Bearer"
 
 |===
@@ -4746,9 +6646,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -4814,9 +6712,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -4853,9 +6749,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -4930,10 +6824,48 @@ client's secret.
 | `endpointParams` configures the HTTP parameters to append to the token
 URL.
 
+| `noProxy`
+| `string`
+| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names
+that should be excluded from proxying. IP and domain names can
+contain port numbers.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyConnectHeader`
+| `object`
+| ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyConnectHeader{}`
+| `array`
+| 
+
+| `proxyConnectHeader{}[]`
+| `object`
+| SecretKeySelector selects a key of a Secret.
+
+| `proxyFromEnvironment`
+| `boolean`
+| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyUrl`
+| `string`
+| `proxyURL` defines the HTTP proxy server to use.
+
 | `scopes`
 | `array (string)`
 | `scopes` defines the OAuth2 scopes used for the token request.
 
+| `tlsConfig`
+| `object`
+| TLS configuration to use when connecting to the OAuth2 server.
+It requires Prometheus >= v2.43.0.
+
 | `tokenUrl`
 | `string`
 | `tokenURL` configures the URL to fetch the token from.
@@ -4995,9 +6927,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -5033,9 +6963,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -5072,9 +7000,420 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].pushoverConfigs[].httpConfig.oauth2.proxyConnectHeader
+Description::
++
+--
+ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+--
+
+Type::
+  `object`
+
+
+
+
+=== .spec.receivers[].pushoverConfigs[].httpConfig.oauth2.proxyConnectHeader{}
+Description::
++
+--
+
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.receivers[].pushoverConfigs[].httpConfig.oauth2.proxyConnectHeader{}[]
+Description::
++
+--
+SecretKeySelector selects a key of a Secret.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].pushoverConfigs[].httpConfig.oauth2.tlsConfig
+Description::
++
+--
+TLS configuration to use when connecting to the OAuth2 server.
+It requires Prometheus >= v2.43.0.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `ca`
+| `object`
+| Certificate authority used when verifying server certificates.
+
+| `cert`
+| `object`
+| Client certificate to present when doing client-authentication.
+
+| `insecureSkipVerify`
+| `boolean`
+| Disable target certificate validation.
+
+| `keySecret`
+| `object`
+| Secret containing the client key file for the targets.
+
+| `maxVersion`
+| `string`
+| Maximum acceptable TLS version.
+
+It requires Prometheus >= v2.41.0.
+
+| `minVersion`
+| `string`
+| Minimum acceptable TLS version.
+
+It requires Prometheus >= v2.35.0.
+
+| `serverName`
+| `string`
+| Used to verify the hostname for the targets.
+
+|===
+=== .spec.receivers[].pushoverConfigs[].httpConfig.oauth2.tlsConfig.ca
+Description::
++
+--
+Certificate authority used when verifying server certificates.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMap`
+| `object`
+| ConfigMap containing data to use for the targets.
+
+| `secret`
+| `object`
+| Secret containing data to use for the targets.
+
+|===
+=== .spec.receivers[].pushoverConfigs[].httpConfig.oauth2.tlsConfig.ca.configMap
+Description::
++
+--
+ConfigMap containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key to select.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
+
+|===
+=== .spec.receivers[].pushoverConfigs[].httpConfig.oauth2.tlsConfig.ca.secret
+Description::
++
+--
+Secret containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].pushoverConfigs[].httpConfig.oauth2.tlsConfig.cert
+Description::
++
+--
+Client certificate to present when doing client-authentication.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMap`
+| `object`
+| ConfigMap containing data to use for the targets.
+
+| `secret`
+| `object`
+| Secret containing data to use for the targets.
+
+|===
+=== .spec.receivers[].pushoverConfigs[].httpConfig.oauth2.tlsConfig.cert.configMap
+Description::
++
+--
+ConfigMap containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key to select.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
+
+|===
+=== .spec.receivers[].pushoverConfigs[].httpConfig.oauth2.tlsConfig.cert.secret
+Description::
++
+--
+Secret containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].pushoverConfigs[].httpConfig.oauth2.tlsConfig.keySecret
+Description::
++
+--
+Secret containing the client key file for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].pushoverConfigs[].httpConfig.proxyConnectHeader
+Description::
++
+--
+ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+--
+
+Type::
+  `object`
+
+
+
+
+=== .spec.receivers[].pushoverConfigs[].httpConfig.proxyConnectHeader{}
+Description::
++
+--
+
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.receivers[].pushoverConfigs[].httpConfig.proxyConnectHeader{}[]
+Description::
++
+--
+SecretKeySelector selects a key of a Secret.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 
 | `optional`
 | `boolean`
@@ -5114,6 +7453,18 @@ Type::
 | `object`
 | Secret containing the client key file for the targets.
 
+| `maxVersion`
+| `string`
+| Maximum acceptable TLS version.
+
+It requires Prometheus >= v2.41.0.
+
+| `minVersion`
+| `string`
+| Minimum acceptable TLS version.
+
+It requires Prometheus >= v2.35.0.
+
 | `serverName`
 | `string`
 | Used to verify the hostname for the targets.
@@ -5174,9 +7525,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -5212,9 +7561,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -5276,9 +7623,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -5314,9 +7659,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -5352,9 +7695,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -5788,13 +8129,42 @@ object and accessible by the Prometheus Operator.
 | `boolean`
 | FollowRedirects specifies whether the client should follow HTTP 3xx redirects.
 
+| `noProxy`
+| `string`
+| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names
+that should be excluded from proxying. IP and domain names can
+contain port numbers.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
 | `oauth2`
 | `object`
 | OAuth2 client credentials used to fetch a token for the targets.
 
-| `proxyURL`
+| `proxyConnectHeader`
+| `object`
+| ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyConnectHeader{}`
+| `array`
+| 
+
+| `proxyConnectHeader{}[]`
+| `object`
+| SecretKeySelector selects a key of a Secret.
+
+| `proxyFromEnvironment`
+| `boolean`
+| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyUrl`
 | `string`
-| Optional proxy URL.
+| `proxyURL` defines the HTTP proxy server to use.
 
 | `tlsConfig`
 | `object`
@@ -5827,10 +8197,8 @@ Type::
 | `string`
 | Defines the authentication type. The value is case-insensitive.
 
-
 "Basic" is not a supported value.
 
-
 Default: "Bearer"
 
 |===
@@ -5863,9 +8231,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -5931,9 +8297,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -5970,9 +8334,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -6047,10 +8409,48 @@ client's secret.
 | `endpointParams` configures the HTTP parameters to append to the token
 URL.
 
+| `noProxy`
+| `string`
+| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names
+that should be excluded from proxying. IP and domain names can
+contain port numbers.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyConnectHeader`
+| `object`
+| ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyConnectHeader{}`
+| `array`
+| 
+
+| `proxyConnectHeader{}[]`
+| `object`
+| SecretKeySelector selects a key of a Secret.
+
+| `proxyFromEnvironment`
+| `boolean`
+| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyUrl`
+| `string`
+| `proxyURL` defines the HTTP proxy server to use.
+
 | `scopes`
 | `array (string)`
 | `scopes` defines the OAuth2 scopes used for the token request.
 
+| `tlsConfig`
+| `object`
+| TLS configuration to use when connecting to the OAuth2 server.
+It requires Prometheus >= v2.43.0.
+
 | `tokenUrl`
 | `string`
 | `tokenURL` configures the URL to fetch the token from.
@@ -6112,9 +8512,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -6150,9 +8548,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -6189,9 +8585,420 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].slackConfigs[].httpConfig.oauth2.proxyConnectHeader
+Description::
++
+--
+ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+--
+
+Type::
+  `object`
+
+
+
+
+=== .spec.receivers[].slackConfigs[].httpConfig.oauth2.proxyConnectHeader{}
+Description::
++
+--
+
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.receivers[].slackConfigs[].httpConfig.oauth2.proxyConnectHeader{}[]
+Description::
++
+--
+SecretKeySelector selects a key of a Secret.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].slackConfigs[].httpConfig.oauth2.tlsConfig
+Description::
++
+--
+TLS configuration to use when connecting to the OAuth2 server.
+It requires Prometheus >= v2.43.0.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `ca`
+| `object`
+| Certificate authority used when verifying server certificates.
+
+| `cert`
+| `object`
+| Client certificate to present when doing client-authentication.
+
+| `insecureSkipVerify`
+| `boolean`
+| Disable target certificate validation.
+
+| `keySecret`
+| `object`
+| Secret containing the client key file for the targets.
+
+| `maxVersion`
+| `string`
+| Maximum acceptable TLS version.
+
+It requires Prometheus >= v2.41.0.
+
+| `minVersion`
+| `string`
+| Minimum acceptable TLS version.
+
+It requires Prometheus >= v2.35.0.
+
+| `serverName`
+| `string`
+| Used to verify the hostname for the targets.
+
+|===
+=== .spec.receivers[].slackConfigs[].httpConfig.oauth2.tlsConfig.ca
+Description::
++
+--
+Certificate authority used when verifying server certificates.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMap`
+| `object`
+| ConfigMap containing data to use for the targets.
+
+| `secret`
+| `object`
+| Secret containing data to use for the targets.
+
+|===
+=== .spec.receivers[].slackConfigs[].httpConfig.oauth2.tlsConfig.ca.configMap
+Description::
++
+--
+ConfigMap containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key to select.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
+
+|===
+=== .spec.receivers[].slackConfigs[].httpConfig.oauth2.tlsConfig.ca.secret
+Description::
++
+--
+Secret containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].slackConfigs[].httpConfig.oauth2.tlsConfig.cert
+Description::
++
+--
+Client certificate to present when doing client-authentication.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMap`
+| `object`
+| ConfigMap containing data to use for the targets.
+
+| `secret`
+| `object`
+| Secret containing data to use for the targets.
+
+|===
+=== .spec.receivers[].slackConfigs[].httpConfig.oauth2.tlsConfig.cert.configMap
+Description::
++
+--
+ConfigMap containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key to select.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
+
+|===
+=== .spec.receivers[].slackConfigs[].httpConfig.oauth2.tlsConfig.cert.secret
+Description::
++
+--
+Secret containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].slackConfigs[].httpConfig.oauth2.tlsConfig.keySecret
+Description::
++
+--
+Secret containing the client key file for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].slackConfigs[].httpConfig.proxyConnectHeader
+Description::
++
+--
+ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+--
+
+Type::
+  `object`
+
+
+
+
+=== .spec.receivers[].slackConfigs[].httpConfig.proxyConnectHeader{}
+Description::
++
+--
+
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.receivers[].slackConfigs[].httpConfig.proxyConnectHeader{}[]
+Description::
++
+--
+SecretKeySelector selects a key of a Secret.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 
 | `optional`
 | `boolean`
@@ -6231,6 +9038,18 @@ Type::
 | `object`
 | Secret containing the client key file for the targets.
 
+| `maxVersion`
+| `string`
+| Maximum acceptable TLS version.
+
+It requires Prometheus >= v2.41.0.
+
+| `minVersion`
+| `string`
+| Minimum acceptable TLS version.
+
+It requires Prometheus >= v2.35.0.
+
 | `serverName`
 | `string`
 | Used to verify the hostname for the targets.
@@ -6291,9 +9110,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -6329,9 +9146,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -6393,9 +9208,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -6431,9 +9244,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -6469,9 +9280,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -6592,13 +9401,42 @@ object and accessible by the Prometheus Operator.
 | `boolean`
 | FollowRedirects specifies whether the client should follow HTTP 3xx redirects.
 
+| `noProxy`
+| `string`
+| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names
+that should be excluded from proxying. IP and domain names can
+contain port numbers.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
 | `oauth2`
 | `object`
 | OAuth2 client credentials used to fetch a token for the targets.
 
-| `proxyURL`
+| `proxyConnectHeader`
+| `object`
+| ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyConnectHeader{}`
+| `array`
+| 
+
+| `proxyConnectHeader{}[]`
+| `object`
+| SecretKeySelector selects a key of a Secret.
+
+| `proxyFromEnvironment`
+| `boolean`
+| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyUrl`
 | `string`
-| Optional proxy URL.
+| `proxyURL` defines the HTTP proxy server to use.
 
 | `tlsConfig`
 | `object`
@@ -6631,10 +9469,8 @@ Type::
 | `string`
 | Defines the authentication type. The value is case-insensitive.
 
-
 "Basic" is not a supported value.
 
-
 Default: "Bearer"
 
 |===
@@ -6667,9 +9503,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -6735,9 +9569,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -6774,9 +9606,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -6851,10 +9681,48 @@ client's secret.
 | `endpointParams` configures the HTTP parameters to append to the token
 URL.
 
+| `noProxy`
+| `string`
+| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names
+that should be excluded from proxying. IP and domain names can
+contain port numbers.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyConnectHeader`
+| `object`
+| ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyConnectHeader{}`
+| `array`
+| 
+
+| `proxyConnectHeader{}[]`
+| `object`
+| SecretKeySelector selects a key of a Secret.
+
+| `proxyFromEnvironment`
+| `boolean`
+| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyUrl`
+| `string`
+| `proxyURL` defines the HTTP proxy server to use.
+
 | `scopes`
 | `array (string)`
 | `scopes` defines the OAuth2 scopes used for the token request.
 
+| `tlsConfig`
+| `object`
+| TLS configuration to use when connecting to the OAuth2 server.
+It requires Prometheus >= v2.43.0.
+
 | `tokenUrl`
 | `string`
 | `tokenURL` configures the URL to fetch the token from.
@@ -6916,9 +9784,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -6954,9 +9820,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -6993,9 +9857,420 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].snsConfigs[].httpConfig.oauth2.proxyConnectHeader
+Description::
++
+--
+ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+--
+
+Type::
+  `object`
+
+
+
+
+=== .spec.receivers[].snsConfigs[].httpConfig.oauth2.proxyConnectHeader{}
+Description::
++
+--
+
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.receivers[].snsConfigs[].httpConfig.oauth2.proxyConnectHeader{}[]
+Description::
++
+--
+SecretKeySelector selects a key of a Secret.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].snsConfigs[].httpConfig.oauth2.tlsConfig
+Description::
++
+--
+TLS configuration to use when connecting to the OAuth2 server.
+It requires Prometheus >= v2.43.0.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `ca`
+| `object`
+| Certificate authority used when verifying server certificates.
+
+| `cert`
+| `object`
+| Client certificate to present when doing client-authentication.
+
+| `insecureSkipVerify`
+| `boolean`
+| Disable target certificate validation.
+
+| `keySecret`
+| `object`
+| Secret containing the client key file for the targets.
+
+| `maxVersion`
+| `string`
+| Maximum acceptable TLS version.
+
+It requires Prometheus >= v2.41.0.
+
+| `minVersion`
+| `string`
+| Minimum acceptable TLS version.
+
+It requires Prometheus >= v2.35.0.
+
+| `serverName`
+| `string`
+| Used to verify the hostname for the targets.
+
+|===
+=== .spec.receivers[].snsConfigs[].httpConfig.oauth2.tlsConfig.ca
+Description::
++
+--
+Certificate authority used when verifying server certificates.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMap`
+| `object`
+| ConfigMap containing data to use for the targets.
+
+| `secret`
+| `object`
+| Secret containing data to use for the targets.
+
+|===
+=== .spec.receivers[].snsConfigs[].httpConfig.oauth2.tlsConfig.ca.configMap
+Description::
++
+--
+ConfigMap containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key to select.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
+
+|===
+=== .spec.receivers[].snsConfigs[].httpConfig.oauth2.tlsConfig.ca.secret
+Description::
++
+--
+Secret containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].snsConfigs[].httpConfig.oauth2.tlsConfig.cert
+Description::
++
+--
+Client certificate to present when doing client-authentication.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMap`
+| `object`
+| ConfigMap containing data to use for the targets.
+
+| `secret`
+| `object`
+| Secret containing data to use for the targets.
+
+|===
+=== .spec.receivers[].snsConfigs[].httpConfig.oauth2.tlsConfig.cert.configMap
+Description::
++
+--
+ConfigMap containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key to select.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
+
+|===
+=== .spec.receivers[].snsConfigs[].httpConfig.oauth2.tlsConfig.cert.secret
+Description::
++
+--
+Secret containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].snsConfigs[].httpConfig.oauth2.tlsConfig.keySecret
+Description::
++
+--
+Secret containing the client key file for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].snsConfigs[].httpConfig.proxyConnectHeader
+Description::
++
+--
+ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+--
+
+Type::
+  `object`
+
+
+
+
+=== .spec.receivers[].snsConfigs[].httpConfig.proxyConnectHeader{}
+Description::
++
+--
+
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.receivers[].snsConfigs[].httpConfig.proxyConnectHeader{}[]
+Description::
++
+--
+SecretKeySelector selects a key of a Secret.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 
 | `optional`
 | `boolean`
@@ -7035,6 +10310,18 @@ Type::
 | `object`
 | Secret containing the client key file for the targets.
 
+| `maxVersion`
+| `string`
+| Maximum acceptable TLS version.
+
+It requires Prometheus >= v2.41.0.
+
+| `minVersion`
+| `string`
+| Minimum acceptable TLS version.
+
+It requires Prometheus >= v2.35.0.
+
 | `serverName`
 | `string`
 | Used to verify the hostname for the targets.
@@ -7095,9 +10382,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -7133,9 +10418,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -7197,9 +10480,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -7235,9 +10516,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -7273,9 +10552,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -7352,9 +10629,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -7391,9 +10666,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -7424,6 +10697,8 @@ See https://prometheus.io/docs/alerting/latest/configuration/#telegram_config
 Type::
   `object`
 
+Required::
+  - `chatID`
 
 
 
@@ -7442,7 +10717,6 @@ If not specified, default API URL will be used.
 The secret needs to be in the same namespace as the AlertmanagerConfig
 object and accessible by the Prometheus Operator.
 
-
 Either `botToken` or `botTokenFile` is required.
 
 | `botTokenFile`
@@ -7450,7 +10724,6 @@ Either `botToken` or `botTokenFile` is required.
 | File to read the Telegram bot token from. It is mutually exclusive with `botToken`.
 Either `botToken` or `botTokenFile` is required.
 
-
 It requires Alertmanager >= v0.26.0.
 
 | `chatID`
@@ -7486,7 +10759,6 @@ Telegram bot token. It is mutually exclusive with `botTokenFile`.
 The secret needs to be in the same namespace as the AlertmanagerConfig
 object and accessible by the Prometheus Operator.
 
-
 Either `botToken` or `botTokenFile` is required.
 --
 
@@ -7550,13 +10822,42 @@ object and accessible by the Prometheus Operator.
 | `boolean`
 | FollowRedirects specifies whether the client should follow HTTP 3xx redirects.
 
+| `noProxy`
+| `string`
+| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names
+that should be excluded from proxying. IP and domain names can
+contain port numbers.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
 | `oauth2`
 | `object`
 | OAuth2 client credentials used to fetch a token for the targets.
 
-| `proxyURL`
+| `proxyConnectHeader`
+| `object`
+| ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyConnectHeader{}`
+| `array`
+| 
+
+| `proxyConnectHeader{}[]`
+| `object`
+| SecretKeySelector selects a key of a Secret.
+
+| `proxyFromEnvironment`
+| `boolean`
+| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyUrl`
 | `string`
-| Optional proxy URL.
+| `proxyURL` defines the HTTP proxy server to use.
 
 | `tlsConfig`
 | `object`
@@ -7589,10 +10890,8 @@ Type::
 | `string`
 | Defines the authentication type. The value is case-insensitive.
 
-
 "Basic" is not a supported value.
 
-
 Default: "Bearer"
 
 |===
@@ -7625,9 +10924,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -7693,9 +10990,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -7732,9 +11027,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -7809,10 +11102,48 @@ client's secret.
 | `endpointParams` configures the HTTP parameters to append to the token
 URL.
 
+| `noProxy`
+| `string`
+| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names
+that should be excluded from proxying. IP and domain names can
+contain port numbers.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyConnectHeader`
+| `object`
+| ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyConnectHeader{}`
+| `array`
+| 
+
+| `proxyConnectHeader{}[]`
+| `object`
+| SecretKeySelector selects a key of a Secret.
+
+| `proxyFromEnvironment`
+| `boolean`
+| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyUrl`
+| `string`
+| `proxyURL` defines the HTTP proxy server to use.
+
 | `scopes`
 | `array (string)`
 | `scopes` defines the OAuth2 scopes used for the token request.
 
+| `tlsConfig`
+| `object`
+| TLS configuration to use when connecting to the OAuth2 server.
+It requires Prometheus >= v2.43.0.
+
 | `tokenUrl`
 | `string`
 | `tokenURL` configures the URL to fetch the token from.
@@ -7874,9 +11205,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -7912,9 +11241,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -7951,9 +11278,420 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].telegramConfigs[].httpConfig.oauth2.proxyConnectHeader
+Description::
++
+--
+ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+--
+
+Type::
+  `object`
+
+
+
+
+=== .spec.receivers[].telegramConfigs[].httpConfig.oauth2.proxyConnectHeader{}
+Description::
++
+--
+
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.receivers[].telegramConfigs[].httpConfig.oauth2.proxyConnectHeader{}[]
+Description::
++
+--
+SecretKeySelector selects a key of a Secret.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].telegramConfigs[].httpConfig.oauth2.tlsConfig
+Description::
++
+--
+TLS configuration to use when connecting to the OAuth2 server.
+It requires Prometheus >= v2.43.0.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `ca`
+| `object`
+| Certificate authority used when verifying server certificates.
+
+| `cert`
+| `object`
+| Client certificate to present when doing client-authentication.
+
+| `insecureSkipVerify`
+| `boolean`
+| Disable target certificate validation.
+
+| `keySecret`
+| `object`
+| Secret containing the client key file for the targets.
+
+| `maxVersion`
+| `string`
+| Maximum acceptable TLS version.
+
+It requires Prometheus >= v2.41.0.
+
+| `minVersion`
+| `string`
+| Minimum acceptable TLS version.
+
+It requires Prometheus >= v2.35.0.
+
+| `serverName`
+| `string`
+| Used to verify the hostname for the targets.
+
+|===
+=== .spec.receivers[].telegramConfigs[].httpConfig.oauth2.tlsConfig.ca
+Description::
++
+--
+Certificate authority used when verifying server certificates.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMap`
+| `object`
+| ConfigMap containing data to use for the targets.
+
+| `secret`
+| `object`
+| Secret containing data to use for the targets.
+
+|===
+=== .spec.receivers[].telegramConfigs[].httpConfig.oauth2.tlsConfig.ca.configMap
+Description::
++
+--
+ConfigMap containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key to select.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
+
+|===
+=== .spec.receivers[].telegramConfigs[].httpConfig.oauth2.tlsConfig.ca.secret
+Description::
++
+--
+Secret containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].telegramConfigs[].httpConfig.oauth2.tlsConfig.cert
+Description::
++
+--
+Client certificate to present when doing client-authentication.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMap`
+| `object`
+| ConfigMap containing data to use for the targets.
+
+| `secret`
+| `object`
+| Secret containing data to use for the targets.
+
+|===
+=== .spec.receivers[].telegramConfigs[].httpConfig.oauth2.tlsConfig.cert.configMap
+Description::
++
+--
+ConfigMap containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key to select.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
+
+|===
+=== .spec.receivers[].telegramConfigs[].httpConfig.oauth2.tlsConfig.cert.secret
+Description::
++
+--
+Secret containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].telegramConfigs[].httpConfig.oauth2.tlsConfig.keySecret
+Description::
++
+--
+Secret containing the client key file for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].telegramConfigs[].httpConfig.proxyConnectHeader
+Description::
++
+--
+ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+--
+
+Type::
+  `object`
+
+
+
+
+=== .spec.receivers[].telegramConfigs[].httpConfig.proxyConnectHeader{}
+Description::
++
+--
+
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.receivers[].telegramConfigs[].httpConfig.proxyConnectHeader{}[]
+Description::
++
+--
+SecretKeySelector selects a key of a Secret.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 
 | `optional`
 | `boolean`
@@ -7993,6 +11731,18 @@ Type::
 | `object`
 | Secret containing the client key file for the targets.
 
+| `maxVersion`
+| `string`
+| Maximum acceptable TLS version.
+
+It requires Prometheus >= v2.41.0.
+
+| `minVersion`
+| `string`
+| Minimum acceptable TLS version.
+
+It requires Prometheus >= v2.35.0.
+
 | `serverName`
 | `string`
 | Used to verify the hostname for the targets.
@@ -8053,9 +11803,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -8091,9 +11839,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -8155,9 +11901,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -8193,9 +11937,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -8231,9 +11973,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -8429,13 +12169,42 @@ object and accessible by the Prometheus Operator.
 | `boolean`
 | FollowRedirects specifies whether the client should follow HTTP 3xx redirects.
 
+| `noProxy`
+| `string`
+| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names
+that should be excluded from proxying. IP and domain names can
+contain port numbers.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
 | `oauth2`
 | `object`
 | OAuth2 client credentials used to fetch a token for the targets.
 
-| `proxyURL`
+| `proxyConnectHeader`
+| `object`
+| ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyConnectHeader{}`
+| `array`
+| 
+
+| `proxyConnectHeader{}[]`
+| `object`
+| SecretKeySelector selects a key of a Secret.
+
+| `proxyFromEnvironment`
+| `boolean`
+| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyUrl`
 | `string`
-| Optional proxy URL.
+| `proxyURL` defines the HTTP proxy server to use.
 
 | `tlsConfig`
 | `object`
@@ -8468,10 +12237,8 @@ Type::
 | `string`
 | Defines the authentication type. The value is case-insensitive.
 
-
 "Basic" is not a supported value.
 
-
 Default: "Bearer"
 
 |===
@@ -8504,9 +12271,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -8572,9 +12337,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -8611,9 +12374,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -8688,10 +12449,48 @@ client's secret.
 | `endpointParams` configures the HTTP parameters to append to the token
 URL.
 
+| `noProxy`
+| `string`
+| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names
+that should be excluded from proxying. IP and domain names can
+contain port numbers.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyConnectHeader`
+| `object`
+| ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyConnectHeader{}`
+| `array`
+| 
+
+| `proxyConnectHeader{}[]`
+| `object`
+| SecretKeySelector selects a key of a Secret.
+
+| `proxyFromEnvironment`
+| `boolean`
+| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyUrl`
+| `string`
+| `proxyURL` defines the HTTP proxy server to use.
+
 | `scopes`
 | `array (string)`
 | `scopes` defines the OAuth2 scopes used for the token request.
 
+| `tlsConfig`
+| `object`
+| TLS configuration to use when connecting to the OAuth2 server.
+It requires Prometheus >= v2.43.0.
+
 | `tokenUrl`
 | `string`
 | `tokenURL` configures the URL to fetch the token from.
@@ -8753,9 +12552,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -8791,9 +12588,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -8830,9 +12625,420 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].victoropsConfigs[].httpConfig.oauth2.proxyConnectHeader
+Description::
++
+--
+ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+--
+
+Type::
+  `object`
+
+
+
+
+=== .spec.receivers[].victoropsConfigs[].httpConfig.oauth2.proxyConnectHeader{}
+Description::
++
+--
+
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.receivers[].victoropsConfigs[].httpConfig.oauth2.proxyConnectHeader{}[]
+Description::
++
+--
+SecretKeySelector selects a key of a Secret.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].victoropsConfigs[].httpConfig.oauth2.tlsConfig
+Description::
++
+--
+TLS configuration to use when connecting to the OAuth2 server.
+It requires Prometheus >= v2.43.0.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `ca`
+| `object`
+| Certificate authority used when verifying server certificates.
+
+| `cert`
+| `object`
+| Client certificate to present when doing client-authentication.
+
+| `insecureSkipVerify`
+| `boolean`
+| Disable target certificate validation.
+
+| `keySecret`
+| `object`
+| Secret containing the client key file for the targets.
+
+| `maxVersion`
+| `string`
+| Maximum acceptable TLS version.
+
+It requires Prometheus >= v2.41.0.
+
+| `minVersion`
+| `string`
+| Minimum acceptable TLS version.
+
+It requires Prometheus >= v2.35.0.
+
+| `serverName`
+| `string`
+| Used to verify the hostname for the targets.
+
+|===
+=== .spec.receivers[].victoropsConfigs[].httpConfig.oauth2.tlsConfig.ca
+Description::
++
+--
+Certificate authority used when verifying server certificates.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMap`
+| `object`
+| ConfigMap containing data to use for the targets.
+
+| `secret`
+| `object`
+| Secret containing data to use for the targets.
+
+|===
+=== .spec.receivers[].victoropsConfigs[].httpConfig.oauth2.tlsConfig.ca.configMap
+Description::
++
+--
+ConfigMap containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key to select.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
+
+|===
+=== .spec.receivers[].victoropsConfigs[].httpConfig.oauth2.tlsConfig.ca.secret
+Description::
++
+--
+Secret containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].victoropsConfigs[].httpConfig.oauth2.tlsConfig.cert
+Description::
++
+--
+Client certificate to present when doing client-authentication.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMap`
+| `object`
+| ConfigMap containing data to use for the targets.
+
+| `secret`
+| `object`
+| Secret containing data to use for the targets.
+
+|===
+=== .spec.receivers[].victoropsConfigs[].httpConfig.oauth2.tlsConfig.cert.configMap
+Description::
++
+--
+ConfigMap containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key to select.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
+
+|===
+=== .spec.receivers[].victoropsConfigs[].httpConfig.oauth2.tlsConfig.cert.secret
+Description::
++
+--
+Secret containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].victoropsConfigs[].httpConfig.oauth2.tlsConfig.keySecret
+Description::
++
+--
+Secret containing the client key file for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].victoropsConfigs[].httpConfig.proxyConnectHeader
+Description::
++
+--
+ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+--
+
+Type::
+  `object`
+
+
+
+
+=== .spec.receivers[].victoropsConfigs[].httpConfig.proxyConnectHeader{}
+Description::
++
+--
+
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.receivers[].victoropsConfigs[].httpConfig.proxyConnectHeader{}[]
+Description::
++
+--
+SecretKeySelector selects a key of a Secret.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 
 | `optional`
 | `boolean`
@@ -8872,6 +13078,18 @@ Type::
 | `object`
 | Secret containing the client key file for the targets.
 
+| `maxVersion`
+| `string`
+| Maximum acceptable TLS version.
+
+It requires Prometheus >= v2.41.0.
+
+| `minVersion`
+| `string`
+| Minimum acceptable TLS version.
+
+It requires Prometheus >= v2.35.0.
+
 | `serverName`
 | `string`
 | Used to verify the hostname for the targets.
@@ -8932,9 +13150,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -8970,9 +13186,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -9034,9 +13248,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -9072,9 +13284,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -9110,9 +13320,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -9213,13 +13421,42 @@ object and accessible by the Prometheus Operator.
 | `boolean`
 | FollowRedirects specifies whether the client should follow HTTP 3xx redirects.
 
+| `noProxy`
+| `string`
+| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names
+that should be excluded from proxying. IP and domain names can
+contain port numbers.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
 | `oauth2`
 | `object`
 | OAuth2 client credentials used to fetch a token for the targets.
 
-| `proxyURL`
+| `proxyConnectHeader`
+| `object`
+| ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyConnectHeader{}`
+| `array`
+| 
+
+| `proxyConnectHeader{}[]`
+| `object`
+| SecretKeySelector selects a key of a Secret.
+
+| `proxyFromEnvironment`
+| `boolean`
+| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyUrl`
 | `string`
-| Optional proxy URL.
+| `proxyURL` defines the HTTP proxy server to use.
 
 | `tlsConfig`
 | `object`
@@ -9252,10 +13489,8 @@ Type::
 | `string`
 | Defines the authentication type. The value is case-insensitive.
 
-
 "Basic" is not a supported value.
 
-
 Default: "Bearer"
 
 |===
@@ -9288,9 +13523,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -9356,9 +13589,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -9395,9 +13626,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -9472,10 +13701,48 @@ client's secret.
 | `endpointParams` configures the HTTP parameters to append to the token
 URL.
 
+| `noProxy`
+| `string`
+| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names
+that should be excluded from proxying. IP and domain names can
+contain port numbers.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyConnectHeader`
+| `object`
+| ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyConnectHeader{}`
+| `array`
+| 
+
+| `proxyConnectHeader{}[]`
+| `object`
+| SecretKeySelector selects a key of a Secret.
+
+| `proxyFromEnvironment`
+| `boolean`
+| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyUrl`
+| `string`
+| `proxyURL` defines the HTTP proxy server to use.
+
 | `scopes`
 | `array (string)`
 | `scopes` defines the OAuth2 scopes used for the token request.
 
+| `tlsConfig`
+| `object`
+| TLS configuration to use when connecting to the OAuth2 server.
+It requires Prometheus >= v2.43.0.
+
 | `tokenUrl`
 | `string`
 | `tokenURL` configures the URL to fetch the token from.
@@ -9537,9 +13804,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -9575,9 +13840,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -9614,9 +13877,420 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].webexConfigs[].httpConfig.oauth2.proxyConnectHeader
+Description::
++
+--
+ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+--
+
+Type::
+  `object`
+
+
+
+
+=== .spec.receivers[].webexConfigs[].httpConfig.oauth2.proxyConnectHeader{}
+Description::
++
+--
+
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.receivers[].webexConfigs[].httpConfig.oauth2.proxyConnectHeader{}[]
+Description::
++
+--
+SecretKeySelector selects a key of a Secret.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].webexConfigs[].httpConfig.oauth2.tlsConfig
+Description::
++
+--
+TLS configuration to use when connecting to the OAuth2 server.
+It requires Prometheus >= v2.43.0.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `ca`
+| `object`
+| Certificate authority used when verifying server certificates.
+
+| `cert`
+| `object`
+| Client certificate to present when doing client-authentication.
+
+| `insecureSkipVerify`
+| `boolean`
+| Disable target certificate validation.
+
+| `keySecret`
+| `object`
+| Secret containing the client key file for the targets.
+
+| `maxVersion`
+| `string`
+| Maximum acceptable TLS version.
+
+It requires Prometheus >= v2.41.0.
+
+| `minVersion`
+| `string`
+| Minimum acceptable TLS version.
+
+It requires Prometheus >= v2.35.0.
+
+| `serverName`
+| `string`
+| Used to verify the hostname for the targets.
+
+|===
+=== .spec.receivers[].webexConfigs[].httpConfig.oauth2.tlsConfig.ca
+Description::
++
+--
+Certificate authority used when verifying server certificates.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMap`
+| `object`
+| ConfigMap containing data to use for the targets.
+
+| `secret`
+| `object`
+| Secret containing data to use for the targets.
+
+|===
+=== .spec.receivers[].webexConfigs[].httpConfig.oauth2.tlsConfig.ca.configMap
+Description::
++
+--
+ConfigMap containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key to select.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
+
+|===
+=== .spec.receivers[].webexConfigs[].httpConfig.oauth2.tlsConfig.ca.secret
+Description::
++
+--
+Secret containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].webexConfigs[].httpConfig.oauth2.tlsConfig.cert
+Description::
++
+--
+Client certificate to present when doing client-authentication.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMap`
+| `object`
+| ConfigMap containing data to use for the targets.
+
+| `secret`
+| `object`
+| Secret containing data to use for the targets.
+
+|===
+=== .spec.receivers[].webexConfigs[].httpConfig.oauth2.tlsConfig.cert.configMap
+Description::
++
+--
+ConfigMap containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key to select.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
+
+|===
+=== .spec.receivers[].webexConfigs[].httpConfig.oauth2.tlsConfig.cert.secret
+Description::
++
+--
+Secret containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].webexConfigs[].httpConfig.oauth2.tlsConfig.keySecret
+Description::
++
+--
+Secret containing the client key file for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].webexConfigs[].httpConfig.proxyConnectHeader
+Description::
++
+--
+ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+--
+
+Type::
+  `object`
+
+
+
+
+=== .spec.receivers[].webexConfigs[].httpConfig.proxyConnectHeader{}
+Description::
++
+--
+
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.receivers[].webexConfigs[].httpConfig.proxyConnectHeader{}[]
+Description::
++
+--
+SecretKeySelector selects a key of a Secret.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 
 | `optional`
 | `boolean`
@@ -9656,6 +14330,18 @@ Type::
 | `object`
 | Secret containing the client key file for the targets.
 
+| `maxVersion`
+| `string`
+| Maximum acceptable TLS version.
+
+It requires Prometheus >= v2.41.0.
+
+| `minVersion`
+| `string`
+| Minimum acceptable TLS version.
+
+It requires Prometheus >= v2.35.0.
+
 | `serverName`
 | `string`
 | Used to verify the hostname for the targets.
@@ -9716,9 +14402,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -9754,9 +14438,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -9818,9 +14500,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -9856,9 +14536,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -9894,9 +14572,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -9998,13 +14674,42 @@ object and accessible by the Prometheus Operator.
 | `boolean`
 | FollowRedirects specifies whether the client should follow HTTP 3xx redirects.
 
+| `noProxy`
+| `string`
+| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names
+that should be excluded from proxying. IP and domain names can
+contain port numbers.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
 | `oauth2`
 | `object`
 | OAuth2 client credentials used to fetch a token for the targets.
 
-| `proxyURL`
+| `proxyConnectHeader`
+| `object`
+| ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyConnectHeader{}`
+| `array`
+| 
+
+| `proxyConnectHeader{}[]`
+| `object`
+| SecretKeySelector selects a key of a Secret.
+
+| `proxyFromEnvironment`
+| `boolean`
+| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyUrl`
 | `string`
-| Optional proxy URL.
+| `proxyURL` defines the HTTP proxy server to use.
 
 | `tlsConfig`
 | `object`
@@ -10037,10 +14742,8 @@ Type::
 | `string`
 | Defines the authentication type. The value is case-insensitive.
 
-
 "Basic" is not a supported value.
 
-
 Default: "Bearer"
 
 |===
@@ -10073,9 +14776,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -10141,9 +14842,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -10180,9 +14879,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -10257,10 +14954,48 @@ client's secret.
 | `endpointParams` configures the HTTP parameters to append to the token
 URL.
 
+| `noProxy`
+| `string`
+| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names
+that should be excluded from proxying. IP and domain names can
+contain port numbers.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyConnectHeader`
+| `object`
+| ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyConnectHeader{}`
+| `array`
+| 
+
+| `proxyConnectHeader{}[]`
+| `object`
+| SecretKeySelector selects a key of a Secret.
+
+| `proxyFromEnvironment`
+| `boolean`
+| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyUrl`
+| `string`
+| `proxyURL` defines the HTTP proxy server to use.
+
 | `scopes`
 | `array (string)`
 | `scopes` defines the OAuth2 scopes used for the token request.
 
+| `tlsConfig`
+| `object`
+| TLS configuration to use when connecting to the OAuth2 server.
+It requires Prometheus >= v2.43.0.
+
 | `tokenUrl`
 | `string`
 | `tokenURL` configures the URL to fetch the token from.
@@ -10322,9 +15057,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -10360,9 +15093,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -10399,9 +15130,420 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].webhookConfigs[].httpConfig.oauth2.proxyConnectHeader
+Description::
++
+--
+ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+--
+
+Type::
+  `object`
+
+
+
+
+=== .spec.receivers[].webhookConfigs[].httpConfig.oauth2.proxyConnectHeader{}
+Description::
++
+--
+
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.receivers[].webhookConfigs[].httpConfig.oauth2.proxyConnectHeader{}[]
+Description::
++
+--
+SecretKeySelector selects a key of a Secret.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].webhookConfigs[].httpConfig.oauth2.tlsConfig
+Description::
++
+--
+TLS configuration to use when connecting to the OAuth2 server.
+It requires Prometheus >= v2.43.0.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `ca`
+| `object`
+| Certificate authority used when verifying server certificates.
+
+| `cert`
+| `object`
+| Client certificate to present when doing client-authentication.
+
+| `insecureSkipVerify`
+| `boolean`
+| Disable target certificate validation.
+
+| `keySecret`
+| `object`
+| Secret containing the client key file for the targets.
+
+| `maxVersion`
+| `string`
+| Maximum acceptable TLS version.
+
+It requires Prometheus >= v2.41.0.
+
+| `minVersion`
+| `string`
+| Minimum acceptable TLS version.
+
+It requires Prometheus >= v2.35.0.
+
+| `serverName`
+| `string`
+| Used to verify the hostname for the targets.
+
+|===
+=== .spec.receivers[].webhookConfigs[].httpConfig.oauth2.tlsConfig.ca
+Description::
++
+--
+Certificate authority used when verifying server certificates.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMap`
+| `object`
+| ConfigMap containing data to use for the targets.
+
+| `secret`
+| `object`
+| Secret containing data to use for the targets.
+
+|===
+=== .spec.receivers[].webhookConfigs[].httpConfig.oauth2.tlsConfig.ca.configMap
+Description::
++
+--
+ConfigMap containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key to select.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
+
+|===
+=== .spec.receivers[].webhookConfigs[].httpConfig.oauth2.tlsConfig.ca.secret
+Description::
++
+--
+Secret containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].webhookConfigs[].httpConfig.oauth2.tlsConfig.cert
+Description::
++
+--
+Client certificate to present when doing client-authentication.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMap`
+| `object`
+| ConfigMap containing data to use for the targets.
+
+| `secret`
+| `object`
+| Secret containing data to use for the targets.
+
+|===
+=== .spec.receivers[].webhookConfigs[].httpConfig.oauth2.tlsConfig.cert.configMap
+Description::
++
+--
+ConfigMap containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key to select.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
+
+|===
+=== .spec.receivers[].webhookConfigs[].httpConfig.oauth2.tlsConfig.cert.secret
+Description::
++
+--
+Secret containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].webhookConfigs[].httpConfig.oauth2.tlsConfig.keySecret
+Description::
++
+--
+Secret containing the client key file for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].webhookConfigs[].httpConfig.proxyConnectHeader
+Description::
++
+--
+ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+--
+
+Type::
+  `object`
+
+
+
+
+=== .spec.receivers[].webhookConfigs[].httpConfig.proxyConnectHeader{}
+Description::
++
+--
+
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.receivers[].webhookConfigs[].httpConfig.proxyConnectHeader{}[]
+Description::
++
+--
+SecretKeySelector selects a key of a Secret.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 
 | `optional`
 | `boolean`
@@ -10441,6 +15583,18 @@ Type::
 | `object`
 | Secret containing the client key file for the targets.
 
+| `maxVersion`
+| `string`
+| Maximum acceptable TLS version.
+
+It requires Prometheus >= v2.41.0.
+
+| `minVersion`
+| `string`
+| Minimum acceptable TLS version.
+
+It requires Prometheus >= v2.35.0.
+
 | `serverName`
 | `string`
 | Used to verify the hostname for the targets.
@@ -10501,9 +15655,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -10539,9 +15691,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -10603,9 +15753,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -10641,9 +15789,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -10679,9 +15825,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -10868,13 +16012,42 @@ object and accessible by the Prometheus Operator.
 | `boolean`
 | FollowRedirects specifies whether the client should follow HTTP 3xx redirects.
 
+| `noProxy`
+| `string`
+| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names
+that should be excluded from proxying. IP and domain names can
+contain port numbers.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
 | `oauth2`
 | `object`
 | OAuth2 client credentials used to fetch a token for the targets.
 
-| `proxyURL`
+| `proxyConnectHeader`
+| `object`
+| ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyConnectHeader{}`
+| `array`
+| 
+
+| `proxyConnectHeader{}[]`
+| `object`
+| SecretKeySelector selects a key of a Secret.
+
+| `proxyFromEnvironment`
+| `boolean`
+| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyUrl`
 | `string`
-| Optional proxy URL.
+| `proxyURL` defines the HTTP proxy server to use.
 
 | `tlsConfig`
 | `object`
@@ -10907,10 +16080,8 @@ Type::
 | `string`
 | Defines the authentication type. The value is case-insensitive.
 
-
 "Basic" is not a supported value.
 
-
 Default: "Bearer"
 
 |===
@@ -10943,9 +16114,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -11011,9 +16180,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -11050,9 +16217,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -11127,10 +16292,48 @@ client's secret.
 | `endpointParams` configures the HTTP parameters to append to the token
 URL.
 
+| `noProxy`
+| `string`
+| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names
+that should be excluded from proxying. IP and domain names can
+contain port numbers.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyConnectHeader`
+| `object`
+| ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyConnectHeader{}`
+| `array`
+| 
+
+| `proxyConnectHeader{}[]`
+| `object`
+| SecretKeySelector selects a key of a Secret.
+
+| `proxyFromEnvironment`
+| `boolean`
+| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyUrl`
+| `string`
+| `proxyURL` defines the HTTP proxy server to use.
+
 | `scopes`
 | `array (string)`
 | `scopes` defines the OAuth2 scopes used for the token request.
 
+| `tlsConfig`
+| `object`
+| TLS configuration to use when connecting to the OAuth2 server.
+It requires Prometheus >= v2.43.0.
+
 | `tokenUrl`
 | `string`
 | `tokenURL` configures the URL to fetch the token from.
@@ -11192,9 +16395,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -11230,9 +16431,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -11269,9 +16468,420 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].wechatConfigs[].httpConfig.oauth2.proxyConnectHeader
+Description::
++
+--
+ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+--
+
+Type::
+  `object`
+
+
+
+
+=== .spec.receivers[].wechatConfigs[].httpConfig.oauth2.proxyConnectHeader{}
+Description::
++
+--
+
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.receivers[].wechatConfigs[].httpConfig.oauth2.proxyConnectHeader{}[]
+Description::
++
+--
+SecretKeySelector selects a key of a Secret.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].wechatConfigs[].httpConfig.oauth2.tlsConfig
+Description::
++
+--
+TLS configuration to use when connecting to the OAuth2 server.
+It requires Prometheus >= v2.43.0.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `ca`
+| `object`
+| Certificate authority used when verifying server certificates.
+
+| `cert`
+| `object`
+| Client certificate to present when doing client-authentication.
+
+| `insecureSkipVerify`
+| `boolean`
+| Disable target certificate validation.
+
+| `keySecret`
+| `object`
+| Secret containing the client key file for the targets.
+
+| `maxVersion`
+| `string`
+| Maximum acceptable TLS version.
+
+It requires Prometheus >= v2.41.0.
+
+| `minVersion`
+| `string`
+| Minimum acceptable TLS version.
+
+It requires Prometheus >= v2.35.0.
+
+| `serverName`
+| `string`
+| Used to verify the hostname for the targets.
+
+|===
+=== .spec.receivers[].wechatConfigs[].httpConfig.oauth2.tlsConfig.ca
+Description::
++
+--
+Certificate authority used when verifying server certificates.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMap`
+| `object`
+| ConfigMap containing data to use for the targets.
+
+| `secret`
+| `object`
+| Secret containing data to use for the targets.
+
+|===
+=== .spec.receivers[].wechatConfigs[].httpConfig.oauth2.tlsConfig.ca.configMap
+Description::
++
+--
+ConfigMap containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key to select.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
+
+|===
+=== .spec.receivers[].wechatConfigs[].httpConfig.oauth2.tlsConfig.ca.secret
+Description::
++
+--
+Secret containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].wechatConfigs[].httpConfig.oauth2.tlsConfig.cert
+Description::
++
+--
+Client certificate to present when doing client-authentication.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMap`
+| `object`
+| ConfigMap containing data to use for the targets.
+
+| `secret`
+| `object`
+| Secret containing data to use for the targets.
+
+|===
+=== .spec.receivers[].wechatConfigs[].httpConfig.oauth2.tlsConfig.cert.configMap
+Description::
++
+--
+ConfigMap containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key to select.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
+
+|===
+=== .spec.receivers[].wechatConfigs[].httpConfig.oauth2.tlsConfig.cert.secret
+Description::
++
+--
+Secret containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].wechatConfigs[].httpConfig.oauth2.tlsConfig.keySecret
+Description::
++
+--
+Secret containing the client key file for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].wechatConfigs[].httpConfig.proxyConnectHeader
+Description::
++
+--
+ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+--
+
+Type::
+  `object`
+
+
+
+
+=== .spec.receivers[].wechatConfigs[].httpConfig.proxyConnectHeader{}
+Description::
++
+--
+
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.receivers[].wechatConfigs[].httpConfig.proxyConnectHeader{}[]
+Description::
++
+--
+SecretKeySelector selects a key of a Secret.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 
 | `optional`
 | `boolean`
@@ -11311,6 +16921,18 @@ Type::
 | `object`
 | Secret containing the client key file for the targets.
 
+| `maxVersion`
+| `string`
+| Maximum acceptable TLS version.
+
+It requires Prometheus >= v2.41.0.
+
+| `minVersion`
+| `string`
+| Minimum acceptable TLS version.
+
+It requires Prometheus >= v2.35.0.
+
 | `serverName`
 | `string`
 | Used to verify the hostname for the targets.
@@ -11371,9 +16993,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -11409,9 +17029,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -11473,9 +17091,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -11511,9 +17127,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -11549,9 +17163,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -11716,6 +17328,8 @@ TimeInterval specifies the periods in time when notifications will be muted or a
 Type::
   `object`
 
+Required::
+  - `name`
 
 
 
diff --git a/rest_api/monitoring_apis/alertrelabelconfig-monitoring-openshift-io-v1.adoc b/rest_api/monitoring_apis/alertrelabelconfig-monitoring-openshift-io-v1.adoc
index e9644f3d5b..4bc67a3756 100644
--- a/rest_api/monitoring_apis/alertrelabelconfig-monitoring-openshift-io-v1.adoc
+++ b/rest_api/monitoring_apis/alertrelabelconfig-monitoring-openshift-io-v1.adoc
@@ -11,8 +11,9 @@ toc::[]
 Description::
 +
 --
-AlertRelabelConfig defines a set of relabel configs for alerts. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+AlertRelabelConfig defines a set of relabel configs for alerts.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -74,7 +75,10 @@ Required::
 
 | `configs[]`
 | `object`
-| RelabelConfig allows dynamic rewriting of label sets for alerts. See Prometheus documentation: - https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs - https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
+| RelabelConfig allows dynamic rewriting of label sets for alerts.
+See Prometheus documentation:
+- https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs
+- https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
 
 |===
 === .spec.configs
@@ -94,7 +98,10 @@ Type::
 Description::
 +
 --
-RelabelConfig allows dynamic rewriting of label sets for alerts. See Prometheus documentation: - https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs - https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
+RelabelConfig allows dynamic rewriting of label sets for alerts.
+See Prometheus documentation:
+- https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs
+- https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
 --
 
 Type::
@@ -109,31 +116,46 @@ Type::
 
 | `action`
 | `string`
-| action to perform based on regex matching. Must be one of: 'Replace', 'Keep', 'Drop', 'HashMod', 'LabelMap', 'LabelDrop', or 'LabelKeep'. Default is: 'Replace'
+| action to perform based on regex matching. Must be one of: 'Replace', 'Keep',
+'Drop', 'HashMod', 'LabelMap', 'LabelDrop', or 'LabelKeep'. Default is: 'Replace'
 
 | `modulus`
 | `integer`
-| modulus to take of the hash of the source label values.  This can be combined with the 'HashMod' action to set 'target_label' to the 'modulus' of a hash of the concatenated 'source_labels'. This is only valid if sourceLabels is not empty and action is not 'LabelKeep' or 'LabelDrop'.
+| modulus to take of the hash of the source label values.  This can be
+combined with the 'HashMod' action to set 'target_label' to the 'modulus'
+of a hash of the concatenated 'source_labels'. This is only valid if
+sourceLabels is not empty and action is not 'LabelKeep' or 'LabelDrop'.
 
 | `regex`
 | `string`
-| regex against which the extracted value is matched. Default is: '(.*)' regex is required for all actions except 'HashMod'
+| regex against which the extracted value is matched. Default is: '(.*)'
+regex is required for all actions except 'HashMod'
 
 | `replacement`
 | `string`
-| replacement value against which a regex replace is performed if the regular expression matches. This is required if the action is 'Replace' or 'LabelMap' and forbidden for actions 'LabelKeep' and 'LabelDrop'. Regex capture groups are available. Default is: '$1'
+| replacement value against which a regex replace is performed if the regular
+expression matches. This is required if the action is 'Replace' or
+'LabelMap' and forbidden for actions 'LabelKeep' and 'LabelDrop'.
+Regex capture groups are available. Default is: '$1'
 
 | `separator`
 | `string`
-| separator placed between concatenated source label values. When omitted, Prometheus will use its default value of ';'.
+| separator placed between concatenated source label values. When omitted,
+Prometheus will use its default value of ';'.
 
 | `sourceLabels`
 | `array (string)`
-| sourceLabels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the 'Replace', 'Keep', and 'Drop' actions. Not allowed for actions 'LabelKeep' and 'LabelDrop'.
+| sourceLabels select values from existing labels. Their content is
+concatenated using the configured separator and matched against the
+configured regular expression for the 'Replace', 'Keep', and 'Drop' actions.
+Not allowed for actions 'LabelKeep' and 'LabelDrop'.
 
 | `targetLabel`
 | `string`
-| targetLabel to which the resulting value is written in a 'Replace' action. It is required for 'Replace' and 'HashMod' actions and forbidden for actions 'LabelKeep' and 'LabelDrop'. Regex capture groups are available.
+| targetLabel to which the resulting value is written in a 'Replace' action.
+It is required for 'Replace' and 'HashMod' actions and forbidden for
+actions 'LabelKeep' and 'LabelDrop'. Regex capture groups
+are available.
 
 |===
 === .status
@@ -155,20 +177,20 @@ Type::
 
 | `conditions`
 | `array`
-| conditions contains details on the state of the AlertRelabelConfig, may be empty.
+| conditions contains details on the state of the AlertRelabelConfig, may be
+empty.
 
 | `conditions[]`
 | `object`
-| Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions.  For example, 
- type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` 
- // other fields }
+| Condition contains details for one aspect of the current state of this API Resource.
 
 |===
 === .status.conditions
 Description::
 +
 --
-conditions contains details on the state of the AlertRelabelConfig, may be empty.
+conditions contains details on the state of the AlertRelabelConfig, may be
+empty.
 --
 
 Type::
@@ -181,9 +203,7 @@ Type::
 Description::
 +
 --
-Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions.  For example, 
- type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` 
- // other fields }
+Condition contains details for one aspect of the current state of this API Resource.
 --
 
 Type::
@@ -204,19 +224,27 @@ Required::
 
 | `lastTransitionTime`
 | `string`
-| lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
+| lastTransitionTime is the last time the condition transitioned from one status to another.
+This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
 
 | `message`
 | `string`
-| message is a human readable message indicating details about the transition. This may be an empty string.
+| message is a human readable message indicating details about the transition.
+This may be an empty string.
 
 | `observedGeneration`
 | `integer`
-| observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
+| observedGeneration represents the .metadata.generation that the condition was set based upon.
+For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+with respect to the current state of the instance.
 
 | `reason`
 | `string`
-| reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
+| reason contains a programmatic identifier indicating the reason for the condition's last transition.
+Producers of specific condition types may define expected values and meanings for this field,
+and whether the values are considered a guaranteed API.
+The value should be a CamelCase string.
+This field may not be empty.
 
 | `status`
 | `string`
@@ -224,7 +252,7 @@ Required::
 
 | `type`
 | `string`
-| type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+| type of condition in CamelCase or in foo.example.com/CamelCase.
 
 |===
 
diff --git a/rest_api/monitoring_apis/monitoring-apis-index.adoc b/rest_api/monitoring_apis/monitoring-apis-index.adoc
index cbabdefa95..f74b80b423 100644
--- a/rest_api/monitoring_apis/monitoring-apis-index.adoc
+++ b/rest_api/monitoring_apis/monitoring-apis-index.adoc
@@ -12,7 +12,11 @@ toc::[]
 Description::
 +
 --
-Alertmanager describes an Alertmanager cluster.
+The `Alertmanager` custom resource definition (CRD) defines a desired [Alertmanager](https://prometheus.io/docs/alerting) setup to run in a Kubernetes cluster. It allows to specify many options such as the number of replicas, persistent storage and many more.
+
+For each `Alertmanager` resource, the Operator deploys a `StatefulSet` in the same namespace. When there are two or more configured replicas, the Operator runs the Alertmanager instances in high-availability mode.
+
+The resource defines via label and namespace selectors which `AlertmanagerConfig` objects should be associated to the deployed Alertmanager instances.
 --
 
 Type::
@@ -23,8 +27,9 @@ Type::
 Description::
 +
 --
-AlertmanagerConfig configures the Prometheus Alertmanager,
-specifying how alerts should be grouped, inhibited and notified to external systems.
+The `AlertmanagerConfig` custom resource definition (CRD) defines how `Alertmanager` objects process Prometheus alerts. It allows to specify alert grouping and routing, notification receivers and inhibition rules.
+
+`Alertmanager` objects select `AlertmanagerConfig` objects using label and namespace selectors.
 --
 
 Type::
@@ -35,8 +40,9 @@ Type::
 Description::
 +
 --
-AlertRelabelConfig defines a set of relabel configs for alerts. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+AlertRelabelConfig defines a set of relabel configs for alerts.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -47,11 +53,28 @@ Type::
 Description::
 +
 --
-AlertingRule represents a set of user-defined Prometheus rule groups containing alerting rules.  This resource is the supported method for cluster admins to create alerts based on metrics recorded by the platform monitoring stack in OpenShift, i.e. the Prometheus instance deployed to the openshift-monitoring namespace.  You might use this to create custom alerting rules not shipped with OpenShift based on metrics from components such as the node_exporter, which provides machine-level metrics such as CPU usage, or kube-state-metrics, which provides metrics on Kubernetes usage. 
- The API is mostly compatible with the upstream PrometheusRule type from the prometheus-operator.  The primary difference being that recording rules are not allowed here -- only alerting rules.  For each AlertingRule resource created, a corresponding PrometheusRule will be created in the openshift-monitoring namespace.  OpenShift requires admins to use the AlertingRule resource rather than the upstream type in order to allow better OpenShift specific defaulting and validation, while not modifying the upstream APIs directly. 
- You can find upstream API documentation for PrometheusRule resources here: 
- https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+AlertingRule represents a set of user-defined Prometheus rule groups containing
+alerting rules.  This resource is the supported method for cluster admins to
+create alerts based on metrics recorded by the platform monitoring stack in
+OpenShift, i.e. the Prometheus instance deployed to the openshift-monitoring
+namespace.  You might use this to create custom alerting rules not shipped with
+OpenShift based on metrics from components such as the node_exporter, which
+provides machine-level metrics such as CPU usage, or kube-state-metrics, which
+provides metrics on Kubernetes usage.
+
+The API is mostly compatible with the upstream PrometheusRule type from the
+prometheus-operator.  The primary difference being that recording rules are not
+allowed here -- only alerting rules.  For each AlertingRule resource created, a
+corresponding PrometheusRule will be created in the openshift-monitoring
+namespace.  OpenShift requires admins to use the AlertingRule resource rather
+than the upstream type in order to allow better OpenShift specific defaulting
+and validation, while not modifying the upstream APIs directly.
+
+You can find upstream API documentation for PrometheusRule resources here:
+
+https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -62,7 +85,14 @@ Type::
 Description::
 +
 --
-PodMonitor defines monitoring for a set of pods.
+The `PodMonitor` custom resource definition (CRD) defines how `Prometheus` and `PrometheusAgent` can scrape metrics from a group of pods.
+Among other things, it allows to specify:
+* The pods to scrape via label selectors.
+* The container ports to scrape.
+* Authentication credentials to use.
+* Target and metric relabeling.
+
+`Prometheus` and `PrometheusAgent` objects select `PodMonitor` objects using label and namespace selectors.
 --
 
 Type::
@@ -73,7 +103,13 @@ Type::
 Description::
 +
 --
-Probe defines monitoring for a set of static targets or ingresses.
+The `Probe` custom resource definition (CRD) defines how to scrape metrics from prober exporters such as the [blackbox exporter](https://github.com/prometheus/blackbox_exporter).
+
+The `Probe` resource needs 2 pieces of information:
+* The list of probed addresses which can be defined statically or by discovering Kubernetes Ingress objects.
+* The prober which exposes the availability of probed endpoints (over various protocols such HTTP, TCP, ICMP, ...) as Prometheus metrics.
+
+`Prometheus` and `PrometheusAgent` objects select `Probe` objects using label and namespace selectors.
 --
 
 Type::
@@ -84,7 +120,13 @@ Type::
 Description::
 +
 --
-Prometheus defines a Prometheus deployment.
+The `Prometheus` custom resource definition (CRD) defines a desired [Prometheus](https://prometheus.io/docs/prometheus) setup to run in a Kubernetes cluster. It allows to specify many options such as the number of replicas, persistent storage, and Alertmanagers where firing alerts should be sent and many more.
+
+For each `Prometheus` resource, the Operator deploys one or several `StatefulSet` objects in the same namespace. The number of StatefulSets is equal to the number of shards which is 1 by default.
+
+The resource defines via label and namespace selectors which `ServiceMonitor`, `PodMonitor`, `Probe` and `PrometheusRule` objects should be associated to the deployed Prometheus instances.
+
+The Operator continuously reconciles the scrape and rules configuration and a sidecar container running in the Prometheus pods triggers a reload of the configuration when needed.
 --
 
 Type::
@@ -95,7 +137,9 @@ Type::
 Description::
 +
 --
-PrometheusRule defines recording and alerting rules for a Prometheus instance
+The `PrometheusRule` custom resource definition (CRD) defines [alerting](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) and [recording](https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/) rules to be evaluated by `Prometheus` or `ThanosRuler` objects.
+
+`Prometheus` and `ThanosRuler` objects select `PrometheusRule` objects using label and namespace selectors.
 --
 
 Type::
@@ -106,7 +150,14 @@ Type::
 Description::
 +
 --
-ServiceMonitor defines monitoring for a set of services.
+The `ServiceMonitor` custom resource definition (CRD) defines how `Prometheus` and `PrometheusAgent` can scrape metrics from a group of services.
+Among other things, it allows to specify:
+* The services to scrape via label selectors.
+* The container ports to scrape.
+* Authentication credentials to use.
+* Target and metric relabeling.
+
+`Prometheus` and `PrometheusAgent` objects select `ServiceMonitor` objects using label and namespace selectors.
 --
 
 Type::
@@ -117,7 +168,11 @@ Type::
 Description::
 +
 --
-ThanosRuler defines a ThanosRuler deployment.
+The `ThanosRuler` custom resource definition (CRD) defines a desired [Thanos Ruler](https://github.com/thanos-io/thanos/blob/main/docs/components/rule.md) setup to run in a Kubernetes cluster.
+
+A `ThanosRuler` instance requires at least one compatible Prometheus API endpoint (either Thanos Querier or Prometheus services).
+
+The resource defines via label and namespace selectors which `PrometheusRule` objects should be associated to the deployed Thanos Ruler instances.
 --
 
 Type::
diff --git a/rest_api/monitoring_apis/nodemetrics-metrics-k8s-io-v1beta1.adoc b/rest_api/monitoring_apis/nodemetrics-metrics-k8s-io-v1beta1.adoc
index 392254de57..5af8435320 100644
--- a/rest_api/monitoring_apis/nodemetrics-metrics-k8s-io-v1beta1.adoc
+++ b/rest_api/monitoring_apis/nodemetrics-metrics-k8s-io-v1beta1.adoc
@@ -38,7 +38,7 @@ Required::
 | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
 
 | `metadata`
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-ObjectMeta_v2[`ObjectMeta_v2`]
+| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-ObjectMeta[`ObjectMeta`]
 | Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `timestamp`
diff --git a/rest_api/monitoring_apis/podmetrics-metrics-k8s-io-v1beta1.adoc b/rest_api/monitoring_apis/podmetrics-metrics-k8s-io-v1beta1.adoc
index 498922fff7..d506c35532 100644
--- a/rest_api/monitoring_apis/podmetrics-metrics-k8s-io-v1beta1.adoc
+++ b/rest_api/monitoring_apis/podmetrics-metrics-k8s-io-v1beta1.adoc
@@ -46,7 +46,7 @@ Required::
 | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
 
 | `metadata`
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-ObjectMeta_v2[`ObjectMeta_v2`]
+| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-ObjectMeta[`ObjectMeta`]
 | Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `timestamp`
diff --git a/rest_api/monitoring_apis/podmonitor-monitoring-coreos-com-v1.adoc b/rest_api/monitoring_apis/podmonitor-monitoring-coreos-com-v1.adoc
index 12781ebab7..4499d75fbf 100644
--- a/rest_api/monitoring_apis/podmonitor-monitoring-coreos-com-v1.adoc
+++ b/rest_api/monitoring_apis/podmonitor-monitoring-coreos-com-v1.adoc
@@ -11,7 +11,14 @@ toc::[]
 Description::
 +
 --
-PodMonitor defines monitoring for a set of pods.
+The `PodMonitor` custom resource definition (CRD) defines how `Prometheus` and `PrometheusAgent` can scrape metrics from a group of pods.
+Among other things, it allows to specify:
+* The pods to scrape via label selectors.
+* The container ports to scrape.
+* Authentication credentials to use.
+* Target and metric relabeling.
+
+`Prometheus` and `PrometheusAgent` objects select `PodMonitor` objects using label and namespace selectors.
 --
 
 Type::
@@ -68,15 +75,13 @@ Required::
 | `attachMetadata` defines additional metadata which is added to the
 discovered targets.
 
-
-It requires Prometheus >= v2.37.0.
+It requires Prometheus >= v2.35.0.
 
 | `bodySizeLimit`
 | `string`
 | When defined, bodySizeLimit specifies a job level limit on the size
 of uncompressed response body that will be accepted by Prometheus.
 
-
 It requires Prometheus >= v2.28.0.
 
 | `jobLabel`
@@ -85,12 +90,10 @@ It requires Prometheus >= v2.28.0.
 `jobLabel` selects the label from the associated Kubernetes `Pod`
 object which will be used as the `job` label for all metrics.
 
-
 For example if `jobLabel` is set to `foo` and the Kubernetes `Pod`
 object is labeled with `foo: bar`, then Prometheus adds the `job="bar"`
 label to all ingested metrics.
 
-
 If the value of this field is empty, the `job` label of the metrics
 defaults to the namespace and name of the PodMonitor object (e.g. `<namespace>/<name>`).
 
@@ -99,38 +102,46 @@ defaults to the namespace and name of the PodMonitor object (e.g. `<namespace>/<
 | Per-scrape limit on the number of targets dropped by relabeling
 that will be kept in memory. 0 means no limit.
 
-
 It requires Prometheus >= v2.47.0.
 
 | `labelLimit`
 | `integer`
 | Per-scrape limit on number of labels that will be accepted for a sample.
 
-
 It requires Prometheus >= v2.27.0.
 
 | `labelNameLengthLimit`
 | `integer`
 | Per-scrape limit on length of labels name that will be accepted for a sample.
 
-
 It requires Prometheus >= v2.27.0.
 
 | `labelValueLengthLimit`
 | `integer`
 | Per-scrape limit on length of labels value that will be accepted for a sample.
 
-
 It requires Prometheus >= v2.27.0.
 
 | `namespaceSelector`
 | `object`
-| Selector to select which namespaces the Kubernetes `Pods` objects
-are discovered from.
+| `namespaceSelector` defines in which namespace(s) Prometheus should discover the pods.
+By default, the pods are discovered in the same namespace as the `PodMonitor` object but it is possible to select pods across different/all namespaces.
+
+| `nativeHistogramBucketLimit`
+| `integer`
+| If there are more than this many buckets in a native histogram,
+buckets will be merged to stay within the limit.
+It requires Prometheus >= v2.45.0.
+
+| `nativeHistogramMinBucketFactor`
+| `integer-or-string`
+| If the growth factor of one bucket to the next is smaller than this,
+buckets will be merged to increase the factor sufficiently.
+It requires Prometheus >= v2.50.0.
 
 | `podMetricsEndpoints`
 | `array`
-| List of endpoints part of this PodMonitor.
+| Defines how to scrape metrics from the selected pods.
 
 | `podMetricsEndpoints[]`
 | `object`
@@ -151,20 +162,23 @@ that will be accepted.
 | `string`
 | The scrape class to apply.
 
+| `scrapeClassicHistograms`
+| `boolean`
+| Whether to scrape a classic histogram that is also exposed as a native histogram.
+It requires Prometheus >= v2.45.0.
+
 | `scrapeProtocols`
 | `array (string)`
 | `scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the
 protocols supported by Prometheus in order of preference (from most to least preferred).
 
-
 If unset, Prometheus uses its default value.
 
-
 It requires Prometheus >= v2.49.0.
 
 | `selector`
 | `object`
-| Label selector to select the Kubernetes `Pod` objects.
+| Label selector to select the Kubernetes `Pod` objects to scrape metrics from.
 
 | `targetLimit`
 | `integer`
@@ -179,8 +193,7 @@ Description::
 `attachMetadata` defines additional metadata which is added to the
 discovered targets.
 
-
-It requires Prometheus >= v2.37.0.
+It requires Prometheus >= v2.35.0.
 --
 
 Type::
@@ -195,16 +208,19 @@ Type::
 
 | `node`
 | `boolean`
-| When set to true, Prometheus must have the `get` permission on the
-`Nodes` objects.
+| When set to true, Prometheus attaches node metadata to the discovered
+targets.
+
+The Prometheus service account must have the `list` and `watch`
+permissions on the `Nodes` objects.
 
 |===
 === .spec.namespaceSelector
 Description::
 +
 --
-Selector to select which namespaces the Kubernetes `Pods` objects
-are discovered from.
+`namespaceSelector` defines in which namespace(s) Prometheus should discover the pods.
+By default, the pods are discovered in the same namespace as the `PodMonitor` object but it is possible to select pods across different/all namespaces.
 --
 
 Type::
@@ -231,7 +247,7 @@ list restricting them.
 Description::
 +
 --
-List of endpoints part of this PodMonitor.
+Defines how to scrape metrics from the selected pods.
 --
 
 Type::
@@ -263,7 +279,6 @@ Type::
 | `authorization` configures the Authorization header credentials to use when
 scraping the target.
 
-
 Cannot be set at the same time as `basicAuth`, or `oauth2`.
 
 | `basicAuth`
@@ -271,7 +286,6 @@ Cannot be set at the same time as `basicAuth`, or `oauth2`.
 | `basicAuth` configures the Basic Authentication credentials to use when
 scraping the target.
 
-
 Cannot be set at the same time as `authorization`, or `oauth2`.
 
 | `bearerTokenSecret`
@@ -280,7 +294,6 @@ Cannot be set at the same time as `authorization`, or `oauth2`.
 token for scraping targets. The secret needs to be in the same namespace
 as the PodMonitor object and readable by the Prometheus Operator.
 
-
 Deprecated: use `authorization` instead.
 
 | `enableHttp2`
@@ -292,10 +305,8 @@ Deprecated: use `authorization` instead.
 | When true, the pods which are not running (e.g. either in Failed or
 Succeeded state) are dropped during the target discovery.
 
-
 If unset, the filtering is enabled.
 
-
 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase
 
 | `followRedirects`
@@ -317,7 +328,6 @@ when exposed by the target.
 | `string`
 | Interval at which Prometheus scrapes the metrics from the target.
 
-
 If empty, Prometheus uses the global scrape interval.
 
 | `metricRelabelings`
@@ -330,17 +340,14 @@ samples before ingestion.
 | RelabelConfig allows dynamic rewriting of the label set for targets, alerts,
 scraped samples and remote write samples.
 
-
 More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
 
 | `oauth2`
 | `object`
 | `oauth2` configures the OAuth2 settings to use when scraping the target.
 
-
 It requires Prometheus >= 2.27.0.
 
-
 Cannot be set at the same time as `authorization`, or `basicAuth`.
 
 | `params`
@@ -355,14 +362,12 @@ Cannot be set at the same time as `authorization`, or `basicAuth`.
 | `string`
 | HTTP path from which to scrape for metrics.
 
-
 If empty, Prometheus uses the default value (e.g. `/metrics`).
 
 | `port`
 | `string`
 | Name of the Pod port which this endpoint refers to.
 
-
 It takes precedence over `targetPort`.
 
 | `proxyUrl`
@@ -375,13 +380,10 @@ It takes precedence over `targetPort`.
 | `relabelings` configures the relabeling rules to apply the target's
 metadata labels.
 
-
 The Operator automatically adds relabelings for a few standard Kubernetes fields.
 
-
 The original scrape job's name is available via the `__tmp_prometheus_job_name` label.
 
-
 More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
 
 | `relabelings[]`
@@ -389,25 +391,21 @@ More info: https://prometheus.io/docs/prometheus/latest/configuration/configurat
 | RelabelConfig allows dynamic rewriting of the label set for targets, alerts,
 scraped samples and remote write samples.
 
-
 More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
 
 | `scheme`
 | `string`
 | HTTP scheme to use for scraping.
 
-
 `http` and `https` are the expected values unless you rewrite the
 `__scheme__` label via relabeling.
 
-
 If empty, Prometheus uses the default value `http`.
 
 | `scrapeTimeout`
 | `string`
 | Timeout after which Prometheus considers the scrape to be failed.
 
-
 If empty, Prometheus uses the global scrape timeout unless it is less
 than the target's scrape interval value in which the latter is used.
 
@@ -416,7 +414,6 @@ than the target's scrape interval value in which the latter is used.
 | Name or number of the target port of the `Pod` object behind the Service, the
 port must be specified with container port property.
 
-
 Deprecated: use 'port' instead.
 
 | `tlsConfig`
@@ -429,7 +426,6 @@ Deprecated: use 'port' instead.
 the metrics that have an explicit timestamp present in scraped data.
 Has no effect if `honorTimestamps` is false.
 
-
 It requires Prometheus >= v2.48.0.
 
 |===
@@ -440,7 +436,6 @@ Description::
 `authorization` configures the Authorization header credentials to use when
 scraping the target.
 
-
 Cannot be set at the same time as `basicAuth`, or `oauth2`.
 --
 
@@ -462,10 +457,8 @@ Type::
 | `string`
 | Defines the authentication type. The value is case-insensitive.
 
-
 "Basic" is not a supported value.
 
-
 Default: "Bearer"
 
 |===
@@ -498,9 +491,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -514,7 +505,6 @@ Description::
 `basicAuth` configures the Basic Authentication credentials to use when
 scraping the target.
 
-
 Cannot be set at the same time as `authorization`, or `oauth2`.
 --
 
@@ -569,9 +559,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -608,9 +596,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -625,7 +611,6 @@ Description::
 token for scraping targets. The secret needs to be in the same namespace
 as the PodMonitor object and readable by the Prometheus Operator.
 
-
 Deprecated: use `authorization` instead.
 --
 
@@ -651,9 +636,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -681,7 +664,6 @@ Description::
 RelabelConfig allows dynamic rewriting of the label set for targets, alerts,
 scraped samples and remote write samples.
 
-
 More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
 --
 
@@ -699,18 +681,15 @@ Type::
 | `string`
 | Action to perform based on the regex matching.
 
-
 `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.
 `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.
 
-
 Default: "Replace"
 
 | `modulus`
 | `integer`
 | Modulus to take of the hash of the source label values.
 
-
 Only applicable when the action is `HashMod`.
 
 | `regex`
@@ -722,7 +701,6 @@ Only applicable when the action is `HashMod`.
 | Replacement value against which a Replace action is performed if the
 regular expression matches.
 
-
 Regex capture groups are available.
 
 | `separator`
@@ -739,11 +717,9 @@ configured regular expression.
 | `string`
 | Label to which the resulting string is written in a replacement.
 
-
 It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,
 `KeepEqual` and `DropEqual` actions.
 
-
 Regex capture groups are available.
 
 |===
@@ -753,10 +729,8 @@ Description::
 --
 `oauth2` configures the OAuth2 settings to use when scraping the target.
 
-
 It requires Prometheus >= 2.27.0.
 
-
 Cannot be set at the same time as `authorization`, or `basicAuth`.
 --
 
@@ -789,10 +763,48 @@ client's secret.
 | `endpointParams` configures the HTTP parameters to append to the token
 URL.
 
+| `noProxy`
+| `string`
+| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names
+that should be excluded from proxying. IP and domain names can
+contain port numbers.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyConnectHeader`
+| `object`
+| ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyConnectHeader{}`
+| `array`
+| 
+
+| `proxyConnectHeader{}[]`
+| `object`
+| SecretKeySelector selects a key of a Secret.
+
+| `proxyFromEnvironment`
+| `boolean`
+| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyUrl`
+| `string`
+| `proxyURL` defines the HTTP proxy server to use.
+
 | `scopes`
 | `array (string)`
 | `scopes` defines the OAuth2 scopes used for the token request.
 
+| `tlsConfig`
+| `object`
+| TLS configuration to use when connecting to the OAuth2 server.
+It requires Prometheus >= v2.43.0.
+
 | `tokenUrl`
 | `string`
 | `tokenURL` configures the URL to fetch the token from.
@@ -854,9 +866,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -892,9 +902,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -931,9 +939,355 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.podMetricsEndpoints[].oauth2.proxyConnectHeader
+Description::
++
+--
+ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+--
+
+Type::
+  `object`
+
+
+
+
+=== .spec.podMetricsEndpoints[].oauth2.proxyConnectHeader{}
+Description::
++
+--
+
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.podMetricsEndpoints[].oauth2.proxyConnectHeader{}[]
+Description::
++
+--
+SecretKeySelector selects a key of a Secret.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.podMetricsEndpoints[].oauth2.tlsConfig
+Description::
++
+--
+TLS configuration to use when connecting to the OAuth2 server.
+It requires Prometheus >= v2.43.0.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `ca`
+| `object`
+| Certificate authority used when verifying server certificates.
+
+| `cert`
+| `object`
+| Client certificate to present when doing client-authentication.
+
+| `insecureSkipVerify`
+| `boolean`
+| Disable target certificate validation.
+
+| `keySecret`
+| `object`
+| Secret containing the client key file for the targets.
+
+| `maxVersion`
+| `string`
+| Maximum acceptable TLS version.
+
+It requires Prometheus >= v2.41.0.
+
+| `minVersion`
+| `string`
+| Minimum acceptable TLS version.
+
+It requires Prometheus >= v2.35.0.
+
+| `serverName`
+| `string`
+| Used to verify the hostname for the targets.
+
+|===
+=== .spec.podMetricsEndpoints[].oauth2.tlsConfig.ca
+Description::
++
+--
+Certificate authority used when verifying server certificates.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMap`
+| `object`
+| ConfigMap containing data to use for the targets.
+
+| `secret`
+| `object`
+| Secret containing data to use for the targets.
+
+|===
+=== .spec.podMetricsEndpoints[].oauth2.tlsConfig.ca.configMap
+Description::
++
+--
+ConfigMap containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key to select.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
+
+|===
+=== .spec.podMetricsEndpoints[].oauth2.tlsConfig.ca.secret
+Description::
++
+--
+Secret containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.podMetricsEndpoints[].oauth2.tlsConfig.cert
+Description::
++
+--
+Client certificate to present when doing client-authentication.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMap`
+| `object`
+| ConfigMap containing data to use for the targets.
+
+| `secret`
+| `object`
+| Secret containing data to use for the targets.
+
+|===
+=== .spec.podMetricsEndpoints[].oauth2.tlsConfig.cert.configMap
+Description::
++
+--
+ConfigMap containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key to select.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
+
+|===
+=== .spec.podMetricsEndpoints[].oauth2.tlsConfig.cert.secret
+Description::
++
+--
+Secret containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.podMetricsEndpoints[].oauth2.tlsConfig.keySecret
+Description::
++
+--
+Secret containing the client key file for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 
 | `optional`
 | `boolean`
@@ -960,13 +1314,10 @@ Description::
 `relabelings` configures the relabeling rules to apply the target's
 metadata labels.
 
-
 The Operator automatically adds relabelings for a few standard Kubernetes fields.
 
-
 The original scrape job's name is available via the `__tmp_prometheus_job_name` label.
 
-
 More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
 --
 
@@ -983,7 +1334,6 @@ Description::
 RelabelConfig allows dynamic rewriting of the label set for targets, alerts,
 scraped samples and remote write samples.
 
-
 More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
 --
 
@@ -1001,18 +1351,15 @@ Type::
 | `string`
 | Action to perform based on the regex matching.
 
-
 `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.
 `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.
 
-
 Default: "Replace"
 
 | `modulus`
 | `integer`
 | Modulus to take of the hash of the source label values.
 
-
 Only applicable when the action is `HashMod`.
 
 | `regex`
@@ -1024,7 +1371,6 @@ Only applicable when the action is `HashMod`.
 | Replacement value against which a Replace action is performed if the
 regular expression matches.
 
-
 Regex capture groups are available.
 
 | `separator`
@@ -1041,11 +1387,9 @@ configured regular expression.
 | `string`
 | Label to which the resulting string is written in a replacement.
 
-
 It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,
 `KeepEqual` and `DropEqual` actions.
 
-
 Regex capture groups are available.
 
 |===
@@ -1082,6 +1426,18 @@ Type::
 | `object`
 | Secret containing the client key file for the targets.
 
+| `maxVersion`
+| `string`
+| Maximum acceptable TLS version.
+
+It requires Prometheus >= v2.41.0.
+
+| `minVersion`
+| `string`
+| Minimum acceptable TLS version.
+
+It requires Prometheus >= v2.35.0.
+
 | `serverName`
 | `string`
 | Used to verify the hostname for the targets.
@@ -1142,9 +1498,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -1180,9 +1534,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -1244,9 +1596,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -1282,9 +1632,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -1320,9 +1668,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -1333,7 +1679,7 @@ TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://git
 Description::
 +
 --
-Label selector to select the Kubernetes `Pod` objects.
+Label selector to select the Kubernetes `Pod` objects to scrape metrics from.
 --
 
 Type::
diff --git a/rest_api/monitoring_apis/probe-monitoring-coreos-com-v1.adoc b/rest_api/monitoring_apis/probe-monitoring-coreos-com-v1.adoc
index b19234b62e..bd213298c1 100644
--- a/rest_api/monitoring_apis/probe-monitoring-coreos-com-v1.adoc
+++ b/rest_api/monitoring_apis/probe-monitoring-coreos-com-v1.adoc
@@ -11,7 +11,13 @@ toc::[]
 Description::
 +
 --
-Probe defines monitoring for a set of static targets or ingresses.
+The `Probe` custom resource definition (CRD) defines how to scrape metrics from prober exporters such as the [blackbox exporter](https://github.com/prometheus/blackbox_exporter).
+
+The `Probe` resource needs 2 pieces of information:
+* The list of probed addresses which can be defined statically or by discovering Kubernetes Ingress objects.
+* The prober which exposes the availability of probed endpoints (over various protocols such HTTP, TCP, ICMP, ...) as Prometheus metrics.
+
+`Prometheus` and `PrometheusAgent` objects select `Probe` objects using label and namespace selectors.
 --
 
 Type::
@@ -90,7 +96,6 @@ If not specified Prometheus' global scrape interval is used.
 | Per-scrape limit on the number of targets dropped by relabeling
 that will be kept in memory. 0 means no limit.
 
-
 It requires Prometheus >= v2.47.0.
 
 | `labelLimit`
@@ -117,7 +122,6 @@ Only valid in Prometheus versions 2.27.0 and newer.
 | RelabelConfig allows dynamic rewriting of the label set for targets, alerts,
 scraped samples and remote write samples.
 
-
 More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
 
 | `module`
@@ -126,6 +130,18 @@ More info: https://prometheus.io/docs/prometheus/latest/configuration/configurat
 Example module configuring in the blackbox exporter:
 https://github.com/prometheus/blackbox_exporter/blob/master/example.yml
 
+| `nativeHistogramBucketLimit`
+| `integer`
+| If there are more than this many buckets in a native histogram,
+buckets will be merged to stay within the limit.
+It requires Prometheus >= v2.45.0.
+
+| `nativeHistogramMinBucketFactor`
+| `integer-or-string`
+| If the growth factor of one bucket to the next is smaller than this,
+buckets will be merged to increase the factor sufficiently.
+It requires Prometheus >= v2.50.0.
+
 | `oauth2`
 | `object`
 | OAuth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer.
@@ -143,15 +159,18 @@ The prober.URL parameter is required. Targets cannot be probed if left empty.
 | `string`
 | The scrape class to apply.
 
+| `scrapeClassicHistograms`
+| `boolean`
+| Whether to scrape a classic histogram that is also exposed as a native histogram.
+It requires Prometheus >= v2.45.0.
+
 | `scrapeProtocols`
 | `array (string)`
 | `scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the
 protocols supported by Prometheus in order of preference (from most to least preferred).
 
-
 If unset, Prometheus uses its default value.
 
-
 It requires Prometheus >= v2.49.0.
 
 | `scrapeTimeout`
@@ -197,10 +216,8 @@ Type::
 | `string`
 | Defines the authentication type. The value is case-insensitive.
 
-
 "Basic" is not a supported value.
 
-
 Default: "Bearer"
 
 |===
@@ -233,9 +250,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -301,9 +316,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -340,9 +353,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -380,9 +391,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -409,7 +418,6 @@ Description::
 RelabelConfig allows dynamic rewriting of the label set for targets, alerts,
 scraped samples and remote write samples.
 
-
 More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
 --
 
@@ -427,18 +435,15 @@ Type::
 | `string`
 | Action to perform based on the regex matching.
 
-
 `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.
 `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.
 
-
 Default: "Replace"
 
 | `modulus`
 | `integer`
 | Modulus to take of the hash of the source label values.
 
-
 Only applicable when the action is `HashMod`.
 
 | `regex`
@@ -450,7 +455,6 @@ Only applicable when the action is `HashMod`.
 | Replacement value against which a Replace action is performed if the
 regular expression matches.
 
-
 Regex capture groups are available.
 
 | `separator`
@@ -467,11 +471,9 @@ configured regular expression.
 | `string`
 | Label to which the resulting string is written in a replacement.
 
-
 It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,
 `KeepEqual` and `DropEqual` actions.
 
-
 Regex capture groups are available.
 
 |===
@@ -511,10 +513,48 @@ client's secret.
 | `endpointParams` configures the HTTP parameters to append to the token
 URL.
 
+| `noProxy`
+| `string`
+| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names
+that should be excluded from proxying. IP and domain names can
+contain port numbers.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyConnectHeader`
+| `object`
+| ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyConnectHeader{}`
+| `array`
+| 
+
+| `proxyConnectHeader{}[]`
+| `object`
+| SecretKeySelector selects a key of a Secret.
+
+| `proxyFromEnvironment`
+| `boolean`
+| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyUrl`
+| `string`
+| `proxyURL` defines the HTTP proxy server to use.
+
 | `scopes`
 | `array (string)`
 | `scopes` defines the OAuth2 scopes used for the token request.
 
+| `tlsConfig`
+| `object`
+| TLS configuration to use when connecting to the OAuth2 server.
+It requires Prometheus >= v2.43.0.
+
 | `tokenUrl`
 | `string`
 | `tokenURL` configures the URL to fetch the token from.
@@ -576,9 +616,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -614,9 +652,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -653,9 +689,355 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.oauth2.proxyConnectHeader
+Description::
++
+--
+ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+--
+
+Type::
+  `object`
+
+
+
+
+=== .spec.oauth2.proxyConnectHeader{}
+Description::
++
+--
+
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.oauth2.proxyConnectHeader{}[]
+Description::
++
+--
+SecretKeySelector selects a key of a Secret.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.oauth2.tlsConfig
+Description::
++
+--
+TLS configuration to use when connecting to the OAuth2 server.
+It requires Prometheus >= v2.43.0.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `ca`
+| `object`
+| Certificate authority used when verifying server certificates.
+
+| `cert`
+| `object`
+| Client certificate to present when doing client-authentication.
+
+| `insecureSkipVerify`
+| `boolean`
+| Disable target certificate validation.
+
+| `keySecret`
+| `object`
+| Secret containing the client key file for the targets.
+
+| `maxVersion`
+| `string`
+| Maximum acceptable TLS version.
+
+It requires Prometheus >= v2.41.0.
+
+| `minVersion`
+| `string`
+| Minimum acceptable TLS version.
+
+It requires Prometheus >= v2.35.0.
+
+| `serverName`
+| `string`
+| Used to verify the hostname for the targets.
+
+|===
+=== .spec.oauth2.tlsConfig.ca
+Description::
++
+--
+Certificate authority used when verifying server certificates.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMap`
+| `object`
+| ConfigMap containing data to use for the targets.
+
+| `secret`
+| `object`
+| Secret containing data to use for the targets.
+
+|===
+=== .spec.oauth2.tlsConfig.ca.configMap
+Description::
++
+--
+ConfigMap containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key to select.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
+
+|===
+=== .spec.oauth2.tlsConfig.ca.secret
+Description::
++
+--
+Secret containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.oauth2.tlsConfig.cert
+Description::
++
+--
+Client certificate to present when doing client-authentication.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMap`
+| `object`
+| ConfigMap containing data to use for the targets.
+
+| `secret`
+| `object`
+| Secret containing data to use for the targets.
+
+|===
+=== .spec.oauth2.tlsConfig.cert.configMap
+Description::
++
+--
+ConfigMap containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key to select.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
+
+|===
+=== .spec.oauth2.tlsConfig.cert.secret
+Description::
++
+--
+Secret containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.oauth2.tlsConfig.keySecret
+Description::
++
+--
+Secret containing the client key file for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 
 | `optional`
 | `boolean`
@@ -771,7 +1153,6 @@ More info: https://prometheus.io/docs/prometheus/latest/configuration/configurat
 | RelabelConfig allows dynamic rewriting of the label set for targets, alerts,
 scraped samples and remote write samples.
 
-
 More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
 
 | `selector`
@@ -832,7 +1213,6 @@ Description::
 RelabelConfig allows dynamic rewriting of the label set for targets, alerts,
 scraped samples and remote write samples.
 
-
 More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
 --
 
@@ -850,18 +1230,15 @@ Type::
 | `string`
 | Action to perform based on the regex matching.
 
-
 `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.
 `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.
 
-
 Default: "Replace"
 
 | `modulus`
 | `integer`
 | Modulus to take of the hash of the source label values.
 
-
 Only applicable when the action is `HashMod`.
 
 | `regex`
@@ -873,7 +1250,6 @@ Only applicable when the action is `HashMod`.
 | Replacement value against which a Replace action is performed if the
 regular expression matches.
 
-
 Regex capture groups are available.
 
 | `separator`
@@ -890,11 +1266,9 @@ configured regular expression.
 | `string`
 | Label to which the resulting string is written in a replacement.
 
-
 It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,
 `KeepEqual` and `DropEqual` actions.
 
-
 Regex capture groups are available.
 
 |===
@@ -1017,7 +1391,6 @@ More info: https://prometheus.io/docs/prometheus/latest/configuration/configurat
 | RelabelConfig allows dynamic rewriting of the label set for targets, alerts,
 scraped samples and remote write samples.
 
-
 More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
 
 | `static`
@@ -1047,7 +1420,6 @@ Description::
 RelabelConfig allows dynamic rewriting of the label set for targets, alerts,
 scraped samples and remote write samples.
 
-
 More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
 --
 
@@ -1065,18 +1437,15 @@ Type::
 | `string`
 | Action to perform based on the regex matching.
 
-
 `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.
 `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.
 
-
 Default: "Replace"
 
 | `modulus`
 | `integer`
 | Modulus to take of the hash of the source label values.
 
-
 Only applicable when the action is `HashMod`.
 
 | `regex`
@@ -1088,7 +1457,6 @@ Only applicable when the action is `HashMod`.
 | Replacement value against which a Replace action is performed if the
 regular expression matches.
 
-
 Regex capture groups are available.
 
 | `separator`
@@ -1105,11 +1473,9 @@ configured regular expression.
 | `string`
 | Label to which the resulting string is written in a replacement.
 
-
 It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,
 `KeepEqual` and `DropEqual` actions.
 
-
 Regex capture groups are available.
 
 |===
@@ -1146,6 +1512,18 @@ Type::
 | `object`
 | Secret containing the client key file for the targets.
 
+| `maxVersion`
+| `string`
+| Maximum acceptable TLS version.
+
+It requires Prometheus >= v2.41.0.
+
+| `minVersion`
+| `string`
+| Minimum acceptable TLS version.
+
+It requires Prometheus >= v2.35.0.
+
 | `serverName`
 | `string`
 | Used to verify the hostname for the targets.
@@ -1206,9 +1584,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -1244,9 +1620,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -1308,9 +1682,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -1346,9 +1718,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -1384,9 +1754,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
diff --git a/rest_api/monitoring_apis/prometheus-monitoring-coreos-com-v1.adoc b/rest_api/monitoring_apis/prometheus-monitoring-coreos-com-v1.adoc
index 233a0d456d..25ab2c3b8e 100644
--- a/rest_api/monitoring_apis/prometheus-monitoring-coreos-com-v1.adoc
+++ b/rest_api/monitoring_apis/prometheus-monitoring-coreos-com-v1.adoc
@@ -11,7 +11,13 @@ toc::[]
 Description::
 +
 --
-Prometheus defines a Prometheus deployment.
+The `Prometheus` custom resource definition (CRD) defines a desired [Prometheus](https://prometheus.io/docs/prometheus) setup to run in a Kubernetes cluster. It allows to specify many options such as the number of replicas, persistent storage, and Alertmanagers where firing alerts should be sent and many more.
+
+For each `Prometheus` resource, the Operator deploys one or several `StatefulSet` objects in the same namespace. The number of StatefulSets is equal to the number of shards which is 1 by default.
+
+The resource defines via label and namespace selectors which `ServiceMonitor`, `PodMonitor`, `Probe` and `PrometheusRule` objects should be associated to the deployed Prometheus instances.
+
+The Operator continuously reconciles the scrape and rules configuration and a sidecar container running in the Prometheus pods triggers a reload of the configuration when needed.
 --
 
 Type::
@@ -77,13 +83,10 @@ configurations are appended to the configuration generated by the
 Prometheus Operator. They must be formatted according to the official
 Prometheus documentation:
 
-
 https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config
 
-
 The user is responsible for making sure that the configurations are valid
 
-
 Note that using this feature may expose the possibility to break
 upgrades of Prometheus. It is advised to review Prometheus release notes
 to ensure that no incompatible AlertManager configs are going to break
@@ -97,13 +100,10 @@ configurations are appended to the configuration generated by the
 Prometheus Operator. They must be formatted according to the official
 Prometheus documentation:
 
-
 https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs
 
-
 The user is responsible for making sure that the configurations are valid
 
-
 Note that using this feature may expose the possibility to break
 upgrades of Prometheus. It is advised to review Prometheus release notes
 to ensure that no incompatible alert relabel configs are going to break
@@ -113,13 +113,11 @@ Prometheus after the upgrade.
 | `array`
 | AdditionalArgs allows setting additional arguments for the 'prometheus' container.
 
-
 It is intended for e.g. activating hidden flags which are not supported by
 the dedicated configuration options yet. The arguments are passed as-is to the
 Prometheus container which may cause issues if they are invalid or not supported
 by the given Prometheus version.
 
-
 In case of an argument conflict (e.g. an argument which is already set by the
 operator itself) or when providing an invalid argument, the reconciliation will
 fail and an error will be logged.
@@ -155,7 +153,6 @@ Prometheus after the upgrade.
 | AllowOverlappingBlocks enables vertical compaction and vertical query
 merge in Prometheus.
 
-
 Deprecated: this flag has no effect for Prometheus >= 2.39.0 where overlapping blocks are enabled by default.
 
 | `apiserverConfig`
@@ -184,7 +181,6 @@ Users should instead provide the credentials using the
 | AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in the pod.
 If the field isn't set, the operator mounts the service account token by default.
 
-
 **Warning:** be aware that by default, Prometheus requires the service account token for Kubernetes service discovery.
 It is possible to use strategic merge patch to project the service account token into the 'prometheus' container.
 
@@ -197,7 +193,6 @@ It is possible to use strategic merge patch to project the service account token
 | BodySizeLimit defines per-scrape on response body size.
 Only valid in Prometheus versions 2.45.0 and newer.
 
-
 Note that the global limit only applies to scrape objects that don't specify an explicit limit value.
 If you want to enforce a maximum limit for all scrape objects, refer to enforcedBodySizeLimit.
 
@@ -217,13 +212,11 @@ container. Containers described here modify an operator generated
 container if they share the same name and modifications are done via a
 strategic merge patch.
 
-
 The names of containers managed by the operator are:
 * `prometheus`
 * `config-reloader`
 * `thanos-sidecar`
 
-
 Overriding containers is entirely outside the scope of what the
 maintainers will support and by doing so, you accept that this behaviour
 may break at any time without notice.
@@ -236,17 +229,23 @@ may break at any time without notice.
 | `boolean`
 | When true, the Prometheus compaction is disabled.
 
+| `dnsConfig`
+| `object`
+| Defines the DNS configuration for the pods.
+
+| `dnsPolicy`
+| `string`
+| Defines the DNS policy for the pods.
+
 | `enableAdminAPI`
 | `boolean`
 | Enables access to the Prometheus web admin API.
 
-
 WARNING: Enabling the admin APIs enables mutating endpoints, to delete data,
 shutdown Prometheus, and more. Enabling this should be done with care and the
 user is advised to add additional authentication authorization via a proxy to
 ensure only clients authorized to perform these actions can do so.
 
-
 For more information:
 https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis
 
@@ -254,12 +253,10 @@ https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis
 | `array (string)`
 | Enable access to Prometheus feature flags. By default, no features are enabled.
 
-
 Enabling features which are disabled by default is entirely outside the
 scope of what the maintainers will support and by doing so, you accept
 that this behaviour may break at any time without notice.
 
-
 For more information see https://prometheus.io/docs/prometheus/latest/feature_flags/
 
 | `enableRemoteWriteReceiver`
@@ -267,14 +264,12 @@ For more information see https://prometheus.io/docs/prometheus/latest/feature_fl
 | Enable Prometheus to be used as a receiver for the Prometheus remote
 write protocol.
 
-
 WARNING: This is not considered an efficient way of ingesting samples.
 Use it with caution for specific low-volume use cases.
 It is not suitable for replacing the ingestion via scraping and turning
 Prometheus into a push-based metrics collection system.
 For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver
 
-
 It requires Prometheus >= v2.33.0.
 
 | `enforcedBodySizeLimit`
@@ -284,10 +279,8 @@ of uncompressed response body that will be accepted by Prometheus.
 Targets responding with a body larger than this many bytes will cause
 the scrape to fail.
 
-
 It requires Prometheus >= v2.28.0.
 
-
 When both `enforcedBodySizeLimit` and `bodySizeLimit` are defined and greater than zero, the following rules apply:
 * Scrape objects without a defined bodySizeLimit value will inherit the global bodySizeLimit value (Prometheus >= 2.45.0) or the enforcedBodySizeLimit value (Prometheus < v2.45.0).
   If Prometheus version is >= 2.45.0 and the `enforcedBodySizeLimit` is greater than the `bodySizeLimit`, the `bodySizeLimit` will be set to `enforcedBodySizeLimit`.
@@ -302,10 +295,8 @@ any `spec.keepDroppedTargets` set by
 ServiceMonitor, PodMonitor, Probe objects unless `spec.keepDroppedTargets` is
 greater than zero and less than `spec.enforcedKeepDroppedTargets`.
 
-
 It requires Prometheus >= v2.47.0.
 
-
 When both `enforcedKeepDroppedTargets` and `keepDroppedTargets` are defined and greater than zero, the following rules apply:
 * Scrape objects without a defined keepDroppedTargets value will inherit the global keepDroppedTargets value (Prometheus >= 2.45.0) or the enforcedKeepDroppedTargets value (Prometheus < v2.45.0).
   If Prometheus version is >= 2.45.0 and the `enforcedKeepDroppedTargets` is greater than the `keepDroppedTargets`, the `keepDroppedTargets` will be set to `enforcedKeepDroppedTargets`.
@@ -319,10 +310,8 @@ of labels per sample. The value overrides any `spec.labelLimit` set by
 ServiceMonitor, PodMonitor, Probe objects unless `spec.labelLimit` is
 greater than zero and less than `spec.enforcedLabelLimit`.
 
-
 It requires Prometheus >= v2.27.0.
 
-
 When both `enforcedLabelLimit` and `labelLimit` are defined and greater than zero, the following rules apply:
 * Scrape objects without a defined labelLimit value will inherit the global labelLimit value (Prometheus >= 2.45.0) or the enforcedLabelLimit value (Prometheus < v2.45.0).
   If Prometheus version is >= 2.45.0 and the `enforcedLabelLimit` is greater than the `labelLimit`, the `labelLimit` will be set to `enforcedLabelLimit`.
@@ -336,10 +325,8 @@ of labels name per sample. The value overrides any `spec.labelNameLengthLimit` s
 ServiceMonitor, PodMonitor, Probe objects unless `spec.labelNameLengthLimit` is
 greater than zero and less than `spec.enforcedLabelNameLengthLimit`.
 
-
 It requires Prometheus >= v2.27.0.
 
-
 When both `enforcedLabelNameLengthLimit` and `labelNameLengthLimit` are defined and greater than zero, the following rules apply:
 * Scrape objects without a defined labelNameLengthLimit value will inherit the global labelNameLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelNameLengthLimit value (Prometheus < v2.45.0).
   If Prometheus version is >= 2.45.0 and the `enforcedLabelNameLengthLimit` is greater than the `labelNameLengthLimit`, the `labelNameLengthLimit` will be set to `enforcedLabelNameLengthLimit`.
@@ -353,10 +340,8 @@ of labels value per sample. The value overrides any `spec.labelValueLengthLimit`
 ServiceMonitor, PodMonitor, Probe objects unless `spec.labelValueLengthLimit` is
 greater than zero and less than `spec.enforcedLabelValueLengthLimit`.
 
-
 It requires Prometheus >= v2.27.0.
 
-
 When both `enforcedLabelValueLengthLimit` and `labelValueLengthLimit` are defined and greater than zero, the following rules apply:
 * Scrape objects without a defined labelValueLengthLimit value will inherit the global labelValueLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelValueLengthLimit value (Prometheus < v2.45.0).
   If Prometheus version is >= 2.45.0 and the `enforcedLabelValueLengthLimit` is greater than the `labelValueLengthLimit`, the `labelValueLengthLimit` will be set to `enforcedLabelValueLengthLimit`.
@@ -367,16 +352,13 @@ When both `enforcedLabelValueLengthLimit` and `labelValueLengthLimit` are define
 | `string`
 | When not empty, a label will be added to:
 
-
 1. All metrics scraped from `ServiceMonitor`, `PodMonitor`, `Probe` and `ScrapeConfig` objects.
 2. All metrics generated from recording rules defined in `PrometheusRule` objects.
 3. All alerts generated from alerting rules defined in `PrometheusRule` objects.
 4. All vector selectors of PromQL expressions defined in `PrometheusRule` objects.
 
-
 The label will not added for objects referenced in `spec.excludedFromEnforcement`.
 
-
 The label's name is this field's value.
 The label's value is the namespace of the `ServiceMonitor`,
 `PodMonitor`, `Probe`, `PrometheusRule` or `ScrapeConfig` object.
@@ -389,11 +371,9 @@ of scraped samples that will be accepted. This overrides any
 unless `spec.sampleLimit` is greater than zero and less than
 `spec.enforcedSampleLimit`.
 
-
 It is meant to be used by admins to keep the overall number of
 samples/series under a desired limit.
 
-
 When both `enforcedSampleLimit` and `sampleLimit` are defined and greater than zero, the following rules apply:
 * Scrape objects without a defined sampleLimit value will inherit the global sampleLimit value (Prometheus >= 2.45.0) or the enforcedSampleLimit value (Prometheus < v2.45.0).
   If Prometheus version is >= 2.45.0 and the `enforcedSampleLimit` is greater than the `sampleLimit`, the `sampleLimit` will be set to `enforcedSampleLimit`.
@@ -407,11 +387,9 @@ of scraped targets. The value overrides any `spec.targetLimit` set by
 ServiceMonitor, PodMonitor, Probe objects unless `spec.targetLimit` is
 greater than zero and less than `spec.enforcedTargetLimit`.
 
-
 It is meant to be used by admins to to keep the overall number of
 targets under a desired limit.
 
-
 When both `enforcedTargetLimit` and `targetLimit` are defined and greater than zero, the following rules apply:
 * Scrape objects without a defined targetLimit value will inherit the global targetLimit value (Prometheus >= 2.45.0) or the enforcedTargetLimit value (Prometheus < v2.45.0).
   If Prometheus version is >= 2.45.0 and the `enforcedTargetLimit` is greater than the `targetLimit`, the `targetLimit` will be set to `enforcedTargetLimit`.
@@ -428,7 +406,6 @@ Default: "30s"
 | List of references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects
 to be excluded from enforcing a namespace label of origin.
 
-
 It is only applicable if `spec.enforcedNamespaceLabel` set to true.
 
 | `excludedFromEnforcement[]`
@@ -467,13 +444,12 @@ pod's hosts file.
 | `boolean`
 | Use the host's network namespace if true.
 
-
 Make sure to understand the security implications if you want to enable
 it (https://kubernetes.io/docs/concepts/configuration/overview/).
 
-
 When hostNetwork is enabled, this will set the DNS policy to
-`ClusterFirstWithHostNet` automatically.
+`ClusterFirstWithHostNet` automatically (unless `.spec.DNSPolicy` is set
+to a different value).
 
 | `ignoreNamespaceSelectors`
 | `boolean`
@@ -487,11 +463,9 @@ object.
 | Container image name for Prometheus. If specified, it takes precedence
 over the `spec.baseImage`, `spec.tag` and `spec.sha` fields.
 
-
 Specifying `spec.version` is still necessary to ensure the Prometheus
 Operator knows which version of Prometheus is being configured.
 
-
 If neither `spec.image` nor `spec.baseImage` are defined, the operator
 will use the latest upstream version of Prometheus available at the time
 when the operator was released.
@@ -523,11 +497,9 @@ InitContainers described here modify an operator generated init
 containers if they share the same name and modifications are done via a
 strategic merge patch.
 
-
 The names of init container name managed by the operator are:
 * `init-config-reloader`.
 
-
 Overriding init containers is entirely outside the scope of what the
 maintainers will support and by doing so, you accept that this behaviour
 may break at any time without notice.
@@ -541,10 +513,8 @@ may break at any time without notice.
 | Per-scrape limit on the number of targets dropped by relabeling
 that will be kept in memory. 0 means no limit.
 
-
 It requires Prometheus >= v2.47.0.
 
-
 Note that the global limit only applies to scrape objects that don't specify an explicit limit value.
 If you want to enforce a maximum limit for all scrape objects, refer to enforcedKeepDroppedTargets.
 
@@ -553,7 +523,6 @@ If you want to enforce a maximum limit for all scrape objects, refer to enforced
 | Per-scrape limit on number of labels that will be accepted for a sample.
 Only valid in Prometheus versions 2.45.0 and newer.
 
-
 Note that the global limit only applies to scrape objects that don't specify an explicit limit value.
 If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelLimit.
 
@@ -562,7 +531,6 @@ If you want to enforce a maximum limit for all scrape objects, refer to enforced
 | Per-scrape limit on length of labels name that will be accepted for a sample.
 Only valid in Prometheus versions 2.45.0 and newer.
 
-
 Note that the global limit only applies to scrape objects that don't specify an explicit limit value.
 If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelNameLengthLimit.
 
@@ -571,7 +539,6 @@ If you want to enforce a maximum limit for all scrape objects, refer to enforced
 | Per-scrape limit on length of labels value that will be accepted for a sample.
 Only valid in Prometheus versions 2.45.0 and newer.
 
-
 Note that the global limit only applies to scrape objects that don't specify an explicit limit value.
 If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelValueLengthLimit.
 
@@ -599,7 +566,6 @@ If set, the value should be greater than 60 (seconds). Otherwise it will be equa
 without any of its container crashing for it to be considered available.
 Defaults to 0 (pod will be considered available as soon as it is ready)
 
-
 This is an alpha field from kubernetes 1.22 until 1.24 which requires
 enabling the StatefulSetMinReadySeconds feature gate.
 
@@ -607,6 +573,11 @@ enabling the StatefulSetMinReadySeconds feature gate.
 | `object (string)`
 | Defines on which Nodes the Pods are scheduled.
 
+| `otlp`
+| `object`
+| Settings related to the OTLP receiver feature.
+It requires Prometheus >= v2.55.0.
+
 | `overrideHonorLabels`
 | `boolean`
 | When true, Prometheus resolves label conflicts by renaming the labels in the scraped data
@@ -637,7 +608,6 @@ It requires enabling the StatefulSetAutoDeletePVC feature gate.
 | `object`
 | PodMetadata configures labels and annotations which are propagated to the Prometheus pods.
 
-
 The following items are reserved and cannot be overridden:
 * "prometheus" label, set to the name of the Prometheus object.
 * "app.kubernetes.io/instance" label, set to the name of the Prometheus object.
@@ -659,7 +629,6 @@ namespace only.
 | PodMonitors to be selected for target discovery. An empty label selector
 matches all objects. A null label selector matches no objects.
 
-
 If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`
 and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.
 The Prometheus operator will ensure that the Prometheus configuration's
@@ -694,7 +663,6 @@ current namespace only.
 | Probes to be selected for target discovery. An empty label selector
 matches all objects. A null label selector matches no objects.
 
-
 If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`
 and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.
 The Prometheus operator will ensure that the Prometheus configuration's
@@ -710,7 +678,6 @@ of the custom resource definition. It is recommended to use
 name. The external label will _not_ be added when the field is set to
 the empty string (`""`).
 
-
 Default: "prometheus"
 
 | `prometheusRulesExcludedFromEnforce`
@@ -734,7 +701,6 @@ namespace label for alerts and metrics.
 | `string`
 | queryLogFile specifies where the file to which PromQL queries are logged.
 
-
 If the filename has an empty path, e.g. 'query.log', The Prometheus Pods
 will mount the file into an emptyDir volume at `/var/log/prometheus`.
 If a full path is provided, e.g. '/var/log/prometheus/query.log', you
@@ -768,13 +734,19 @@ from a remote endpoint.
 | RemoteWriteSpec defines the configuration to write samples from Prometheus
 to a remote endpoint.
 
+| `remoteWriteReceiverMessageVersions`
+| `array (string)`
+| List of the protobuf message versions to accept when receiving the
+remote writes.
+
+It requires Prometheus >= v2.54.0.
+
 | `replicaExternalLabelName`
 | `string`
 | Name of Prometheus external label used to denote the replica name.
 The external label will _not_ be added when the field is set to the
 empty string (`""`).
 
-
 Default: "prometheus_replica"
 
 | `replicas`
@@ -783,7 +755,6 @@ Default: "prometheus_replica"
 `spec.replicas` multiplied by `spec.shards` is the total number of Pods
 created.
 
-
 Default: 1
 
 | `resources`
@@ -794,7 +765,6 @@ Default: 1
 | `string`
 | How long to retain the Prometheus data.
 
-
 Default: "24h" if `spec.retention` and `spec.retentionSize` are empty.
 
 | `retentionSize`
@@ -805,7 +775,6 @@ Default: "24h" if `spec.retention` and `spec.retentionSize` are empty.
 | `string`
 | The route prefix Prometheus registers HTTP handlers for.
 
-
 This is useful when using `spec.externalURL`, and a proxy is rewriting
 HTTP routes of a request, and the actual ExternalURL is still true, but
 the server serves requests under a different route prefix. For example
@@ -817,6 +786,11 @@ for use with `kubectl proxy`.
 matches all namespaces. A null label selector matches the current
 namespace only.
 
+| `ruleQueryOffset`
+| `string`
+| Defines the offset the rule evaluation timestamp of this particular group by the specified duration into the past.
+It requires Prometheus >= v2.53.0.
+
 | `ruleSelector`
 | `object`
 | PrometheusRule objects to be selected for rule evaluation. An empty
@@ -827,12 +801,15 @@ objects.
 | `object`
 | Defines the configuration of the Prometheus rules' engine.
 
+| `runtime`
+| `object`
+| RuntimeConfig configures the values for the Prometheus process behavior
+
 | `sampleLimit`
 | `integer`
 | SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
 Only valid in Prometheus versions 2.45.0 and newer.
 
-
 Note that the global limit only applies to scrape objects that don't specify an explicit limit value.
 If you want to enforce a maximum limit for all scrape objects, refer to enforcedSampleLimit.
 
@@ -841,7 +818,6 @@ If you want to enforce a maximum limit for all scrape objects, refer to enforced
 | List of scrape classes to expose to scraping objects such as
 PodMonitors, ServiceMonitors, Probes and ScrapeConfigs.
 
-
 This is an *experimental feature*, it may change in any upcoming release
 in a breaking way.
 
@@ -855,7 +831,6 @@ in a breaking way.
 matches all namespaces. A null label selector matches the current
 namespace only.
 
-
 Note that the ScrapeConfig custom resource definition is currently at Alpha level.
 
 | `scrapeConfigSelector`
@@ -863,7 +838,6 @@ Note that the ScrapeConfig custom resource definition is currently at Alpha leve
 | ScrapeConfigs to be selected for target discovery. An empty label
 selector matches all objects. A null label selector matches no objects.
 
-
 If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`
 and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.
 The Prometheus operator will ensure that the Prometheus configuration's
@@ -873,14 +847,12 @@ This behavior is *deprecated* and will be removed in the next major version
 of the custom resource definition. It is recommended to use
 `spec.additionalScrapeConfigs` instead.
 
-
 Note that the ScrapeConfig custom resource definition is currently at Alpha level.
 
 | `scrapeInterval`
 | `string`
 | Interval between consecutive scrapes.
 
-
 Default: "30s"
 
 | `scrapeProtocols`
@@ -888,10 +860,8 @@ Default: "30s"
 | The protocols to negotiate during a scrape. It tells clients the
 protocols supported by Prometheus in order of preference (from most to least preferred).
 
-
 If unset, Prometheus uses its default value.
 
-
 It requires Prometheus >= v2.49.0.
 
 | `scrapeTimeout`
@@ -915,6 +885,14 @@ This defaults to the default PodSecurityContext.
 | ServiceAccountName is the name of the ServiceAccount to use to run the
 Prometheus Pods.
 
+| `serviceDiscoveryRole`
+| `string`
+| Defines the service discovery role used to discover targets from
+`ServiceMonitor` objects and Alertmanager endpoints.
+
+If set, the value should be either "Endpoints" or "EndpointSlice".
+If unset, the operator assumes the "Endpoints" role.
+
 | `serviceMonitorNamespaceSelector`
 | `object`
 | Namespaces to match for ServicedMonitors discovery. An empty label selector
@@ -926,7 +904,6 @@ namespace only.
 | ServiceMonitors to be selected for target discovery. An empty label
 selector matches all objects. A null label selector matches no objects.
 
-
 If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`
 and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.
 The Prometheus operator will ensure that the Prometheus configuration's
@@ -945,18 +922,15 @@ of the custom resource definition. It is recommended to use
 | Number of shards to distribute targets onto. `spec.replicas`
 multiplied by `spec.shards` is the total number of Pods created.
 
-
 Note that scaling down shards will not reshard data onto remaining
 instances, it must be manually moved. Increasing shards will not reshard
 data either but it will continue to be available from the same
 instances. To query globally, use Thanos sidecar and Thanos querier or
 remote write data to a central location.
 
-
 Sharding is performed on the content of the `__address__` target meta-label
 for PodMonitors and ServiceMonitors and `__param_target__` for Probes.
 
-
 Default: 1
 
 | `storage`
@@ -972,7 +946,6 @@ Default: 1
 | TargetLimit defines a limit on the number of scraped targets that will be accepted.
 Only valid in Prometheus versions 2.45.0 and newer.
 
-
 Note that the global limit only applies to scrape objects that don't specify an explicit limit value.
 If you want to enforce a maximum limit for all scrape objects, refer to enforcedTargetLimit.
 
@@ -1001,21 +974,19 @@ the triple <key,value,effect> using the matching operator <operator>.
 | `object`
 | TracingConfig configures tracing in Prometheus.
 
-
 This is an *experimental feature*, it may change in any upcoming release
 in a breaking way.
 
 | `tsdb`
 | `object`
-| Defines the runtime reloadable configuration of the timeseries database
-(TSDB).
+| Defines the runtime reloadable configuration of the timeseries database(TSDB).
+It requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0.
 
 | `version`
 | `string`
 | Version of Prometheus being deployed. The operator uses this information
 to generate the Prometheus StatefulSet + configuration files.
 
-
 If not specified, the operator assumes the latest upstream version of
 Prometheus available at the time when the version of the operator was
 released.
@@ -1024,7 +995,6 @@ released.
 | `array`
 | VolumeMounts allows the configuration of additional VolumeMounts.
 
-
 VolumeMounts will be appended to other VolumeMounts in the 'prometheus'
 container, that are generated as a result of StorageSpec objects.
 
@@ -1046,10 +1016,8 @@ volumes that are generated as a result of StorageSpec objects.
 | `boolean`
 | Configures compression of the write-ahead log (WAL) using Snappy.
 
-
 WAL compression is enabled by default for Prometheus >= 2.20.0
 
-
 Requires Prometheus v2.11.0 and above.
 
 | `web`
@@ -1067,13 +1035,10 @@ configurations are appended to the configuration generated by the
 Prometheus Operator. They must be formatted according to the official
 Prometheus documentation:
 
-
 https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config
 
-
 The user is responsible for making sure that the configurations are valid
 
-
 Note that using this feature may expose the possibility to break
 upgrades of Prometheus. It is advised to review Prometheus release notes
 to ensure that no incompatible AlertManager configs are going to break
@@ -1102,9 +1067,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -1121,13 +1084,10 @@ configurations are appended to the configuration generated by the
 Prometheus Operator. They must be formatted according to the official
 Prometheus documentation:
 
-
 https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs
 
-
 The user is responsible for making sure that the configurations are valid
 
-
 Note that using this feature may expose the possibility to break
 upgrades of Prometheus. It is advised to review Prometheus release notes
 to ensure that no incompatible alert relabel configs are going to break
@@ -1156,9 +1116,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -1171,13 +1129,11 @@ Description::
 --
 AdditionalArgs allows setting additional arguments for the 'prometheus' container.
 
-
 It is intended for e.g. activating hidden flags which are not supported by
 the dedicated configuration options yet. The arguments are passed as-is to the
 Prometheus container which may cause issues if they are invalid or not supported
 by the given Prometheus version.
 
-
 In case of an argument conflict (e.g. an argument which is already set by the
 operator itself) or when providing an invalid argument, the reconciliation will
 fail and an error will be logged.
@@ -1256,9 +1212,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -1856,7 +1810,7 @@ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incomin
 pod labels will be ignored. The default value is empty.
 The same key is forbidden to exist in both matchLabelKeys and labelSelector.
 Also, matchLabelKeys cannot be set when labelSelector isn't set.
-This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `mismatchLabelKeys`
 | `array (string)`
@@ -1868,7 +1822,7 @@ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incomin
 pod labels will be ignored. The default value is empty.
 The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
 Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
-This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `namespaceSelector`
 | `object`
@@ -2125,7 +2079,7 @@ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incomin
 pod labels will be ignored. The default value is empty.
 The same key is forbidden to exist in both matchLabelKeys and labelSelector.
 Also, matchLabelKeys cannot be set when labelSelector isn't set.
-This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `mismatchLabelKeys`
 | `array (string)`
@@ -2137,7 +2091,7 @@ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incomin
 pod labels will be ignored. The default value is empty.
 The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
 Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
-This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `namespaceSelector`
 | `object`
@@ -2474,7 +2428,7 @@ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incomin
 pod labels will be ignored. The default value is empty.
 The same key is forbidden to exist in both matchLabelKeys and labelSelector.
 Also, matchLabelKeys cannot be set when labelSelector isn't set.
-This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `mismatchLabelKeys`
 | `array (string)`
@@ -2486,7 +2440,7 @@ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incomin
 pod labels will be ignored. The default value is empty.
 The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
 Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
-This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `namespaceSelector`
 | `object`
@@ -2743,7 +2697,7 @@ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incomin
 pod labels will be ignored. The default value is empty.
 The same key is forbidden to exist in both matchLabelKeys and labelSelector.
 Also, matchLabelKeys cannot be set when labelSelector isn't set.
-This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `mismatchLabelKeys`
 | `array (string)`
@@ -2755,7 +2709,7 @@ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incomin
 pod labels will be ignored. The default value is empty.
 The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
 Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
-This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `namespaceSelector`
 | `object`
@@ -2975,7 +2929,7 @@ Required::
 
 | `alertmanagers`
 | `array`
-| AlertmanagerEndpoints Prometheus should fire alerts against.
+| Alertmanager endpoints where Prometheus should send alerts to.
 
 | `alertmanagers[]`
 | `object`
@@ -2987,7 +2941,7 @@ containing Alertmanager IPs to fire alerts against.
 Description::
 +
 --
-AlertmanagerEndpoints Prometheus should fire alerts against.
+Alertmanager endpoints where Prometheus should send alerts to.
 --
 
 Type::
@@ -3009,7 +2963,6 @@ Type::
 
 Required::
   - `name`
-  - `namespace`
   - `port`
 
 
@@ -3028,7 +2981,6 @@ It requires Prometheus >= v2.51.0.
 | RelabelConfig allows dynamic rewriting of the label set for targets, alerts,
 scraped samples and remote write samples.
 
-
 More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
 
 | `apiVersion`
@@ -3040,24 +2992,20 @@ It can be "v1" or "v2".
 | `object`
 | Authorization section for Alertmanager.
 
-
 Cannot be set at the same time as `basicAuth`, `bearerTokenFile` or `sigv4`.
 
 | `basicAuth`
 | `object`
 | BasicAuth configuration for Alertmanager.
 
-
 Cannot be set at the same time as `bearerTokenFile`, `authorization` or `sigv4`.
 
 | `bearerTokenFile`
 | `string`
 | File to read bearer token for Alertmanager.
 
-
 Cannot be set at the same time as `basicAuth`, `authorization`, or `sigv4`.
 
-
 Deprecated: this will be removed in a future release. Prefer using `authorization`.
 
 | `enableHttp2`
@@ -3072,6 +3020,9 @@ Deprecated: this will be removed in a future release. Prefer using `authorizatio
 | `string`
 | Namespace of the Endpoints object.
 
+If not set, the object will be discovered in the namespace of the
+Prometheus object.
+
 | `pathPrefix`
 | `string`
 | Prefix for the HTTP path alerts are pushed to.
@@ -3089,7 +3040,6 @@ Deprecated: this will be removed in a future release. Prefer using `authorizatio
 | RelabelConfig allows dynamic rewriting of the label set for targets, alerts,
 scraped samples and remote write samples.
 
-
 More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
 
 | `scheme`
@@ -3100,10 +3050,8 @@ More info: https://prometheus.io/docs/prometheus/latest/configuration/configurat
 | `object`
 | Sigv4 allows to configures AWS's Signature Verification 4 for the URL.
 
-
 It requires Prometheus >= v2.48.0.
 
-
 Cannot be set at the same time as `basicAuth`, `bearerTokenFile` or `authorization`.
 
 | `timeout`
@@ -3136,7 +3084,6 @@ Description::
 RelabelConfig allows dynamic rewriting of the label set for targets, alerts,
 scraped samples and remote write samples.
 
-
 More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
 --
 
@@ -3154,18 +3101,15 @@ Type::
 | `string`
 | Action to perform based on the regex matching.
 
-
 `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.
 `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.
 
-
 Default: "Replace"
 
 | `modulus`
 | `integer`
 | Modulus to take of the hash of the source label values.
 
-
 Only applicable when the action is `HashMod`.
 
 | `regex`
@@ -3177,7 +3121,6 @@ Only applicable when the action is `HashMod`.
 | Replacement value against which a Replace action is performed if the
 regular expression matches.
 
-
 Regex capture groups are available.
 
 | `separator`
@@ -3194,11 +3137,9 @@ configured regular expression.
 | `string`
 | Label to which the resulting string is written in a replacement.
 
-
 It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,
 `KeepEqual` and `DropEqual` actions.
 
-
 Regex capture groups are available.
 
 |===
@@ -3208,7 +3149,6 @@ Description::
 --
 Authorization section for Alertmanager.
 
-
 Cannot be set at the same time as `basicAuth`, `bearerTokenFile` or `sigv4`.
 --
 
@@ -3230,10 +3170,8 @@ Type::
 | `string`
 | Defines the authentication type. The value is case-insensitive.
 
-
 "Basic" is not a supported value.
 
-
 Default: "Bearer"
 
 |===
@@ -3266,9 +3204,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -3281,7 +3217,6 @@ Description::
 --
 BasicAuth configuration for Alertmanager.
 
-
 Cannot be set at the same time as `bearerTokenFile`, `authorization` or `sigv4`.
 --
 
@@ -3336,9 +3271,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -3375,9 +3308,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -3404,7 +3335,6 @@ Description::
 RelabelConfig allows dynamic rewriting of the label set for targets, alerts,
 scraped samples and remote write samples.
 
-
 More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
 --
 
@@ -3422,18 +3352,15 @@ Type::
 | `string`
 | Action to perform based on the regex matching.
 
-
 `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.
 `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.
 
-
 Default: "Replace"
 
 | `modulus`
 | `integer`
 | Modulus to take of the hash of the source label values.
 
-
 Only applicable when the action is `HashMod`.
 
 | `regex`
@@ -3445,7 +3372,6 @@ Only applicable when the action is `HashMod`.
 | Replacement value against which a Replace action is performed if the
 regular expression matches.
 
-
 Regex capture groups are available.
 
 | `separator`
@@ -3462,11 +3388,9 @@ configured regular expression.
 | `string`
 | Label to which the resulting string is written in a replacement.
 
-
 It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,
 `KeepEqual` and `DropEqual` actions.
 
-
 Regex capture groups are available.
 
 |===
@@ -3476,10 +3400,8 @@ Description::
 --
 Sigv4 allows to configures AWS's Signature Verification 4 for the URL.
 
-
 It requires Prometheus >= v2.48.0.
 
-
 Cannot be set at the same time as `basicAuth`, `bearerTokenFile` or `authorization`.
 --
 
@@ -3546,9 +3468,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -3585,9 +3505,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -3639,6 +3557,18 @@ Type::
 | `object`
 | Secret containing the client key file for the targets.
 
+| `maxVersion`
+| `string`
+| Maximum acceptable TLS version.
+
+It requires Prometheus >= v2.41.0.
+
+| `minVersion`
+| `string`
+| Minimum acceptable TLS version.
+
+It requires Prometheus >= v2.35.0.
+
 | `serverName`
 | `string`
 | Used to verify the hostname for the targets.
@@ -3699,9 +3629,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -3737,9 +3665,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -3801,9 +3727,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -3839,9 +3763,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -3877,9 +3799,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -3913,7 +3833,6 @@ Required::
 | `object`
 | Authorization section for the API server.
 
-
 Cannot be set at the same time as `basicAuth`, `bearerToken`, or
 `bearerTokenFile`.
 
@@ -3921,7 +3840,6 @@ Cannot be set at the same time as `basicAuth`, `bearerToken`, or
 | `object`
 | BasicAuth configuration for the API server.
 
-
 Cannot be set at the same time as `authorization`, `bearerToken`, or
 `bearerTokenFile`.
 
@@ -3930,17 +3848,14 @@ Cannot be set at the same time as `authorization`, `bearerToken`, or
 | *Warning: this field shouldn't be used because the token value appears
 in clear-text. Prefer using `authorization`.*
 
-
 Deprecated: this will be removed in a future release.
 
 | `bearerTokenFile`
 | `string`
 | File to read bearer token for accessing apiserver.
 
-
 Cannot be set at the same time as `basicAuth`, `authorization`, or `bearerToken`.
 
-
 Deprecated: this will be removed in a future release. Prefer using `authorization`.
 
 | `host`
@@ -3959,7 +3874,6 @@ Description::
 --
 Authorization section for the API server.
 
-
 Cannot be set at the same time as `basicAuth`, `bearerToken`, or
 `bearerTokenFile`.
 --
@@ -3986,10 +3900,8 @@ Type::
 | `string`
 | Defines the authentication type. The value is case-insensitive.
 
-
 "Basic" is not a supported value.
 
-
 Default: "Bearer"
 
 |===
@@ -4022,9 +3934,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -4037,7 +3947,6 @@ Description::
 --
 BasicAuth configuration for the API server.
 
-
 Cannot be set at the same time as `authorization`, `bearerToken`, or
 `bearerTokenFile`.
 --
@@ -4093,9 +4002,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -4132,9 +4039,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -4186,6 +4091,18 @@ Type::
 | `object`
 | Secret containing the client key file for the targets.
 
+| `maxVersion`
+| `string`
+| Maximum acceptable TLS version.
+
+It requires Prometheus >= v2.41.0.
+
+| `minVersion`
+| `string`
+| Minimum acceptable TLS version.
+
+It requires Prometheus >= v2.35.0.
+
 | `serverName`
 | `string`
 | Used to verify the hostname for the targets.
@@ -4246,9 +4163,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -4284,9 +4199,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -4348,9 +4261,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -4386,9 +4297,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -4424,9 +4333,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -4475,13 +4382,11 @@ container. Containers described here modify an operator generated
 container if they share the same name and modifications are done via a
 strategic merge patch.
 
-
 The names of containers managed by the operator are:
 * `prometheus`
 * `config-reloader`
 * `thanos-sidecar`
 
-
 Overriding containers is entirely outside the scope of what the
 maintainers will support and by doing so, you accept that this behaviour
 may break at any time without notice.
@@ -4843,9 +4748,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -4943,9 +4846,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -5023,9 +4924,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -5055,9 +4954,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -5661,7 +5558,6 @@ Required::
 | Service is the name of the service to place in the gRPC HealthCheckRequest
 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
 
-
 If this is not specified, the default behavior is defined by gRPC.
 
 |===
@@ -5982,7 +5878,6 @@ Required::
 | Service is the name of the service to place in the gRPC HealthCheckRequest
 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
 
-
 If this is not specified, the default behavior is defined by gRPC.
 
 |===
@@ -6175,11 +6070,9 @@ Type::
 | Claims lists the names of resources, defined in spec.resourceClaims,
 that are used by this container.
 
-
 This is an alpha field and requires enabling the
 DynamicResourceAllocation feature gate.
 
-
 This field is immutable. It can only be set for containers.
 
 | `claims[]`
@@ -6206,11 +6099,9 @@ Description::
 Claims lists the names of resources, defined in spec.resourceClaims,
 that are used by this container.
 
-
 This is an alpha field and requires enabling the
 DynamicResourceAllocation feature gate.
 
-
 This field is immutable. It can only be set for containers.
 --
 
@@ -6245,6 +6136,12 @@ Required::
 the Pod where this field is used. It makes that resource available
 inside a container.
 
+| `request`
+| `string`
+| Request is the name chosen for a request in the referenced claim.
+If empty, everything from the claim is made available, otherwise
+only the result of this request.
+
 |===
 === .spec.containers[].securityContext
 Description::
@@ -6297,7 +6194,7 @@ Note that this field cannot be set when spec.os.name is windows.
 | `procMount`
 | `string`
 | procMount denotes the type of proc mount to use for the containers.
-The default is DefaultProcMount which uses the container runtime defaults for
+The default value is Default which uses the container runtime defaults for
 readonly paths and masked paths.
 This requires the ProcMountType feature flag to be enabled.
 Note that this field cannot be set when spec.os.name is windows.
@@ -6493,7 +6390,6 @@ Must be set if type is "Localhost". Must NOT be set for any other type.
 | type indicates which kind of seccomp profile will be applied.
 Valid options are:
 
-
 Localhost - a profile defined in a file on the node should be used.
 RuntimeDefault - the container runtime default profile should be used.
 Unconfined - no profile should be applied.
@@ -6677,7 +6573,6 @@ Required::
 | Service is the name of the service to place in the gRPC HealthCheckRequest
 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
 
-
 If this is not specified, the default behavior is defined by gRPC.
 
 |===
@@ -6906,10 +6801,8 @@ Defaults to false.
 | RecursiveReadOnly specifies whether read-only mounts should be handled
 recursively.
 
-
 If ReadOnly is false, this field has no meaning and must be unspecified.
 
-
 If ReadOnly is true, and this field is set to Disabled, the mount is not made
 recursively read-only.  If this field is set to IfPossible, the mount is made
 recursively read-only, if it is supported by the container runtime.  If this
@@ -6917,11 +6810,9 @@ field is set to Enabled, the mount is made recursively read-only if it is
 supported by the container runtime, otherwise the pod will not be started and
 an error will be generated to indicate the reason.
 
-
 If this field is set to IfPossible or Enabled, MountPropagation must be set to
 None (or be unspecified, which defaults to None).
 
-
 If this field is not specified, it is treated as an equivalent of Disabled.
 
 | `subPath`
@@ -6936,6 +6827,89 @@ Behaves similarly to SubPath but environment variable references $(VAR_NAME) are
 Defaults to "" (volume's root).
 SubPathExpr and SubPath are mutually exclusive.
 
+|===
+=== .spec.dnsConfig
+Description::
++
+--
+Defines the DNS configuration for the pods.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `nameservers`
+| `array (string)`
+| A list of DNS name server IP addresses.
+This will be appended to the base nameservers generated from DNSPolicy.
+
+| `options`
+| `array`
+| A list of DNS resolver options.
+This will be merged with the base options generated from DNSPolicy.
+Resolution options given in Options
+will override those that appear in the base DNSPolicy.
+
+| `options[]`
+| `object`
+| PodDNSConfigOption defines DNS resolver options of a pod.
+
+| `searches`
+| `array (string)`
+| A list of DNS search domains for host-name lookup.
+This will be appended to the base search paths generated from DNSPolicy.
+
+|===
+=== .spec.dnsConfig.options
+Description::
++
+--
+A list of DNS resolver options.
+This will be merged with the base options generated from DNSPolicy.
+Resolution options given in Options
+will override those that appear in the base DNSPolicy.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.dnsConfig.options[]
+Description::
++
+--
+PodDNSConfigOption defines DNS resolver options of a pod.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name is required and must be unique.
+
+| `value`
+| `string`
+| Value is optional.
+
 |===
 === .spec.excludedFromEnforcement
 Description::
@@ -6944,7 +6918,6 @@ Description::
 List of references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects
 to be excluded from enforcing a namespace label of origin.
 
-
 It is only applicable if `spec.enforcedNamespaceLabel` set to true.
 --
 
@@ -7014,11 +6987,9 @@ Type::
 | `integer`
 | Maximum number of exemplars stored in memory for all series.
 
-
 exemplar-storage itself must be enabled using the `spec.enableFeature`
 option for exemplars to be scraped in the first place.
 
-
 If not set, Prometheus uses its default value. A value of zero or less
 than zero disables the storage.
 
@@ -7106,9 +7077,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 |===
 === .spec.initContainers
@@ -7124,11 +7093,9 @@ InitContainers described here modify an operator generated init
 containers if they share the same name and modifications are done via a
 strategic merge patch.
 
-
 The names of init container name managed by the operator are:
 * `init-config-reloader`.
 
-
 Overriding init containers is entirely outside the scope of what the
 maintainers will support and by doing so, you accept that this behaviour
 may break at any time without notice.
@@ -7490,9 +7457,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -7590,9 +7555,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -7670,9 +7633,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -7702,9 +7663,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -8308,7 +8267,6 @@ Required::
 | Service is the name of the service to place in the gRPC HealthCheckRequest
 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
 
-
 If this is not specified, the default behavior is defined by gRPC.
 
 |===
@@ -8629,7 +8587,6 @@ Required::
 | Service is the name of the service to place in the gRPC HealthCheckRequest
 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
 
-
 If this is not specified, the default behavior is defined by gRPC.
 
 |===
@@ -8822,11 +8779,9 @@ Type::
 | Claims lists the names of resources, defined in spec.resourceClaims,
 that are used by this container.
 
-
 This is an alpha field and requires enabling the
 DynamicResourceAllocation feature gate.
 
-
 This field is immutable. It can only be set for containers.
 
 | `claims[]`
@@ -8853,11 +8808,9 @@ Description::
 Claims lists the names of resources, defined in spec.resourceClaims,
 that are used by this container.
 
-
 This is an alpha field and requires enabling the
 DynamicResourceAllocation feature gate.
 
-
 This field is immutable. It can only be set for containers.
 --
 
@@ -8892,6 +8845,12 @@ Required::
 the Pod where this field is used. It makes that resource available
 inside a container.
 
+| `request`
+| `string`
+| Request is the name chosen for a request in the referenced claim.
+If empty, everything from the claim is made available, otherwise
+only the result of this request.
+
 |===
 === .spec.initContainers[].securityContext
 Description::
@@ -8944,7 +8903,7 @@ Note that this field cannot be set when spec.os.name is windows.
 | `procMount`
 | `string`
 | procMount denotes the type of proc mount to use for the containers.
-The default is DefaultProcMount which uses the container runtime defaults for
+The default value is Default which uses the container runtime defaults for
 readonly paths and masked paths.
 This requires the ProcMountType feature flag to be enabled.
 Note that this field cannot be set when spec.os.name is windows.
@@ -9140,7 +9099,6 @@ Must be set if type is "Localhost". Must NOT be set for any other type.
 | type indicates which kind of seccomp profile will be applied.
 Valid options are:
 
-
 Localhost - a profile defined in a file on the node should be used.
 RuntimeDefault - the container runtime default profile should be used.
 Unconfined - no profile should be applied.
@@ -9324,7 +9282,6 @@ Required::
 | Service is the name of the service to place in the gRPC HealthCheckRequest
 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
 
-
 If this is not specified, the default behavior is defined by gRPC.
 
 |===
@@ -9553,10 +9510,8 @@ Defaults to false.
 | RecursiveReadOnly specifies whether read-only mounts should be handled
 recursively.
 
-
 If ReadOnly is false, this field has no meaning and must be unspecified.
 
-
 If ReadOnly is true, and this field is set to Disabled, the mount is not made
 recursively read-only.  If this field is set to IfPossible, the mount is made
 recursively read-only, if it is supported by the container runtime.  If this
@@ -9564,11 +9519,9 @@ field is set to Enabled, the mount is made recursively read-only if it is
 supported by the container runtime, otherwise the pod will not be started and
 an error will be generated to indicate the reason.
 
-
 If this field is set to IfPossible or Enabled, MountPropagation must be set to
 None (or be unspecified, which defaults to None).
 
-
 If this field is not specified, it is treated as an equivalent of Disabled.
 
 | `subPath`
@@ -9583,6 +9536,29 @@ Behaves similarly to SubPath but environment variable references $(VAR_NAME) are
 Defaults to "" (volume's root).
 SubPathExpr and SubPath are mutually exclusive.
 
+|===
+=== .spec.otlp
+Description::
++
+--
+Settings related to the OTLP receiver feature.
+It requires Prometheus >= v2.55.0.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `promoteResourceAttributes`
+| `array (string)`
+| List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none.
+
 |===
 === .spec.persistentVolumeClaimRetentionPolicy
 Description::
@@ -9626,7 +9602,6 @@ Description::
 --
 PodMetadata configures labels and annotations which are propagated to the Prometheus pods.
 
-
 The following items are reserved and cannot be overridden:
 * "prometheus" label, set to the name of the Prometheus object.
 * "app.kubernetes.io/instance" label, set to the name of the Prometheus object.
@@ -9765,7 +9740,6 @@ Description::
 PodMonitors to be selected for target discovery. An empty label selector
 matches all objects. A null label selector matches no objects.
 
-
 If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`
 and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.
 The Prometheus operator will ensure that the Prometheus configuration's
@@ -9946,7 +9920,6 @@ Description::
 Probes to be selected for target discovery. An empty label selector
 matches all objects. A null label selector matches no objects.
 
-
 If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`
 and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.
 The Prometheus operator will ensure that the Prometheus configuration's
@@ -10154,17 +10127,14 @@ Required::
 | `object`
 | Authorization section for the URL.
 
-
 It requires Prometheus >= v2.26.0.
 
-
 Cannot be set at the same time as `basicAuth`, or `oauth2`.
 
 | `basicAuth`
 | `object`
 | BasicAuth configuration for the URL.
 
-
 Cannot be set at the same time as `authorization`, or `oauth2`.
 
 | `bearerToken`
@@ -10172,28 +10142,24 @@ Cannot be set at the same time as `authorization`, or `oauth2`.
 | *Warning: this field shouldn't be used because the token value appears
 in clear-text. Prefer using `authorization`.*
 
-
 Deprecated: this will be removed in a future release.
 
 | `bearerTokenFile`
 | `string`
 | File from which to read the bearer token for the URL.
 
-
 Deprecated: this will be removed in a future release. Prefer using `authorization`.
 
 | `filterExternalLabels`
 | `boolean`
 | Whether to use the external labels as selectors for the remote read endpoint.
 
-
 It requires Prometheus >= v2.34.0.
 
 | `followRedirects`
 | `boolean`
 | Configure whether HTTP requests follow HTTP 3xx redirects.
 
-
 It requires Prometheus >= v2.26.0.
 
 | `headers`
@@ -10208,7 +10174,6 @@ Only valid in Prometheus versions 2.26.0 and newer.
 name is used in metrics and logging in order to differentiate read
 configurations.
 
-
 It requires Prometheus >= v2.15.0.
 
 | `noProxy`
@@ -10217,17 +10182,14 @@ It requires Prometheus >= v2.15.0.
 that should be excluded from proxying. IP and domain names can
 contain port numbers.
 
-
-It requires Prometheus >= v2.43.0.
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
 
 | `oauth2`
 | `object`
 | OAuth2 configuration for the URL.
 
-
 It requires Prometheus >= v2.27.0.
 
-
 Cannot be set at the same time as `authorization`, or `basicAuth`.
 
 | `proxyConnectHeader`
@@ -10235,8 +10197,7 @@ Cannot be set at the same time as `authorization`, or `basicAuth`.
 | ProxyConnectHeader optionally specifies headers to send to
 proxies during CONNECT requests.
 
-
-It requires Prometheus >= v2.43.0.
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
 
 | `proxyConnectHeader{}`
 | `array`
@@ -10249,18 +10210,13 @@ It requires Prometheus >= v2.43.0.
 | `proxyFromEnvironment`
 | `boolean`
 | Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).
-If unset, Prometheus uses its default value.
 
-
-It requires Prometheus >= v2.43.0.
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
 
 | `proxyUrl`
 | `string`
 | `proxyURL` defines the HTTP proxy server to use.
 
-
-It requires Prometheus >= v2.43.0.
-
 | `readRecent`
 | `boolean`
 | Whether reads should be made for queries for time ranges that
@@ -10290,10 +10246,8 @@ Description::
 --
 Authorization section for the URL.
 
-
 It requires Prometheus >= v2.26.0.
 
-
 Cannot be set at the same time as `basicAuth`, or `oauth2`.
 --
 
@@ -10319,10 +10273,8 @@ Type::
 | `string`
 | Defines the authentication type. The value is case-insensitive.
 
-
 "Basic" is not a supported value.
 
-
 Default: "Bearer"
 
 |===
@@ -10355,9 +10307,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -10370,7 +10320,6 @@ Description::
 --
 BasicAuth configuration for the URL.
 
-
 Cannot be set at the same time as `authorization`, or `oauth2`.
 --
 
@@ -10425,9 +10374,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -10464,9 +10411,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -10479,10 +10424,8 @@ Description::
 --
 OAuth2 configuration for the URL.
 
-
 It requires Prometheus >= v2.27.0.
 
-
 Cannot be set at the same time as `authorization`, or `basicAuth`.
 --
 
@@ -10515,10 +10458,48 @@ client's secret.
 | `endpointParams` configures the HTTP parameters to append to the token
 URL.
 
+| `noProxy`
+| `string`
+| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names
+that should be excluded from proxying. IP and domain names can
+contain port numbers.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyConnectHeader`
+| `object`
+| ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyConnectHeader{}`
+| `array`
+| 
+
+| `proxyConnectHeader{}[]`
+| `object`
+| SecretKeySelector selects a key of a Secret.
+
+| `proxyFromEnvironment`
+| `boolean`
+| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyUrl`
+| `string`
+| `proxyURL` defines the HTTP proxy server to use.
+
 | `scopes`
 | `array (string)`
 | `scopes` defines the OAuth2 scopes used for the token request.
 
+| `tlsConfig`
+| `object`
+| TLS configuration to use when connecting to the OAuth2 server.
+It requires Prometheus >= v2.43.0.
+
 | `tokenUrl`
 | `string`
 | `tokenURL` configures the URL to fetch the token from.
@@ -10580,9 +10561,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -10618,9 +10597,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -10657,9 +10634,355 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.remoteRead[].oauth2.proxyConnectHeader
+Description::
++
+--
+ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+--
+
+Type::
+  `object`
+
+
+
+
+=== .spec.remoteRead[].oauth2.proxyConnectHeader{}
+Description::
++
+--
+
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.remoteRead[].oauth2.proxyConnectHeader{}[]
+Description::
++
+--
+SecretKeySelector selects a key of a Secret.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.remoteRead[].oauth2.tlsConfig
+Description::
++
+--
+TLS configuration to use when connecting to the OAuth2 server.
+It requires Prometheus >= v2.43.0.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `ca`
+| `object`
+| Certificate authority used when verifying server certificates.
+
+| `cert`
+| `object`
+| Client certificate to present when doing client-authentication.
+
+| `insecureSkipVerify`
+| `boolean`
+| Disable target certificate validation.
+
+| `keySecret`
+| `object`
+| Secret containing the client key file for the targets.
+
+| `maxVersion`
+| `string`
+| Maximum acceptable TLS version.
+
+It requires Prometheus >= v2.41.0.
+
+| `minVersion`
+| `string`
+| Minimum acceptable TLS version.
+
+It requires Prometheus >= v2.35.0.
+
+| `serverName`
+| `string`
+| Used to verify the hostname for the targets.
+
+|===
+=== .spec.remoteRead[].oauth2.tlsConfig.ca
+Description::
++
+--
+Certificate authority used when verifying server certificates.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMap`
+| `object`
+| ConfigMap containing data to use for the targets.
+
+| `secret`
+| `object`
+| Secret containing data to use for the targets.
+
+|===
+=== .spec.remoteRead[].oauth2.tlsConfig.ca.configMap
+Description::
++
+--
+ConfigMap containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key to select.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
+
+|===
+=== .spec.remoteRead[].oauth2.tlsConfig.ca.secret
+Description::
++
+--
+Secret containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.remoteRead[].oauth2.tlsConfig.cert
+Description::
++
+--
+Client certificate to present when doing client-authentication.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMap`
+| `object`
+| ConfigMap containing data to use for the targets.
+
+| `secret`
+| `object`
+| Secret containing data to use for the targets.
+
+|===
+=== .spec.remoteRead[].oauth2.tlsConfig.cert.configMap
+Description::
++
+--
+ConfigMap containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key to select.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
+
+|===
+=== .spec.remoteRead[].oauth2.tlsConfig.cert.secret
+Description::
++
+--
+Secret containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.remoteRead[].oauth2.tlsConfig.keySecret
+Description::
++
+--
+Secret containing the client key file for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 
 | `optional`
 | `boolean`
@@ -10673,8 +10996,7 @@ Description::
 ProxyConnectHeader optionally specifies headers to send to
 proxies during CONNECT requests.
 
-
-It requires Prometheus >= v2.43.0.
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
 --
 
 Type::
@@ -10725,9 +11047,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -10779,6 +11099,18 @@ Type::
 | `object`
 | Secret containing the client key file for the targets.
 
+| `maxVersion`
+| `string`
+| Maximum acceptable TLS version.
+
+It requires Prometheus >= v2.41.0.
+
+| `minVersion`
+| `string`
+| Minimum acceptable TLS version.
+
+It requires Prometheus >= v2.35.0.
+
 | `serverName`
 | `string`
 | Used to verify the hostname for the targets.
@@ -10839,9 +11171,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -10877,9 +11207,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -10941,9 +11269,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -10979,9 +11305,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -11017,9 +11341,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -11063,27 +11385,22 @@ Required::
 | `object`
 | Authorization section for the URL.
 
-
 It requires Prometheus >= v2.26.0.
 
-
 Cannot be set at the same time as `sigv4`, `basicAuth`, `oauth2`, or `azureAd`.
 
 | `azureAd`
 | `object`
 | AzureAD for the URL.
 
-
 It requires Prometheus >= v2.45.0.
 
-
 Cannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `sigv4`.
 
 | `basicAuth`
 | `object`
 | BasicAuth configuration for the URL.
 
-
 Cannot be set at the same time as `sigv4`, `authorization`, `oauth2`, or `azureAd`.
 
 | `bearerToken`
@@ -11091,14 +11408,12 @@ Cannot be set at the same time as `sigv4`, `authorization`, `oauth2`, or `azureA
 | *Warning: this field shouldn't be used because the token value appears
 in clear-text. Prefer using `authorization`.*
 
-
 Deprecated: this will be removed in a future release.
 
 | `bearerTokenFile`
 | `string`
 | File from which to read bearer token for the URL.
 
-
 Deprecated: this will be removed in a future release. Prefer using `authorization`.
 
 | `enableHTTP2`
@@ -11109,7 +11424,6 @@ Deprecated: this will be removed in a future release. Prefer using `authorizatio
 | `boolean`
 | Configure whether HTTP requests follow HTTP 3xx redirects.
 
-
 It requires Prometheus >= v2.26.0.
 
 | `headers`
@@ -11117,9 +11431,23 @@ It requires Prometheus >= v2.26.0.
 | Custom HTTP headers to be sent along with each remote write request.
 Be aware that headers that are set by Prometheus itself can't be overwritten.
 
-
 It requires Prometheus >= v2.25.0.
 
+| `messageVersion`
+| `string`
+| The Remote Write message's version to use when writing to the endpoint.
+
+`Version1.0` corresponds to the `prometheus.WriteRequest` protobuf message introduced in Remote Write 1.0.
+`Version2.0` corresponds to the `io.prometheus.write.v2.Request` protobuf message introduced in Remote Write 2.0.
+
+When `Version2.0` is selected, Prometheus will automatically be
+configured to append the metadata of scraped metrics to the WAL.
+
+Before setting this field, consult with your remote storage provider
+what message version it supports.
+
+It requires Prometheus >= v2.54.0.
+
 | `metadataConfig`
 | `object`
 | MetadataConfig configures the sending of series metadata to the remote storage.
@@ -11129,7 +11457,6 @@ It requires Prometheus >= v2.25.0.
 | The name of the remote write queue, it must be unique if specified. The
 name is used in metrics and logging in order to differentiate queues.
 
-
 It requires Prometheus >= v2.15.0.
 
 | `noProxy`
@@ -11138,17 +11465,14 @@ It requires Prometheus >= v2.15.0.
 that should be excluded from proxying. IP and domain names can
 contain port numbers.
 
-
-It requires Prometheus >= v2.43.0.
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
 
 | `oauth2`
 | `object`
 | OAuth2 configuration for the URL.
 
-
 It requires Prometheus >= v2.27.0.
 
-
 Cannot be set at the same time as `sigv4`, `authorization`, `basicAuth`, or `azureAd`.
 
 | `proxyConnectHeader`
@@ -11156,8 +11480,7 @@ Cannot be set at the same time as `sigv4`, `authorization`, `basicAuth`, or `azu
 | ProxyConnectHeader optionally specifies headers to send to
 proxies during CONNECT requests.
 
-
-It requires Prometheus >= v2.43.0.
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
 
 | `proxyConnectHeader{}`
 | `array`
@@ -11170,18 +11493,13 @@ It requires Prometheus >= v2.43.0.
 | `proxyFromEnvironment`
 | `boolean`
 | Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).
-If unset, Prometheus uses its default value.
 
-
-It requires Prometheus >= v2.43.0.
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
 
 | `proxyUrl`
 | `string`
 | `proxyURL` defines the HTTP proxy server to use.
 
-
-It requires Prometheus >= v2.43.0.
-
 | `queueConfig`
 | `object`
 | QueueConfig allows tuning of the remote write queue parameters.
@@ -11193,10 +11511,9 @@ It requires Prometheus >= v2.43.0.
 | `sendExemplars`
 | `boolean`
 | Enables sending of exemplars over remote write. Note that
-exemplar-storage itself must be enabled using the `spec.enableFeature`
+exemplar-storage itself must be enabled using the `spec.enableFeatures`
 option for exemplars to be scraped in the first place.
 
-
 It requires Prometheus >= v2.27.0.
 
 | `sendNativeHistograms`
@@ -11204,17 +11521,14 @@ It requires Prometheus >= v2.27.0.
 | Enables sending of native histograms, also known as sparse histograms
 over remote write.
 
-
 It requires Prometheus >= v2.40.0.
 
 | `sigv4`
 | `object`
 | Sigv4 allows to configures AWS's Signature Verification 4 for the URL.
 
-
 It requires Prometheus >= v2.26.0.
 
-
 Cannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `azureAd`.
 
 | `tlsConfig`
@@ -11234,7 +11548,6 @@ Cannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `az
 | RelabelConfig allows dynamic rewriting of the label set for targets, alerts,
 scraped samples and remote write samples.
 
-
 More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
 
 |===
@@ -11244,10 +11557,8 @@ Description::
 --
 Authorization section for the URL.
 
-
 It requires Prometheus >= v2.26.0.
 
-
 Cannot be set at the same time as `sigv4`, `basicAuth`, `oauth2`, or `azureAd`.
 --
 
@@ -11273,10 +11584,8 @@ Type::
 | `string`
 | Defines the authentication type. The value is case-insensitive.
 
-
 "Basic" is not a supported value.
 
-
 Default: "Bearer"
 
 |===
@@ -11309,9 +11618,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -11324,10 +11631,8 @@ Description::
 --
 AzureAD for the URL.
 
-
 It requires Prometheus >= v2.45.0.
 
-
 Cannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `sigv4`.
 --
 
@@ -11355,7 +11660,6 @@ Cannot be set at the same time as `oauth` or `sdk`.
 | OAuth defines the oauth config that is being used to authenticate.
 Cannot be set at the same time as `managedIdentity` or `sdk`.
 
-
 It requires Prometheus >= v2.48.0.
 
 | `sdk`
@@ -11364,7 +11668,6 @@ It requires Prometheus >= v2.48.0.
 See https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication
 Cannot be set at the same time as `oauth` or `managedIdentity`.
 
-
 It requires Prometheus >= 2.52.0.
 
 |===
@@ -11400,7 +11703,6 @@ Description::
 OAuth defines the oauth config that is being used to authenticate.
 Cannot be set at the same time as `managedIdentity` or `sdk`.
 
-
 It requires Prometheus >= v2.48.0.
 --
 
@@ -11460,9 +11762,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -11477,7 +11777,6 @@ SDK defines the Azure SDK config that is being used to authenticate.
 See https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication
 Cannot be set at the same time as `oauth` or `managedIdentity`.
 
-
 It requires Prometheus >= 2.52.0.
 --
 
@@ -11502,7 +11801,6 @@ Description::
 --
 BasicAuth configuration for the URL.
 
-
 Cannot be set at the same time as `sigv4`, `authorization`, `oauth2`, or `azureAd`.
 --
 
@@ -11557,9 +11855,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -11596,9 +11892,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -11637,10 +11931,8 @@ Description::
 --
 OAuth2 configuration for the URL.
 
-
 It requires Prometheus >= v2.27.0.
 
-
 Cannot be set at the same time as `sigv4`, `authorization`, `basicAuth`, or `azureAd`.
 --
 
@@ -11673,10 +11965,48 @@ client's secret.
 | `endpointParams` configures the HTTP parameters to append to the token
 URL.
 
+| `noProxy`
+| `string`
+| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names
+that should be excluded from proxying. IP and domain names can
+contain port numbers.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyConnectHeader`
+| `object`
+| ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyConnectHeader{}`
+| `array`
+| 
+
+| `proxyConnectHeader{}[]`
+| `object`
+| SecretKeySelector selects a key of a Secret.
+
+| `proxyFromEnvironment`
+| `boolean`
+| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyUrl`
+| `string`
+| `proxyURL` defines the HTTP proxy server to use.
+
 | `scopes`
 | `array (string)`
 | `scopes` defines the OAuth2 scopes used for the token request.
 
+| `tlsConfig`
+| `object`
+| TLS configuration to use when connecting to the OAuth2 server.
+It requires Prometheus >= v2.43.0.
+
 | `tokenUrl`
 | `string`
 | `tokenURL` configures the URL to fetch the token from.
@@ -11738,9 +12068,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -11776,9 +12104,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -11815,9 +12141,355 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.remoteWrite[].oauth2.proxyConnectHeader
+Description::
++
+--
+ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+--
+
+Type::
+  `object`
+
+
+
+
+=== .spec.remoteWrite[].oauth2.proxyConnectHeader{}
+Description::
++
+--
+
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.remoteWrite[].oauth2.proxyConnectHeader{}[]
+Description::
++
+--
+SecretKeySelector selects a key of a Secret.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.remoteWrite[].oauth2.tlsConfig
+Description::
++
+--
+TLS configuration to use when connecting to the OAuth2 server.
+It requires Prometheus >= v2.43.0.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `ca`
+| `object`
+| Certificate authority used when verifying server certificates.
+
+| `cert`
+| `object`
+| Client certificate to present when doing client-authentication.
+
+| `insecureSkipVerify`
+| `boolean`
+| Disable target certificate validation.
+
+| `keySecret`
+| `object`
+| Secret containing the client key file for the targets.
+
+| `maxVersion`
+| `string`
+| Maximum acceptable TLS version.
+
+It requires Prometheus >= v2.41.0.
+
+| `minVersion`
+| `string`
+| Minimum acceptable TLS version.
+
+It requires Prometheus >= v2.35.0.
+
+| `serverName`
+| `string`
+| Used to verify the hostname for the targets.
+
+|===
+=== .spec.remoteWrite[].oauth2.tlsConfig.ca
+Description::
++
+--
+Certificate authority used when verifying server certificates.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMap`
+| `object`
+| ConfigMap containing data to use for the targets.
+
+| `secret`
+| `object`
+| Secret containing data to use for the targets.
+
+|===
+=== .spec.remoteWrite[].oauth2.tlsConfig.ca.configMap
+Description::
++
+--
+ConfigMap containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key to select.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
+
+|===
+=== .spec.remoteWrite[].oauth2.tlsConfig.ca.secret
+Description::
++
+--
+Secret containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.remoteWrite[].oauth2.tlsConfig.cert
+Description::
++
+--
+Client certificate to present when doing client-authentication.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMap`
+| `object`
+| ConfigMap containing data to use for the targets.
+
+| `secret`
+| `object`
+| Secret containing data to use for the targets.
+
+|===
+=== .spec.remoteWrite[].oauth2.tlsConfig.cert.configMap
+Description::
++
+--
+ConfigMap containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key to select.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
+
+|===
+=== .spec.remoteWrite[].oauth2.tlsConfig.cert.secret
+Description::
++
+--
+Secret containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.remoteWrite[].oauth2.tlsConfig.keySecret
+Description::
++
+--
+Secret containing the client key file for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 
 | `optional`
 | `boolean`
@@ -11831,8 +12503,7 @@ Description::
 ProxyConnectHeader optionally specifies headers to send to
 proxies during CONNECT requests.
 
-
-It requires Prometheus >= v2.43.0.
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
 --
 
 Type::
@@ -11883,9 +12554,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -11946,7 +12615,6 @@ dropping them.
 | `boolean`
 | Retry upon receiving a 429 status code from the remote-write storage.
 
-
 This is an *experimental feature*, it may change in any upcoming release
 in a breaking way.
 
@@ -11962,10 +12630,8 @@ Description::
 --
 Sigv4 allows to configures AWS's Signature Verification 4 for the URL.
 
-
 It requires Prometheus >= v2.26.0.
 
-
 Cannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `azureAd`.
 --
 
@@ -12032,9 +12698,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -12071,9 +12735,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -12125,6 +12787,18 @@ Type::
 | `object`
 | Secret containing the client key file for the targets.
 
+| `maxVersion`
+| `string`
+| Maximum acceptable TLS version.
+
+It requires Prometheus >= v2.41.0.
+
+| `minVersion`
+| `string`
+| Minimum acceptable TLS version.
+
+It requires Prometheus >= v2.35.0.
+
 | `serverName`
 | `string`
 | Used to verify the hostname for the targets.
@@ -12185,9 +12859,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -12223,9 +12895,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -12287,9 +12957,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -12325,9 +12993,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -12363,9 +13029,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -12392,7 +13056,6 @@ Description::
 RelabelConfig allows dynamic rewriting of the label set for targets, alerts,
 scraped samples and remote write samples.
 
-
 More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
 --
 
@@ -12410,18 +13073,15 @@ Type::
 | `string`
 | Action to perform based on the regex matching.
 
-
 `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.
 `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.
 
-
 Default: "Replace"
 
 | `modulus`
 | `integer`
 | Modulus to take of the hash of the source label values.
 
-
 Only applicable when the action is `HashMod`.
 
 | `regex`
@@ -12433,7 +13093,6 @@ Only applicable when the action is `HashMod`.
 | Replacement value against which a Replace action is performed if the
 regular expression matches.
 
-
 Regex capture groups are available.
 
 | `separator`
@@ -12450,11 +13109,9 @@ configured regular expression.
 | `string`
 | Label to which the resulting string is written in a replacement.
 
-
 It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,
 `KeepEqual` and `DropEqual` actions.
 
-
 Regex capture groups are available.
 
 |===
@@ -12480,11 +13137,9 @@ Type::
 | Claims lists the names of resources, defined in spec.resourceClaims,
 that are used by this container.
 
-
 This is an alpha field and requires enabling the
 DynamicResourceAllocation feature gate.
 
-
 This field is immutable. It can only be set for containers.
 
 | `claims[]`
@@ -12511,11 +13166,9 @@ Description::
 Claims lists the names of resources, defined in spec.resourceClaims,
 that are used by this container.
 
-
 This is an alpha field and requires enabling the
 DynamicResourceAllocation feature gate.
 
-
 This field is immutable. It can only be set for containers.
 --
 
@@ -12550,6 +13203,12 @@ Required::
 the Pod where this field is used. It makes that resource available
 inside a container.
 
+| `request`
+| `string`
+| Request is the name chosen for a request in the referenced claim.
+If empty, everything from the claim is made available, otherwise
+only the result of this request.
+
 |===
 === .spec.ruleNamespaceSelector
 Description::
@@ -12744,7 +13403,6 @@ Type::
 | `object`
 | Defines the parameters of the Prometheus rules' engine.
 
-
 Any update to these parameters trigger a restart of the pods.
 
 |===
@@ -12754,7 +13412,6 @@ Description::
 --
 Defines the parameters of the Prometheus rules' engine.
 
-
 Any update to these parameters trigger a restart of the pods.
 --
 
@@ -12772,7 +13429,6 @@ Type::
 | `string`
 | Minimum duration between alert and restored 'for' state.
 
-
 This is maintained only for alerts with a configured 'for' time greater
 than the grace period.
 
@@ -12786,6 +13442,29 @@ alert.
 | Minimum amount of time to wait before resending an alert to
 Alertmanager.
 
+|===
+=== .spec.runtime
+Description::
++
+--
+RuntimeConfig configures the values for the Prometheus process behavior
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `goGC`
+| `integer`
+| The Go garbage collection target percentage. Lowering this number may increase the CPU usage.
+See: https://tip.golang.org/doc/gc-guide#GOGC
+
 |===
 === .spec.scrapeClasses
 Description::
@@ -12794,7 +13473,6 @@ Description::
 List of scrape classes to expose to scraping objects such as
 PodMonitors, ServiceMonitors, Probes and ScrapeConfigs.
 
-
 This is an *experimental feature*, it may change in any upcoming release
 in a breaking way.
 --
@@ -12824,24 +13502,27 @@ Required::
 |===
 | Property | Type | Description
 
+| `attachMetadata`
+| `object`
+| AttachMetadata configures additional metadata to the discovered targets.
+When the scrape object defines its own configuration, it takes
+precedence over the scrape class configuration.
+
 | `default`
 | `boolean`
 | Default indicates that the scrape applies to all scrape objects that
 don't configure an explicit scrape class name.
 
-
 Only one scrape class can be set as the default.
 
 | `metricRelabelings`
 | `array`
 | MetricRelabelings configures the relabeling rules to apply to all samples before ingestion.
 
-
 The Operator adds the scrape class metric relabelings defined here.
 Then the Operator adds the target-specific metric relabelings defined in ServiceMonitors, PodMonitors, Probes and ScrapeConfigs.
 Then the Operator adds namespace enforcement relabeling rule, specified in '.spec.enforcedNamespaceLabel'.
 
-
 More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
 
 | `metricRelabelings[]`
@@ -12849,7 +13530,6 @@ More info: https://prometheus.io/docs/prometheus/latest/configuration/configurat
 | RelabelConfig allows dynamic rewriting of the label set for targets, alerts,
 scraped samples and remote write samples.
 
-
 More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
 
 | `name`
@@ -12860,13 +13540,11 @@ More info: https://prometheus.io/docs/prometheus/latest/configuration/configurat
 | `array`
 | Relabelings configures the relabeling rules to apply to all scrape targets.
 
-
 The Operator automatically adds relabelings for a few standard Kubernetes fields
 like `__meta_kubernetes_namespace` and `__meta_kubernetes_service_name`.
 Then the Operator adds the scrape class relabelings defined here.
 Then the Operator adds the target-specific relabelings defined in the scrape object.
 
-
 More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
 
 | `relabelings[]`
@@ -12874,7 +13552,6 @@ More info: https://prometheus.io/docs/prometheus/latest/configuration/configurat
 | RelabelConfig allows dynamic rewriting of the label set for targets, alerts,
 scraped samples and remote write samples.
 
-
 More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
 
 | `tlsConfig`
@@ -12883,9 +13560,36 @@ More info: https://prometheus.io/docs/prometheus/latest/configuration/configurat
 scrape objects define their own CA, certificate and/or key, they take
 precedence over the corresponding scrape class fields.
 
-
 For now only the `caFile`, `certFile` and `keyFile` fields are supported.
 
+|===
+=== .spec.scrapeClasses[].attachMetadata
+Description::
++
+--
+AttachMetadata configures additional metadata to the discovered targets.
+When the scrape object defines its own configuration, it takes
+precedence over the scrape class configuration.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `node`
+| `boolean`
+| When set to true, Prometheus attaches node metadata to the discovered
+targets.
+
+The Prometheus service account must have the `list` and `watch`
+permissions on the `Nodes` objects.
+
 |===
 === .spec.scrapeClasses[].metricRelabelings
 Description::
@@ -12893,12 +13597,10 @@ Description::
 --
 MetricRelabelings configures the relabeling rules to apply to all samples before ingestion.
 
-
 The Operator adds the scrape class metric relabelings defined here.
 Then the Operator adds the target-specific metric relabelings defined in ServiceMonitors, PodMonitors, Probes and ScrapeConfigs.
 Then the Operator adds namespace enforcement relabeling rule, specified in '.spec.enforcedNamespaceLabel'.
 
-
 More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
 --
 
@@ -12915,7 +13617,6 @@ Description::
 RelabelConfig allows dynamic rewriting of the label set for targets, alerts,
 scraped samples and remote write samples.
 
-
 More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
 --
 
@@ -12933,18 +13634,15 @@ Type::
 | `string`
 | Action to perform based on the regex matching.
 
-
 `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.
 `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.
 
-
 Default: "Replace"
 
 | `modulus`
 | `integer`
 | Modulus to take of the hash of the source label values.
 
-
 Only applicable when the action is `HashMod`.
 
 | `regex`
@@ -12956,7 +13654,6 @@ Only applicable when the action is `HashMod`.
 | Replacement value against which a Replace action is performed if the
 regular expression matches.
 
-
 Regex capture groups are available.
 
 | `separator`
@@ -12973,11 +13670,9 @@ configured regular expression.
 | `string`
 | Label to which the resulting string is written in a replacement.
 
-
 It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,
 `KeepEqual` and `DropEqual` actions.
 
-
 Regex capture groups are available.
 
 |===
@@ -12987,13 +13682,11 @@ Description::
 --
 Relabelings configures the relabeling rules to apply to all scrape targets.
 
-
 The Operator automatically adds relabelings for a few standard Kubernetes fields
 like `__meta_kubernetes_namespace` and `__meta_kubernetes_service_name`.
 Then the Operator adds the scrape class relabelings defined here.
 Then the Operator adds the target-specific relabelings defined in the scrape object.
 
-
 More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
 --
 
@@ -13010,7 +13703,6 @@ Description::
 RelabelConfig allows dynamic rewriting of the label set for targets, alerts,
 scraped samples and remote write samples.
 
-
 More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
 --
 
@@ -13028,18 +13720,15 @@ Type::
 | `string`
 | Action to perform based on the regex matching.
 
-
 `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.
 `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.
 
-
 Default: "Replace"
 
 | `modulus`
 | `integer`
 | Modulus to take of the hash of the source label values.
 
-
 Only applicable when the action is `HashMod`.
 
 | `regex`
@@ -13051,7 +13740,6 @@ Only applicable when the action is `HashMod`.
 | Replacement value against which a Replace action is performed if the
 regular expression matches.
 
-
 Regex capture groups are available.
 
 | `separator`
@@ -13068,11 +13756,9 @@ configured regular expression.
 | `string`
 | Label to which the resulting string is written in a replacement.
 
-
 It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,
 `KeepEqual` and `DropEqual` actions.
 
-
 Regex capture groups are available.
 
 |===
@@ -13084,7 +13770,6 @@ TLSConfig defines the TLS settings to use for the scrape. When the
 scrape objects define their own CA, certificate and/or key, they take
 precedence over the corresponding scrape class fields.
 
-
 For now only the `caFile`, `certFile` and `keyFile` fields are supported.
 --
 
@@ -13126,6 +13811,18 @@ Type::
 | `object`
 | Secret containing the client key file for the targets.
 
+| `maxVersion`
+| `string`
+| Maximum acceptable TLS version.
+
+It requires Prometheus >= v2.41.0.
+
+| `minVersion`
+| `string`
+| Minimum acceptable TLS version.
+
+It requires Prometheus >= v2.35.0.
+
 | `serverName`
 | `string`
 | Used to verify the hostname for the targets.
@@ -13186,9 +13883,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -13224,9 +13919,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -13288,9 +13981,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -13326,9 +14017,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -13364,9 +14053,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -13381,7 +14068,6 @@ Namespaces to match for ScrapeConfig discovery. An empty label selector
 matches all namespaces. A null label selector matches the current
 namespace only.
 
-
 Note that the ScrapeConfig custom resource definition is currently at Alpha level.
 --
 
@@ -13469,7 +14155,6 @@ Description::
 ScrapeConfigs to be selected for target discovery. An empty label
 selector matches all objects. A null label selector matches no objects.
 
-
 If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`
 and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.
 The Prometheus operator will ensure that the Prometheus configuration's
@@ -13479,7 +14164,6 @@ This behavior is *deprecated* and will be removed in the next major version
 of the custom resource definition. It is recommended to use
 `spec.additionalScrapeConfigs` instead.
 
-
 Note that the ScrapeConfig custom resource definition is currently at Alpha level.
 --
 
@@ -13589,12 +14273,10 @@ Note that this field cannot be set when spec.os.name is windows.
 Some volume types allow the Kubelet to change the ownership of that volume
 to be owned by the pod:
 
-
 1. The owning GID will be the FSGroup
 2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
 3. The permission bits are OR'd with rw-rw----
 
-
 If unset, the Kubelet will not modify the ownership and permissions of any volume.
 Note that this field cannot be set when spec.os.name is windows.
 
@@ -13651,12 +14333,22 @@ Note that this field cannot be set when spec.os.name is windows.
 
 | `supplementalGroups`
 | `array (integer)`
-| A list of groups applied to the first process run in each container, in addition
-to the container's primary GID, the fsGroup (if specified), and group memberships
-defined in the container image for the uid of the container process. If unspecified,
-no additional groups are added to any container. Note that group memberships
-defined in the container image for the uid of the container process are still effective,
-even if they are not included in this list.
+| A list of groups applied to the first process run in each container, in
+addition to the container's primary GID and fsGroup (if specified).  If
+the SupplementalGroupsPolicy feature is enabled, the
+supplementalGroupsPolicy field determines whether these are in addition
+to or instead of any group memberships defined in the container image.
+If unspecified, no additional groups are added, though group memberships
+defined in the container image may still be used, depending on the
+supplementalGroupsPolicy field.
+Note that this field cannot be set when spec.os.name is windows.
+
+| `supplementalGroupsPolicy`
+| `string`
+| Defines how supplemental groups of the first container processes are calculated.
+Valid values are "Merge" and "Strict". If not specified, "Merge" is used.
+(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled
+and the container runtime must implement support for this feature.
 Note that this field cannot be set when spec.os.name is windows.
 
 | `sysctls`
@@ -13784,7 +14476,6 @@ Must be set if type is "Localhost". Must NOT be set for any other type.
 | type indicates which kind of seccomp profile will be applied.
 Valid options are:
 
-
 Localhost - a profile defined in a file on the node should be used.
 RuntimeDefault - the container runtime default profile should be used.
 Unconfined - no profile should be applied.
@@ -13972,7 +14663,6 @@ Description::
 ServiceMonitors to be selected for target discovery. An empty label
 selector matches all objects. A null label selector matches no objects.
 
-
 If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`
 and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.
 The Prometheus operator will ensure that the Prometheus configuration's
@@ -14167,7 +14857,6 @@ pod.  The name of the PVC will be `<pod name>-<volume name>` where
 entry. Pod validation will reject the pod if the concatenated name
 is not valid for a PVC (for example, too long).
 
-
 An existing PVC with that name that is not owned by the pod
 will *not* be used for the pod to avoid using an unrelated
 volume by mistake. Starting the pod is then blocked until
@@ -14177,11 +14866,9 @@ owner reference to the pod once the pod exists. Normally
 this should not be necessary, but it may be useful when
 manually reconstructing a broken cluster.
 
-
 This field is read-only and no changes will be made by Kubernetes
 to the PVC after it has been created.
 
-
 Required, must not be nil.
 
 |===
@@ -14197,7 +14884,6 @@ pod.  The name of the PVC will be `<pod name>-<volume name>` where
 entry. Pod validation will reject the pod if the concatenated name
 is not valid for a PVC (for example, too long).
 
-
 An existing PVC with that name that is not owned by the pod
 will *not* be used for the pod to avoid using an unrelated
 volume by mistake. Starting the pod is then blocked until
@@ -14207,11 +14893,9 @@ owner reference to the pod once the pod exists. Normally
 this should not be necessary, but it may be useful when
 manually reconstructing a broken cluster.
 
-
 This field is read-only and no changes will be made by Kubernetes
 to the PVC after it has been created.
 
-
 Required, must not be nil.
 --
 
@@ -14348,7 +15032,7 @@ If the resource referred to by volumeAttributesClass does not exist, this Persis
 set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource
 exists.
 More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/
-(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
+(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
 
 | `volumeMode`
 | `string`
@@ -14762,7 +15446,7 @@ If the resource referred to by volumeAttributesClass does not exist, this Persis
 set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource
 exists.
 More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/
-(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
+(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
 
 | `volumeMode`
 | `string`
@@ -15029,7 +15713,6 @@ Key names follow standard Kubernetes label syntax. Valid values are either:
 Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered
 reserved and hence may not be used.
 
-
 ClaimResourceStatus can be in any of following states:
 	- ControllerResizeInProgress:
 		State set when resize controller starts resizing the volume in control-plane.
@@ -15051,13 +15734,11 @@ For example: if expanding a PVC for more capacity - this field can be one of the
      - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeFailed"
 When this field is not set, it means that no resize operation is in progress for the given PVC.
 
-
 A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus
 should ignore the update for the purpose it was designed. For example - a controller that
 only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid
 resources associated with PVC.
 
-
 This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
 
 | `allocatedResources`
@@ -15070,7 +15751,6 @@ Key names follow standard Kubernetes label syntax. Valid values are either:
 Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered
 reserved and hence may not be used.
 
-
 Capacity reported here may be larger than the actual capacity when a volume expansion operation
 is requested.
 For storage quota, the larger value from allocatedResources and PVC.spec.resources is used.
@@ -15079,13 +15759,11 @@ If a volume expansion capacity request is lowered, allocatedResources is only
 lowered if there are no expansion operations in progress and if the actual volume capacity
 is equal or lower than the requested capacity.
 
-
 A controller that receives PVC update with previously unknown resourceName
 should ignore the update for the purpose it was designed. For example - a controller that
 only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid
 resources associated with PVC.
 
-
 This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
 
 | `capacity`
@@ -15105,13 +15783,13 @@ resized then the Condition will be set to 'Resizing'.
 | `string`
 | currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.
 When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim
-This is an alpha field and requires enabling VolumeAttributesClass feature.
+This is a beta field and requires enabling VolumeAttributesClass feature (off by default).
 
 | `modifyVolumeStatus`
 | `object`
 | ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.
 When this is unset, there is no ModifyVolume operation being attempted.
-This is an alpha field and requires enabling VolumeAttributesClass feature.
+This is a beta field and requires enabling VolumeAttributesClass feature (off by default).
 
 | `phase`
 | `string`
@@ -15176,7 +15854,15 @@ persistent volume is being resized.
 
 | `type`
 | `string`
-| PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type
+| PersistentVolumeClaimConditionType defines the condition of PV claim.
+Valid values are:
+  - "Resizing", "FileSystemResizePending"
+
+If RecoverVolumeExpansionFailure feature gate is enabled, then following additional values can be expected:
+  - "ControllerResizeError", "NodeResizeError"
+
+If VolumeAttributesClass feature gate is enabled, then following additional values can be expected:
+  - "ModifyVolumeError", "ModifyingVolume"
 
 |===
 === .spec.storage.volumeClaimTemplate.status.modifyVolumeStatus
@@ -15185,7 +15871,7 @@ Description::
 --
 ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.
 When this is unset, there is no ModifyVolume operation being attempted.
-This is an alpha field and requires enabling VolumeAttributesClass feature.
+This is a beta field and requires enabling VolumeAttributesClass feature (off by default).
 --
 
 Type::
@@ -15257,7 +15943,6 @@ fail and an error will be logged.
 | BlockDuration controls the size of TSDB blocks produced by Prometheus.
 The default value is 2h to match the upstream Prometheus defaults.
 
-
 WARNING: Changing the block duration can impact the performance and
 efficiency of the entire Prometheus/Thanos stack due to how it interacts
 with memory and Thanos compactors. It is recommended to keep this value
@@ -15277,14 +15962,12 @@ example, 30s * 120 = 1h.
 | When true, the Thanos sidecar listens on the loopback interface instead
 of the Pod IP's address for the gRPC endpoints.
 
-
 It has no effect if `listenLocal` is true.
 
 | `grpcServerTlsConfig`
 | `object`
 | Configures the TLS parameters for the gRPC server providing the StoreAPI.
 
-
 Note: Currently only the `caFile`, `certFile`, and `keyFile` fields are supported.
 
 | `httpListenLocal`
@@ -15292,7 +15975,6 @@ Note: Currently only the `caFile`, `certFile`, and `keyFile` fields are supporte
 | When true, the Thanos sidecar listens on the loopback interface instead
 of the Pod IP's address for the HTTP endpoints.
 
-
 It has no effect if `listenLocal` is true.
 
 | `image`
@@ -15301,11 +15983,9 @@ It has no effect if `listenLocal` is true.
 the `spec.thanos.baseImage`, `spec.thanos.tag` and `spec.thanos.sha`
 fields.
 
-
 Specifying `spec.thanos.version` is still necessary to ensure the
 Prometheus Operator knows which version of Thanos is being configured.
 
-
 If neither `spec.thanos.image` nor `spec.thanos.baseImage` are defined,
 the operator will use the latest upstream version of Thanos available at
 the time when the operator was released.
@@ -15333,20 +16013,16 @@ units are ms, s, m, h, d, w, y.
 | `object`
 | Defines the Thanos sidecar's configuration to upload TSDB blocks to object storage.
 
-
 More info: https://thanos.io/tip/thanos/storage.md/
 
-
 objectStorageConfigFile takes precedence over this field.
 
 | `objectStorageConfigFile`
 | `string`
 | Defines the Thanos sidecar's configuration file to upload TSDB blocks to object storage.
 
-
 More info: https://thanos.io/tip/thanos/storage.md/
 
-
 This field takes precedence over objectStorageConfig.
 
 | `readyTimeout`
@@ -15370,13 +16046,10 @@ Prometheus to start.
 | `object`
 | Defines the tracing configuration for the Thanos sidecar.
 
-
 `tracingConfigFile` takes precedence over this field.
 
-
 More info: https://thanos.io/tip/thanos/tracing.md/
 
-
 This is an *experimental feature*, it may change in any upcoming release
 in a breaking way.
 
@@ -15384,13 +16057,10 @@ in a breaking way.
 | `string`
 | Defines the tracing configuration file for the Thanos sidecar.
 
-
 This field takes precedence over `tracingConfig`.
 
-
 More info: https://thanos.io/tip/thanos/tracing.md/
 
-
 This is an *experimental feature*, it may change in any upcoming release
 in a breaking way.
 
@@ -15399,7 +16069,6 @@ in a breaking way.
 | Version of Thanos being deployed. The operator uses this information
 to generate the Prometheus StatefulSet + configuration files.
 
-
 If not specified, the operator assumes the latest upstream release of
 Thanos available at the time when the version of the operator was
 released.
@@ -15467,7 +16136,6 @@ Description::
 --
 Configures the TLS parameters for the gRPC server providing the StoreAPI.
 
-
 Note: Currently only the `caFile`, `certFile`, and `keyFile` fields are supported.
 --
 
@@ -15509,6 +16177,18 @@ Type::
 | `object`
 | Secret containing the client key file for the targets.
 
+| `maxVersion`
+| `string`
+| Maximum acceptable TLS version.
+
+It requires Prometheus >= v2.41.0.
+
+| `minVersion`
+| `string`
+| Minimum acceptable TLS version.
+
+It requires Prometheus >= v2.35.0.
+
 | `serverName`
 | `string`
 | Used to verify the hostname for the targets.
@@ -15569,9 +16249,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -15607,9 +16285,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -15671,9 +16347,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -15709,9 +16383,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -15747,9 +16419,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -15762,10 +16432,8 @@ Description::
 --
 Defines the Thanos sidecar's configuration to upload TSDB blocks to object storage.
 
-
 More info: https://thanos.io/tip/thanos/storage.md/
 
-
 objectStorageConfigFile takes precedence over this field.
 --
 
@@ -15791,9 +16459,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -15822,11 +16488,9 @@ Type::
 | Claims lists the names of resources, defined in spec.resourceClaims,
 that are used by this container.
 
-
 This is an alpha field and requires enabling the
 DynamicResourceAllocation feature gate.
 
-
 This field is immutable. It can only be set for containers.
 
 | `claims[]`
@@ -15853,11 +16517,9 @@ Description::
 Claims lists the names of resources, defined in spec.resourceClaims,
 that are used by this container.
 
-
 This is an alpha field and requires enabling the
 DynamicResourceAllocation feature gate.
 
-
 This field is immutable. It can only be set for containers.
 --
 
@@ -15892,6 +16554,12 @@ Required::
 the Pod where this field is used. It makes that resource available
 inside a container.
 
+| `request`
+| `string`
+| Request is the name chosen for a request in the referenced claim.
+If empty, everything from the claim is made available, otherwise
+only the result of this request.
+
 |===
 === .spec.thanos.tracingConfig
 Description::
@@ -15899,13 +16567,10 @@ Description::
 --
 Defines the tracing configuration for the Thanos sidecar.
 
-
 `tracingConfigFile` takes precedence over this field.
 
-
 More info: https://thanos.io/tip/thanos/tracing.md/
 
-
 This is an *experimental feature*, it may change in any upcoming release
 in a breaking way.
 --
@@ -15932,9 +16597,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -16004,10 +16667,8 @@ Defaults to false.
 | RecursiveReadOnly specifies whether read-only mounts should be handled
 recursively.
 
-
 If ReadOnly is false, this field has no meaning and must be unspecified.
 
-
 If ReadOnly is true, and this field is set to Disabled, the mount is not made
 recursively read-only.  If this field is set to IfPossible, the mount is made
 recursively read-only, if it is supported by the container runtime.  If this
@@ -16015,11 +16676,9 @@ field is set to Enabled, the mount is made recursively read-only if it is
 supported by the container runtime, otherwise the pod will not be started and
 an error will be generated to indicate the reason.
 
-
 If this field is set to IfPossible or Enabled, MountPropagation must be set to
 None (or be unspecified, which defaults to None).
 
-
 If this field is not specified, it is treated as an equivalent of Disabled.
 
 | `subPath`
@@ -16151,7 +16810,6 @@ MatchLabelKeys cannot be set when LabelSelector isn't set.
 Keys that don't exist in the incoming pod labels will
 be ignored. A null or empty list means only match against labelSelector.
 
-
 This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
 
 | `maxSkew`
@@ -16187,7 +16845,6 @@ If value is nil, the constraint behaves as if MinDomains is equal to 1.
 Valid values are integers greater than 0.
 When value is not nil, WhenUnsatisfiable must be DoNotSchedule.
 
-
 For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same
 labelSelector spread as 2/2/2:
 \| zone1 \| zone2 \| zone3 \|
@@ -16204,7 +16861,6 @@ when calculating pod topology spread skew. Options are:
 - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.
 - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.
 
-
 If this value is nil, the behavior is equivalent to the Honor policy.
 This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
 
@@ -16216,7 +16872,6 @@ pod topology spread skew. Options are:
 has a toleration, are included.
 - Ignore: node taints are ignored. All nodes are included.
 
-
 If this value is nil, the behavior is equivalent to the Ignore policy.
 This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
 
@@ -16347,7 +17002,6 @@ Description::
 --
 TracingConfig configures tracing in Prometheus.
 
-
 This is an *experimental feature*, it may change in any upcoming release
 in a breaking way.
 --
@@ -16442,6 +17096,18 @@ Type::
 | `object`
 | Secret containing the client key file for the targets.
 
+| `maxVersion`
+| `string`
+| Maximum acceptable TLS version.
+
+It requires Prometheus >= v2.41.0.
+
+| `minVersion`
+| `string`
+| Minimum acceptable TLS version.
+
+It requires Prometheus >= v2.35.0.
+
 | `serverName`
 | `string`
 | Used to verify the hostname for the targets.
@@ -16502,9 +17168,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -16540,9 +17204,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -16604,9 +17266,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -16642,9 +17302,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -16680,9 +17338,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -16693,8 +17349,8 @@ TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://git
 Description::
 +
 --
-Defines the runtime reloadable configuration of the timeseries database
-(TSDB).
+Defines the runtime reloadable configuration of the timeseries database(TSDB).
+It requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0.
 --
 
 Type::
@@ -16712,16 +17368,13 @@ Type::
 | Configures how old an out-of-order/out-of-bounds sample can be with
 respect to the TSDB max time.
 
-
 An out-of-order/out-of-bounds sample is ingested into the TSDB as long as
 the timestamp of the sample is >= (TSDB.MaxTime - outOfOrderTimeWindow).
 
-
 This is an *experimental feature*, it may change in any upcoming release
 in a breaking way.
 
-
-It requires Prometheus >= v2.39.0.
+It requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0.
 
 |===
 === .spec.volumeMounts
@@ -16730,7 +17383,6 @@ Description::
 --
 VolumeMounts allows the configuration of additional VolumeMounts.
 
-
 VolumeMounts will be appended to other VolumeMounts in the 'prometheus'
 container, that are generated as a result of StorageSpec objects.
 --
@@ -16789,10 +17441,8 @@ Defaults to false.
 | RecursiveReadOnly specifies whether read-only mounts should be handled
 recursively.
 
-
 If ReadOnly is false, this field has no meaning and must be unspecified.
 
-
 If ReadOnly is true, and this field is set to Disabled, the mount is not made
 recursively read-only.  If this field is set to IfPossible, the mount is made
 recursively read-only, if it is supported by the container runtime.  If this
@@ -16800,11 +17450,9 @@ field is set to Enabled, the mount is made recursively read-only if it is
 supported by the container runtime, otherwise the pod will not be started and
 an error will be generated to indicate the reason.
 
-
 If this field is set to IfPossible or Enabled, MountPropagation must be set to
 None (or be unspecified, which defaults to None).
 
-
 If this field is not specified, it is treated as an equivalent of Disabled.
 
 | `subPath`
@@ -16900,7 +17548,6 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
 The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,
 and deleted when the pod is removed.
 
-
 Use this if:
 a) the volume is only needed while the pod runs,
 b) features of normal volumes like restoring from snapshot or capacity
@@ -16911,17 +17558,14 @@ d) the storage driver supports dynamic volume provisioning through
    information on the connection between this volume type
    and PersistentVolumeClaim).
 
-
 Use PersistentVolumeClaim or one of the vendor-specific
 APIs for volumes that persist for longer than the lifecycle
 of an individual pod.
 
-
 Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to
 be used that way - see the documentation of the driver for
 more information.
 
-
 A pod can use both types of ephemeral volumes and
 persistent volumes at the same time.
 
@@ -16963,9 +17607,23 @@ machine that is directly exposed to the container. This is generally
 used for system agents or other privileged things that are allowed
 to see the host machine. Most containers will NOT need this.
 More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
----
-TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not
-mount host directories as read/write.
+
+| `image`
+| `object`
+| image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.
+The volume is resolved at pod startup depending on which PullPolicy value is provided:
+
+- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.
+- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.
+- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.
+
+The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.
+A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.
+The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.
+The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.
+The volume will be mounted read-only (ro) and non-executable files (noexec).
+Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).
+The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.
 
 | `iscsi`
 | `object`
@@ -17056,7 +17714,6 @@ Required::
 Tip: Ensure that the filesystem type is supported by the host operating system.
 Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
-TODO: how do we prevent errors in the filesystem from compromising the machine
 
 | `partition`
 | `integer`
@@ -17232,9 +17889,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 |===
 === .spec.volumes[].cinder
@@ -17305,9 +17960,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 |===
 === .spec.volumes[].configMap
@@ -17357,9 +18010,7 @@ relative and may not contain the '..' path or start with '..'.
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -17502,9 +18153,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 |===
 === .spec.volumes[].downwardAPI
@@ -17703,7 +18352,6 @@ ephemeral represents a volume that is handled by a cluster storage driver.
 The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,
 and deleted when the pod is removed.
 
-
 Use this if:
 a) the volume is only needed while the pod runs,
 b) features of normal volumes like restoring from snapshot or capacity
@@ -17714,17 +18362,14 @@ d) the storage driver supports dynamic volume provisioning through
    information on the connection between this volume type
    and PersistentVolumeClaim).
 
-
 Use PersistentVolumeClaim or one of the vendor-specific
 APIs for volumes that persist for longer than the lifecycle
 of an individual pod.
 
-
 Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to
 be used that way - see the documentation of the driver for
 more information.
 
-
 A pod can use both types of ephemeral volumes and
 persistent volumes at the same time.
 --
@@ -17749,7 +18394,6 @@ pod.  The name of the PVC will be `<pod name>-<volume name>` where
 entry. Pod validation will reject the pod if the concatenated name
 is not valid for a PVC (for example, too long).
 
-
 An existing PVC with that name that is not owned by the pod
 will *not* be used for the pod to avoid using an unrelated
 volume by mistake. Starting the pod is then blocked until
@@ -17759,11 +18403,9 @@ owner reference to the pod once the pod exists. Normally
 this should not be necessary, but it may be useful when
 manually reconstructing a broken cluster.
 
-
 This field is read-only and no changes will be made by Kubernetes
 to the PVC after it has been created.
 
-
 Required, must not be nil.
 
 |===
@@ -17779,7 +18421,6 @@ pod.  The name of the PVC will be `<pod name>-<volume name>` where
 entry. Pod validation will reject the pod if the concatenated name
 is not valid for a PVC (for example, too long).
 
-
 An existing PVC with that name that is not owned by the pod
 will *not* be used for the pod to avoid using an unrelated
 volume by mistake. Starting the pod is then blocked until
@@ -17789,11 +18430,9 @@ owner reference to the pod once the pod exists. Normally
 this should not be necessary, but it may be useful when
 manually reconstructing a broken cluster.
 
-
 This field is read-only and no changes will be made by Kubernetes
 to the PVC after it has been created.
 
-
 Required, must not be nil.
 --
 
@@ -17930,7 +18569,7 @@ If the resource referred to by volumeAttributesClass does not exist, this Persis
 set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource
 exists.
 More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/
-(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
+(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
 
 | `volumeMode`
 | `string`
@@ -18187,7 +18826,6 @@ Type::
 | fsType is the filesystem type to mount.
 Must be a filesystem type supported by the host operating system.
 Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
-TODO: how do we prevent errors in the filesystem from compromising the machine
 
 | `lun`
 | `integer`
@@ -18283,9 +18921,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 |===
 === .spec.volumes[].flocker
@@ -18342,7 +18978,6 @@ Required::
 Tip: Ensure that the filesystem type is supported by the host operating system.
 Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
-TODO: how do we prevent errors in the filesystem from compromising the machine
 
 | `partition`
 | `integer`
@@ -18449,9 +19084,6 @@ machine that is directly exposed to the container. This is generally
 used for system agents or other privileged things that are allowed
 to see the host machine. Most containers will NOT need this.
 More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
----
-TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not
-mount host directories as read/write.
 --
 
 Type::
@@ -18478,6 +19110,54 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
 Defaults to ""
 More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
 
+|===
+=== .spec.volumes[].image
+Description::
++
+--
+image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.
+The volume is resolved at pod startup depending on which PullPolicy value is provided:
+
+- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.
+- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.
+- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.
+
+The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.
+A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.
+The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.
+The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.
+The volume will be mounted read-only (ro) and non-executable files (noexec).
+Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).
+The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `pullPolicy`
+| `string`
+| Policy for pulling OCI objects. Possible values are:
+Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.
+Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.
+IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.
+Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+
+| `reference`
+| `string`
+| Required: Image or artifact reference to be used.
+Behaves in the same way as pod.spec.containers[*].image.
+Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.
+More info: https://kubernetes.io/docs/concepts/containers/images
+This field is optional to allow higher level config management to default or override
+container images in workload controllers like Deployments and StatefulSets.
+
 |===
 === .spec.volumes[].iscsi
 Description::
@@ -18516,7 +19196,6 @@ Required::
 Tip: Ensure that the filesystem type is supported by the host operating system.
 Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
-TODO: how do we prevent errors in the filesystem from compromising the machine
 
 | `initiatorName`
 | `string`
@@ -18580,9 +19259,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 |===
 === .spec.volumes[].nfs
@@ -18748,18 +19425,21 @@ mode, like fsGroup, and the result can be other mode bits set.
 
 | `sources`
 | `array`
-| sources is the list of volume projections
+| sources is the list of volume projections. Each entry in this list
+handles one source.
 
 | `sources[]`
 | `object`
-| Projection that may be projected along with other supported volume types
+| Projection that may be projected along with other supported volume types.
+Exactly one of these fields must be set.
 
 |===
 === .spec.volumes[].projected.sources
 Description::
 +
 --
-sources is the list of volume projections
+sources is the list of volume projections. Each entry in this list
+handles one source.
 --
 
 Type::
@@ -18772,7 +19452,8 @@ Type::
 Description::
 +
 --
-Projection that may be projected along with other supported volume types
+Projection that may be projected along with other supported volume types.
+Exactly one of these fields must be set.
 --
 
 Type::
@@ -18790,14 +19471,11 @@ Type::
 | ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field
 of ClusterTrustBundle objects in an auto-updating file.
 
-
 Alpha, gated by the ClusterTrustBundleProjection feature gate.
 
-
 ClusterTrustBundle objects can either be selected by name, or by the
 combination of signer name and a label selector.
 
-
 Kubelet performs aggressive normalization of the PEM contents written
 into the pod filesystem.  Esoteric PEM features such as inter-block
 comments and block headers are stripped.  Certificates are deduplicated.
@@ -18828,14 +19506,11 @@ Description::
 ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field
 of ClusterTrustBundle objects in an auto-updating file.
 
-
 Alpha, gated by the ClusterTrustBundleProjection feature gate.
 
-
 ClusterTrustBundle objects can either be selected by name, or by the
 combination of signer name and a label selector.
 
-
 Kubelet performs aggressive normalization of the PEM contents written
 into the pod filesystem.  Esoteric PEM features such as inter-block
 comments and block headers are stripped.  Certificates are deduplicated.
@@ -19010,9 +19685,7 @@ relative and may not contain the '..' path or start with '..'.
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -19258,9 +19931,7 @@ relative and may not contain the '..' path or start with '..'.
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -19446,7 +20117,6 @@ Required::
 Tip: Ensure that the filesystem type is supported by the host operating system.
 Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
-TODO: how do we prevent errors in the filesystem from compromising the machine
 
 | `image`
 | `string`
@@ -19516,9 +20186,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 |===
 === .spec.volumes[].scaleIO
@@ -19614,9 +20282,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 |===
 === .spec.volumes[].secret
@@ -19803,9 +20469,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 |===
 === .spec.volumes[].vsphereVolume
@@ -19969,9 +20633,6 @@ Defines the TLS parameters for HTTPS.
 Type::
   `object`
 
-Required::
-  - `cert`
-  - `keySecret`
 
 
 
@@ -19983,6 +20644,11 @@ Required::
 | `object`
 | Contains the TLS certificate for the server.
 
+| `certFile`
+| `string`
+| Path to the TLS certificate file in the Prometheus container for the server.
+Mutually exclusive with `cert`.
+
 | `cipherSuites`
 | `array (string)`
 | List of supported cipher suites for TLS versions up to TLS 1.2. If empty,
@@ -19995,6 +20661,11 @@ in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants
 For more detail on clientAuth options:
 https://golang.org/pkg/crypto/tls/#ClientAuthType
 
+| `clientCAFile`
+| `string`
+| Path to the CA certificate file for client certificate authentication to the server.
+Mutually exclusive with `client_ca`.
+
 | `client_ca`
 | `object`
 | Contains the CA certificate for client certificate authentication to the server.
@@ -20005,6 +20676,11 @@ https://golang.org/pkg/crypto/tls/#ClientAuthType
 order. Available curves are documented in the go documentation:
 https://golang.org/pkg/crypto/tls/#CurveID
 
+| `keyFile`
+| `string`
+| Path to the TLS key file in the Prometheus container for the server.
+Mutually exclusive with `keySecret`.
+
 | `keySecret`
 | `object`
 | Secret containing the TLS key for the server.
@@ -20080,9 +20756,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -20118,9 +20792,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -20182,9 +20854,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -20220,9 +20890,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -20258,9 +20926,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
diff --git a/rest_api/monitoring_apis/prometheusrule-monitoring-coreos-com-v1.adoc b/rest_api/monitoring_apis/prometheusrule-monitoring-coreos-com-v1.adoc
index 90d4a9c1ac..c3264bb616 100644
--- a/rest_api/monitoring_apis/prometheusrule-monitoring-coreos-com-v1.adoc
+++ b/rest_api/monitoring_apis/prometheusrule-monitoring-coreos-com-v1.adoc
@@ -11,7 +11,9 @@ toc::[]
 Description::
 +
 --
-PrometheusRule defines recording and alerting rules for a Prometheus instance
+The `PrometheusRule` custom resource definition (CRD) defines [alerting](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) and [recording](https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/) rules to be evaluated by `Prometheus` or `ThanosRuler` objects.
+
+`Prometheus` and `ThanosRuler` objects select `PrometheusRule` objects using label and namespace selectors.
 --
 
 Type::
@@ -122,6 +124,13 @@ Limit is supported starting with Prometheus >= 2.31 and Thanos Ruler >= 0.24.
 be ignored by Prometheus instances.
 More info: https://github.com/thanos-io/thanos/blob/main/docs/components/rule.md#partial-response
 
+| `query_offset`
+| `string`
+| Defines the offset the rule evaluation timestamp of this particular group by the specified duration into the past.
+
+It requires Prometheus >= v2.53.0.
+It is not supported for ThanosRuler.
+
 | `rules`
 | `array`
 | List of alerting and recording rules.
diff --git a/rest_api/monitoring_apis/servicemonitor-monitoring-coreos-com-v1.adoc b/rest_api/monitoring_apis/servicemonitor-monitoring-coreos-com-v1.adoc
index 9ef7f4d94a..8056cde249 100644
--- a/rest_api/monitoring_apis/servicemonitor-monitoring-coreos-com-v1.adoc
+++ b/rest_api/monitoring_apis/servicemonitor-monitoring-coreos-com-v1.adoc
@@ -11,7 +11,14 @@ toc::[]
 Description::
 +
 --
-ServiceMonitor defines monitoring for a set of services.
+The `ServiceMonitor` custom resource definition (CRD) defines how `Prometheus` and `PrometheusAgent` can scrape metrics from a group of services.
+Among other things, it allows to specify:
+* The services to scrape via label selectors.
+* The container ports to scrape.
+* Authentication credentials to use.
+* Target and metric relabeling.
+
+`Prometheus` and `PrometheusAgent` objects select `ServiceMonitor` objects using label and namespace selectors.
 --
 
 Type::
@@ -57,6 +64,7 @@ Type::
   `object`
 
 Required::
+  - `endpoints`
   - `selector`
 
 
@@ -70,7 +78,6 @@ Required::
 | `attachMetadata` defines additional metadata which is added to the
 discovered targets.
 
-
 It requires Prometheus >= v2.37.0.
 
 | `bodySizeLimit`
@@ -78,12 +85,13 @@ It requires Prometheus >= v2.37.0.
 | When defined, bodySizeLimit specifies a job level limit on the size
 of uncompressed response body that will be accepted by Prometheus.
 
-
 It requires Prometheus >= v2.28.0.
 
 | `endpoints`
 | `array`
 | List of endpoints part of this ServiceMonitor.
+Defines how to scrape metrics from Kubernetes [Endpoints](https://kubernetes.io/docs/concepts/services-networking/service/#endpoints) objects.
+In most cases, an Endpoints object is backed by a Kubernetes [Service](https://kubernetes.io/docs/concepts/services-networking/service/) object with the same name and labels.
 
 | `endpoints[]`
 | `object`
@@ -95,12 +103,10 @@ Prometheus.
 | `jobLabel` selects the label from the associated Kubernetes `Service`
 object which will be used as the `job` label for all metrics.
 
-
 For example if `jobLabel` is set to `foo` and the Kubernetes `Service`
 object is labeled with `foo: bar`, then Prometheus adds the `job="bar"`
 label to all ingested metrics.
 
-
 If the value of this field is empty or if the label doesn't exist for
 the given Service, the `job` label of the metrics defaults to the name
 of the associated Kubernetes `Service`.
@@ -110,34 +116,42 @@ of the associated Kubernetes `Service`.
 | Per-scrape limit on the number of targets dropped by relabeling
 that will be kept in memory. 0 means no limit.
 
-
 It requires Prometheus >= v2.47.0.
 
 | `labelLimit`
 | `integer`
 | Per-scrape limit on number of labels that will be accepted for a sample.
 
-
 It requires Prometheus >= v2.27.0.
 
 | `labelNameLengthLimit`
 | `integer`
 | Per-scrape limit on length of labels name that will be accepted for a sample.
 
-
 It requires Prometheus >= v2.27.0.
 
 | `labelValueLengthLimit`
 | `integer`
 | Per-scrape limit on length of labels value that will be accepted for a sample.
 
-
 It requires Prometheus >= v2.27.0.
 
 | `namespaceSelector`
 | `object`
-| Selector to select which namespaces the Kubernetes `Endpoints` objects
-are discovered from.
+| `namespaceSelector` defines in which namespace(s) Prometheus should discover the services.
+By default, the services are discovered in the same namespace as the `ServiceMonitor` object but it is possible to select pods across different/all namespaces.
+
+| `nativeHistogramBucketLimit`
+| `integer`
+| If there are more than this many buckets in a native histogram,
+buckets will be merged to stay within the limit.
+It requires Prometheus >= v2.45.0.
+
+| `nativeHistogramMinBucketFactor`
+| `integer-or-string`
+| If the growth factor of one bucket to the next is smaller than this,
+buckets will be merged to increase the factor sufficiently.
+It requires Prometheus >= v2.50.0.
 
 | `podTargetLabels`
 | `array (string)`
@@ -153,20 +167,23 @@ that will be accepted.
 | `string`
 | The scrape class to apply.
 
+| `scrapeClassicHistograms`
+| `boolean`
+| Whether to scrape a classic histogram that is also exposed as a native histogram.
+It requires Prometheus >= v2.45.0.
+
 | `scrapeProtocols`
 | `array (string)`
 | `scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the
 protocols supported by Prometheus in order of preference (from most to least preferred).
 
-
 If unset, Prometheus uses its default value.
 
-
 It requires Prometheus >= v2.49.0.
 
 | `selector`
 | `object`
-| Label selector to select the Kubernetes `Endpoints` objects.
+| Label selector to select the Kubernetes `Endpoints` objects to scrape metrics from.
 
 | `targetLabels`
 | `array (string)`
@@ -186,7 +203,6 @@ Description::
 `attachMetadata` defines additional metadata which is added to the
 discovered targets.
 
-
 It requires Prometheus >= v2.37.0.
 --
 
@@ -202,8 +218,11 @@ Type::
 
 | `node`
 | `boolean`
-| When set to true, Prometheus must have the `get` permission on the
-`Nodes` objects.
+| When set to true, Prometheus attaches node metadata to the discovered
+targets.
+
+The Prometheus service account must have the `list` and `watch`
+permissions on the `Nodes` objects.
 
 |===
 === .spec.endpoints
@@ -211,6 +230,8 @@ Description::
 +
 --
 List of endpoints part of this ServiceMonitor.
+Defines how to scrape metrics from Kubernetes [Endpoints](https://kubernetes.io/docs/concepts/services-networking/service/#endpoints) objects.
+In most cases, an Endpoints object is backed by a Kubernetes [Service](https://kubernetes.io/docs/concepts/services-networking/service/) object with the same name and labels.
 --
 
 Type::
@@ -242,7 +263,6 @@ Type::
 | `authorization` configures the Authorization header credentials to use when
 scraping the target.
 
-
 Cannot be set at the same time as `basicAuth`, or `oauth2`.
 
 | `basicAuth`
@@ -250,14 +270,12 @@ Cannot be set at the same time as `basicAuth`, or `oauth2`.
 | `basicAuth` configures the Basic Authentication credentials to use when
 scraping the target.
 
-
 Cannot be set at the same time as `authorization`, or `oauth2`.
 
 | `bearerTokenFile`
 | `string`
 | File to read bearer token for scraping the target.
 
-
 Deprecated: use `authorization` instead.
 
 | `bearerTokenSecret`
@@ -266,7 +284,6 @@ Deprecated: use `authorization` instead.
 token for scraping targets. The secret needs to be in the same namespace
 as the ServiceMonitor object and readable by the Prometheus Operator.
 
-
 Deprecated: use `authorization` instead.
 
 | `enableHttp2`
@@ -278,10 +295,8 @@ Deprecated: use `authorization` instead.
 | When true, the pods which are not running (e.g. either in Failed or
 Succeeded state) are dropped during the target discovery.
 
-
 If unset, the filtering is enabled.
 
-
 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase
 
 | `followRedirects`
@@ -303,7 +318,6 @@ when exposed by the target.
 | `string`
 | Interval at which Prometheus scrapes the metrics from the target.
 
-
 If empty, Prometheus uses the global scrape interval.
 
 | `metricRelabelings`
@@ -316,17 +330,14 @@ samples before ingestion.
 | RelabelConfig allows dynamic rewriting of the label set for targets, alerts,
 scraped samples and remote write samples.
 
-
 More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
 
 | `oauth2`
 | `object`
 | `oauth2` configures the OAuth2 settings to use when scraping the target.
 
-
 It requires Prometheus >= 2.27.0.
 
-
 Cannot be set at the same time as `authorization`, or `basicAuth`.
 
 | `params`
@@ -341,14 +352,12 @@ Cannot be set at the same time as `authorization`, or `basicAuth`.
 | `string`
 | HTTP path from which to scrape for metrics.
 
-
 If empty, Prometheus uses the default value (e.g. `/metrics`).
 
 | `port`
 | `string`
 | Name of the Service port which this endpoint refers to.
 
-
 It takes precedence over `targetPort`.
 
 | `proxyUrl`
@@ -361,13 +370,10 @@ It takes precedence over `targetPort`.
 | `relabelings` configures the relabeling rules to apply the target's
 metadata labels.
 
-
 The Operator automatically adds relabelings for a few standard Kubernetes fields.
 
-
 The original scrape job's name is available via the `__tmp_prometheus_job_name` label.
 
-
 More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
 
 | `relabelings[]`
@@ -375,25 +381,21 @@ More info: https://prometheus.io/docs/prometheus/latest/configuration/configurat
 | RelabelConfig allows dynamic rewriting of the label set for targets, alerts,
 scraped samples and remote write samples.
 
-
 More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
 
 | `scheme`
 | `string`
 | HTTP scheme to use for scraping.
 
-
 `http` and `https` are the expected values unless you rewrite the
 `__scheme__` label via relabeling.
 
-
 If empty, Prometheus uses the default value `http`.
 
 | `scrapeTimeout`
 | `string`
 | Timeout after which Prometheus considers the scrape to be failed.
 
-
 If empty, Prometheus uses the global scrape timeout unless it is less
 than the target's scrape interval value in which the latter is used.
 
@@ -412,7 +414,6 @@ Service. The port must be specified with the container's port property.
 the metrics that have an explicit timestamp present in scraped data.
 Has no effect if `honorTimestamps` is false.
 
-
 It requires Prometheus >= v2.48.0.
 
 |===
@@ -423,7 +424,6 @@ Description::
 `authorization` configures the Authorization header credentials to use when
 scraping the target.
 
-
 Cannot be set at the same time as `basicAuth`, or `oauth2`.
 --
 
@@ -445,10 +445,8 @@ Type::
 | `string`
 | Defines the authentication type. The value is case-insensitive.
 
-
 "Basic" is not a supported value.
 
-
 Default: "Bearer"
 
 |===
@@ -481,9 +479,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -497,7 +493,6 @@ Description::
 `basicAuth` configures the Basic Authentication credentials to use when
 scraping the target.
 
-
 Cannot be set at the same time as `authorization`, or `oauth2`.
 --
 
@@ -552,9 +547,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -591,9 +584,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -608,7 +599,6 @@ Description::
 token for scraping targets. The secret needs to be in the same namespace
 as the ServiceMonitor object and readable by the Prometheus Operator.
 
-
 Deprecated: use `authorization` instead.
 --
 
@@ -634,9 +624,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -664,7 +652,6 @@ Description::
 RelabelConfig allows dynamic rewriting of the label set for targets, alerts,
 scraped samples and remote write samples.
 
-
 More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
 --
 
@@ -682,18 +669,15 @@ Type::
 | `string`
 | Action to perform based on the regex matching.
 
-
 `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.
 `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.
 
-
 Default: "Replace"
 
 | `modulus`
 | `integer`
 | Modulus to take of the hash of the source label values.
 
-
 Only applicable when the action is `HashMod`.
 
 | `regex`
@@ -705,7 +689,6 @@ Only applicable when the action is `HashMod`.
 | Replacement value against which a Replace action is performed if the
 regular expression matches.
 
-
 Regex capture groups are available.
 
 | `separator`
@@ -722,11 +705,9 @@ configured regular expression.
 | `string`
 | Label to which the resulting string is written in a replacement.
 
-
 It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,
 `KeepEqual` and `DropEqual` actions.
 
-
 Regex capture groups are available.
 
 |===
@@ -736,10 +717,8 @@ Description::
 --
 `oauth2` configures the OAuth2 settings to use when scraping the target.
 
-
 It requires Prometheus >= 2.27.0.
 
-
 Cannot be set at the same time as `authorization`, or `basicAuth`.
 --
 
@@ -772,10 +751,48 @@ client's secret.
 | `endpointParams` configures the HTTP parameters to append to the token
 URL.
 
+| `noProxy`
+| `string`
+| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names
+that should be excluded from proxying. IP and domain names can
+contain port numbers.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyConnectHeader`
+| `object`
+| ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyConnectHeader{}`
+| `array`
+| 
+
+| `proxyConnectHeader{}[]`
+| `object`
+| SecretKeySelector selects a key of a Secret.
+
+| `proxyFromEnvironment`
+| `boolean`
+| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+
+| `proxyUrl`
+| `string`
+| `proxyURL` defines the HTTP proxy server to use.
+
 | `scopes`
 | `array (string)`
 | `scopes` defines the OAuth2 scopes used for the token request.
 
+| `tlsConfig`
+| `object`
+| TLS configuration to use when connecting to the OAuth2 server.
+It requires Prometheus >= v2.43.0.
+
 | `tokenUrl`
 | `string`
 | `tokenURL` configures the URL to fetch the token from.
@@ -837,9 +854,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -875,9 +890,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -914,9 +927,355 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.endpoints[].oauth2.proxyConnectHeader
+Description::
++
+--
+ProxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+
+It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.
+--
+
+Type::
+  `object`
+
+
+
+
+=== .spec.endpoints[].oauth2.proxyConnectHeader{}
+Description::
++
+--
+
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.endpoints[].oauth2.proxyConnectHeader{}[]
+Description::
++
+--
+SecretKeySelector selects a key of a Secret.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.endpoints[].oauth2.tlsConfig
+Description::
++
+--
+TLS configuration to use when connecting to the OAuth2 server.
+It requires Prometheus >= v2.43.0.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `ca`
+| `object`
+| Certificate authority used when verifying server certificates.
+
+| `cert`
+| `object`
+| Client certificate to present when doing client-authentication.
+
+| `insecureSkipVerify`
+| `boolean`
+| Disable target certificate validation.
+
+| `keySecret`
+| `object`
+| Secret containing the client key file for the targets.
+
+| `maxVersion`
+| `string`
+| Maximum acceptable TLS version.
+
+It requires Prometheus >= v2.41.0.
+
+| `minVersion`
+| `string`
+| Minimum acceptable TLS version.
+
+It requires Prometheus >= v2.35.0.
+
+| `serverName`
+| `string`
+| Used to verify the hostname for the targets.
+
+|===
+=== .spec.endpoints[].oauth2.tlsConfig.ca
+Description::
++
+--
+Certificate authority used when verifying server certificates.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMap`
+| `object`
+| ConfigMap containing data to use for the targets.
+
+| `secret`
+| `object`
+| Secret containing data to use for the targets.
+
+|===
+=== .spec.endpoints[].oauth2.tlsConfig.ca.configMap
+Description::
++
+--
+ConfigMap containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key to select.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
+
+|===
+=== .spec.endpoints[].oauth2.tlsConfig.ca.secret
+Description::
++
+--
+Secret containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.endpoints[].oauth2.tlsConfig.cert
+Description::
++
+--
+Client certificate to present when doing client-authentication.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMap`
+| `object`
+| ConfigMap containing data to use for the targets.
+
+| `secret`
+| `object`
+| Secret containing data to use for the targets.
+
+|===
+=== .spec.endpoints[].oauth2.tlsConfig.cert.configMap
+Description::
++
+--
+ConfigMap containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key to select.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
+
+|===
+=== .spec.endpoints[].oauth2.tlsConfig.cert.secret
+Description::
++
+--
+Secret containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.endpoints[].oauth2.tlsConfig.keySecret
+Description::
++
+--
+Secret containing the client key file for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 
 | `optional`
 | `boolean`
@@ -943,13 +1302,10 @@ Description::
 `relabelings` configures the relabeling rules to apply the target's
 metadata labels.
 
-
 The Operator automatically adds relabelings for a few standard Kubernetes fields.
 
-
 The original scrape job's name is available via the `__tmp_prometheus_job_name` label.
 
-
 More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
 --
 
@@ -966,7 +1322,6 @@ Description::
 RelabelConfig allows dynamic rewriting of the label set for targets, alerts,
 scraped samples and remote write samples.
 
-
 More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
 --
 
@@ -984,18 +1339,15 @@ Type::
 | `string`
 | Action to perform based on the regex matching.
 
-
 `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.
 `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.
 
-
 Default: "Replace"
 
 | `modulus`
 | `integer`
 | Modulus to take of the hash of the source label values.
 
-
 Only applicable when the action is `HashMod`.
 
 | `regex`
@@ -1007,7 +1359,6 @@ Only applicable when the action is `HashMod`.
 | Replacement value against which a Replace action is performed if the
 regular expression matches.
 
-
 Regex capture groups are available.
 
 | `separator`
@@ -1024,11 +1375,9 @@ configured regular expression.
 | `string`
 | Label to which the resulting string is written in a replacement.
 
-
 It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,
 `KeepEqual` and `DropEqual` actions.
 
-
 Regex capture groups are available.
 
 |===
@@ -1077,6 +1426,18 @@ Type::
 | `object`
 | Secret containing the client key file for the targets.
 
+| `maxVersion`
+| `string`
+| Maximum acceptable TLS version.
+
+It requires Prometheus >= v2.41.0.
+
+| `minVersion`
+| `string`
+| Minimum acceptable TLS version.
+
+It requires Prometheus >= v2.35.0.
+
 | `serverName`
 | `string`
 | Used to verify the hostname for the targets.
@@ -1137,9 +1498,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -1175,9 +1534,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -1239,9 +1596,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -1277,9 +1632,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -1315,9 +1668,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -1328,8 +1679,8 @@ TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://git
 Description::
 +
 --
-Selector to select which namespaces the Kubernetes `Endpoints` objects
-are discovered from.
+`namespaceSelector` defines in which namespace(s) Prometheus should discover the services.
+By default, the services are discovered in the same namespace as the `ServiceMonitor` object but it is possible to select pods across different/all namespaces.
 --
 
 Type::
@@ -1356,7 +1707,7 @@ list restricting them.
 Description::
 +
 --
-Label selector to select the Kubernetes `Endpoints` objects.
+Label selector to select the Kubernetes `Endpoints` objects to scrape metrics from.
 --
 
 Type::
diff --git a/rest_api/monitoring_apis/thanosruler-monitoring-coreos-com-v1.adoc b/rest_api/monitoring_apis/thanosruler-monitoring-coreos-com-v1.adoc
index 56acd988d2..f1b3c0a825 100644
--- a/rest_api/monitoring_apis/thanosruler-monitoring-coreos-com-v1.adoc
+++ b/rest_api/monitoring_apis/thanosruler-monitoring-coreos-com-v1.adoc
@@ -11,7 +11,11 @@ toc::[]
 Description::
 +
 --
-ThanosRuler defines a ThanosRuler deployment.
+The `ThanosRuler` custom resource definition (CRD) defines a desired [Thanos Ruler](https://github.com/thanos-io/thanos/blob/main/docs/components/rule.md) setup to run in a Kubernetes cluster.
+
+A `ThanosRuler` instance requires at least one compatible Prometheus API endpoint (either Thanos Querier or Prometheus services).
+
+The resource defines via label and namespace selectors which `PrometheusRule` objects should be associated to the deployed Thanos Ruler instances.
 --
 
 Type::
@@ -137,6 +141,14 @@ so, you accept that this behaviour may break at any time without notice.
 | `object`
 | A single application container that you want to run within a pod.
 
+| `dnsConfig`
+| `object`
+| Defines the DNS configuration for the pods.
+
+| `dnsPolicy`
+| `string`
+| Defines the DNS policy for the pods.
+
 | `enforcedNamespaceLabel`
 | `string`
 | EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert
@@ -261,7 +273,6 @@ will be performed on the underlying objects.
 | `object`
 | PodMetadata configures labels and annotations which are propagated to the ThanosRuler pods.
 
-
 The following items are reserved and cannot be overridden:
 * "app.kubernetes.io/name" label, set to "thanos-ruler".
 * "app.kubernetes.io/managed-by" label, set to "prometheus-operator".
@@ -366,10 +377,8 @@ the triple <key,value,effect> using the matching operator <operator>.
 | `object`
 | TracingConfig configures tracing in Thanos.
 
-
 `tracingConfigFile` takes precedence over this field.
 
-
 This is an *experimental feature*, it may change in any upcoming release
 in a breaking way.
 
@@ -377,10 +386,8 @@ in a breaking way.
 | `string`
 | TracingConfig specifies the path of the tracing configuration file.
 
-
 This field takes precedence over `tracingConfig`.
 
-
 This is an *experimental feature*, it may change in any upcoming release
 in a breaking way.
 
@@ -1051,7 +1058,7 @@ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incomin
 pod labels will be ignored. The default value is empty.
 The same key is forbidden to exist in both matchLabelKeys and labelSelector.
 Also, matchLabelKeys cannot be set when labelSelector isn't set.
-This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `mismatchLabelKeys`
 | `array (string)`
@@ -1063,7 +1070,7 @@ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incomin
 pod labels will be ignored. The default value is empty.
 The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
 Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
-This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `namespaceSelector`
 | `object`
@@ -1320,7 +1327,7 @@ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incomin
 pod labels will be ignored. The default value is empty.
 The same key is forbidden to exist in both matchLabelKeys and labelSelector.
 Also, matchLabelKeys cannot be set when labelSelector isn't set.
-This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `mismatchLabelKeys`
 | `array (string)`
@@ -1332,7 +1339,7 @@ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incomin
 pod labels will be ignored. The default value is empty.
 The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
 Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
-This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `namespaceSelector`
 | `object`
@@ -1669,7 +1676,7 @@ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incomin
 pod labels will be ignored. The default value is empty.
 The same key is forbidden to exist in both matchLabelKeys and labelSelector.
 Also, matchLabelKeys cannot be set when labelSelector isn't set.
-This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `mismatchLabelKeys`
 | `array (string)`
@@ -1681,7 +1688,7 @@ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incomin
 pod labels will be ignored. The default value is empty.
 The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
 Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
-This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `namespaceSelector`
 | `object`
@@ -1938,7 +1945,7 @@ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incomin
 pod labels will be ignored. The default value is empty.
 The same key is forbidden to exist in both matchLabelKeys and labelSelector.
 Also, matchLabelKeys cannot be set when labelSelector isn't set.
-This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `mismatchLabelKeys`
 | `array (string)`
@@ -1950,7 +1957,7 @@ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incomin
 pod labels will be ignored. The default value is empty.
 The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
 Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
-This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `namespaceSelector`
 | `object`
@@ -2181,9 +2188,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -2220,9 +2225,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -2598,9 +2601,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -2698,9 +2699,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -2778,9 +2777,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -2810,9 +2807,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -3416,7 +3411,6 @@ Required::
 | Service is the name of the service to place in the gRPC HealthCheckRequest
 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
 
-
 If this is not specified, the default behavior is defined by gRPC.
 
 |===
@@ -3737,7 +3731,6 @@ Required::
 | Service is the name of the service to place in the gRPC HealthCheckRequest
 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
 
-
 If this is not specified, the default behavior is defined by gRPC.
 
 |===
@@ -3930,11 +3923,9 @@ Type::
 | Claims lists the names of resources, defined in spec.resourceClaims,
 that are used by this container.
 
-
 This is an alpha field and requires enabling the
 DynamicResourceAllocation feature gate.
 
-
 This field is immutable. It can only be set for containers.
 
 | `claims[]`
@@ -3961,11 +3952,9 @@ Description::
 Claims lists the names of resources, defined in spec.resourceClaims,
 that are used by this container.
 
-
 This is an alpha field and requires enabling the
 DynamicResourceAllocation feature gate.
 
-
 This field is immutable. It can only be set for containers.
 --
 
@@ -4000,6 +3989,12 @@ Required::
 the Pod where this field is used. It makes that resource available
 inside a container.
 
+| `request`
+| `string`
+| Request is the name chosen for a request in the referenced claim.
+If empty, everything from the claim is made available, otherwise
+only the result of this request.
+
 |===
 === .spec.containers[].securityContext
 Description::
@@ -4052,7 +4047,7 @@ Note that this field cannot be set when spec.os.name is windows.
 | `procMount`
 | `string`
 | procMount denotes the type of proc mount to use for the containers.
-The default is DefaultProcMount which uses the container runtime defaults for
+The default value is Default which uses the container runtime defaults for
 readonly paths and masked paths.
 This requires the ProcMountType feature flag to be enabled.
 Note that this field cannot be set when spec.os.name is windows.
@@ -4248,7 +4243,6 @@ Must be set if type is "Localhost". Must NOT be set for any other type.
 | type indicates which kind of seccomp profile will be applied.
 Valid options are:
 
-
 Localhost - a profile defined in a file on the node should be used.
 RuntimeDefault - the container runtime default profile should be used.
 Unconfined - no profile should be applied.
@@ -4432,7 +4426,6 @@ Required::
 | Service is the name of the service to place in the gRPC HealthCheckRequest
 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
 
-
 If this is not specified, the default behavior is defined by gRPC.
 
 |===
@@ -4661,10 +4654,8 @@ Defaults to false.
 | RecursiveReadOnly specifies whether read-only mounts should be handled
 recursively.
 
-
 If ReadOnly is false, this field has no meaning and must be unspecified.
 
-
 If ReadOnly is true, and this field is set to Disabled, the mount is not made
 recursively read-only.  If this field is set to IfPossible, the mount is made
 recursively read-only, if it is supported by the container runtime.  If this
@@ -4672,11 +4663,9 @@ field is set to Enabled, the mount is made recursively read-only if it is
 supported by the container runtime, otherwise the pod will not be started and
 an error will be generated to indicate the reason.
 
-
 If this field is set to IfPossible or Enabled, MountPropagation must be set to
 None (or be unspecified, which defaults to None).
 
-
 If this field is not specified, it is treated as an equivalent of Disabled.
 
 | `subPath`
@@ -4691,6 +4680,89 @@ Behaves similarly to SubPath but environment variable references $(VAR_NAME) are
 Defaults to "" (volume's root).
 SubPathExpr and SubPath are mutually exclusive.
 
+|===
+=== .spec.dnsConfig
+Description::
++
+--
+Defines the DNS configuration for the pods.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `nameservers`
+| `array (string)`
+| A list of DNS name server IP addresses.
+This will be appended to the base nameservers generated from DNSPolicy.
+
+| `options`
+| `array`
+| A list of DNS resolver options.
+This will be merged with the base options generated from DNSPolicy.
+Resolution options given in Options
+will override those that appear in the base DNSPolicy.
+
+| `options[]`
+| `object`
+| PodDNSConfigOption defines DNS resolver options of a pod.
+
+| `searches`
+| `array (string)`
+| A list of DNS search domains for host-name lookup.
+This will be appended to the base search paths generated from DNSPolicy.
+
+|===
+=== .spec.dnsConfig.options
+Description::
++
+--
+A list of DNS resolver options.
+This will be merged with the base options generated from DNSPolicy.
+Resolution options given in Options
+will override those that appear in the base DNSPolicy.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.dnsConfig.options[]
+Description::
++
+--
+PodDNSConfigOption defines DNS resolver options of a pod.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name is required and must be unique.
+
+| `value`
+| `string`
+| Value is optional.
+
 |===
 === .spec.excludedFromEnforcement
 Description::
@@ -4793,6 +4865,18 @@ Type::
 | `object`
 | Secret containing the client key file for the targets.
 
+| `maxVersion`
+| `string`
+| Maximum acceptable TLS version.
+
+It requires Prometheus >= v2.41.0.
+
+| `minVersion`
+| `string`
+| Minimum acceptable TLS version.
+
+It requires Prometheus >= v2.35.0.
+
 | `serverName`
 | `string`
 | Used to verify the hostname for the targets.
@@ -4853,9 +4937,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -4891,9 +4973,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -4955,9 +5035,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -4993,9 +5071,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -5031,9 +5107,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -5122,9 +5196,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 |===
 === .spec.initContainers
@@ -5496,9 +5568,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -5596,9 +5666,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -5676,9 +5744,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -5708,9 +5774,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -6314,7 +6378,6 @@ Required::
 | Service is the name of the service to place in the gRPC HealthCheckRequest
 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
 
-
 If this is not specified, the default behavior is defined by gRPC.
 
 |===
@@ -6635,7 +6698,6 @@ Required::
 | Service is the name of the service to place in the gRPC HealthCheckRequest
 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
 
-
 If this is not specified, the default behavior is defined by gRPC.
 
 |===
@@ -6828,11 +6890,9 @@ Type::
 | Claims lists the names of resources, defined in spec.resourceClaims,
 that are used by this container.
 
-
 This is an alpha field and requires enabling the
 DynamicResourceAllocation feature gate.
 
-
 This field is immutable. It can only be set for containers.
 
 | `claims[]`
@@ -6859,11 +6919,9 @@ Description::
 Claims lists the names of resources, defined in spec.resourceClaims,
 that are used by this container.
 
-
 This is an alpha field and requires enabling the
 DynamicResourceAllocation feature gate.
 
-
 This field is immutable. It can only be set for containers.
 --
 
@@ -6898,6 +6956,12 @@ Required::
 the Pod where this field is used. It makes that resource available
 inside a container.
 
+| `request`
+| `string`
+| Request is the name chosen for a request in the referenced claim.
+If empty, everything from the claim is made available, otherwise
+only the result of this request.
+
 |===
 === .spec.initContainers[].securityContext
 Description::
@@ -6950,7 +7014,7 @@ Note that this field cannot be set when spec.os.name is windows.
 | `procMount`
 | `string`
 | procMount denotes the type of proc mount to use for the containers.
-The default is DefaultProcMount which uses the container runtime defaults for
+The default value is Default which uses the container runtime defaults for
 readonly paths and masked paths.
 This requires the ProcMountType feature flag to be enabled.
 Note that this field cannot be set when spec.os.name is windows.
@@ -7146,7 +7210,6 @@ Must be set if type is "Localhost". Must NOT be set for any other type.
 | type indicates which kind of seccomp profile will be applied.
 Valid options are:
 
-
 Localhost - a profile defined in a file on the node should be used.
 RuntimeDefault - the container runtime default profile should be used.
 Unconfined - no profile should be applied.
@@ -7330,7 +7393,6 @@ Required::
 | Service is the name of the service to place in the gRPC HealthCheckRequest
 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
 
-
 If this is not specified, the default behavior is defined by gRPC.
 
 |===
@@ -7559,10 +7621,8 @@ Defaults to false.
 | RecursiveReadOnly specifies whether read-only mounts should be handled
 recursively.
 
-
 If ReadOnly is false, this field has no meaning and must be unspecified.
 
-
 If ReadOnly is true, and this field is set to Disabled, the mount is not made
 recursively read-only.  If this field is set to IfPossible, the mount is made
 recursively read-only, if it is supported by the container runtime.  If this
@@ -7570,11 +7630,9 @@ field is set to Enabled, the mount is made recursively read-only if it is
 supported by the container runtime, otherwise the pod will not be started and
 an error will be generated to indicate the reason.
 
-
 If this field is set to IfPossible or Enabled, MountPropagation must be set to
 None (or be unspecified, which defaults to None).
 
-
 If this field is not specified, it is treated as an equivalent of Disabled.
 
 | `subPath`
@@ -7620,9 +7678,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -7635,7 +7691,6 @@ Description::
 --
 PodMetadata configures labels and annotations which are propagated to the ThanosRuler pods.
 
-
 The following items are reserved and cannot be overridden:
 * "app.kubernetes.io/name" label, set to "thanos-ruler".
 * "app.kubernetes.io/managed-by" label, set to "prometheus-operator".
@@ -7757,9 +7812,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -7789,11 +7842,9 @@ Type::
 | Claims lists the names of resources, defined in spec.resourceClaims,
 that are used by this container.
 
-
 This is an alpha field and requires enabling the
 DynamicResourceAllocation feature gate.
 
-
 This field is immutable. It can only be set for containers.
 
 | `claims[]`
@@ -7820,11 +7871,9 @@ Description::
 Claims lists the names of resources, defined in spec.resourceClaims,
 that are used by this container.
 
-
 This is an alpha field and requires enabling the
 DynamicResourceAllocation feature gate.
 
-
 This field is immutable. It can only be set for containers.
 --
 
@@ -7859,6 +7908,12 @@ Required::
 the Pod where this field is used. It makes that resource available
 inside a container.
 
+| `request`
+| `string`
+| Request is the name chosen for a request in the referenced claim.
+If empty, everything from the claim is made available, otherwise
+only the result of this request.
+
 |===
 === .spec.ruleNamespaceSelector
 Description::
@@ -8059,12 +8114,10 @@ Note that this field cannot be set when spec.os.name is windows.
 Some volume types allow the Kubelet to change the ownership of that volume
 to be owned by the pod:
 
-
 1. The owning GID will be the FSGroup
 2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
 3. The permission bits are OR'd with rw-rw----
 
-
 If unset, the Kubelet will not modify the ownership and permissions of any volume.
 Note that this field cannot be set when spec.os.name is windows.
 
@@ -8121,12 +8174,22 @@ Note that this field cannot be set when spec.os.name is windows.
 
 | `supplementalGroups`
 | `array (integer)`
-| A list of groups applied to the first process run in each container, in addition
-to the container's primary GID, the fsGroup (if specified), and group memberships
-defined in the container image for the uid of the container process. If unspecified,
-no additional groups are added to any container. Note that group memberships
-defined in the container image for the uid of the container process are still effective,
-even if they are not included in this list.
+| A list of groups applied to the first process run in each container, in
+addition to the container's primary GID and fsGroup (if specified).  If
+the SupplementalGroupsPolicy feature is enabled, the
+supplementalGroupsPolicy field determines whether these are in addition
+to or instead of any group memberships defined in the container image.
+If unspecified, no additional groups are added, though group memberships
+defined in the container image may still be used, depending on the
+supplementalGroupsPolicy field.
+Note that this field cannot be set when spec.os.name is windows.
+
+| `supplementalGroupsPolicy`
+| `string`
+| Defines how supplemental groups of the first container processes are calculated.
+Valid values are "Merge" and "Strict". If not specified, "Merge" is used.
+(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled
+and the container runtime must implement support for this feature.
 Note that this field cannot be set when spec.os.name is windows.
 
 | `sysctls`
@@ -8254,7 +8317,6 @@ Must be set if type is "Localhost". Must NOT be set for any other type.
 | type indicates which kind of seccomp profile will be applied.
 Valid options are:
 
-
 Localhost - a profile defined in a file on the node should be used.
 RuntimeDefault - the container runtime default profile should be used.
 Unconfined - no profile should be applied.
@@ -8456,7 +8518,6 @@ pod.  The name of the PVC will be `<pod name>-<volume name>` where
 entry. Pod validation will reject the pod if the concatenated name
 is not valid for a PVC (for example, too long).
 
-
 An existing PVC with that name that is not owned by the pod
 will *not* be used for the pod to avoid using an unrelated
 volume by mistake. Starting the pod is then blocked until
@@ -8466,11 +8527,9 @@ owner reference to the pod once the pod exists. Normally
 this should not be necessary, but it may be useful when
 manually reconstructing a broken cluster.
 
-
 This field is read-only and no changes will be made by Kubernetes
 to the PVC after it has been created.
 
-
 Required, must not be nil.
 
 |===
@@ -8486,7 +8545,6 @@ pod.  The name of the PVC will be `<pod name>-<volume name>` where
 entry. Pod validation will reject the pod if the concatenated name
 is not valid for a PVC (for example, too long).
 
-
 An existing PVC with that name that is not owned by the pod
 will *not* be used for the pod to avoid using an unrelated
 volume by mistake. Starting the pod is then blocked until
@@ -8496,11 +8554,9 @@ owner reference to the pod once the pod exists. Normally
 this should not be necessary, but it may be useful when
 manually reconstructing a broken cluster.
 
-
 This field is read-only and no changes will be made by Kubernetes
 to the PVC after it has been created.
 
-
 Required, must not be nil.
 --
 
@@ -8637,7 +8693,7 @@ If the resource referred to by volumeAttributesClass does not exist, this Persis
 set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource
 exists.
 More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/
-(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
+(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
 
 | `volumeMode`
 | `string`
@@ -9051,7 +9107,7 @@ If the resource referred to by volumeAttributesClass does not exist, this Persis
 set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource
 exists.
 More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/
-(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
+(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
 
 | `volumeMode`
 | `string`
@@ -9318,7 +9374,6 @@ Key names follow standard Kubernetes label syntax. Valid values are either:
 Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered
 reserved and hence may not be used.
 
-
 ClaimResourceStatus can be in any of following states:
 	- ControllerResizeInProgress:
 		State set when resize controller starts resizing the volume in control-plane.
@@ -9340,13 +9395,11 @@ For example: if expanding a PVC for more capacity - this field can be one of the
      - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeFailed"
 When this field is not set, it means that no resize operation is in progress for the given PVC.
 
-
 A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus
 should ignore the update for the purpose it was designed. For example - a controller that
 only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid
 resources associated with PVC.
 
-
 This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
 
 | `allocatedResources`
@@ -9359,7 +9412,6 @@ Key names follow standard Kubernetes label syntax. Valid values are either:
 Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered
 reserved and hence may not be used.
 
-
 Capacity reported here may be larger than the actual capacity when a volume expansion operation
 is requested.
 For storage quota, the larger value from allocatedResources and PVC.spec.resources is used.
@@ -9368,13 +9420,11 @@ If a volume expansion capacity request is lowered, allocatedResources is only
 lowered if there are no expansion operations in progress and if the actual volume capacity
 is equal or lower than the requested capacity.
 
-
 A controller that receives PVC update with previously unknown resourceName
 should ignore the update for the purpose it was designed. For example - a controller that
 only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid
 resources associated with PVC.
 
-
 This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
 
 | `capacity`
@@ -9394,13 +9444,13 @@ resized then the Condition will be set to 'Resizing'.
 | `string`
 | currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.
 When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim
-This is an alpha field and requires enabling VolumeAttributesClass feature.
+This is a beta field and requires enabling VolumeAttributesClass feature (off by default).
 
 | `modifyVolumeStatus`
 | `object`
 | ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.
 When this is unset, there is no ModifyVolume operation being attempted.
-This is an alpha field and requires enabling VolumeAttributesClass feature.
+This is a beta field and requires enabling VolumeAttributesClass feature (off by default).
 
 | `phase`
 | `string`
@@ -9465,7 +9515,15 @@ persistent volume is being resized.
 
 | `type`
 | `string`
-| PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type
+| PersistentVolumeClaimConditionType defines the condition of PV claim.
+Valid values are:
+  - "Resizing", "FileSystemResizePending"
+
+If RecoverVolumeExpansionFailure feature gate is enabled, then following additional values can be expected:
+  - "ControllerResizeError", "NodeResizeError"
+
+If VolumeAttributesClass feature gate is enabled, then following additional values can be expected:
+  - "ModifyVolumeError", "ModifyingVolume"
 
 |===
 === .spec.storage.volumeClaimTemplate.status.modifyVolumeStatus
@@ -9474,7 +9532,7 @@ Description::
 --
 ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.
 When this is unset, there is no ModifyVolume operation being attempted.
-This is an alpha field and requires enabling VolumeAttributesClass feature.
+This is a beta field and requires enabling VolumeAttributesClass feature (off by default).
 --
 
 Type::
@@ -9619,7 +9677,6 @@ MatchLabelKeys cannot be set when LabelSelector isn't set.
 Keys that don't exist in the incoming pod labels will
 be ignored. A null or empty list means only match against labelSelector.
 
-
 This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
 
 | `maxSkew`
@@ -9655,7 +9712,6 @@ If value is nil, the constraint behaves as if MinDomains is equal to 1.
 Valid values are integers greater than 0.
 When value is not nil, WhenUnsatisfiable must be DoNotSchedule.
 
-
 For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same
 labelSelector spread as 2/2/2:
 \| zone1 \| zone2 \| zone3 \|
@@ -9672,7 +9728,6 @@ when calculating pod topology spread skew. Options are:
 - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.
 - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.
 
-
 If this value is nil, the behavior is equivalent to the Honor policy.
 This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
 
@@ -9684,7 +9739,6 @@ pod topology spread skew. Options are:
 has a toleration, are included.
 - Ignore: node taints are ignored. All nodes are included.
 
-
 If this value is nil, the behavior is equivalent to the Ignore policy.
 This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
 
@@ -9815,10 +9869,8 @@ Description::
 --
 TracingConfig configures tracing in Thanos.
 
-
 `tracingConfigFile` takes precedence over this field.
 
-
 This is an *experimental feature*, it may change in any upcoming release
 in a breaking way.
 --
@@ -9845,9 +9897,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -9917,10 +9967,8 @@ Defaults to false.
 | RecursiveReadOnly specifies whether read-only mounts should be handled
 recursively.
 
-
 If ReadOnly is false, this field has no meaning and must be unspecified.
 
-
 If ReadOnly is true, and this field is set to Disabled, the mount is not made
 recursively read-only.  If this field is set to IfPossible, the mount is made
 recursively read-only, if it is supported by the container runtime.  If this
@@ -9928,11 +9976,9 @@ field is set to Enabled, the mount is made recursively read-only if it is
 supported by the container runtime, otherwise the pod will not be started and
 an error will be generated to indicate the reason.
 
-
 If this field is set to IfPossible or Enabled, MountPropagation must be set to
 None (or be unspecified, which defaults to None).
 
-
 If this field is not specified, it is treated as an equivalent of Disabled.
 
 | `subPath`
@@ -10027,7 +10073,6 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
 The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,
 and deleted when the pod is removed.
 
-
 Use this if:
 a) the volume is only needed while the pod runs,
 b) features of normal volumes like restoring from snapshot or capacity
@@ -10038,17 +10083,14 @@ d) the storage driver supports dynamic volume provisioning through
    information on the connection between this volume type
    and PersistentVolumeClaim).
 
-
 Use PersistentVolumeClaim or one of the vendor-specific
 APIs for volumes that persist for longer than the lifecycle
 of an individual pod.
 
-
 Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to
 be used that way - see the documentation of the driver for
 more information.
 
-
 A pod can use both types of ephemeral volumes and
 persistent volumes at the same time.
 
@@ -10090,9 +10132,23 @@ machine that is directly exposed to the container. This is generally
 used for system agents or other privileged things that are allowed
 to see the host machine. Most containers will NOT need this.
 More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
----
-TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not
-mount host directories as read/write.
+
+| `image`
+| `object`
+| image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.
+The volume is resolved at pod startup depending on which PullPolicy value is provided:
+
+- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.
+- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.
+- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.
+
+The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.
+A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.
+The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.
+The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.
+The volume will be mounted read-only (ro) and non-executable files (noexec).
+Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).
+The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.
 
 | `iscsi`
 | `object`
@@ -10183,7 +10239,6 @@ Required::
 Tip: Ensure that the filesystem type is supported by the host operating system.
 Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
-TODO: how do we prevent errors in the filesystem from compromising the machine
 
 | `partition`
 | `integer`
@@ -10359,9 +10414,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 |===
 === .spec.volumes[].cinder
@@ -10432,9 +10485,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 |===
 === .spec.volumes[].configMap
@@ -10484,9 +10535,7 @@ relative and may not contain the '..' path or start with '..'.
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -10629,9 +10678,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 |===
 === .spec.volumes[].downwardAPI
@@ -10830,7 +10877,6 @@ ephemeral represents a volume that is handled by a cluster storage driver.
 The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,
 and deleted when the pod is removed.
 
-
 Use this if:
 a) the volume is only needed while the pod runs,
 b) features of normal volumes like restoring from snapshot or capacity
@@ -10841,17 +10887,14 @@ d) the storage driver supports dynamic volume provisioning through
    information on the connection between this volume type
    and PersistentVolumeClaim).
 
-
 Use PersistentVolumeClaim or one of the vendor-specific
 APIs for volumes that persist for longer than the lifecycle
 of an individual pod.
 
-
 Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to
 be used that way - see the documentation of the driver for
 more information.
 
-
 A pod can use both types of ephemeral volumes and
 persistent volumes at the same time.
 --
@@ -10876,7 +10919,6 @@ pod.  The name of the PVC will be `<pod name>-<volume name>` where
 entry. Pod validation will reject the pod if the concatenated name
 is not valid for a PVC (for example, too long).
 
-
 An existing PVC with that name that is not owned by the pod
 will *not* be used for the pod to avoid using an unrelated
 volume by mistake. Starting the pod is then blocked until
@@ -10886,11 +10928,9 @@ owner reference to the pod once the pod exists. Normally
 this should not be necessary, but it may be useful when
 manually reconstructing a broken cluster.
 
-
 This field is read-only and no changes will be made by Kubernetes
 to the PVC after it has been created.
 
-
 Required, must not be nil.
 
 |===
@@ -10906,7 +10946,6 @@ pod.  The name of the PVC will be `<pod name>-<volume name>` where
 entry. Pod validation will reject the pod if the concatenated name
 is not valid for a PVC (for example, too long).
 
-
 An existing PVC with that name that is not owned by the pod
 will *not* be used for the pod to avoid using an unrelated
 volume by mistake. Starting the pod is then blocked until
@@ -10916,11 +10955,9 @@ owner reference to the pod once the pod exists. Normally
 this should not be necessary, but it may be useful when
 manually reconstructing a broken cluster.
 
-
 This field is read-only and no changes will be made by Kubernetes
 to the PVC after it has been created.
 
-
 Required, must not be nil.
 --
 
@@ -11057,7 +11094,7 @@ If the resource referred to by volumeAttributesClass does not exist, this Persis
 set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource
 exists.
 More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/
-(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
+(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
 
 | `volumeMode`
 | `string`
@@ -11314,7 +11351,6 @@ Type::
 | fsType is the filesystem type to mount.
 Must be a filesystem type supported by the host operating system.
 Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
-TODO: how do we prevent errors in the filesystem from compromising the machine
 
 | `lun`
 | `integer`
@@ -11410,9 +11446,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 |===
 === .spec.volumes[].flocker
@@ -11469,7 +11503,6 @@ Required::
 Tip: Ensure that the filesystem type is supported by the host operating system.
 Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
-TODO: how do we prevent errors in the filesystem from compromising the machine
 
 | `partition`
 | `integer`
@@ -11576,9 +11609,6 @@ machine that is directly exposed to the container. This is generally
 used for system agents or other privileged things that are allowed
 to see the host machine. Most containers will NOT need this.
 More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
----
-TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not
-mount host directories as read/write.
 --
 
 Type::
@@ -11605,6 +11635,54 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
 Defaults to ""
 More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
 
+|===
+=== .spec.volumes[].image
+Description::
++
+--
+image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.
+The volume is resolved at pod startup depending on which PullPolicy value is provided:
+
+- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.
+- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.
+- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.
+
+The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.
+A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.
+The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.
+The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.
+The volume will be mounted read-only (ro) and non-executable files (noexec).
+Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).
+The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `pullPolicy`
+| `string`
+| Policy for pulling OCI objects. Possible values are:
+Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.
+Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.
+IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.
+Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+
+| `reference`
+| `string`
+| Required: Image or artifact reference to be used.
+Behaves in the same way as pod.spec.containers[*].image.
+Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.
+More info: https://kubernetes.io/docs/concepts/containers/images
+This field is optional to allow higher level config management to default or override
+container images in workload controllers like Deployments and StatefulSets.
+
 |===
 === .spec.volumes[].iscsi
 Description::
@@ -11643,7 +11721,6 @@ Required::
 Tip: Ensure that the filesystem type is supported by the host operating system.
 Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
-TODO: how do we prevent errors in the filesystem from compromising the machine
 
 | `initiatorName`
 | `string`
@@ -11707,9 +11784,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 |===
 === .spec.volumes[].nfs
@@ -11875,18 +11950,21 @@ mode, like fsGroup, and the result can be other mode bits set.
 
 | `sources`
 | `array`
-| sources is the list of volume projections
+| sources is the list of volume projections. Each entry in this list
+handles one source.
 
 | `sources[]`
 | `object`
-| Projection that may be projected along with other supported volume types
+| Projection that may be projected along with other supported volume types.
+Exactly one of these fields must be set.
 
 |===
 === .spec.volumes[].projected.sources
 Description::
 +
 --
-sources is the list of volume projections
+sources is the list of volume projections. Each entry in this list
+handles one source.
 --
 
 Type::
@@ -11899,7 +11977,8 @@ Type::
 Description::
 +
 --
-Projection that may be projected along with other supported volume types
+Projection that may be projected along with other supported volume types.
+Exactly one of these fields must be set.
 --
 
 Type::
@@ -11917,14 +11996,11 @@ Type::
 | ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field
 of ClusterTrustBundle objects in an auto-updating file.
 
-
 Alpha, gated by the ClusterTrustBundleProjection feature gate.
 
-
 ClusterTrustBundle objects can either be selected by name, or by the
 combination of signer name and a label selector.
 
-
 Kubelet performs aggressive normalization of the PEM contents written
 into the pod filesystem.  Esoteric PEM features such as inter-block
 comments and block headers are stripped.  Certificates are deduplicated.
@@ -11955,14 +12031,11 @@ Description::
 ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field
 of ClusterTrustBundle objects in an auto-updating file.
 
-
 Alpha, gated by the ClusterTrustBundleProjection feature gate.
 
-
 ClusterTrustBundle objects can either be selected by name, or by the
 combination of signer name and a label selector.
 
-
 Kubelet performs aggressive normalization of the PEM contents written
 into the pod filesystem.  Esoteric PEM features such as inter-block
 comments and block headers are stripped.  Certificates are deduplicated.
@@ -12137,9 +12210,7 @@ relative and may not contain the '..' path or start with '..'.
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -12385,9 +12456,7 @@ relative and may not contain the '..' path or start with '..'.
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -12573,7 +12642,6 @@ Required::
 Tip: Ensure that the filesystem type is supported by the host operating system.
 Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
-TODO: how do we prevent errors in the filesystem from compromising the machine
 
 | `image`
 | `string`
@@ -12643,9 +12711,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 |===
 === .spec.volumes[].scaleIO
@@ -12741,9 +12807,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 |===
 === .spec.volumes[].secret
@@ -12930,9 +12994,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 |===
 === .spec.volumes[].vsphereVolume
@@ -13087,9 +13149,6 @@ Defines the TLS parameters for HTTPS.
 Type::
   `object`
 
-Required::
-  - `cert`
-  - `keySecret`
 
 
 
@@ -13101,6 +13160,11 @@ Required::
 | `object`
 | Contains the TLS certificate for the server.
 
+| `certFile`
+| `string`
+| Path to the TLS certificate file in the Prometheus container for the server.
+Mutually exclusive with `cert`.
+
 | `cipherSuites`
 | `array (string)`
 | List of supported cipher suites for TLS versions up to TLS 1.2. If empty,
@@ -13113,6 +13177,11 @@ in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants
 For more detail on clientAuth options:
 https://golang.org/pkg/crypto/tls/#ClientAuthType
 
+| `clientCAFile`
+| `string`
+| Path to the CA certificate file for client certificate authentication to the server.
+Mutually exclusive with `client_ca`.
+
 | `client_ca`
 | `object`
 | Contains the CA certificate for client certificate authentication to the server.
@@ -13123,6 +13192,11 @@ https://golang.org/pkg/crypto/tls/#ClientAuthType
 order. Available curves are documented in the go documentation:
 https://golang.org/pkg/crypto/tls/#CurveID
 
+| `keyFile`
+| `string`
+| Path to the TLS key file in the Prometheus container for the server.
+Mutually exclusive with `keySecret`.
+
 | `keySecret`
 | `object`
 | Secret containing the TLS key for the server.
@@ -13198,9 +13272,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -13236,9 +13308,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -13300,9 +13370,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -13338,9 +13406,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -13376,9 +13442,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -13417,7 +13481,7 @@ targeted by this ThanosRuler deployment.
 
 | `conditions`
 | `array`
-| The current state of the Alertmanager object.
+| The current state of the ThanosRuler object.
 
 | `conditions[]`
 | `object`
@@ -13448,7 +13512,7 @@ that have the desired version spec.
 Description::
 +
 --
-The current state of the Alertmanager object.
+The current state of the ThanosRuler object.
 --
 
 Type::
diff --git a/rest_api/network_apis/cloudprivateipconfig-cloud-network-openshift-io-v1.adoc b/rest_api/network_apis/cloudprivateipconfig-cloud-network-openshift-io-v1.adoc
index 9dff5cfcc6..905a8e9a32 100644
--- a/rest_api/network_apis/cloudprivateipconfig-cloud-network-openshift-io-v1.adoc
+++ b/rest_api/network_apis/cloudprivateipconfig-cloud-network-openshift-io-v1.adoc
@@ -11,8 +11,18 @@ toc::[]
 Description::
 +
 --
-CloudPrivateIPConfig performs an assignment of a private IP address to the primary NIC associated with cloud VMs. This is done by specifying the IP and Kubernetes node which the IP should be assigned to. This CRD is intended to be used by the network plugin which manages the cluster network. The spec side represents the desired state requested by the network plugin, and the status side represents the current state that this CRD's controller has executed. No users will have permission to modify it, and if a cluster-admin decides to edit it for some reason, their changes will be overwritten the next time the network plugin reconciles the object. Note: the CR's name must specify the requested private IP address (can be IPv4 or IPv6). 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+CloudPrivateIPConfig performs an assignment of a private IP address to the
+primary NIC associated with cloud VMs. This is done by specifying the IP and
+Kubernetes node which the IP should be assigned to. This CRD is intended to
+be used by the network plugin which manages the cluster network. The spec
+side represents the desired state requested by the network plugin, and the
+status side represents the current state that this CRD's controller has
+executed. No users will have permission to modify it, and if a cluster-admin
+decides to edit it for some reason, their changes will be overwritten the
+next time the network plugin reconciles the object. Note: the CR's name
+must specify the requested private IP address (can be IPv4 or IPv6).
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -96,9 +106,7 @@ Required::
 
 | `conditions[]`
 | `object`
-| Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions.  For example, 
- type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` 
- // other fields }
+| Condition contains details for one aspect of the current state of this API Resource.
 
 | `node`
 | `string`
@@ -122,9 +130,7 @@ Type::
 Description::
 +
 --
-Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions.  For example, 
- type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` 
- // other fields }
+Condition contains details for one aspect of the current state of this API Resource.
 --
 
 Type::
@@ -145,19 +151,27 @@ Required::
 
 | `lastTransitionTime`
 | `string`
-| lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
+| lastTransitionTime is the last time the condition transitioned from one status to another.
+This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
 
 | `message`
 | `string`
-| message is a human readable message indicating details about the transition. This may be an empty string.
+| message is a human readable message indicating details about the transition.
+This may be an empty string.
 
 | `observedGeneration`
 | `integer`
-| observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
+| observedGeneration represents the .metadata.generation that the condition was set based upon.
+For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+with respect to the current state of the instance.
 
 | `reason`
 | `string`
-| reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
+| reason contains a programmatic identifier indicating the reason for the condition's last transition.
+Producers of specific condition types may define expected values and meanings for this field,
+and whether the values are considered a guaranteed API.
+The value should be a CamelCase string.
+This field may not be empty.
 
 | `status`
 | `string`
@@ -165,7 +179,7 @@ Required::
 
 | `type`
 | `string`
-| type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+| type of condition in CamelCase or in foo.example.com/CamelCase.
 
 |===
 
diff --git a/rest_api/network_apis/egressrouter-network-operator-openshift-io-v1.adoc b/rest_api/network_apis/egressrouter-network-operator-openshift-io-v1.adoc
index 09582534c7..6bce919eec 100644
--- a/rest_api/network_apis/egressrouter-network-operator-openshift-io-v1.adoc
+++ b/rest_api/network_apis/egressrouter-network-operator-openshift-io-v1.adoc
@@ -11,10 +11,20 @@ toc::[]
 Description::
 +
 --
-EgressRouter is a feature allowing the user to define an egress router that acts as a bridge between pods and external systems. The egress router runs a service that redirects egress traffic originating from a pod or a group of pods to a remote external system or multiple destinations as per configuration. 
- It is consumed by the cluster-network-operator. More specifically, given an EgressRouter CR with <name>, the CNO will create and manage: - A service called <name> - An egress pod called <name> - A NAD called <name> 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). 
- EgressRouter is a single egressrouter pod configuration object.
+EgressRouter is a feature allowing the user to define an egress router
+that acts as a bridge between pods and external systems. The egress router runs
+a service that redirects egress traffic originating from a pod or a group of
+pods to a remote external system or multiple destinations as per configuration.
+
+It is consumed by the cluster-network-operator.
+More specifically, given an EgressRouter CR with <name>, the CNO will create and manage:
+- A service called <name>
+- An egress pod called <name>
+- A NAD called <name>
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+
+EgressRouter is a single egressrouter pod configuration object.
 --
 
 Type::
@@ -86,7 +96,8 @@ Required::
 
 | `networkInterface`
 | `object`
-| Specification of interface to create/use. The default is macvlan. Currently only macvlan is supported.
+| Specification of interface to create/use. The default is macvlan.
+Currently only macvlan is supported.
 
 | `redirect`
 | `object`
@@ -138,7 +149,8 @@ Required::
 Description::
 +
 --
-Specification of interface to create/use. The default is macvlan. Currently only macvlan is supported.
+Specification of interface to create/use. The default is macvlan.
+Currently only macvlan is supported.
 --
 
 Type::
@@ -203,7 +215,10 @@ Type::
 
 | `fallbackIP`
 | `string`
-| FallbackIP specifies the remote destination's IP address. Can be IPv4 or IPv6. If no redirect rules are specified, all traffic from the router are redirected to this IP. If redirect rules are specified, then any connections on any other port (undefined in the rules) on the router will be redirected to this IP. If redirect rules are specified and no fallback IP is provided, connections on other ports will simply be rejected.
+| FallbackIP specifies the remote destination's IP address. Can be IPv4 or IPv6.
+If no redirect rules are specified, all traffic from the router are redirected to this IP.
+If redirect rules are specified, then any connections on any other port (undefined in the rules) on the router will be redirected to this IP.
+If redirect rules are specified and no fallback IP is provided, connections on other ports will simply be rejected.
 
 | `redirectRules`
 | `array`
@@ -262,7 +277,8 @@ Required::
 
 | `targetPort`
 | `integer`
-| TargetPort allows specifying the port number on the remote destination to which the traffic gets redirected to. If unspecified, the value from "Port" is used.
+| TargetPort allows specifying the port number on the remote destination to which the traffic gets redirected to.
+If unspecified, the value from "Port" is used.
 
 |===
 === .status
@@ -290,7 +306,8 @@ Required::
 
 | `conditions[]`
 | `object`
-| EgressRouterStatusCondition represents the state of the egress router's managed and monitored components.
+| EgressRouterStatusCondition represents the state of the egress router's
+managed and monitored components.
 
 |===
 === .status.conditions
@@ -310,7 +327,8 @@ Type::
 Description::
 +
 --
-EgressRouterStatusCondition represents the state of the egress router's managed and monitored components.
+EgressRouterStatusCondition represents the state of the egress router's
+managed and monitored components.
 --
 
 Type::
@@ -332,7 +350,9 @@ Required::
 
 | `message`
 | `string`
-| Message provides additional information about the current condition. This is only to be consumed by humans.  It may contain Line Feed characters (U+000A), which should be rendered as new lines.
+| Message provides additional information about the current condition.
+This is only to be consumed by humans.  It may contain Line Feed
+characters (U+000A), which should be rendered as new lines.
 
 | `reason`
 | `string`
diff --git a/rest_api/network_apis/network-apis-index.adoc b/rest_api/network_apis/network-apis-index.adoc
index a028d67a0b..690ca6bf0b 100644
--- a/rest_api/network_apis/network-apis-index.adoc
+++ b/rest_api/network_apis/network-apis-index.adoc
@@ -47,8 +47,18 @@ Type::
 Description::
 +
 --
-CloudPrivateIPConfig performs an assignment of a private IP address to the primary NIC associated with cloud VMs. This is done by specifying the IP and Kubernetes node which the IP should be assigned to. This CRD is intended to be used by the network plugin which manages the cluster network. The spec side represents the desired state requested by the network plugin, and the status side represents the current state that this CRD's controller has executed. No users will have permission to modify it, and if a cluster-admin decides to edit it for some reason, their changes will be overwritten the next time the network plugin reconciles the object. Note: the CR's name must specify the requested private IP address (can be IPv4 or IPv6). 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+CloudPrivateIPConfig performs an assignment of a private IP address to the
+primary NIC associated with cloud VMs. This is done by specifying the IP and
+Kubernetes node which the IP should be assigned to. This CRD is intended to
+be used by the network plugin which manages the cluster network. The spec
+side represents the desired state requested by the network plugin, and the
+status side represents the current state that this CRD's controller has
+executed. No users will have permission to modify it, and if a cluster-admin
+decides to edit it for some reason, their changes will be overwritten the
+next time the network plugin reconciles the object. Note: the CR's name
+must specify the requested private IP address (can be IPv4 or IPv6).
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -141,10 +151,20 @@ Type::
 Description::
 +
 --
-EgressRouter is a feature allowing the user to define an egress router that acts as a bridge between pods and external systems. The egress router runs a service that redirects egress traffic originating from a pod or a group of pods to a remote external system or multiple destinations as per configuration. 
- It is consumed by the cluster-network-operator. More specifically, given an EgressRouter CR with <name>, the CNO will create and manage: - A service called <name> - An egress pod called <name> - A NAD called <name> 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). 
- EgressRouter is a single egressrouter pod configuration object.
+EgressRouter is a feature allowing the user to define an egress router
+that acts as a bridge between pods and external systems. The egress router runs
+a service that redirects egress traffic originating from a pod or a group of
+pods to a remote external system or multiple destinations as per configuration.
+
+It is consumed by the cluster-network-operator.
+More specifically, given an EgressRouter CR with <name>, the CNO will create and manage:
+- A service called <name>
+- An egress pod called <name>
+- A NAD called <name>
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+
+EgressRouter is a single egressrouter pod configuration object.
 --
 
 Type::
@@ -232,8 +252,9 @@ Type::
 Description::
 +
 --
-PodNetworkConnectivityCheck 
- Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.
+PodNetworkConnectivityCheck
+
+Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.
 --
 
 Type::
diff --git a/rest_api/network_apis/podnetworkconnectivitycheck-controlplane-operator-openshift-io-v1alpha1.adoc b/rest_api/network_apis/podnetworkconnectivitycheck-controlplane-operator-openshift-io-v1alpha1.adoc
index 1edc62a944..6ab72cacae 100644
--- a/rest_api/network_apis/podnetworkconnectivitycheck-controlplane-operator-openshift-io-v1alpha1.adoc
+++ b/rest_api/network_apis/podnetworkconnectivitycheck-controlplane-operator-openshift-io-v1alpha1.adoc
@@ -11,8 +11,9 @@ toc::[]
 Description::
 +
 --
-PodNetworkConnectivityCheck 
- Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.
+PodNetworkConnectivityCheck
+
+Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.
 --
 
 Type::
@@ -75,18 +76,28 @@ Required::
 
 | `targetEndpoint`
 | `string`
-| EndpointAddress to check. A TCP address of the form host:port. Note that if host is a DNS name, then the check would fail if the DNS name cannot be resolved. Specify an IP address for host to bypass DNS name lookup.
+| EndpointAddress to check. A TCP address of the form host:port. Note that
+if host is a DNS name, then the check would fail if the DNS name cannot
+be resolved. Specify an IP address for host to bypass DNS name lookup.
 
 | `tlsClientCert`
 | `object`
-| TLSClientCert, if specified, references a kubernetes.io/tls type secret with 'tls.crt' and 'tls.key' entries containing an optional TLS client certificate and key to be used when checking endpoints that require a client certificate in order to gracefully preform the scan without causing excessive logging in the endpoint process. The secret must exist in the same namespace as this resource.
+| TLSClientCert, if specified, references a kubernetes.io/tls type secret with 'tls.crt' and
+'tls.key' entries containing an optional TLS client certificate and key to be used when
+checking endpoints that require a client certificate in order to gracefully preform the
+scan without causing excessive logging in the endpoint process. The secret must exist in
+the same namespace as this resource.
 
 |===
 === .spec.tlsClientCert
 Description::
 +
 --
-TLSClientCert, if specified, references a kubernetes.io/tls type secret with 'tls.crt' and 'tls.key' entries containing an optional TLS client certificate and key to be used when checking endpoints that require a client certificate in order to gracefully preform the scan without causing excessive logging in the endpoint process. The secret must exist in the same namespace as this resource.
+TLSClientCert, if specified, references a kubernetes.io/tls type secret with 'tls.crt' and
+'tls.key' entries containing an optional TLS client certificate and key to be used when
+checking endpoints that require a client certificate in order to gracefully preform the
+scan without causing excessive logging in the endpoint process. The secret must exist in
+the same namespace as this resource.
 --
 
 Type::
@@ -299,7 +310,8 @@ Type::
 
 | `endLogs`
 | `array`
-| EndLogs contains log entries related to the end of this outage. Should contain the success entry that resolved the outage and possibly a few of the failure log entries that preceded it.
+| EndLogs contains log entries related to the end of this outage. Should contain the success
+entry that resolved the outage and possibly a few of the failure log entries that preceded it.
 
 | `endLogs[]`
 | `object`
@@ -315,7 +327,8 @@ Type::
 
 | `startLogs`
 | `array`
-| StartLogs contains log entries related to the start of this outage. Should contain the original failure, any entries where the failure mode changed.
+| StartLogs contains log entries related to the start of this outage. Should contain
+the original failure, any entries where the failure mode changed.
 
 | `startLogs[]`
 | `object`
@@ -326,7 +339,8 @@ Type::
 Description::
 +
 --
-EndLogs contains log entries related to the end of this outage. Should contain the success entry that resolved the outage and possibly a few of the failure log entries that preceded it.
+EndLogs contains log entries related to the end of this outage. Should contain the success
+entry that resolved the outage and possibly a few of the failure log entries that preceded it.
 --
 
 Type::
@@ -379,7 +393,8 @@ Required::
 Description::
 +
 --
-StartLogs contains log entries related to the start of this outage. Should contain the original failure, any entries where the failure mode changed.
+StartLogs contains log entries related to the start of this outage. Should contain
+the original failure, any entries where the failure mode changed.
 --
 
 Type::
diff --git a/rest_api/network_apis/route-route-openshift-io-v1.adoc b/rest_api/network_apis/route-route-openshift-io-v1.adoc
index f7bca45363..18c49fcd77 100644
--- a/rest_api/network_apis/route-route-openshift-io-v1.adoc
+++ b/rest_api/network_apis/route-route-openshift-io-v1.adoc
@@ -786,7 +786,7 @@ Description::
 |===
 | HTTP code | Reponse body
 | 200 - OK
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status_v8[`Status_v8`] schema
+| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status_v7[`Status_v7`] schema
 | 401 - Unauthorized
 | Empty
 |===
@@ -909,9 +909,9 @@ Description::
 |===
 | HTTP code | Reponse body
 | 200 - OK
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status_v8[`Status_v8`] schema
+| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status_v7[`Status_v7`] schema
 | 202 - Accepted
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status_v8[`Status_v8`] schema
+| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status_v7[`Status_v7`] schema
 | 401 - Unauthorized
 | Empty
 |===
diff --git a/rest_api/node_apis/node-apis-index.adoc b/rest_api/node_apis/node-apis-index.adoc
index 4b0f4af416..f5dad2b494 100644
--- a/rest_api/node_apis/node-apis-index.adoc
+++ b/rest_api/node_apis/node-apis-index.adoc
@@ -56,7 +56,13 @@ Type::
 Description::
 +
 --
-Tuned is a collection of rules that allows cluster-wide deployment of node-level sysctls and more flexibility to add custom tuning specified by user needs.  These rules are translated and passed to all containerized Tuned daemons running in the cluster in the format that the daemons understand. The responsibility for applying the node-level tuning then lies with the containerized Tuned daemons. More info: https://github.com/openshift/cluster-node-tuning-operator
+Tuned is a collection of rules that allows cluster-wide deployment
+of node-level sysctls and more flexibility to add custom tuning
+specified by user needs.  These rules are translated and passed to all
+containerized Tuned daemons running in the cluster in the format that
+the daemons understand. The responsibility for applying the node-level
+tuning then lies with the containerized Tuned daemons. More info:
+https://github.com/openshift/cluster-node-tuning-operator
 --
 
 Type::
diff --git a/rest_api/node_apis/node-v1.adoc b/rest_api/node_apis/node-v1.adoc
index a8e799017f..4a9c01c63d 100644
--- a/rest_api/node_apis/node-v1.adoc
+++ b/rest_api/node_apis/node-v1.adoc
@@ -246,7 +246,7 @@ Type::
 
 | `capacity`
 | xref:../objects/index.adoc#io-k8s-apimachinery-pkg-api-resource-Quantity[`object (Quantity)`]
-| Capacity represents the total resources of a node. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#capacity
+| Capacity represents the total resources of a node. More info: https://kubernetes.io/docs/reference/node/node-status/#capacity
 
 | `conditions`
 | `array`
@@ -264,6 +264,10 @@ Type::
 | `object`
 | NodeDaemonEndpoints lists ports opened by daemons running on the Node.
 
+| `features`
+| `object`
+| NodeFeatures describes the set of features implemented by the CRI implementation. The features contained in the NodeFeatures should depend only on the cri implementation independent of runtime handlers.
+
 | `images`
 | `array`
 | List of container images on this node
@@ -677,6 +681,28 @@ Required::
 | `integer`
 | Port number of the given endpoint.
 
+|===
+=== .status.features
+Description::
++
+--
+NodeFeatures describes the set of features implemented by the CRI implementation. The features contained in the NodeFeatures should depend only on the cri implementation independent of runtime handlers.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `supplementalGroupsPolicy`
+| `boolean`
+| SupplementalGroupsPolicy is set to true if the runtime supports SupplementalGroupsPolicy and ContainerUser.
+
 |===
 === .status.images
 Description::
@@ -763,7 +789,7 @@ Required::
 
 | `kubeProxyVersion`
 | `string`
-| KubeProxy Version reported by the node.
+| Deprecated: KubeProxy Version reported by the node.
 
 | `kubeletVersion`
 | `string`
@@ -818,7 +844,7 @@ Type::
 
 | `features`
 | `object`
-| NodeRuntimeHandlerFeatures is a set of runtime features.
+| NodeRuntimeHandlerFeatures is a set of features implemented by the runtime handler.
 
 | `name`
 | `string`
@@ -829,7 +855,7 @@ Type::
 Description::
 +
 --
-NodeRuntimeHandlerFeatures is a set of runtime features.
+NodeRuntimeHandlerFeatures is a set of features implemented by the runtime handler.
 --
 
 Type::
@@ -846,6 +872,10 @@ Type::
 | `boolean`
 | RecursiveReadOnlyMounts is set to true if the runtime handler supports RecursiveReadOnlyMounts.
 
+| `userNamespaces`
+| `boolean`
+| UserNamespaces is set to true if the runtime handler supports UserNamespaces, including for volumes.
+
 |===
 === .status.volumesAttached
 Description::
diff --git a/rest_api/node_apis/performanceprofile-performance-openshift-io-v2.adoc b/rest_api/node_apis/performanceprofile-performance-openshift-io-v2.adoc
index 9bece196ae..ede741d3f8 100644
--- a/rest_api/node_apis/performanceprofile-performance-openshift-io-v2.adoc
+++ b/rest_api/node_apis/performanceprofile-performance-openshift-io-v2.adoc
@@ -76,7 +76,11 @@ Required::
 
 | `globallyDisableIrqLoadBalancing`
 | `boolean`
-| GloballyDisableIrqLoadBalancing toggles whether IRQ load balancing will be disabled for the Isolated CPU set. When the option is set to "true" it disables IRQs load balancing for the Isolated CPU set. Setting the option to "false" allows the IRQs to be balanced across all CPUs, however the IRQs load balancing can be disabled per pod CPUs when using irq-load-balancing.crio.io/cpu-quota.crio.io annotations. Defaults to "false"
+| GloballyDisableIrqLoadBalancing toggles whether IRQ load balancing will be disabled for the Isolated CPU set.
+When the option is set to "true" it disables IRQs load balancing for the Isolated CPU set.
+Setting the option to "false" allows the IRQs to be balanced across all CPUs, however the IRQs load balancing
+can be disabled per pod CPUs when using irq-load-balancing.crio.io/cpu-quota.crio.io annotations.
+Defaults to "false"
 
 | `hardwareTuning`
 | `object`
@@ -84,15 +88,23 @@ Required::
 
 | `hugepages`
 | `object`
-| HugePages defines a set of huge pages related parameters. It is possible to set huge pages with multiple size values at the same time. For example, hugepages can be set with 1G and 2M, both values will be set on the node by the Performance Profile Controller. It is important to notice that setting hugepages default size to 1G will remove all 2M related folders from the node and it will be impossible to configure 2M hugepages under the node.
+| HugePages defines a set of huge pages related parameters.
+It is possible to set huge pages with multiple size values at the same time.
+For example, hugepages can be set with 1G and 2M, both values will be set on the node by the Performance Profile Controller.
+It is important to notice that setting hugepages default size to 1G will remove all 2M related
+folders from the node and it will be impossible to configure 2M hugepages under the node.
 
 | `machineConfigLabel`
 | `object (string)`
-| MachineConfigLabel defines the label to add to the MachineConfigs the operator creates. It has to be used in the MachineConfigSelector of the MachineConfigPool which targets this performance profile. Defaults to "machineconfiguration.openshift.io/role=<same role as in NodeSelector label key>"
+| MachineConfigLabel defines the label to add to the MachineConfigs the operator creates. It has to be
+used in the MachineConfigSelector of the MachineConfigPool which targets this performance profile.
+Defaults to "machineconfiguration.openshift.io/role=<same role as in NodeSelector label key>"
 
 | `machineConfigPoolSelector`
 | `object (string)`
-| MachineConfigPoolSelector defines the MachineConfigPool label to use in the MachineConfigPoolSelector of resources like KubeletConfigs created by the operator. Defaults to "machineconfiguration.openshift.io/role=<same role as in NodeSelector label key>"
+| MachineConfigPoolSelector defines the MachineConfigPool label to use in the MachineConfigPoolSelector
+of resources like KubeletConfigs created by the operator.
+Defaults to "machineconfiguration.openshift.io/role=<same role as in NodeSelector label key>"
 
 | `net`
 | `object`
@@ -100,7 +112,11 @@ Required::
 
 | `nodeSelector`
 | `object (string)`
-| NodeSelector defines the Node label to use in the NodeSelectors of resources like Tuned created by the operator. It most likely should, but does not have to match the node label in the NodeSelector of the MachineConfigPool which targets this performance profile. In the case when machineConfigLabels or machineConfigPoolSelector are not set, we are expecting a certain NodeSelector format <domain>/<role>: "" in order to be able to calculate the default values for the former mentioned fields.
+| NodeSelector defines the Node label to use in the NodeSelectors of resources like Tuned created by the operator.
+It most likely should, but does not have to match the node label in the NodeSelector of the MachineConfigPool
+which targets this performance profile.
+In the case when machineConfigLabels or machineConfigPoolSelector are not set, we are expecting a certain NodeSelector format
+<domain>/<role>: "" in order to be able to calculate the default values for the former mentioned fields.
 
 | `numa`
 | `object`
@@ -112,7 +128,8 @@ Required::
 
 | `workloadHints`
 | `object`
-| WorkloadHints defines hints for different types of workloads. It will allow defining exact set of tuned and kernel arguments that should be applied on top of the node.
+| WorkloadHints defines hints for different types of workloads. It will allow defining exact set of tuned and
+kernel arguments that should be applied on top of the node.
 
 |===
 === .spec.cpu
@@ -137,11 +154,22 @@ Required::
 
 | `balanceIsolated`
 | `boolean`
-| BalanceIsolated toggles whether or not the Isolated CPU set is eligible for load balancing work loads. When this option is set to "false", the Isolated CPU set will be static, meaning workloads have to explicitly assign each thread to a specific cpu in order to work across multiple CPUs. Setting this to "true" allows workloads to be balanced across CPUs. Setting this to "false" offers the most predictable performance for guaranteed workloads, but it offloads the complexity of cpu load balancing to the application. Defaults to "true"
+| BalanceIsolated toggles whether or not the Isolated CPU set is eligible for load balancing work loads.
+When this option is set to "false", the Isolated CPU set will be static, meaning workloads have to
+explicitly assign each thread to a specific cpu in order to work across multiple CPUs.
+Setting this to "true" allows workloads to be balanced across CPUs.
+Setting this to "false" offers the most predictable performance for guaranteed workloads, but it
+offloads the complexity of cpu load balancing to the application.
+Defaults to "true"
 
 | `isolated`
 | `string`
-| Isolated defines a set of CPUs that will be used to give to application threads the most execution time possible, which means removing as many extraneous tasks off a CPU as possible. It is important to notice the CPU manager can choose any CPU to run the workload except the reserved CPUs. In order to guarantee that your workload will run on the isolated CPU:   1. The union of reserved CPUs and isolated CPUs should include all online CPUs   2. The isolated CPUs field should be the complementary to reserved CPUs field
+| Isolated defines a set of CPUs that will be used to give to application threads the most execution time possible,
+which means removing as many extraneous tasks off a CPU as possible.
+It is important to notice the CPU manager can choose any CPU to run the workload
+except the reserved CPUs. In order to guarantee that your workload will run on the isolated CPU:
+  1. The union of reserved CPUs and isolated CPUs should include all online CPUs
+  2. The isolated CPUs field should be the complementary to reserved CPUs field
 
 | `offlined`
 | `string`
@@ -153,7 +181,9 @@ Required::
 
 | `shared`
 | `string`
-| Shared defines a set of CPUs that will be shared among guaranteed workloads that needs additional cpus which are not exclusive, alongside the isolated, exclusive resources that are being used already by those workloads.
+| Shared defines a set of CPUs that will be shared among guaranteed workloads
+that needs additional cpus which are not exclusive,
+alongside the isolated, exclusive resources that are being used already by those workloads.
 
 |===
 === .spec.hardwareTuning
@@ -186,7 +216,11 @@ Type::
 Description::
 +
 --
-HugePages defines a set of huge pages related parameters. It is possible to set huge pages with multiple size values at the same time. For example, hugepages can be set with 1G and 2M, both values will be set on the node by the Performance Profile Controller. It is important to notice that setting hugepages default size to 1G will remove all 2M related folders from the node and it will be impossible to configure 2M hugepages under the node.
+HugePages defines a set of huge pages related parameters.
+It is possible to set huge pages with multiple size values at the same time.
+For example, hugepages can be set with 1G and 2M, both values will be set on the node by the Performance Profile Controller.
+It is important to notice that setting hugepages default size to 1G will remove all 2M related
+folders from the node and it will be impossible to configure 2M hugepages under the node.
 --
 
 Type::
@@ -248,7 +282,8 @@ Type::
 
 | `node`
 | `integer`
-| Node defines the NUMA node where hugepages will be allocated, if not specified, pages will be allocated equally between NUMA nodes
+| Node defines the NUMA node where hugepages will be allocated,
+if not specified, pages will be allocated equally between NUMA nodes
 
 | `size`
 | `string`
@@ -274,11 +309,14 @@ Type::
 
 | `devices`
 | `array`
-| Devices contains a list of network device representations that will be set with a netqueue count equal to CPU.Reserved . If no devices are specified then the default is all devices.
+| Devices contains a list of network device representations that will be
+set with a netqueue count equal to CPU.Reserved .
+If no devices are specified then the default is all devices.
 
 | `devices[]`
 | `object`
-| Device defines a way to represent a network device in several options: device name, vendor ID, model ID, PCI path and MAC address
+| Device defines a way to represent a network device in several options:
+device name, vendor ID, model ID, PCI path and MAC address
 
 | `userLevelNetworking`
 | `boolean`
@@ -289,7 +327,9 @@ Type::
 Description::
 +
 --
-Devices contains a list of network device representations that will be set with a netqueue count equal to CPU.Reserved . If no devices are specified then the default is all devices.
+Devices contains a list of network device representations that will be
+set with a netqueue count equal to CPU.Reserved .
+If no devices are specified then the default is all devices.
 --
 
 Type::
@@ -302,7 +342,8 @@ Type::
 Description::
 +
 --
-Device defines a way to represent a network device in several options: device name, vendor ID, model ID, PCI path and MAC address
+Device defines a way to represent a network device in several options:
+device name, vendor ID, model ID, PCI path and MAC address
 --
 
 Type::
@@ -347,7 +388,8 @@ Type::
 
 | `topologyPolicy`
 | `string`
-| Name of the policy applied when TopologyManager is enabled Operator defaults to "best-effort"
+| Name of the policy applied when TopologyManager is enabled
+Operator defaults to "best-effort"
 
 |===
 === .spec.realTimeKernel
@@ -376,7 +418,8 @@ Type::
 Description::
 +
 --
-WorkloadHints defines hints for different types of workloads. It will allow defining exact set of tuned and kernel arguments that should be applied on top of the node.
+WorkloadHints defines hints for different types of workloads. It will allow defining exact set of tuned and
+kernel arguments that should be applied on top of the node.
 --
 
 Type::
@@ -391,15 +434,18 @@ Type::
 
 | `highPowerConsumption`
 | `boolean`
-| HighPowerConsumption defines if the node should be configured in high power consumption mode. The flag will affect the power consumption but will improve the CPUs latency. Defaults to false.
+| HighPowerConsumption defines if the node should be configured in high power consumption mode.
+The flag will affect the power consumption but will improve the CPUs latency. Defaults to false.
 
 | `mixedCpus`
 | `boolean`
-| MixedCpus enables the mixed-cpu-node-plugin on the node. Defaults to false.
+| MixedCpus enables the mixed-cpu-node-plugin on the node.
+Defaults to false.
 
 | `perPodPowerManagement`
 | `boolean`
-| PerPodPowerManagement defines if the node should be configured in per pod power management. PerPodPowerManagement and HighPowerConsumption hints can not be enabled together. Defaults to false.
+| PerPodPowerManagement defines if the node should be configured in per pod power management.
+PerPodPowerManagement and HighPowerConsumption hints can not be enabled together. Defaults to false.
 
 | `realTime`
 | `boolean`
@@ -429,7 +475,8 @@ Type::
 
 | `conditions[]`
 | `object`
-| Condition represents the state of the operator's reconciliation functionality.
+| Condition represents the state of the operator's
+reconciliation functionality.
 
 | `runtimeClass`
 | `string`
@@ -457,7 +504,8 @@ Type::
 Description::
 +
 --
-Condition represents the state of the operator's reconciliation functionality.
+Condition represents the state of the operator's
+reconciliation functionality.
 --
 
 Type::
diff --git a/rest_api/node_apis/profile-tuned-openshift-io-v1.adoc b/rest_api/node_apis/profile-tuned-openshift-io-v1.adoc
index 2cfe24755b..0f1b1951ce 100644
--- a/rest_api/node_apis/profile-tuned-openshift-io-v1.adoc
+++ b/rest_api/node_apis/profile-tuned-openshift-io-v1.adoc
@@ -43,7 +43,8 @@ Type::
 
 | `status`
 | `object`
-| ProfileStatus is the status for a Profile resource; the status is for internal use only and its fields may be changed/removed in the future.
+| ProfileStatus is the status for a Profile resource; the status is for internal use only
+and its fields may be changed/removed in the future.
 
 |===
 === .spec
@@ -113,6 +114,10 @@ Required::
 | `string`
 | TuneD profile to apply
 
+| `verbosity`
+| `integer`
+| klog logging verbosity
+
 |===
 === .spec.config.tunedConfig
 Description::
@@ -182,7 +187,8 @@ Required::
 Description::
 +
 --
-ProfileStatus is the status for a Profile resource; the status is for internal use only and its fields may be changed/removed in the future.
+ProfileStatus is the status for a Profile resource; the status is for internal use only
+and its fields may be changed/removed in the future.
 --
 
 Type::
@@ -250,7 +256,8 @@ Required::
 
 | `message`
 | `string`
-| message provides additional information about the current condition. This is only to be consumed by humans.
+| message provides additional information about the current condition.
+This is only to be consumed by humans.
 
 | `reason`
 | `string`
diff --git a/rest_api/node_apis/tuned-tuned-openshift-io-v1.adoc b/rest_api/node_apis/tuned-tuned-openshift-io-v1.adoc
index b0d56f3fef..3f894f211c 100644
--- a/rest_api/node_apis/tuned-tuned-openshift-io-v1.adoc
+++ b/rest_api/node_apis/tuned-tuned-openshift-io-v1.adoc
@@ -11,7 +11,13 @@ toc::[]
 Description::
 +
 --
-Tuned is a collection of rules that allows cluster-wide deployment of node-level sysctls and more flexibility to add custom tuning specified by user needs.  These rules are translated and passed to all containerized Tuned daemons running in the cluster in the format that the daemons understand. The responsibility for applying the node-level tuning then lies with the containerized Tuned daemons. More info: https://github.com/openshift/cluster-node-tuning-operator
+Tuned is a collection of rules that allows cluster-wide deployment
+of node-level sysctls and more flexibility to add custom tuning
+specified by user needs.  These rules are translated and passed to all
+containerized Tuned daemons running in the cluster in the format that
+the daemons understand. The responsibility for applying the node-level
+tuning then lies with the containerized Tuned daemons. More info:
+https://github.com/openshift/cluster-node-tuning-operator
 --
 
 Type::
@@ -39,7 +45,8 @@ Type::
 
 | `spec`
 | `object`
-| spec is the specification of the desired behavior of Tuned. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status
+| spec is the specification of the desired behavior of Tuned. More info:
+https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status
 
 | `status`
 | `object`
@@ -50,7 +57,8 @@ Type::
 Description::
 +
 --
-spec is the specification of the desired behavior of Tuned. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status
+spec is the specification of the desired behavior of Tuned. More info:
+https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status
 --
 
 Type::
@@ -65,7 +73,9 @@ Type::
 
 | `managementState`
 | `string`
-| managementState indicates whether the registry instance represented by this config instance is under operator management or not.  Valid values are Force, Managed, Unmanaged, and Removed.
+| managementState indicates whether the registry instance represented
+by this config instance is under operator management or not.  Valid
+values are Force, Managed, Unmanaged, and Removed.
 
 | `profile`
 | `array`
@@ -161,7 +171,11 @@ Required::
 
 | `machineConfigLabels`
 | `object (string)`
-| MachineConfigLabels specifies the labels for a MachineConfig. The MachineConfig is created automatically to apply additional host settings (e.g. kernel boot parameters) profile 'Profile' needs and can only be applied by creating a MachineConfig. This involves finding all MachineConfigPools with machineConfigSelector matching the MachineConfigLabels and setting the profile 'Profile' on all nodes that match the MachineConfigPools' nodeSelectors.
+| MachineConfigLabels specifies the labels for a MachineConfig. The MachineConfig is created
+automatically to apply additional host settings (e.g. kernel boot parameters) profile 'Profile'
+needs and can only be applied by creating a MachineConfig. This involves finding all
+MachineConfigPools with machineConfigSelector matching the MachineConfigLabels and setting the
+profile 'Profile' on all nodes that match the MachineConfigPools' nodeSelectors.
 
 | `match`
 | `array`
@@ -258,6 +272,10 @@ Type::
 | `object`
 | Global configuration for the TuneD daemon as defined in tuned-main.conf
 
+| `verbosity`
+| `integer`
+| klog logging verbosity
+
 |===
 === .spec.recommend[].operand.tunedConfig
 Description::
diff --git a/rest_api/oauth_apis/oauthaccesstoken-oauth-openshift-io-v1.adoc b/rest_api/oauth_apis/oauthaccesstoken-oauth-openshift-io-v1.adoc
index 7b2b6aff67..af62292a0a 100644
--- a/rest_api/oauth_apis/oauthaccesstoken-oauth-openshift-io-v1.adoc
+++ b/rest_api/oauth_apis/oauthaccesstoken-oauth-openshift-io-v1.adoc
@@ -54,7 +54,7 @@ Type::
 | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
 
 | `metadata`
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-ObjectMeta_v2[`ObjectMeta_v2`]
+| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-ObjectMeta[`ObjectMeta`]
 | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `redirectURI`
@@ -124,7 +124,7 @@ Description::
 |===
 | HTTP code | Reponse body
 | 200 - OK
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status_v6[`Status_v6`] schema
+| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status[`Status`] schema
 | 401 - Unauthorized
 | Empty
 |===
diff --git a/rest_api/oauth_apis/oauthauthorizetoken-oauth-openshift-io-v1.adoc b/rest_api/oauth_apis/oauthauthorizetoken-oauth-openshift-io-v1.adoc
index 2096321995..914064383b 100644
--- a/rest_api/oauth_apis/oauthauthorizetoken-oauth-openshift-io-v1.adoc
+++ b/rest_api/oauth_apis/oauthauthorizetoken-oauth-openshift-io-v1.adoc
@@ -52,7 +52,7 @@ Type::
 | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
 
 | `metadata`
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-ObjectMeta_v2[`ObjectMeta_v2`]
+| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-ObjectMeta[`ObjectMeta`]
 | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `redirectURI`
@@ -122,7 +122,7 @@ Description::
 |===
 | HTTP code | Reponse body
 | 200 - OK
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status_v6[`Status_v6`] schema
+| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status[`Status`] schema
 | 401 - Unauthorized
 | Empty
 |===
diff --git a/rest_api/oauth_apis/oauthclient-oauth-openshift-io-v1.adoc b/rest_api/oauth_apis/oauthclient-oauth-openshift-io-v1.adoc
index 1b6bbc8dc8..7532a1b8c8 100644
--- a/rest_api/oauth_apis/oauthclient-oauth-openshift-io-v1.adoc
+++ b/rest_api/oauth_apis/oauthclient-oauth-openshift-io-v1.adoc
@@ -56,7 +56,7 @@ WARNING: existing tokens' timeout will not be affected (lowered) by changing thi
 | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
 
 | `metadata`
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-ObjectMeta_v2[`ObjectMeta_v2`]
+| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-ObjectMeta[`ObjectMeta`]
 | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `redirectURIs`
@@ -199,7 +199,7 @@ Description::
 |===
 | HTTP code | Reponse body
 | 200 - OK
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status_v6[`Status_v6`] schema
+| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status[`Status`] schema
 | 401 - Unauthorized
 | Empty
 |===
@@ -322,9 +322,9 @@ Description::
 |===
 | HTTP code | Reponse body
 | 200 - OK
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status_v6[`Status_v6`] schema
+| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status[`Status`] schema
 | 202 - Accepted
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status_v6[`Status_v6`] schema
+| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status[`Status`] schema
 | 401 - Unauthorized
 | Empty
 |===
diff --git a/rest_api/oauth_apis/oauthclientauthorization-oauth-openshift-io-v1.adoc b/rest_api/oauth_apis/oauthclientauthorization-oauth-openshift-io-v1.adoc
index 12ac13e70c..7240c05a7a 100644
--- a/rest_api/oauth_apis/oauthclientauthorization-oauth-openshift-io-v1.adoc
+++ b/rest_api/oauth_apis/oauthclientauthorization-oauth-openshift-io-v1.adoc
@@ -40,7 +40,7 @@ Type::
 | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
 
 | `metadata`
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-ObjectMeta_v2[`ObjectMeta_v2`]
+| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-ObjectMeta[`ObjectMeta`]
 | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `scopes`
@@ -102,7 +102,7 @@ Description::
 |===
 | HTTP code | Reponse body
 | 200 - OK
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status_v6[`Status_v6`] schema
+| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status[`Status`] schema
 | 401 - Unauthorized
 | Empty
 |===
@@ -225,9 +225,9 @@ Description::
 |===
 | HTTP code | Reponse body
 | 200 - OK
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status_v6[`Status_v6`] schema
+| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status[`Status`] schema
 | 202 - Accepted
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status_v6[`Status_v6`] schema
+| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status[`Status`] schema
 | 401 - Unauthorized
 | Empty
 |===
diff --git a/rest_api/oauth_apis/useroauthaccesstoken-oauth-openshift-io-v1.adoc b/rest_api/oauth_apis/useroauthaccesstoken-oauth-openshift-io-v1.adoc
index de7e3e8424..4245fb5f9b 100644
--- a/rest_api/oauth_apis/useroauthaccesstoken-oauth-openshift-io-v1.adoc
+++ b/rest_api/oauth_apis/useroauthaccesstoken-oauth-openshift-io-v1.adoc
@@ -50,7 +50,7 @@ Type::
 | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
 
 | `metadata`
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-ObjectMeta_v2[`ObjectMeta_v2`]
+| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-ObjectMeta[`ObjectMeta`]
 | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `redirectURI`
@@ -168,9 +168,9 @@ Description::
 |===
 | HTTP code | Reponse body
 | 200 - OK
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status_v6[`Status_v6`] schema
+| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status[`Status`] schema
 | 202 - Accepted
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status_v6[`Status_v6`] schema
+| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status[`Status`] schema
 | 401 - Unauthorized
 | Empty
 |===
diff --git a/rest_api/objects/index.adoc b/rest_api/objects/index.adoc
index 12933e4f5e..b12a3e9d7b 100644
--- a/rest_api/objects/index.adoc
+++ b/rest_api/objects/index.adoc
@@ -3329,7 +3329,7 @@ Type::
 
 | `volumeAttributesClassName`
 | `string`
-| volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
+| volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
 
 | `volumeMode`
 | `string`
@@ -3525,7 +3525,7 @@ This is an alpha field and requires enabling RecoverVolumeExpansionFailure featu
 
 | `currentVolumeAttributesClassName`
 | `string`
-| currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim This is an alpha field and requires enabling VolumeAttributesClass feature.
+| currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim This is a beta field and requires enabling VolumeAttributesClass feature (off by default).
 
 | `modifyVolumeStatus`
 | `object`
@@ -3860,7 +3860,7 @@ Possible enum values:
 
 | `volumeAttributesClassName`
 | `string`
-| Name of VolumeAttributesClass to which this persistent volume belongs. Empty value is not allowed. When this field is not set, it indicates that this volume does not belong to any VolumeAttributesClass. This field is mutable and can be changed by the CSI driver after a volume has been updated successfully to a new class. For an unbound PersistentVolume, the volumeAttributesClassName will be matched with unbound PersistentVolumeClaims during the binding process. This is an alpha field and requires enabling VolumeAttributesClass feature.
+| Name of VolumeAttributesClass to which this persistent volume belongs. Empty value is not allowed. When this field is not set, it indicates that this volume does not belong to any VolumeAttributesClass. This field is mutable and can be changed by the CSI driver after a volume has been updated successfully to a new class. For an unbound PersistentVolume, the volumeAttributesClassName will be matched with unbound PersistentVolumeClaims during the binding process. This is a beta field and requires enabling VolumeAttributesClass feature (off by default).
 
 | `volumeMode`
 | `string`
@@ -5585,7 +5585,7 @@ Defaults to atomic for arrays.
 
 | `x-kubernetes-validations`
 | xref:../objects/index.adoc#io-k8s-apiextensions-apiserver-pkg-apis-apiextensions-v1-ValidationRule[`array (ValidationRule)`]
-| x-kubernetes-validations describes a list of validation rules written in the CEL expression language. This field is an alpha-level. Using this field requires the feature gate `CustomResourceValidationExpressions` to be enabled.
+| x-kubernetes-validations describes a list of validation rules written in the CEL expression language.
 
 |===
 
@@ -5759,6 +5759,44 @@ Type::
 
 
 
+[id="io-k8s-apimachinery-pkg-apis-meta-v1-FieldSelectorRequirement"]
+== io.k8s.apimachinery.pkg.apis.meta.v1.FieldSelectorRequirement schema
+
+
+Description::
++
+--
+FieldSelectorRequirement is a selector that contains values, a key, and an operator that relates the key and values.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `operator`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| key is the field selector key that the requirement applies to.
+
+| `operator`
+| `string`
+| operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. The list of operators may grow in the future.
+
+| `values`
+| `array (string)`
+| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
+
+|===
+
 [id="io-k8s-apimachinery-pkg-apis-meta-v1-GroupVersionKind"]
 == io.k8s.apimachinery.pkg.apis.meta.v1.GroupVersionKind schema
 
@@ -5860,6 +5898,44 @@ Type::
 
 |===
 
+[id="io-k8s-apimachinery-pkg-apis-meta-v1-LabelSelectorRequirement"]
+== io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement schema
+
+
+Description::
++
+--
+A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `operator`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| key is the label key that the selector applies to.
+
+| `operator`
+| `string`
+| operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+
+| `values`
+| `array (string)`
+| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+
+|===
+
 [id="io-k8s-apimachinery-pkg-apis-meta-v1-ListMeta"]
 == io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta schema
 
@@ -6163,116 +6239,6 @@ Type::
 
 |===
 
-[id="io-k8s-apimachinery-pkg-apis-meta-v1-Status_v10"]
-== io.k8s.apimachinery.pkg.apis.meta.v1.Status_v10 schema
-
-
-Description::
-+
---
-Status is a return value for calls that don't return other objects.
---
-
-Type::
-  `object`
-
-
-[discrete]
-=== Schema
-
-[cols="1,1,1",options="header"]
-|===
-| Property | Type | Description
-
-| `apiVersion`
-| `string`
-| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-
-| `code`
-| `integer`
-| Suggested HTTP return code for this status, 0 if not set.
-
-| `details`
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-StatusDetails_v2[`StatusDetails_v2`]
-| Extended data associated with the reason.  Each reason may define its own extended details. This field is optional and the data returned is not guaranteed to conform to any schema except that defined by the reason type.
-
-| `kind`
-| `string`
-| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
-| `message`
-| `string`
-| A human-readable description of the status of this operation.
-
-| `metadata`
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-ListMeta[`ListMeta`]
-| Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
-| `reason`
-| `string`
-| A machine-readable description of why this operation is in the "Failure" status. If this value is empty there is no information available. A Reason clarifies an HTTP status code but does not override it.
-
-| `status`
-| `string`
-| Status of the operation. One of: "Success" or "Failure". More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
-
-|===
-
-[id="io-k8s-apimachinery-pkg-apis-meta-v1-Status_v11"]
-== io.k8s.apimachinery.pkg.apis.meta.v1.Status_v11 schema
-
-
-Description::
-+
---
-Status is a return value for calls that don't return other objects.
---
-
-Type::
-  `object`
-
-
-[discrete]
-=== Schema
-
-[cols="1,1,1",options="header"]
-|===
-| Property | Type | Description
-
-| `apiVersion`
-| `string`
-| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-
-| `code`
-| `integer`
-| Suggested HTTP return code for this status, 0 if not set.
-
-| `details`
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-StatusDetails_v2[`StatusDetails_v2`]
-| Extended data associated with the reason.  Each reason may define its own extended details. This field is optional and the data returned is not guaranteed to conform to any schema except that defined by the reason type.
-
-| `kind`
-| `string`
-| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
-| `message`
-| `string`
-| A human-readable description of the status of this operation.
-
-| `metadata`
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-ListMeta[`ListMeta`]
-| Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
-| `reason`
-| `string`
-| A machine-readable description of why this operation is in the "Failure" status. If this value is empty there is no information available. A Reason clarifies an HTTP status code but does not override it.
-
-| `status`
-| `string`
-| Status of the operation. One of: "Success" or "Failure". More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
-
-|===
-
 [id="io-k8s-apimachinery-pkg-apis-meta-v1-Status_v2"]
 == io.k8s.apimachinery.pkg.apis.meta.v1.Status_v2 schema
 
diff --git a/rest_api/operator_apis/authentication-operator-openshift-io-v1.adoc b/rest_api/operator_apis/authentication-operator-openshift-io-v1.adoc
index 4ba65e27ff..53d8706742 100644
--- a/rest_api/operator_apis/authentication-operator-openshift-io-v1.adoc
+++ b/rest_api/operator_apis/authentication-operator-openshift-io-v1.adoc
@@ -11,8 +11,9 @@ toc::[]
 Description::
 +
 --
-Authentication provides information to configure an operator to manage authentication. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+Authentication provides information to configure an operator to manage authentication.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -68,8 +69,11 @@ Type::
 
 | `logLevel`
 | `string`
-| logLevel is an intent based logging for an overall component.  It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. 
- Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".
+| logLevel is an intent based logging for an overall component.  It does not give fine grained control, but it is a
+simple way to manage coarse grained logging choices that operators have to interpret for their operands.
+
+Valid values are: "Normal", "Debug", "Trace", "TraceAll".
+Defaults to "Normal".
 
 | `managementState`
 | `string`
@@ -77,16 +81,24 @@ Type::
 
 | `observedConfig`
 | ``
-| observedConfig holds a sparse config that controller has observed from the cluster state.  It exists in spec because it is an input to the level for the operator
+| observedConfig holds a sparse config that controller has observed from the cluster state.  It exists in spec because
+it is an input to the level for the operator
 
 | `operatorLogLevel`
 | `string`
-| operatorLogLevel is an intent based logging for the operator itself.  It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. 
- Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".
+| operatorLogLevel is an intent based logging for the operator itself.  It does not give fine grained control, but it is a
+simple way to manage coarse grained logging choices that operators have to interpret for themselves.
+
+Valid values are: "Normal", "Debug", "Trace", "TraceAll".
+Defaults to "Normal".
 
 | `unsupportedConfigOverrides`
 | ``
-| unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
+| unsupportedConfigOverrides overrides the final configuration that was computed by the operator.
+Red Hat does not support the use of this field.
+Misuse of this field could lead to unexpected behavior or conflict with other configuration options.
+Seek guidance from the Red Hat support before using this field.
+Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
 
 |===
 === .status
@@ -122,6 +134,10 @@ Type::
 | `object`
 | GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.
 
+| `latestAvailableRevision`
+| `integer`
+| latestAvailableRevision is the deploymentID of the most recent deployment
+
 | `oauthAPIServer`
 | `object`
 | OAuthAPIServer holds status specific only to oauth-apiserver
@@ -163,6 +179,8 @@ Type::
   `object`
 
 Required::
+  - `lastTransitionTime`
+  - `status`
   - `type`
 
 
@@ -173,7 +191,8 @@ Required::
 
 | `lastTransitionTime`
 | `string`
-| 
+| lastTransitionTime is the last time the condition transitioned from one status to another.
+This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
 
 | `message`
 | `string`
@@ -185,11 +204,11 @@ Required::
 
 | `status`
 | `string`
-| 
+| status of the condition, one of True, False, Unknown.
 
 | `type`
 | `string`
-| 
+| type of condition in CamelCase or in foo.example.com/CamelCase.
 
 |===
 === .status.generations
@@ -215,6 +234,11 @@ GenerationStatus keeps track of the generation for a given resource so that deci
 Type::
   `object`
 
+Required::
+  - `group`
+  - `name`
+  - `namespace`
+  - `resource`
 
 
 
@@ -266,7 +290,8 @@ Type::
 
 | `latestAvailableRevision`
 | `integer`
-| LatestAvailableRevision is the latest revision used as suffix of revisioned secrets like encryption-config. A new revision causes a new deployment of pods.
+| LatestAvailableRevision is the latest revision used as suffix of revisioned
+secrets like encryption-config. A new revision causes a new deployment of pods.
 
 |===
 
diff --git a/rest_api/operator_apis/cloudcredential-operator-openshift-io-v1.adoc b/rest_api/operator_apis/cloudcredential-operator-openshift-io-v1.adoc
index 401b017ed0..06bafe3dd9 100644
--- a/rest_api/operator_apis/cloudcredential-operator-openshift-io-v1.adoc
+++ b/rest_api/operator_apis/cloudcredential-operator-openshift-io-v1.adoc
@@ -162,6 +162,8 @@ OperatorCondition is just the standard condition fields.
 Type::
   `object`
 
+Required::
+  - `type`
 
 
 
@@ -213,6 +215,11 @@ GenerationStatus keeps track of the generation for a given resource so that deci
 Type::
   `object`
 
+Required::
+  - `group`
+  - `name`
+  - `namespace`
+  - `resource`
 
 
 
diff --git a/rest_api/operator_apis/clustercsidriver-operator-openshift-io-v1.adoc b/rest_api/operator_apis/clustercsidriver-operator-openshift-io-v1.adoc
index 119a83d83e..09baee2a58 100644
--- a/rest_api/operator_apis/clustercsidriver-operator-openshift-io-v1.adoc
+++ b/rest_api/operator_apis/clustercsidriver-operator-openshift-io-v1.adoc
@@ -11,8 +11,11 @@ toc::[]
 Description::
 +
 --
-ClusterCSIDriver object allows management and configuration of a CSI driver operator installed by default in OpenShift. Name of the object must be name of the CSI driver it operates. See CSIDriverName type for list of allowed values. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ClusterCSIDriver object allows management and configuration of a CSI driver operator
+installed by default in OpenShift. Name of the object must be name of the CSI driver
+it operates. See CSIDriverName type for list of allowed values.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -68,12 +71,17 @@ Type::
 
 | `driverConfig`
 | `object`
-| driverConfig can be used to specify platform specific driver configuration. When omitted, this means no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time.
+| driverConfig can be used to specify platform specific driver configuration.
+When omitted, this means no opinion and the platform is left to choose reasonable
+defaults. These defaults are subject to change over time.
 
 | `logLevel`
 | `string`
-| logLevel is an intent based logging for an overall component.  It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. 
- Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".
+| logLevel is an intent based logging for an overall component.  It does not give fine grained control, but it is a
+simple way to manage coarse grained logging choices that operators have to interpret for their operands.
+
+Valid values are: "Normal", "Debug", "Trace", "TraceAll".
+Defaults to "Normal".
 
 | `managementState`
 | `string`
@@ -81,27 +89,45 @@ Type::
 
 | `observedConfig`
 | ``
-| observedConfig holds a sparse config that controller has observed from the cluster state.  It exists in spec because it is an input to the level for the operator
+| observedConfig holds a sparse config that controller has observed from the cluster state.  It exists in spec because
+it is an input to the level for the operator
 
 | `operatorLogLevel`
 | `string`
-| operatorLogLevel is an intent based logging for the operator itself.  It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. 
- Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".
+| operatorLogLevel is an intent based logging for the operator itself.  It does not give fine grained control, but it is a
+simple way to manage coarse grained logging choices that operators have to interpret for themselves.
+
+Valid values are: "Normal", "Debug", "Trace", "TraceAll".
+Defaults to "Normal".
 
 | `storageClassState`
 | `string`
-| StorageClassState determines if CSI operator should create and manage storage classes. If this field value is empty or Managed - CSI operator will continuously reconcile storage class and create if necessary. If this field value is Unmanaged - CSI operator will not reconcile any previously created storage class. If this field value is Removed - CSI operator will delete the storage class it created previously. When omitted, this means the user has no opinion and the platform chooses a reasonable default, which is subject to change over time. The current default behaviour is Managed.
+| StorageClassState determines if CSI operator should create and manage storage classes.
+If this field value is empty or Managed - CSI operator will continuously reconcile
+storage class and create if necessary.
+If this field value is Unmanaged - CSI operator will not reconcile any previously created
+storage class.
+If this field value is Removed - CSI operator will delete the storage class it created previously.
+When omitted, this means the user has no opinion and the platform chooses a reasonable default,
+which is subject to change over time.
+The current default behaviour is Managed.
 
 | `unsupportedConfigOverrides`
 | ``
-| unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
+| unsupportedConfigOverrides overrides the final configuration that was computed by the operator.
+Red Hat does not support the use of this field.
+Misuse of this field could lead to unexpected behavior or conflict with other configuration options.
+Seek guidance from the Red Hat support before using this field.
+Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
 
 |===
 === .spec.driverConfig
 Description::
 +
 --
-driverConfig can be used to specify platform specific driver configuration. When omitted, this means no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time.
+driverConfig can be used to specify platform specific driver configuration.
+When omitted, this means no opinion and the platform is left to choose reasonable
+defaults. These defaults are subject to change over time.
 --
 
 Type::
@@ -126,7 +152,10 @@ Required::
 
 | `driverType`
 | `string`
-| driverType indicates type of CSI driver for which the driverConfig is being applied to. Valid values are: AWS, Azure, GCP, IBMCloud, vSphere and omitted. Consumers should treat unknown values as a NO-OP.
+| driverType indicates type of CSI driver for which the
+driverConfig is being applied to.
+Valid values are: AWS, Azure, GCP, IBMCloud, vSphere and omitted.
+Consumers should treat unknown values as a NO-OP.
 
 | `gcp`
 | `object`
@@ -164,7 +193,9 @@ Type::
 
 | `kmsKeyARN`
 | `string`
-| kmsKeyARN sets the cluster default storage class to encrypt volumes with a user-defined KMS key, rather than the default KMS key used by AWS. The value may be either the ARN or Alias ARN of a KMS key.
+| kmsKeyARN sets the cluster default storage class to encrypt volumes with a user-defined KMS key,
+rather than the default KMS key used by AWS.
+The value may be either the ARN or Alias ARN of a KMS key.
 
 |===
 === .spec.driverConfig.aws.efsVolumeMetrics
@@ -188,18 +219,24 @@ Required::
 
 | `recursiveWalk`
 | `object`
-| recursiveWalk provides additional configuration for collecting volume metrics in the AWS EFS CSI Driver when the state is set to RecursiveWalk.
+| recursiveWalk provides additional configuration for collecting volume metrics in the AWS EFS CSI Driver
+when the state is set to RecursiveWalk.
 
 | `state`
 | `string`
-| state defines the state of metric collection in the AWS EFS CSI Driver. This field is required and must be set to one of the following values: Disabled or RecursiveWalk. Disabled means no metrics collection will be performed. This is the default value. RecursiveWalk means the AWS EFS CSI Driver will recursively scan volumes to collect metrics. This process may result in high CPU and memory usage, depending on the volume size.
+| state defines the state of metric collection in the AWS EFS CSI Driver.
+This field is required and must be set to one of the following values: Disabled or RecursiveWalk.
+Disabled means no metrics collection will be performed. This is the default value.
+RecursiveWalk means the AWS EFS CSI Driver will recursively scan volumes to collect metrics.
+This process may result in high CPU and memory usage, depending on the volume size.
 
 |===
 === .spec.driverConfig.aws.efsVolumeMetrics.recursiveWalk
 Description::
 +
 --
-recursiveWalk provides additional configuration for collecting volume metrics in the AWS EFS CSI Driver when the state is set to RecursiveWalk.
+recursiveWalk provides additional configuration for collecting volume metrics in the AWS EFS CSI Driver
+when the state is set to RecursiveWalk.
 --
 
 Type::
@@ -214,11 +251,17 @@ Type::
 
 | `fsRateLimit`
 | `integer`
-| fsRateLimit defines the rate limit, in goroutines per file system, for processing volume metrics. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is 5. The valid range is from 1 to 100 goroutines.
+| fsRateLimit defines the rate limit, in goroutines per file system, for processing volume metrics.
+When omitted, this means no opinion and the platform is left to choose a reasonable
+default, which is subject to change over time. The current default is 5.
+The valid range is from 1 to 100 goroutines.
 
 | `refreshPeriodMinutes`
 | `integer`
-| refreshPeriodMinutes specifies the frequency, in minutes, at which volume metrics are refreshed. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is 240. The valid range is from 1 to 43200 minutes (30 days).
+| refreshPeriodMinutes specifies the frequency, in minutes, at which volume metrics are refreshed.
+When omitted, this means no opinion and the platform is left to choose a reasonable
+default, which is subject to change over time. The current default is 240.
+The valid range is from 1 to 43200 minutes (30 days).
 
 |===
 === .spec.driverConfig.azure
@@ -240,14 +283,16 @@ Type::
 
 | `diskEncryptionSet`
 | `object`
-| diskEncryptionSet sets the cluster default storage class to encrypt volumes with a customer-managed encryption set, rather than the default platform-managed keys.
+| diskEncryptionSet sets the cluster default storage class to encrypt volumes with a
+customer-managed encryption set, rather than the default platform-managed keys.
 
 |===
 === .spec.driverConfig.azure.diskEncryptionSet
 Description::
 +
 --
-diskEncryptionSet sets the cluster default storage class to encrypt volumes with a customer-managed encryption set, rather than the default platform-managed keys.
+diskEncryptionSet sets the cluster default storage class to encrypt volumes with a
+customer-managed encryption set, rather than the default platform-managed keys.
 --
 
 Type::
@@ -266,15 +311,29 @@ Required::
 
 | `name`
 | `string`
-| name is the name of the disk encryption set that will be set on the default storage class. The value should consist of only alphanumberic characters, underscores (_), hyphens, and be at most 80 characters in length.
+| name is the name of the disk encryption set that will be set on the default storage class.
+The value should consist of only alphanumberic characters,
+underscores (_), hyphens, and be at most 80 characters in length.
 
 | `resourceGroup`
 | `string`
-| resourceGroup defines the Azure resource group that contains the disk encryption set. The value should consist of only alphanumberic characters, underscores (_), parentheses, hyphens and periods. The value should not end in a period and be at most 90 characters in length.
+| resourceGroup defines the Azure resource group that contains the disk encryption set.
+The value should consist of only alphanumberic characters,
+underscores (_), parentheses, hyphens and periods.
+The value should not end in a period and be at most 90 characters in
+length.
 
 | `subscriptionID`
 | `string`
-| subscriptionID defines the Azure subscription that contains the disk encryption set. The value should meet the following conditions: 1. It should be a 128-bit number. 2. It should be 36 characters (32 hexadecimal characters and 4 hyphens) long. 3. It should be displayed in five groups separated by hyphens (-). 4. The first group should be 8 characters long. 5. The second, third, and fourth groups should be 4 characters long. 6. The fifth group should be 12 characters long. An Example SubscrionID: f2007bbf-f802-4a47-9336-cf7c6b89b378
+| subscriptionID defines the Azure subscription that contains the disk encryption set.
+The value should meet the following conditions:
+1. It should be a 128-bit number.
+2. It should be 36 characters (32 hexadecimal characters and 4 hyphens) long.
+3. It should be displayed in five groups separated by hyphens (-).
+4. The first group should be 8 characters long.
+5. The second, third, and fourth groups should be 4 characters long.
+6. The fifth group should be 12 characters long.
+An Example SubscrionID: f2007bbf-f802-4a47-9336-cf7c6b89b378
 
 |===
 === .spec.driverConfig.gcp
@@ -296,14 +355,16 @@ Type::
 
 | `kmsKey`
 | `object`
-| kmsKey sets the cluster default storage class to encrypt volumes with customer-supplied encryption keys, rather than the default keys managed by GCP.
+| kmsKey sets the cluster default storage class to encrypt volumes with customer-supplied
+encryption keys, rather than the default keys managed by GCP.
 
 |===
 === .spec.driverConfig.gcp.kmsKey
 Description::
 +
 --
-kmsKey sets the cluster default storage class to encrypt volumes with customer-supplied encryption keys, rather than the default keys managed by GCP.
+kmsKey sets the cluster default storage class to encrypt volumes with customer-supplied
+encryption keys, rather than the default keys managed by GCP.
 --
 
 Type::
@@ -322,19 +383,29 @@ Required::
 
 | `keyRing`
 | `string`
-| keyRing is the name of the KMS Key Ring which the KMS Key belongs to. The value should correspond to an existing KMS key ring and should consist of only alphanumeric characters, hyphens (-) and underscores (_), and be at most 63 characters in length.
+| keyRing is the name of the KMS Key Ring which the KMS Key belongs to.
+The value should correspond to an existing KMS key ring and should
+consist of only alphanumeric characters, hyphens (-) and underscores (_),
+and be at most 63 characters in length.
 
 | `location`
 | `string`
-| location is the GCP location in which the Key Ring exists. The value must match an existing GCP location, or "global". Defaults to global, if not set.
+| location is the GCP location in which the Key Ring exists.
+The value must match an existing GCP location, or "global".
+Defaults to global, if not set.
 
 | `name`
 | `string`
-| name is the name of the customer-managed encryption key to be used for disk encryption. The value should correspond to an existing KMS key and should consist of only alphanumeric characters, hyphens (-) and underscores (_), and be at most 63 characters in length.
+| name is the name of the customer-managed encryption key to be used for disk encryption.
+The value should correspond to an existing KMS key and should
+consist of only alphanumeric characters, hyphens (-) and underscores (_),
+and be at most 63 characters in length.
 
 | `projectID`
 | `string`
-| projectID is the ID of the Project in which the KMS Key Ring exists. It must be 6 to 30 lowercase letters, digits, or hyphens. It must start with a letter. Trailing hyphens are prohibited.
+| projectID is the ID of the Project in which the KMS Key Ring exists.
+It must be 6 to 30 lowercase letters, digits, or hyphens.
+It must start with a letter. Trailing hyphens are prohibited.
 
 |===
 === .spec.driverConfig.ibmcloud
@@ -358,7 +429,8 @@ Required::
 
 | `encryptionKeyCRN`
 | `string`
-| encryptionKeyCRN is the IBM Cloud CRN of the customer-managed root key to use for disk encryption of volumes for the default storage classes.
+| encryptionKeyCRN is the IBM Cloud CRN of the customer-managed root key to use
+for disk encryption of volumes for the default storage classes.
 
 |===
 === .spec.driverConfig.vSphere
@@ -380,19 +452,31 @@ Type::
 
 | `globalMaxSnapshotsPerBlockVolume`
 | `integer`
-| globalMaxSnapshotsPerBlockVolume is a global configuration parameter that applies to volumes on all kinds of datastores. If omitted, the platform chooses a default, which is subject to change over time, currently that default is 3. Snapshots can not be disabled using this parameter. Increasing number of snapshots above 3 can have negative impact on performance, for more details see: https://kb.vmware.com/s/article/1025279 Volume snapshot documentation: https://docs.vmware.com/en/VMware-vSphere-Container-Storage-Plug-in/3.0/vmware-vsphere-csp-getting-started/GUID-E0B41C69-7EEB-450F-A73D-5FD2FF39E891.html
+| globalMaxSnapshotsPerBlockVolume is a global configuration parameter that applies to volumes on all kinds of
+datastores. If omitted, the platform chooses a default, which is subject to change over time, currently that default is 3.
+Snapshots can not be disabled using this parameter.
+Increasing number of snapshots above 3 can have negative impact on performance, for more details see: https://kb.vmware.com/s/article/1025279
+Volume snapshot documentation: https://docs.vmware.com/en/VMware-vSphere-Container-Storage-Plug-in/3.0/vmware-vsphere-csp-getting-started/GUID-E0B41C69-7EEB-450F-A73D-5FD2FF39E891.html
 
 | `granularMaxSnapshotsPerBlockVolumeInVSAN`
 | `integer`
-| granularMaxSnapshotsPerBlockVolumeInVSAN is a granular configuration parameter on vSAN datastore only. It overrides GlobalMaxSnapshotsPerBlockVolume if set, while it falls back to the global constraint if unset. Snapshots for VSAN can not be disabled using this parameter.
+| granularMaxSnapshotsPerBlockVolumeInVSAN is a granular configuration parameter on vSAN datastore only. It
+overrides GlobalMaxSnapshotsPerBlockVolume if set, while it falls back to the global constraint if unset.
+Snapshots for VSAN can not be disabled using this parameter.
 
 | `granularMaxSnapshotsPerBlockVolumeInVVOL`
 | `integer`
-| granularMaxSnapshotsPerBlockVolumeInVVOL is a granular configuration parameter on Virtual Volumes datastore only. It overrides GlobalMaxSnapshotsPerBlockVolume if set, while it falls back to the global constraint if unset. Snapshots for VVOL can not be disabled using this parameter.
+| granularMaxSnapshotsPerBlockVolumeInVVOL is a granular configuration parameter on Virtual Volumes datastore only.
+It overrides GlobalMaxSnapshotsPerBlockVolume if set, while it falls back to the global constraint if unset.
+Snapshots for VVOL can not be disabled using this parameter.
 
 | `topologyCategories`
 | `array (string)`
-| topologyCategories indicates tag categories with which vcenter resources such as hostcluster or datacenter were tagged with. If cluster Infrastructure object has a topology, values specified in Infrastructure object will be used and modifications to topologyCategories will be rejected.
+| topologyCategories indicates tag categories with which
+vcenter resources such as hostcluster or datacenter were tagged with.
+If cluster Infrastructure object has a topology, values specified in
+Infrastructure object will be used and modifications to topologyCategories
+will be rejected.
 
 |===
 === .status
@@ -428,6 +512,10 @@ Type::
 | `object`
 | GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.
 
+| `latestAvailableRevision`
+| `integer`
+| latestAvailableRevision is the deploymentID of the most recent deployment
+
 | `observedGeneration`
 | `integer`
 | observedGeneration is the last generation change you've dealt with
@@ -465,6 +553,8 @@ Type::
   `object`
 
 Required::
+  - `lastTransitionTime`
+  - `status`
   - `type`
 
 
@@ -475,7 +565,8 @@ Required::
 
 | `lastTransitionTime`
 | `string`
-| 
+| lastTransitionTime is the last time the condition transitioned from one status to another.
+This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
 
 | `message`
 | `string`
@@ -487,11 +578,11 @@ Required::
 
 | `status`
 | `string`
-| 
+| status of the condition, one of True, False, Unknown.
 
 | `type`
 | `string`
-| 
+| type of condition in CamelCase or in foo.example.com/CamelCase.
 
 |===
 === .status.generations
@@ -517,6 +608,11 @@ GenerationStatus keeps track of the generation for a given resource so that deci
 Type::
   `object`
 
+Required::
+  - `group`
+  - `name`
+  - `namespace`
+  - `resource`
 
 
 
diff --git a/rest_api/operator_apis/config-operator-openshift-io-v1.adoc b/rest_api/operator_apis/config-operator-openshift-io-v1.adoc
index 0d764877c2..5a34828439 100644
--- a/rest_api/operator_apis/config-operator-openshift-io-v1.adoc
+++ b/rest_api/operator_apis/config-operator-openshift-io-v1.adoc
@@ -11,8 +11,10 @@ toc::[]
 Description::
 +
 --
-Config specifies the behavior of the config operator which is responsible for creating the initial configuration of other components on the cluster.  The operator also handles installation, migration or synchronization of cloud configurations for AWS and Azure cloud based clusters 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+Config specifies the behavior of the config operator which is responsible for creating the initial configuration of other components
+on the cluster.  The operator also handles installation, migration or synchronization of cloud configurations for AWS and Azure cloud based clusters
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -68,8 +70,11 @@ Type::
 
 | `logLevel`
 | `string`
-| logLevel is an intent based logging for an overall component.  It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. 
- Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".
+| logLevel is an intent based logging for an overall component.  It does not give fine grained control, but it is a
+simple way to manage coarse grained logging choices that operators have to interpret for their operands.
+
+Valid values are: "Normal", "Debug", "Trace", "TraceAll".
+Defaults to "Normal".
 
 | `managementState`
 | `string`
@@ -77,16 +82,24 @@ Type::
 
 | `observedConfig`
 | ``
-| observedConfig holds a sparse config that controller has observed from the cluster state.  It exists in spec because it is an input to the level for the operator
+| observedConfig holds a sparse config that controller has observed from the cluster state.  It exists in spec because
+it is an input to the level for the operator
 
 | `operatorLogLevel`
 | `string`
-| operatorLogLevel is an intent based logging for the operator itself.  It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. 
- Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".
+| operatorLogLevel is an intent based logging for the operator itself.  It does not give fine grained control, but it is a
+simple way to manage coarse grained logging choices that operators have to interpret for themselves.
+
+Valid values are: "Normal", "Debug", "Trace", "TraceAll".
+Defaults to "Normal".
 
 | `unsupportedConfigOverrides`
 | ``
-| unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
+| unsupportedConfigOverrides overrides the final configuration that was computed by the operator.
+Red Hat does not support the use of this field.
+Misuse of this field could lead to unexpected behavior or conflict with other configuration options.
+Seek guidance from the Red Hat support before using this field.
+Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
 
 |===
 === .status
@@ -122,6 +135,10 @@ Type::
 | `object`
 | GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.
 
+| `latestAvailableRevision`
+| `integer`
+| latestAvailableRevision is the deploymentID of the most recent deployment
+
 | `observedGeneration`
 | `integer`
 | observedGeneration is the last generation change you've dealt with
@@ -159,6 +176,8 @@ Type::
   `object`
 
 Required::
+  - `lastTransitionTime`
+  - `status`
   - `type`
 
 
@@ -169,7 +188,8 @@ Required::
 
 | `lastTransitionTime`
 | `string`
-| 
+| lastTransitionTime is the last time the condition transitioned from one status to another.
+This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
 
 | `message`
 | `string`
@@ -181,11 +201,11 @@ Required::
 
 | `status`
 | `string`
-| 
+| status of the condition, one of True, False, Unknown.
 
 | `type`
 | `string`
-| 
+| type of condition in CamelCase or in foo.example.com/CamelCase.
 
 |===
 === .status.generations
@@ -211,6 +231,11 @@ GenerationStatus keeps track of the generation for a given resource so that deci
 Type::
   `object`
 
+Required::
+  - `group`
+  - `name`
+  - `namespace`
+  - `resource`
 
 
 
diff --git a/rest_api/operator_apis/console-operator-openshift-io-v1.adoc b/rest_api/operator_apis/console-operator-openshift-io-v1.adoc
index 4579366972..1d8367a3d3 100644
--- a/rest_api/operator_apis/console-operator-openshift-io-v1.adoc
+++ b/rest_api/operator_apis/console-operator-openshift-io-v1.adoc
@@ -11,8 +11,9 @@ toc::[]
 Description::
 +
 --
-Console provides a means to configure an operator to manage the console. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+Console provides a means to configure an operator to manage the console.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -68,16 +69,22 @@ Type::
 
 | `customization`
 | `object`
-| customization is used to optionally provide a small set of customization options to the web console.
+| customization is used to optionally provide a small set of
+customization options to the web console.
 
 | `ingress`
 | `object`
-| ingress allows to configure the alternative ingress for the console. This field is intended for clusters without ingress capability, where access to routes is not possible.
+| ingress allows to configure the alternative ingress for the console.
+This field is intended for clusters without ingress capability,
+where access to routes is not possible.
 
 | `logLevel`
 | `string`
-| logLevel is an intent based logging for an overall component.  It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. 
- Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".
+| logLevel is an intent based logging for an overall component.  It does not give fine grained control, but it is a
+simple way to manage coarse grained logging choices that operators have to interpret for their operands.
+
+Valid values are: "Normal", "Debug", "Trace", "TraceAll".
+Defaults to "Normal".
 
 | `managementState`
 | `string`
@@ -85,12 +92,16 @@ Type::
 
 | `observedConfig`
 | ``
-| observedConfig holds a sparse config that controller has observed from the cluster state.  It exists in spec because it is an input to the level for the operator
+| observedConfig holds a sparse config that controller has observed from the cluster state.  It exists in spec because
+it is an input to the level for the operator
 
 | `operatorLogLevel`
 | `string`
-| operatorLogLevel is an intent based logging for the operator itself.  It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. 
- Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".
+| operatorLogLevel is an intent based logging for the operator itself.  It does not give fine grained control, but it is a
+simple way to manage coarse grained logging choices that operators have to interpret for themselves.
+
+Valid values are: "Normal", "Debug", "Trace", "TraceAll".
+Defaults to "Normal".
 
 | `plugins`
 | `array (string)`
@@ -102,18 +113,32 @@ Type::
 
 | `route`
 | `object`
-| route contains hostname and secret reference that contains the serving certificate. If a custom route is specified, a new route will be created with the provided hostname, under which console will be available. In case of custom hostname uses the default routing suffix of the cluster, the Secret specification for a serving certificate will not be needed. In case of custom hostname points to an arbitrary domain, manual DNS configurations steps are necessary. The default console route will be maintained to reserve the default hostname for console if the custom route is removed. If not specified, default route will be used. DEPRECATED
+| route contains hostname and secret reference that contains the serving certificate.
+If a custom route is specified, a new route will be created with the
+provided hostname, under which console will be available.
+In case of custom hostname uses the default routing suffix of the cluster,
+the Secret specification for a serving certificate will not be needed.
+In case of custom hostname points to an arbitrary domain, manual DNS configurations steps are necessary.
+The default console route will be maintained to reserve the default hostname
+for console if the custom route is removed.
+If not specified, default route will be used.
+DEPRECATED
 
 | `unsupportedConfigOverrides`
 | ``
-| unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
+| unsupportedConfigOverrides overrides the final configuration that was computed by the operator.
+Red Hat does not support the use of this field.
+Misuse of this field could lead to unexpected behavior or conflict with other configuration options.
+Seek guidance from the Red Hat support before using this field.
+Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
 
 |===
 === .spec.customization
 Description::
 +
 --
-customization is used to optionally provide a small set of customization options to the web console.
+customization is used to optionally provide a small set of
+customization options to the web console.
 --
 
 Type::
@@ -132,11 +157,17 @@ Type::
 
 | `brand`
 | `string`
-| brand is the default branding of the web console which can be overridden by providing the brand field.  There is a limited set of specific brand options. This field controls elements of the console such as the logo. Invalid value will prevent a console rollout.
+| brand is the default branding of the web console which can be overridden by
+providing the brand field.  There is a limited set of specific brand options.
+This field controls elements of the console such as the logo.
+Invalid value will prevent a console rollout.
 
 | `capabilities`
 | `array`
-| capabilities defines an array of capabilities that can be interacted with in the console UI. Each capability defines a visual state that can be interacted with the console to render in the UI. Available capabilities are LightspeedButton. Each of the available capabilities may appear only once in the list.
+| capabilities defines an array of capabilities that can be interacted with in the console UI.
+Each capability defines a visual state that can be interacted with the console to render in the UI.
+Available capabilities are LightspeedButton and GettingStartedBanner.
+Each of the available capabilities may appear only once in the list.
 
 | `capabilities[]`
 | `object`
@@ -144,11 +175,20 @@ Type::
 
 | `customLogoFile`
 | `object`
-| customLogoFile replaces the default OpenShift logo in the masthead and about dialog. It is a reference to a ConfigMap in the openshift-config namespace. This can be created with a command like 'oc create configmap custom-logo --from-file=/path/to/file -n openshift-config'. Image size must be less than 1 MB due to constraints on the ConfigMap size. The ConfigMap key should include a file extension so that the console serves the file with the correct MIME type. Recommended logo specifications: Dimensions: Max height of 68px and max width of 200px SVG format preferred
+| customLogoFile replaces the default OpenShift logo in the masthead and about dialog. It is a reference to a
+ConfigMap in the openshift-config namespace. This can be created with a command like
+'oc create configmap custom-logo --from-file=/path/to/file -n openshift-config'.
+Image size must be less than 1 MB due to constraints on the ConfigMap size.
+The ConfigMap key should include a file extension so that the console serves the file
+with the correct MIME type.
+Recommended logo specifications:
+Dimensions: Max height of 68px and max width of 200px
+SVG format preferred
 
 | `customProductName`
 | `string`
-| customProductName is the name that will be displayed in page titles, logo alt text, and the about dialog instead of the normal OpenShift product name.
+| customProductName is the name that will be displayed in page titles, logo alt text, and the about dialog
+instead of the normal OpenShift product name.
 
 | `developerCatalog`
 | `object`
@@ -156,7 +196,10 @@ Type::
 
 | `documentationBaseURL`
 | `string`
-| documentationBaseURL links to external documentation are shown in various sections of the web console.  Providing documentationBaseURL will override the default documentation URL. Invalid value will prevent a console rollout.
+| documentationBaseURL links to external documentation are shown in various sections
+of the web console.  Providing documentationBaseURL will override the default
+documentation URL.
+Invalid value will prevent a console rollout.
 
 | `perspectives`
 | `array`
@@ -168,7 +211,9 @@ Type::
 
 | `projectAccess`
 | `object`
-| projectAccess allows customizing the available list of ClusterRoles in the Developer perspective Project access page which can be used by a project admin to specify roles to other users and restrict access within the project. If set, the list will replace the default ClusterRole options.
+| projectAccess allows customizing the available list of ClusterRoles in the Developer perspective
+Project access page which can be used by a project admin to specify roles to other users and
+restrict access within the project. If set, the list will replace the default ClusterRole options.
 
 | `quickStarts`
 | `object`
@@ -194,14 +239,18 @@ Type::
 
 | `disabledActions`
 | `array (string)`
-| disabledActions is a list of actions that are not shown to users. Each action in the list is represented by its ID.
+| disabledActions is a list of actions that are not shown to users.
+Each action in the list is represented by its ID.
 
 |===
 === .spec.customization.capabilities
 Description::
 +
 --
-capabilities defines an array of capabilities that can be interacted with in the console UI. Each capability defines a visual state that can be interacted with the console to render in the UI. Available capabilities are LightspeedButton. Each of the available capabilities may appear only once in the list.
+capabilities defines an array of capabilities that can be interacted with in the console UI.
+Each capability defines a visual state that can be interacted with the console to render in the UI.
+Available capabilities are LightspeedButton and GettingStartedBanner.
+Each of the available capabilities may appear only once in the list.
 --
 
 Type::
@@ -232,7 +281,8 @@ Required::
 
 | `name`
 | `string`
-| name is the unique name of a capability. Available capabilities are LightspeedButton.
+| name is the unique name of a capability.
+Available capabilities are LightspeedButton and GettingStartedBanner.
 
 | `visibility`
 | `object`
@@ -260,14 +310,24 @@ Required::
 
 | `state`
 | `string`
-| state defines if the capability is enabled or disabled in the console UI. Enabling the capability in the console UI is represented by the "Enabled" value. Disabling the capability in the console UI is represented by the "Disabled" value.
+| state defines if the capability is enabled or disabled in the console UI.
+Enabling the capability in the console UI is represented by the "Enabled" value.
+Disabling the capability in the console UI is represented by the "Disabled" value.
 
 |===
 === .spec.customization.customLogoFile
 Description::
 +
 --
-customLogoFile replaces the default OpenShift logo in the masthead and about dialog. It is a reference to a ConfigMap in the openshift-config namespace. This can be created with a command like 'oc create configmap custom-logo --from-file=/path/to/file -n openshift-config'. Image size must be less than 1 MB due to constraints on the ConfigMap size. The ConfigMap key should include a file extension so that the console serves the file with the correct MIME type. Recommended logo specifications: Dimensions: Max height of 68px and max width of 200px SVG format preferred
+customLogoFile replaces the default OpenShift logo in the masthead and about dialog. It is a reference to a
+ConfigMap in the openshift-config namespace. This can be created with a command like
+'oc create configmap custom-logo --from-file=/path/to/file -n openshift-config'.
+Image size must be less than 1 MB due to constraints on the ConfigMap size.
+The ConfigMap key should include a file extension so that the console serves the file
+with the correct MIME type.
+Recommended logo specifications:
+Dimensions: Max height of 68px and max width of 200px
+SVG format preferred
 --
 
 Type::
@@ -316,7 +376,8 @@ Type::
 
 | `types`
 | `object`
-| types allows enabling or disabling of sub-catalog types that user can see in the Developer catalog. When omitted, all the sub-catalog types will be shown.
+| types allows enabling or disabling of sub-catalog types that user can see in the Developer catalog.
+When omitted, all the sub-catalog types will be shown.
 
 |===
 === .spec.customization.developerCatalog.categories
@@ -354,7 +415,8 @@ Required::
 
 | `id`
 | `string`
-| ID is an identifier used in the URL to enable deep linking in console. ID is required and must have 1-32 URL safe (A-Z, a-z, 0-9, - and _) characters.
+| ID is an identifier used in the URL to enable deep linking in console.
+ID is required and must have 1-32 URL safe (A-Z, a-z, 0-9, - and _) characters.
 
 | `label`
 | `string`
@@ -370,7 +432,8 @@ Required::
 
 | `tags`
 | `array (string)`
-| tags is a list of strings that will match the category. A selected category show all items which has at least one overlapping tag between category and item.
+| tags is a list of strings that will match the category. A selected category
+show all items which has at least one overlapping tag between category and item.
 
 |===
 === .spec.customization.developerCatalog.categories[].subcategories
@@ -408,7 +471,8 @@ Required::
 
 | `id`
 | `string`
-| ID is an identifier used in the URL to enable deep linking in console. ID is required and must have 1-32 URL safe (A-Z, a-z, 0-9, - and _) characters.
+| ID is an identifier used in the URL to enable deep linking in console.
+ID is required and must have 1-32 URL safe (A-Z, a-z, 0-9, - and _) characters.
 
 | `label`
 | `string`
@@ -416,14 +480,16 @@ Required::
 
 | `tags`
 | `array (string)`
-| tags is a list of strings that will match the category. A selected category show all items which has at least one overlapping tag between category and item.
+| tags is a list of strings that will match the category. A selected category
+show all items which has at least one overlapping tag between category and item.
 
 |===
 === .spec.customization.developerCatalog.types
 Description::
 +
 --
-types allows enabling or disabling of sub-catalog types that user can see in the Developer catalog. When omitted, all the sub-catalog types will be shown.
+types allows enabling or disabling of sub-catalog types that user can see in the Developer catalog.
+When omitted, all the sub-catalog types will be shown.
 --
 
 Type::
@@ -440,11 +506,20 @@ Required::
 
 | `disabled`
 | `array (string)`
-| disabled is a list of developer catalog types (sub-catalogs IDs) that are not shown to users. Types (sub-catalogs) are added via console plugins, the available types (sub-catalog IDs) are available in the console on the cluster configuration page, or when editing the YAML in the console. Example: "Devfile", "HelmChart", "BuilderImage" If the list is empty or all the available sub-catalog types are added, then the complete developer catalog should be hidden.
+| disabled is a list of developer catalog types (sub-catalogs IDs) that are not shown to users.
+Types (sub-catalogs) are added via console plugins, the available types (sub-catalog IDs) are available
+in the console on the cluster configuration page, or when editing the YAML in the console.
+Example: "Devfile", "HelmChart", "BuilderImage"
+If the list is empty or all the available sub-catalog types are added, then the complete developer catalog should be hidden.
 
 | `enabled`
 | `array (string)`
-| enabled is a list of developer catalog types (sub-catalogs IDs) that will be shown to users. Types (sub-catalogs) are added via console plugins, the available types (sub-catalog IDs) are available in the console on the cluster configuration page, or when editing the YAML in the console. Example: "Devfile", "HelmChart", "BuilderImage" If the list is non-empty, a new type will not be shown to the user until it is added to list. If the list is empty the complete developer catalog will be shown.
+| enabled is a list of developer catalog types (sub-catalogs IDs) that will be shown to users.
+Types (sub-catalogs) are added via console plugins, the available types (sub-catalog IDs) are available
+in the console on the cluster configuration page, or when editing the YAML in the console.
+Example: "Devfile", "HelmChart", "BuilderImage"
+If the list is non-empty, a new type will not be shown to the user until it is added to list.
+If the list is empty the complete developer catalog will be shown.
 
 | `state`
 | `string`
@@ -486,11 +561,17 @@ Required::
 
 | `id`
 | `string`
-| id defines the id of the perspective. Example: "dev", "admin". The available perspective ids can be found in the code snippet section next to the yaml editor. Incorrect or unknown ids will be ignored.
+| id defines the id of the perspective.
+Example: "dev", "admin".
+The available perspective ids can be found in the code snippet section next to the yaml editor.
+Incorrect or unknown ids will be ignored.
 
 | `pinnedResources`
 | `array`
-| pinnedResources defines the list of default pinned resources that users will see on the perspective navigation if they have not customized these pinned resources themselves. The list of available Kubernetes resources could be read via `kubectl api-resources`. The console will also provide a configuration UI and a YAML snippet that will list the available resources that can be pinned to the navigation. Incorrect or unknown resources will be ignored.
+| pinnedResources defines the list of default pinned resources that users will see on the perspective navigation if they have not customized these pinned resources themselves.
+The list of available Kubernetes resources could be read via `kubectl api-resources`.
+The console will also provide a configuration UI and a YAML snippet that will list the available resources that can be pinned to the navigation.
+Incorrect or unknown resources will be ignored.
 
 | `pinnedResources[]`
 | `object`
@@ -505,7 +586,10 @@ Required::
 Description::
 +
 --
-pinnedResources defines the list of default pinned resources that users will see on the perspective navigation if they have not customized these pinned resources themselves. The list of available Kubernetes resources could be read via `kubectl api-resources`. The console will also provide a configuration UI and a YAML snippet that will list the available resources that can be pinned to the navigation. Incorrect or unknown resources will be ignored.
+pinnedResources defines the list of default pinned resources that users will see on the perspective navigation if they have not customized these pinned resources themselves.
+The list of available Kubernetes resources could be read via `kubectl api-resources`.
+The console will also provide a configuration UI and a YAML snippet that will list the available resources that can be pinned to the navigation.
+Incorrect or unknown resources will be ignored.
 --
 
 Type::
@@ -537,15 +621,23 @@ Required::
 
 | `group`
 | `string`
-| group is the API Group of the Resource. Enter empty string for the core group. This value should consist of only lowercase alphanumeric characters, hyphens and periods. Example: "", "apps", "build.openshift.io", etc.
+| group is the API Group of the Resource.
+Enter empty string for the core group.
+This value should consist of only lowercase alphanumeric characters, hyphens and periods.
+Example: "", "apps", "build.openshift.io", etc.
 
 | `resource`
 | `string`
-| resource is the type that is being referenced. It is normally the plural form of the resource kind in lowercase. This value should consist of only lowercase alphanumeric characters and hyphens. Example: "deployments", "deploymentconfigs", "pods", etc.
+| resource is the type that is being referenced.
+It is normally the plural form of the resource kind in lowercase.
+This value should consist of only lowercase alphanumeric characters and hyphens.
+Example: "deployments", "deploymentconfigs", "pods", etc.
 
 | `version`
 | `string`
-| version is the API Version of the Resource. This value should consist of only lowercase alphanumeric characters. Example: "v1", "v1beta1", etc.
+| version is the API Version of the Resource.
+This value should consist of only lowercase alphanumeric characters.
+Example: "v1", "v1beta1", etc.
 
 |===
 === .spec.customization.perspectives[].visibility
@@ -640,17 +732,34 @@ Type::
 |===
 | Property | Type | Description
 
+| `fieldSelector`
+| `object`
+| fieldSelector describes the limitation on access based on field.  It can only limit access, not broaden it.
+
+This field  is alpha-level. To use this field, you must enable the
+`AuthorizeWithSelectors` feature gate (disabled by default).
+
 | `group`
 | `string`
 | Group is the API Group of the Resource.  "*" means all.
 
+| `labelSelector`
+| `object`
+| labelSelector describes the limitation on access based on labels.  It can only limit access, not broaden it.
+
+This field  is alpha-level. To use this field, you must enable the
+`AuthorizeWithSelectors` feature gate (disabled by default).
+
 | `name`
 | `string`
 | Name is the name of the resource being requested for a "get" or deleted for a "delete". "" (empty) means all.
 
 | `namespace`
 | `string`
-| Namespace is the namespace of the action being requested.  Currently, there is no distinction between no namespace and all namespaces "" (empty) is defaulted for LocalSubjectAccessReviews "" (empty) is empty for cluster-scoped resources "" (empty) means "all" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview
+| Namespace is the namespace of the action being requested.  Currently, there is no distinction between no namespace and all namespaces
+"" (empty) is defaulted for LocalSubjectAccessReviews
+"" (empty) is empty for cluster-scoped resources
+"" (empty) means "all" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview
 
 | `resource`
 | `string`
@@ -668,6 +777,196 @@ Type::
 | `string`
 | Version is the API Version of the Resource.  "*" means all.
 
+|===
+=== .spec.customization.perspectives[].visibility.accessReview.missing[].fieldSelector
+Description::
++
+--
+fieldSelector describes the limitation on access based on field.  It can only limit access, not broaden it.
+
+This field  is alpha-level. To use this field, you must enable the
+`AuthorizeWithSelectors` feature gate (disabled by default).
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `rawSelector`
+| `string`
+| rawSelector is the serialization of a field selector that would be included in a query parameter.
+Webhook implementations are encouraged to ignore rawSelector.
+The kube-apiserver's *SubjectAccessReview will parse the rawSelector as long as the requirements are not present.
+
+| `requirements`
+| `array`
+| requirements is the parsed interpretation of a field selector.
+All requirements must be met for a resource instance to match the selector.
+Webhook implementations should handle requirements, but how to handle them is up to the webhook.
+Since requirements can only limit the request, it is safe to authorize as unlimited request if the requirements
+are not understood.
+
+| `requirements[]`
+| `object`
+| FieldSelectorRequirement is a selector that contains values, a key, and an operator that
+relates the key and values.
+
+|===
+=== .spec.customization.perspectives[].visibility.accessReview.missing[].fieldSelector.requirements
+Description::
++
+--
+requirements is the parsed interpretation of a field selector.
+All requirements must be met for a resource instance to match the selector.
+Webhook implementations should handle requirements, but how to handle them is up to the webhook.
+Since requirements can only limit the request, it is safe to authorize as unlimited request if the requirements
+are not understood.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.customization.perspectives[].visibility.accessReview.missing[].fieldSelector.requirements[]
+Description::
++
+--
+FieldSelectorRequirement is a selector that contains values, a key, and an operator that
+relates the key and values.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `operator`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| key is the field selector key that the requirement applies to.
+
+| `operator`
+| `string`
+| operator represents a key's relationship to a set of values.
+Valid operators are In, NotIn, Exists, DoesNotExist.
+The list of operators may grow in the future.
+
+| `values`
+| `array (string)`
+| values is an array of string values.
+If the operator is In or NotIn, the values array must be non-empty.
+If the operator is Exists or DoesNotExist, the values array must be empty.
+
+|===
+=== .spec.customization.perspectives[].visibility.accessReview.missing[].labelSelector
+Description::
++
+--
+labelSelector describes the limitation on access based on labels.  It can only limit access, not broaden it.
+
+This field  is alpha-level. To use this field, you must enable the
+`AuthorizeWithSelectors` feature gate (disabled by default).
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `rawSelector`
+| `string`
+| rawSelector is the serialization of a field selector that would be included in a query parameter.
+Webhook implementations are encouraged to ignore rawSelector.
+The kube-apiserver's *SubjectAccessReview will parse the rawSelector as long as the requirements are not present.
+
+| `requirements`
+| `array`
+| requirements is the parsed interpretation of a label selector.
+All requirements must be met for a resource instance to match the selector.
+Webhook implementations should handle requirements, but how to handle them is up to the webhook.
+Since requirements can only limit the request, it is safe to authorize as unlimited request if the requirements
+are not understood.
+
+| `requirements[]`
+| `object`
+| A label selector requirement is a selector that contains values, a key, and an operator that
+relates the key and values.
+
+|===
+=== .spec.customization.perspectives[].visibility.accessReview.missing[].labelSelector.requirements
+Description::
++
+--
+requirements is the parsed interpretation of a label selector.
+All requirements must be met for a resource instance to match the selector.
+Webhook implementations should handle requirements, but how to handle them is up to the webhook.
+Since requirements can only limit the request, it is safe to authorize as unlimited request if the requirements
+are not understood.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.customization.perspectives[].visibility.accessReview.missing[].labelSelector.requirements[]
+Description::
++
+--
+A label selector requirement is a selector that contains values, a key, and an operator that
+relates the key and values.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `operator`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| key is the label key that the selector applies to.
+
+| `operator`
+| `string`
+| operator represents a key's relationship to a set of values.
+Valid operators are In, NotIn, Exists and DoesNotExist.
+
+| `values`
+| `array (string)`
+| values is an array of string values. If the operator is In or NotIn,
+the values array must be non-empty. If the operator is Exists or DoesNotExist,
+the values array must be empty. This array is replaced during a strategic
+merge patch.
+
 |===
 === .spec.customization.perspectives[].visibility.accessReview.required
 Description::
@@ -699,17 +998,34 @@ Type::
 |===
 | Property | Type | Description
 
+| `fieldSelector`
+| `object`
+| fieldSelector describes the limitation on access based on field.  It can only limit access, not broaden it.
+
+This field  is alpha-level. To use this field, you must enable the
+`AuthorizeWithSelectors` feature gate (disabled by default).
+
 | `group`
 | `string`
 | Group is the API Group of the Resource.  "*" means all.
 
+| `labelSelector`
+| `object`
+| labelSelector describes the limitation on access based on labels.  It can only limit access, not broaden it.
+
+This field  is alpha-level. To use this field, you must enable the
+`AuthorizeWithSelectors` feature gate (disabled by default).
+
 | `name`
 | `string`
 | Name is the name of the resource being requested for a "get" or deleted for a "delete". "" (empty) means all.
 
 | `namespace`
 | `string`
-| Namespace is the namespace of the action being requested.  Currently, there is no distinction between no namespace and all namespaces "" (empty) is defaulted for LocalSubjectAccessReviews "" (empty) is empty for cluster-scoped resources "" (empty) means "all" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview
+| Namespace is the namespace of the action being requested.  Currently, there is no distinction between no namespace and all namespaces
+"" (empty) is defaulted for LocalSubjectAccessReviews
+"" (empty) is empty for cluster-scoped resources
+"" (empty) means "all" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview
 
 | `resource`
 | `string`
@@ -727,12 +1043,204 @@ Type::
 | `string`
 | Version is the API Version of the Resource.  "*" means all.
 
+|===
+=== .spec.customization.perspectives[].visibility.accessReview.required[].fieldSelector
+Description::
++
+--
+fieldSelector describes the limitation on access based on field.  It can only limit access, not broaden it.
+
+This field  is alpha-level. To use this field, you must enable the
+`AuthorizeWithSelectors` feature gate (disabled by default).
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `rawSelector`
+| `string`
+| rawSelector is the serialization of a field selector that would be included in a query parameter.
+Webhook implementations are encouraged to ignore rawSelector.
+The kube-apiserver's *SubjectAccessReview will parse the rawSelector as long as the requirements are not present.
+
+| `requirements`
+| `array`
+| requirements is the parsed interpretation of a field selector.
+All requirements must be met for a resource instance to match the selector.
+Webhook implementations should handle requirements, but how to handle them is up to the webhook.
+Since requirements can only limit the request, it is safe to authorize as unlimited request if the requirements
+are not understood.
+
+| `requirements[]`
+| `object`
+| FieldSelectorRequirement is a selector that contains values, a key, and an operator that
+relates the key and values.
+
+|===
+=== .spec.customization.perspectives[].visibility.accessReview.required[].fieldSelector.requirements
+Description::
++
+--
+requirements is the parsed interpretation of a field selector.
+All requirements must be met for a resource instance to match the selector.
+Webhook implementations should handle requirements, but how to handle them is up to the webhook.
+Since requirements can only limit the request, it is safe to authorize as unlimited request if the requirements
+are not understood.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.customization.perspectives[].visibility.accessReview.required[].fieldSelector.requirements[]
+Description::
++
+--
+FieldSelectorRequirement is a selector that contains values, a key, and an operator that
+relates the key and values.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `operator`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| key is the field selector key that the requirement applies to.
+
+| `operator`
+| `string`
+| operator represents a key's relationship to a set of values.
+Valid operators are In, NotIn, Exists, DoesNotExist.
+The list of operators may grow in the future.
+
+| `values`
+| `array (string)`
+| values is an array of string values.
+If the operator is In or NotIn, the values array must be non-empty.
+If the operator is Exists or DoesNotExist, the values array must be empty.
+
+|===
+=== .spec.customization.perspectives[].visibility.accessReview.required[].labelSelector
+Description::
++
+--
+labelSelector describes the limitation on access based on labels.  It can only limit access, not broaden it.
+
+This field  is alpha-level. To use this field, you must enable the
+`AuthorizeWithSelectors` feature gate (disabled by default).
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `rawSelector`
+| `string`
+| rawSelector is the serialization of a field selector that would be included in a query parameter.
+Webhook implementations are encouraged to ignore rawSelector.
+The kube-apiserver's *SubjectAccessReview will parse the rawSelector as long as the requirements are not present.
+
+| `requirements`
+| `array`
+| requirements is the parsed interpretation of a label selector.
+All requirements must be met for a resource instance to match the selector.
+Webhook implementations should handle requirements, but how to handle them is up to the webhook.
+Since requirements can only limit the request, it is safe to authorize as unlimited request if the requirements
+are not understood.
+
+| `requirements[]`
+| `object`
+| A label selector requirement is a selector that contains values, a key, and an operator that
+relates the key and values.
+
+|===
+=== .spec.customization.perspectives[].visibility.accessReview.required[].labelSelector.requirements
+Description::
++
+--
+requirements is the parsed interpretation of a label selector.
+All requirements must be met for a resource instance to match the selector.
+Webhook implementations should handle requirements, but how to handle them is up to the webhook.
+Since requirements can only limit the request, it is safe to authorize as unlimited request if the requirements
+are not understood.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.customization.perspectives[].visibility.accessReview.required[].labelSelector.requirements[]
+Description::
++
+--
+A label selector requirement is a selector that contains values, a key, and an operator that
+relates the key and values.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `operator`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| key is the label key that the selector applies to.
+
+| `operator`
+| `string`
+| operator represents a key's relationship to a set of values.
+Valid operators are In, NotIn, Exists and DoesNotExist.
+
+| `values`
+| `array (string)`
+| values is an array of string values. If the operator is In or NotIn,
+the values array must be non-empty. If the operator is Exists or DoesNotExist,
+the values array must be empty. This array is replaced during a strategic
+merge patch.
+
 |===
 === .spec.customization.projectAccess
 Description::
 +
 --
-projectAccess allows customizing the available list of ClusterRoles in the Developer perspective Project access page which can be used by a project admin to specify roles to other users and restrict access within the project. If set, the list will replace the default ClusterRole options.
+projectAccess allows customizing the available list of ClusterRoles in the Developer perspective
+Project access page which can be used by a project admin to specify roles to other users and
+restrict access within the project. If set, the list will replace the default ClusterRole options.
 --
 
 Type::
@@ -747,7 +1255,8 @@ Type::
 
 | `availableClusterRoles`
 | `array (string)`
-| availableClusterRoles is the list of ClusterRole names that are assignable to users through the project access tab.
+| availableClusterRoles is the list of ClusterRole names that are assignable to users
+through the project access tab.
 
 |===
 === .spec.customization.quickStarts
@@ -776,7 +1285,9 @@ Type::
 Description::
 +
 --
-ingress allows to configure the alternative ingress for the console. This field is intended for clusters without ingress capability, where access to routes is not possible.
+ingress allows to configure the alternative ingress for the console.
+This field is intended for clusters without ingress capability,
+where access to routes is not possible.
 --
 
 Type::
@@ -791,11 +1302,24 @@ Type::
 
 | `clientDownloadsURL`
 | `string`
-| clientDownloadsURL is a URL to be used as the address to download client binaries. If not specified, the downloads route hostname will be used. This field is required for clusters without ingress capability, where access to routes is not possible. The console operator will monitor the URL and may go degraded if it's unreachable for an extended period. Must use the HTTPS scheme.
+| clientDownloadsURL is a URL to be used as the address to download client binaries.
+If not specified, the downloads route hostname will be used.
+This field is required for clusters without ingress capability,
+where access to routes is not possible.
+The console operator will monitor the URL and may go degraded
+if it's unreachable for an extended period.
+Must use the HTTPS scheme.
 
 | `consoleURL`
 | `string`
-| consoleURL is a URL to be used as the base console address. If not specified, the console route hostname will be used. This field is required for clusters without ingress capability, where access to routes is not possible. Make sure that appropriate ingress is set up at this URL. The console operator will monitor the URL and may go degraded if it's unreachable for an extended period. Must use the HTTPS scheme.
+| consoleURL is a URL to be used as the base console address.
+If not specified, the console route hostname will be used.
+This field is required for clusters without ingress capability,
+where access to routes is not possible.
+Make sure that appropriate ingress is set up at this URL.
+The console operator will monitor the URL and may go degraded
+if it's unreachable for an extended period.
+Must use the HTTPS scheme.
 
 |===
 === .spec.providers
@@ -846,7 +1370,16 @@ Type::
 Description::
 +
 --
-route contains hostname and secret reference that contains the serving certificate. If a custom route is specified, a new route will be created with the provided hostname, under which console will be available. In case of custom hostname uses the default routing suffix of the cluster, the Secret specification for a serving certificate will not be needed. In case of custom hostname points to an arbitrary domain, manual DNS configurations steps are necessary. The default console route will be maintained to reserve the default hostname for console if the custom route is removed. If not specified, default route will be used. DEPRECATED
+route contains hostname and secret reference that contains the serving certificate.
+If a custom route is specified, a new route will be created with the
+provided hostname, under which console will be available.
+In case of custom hostname uses the default routing suffix of the cluster,
+the Secret specification for a serving certificate will not be needed.
+In case of custom hostname points to an arbitrary domain, manual DNS configurations steps are necessary.
+The default console route will be maintained to reserve the default hostname
+for console if the custom route is removed.
+If not specified, default route will be used.
+DEPRECATED
 --
 
 Type::
@@ -865,14 +1398,26 @@ Type::
 
 | `secret`
 | `object`
-| secret points to secret in the openshift-config namespace that contains custom certificate and key and needs to be created manually by the cluster admin. Referenced Secret is required to contain following key value pairs: - "tls.crt" - to specifies custom certificate - "tls.key" - to specifies private key of the custom certificate If the custom hostname uses the default routing suffix of the cluster, the Secret specification for a serving certificate will not be needed.
+| secret points to secret in the openshift-config namespace that contains custom
+certificate and key and needs to be created manually by the cluster admin.
+Referenced Secret is required to contain following key value pairs:
+- "tls.crt" - to specifies custom certificate
+- "tls.key" - to specifies private key of the custom certificate
+If the custom hostname uses the default routing suffix of the cluster,
+the Secret specification for a serving certificate will not be needed.
 
 |===
 === .spec.route.secret
 Description::
 +
 --
-secret points to secret in the openshift-config namespace that contains custom certificate and key and needs to be created manually by the cluster admin. Referenced Secret is required to contain following key value pairs: - "tls.crt" - to specifies custom certificate - "tls.key" - to specifies private key of the custom certificate If the custom hostname uses the default routing suffix of the cluster, the Secret specification for a serving certificate will not be needed.
+secret points to secret in the openshift-config namespace that contains custom
+certificate and key and needs to be created manually by the cluster admin.
+Referenced Secret is required to contain following key value pairs:
+- "tls.crt" - to specifies custom certificate
+- "tls.key" - to specifies private key of the custom certificate
+If the custom hostname uses the default routing suffix of the cluster,
+the Secret specification for a serving certificate will not be needed.
 --
 
 Type::
@@ -925,6 +1470,10 @@ Type::
 | `object`
 | GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.
 
+| `latestAvailableRevision`
+| `integer`
+| latestAvailableRevision is the deploymentID of the most recent deployment
+
 | `observedGeneration`
 | `integer`
 | observedGeneration is the last generation change you've dealt with
@@ -962,6 +1511,8 @@ Type::
   `object`
 
 Required::
+  - `lastTransitionTime`
+  - `status`
   - `type`
 
 
@@ -972,7 +1523,8 @@ Required::
 
 | `lastTransitionTime`
 | `string`
-| 
+| lastTransitionTime is the last time the condition transitioned from one status to another.
+This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
 
 | `message`
 | `string`
@@ -984,11 +1536,11 @@ Required::
 
 | `status`
 | `string`
-| 
+| status of the condition, one of True, False, Unknown.
 
 | `type`
 | `string`
-| 
+| type of condition in CamelCase or in foo.example.com/CamelCase.
 
 |===
 === .status.generations
@@ -1014,6 +1566,11 @@ GenerationStatus keeps track of the generation for a given resource so that deci
 Type::
   `object`
 
+Required::
+  - `group`
+  - `name`
+  - `namespace`
+  - `resource`
 
 
 
diff --git a/rest_api/operator_apis/csisnapshotcontroller-operator-openshift-io-v1.adoc b/rest_api/operator_apis/csisnapshotcontroller-operator-openshift-io-v1.adoc
index 2e40d9cff4..5239648536 100644
--- a/rest_api/operator_apis/csisnapshotcontroller-operator-openshift-io-v1.adoc
+++ b/rest_api/operator_apis/csisnapshotcontroller-operator-openshift-io-v1.adoc
@@ -11,8 +11,9 @@ toc::[]
 Description::
 +
 --
-CSISnapshotController provides a means to configure an operator to manage the CSI snapshots. `cluster` is the canonical name. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+CSISnapshotController provides a means to configure an operator to manage the CSI snapshots. `cluster` is the canonical name.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -68,8 +69,11 @@ Type::
 
 | `logLevel`
 | `string`
-| logLevel is an intent based logging for an overall component.  It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. 
- Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".
+| logLevel is an intent based logging for an overall component.  It does not give fine grained control, but it is a
+simple way to manage coarse grained logging choices that operators have to interpret for their operands.
+
+Valid values are: "Normal", "Debug", "Trace", "TraceAll".
+Defaults to "Normal".
 
 | `managementState`
 | `string`
@@ -77,16 +81,24 @@ Type::
 
 | `observedConfig`
 | ``
-| observedConfig holds a sparse config that controller has observed from the cluster state.  It exists in spec because it is an input to the level for the operator
+| observedConfig holds a sparse config that controller has observed from the cluster state.  It exists in spec because
+it is an input to the level for the operator
 
 | `operatorLogLevel`
 | `string`
-| operatorLogLevel is an intent based logging for the operator itself.  It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. 
- Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".
+| operatorLogLevel is an intent based logging for the operator itself.  It does not give fine grained control, but it is a
+simple way to manage coarse grained logging choices that operators have to interpret for themselves.
+
+Valid values are: "Normal", "Debug", "Trace", "TraceAll".
+Defaults to "Normal".
 
 | `unsupportedConfigOverrides`
 | ``
-| unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
+| unsupportedConfigOverrides overrides the final configuration that was computed by the operator.
+Red Hat does not support the use of this field.
+Misuse of this field could lead to unexpected behavior or conflict with other configuration options.
+Seek guidance from the Red Hat support before using this field.
+Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
 
 |===
 === .status
@@ -122,6 +134,10 @@ Type::
 | `object`
 | GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.
 
+| `latestAvailableRevision`
+| `integer`
+| latestAvailableRevision is the deploymentID of the most recent deployment
+
 | `observedGeneration`
 | `integer`
 | observedGeneration is the last generation change you've dealt with
@@ -158,6 +174,10 @@ OperatorCondition is just the standard condition fields.
 Type::
   `object`
 
+Required::
+  - `lastTransitionTime`
+  - `status`
+  - `type`
 
 
 
@@ -167,7 +187,8 @@ Type::
 
 | `lastTransitionTime`
 | `string`
-| 
+| lastTransitionTime is the last time the condition transitioned from one status to another.
+This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
 
 | `message`
 | `string`
@@ -179,11 +200,11 @@ Type::
 
 | `status`
 | `string`
-| 
+| status of the condition, one of True, False, Unknown.
 
 | `type`
 | `string`
-| 
+| type of condition in CamelCase or in foo.example.com/CamelCase.
 
 |===
 === .status.generations
@@ -209,6 +230,11 @@ GenerationStatus keeps track of the generation for a given resource so that deci
 Type::
   `object`
 
+Required::
+  - `group`
+  - `name`
+  - `namespace`
+  - `resource`
 
 
 
diff --git a/rest_api/operator_apis/dnsrecord-ingress-operator-openshift-io-v1.adoc b/rest_api/operator_apis/dnsrecord-ingress-operator-openshift-io-v1.adoc
index 5f2c3d9e25..0cef88462e 100644
--- a/rest_api/operator_apis/dnsrecord-ingress-operator-openshift-io-v1.adoc
+++ b/rest_api/operator_apis/dnsrecord-ingress-operator-openshift-io-v1.adoc
@@ -11,10 +11,16 @@ toc::[]
 Description::
 +
 --
-DNSRecord is a DNS record managed in the zones defined by dns.config.openshift.io/cluster .spec.publicZone and .spec.privateZone. 
- Cluster admin manipulation of this resource is not supported. This resource is only for internal communication of OpenShift operators. 
- If DNSManagementPolicy is "Unmanaged", the operator will not be responsible for managing the DNS records on the cloud provider. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+DNSRecord is a DNS record managed in the zones defined by
+dns.config.openshift.io/cluster .spec.publicZone and .spec.privateZone.
+
+Cluster admin manipulation of this resource is not supported. This resource
+is only for internal communication of OpenShift operators.
+
+If DNSManagementPolicy is "Unmanaged", the operator will not be responsible
+for managing the DNS records on the cloud provider.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -74,8 +80,16 @@ Required::
 
 | `dnsManagementPolicy`
 | `string`
-| dnsManagementPolicy denotes the current policy applied on the DNS record. Records that have policy set as "Unmanaged" are ignored by the ingress operator.  This means that the DNS record on the cloud provider is not managed by the operator, and the "Published" status condition will be updated to "Unknown" status, since it is externally managed. Any existing record on the cloud provider can be deleted at the discretion of the cluster admin. 
- This field defaults to Managed. Valid values are "Managed" and "Unmanaged".
+| dnsManagementPolicy denotes the current policy applied on the DNS
+record. Records that have policy set as "Unmanaged" are ignored by
+the ingress operator.  This means that the DNS record on the cloud
+provider is not managed by the operator, and the "Published" status
+condition will be updated to "Unknown" status, since it is externally
+managed. Any existing record on the cloud provider can be deleted at
+the discretion of the cluster admin.
+
+This field defaults to Managed. Valid values are "Managed" and
+"Unmanaged".
 
 | `dnsName`
 | `string`
@@ -83,7 +97,9 @@ Required::
 
 | `recordTTL`
 | `integer`
-| recordTTL is the record TTL in seconds. If zero, the default is 30. RecordTTL will not be used in AWS regions Alias targets, but will be used in CNAME targets, per AWS API contract.
+| recordTTL is the record TTL in seconds. If zero, the default is 30.
+RecordTTL will not be used in AWS regions Alias targets, but
+will be used in CNAME targets, per AWS API contract.
 
 | `recordType`
 | `string`
@@ -113,7 +129,12 @@ Type::
 
 | `observedGeneration`
 | `integer`
-| observedGeneration is the most recently observed generation of the DNSRecord.  When the DNSRecord is updated, the controller updates the corresponding record in each managed zone.  If an update for a particular zone fails, that failure is recorded in the status condition for the zone so that the controller can determine that it needs to retry the update for that specific zone.
+| observedGeneration is the most recently observed generation of the
+DNSRecord.  When the DNSRecord is updated, the controller updates the
+corresponding record in each managed zone.  If an update for a
+particular zone fails, that failure is recorded in the status
+condition for the zone so that the controller can determine that it
+needs to retry the update for that specific zone.
 
 | `zones`
 | `array`
@@ -156,8 +177,11 @@ Type::
 
 | `conditions`
 | `array`
-| conditions are any conditions associated with the record in the zone. 
- If publishing the record succeeds, the "Published" condition will be set with status "True" and upon failure it will be set to "False" along with the reason and message describing the cause of the failure.
+| conditions are any conditions associated with the record in the zone.
+
+If publishing the record succeeds, the "Published" condition will be
+set with status "True" and upon failure it will be set to "False" along
+with the reason and message describing the cause of the failure.
 
 | `conditions[]`
 | `object`
@@ -172,8 +196,11 @@ Type::
 Description::
 +
 --
-conditions are any conditions associated with the record in the zone. 
- If publishing the record succeeds, the "Published" condition will be set with status "True" and upon failure it will be set to "False" along with the reason and message describing the cause of the failure.
+conditions are any conditions associated with the record in the zone.
+
+If publishing the record succeeds, the "Published" condition will be
+set with status "True" and upon failure it will be set to "False" along
+with the reason and message describing the cause of the failure.
 --
 
 Type::
@@ -242,15 +269,23 @@ Type::
 
 | `id`
 | `string`
-| id is the identifier that can be used to find the DNS hosted zone. 
- on AWS zone can be fetched using `ID` as id in [1] on Azure zone can be fetched using `ID` as a pre-determined name in [2], on GCP zone can be fetched using `ID` as a pre-determined name in [3]. 
- [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get
+| id is the identifier that can be used to find the DNS hosted zone.
+
+on AWS zone can be fetched using `ID` as id in [1]
+on Azure zone can be fetched using `ID` as a pre-determined name in [2],
+on GCP zone can be fetched using `ID` as a pre-determined name in [3].
+
+[1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options
+[2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show
+[3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get
 
 | `tags`
 | `object (string)`
-| tags can be used to query the DNS hosted zone. 
- on AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using `Tags` as tag-filters, 
- [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options
+| tags can be used to query the DNS hosted zone.
+
+on AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using `Tags` as tag-filters,
+
+[1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options
 
 |===
 
diff --git a/rest_api/operator_apis/etcd-operator-openshift-io-v1.adoc b/rest_api/operator_apis/etcd-operator-openshift-io-v1.adoc
index 44d125bb88..67306fcde6 100644
--- a/rest_api/operator_apis/etcd-operator-openshift-io-v1.adoc
+++ b/rest_api/operator_apis/etcd-operator-openshift-io-v1.adoc
@@ -11,8 +11,9 @@ toc::[]
 Description::
 +
 --
-Etcd provides information to configure an operator to manage etcd. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+Etcd provides information to configure an operator to manage etcd.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -68,20 +69,31 @@ Type::
 
 | `controlPlaneHardwareSpeed`
 | `string`
-| HardwareSpeed allows user to change the etcd tuning profile which configures the latency parameters for heartbeat interval and leader election timeouts allowing the cluster to tolerate longer round-trip-times between etcd members. Valid values are "", "Standard" and "Slower". "" means no opinion and the platform is left to choose a reasonable default which is subject to change without notice.
+| HardwareSpeed allows user to change the etcd tuning profile which configures
+the latency parameters for heartbeat interval and leader election timeouts
+allowing the cluster to tolerate longer round-trip-times between etcd members.
+Valid values are "", "Standard" and "Slower".
+	"" means no opinion and the platform is left to choose a reasonable default
+	which is subject to change without notice.
 
 | `failedRevisionLimit`
 | `integer`
-| failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)
+| failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api
+-1 = unlimited, 0 or unset = 5 (default)
 
 | `forceRedeploymentReason`
 | `string`
-| forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work this time instead of failing again on the same config.
+| forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string.
+This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work
+this time instead of failing again on the same config.
 
 | `logLevel`
 | `string`
-| logLevel is an intent based logging for an overall component.  It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. 
- Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".
+| logLevel is an intent based logging for an overall component.  It does not give fine grained control, but it is a
+simple way to manage coarse grained logging choices that operators have to interpret for their operands.
+
+Valid values are: "Normal", "Debug", "Trace", "TraceAll".
+Defaults to "Normal".
 
 | `managementState`
 | `string`
@@ -89,20 +101,29 @@ Type::
 
 | `observedConfig`
 | ``
-| observedConfig holds a sparse config that controller has observed from the cluster state.  It exists in spec because it is an input to the level for the operator
+| observedConfig holds a sparse config that controller has observed from the cluster state.  It exists in spec because
+it is an input to the level for the operator
 
 | `operatorLogLevel`
 | `string`
-| operatorLogLevel is an intent based logging for the operator itself.  It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. 
- Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".
+| operatorLogLevel is an intent based logging for the operator itself.  It does not give fine grained control, but it is a
+simple way to manage coarse grained logging choices that operators have to interpret for themselves.
+
+Valid values are: "Normal", "Debug", "Trace", "TraceAll".
+Defaults to "Normal".
 
 | `succeededRevisionLimit`
 | `integer`
-| succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)
+| succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api
+-1 = unlimited, 0 or unset = 5 (default)
 
 | `unsupportedConfigOverrides`
 | ``
-| unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
+| unsupportedConfigOverrides overrides the final configuration that was computed by the operator.
+Red Hat does not support the use of this field.
+Misuse of this field could lead to unexpected behavior or conflict with other configuration options.
+Seek guidance from the Red Hat support before using this field.
+Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
 
 |===
 === .status
@@ -195,6 +216,8 @@ Type::
   `object`
 
 Required::
+  - `lastTransitionTime`
+  - `status`
   - `type`
 
 
@@ -205,7 +228,8 @@ Required::
 
 | `lastTransitionTime`
 | `string`
-| 
+| lastTransitionTime is the last time the condition transitioned from one status to another.
+This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
 
 | `message`
 | `string`
@@ -217,11 +241,11 @@ Required::
 
 | `status`
 | `string`
-| 
+| status of the condition, one of True, False, Unknown.
 
 | `type`
 | `string`
-| 
+| type of condition in CamelCase or in foo.example.com/CamelCase.
 
 |===
 === .status.generations
@@ -247,6 +271,11 @@ GenerationStatus keeps track of the generation for a given resource so that deci
 Type::
   `object`
 
+Required::
+  - `group`
+  - `name`
+  - `namespace`
+  - `resource`
 
 
 
diff --git a/rest_api/operator_apis/imagecontentsourcepolicy-operator-openshift-io-v1alpha1.adoc b/rest_api/operator_apis/imagecontentsourcepolicy-operator-openshift-io-v1alpha1.adoc
index 29ca0d4ac7..1d92987920 100644
--- a/rest_api/operator_apis/imagecontentsourcepolicy-operator-openshift-io-v1alpha1.adoc
+++ b/rest_api/operator_apis/imagecontentsourcepolicy-operator-openshift-io-v1alpha1.adoc
@@ -11,8 +11,10 @@ toc::[]
 Description::
 +
 --
-ImageContentSourcePolicy holds cluster-wide information about how to handle registry mirror rules. When multiple policies are defined, the outcome of the behavior is defined on each field. 
- Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.
+ImageContentSourcePolicy holds cluster-wide information about how to handle registry mirror rules.
+When multiple policies are defined, the outcome of the behavior is defined on each field.
+
+Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.
 --
 
 Type::
@@ -64,22 +66,49 @@ Type::
 
 | `repositoryDigestMirrors`
 | `array`
-| repositoryDigestMirrors allows images referenced by image digests in pods to be pulled from alternative mirrored repository locations. The image pull specification provided to the pod will be compared to the source locations described in RepositoryDigestMirrors and the image may be pulled down from any of the mirrors in the list instead of the specified repository allowing administrators to choose a potentially faster mirror. Only image pull specifications that have an image digest will have this behavior applied to them - tags will continue to be pulled from the specified repository in the pull spec. 
- Each “source” repository is treated independently; configurations for different “source” repositories don’t interact. 
- When multiple policies are defined for the same “source” repository, the sets of defined mirrors will be merged together, preserving the relative order of the mirrors, if possible. For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the mirrors will be used in the order `a, b, c, d, e`.  If the orders of mirror entries conflict (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified.
+| repositoryDigestMirrors allows images referenced by image digests in pods to be
+pulled from alternative mirrored repository locations. The image pull specification
+provided to the pod will be compared to the source locations described in RepositoryDigestMirrors
+and the image may be pulled down from any of the mirrors in the list instead of the
+specified repository allowing administrators to choose a potentially faster mirror.
+Only image pull specifications that have an image digest will have this behavior applied
+to them - tags will continue to be pulled from the specified repository in the pull spec.
+
+Each “source” repository is treated independently; configurations for different “source”
+repositories don’t interact.
+
+When multiple policies are defined for the same “source” repository, the sets of defined
+mirrors will be merged together, preserving the relative order of the mirrors, if possible.
+For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the
+mirrors will be used in the order `a, b, c, d, e`.  If the orders of mirror entries conflict
+(e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified.
 
 | `repositoryDigestMirrors[]`
 | `object`
-| RepositoryDigestMirrors holds cluster-wide information about how to handle mirros in the registries config. Note: the mirrors only work when pulling the images that are referenced by their digests.
+| RepositoryDigestMirrors holds cluster-wide information about how to handle mirros in the registries config.
+Note: the mirrors only work when pulling the images that are referenced by their digests.
 
 |===
 === .spec.repositoryDigestMirrors
 Description::
 +
 --
-repositoryDigestMirrors allows images referenced by image digests in pods to be pulled from alternative mirrored repository locations. The image pull specification provided to the pod will be compared to the source locations described in RepositoryDigestMirrors and the image may be pulled down from any of the mirrors in the list instead of the specified repository allowing administrators to choose a potentially faster mirror. Only image pull specifications that have an image digest will have this behavior applied to them - tags will continue to be pulled from the specified repository in the pull spec. 
- Each “source” repository is treated independently; configurations for different “source” repositories don’t interact. 
- When multiple policies are defined for the same “source” repository, the sets of defined mirrors will be merged together, preserving the relative order of the mirrors, if possible. For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the mirrors will be used in the order `a, b, c, d, e`.  If the orders of mirror entries conflict (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified.
+repositoryDigestMirrors allows images referenced by image digests in pods to be
+pulled from alternative mirrored repository locations. The image pull specification
+provided to the pod will be compared to the source locations described in RepositoryDigestMirrors
+and the image may be pulled down from any of the mirrors in the list instead of the
+specified repository allowing administrators to choose a potentially faster mirror.
+Only image pull specifications that have an image digest will have this behavior applied
+to them - tags will continue to be pulled from the specified repository in the pull spec.
+
+Each “source” repository is treated independently; configurations for different “source”
+repositories don’t interact.
+
+When multiple policies are defined for the same “source” repository, the sets of defined
+mirrors will be merged together, preserving the relative order of the mirrors, if possible.
+For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the
+mirrors will be used in the order `a, b, c, d, e`.  If the orders of mirror entries conflict
+(e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified.
 --
 
 Type::
@@ -92,7 +121,8 @@ Type::
 Description::
 +
 --
-RepositoryDigestMirrors holds cluster-wide information about how to handle mirros in the registries config. Note: the mirrors only work when pulling the images that are referenced by their digests.
+RepositoryDigestMirrors holds cluster-wide information about how to handle mirros in the registries config.
+Note: the mirrors only work when pulling the images that are referenced by their digests.
 --
 
 Type::
@@ -109,7 +139,12 @@ Required::
 
 | `mirrors`
 | `array (string)`
-| mirrors is one or more repositories that may also contain the same images. The order of mirrors in this list is treated as the user's desired priority, while source is by default considered lower priority than all mirrors. Other cluster configuration, including (but not limited to) other repositoryDigestMirrors objects, may impact the exact order mirrors are contacted in, or some mirrors may be contacted in parallel, so this should be considered a preference rather than a guarantee of ordering.
+| mirrors is one or more repositories that may also contain the same images.
+The order of mirrors in this list is treated as the user's desired priority, while source
+is by default considered lower priority than all mirrors. Other cluster configuration,
+including (but not limited to) other repositoryDigestMirrors objects,
+may impact the exact order mirrors are contacted in, or some mirrors may be contacted
+in parallel, so this should be considered a preference rather than a guarantee of ordering.
 
 | `source`
 | `string`
diff --git a/rest_api/operator_apis/ingresscontroller-operator-openshift-io-v1.adoc b/rest_api/operator_apis/ingresscontroller-operator-openshift-io-v1.adoc
index d3bfdc04cb..bbe8210a84 100644
--- a/rest_api/operator_apis/ingresscontroller-operator-openshift-io-v1.adoc
+++ b/rest_api/operator_apis/ingresscontroller-operator-openshift-io-v1.adoc
@@ -11,11 +11,21 @@ toc::[]
 Description::
 +
 --
-IngressController describes a managed ingress controller for the cluster. The controller can service OpenShift Route and Kubernetes Ingress resources. 
- When an IngressController is created, a new ingress controller deployment is created to allow external traffic to reach the services that expose Ingress or Route resources. Updating this resource may lead to disruption for public facing network connections as a new ingress controller revision may be rolled out. 
- https://kubernetes.io/docs/concepts/services-networking/ingress-controllers 
- Whenever possible, sensible defaults for the platform are used. See each field for more details. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+IngressController describes a managed ingress controller for the cluster. The
+controller can service OpenShift Route and Kubernetes Ingress resources.
+
+When an IngressController is created, a new ingress controller deployment is
+created to allow external traffic to reach the services that expose Ingress
+or Route resources. Updating this resource may lead to disruption for public
+facing network connections as a new ingress controller revision may be rolled
+out.
+
+https://kubernetes.io/docs/concepts/services-networking/ingress-controllers
+
+Whenever possible, sensible defaults for the platform are used. See each
+field for more details.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -69,103 +79,202 @@ Type::
 
 | `clientTLS`
 | `object`
-| clientTLS specifies settings for requesting and verifying client certificates, which can be used to enable mutual TLS for edge-terminated and reencrypt routes.
+| clientTLS specifies settings for requesting and verifying client
+certificates, which can be used to enable mutual TLS for
+edge-terminated and reencrypt routes.
 
 | `defaultCertificate`
 | `object`
-| defaultCertificate is a reference to a secret containing the default certificate served by the ingress controller. When Routes don't specify their own certificate, defaultCertificate is used. 
- The secret must contain the following keys and data: 
- tls.crt: certificate file contents tls.key: key file contents 
- If unset, a wildcard certificate is automatically generated and used. The certificate is valid for the ingress controller domain (and subdomains) and the generated certificate's CA will be automatically integrated with the cluster's trust store. 
- If a wildcard certificate is used and shared by multiple HTTP/2 enabled routes (which implies ALPN) then clients (i.e., notably browsers) are at liberty to reuse open connections. This means a client can reuse a connection to another route and that is likely to fail. This behaviour is generally known as connection coalescing. 
- The in-use certificate (whether generated or user-specified) will be automatically integrated with OpenShift's built-in OAuth server.
+| defaultCertificate is a reference to a secret containing the default
+certificate served by the ingress controller. When Routes don't specify
+their own certificate, defaultCertificate is used.
+
+The secret must contain the following keys and data:
+
+  tls.crt: certificate file contents
+  tls.key: key file contents
+
+If unset, a wildcard certificate is automatically generated and used. The
+certificate is valid for the ingress controller domain (and subdomains) and
+the generated certificate's CA will be automatically integrated with the
+cluster's trust store.
+
+If a wildcard certificate is used and shared by multiple
+HTTP/2 enabled routes (which implies ALPN) then clients
+(i.e., notably browsers) are at liberty to reuse open
+connections. This means a client can reuse a connection to
+another route and that is likely to fail. This behaviour is
+generally known as connection coalescing.
+
+The in-use certificate (whether generated or user-specified) will be
+automatically integrated with OpenShift's built-in OAuth server.
 
 | `domain`
 | `string`
-| domain is a DNS name serviced by the ingress controller and is used to configure multiple features: 
- * For the LoadBalancerService endpoint publishing strategy, domain is used to configure DNS records. See endpointPublishingStrategy. 
- * When using a generated default certificate, the certificate will be valid for domain and its subdomains. See defaultCertificate. 
- * The value is published to individual Route statuses so that end-users know where to target external DNS records. 
- domain must be unique among all IngressControllers, and cannot be updated. 
- If empty, defaults to ingress.config.openshift.io/cluster .spec.domain.
+| domain is a DNS name serviced by the ingress controller and is used to
+configure multiple features:
+
+* For the LoadBalancerService endpoint publishing strategy, domain is
+  used to configure DNS records. See endpointPublishingStrategy.
+
+* When using a generated default certificate, the certificate will be valid
+  for domain and its subdomains. See defaultCertificate.
+
+* The value is published to individual Route statuses so that end-users
+  know where to target external DNS records.
+
+domain must be unique among all IngressControllers, and cannot be
+updated.
+
+If empty, defaults to ingress.config.openshift.io/cluster .spec.domain.
 
 | `endpointPublishingStrategy`
 | `object`
-| endpointPublishingStrategy is used to publish the ingress controller endpoints to other networks, enable load balancer integrations, etc. 
- If unset, the default is based on infrastructure.config.openshift.io/cluster .status.platform: 
- AWS:          LoadBalancerService (with External scope) Azure:        LoadBalancerService (with External scope) GCP:          LoadBalancerService (with External scope) IBMCloud:     LoadBalancerService (with External scope) AlibabaCloud: LoadBalancerService (with External scope) Libvirt:      HostNetwork 
- Any other platform types (including None) default to HostNetwork. 
- endpointPublishingStrategy cannot be updated.
+| endpointPublishingStrategy is used to publish the ingress controller
+endpoints to other networks, enable load balancer integrations, etc.
+
+If unset, the default is based on
+infrastructure.config.openshift.io/cluster .status.platform:
+
+  AWS:          LoadBalancerService (with External scope)
+  Azure:        LoadBalancerService (with External scope)
+  GCP:          LoadBalancerService (with External scope)
+  IBMCloud:     LoadBalancerService (with External scope)
+  AlibabaCloud: LoadBalancerService (with External scope)
+  Libvirt:      HostNetwork
+
+Any other platform types (including None) default to HostNetwork.
+
+endpointPublishingStrategy cannot be updated.
 
 | `httpCompression`
 | `object`
-| httpCompression defines a policy for HTTP traffic compression. By default, there is no HTTP compression.
+| httpCompression defines a policy for HTTP traffic compression.
+By default, there is no HTTP compression.
 
 | `httpEmptyRequestsPolicy`
 | `string`
-| httpEmptyRequestsPolicy describes how HTTP connections should be handled if the connection times out before a request is received. Allowed values for this field are "Respond" and "Ignore".  If the field is set to "Respond", the ingress controller sends an HTTP 400 or 408 response, logs the connection (if access logging is enabled), and counts the connection in the appropriate metrics.  If the field is set to "Ignore", the ingress controller closes the connection without sending a response, logging the connection, or incrementing metrics.  The default value is "Respond". 
- Typically, these connections come from load balancers' health probes or Web browsers' speculative connections ("preconnect") and can be safely ignored.  However, these requests may also be caused by network errors, and so setting this field to "Ignore" may impede detection and diagnosis of problems.  In addition, these requests may be caused by port scans, in which case logging empty requests may aid in detecting intrusion attempts.
+| httpEmptyRequestsPolicy describes how HTTP connections should be
+handled if the connection times out before a request is received.
+Allowed values for this field are "Respond" and "Ignore".  If the
+field is set to "Respond", the ingress controller sends an HTTP 400
+or 408 response, logs the connection (if access logging is enabled),
+and counts the connection in the appropriate metrics.  If the field
+is set to "Ignore", the ingress controller closes the connection
+without sending a response, logging the connection, or incrementing
+metrics.  The default value is "Respond".
+
+Typically, these connections come from load balancers' health probes
+or Web browsers' speculative connections ("preconnect") and can be
+safely ignored.  However, these requests may also be caused by
+network errors, and so setting this field to "Ignore" may impede
+detection and diagnosis of problems.  In addition, these requests may
+be caused by port scans, in which case logging empty requests may aid
+in detecting intrusion attempts.
 
 | `httpErrorCodePages`
 | `object`
-| httpErrorCodePages specifies a configmap with custom error pages. The administrator must create this configmap in the openshift-config namespace. This configmap should have keys in the format "error-page-<error code>.http", where <error code> is an HTTP error code. For example, "error-page-503.http" defines an error page for HTTP 503 responses. Currently only error pages for 503 and 404 responses can be customized. Each value in the configmap should be the full response, including HTTP headers. Eg- https://raw.githubusercontent.com/openshift/router/fadab45747a9b30cc3f0a4b41ad2871f95827a93/images/router/haproxy/conf/error-page-503.http If this field is empty, the ingress controller uses the default error pages.
+| httpErrorCodePages specifies a configmap with custom error pages.
+The administrator must create this configmap in the openshift-config namespace.
+This configmap should have keys in the format "error-page-<error code>.http",
+where <error code> is an HTTP error code.
+For example, "error-page-503.http" defines an error page for HTTP 503 responses.
+Currently only error pages for 503 and 404 responses can be customized.
+Each value in the configmap should be the full response, including HTTP headers.
+Eg- https://raw.githubusercontent.com/openshift/router/fadab45747a9b30cc3f0a4b41ad2871f95827a93/images/router/haproxy/conf/error-page-503.http
+If this field is empty, the ingress controller uses the default error pages.
 
 | `httpHeaders`
 | `object`
-| httpHeaders defines policy for HTTP headers. 
- If this field is empty, the default values are used.
+| httpHeaders defines policy for HTTP headers.
+
+If this field is empty, the default values are used.
 
 | `logging`
 | `object`
-| logging defines parameters for what should be logged where.  If this field is empty, operational logs are enabled but access logs are disabled.
+| logging defines parameters for what should be logged where.  If this
+field is empty, operational logs are enabled but access logs are
+disabled.
 
 | `namespaceSelector`
 | `object`
-| namespaceSelector is used to filter the set of namespaces serviced by the ingress controller. This is useful for implementing shards. 
- If unset, the default is no filtering.
+| namespaceSelector is used to filter the set of namespaces serviced by the
+ingress controller. This is useful for implementing shards.
+
+If unset, the default is no filtering.
 
 | `nodePlacement`
 | `object`
-| nodePlacement enables explicit control over the scheduling of the ingress controller. 
- If unset, defaults are used. See NodePlacement for more details.
+| nodePlacement enables explicit control over the scheduling of the ingress
+controller.
+
+If unset, defaults are used. See NodePlacement for more details.
 
 | `replicas`
 | `integer`
-| replicas is the desired number of ingress controller replicas. If unset, the default depends on the value of the defaultPlacement field in the cluster config.openshift.io/v1/ingresses status. 
- The value of replicas is set based on the value of a chosen field in the Infrastructure CR. If defaultPlacement is set to ControlPlane, the chosen field will be controlPlaneTopology. If it is set to Workers the chosen field will be infrastructureTopology. Replicas will then be set to 1 or 2 based whether the chosen field's value is SingleReplica or HighlyAvailable, respectively. 
- These defaults are subject to change.
+| replicas is the desired number of ingress controller replicas. If unset,
+the default depends on the value of the defaultPlacement field in the
+cluster config.openshift.io/v1/ingresses status.
+
+The value of replicas is set based on the value of a chosen field in the
+Infrastructure CR. If defaultPlacement is set to ControlPlane, the
+chosen field will be controlPlaneTopology. If it is set to Workers the
+chosen field will be infrastructureTopology. Replicas will then be set to 1
+or 2 based whether the chosen field's value is SingleReplica or
+HighlyAvailable, respectively.
+
+These defaults are subject to change.
 
 | `routeAdmission`
 | `object`
-| routeAdmission defines a policy for handling new route claims (for example, to allow or deny claims across namespaces). 
- If empty, defaults will be applied. See specific routeAdmission fields for details about their defaults.
+| routeAdmission defines a policy for handling new route claims (for example,
+to allow or deny claims across namespaces).
+
+If empty, defaults will be applied. See specific routeAdmission fields
+for details about their defaults.
 
 | `routeSelector`
 | `object`
-| routeSelector is used to filter the set of Routes serviced by the ingress controller. This is useful for implementing shards. 
- If unset, the default is no filtering.
+| routeSelector is used to filter the set of Routes serviced by the ingress
+controller. This is useful for implementing shards.
+
+If unset, the default is no filtering.
 
 | `tlsSecurityProfile`
 | `object`
-| tlsSecurityProfile specifies settings for TLS connections for ingresscontrollers. 
- If unset, the default is based on the apiservers.config.openshift.io/cluster resource. 
- Note that when using the Old, Intermediate, and Modern profile types, the effective profile configuration is subject to change between releases. For example, given a specification to use the Intermediate profile deployed on release X.Y.Z, an upgrade to release X.Y.Z+1 may cause a new profile configuration to be applied to the ingress controller, resulting in a rollout.
+| tlsSecurityProfile specifies settings for TLS connections for ingresscontrollers.
+
+If unset, the default is based on the apiservers.config.openshift.io/cluster resource.
+
+Note that when using the Old, Intermediate, and Modern profile types, the effective
+profile configuration is subject to change between releases. For example, given
+a specification to use the Intermediate profile deployed on release X.Y.Z, an upgrade
+to release X.Y.Z+1 may cause a new profile configuration to be applied to the ingress
+controller, resulting in a rollout.
 
 | `tuningOptions`
 | `object`
-| tuningOptions defines parameters for adjusting the performance of ingress controller pods. All fields are optional and will use their respective defaults if not set. See specific tuningOptions fields for more details. 
- Setting fields within tuningOptions is generally not recommended. The default values are suitable for most configurations.
+| tuningOptions defines parameters for adjusting the performance of
+ingress controller pods. All fields are optional and will use their
+respective defaults if not set. See specific tuningOptions fields for
+more details.
+
+Setting fields within tuningOptions is generally not recommended. The
+default values are suitable for most configurations.
 
 | `unsupportedConfigOverrides`
 | ``
-| unsupportedConfigOverrides allows specifying unsupported configuration options.  Its use is unsupported.
+| unsupportedConfigOverrides allows specifying unsupported
+configuration options.  Its use is unsupported.
 
 |===
 === .spec.clientTLS
 Description::
 +
 --
-clientTLS specifies settings for requesting and verifying client certificates, which can be used to enable mutual TLS for edge-terminated and reencrypt routes.
+clientTLS specifies settings for requesting and verifying client
+certificates, which can be used to enable mutual TLS for
+edge-terminated and reencrypt routes.
 --
 
 Type::
@@ -183,23 +292,40 @@ Required::
 
 | `allowedSubjectPatterns`
 | `array (string)`
-| allowedSubjectPatterns specifies a list of regular expressions that should be matched against the distinguished name on a valid client certificate to filter requests.  The regular expressions must use PCRE syntax.  If this list is empty, no filtering is performed.  If the list is nonempty, then at least one pattern must match a client certificate's distinguished name or else the ingress controller rejects the certificate and denies the connection.
+| allowedSubjectPatterns specifies a list of regular expressions that
+should be matched against the distinguished name on a valid client
+certificate to filter requests.  The regular expressions must use
+PCRE syntax.  If this list is empty, no filtering is performed.  If
+the list is nonempty, then at least one pattern must match a client
+certificate's distinguished name or else the ingress controller
+rejects the certificate and denies the connection.
 
 | `clientCA`
 | `object`
-| clientCA specifies a configmap containing the PEM-encoded CA certificate bundle that should be used to verify a client's certificate.  The administrator must create this configmap in the openshift-config namespace.
+| clientCA specifies a configmap containing the PEM-encoded CA
+certificate bundle that should be used to verify a client's
+certificate.  The administrator must create this configmap in the
+openshift-config namespace.
 
 | `clientCertificatePolicy`
 | `string`
-| clientCertificatePolicy specifies whether the ingress controller requires clients to provide certificates.  This field accepts the values "Required" or "Optional". 
- Note that the ingress controller only checks client certificates for edge-terminated and reencrypt TLS routes; it cannot check certificates for cleartext HTTP or passthrough TLS routes.
+| clientCertificatePolicy specifies whether the ingress controller
+requires clients to provide certificates.  This field accepts the
+values "Required" or "Optional".
+
+Note that the ingress controller only checks client certificates for
+edge-terminated and reencrypt TLS routes; it cannot check
+certificates for cleartext HTTP or passthrough TLS routes.
 
 |===
 === .spec.clientTLS.clientCA
 Description::
 +
 --
-clientCA specifies a configmap containing the PEM-encoded CA certificate bundle that should be used to verify a client's certificate.  The administrator must create this configmap in the openshift-config namespace.
+clientCA specifies a configmap containing the PEM-encoded CA
+certificate bundle that should be used to verify a client's
+certificate.  The administrator must create this configmap in the
+openshift-config namespace.
 --
 
 Type::
@@ -223,12 +349,29 @@ Required::
 Description::
 +
 --
-defaultCertificate is a reference to a secret containing the default certificate served by the ingress controller. When Routes don't specify their own certificate, defaultCertificate is used. 
- The secret must contain the following keys and data: 
- tls.crt: certificate file contents tls.key: key file contents 
- If unset, a wildcard certificate is automatically generated and used. The certificate is valid for the ingress controller domain (and subdomains) and the generated certificate's CA will be automatically integrated with the cluster's trust store. 
- If a wildcard certificate is used and shared by multiple HTTP/2 enabled routes (which implies ALPN) then clients (i.e., notably browsers) are at liberty to reuse open connections. This means a client can reuse a connection to another route and that is likely to fail. This behaviour is generally known as connection coalescing. 
- The in-use certificate (whether generated or user-specified) will be automatically integrated with OpenShift's built-in OAuth server.
+defaultCertificate is a reference to a secret containing the default
+certificate served by the ingress controller. When Routes don't specify
+their own certificate, defaultCertificate is used.
+
+The secret must contain the following keys and data:
+
+  tls.crt: certificate file contents
+  tls.key: key file contents
+
+If unset, a wildcard certificate is automatically generated and used. The
+certificate is valid for the ingress controller domain (and subdomains) and
+the generated certificate's CA will be automatically integrated with the
+cluster's trust store.
+
+If a wildcard certificate is used and shared by multiple
+HTTP/2 enabled routes (which implies ALPN) then clients
+(i.e., notably browsers) are at liberty to reuse open
+connections. This means a client can reuse a connection to
+another route and that is likely to fail. This behaviour is
+generally known as connection coalescing.
+
+The in-use certificate (whether generated or user-specified) will be
+automatically integrated with OpenShift's built-in OAuth server.
 --
 
 Type::
@@ -243,18 +386,33 @@ Type::
 
 | `name`
 | `string`
-| Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+| Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 
 |===
 === .spec.endpointPublishingStrategy
 Description::
 +
 --
-endpointPublishingStrategy is used to publish the ingress controller endpoints to other networks, enable load balancer integrations, etc. 
- If unset, the default is based on infrastructure.config.openshift.io/cluster .status.platform: 
- AWS:          LoadBalancerService (with External scope) Azure:        LoadBalancerService (with External scope) GCP:          LoadBalancerService (with External scope) IBMCloud:     LoadBalancerService (with External scope) AlibabaCloud: LoadBalancerService (with External scope) Libvirt:      HostNetwork 
- Any other platform types (including None) default to HostNetwork. 
- endpointPublishingStrategy cannot be updated.
+endpointPublishingStrategy is used to publish the ingress controller
+endpoints to other networks, enable load balancer integrations, etc.
+
+If unset, the default is based on
+infrastructure.config.openshift.io/cluster .status.platform:
+
+  AWS:          LoadBalancerService (with External scope)
+  Azure:        LoadBalancerService (with External scope)
+  GCP:          LoadBalancerService (with External scope)
+  IBMCloud:     LoadBalancerService (with External scope)
+  AlibabaCloud: LoadBalancerService (with External scope)
+  Libvirt:      HostNetwork
+
+Any other platform types (including None) default to HostNetwork.
+
+endpointPublishingStrategy cannot be updated.
 --
 
 Type::
@@ -271,45 +429,80 @@ Required::
 
 | `hostNetwork`
 | `object`
-| hostNetwork holds parameters for the HostNetwork endpoint publishing strategy. Present only if type is HostNetwork.
+| hostNetwork holds parameters for the HostNetwork endpoint publishing
+strategy. Present only if type is HostNetwork.
 
 | `loadBalancer`
 | `object`
-| loadBalancer holds parameters for the load balancer. Present only if type is LoadBalancerService.
+| loadBalancer holds parameters for the load balancer. Present only if
+type is LoadBalancerService.
 
 | `nodePort`
 | `object`
-| nodePort holds parameters for the NodePortService endpoint publishing strategy. Present only if type is NodePortService.
+| nodePort holds parameters for the NodePortService endpoint publishing strategy.
+Present only if type is NodePortService.
 
 | `private`
 | `object`
-| private holds parameters for the Private endpoint publishing strategy. Present only if type is Private.
+| private holds parameters for the Private endpoint publishing
+strategy. Present only if type is Private.
 
 | `type`
 | `string`
-| type is the publishing strategy to use. Valid values are: 
- * LoadBalancerService 
- Publishes the ingress controller using a Kubernetes LoadBalancer Service. 
- In this configuration, the ingress controller deployment uses container networking. A LoadBalancer Service is created to publish the deployment. 
- See: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer 
- If domain is set, a wildcard DNS record will be managed to point at the LoadBalancer Service's external name. DNS records are managed only in DNS zones defined by dns.config.openshift.io/cluster .spec.publicZone and .spec.privateZone. 
- Wildcard DNS management is currently supported only on the AWS, Azure, and GCP platforms. 
- * HostNetwork 
- Publishes the ingress controller on node ports where the ingress controller is deployed. 
- In this configuration, the ingress controller deployment uses host networking, bound to node ports 80 and 443. The user is responsible for configuring an external load balancer to publish the ingress controller via the node ports. 
- * Private 
- Does not publish the ingress controller. 
- In this configuration, the ingress controller deployment uses container networking, and is not explicitly published. The user must manually publish the ingress controller. 
- * NodePortService 
- Publishes the ingress controller using a Kubernetes NodePort Service. 
- In this configuration, the ingress controller deployment uses container networking. A NodePort Service is created to publish the deployment. The specific node ports are dynamically allocated by OpenShift; however, to support static port allocations, user changes to the node port field of the managed NodePort Service will preserved.
+| type is the publishing strategy to use. Valid values are:
+
+* LoadBalancerService
+
+Publishes the ingress controller using a Kubernetes LoadBalancer Service.
+
+In this configuration, the ingress controller deployment uses container
+networking. A LoadBalancer Service is created to publish the deployment.
+
+See: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer
+
+If domain is set, a wildcard DNS record will be managed to point at the
+LoadBalancer Service's external name. DNS records are managed only in DNS
+zones defined by dns.config.openshift.io/cluster .spec.publicZone and
+.spec.privateZone.
+
+Wildcard DNS management is currently supported only on the AWS, Azure,
+and GCP platforms.
+
+* HostNetwork
+
+Publishes the ingress controller on node ports where the ingress controller
+is deployed.
+
+In this configuration, the ingress controller deployment uses host
+networking, bound to node ports 80 and 443. The user is responsible for
+configuring an external load balancer to publish the ingress controller via
+the node ports.
+
+* Private
+
+Does not publish the ingress controller.
+
+In this configuration, the ingress controller deployment uses container
+networking, and is not explicitly published. The user must manually publish
+the ingress controller.
+
+* NodePortService
+
+Publishes the ingress controller using a Kubernetes NodePort Service.
+
+In this configuration, the ingress controller deployment uses container
+networking. A NodePort Service is created to publish the deployment. The
+specific node ports are dynamically allocated by OpenShift; however, to
+support static port allocations, user changes to the node port
+field of the managed NodePort Service will preserved.
 
 |===
 === .spec.endpointPublishingStrategy.hostNetwork
 Description::
 +
 --
-hostNetwork holds parameters for the HostNetwork endpoint publishing strategy. Present only if type is HostNetwork.
+hostNetwork holds parameters for the HostNetwork endpoint publishing
+strategy. Present only if type is HostNetwork.
 --
 
 Type::
@@ -324,30 +517,69 @@ Type::
 
 | `httpPort`
 | `integer`
-| httpPort is the port on the host which should be used to listen for HTTP requests. This field should be set when port 80 is already in use. The value should not coincide with the NodePort range of the cluster. When the value is 0 or is not specified it defaults to 80.
+| httpPort is the port on the host which should be used to listen for
+HTTP requests. This field should be set when port 80 is already in use.
+The value should not coincide with the NodePort range of the cluster.
+When the value is 0 or is not specified it defaults to 80.
 
 | `httpsPort`
 | `integer`
-| httpsPort is the port on the host which should be used to listen for HTTPS requests. This field should be set when port 443 is already in use. The value should not coincide with the NodePort range of the cluster. When the value is 0 or is not specified it defaults to 443.
+| httpsPort is the port on the host which should be used to listen for
+HTTPS requests. This field should be set when port 443 is already in use.
+The value should not coincide with the NodePort range of the cluster.
+When the value is 0 or is not specified it defaults to 443.
 
 | `protocol`
 | `string`
-| protocol specifies whether the IngressController expects incoming connections to use plain TCP or whether the IngressController expects PROXY protocol. 
- PROXY protocol can be used with load balancers that support it to communicate the source addresses of client connections when forwarding those connections to the IngressController.  Using PROXY protocol enables the IngressController to report those source addresses instead of reporting the load balancer's address in HTTP headers and logs.  Note that enabling PROXY protocol on the IngressController will cause connections to fail if you are not using a load balancer that uses PROXY protocol to forward connections to the IngressController.  See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for information about PROXY protocol. 
- The following values are valid for this field: 
- * The empty string. * "TCP". * "PROXY". 
- The empty string specifies the default, which is TCP without PROXY protocol.  Note that the default is subject to change.
+| protocol specifies whether the IngressController expects incoming
+connections to use plain TCP or whether the IngressController expects
+PROXY protocol.
+
+PROXY protocol can be used with load balancers that support it to
+communicate the source addresses of client connections when
+forwarding those connections to the IngressController.  Using PROXY
+protocol enables the IngressController to report those source
+addresses instead of reporting the load balancer's address in HTTP
+headers and logs.  Note that enabling PROXY protocol on the
+IngressController will cause connections to fail if you are not using
+a load balancer that uses PROXY protocol to forward connections to
+the IngressController.  See
+http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for
+information about PROXY protocol.
+
+The following values are valid for this field:
+
+* The empty string.
+* "TCP".
+* "PROXY".
+
+The empty string specifies the default, which is TCP without PROXY
+protocol.  Note that the default is subject to change.
 
 | `statsPort`
 | `integer`
-| statsPort is the port on the host where the stats from the router are published. The value should not coincide with the NodePort range of the cluster. If an external load balancer is configured to forward connections to this IngressController, the load balancer should use this port for health checks. The load balancer can send HTTP probes on this port on a given node, with the path /healthz/ready to determine if the ingress controller is ready to receive traffic on the node. For proper operation the load balancer must not forward traffic to a node until the health check reports ready. The load balancer should also stop forwarding requests within a maximum of 45 seconds after /healthz/ready starts reporting not-ready. Probing every 5 to 10 seconds, with a 5-second timeout and with a threshold of two successful or failed requests to become healthy or unhealthy respectively, are well-tested values. When the value is 0 or is not specified it defaults to 1936.
+| statsPort is the port on the host where the stats from the router are
+published. The value should not coincide with the NodePort range of the
+cluster. If an external load balancer is configured to forward connections
+to this IngressController, the load balancer should use this port for
+health checks. The load balancer can send HTTP probes on this port on a
+given node, with the path /healthz/ready to determine if the ingress
+controller is ready to receive traffic on the node. For proper operation
+the load balancer must not forward traffic to a node until the health
+check reports ready. The load balancer should also stop forwarding requests
+within a maximum of 45 seconds after /healthz/ready starts reporting
+not-ready. Probing every 5 to 10 seconds, with a 5-second timeout and with
+a threshold of two successful or failed requests to become healthy or
+unhealthy respectively, are well-tested values. When the value is 0 or
+is not specified it defaults to 1936.
 
 |===
 === .spec.endpointPublishingStrategy.loadBalancer
 Description::
 +
 --
-loadBalancer holds parameters for the load balancer. Present only if type is LoadBalancerService.
+loadBalancer holds parameters for the load balancer. Present only if
+type is LoadBalancerService.
 --
 
 Type::
@@ -365,29 +597,49 @@ Required::
 
 | `allowedSourceRanges`
 | ``
-| allowedSourceRanges specifies an allowlist of IP address ranges to which access to the load balancer should be restricted.  Each range must be specified using CIDR notation (e.g. "10.0.0.0/8" or "fd00::/8"). If no range is specified, "0.0.0.0/0" for IPv4 and "::/0" for IPv6 are used by default, which allows all source addresses. 
- To facilitate migration from earlier versions of OpenShift that did not have the allowedSourceRanges field, you may set the service.beta.kubernetes.io/load-balancer-source-ranges annotation on the "router-<ingresscontroller name>" service in the "openshift-ingress" namespace, and this annotation will take effect if allowedSourceRanges is empty on OpenShift 4.12.
+| allowedSourceRanges specifies an allowlist of IP address ranges to which
+access to the load balancer should be restricted.  Each range must be
+specified using CIDR notation (e.g. "10.0.0.0/8" or "fd00::/8"). If no range is
+specified, "0.0.0.0/0" for IPv4 and "::/0" for IPv6 are used by default,
+which allows all source addresses.
+
+To facilitate migration from earlier versions of OpenShift that did
+not have the allowedSourceRanges field, you may set the
+service.beta.kubernetes.io/load-balancer-source-ranges annotation on
+the "router-<ingresscontroller name>" service in the
+"openshift-ingress" namespace, and this annotation will take
+effect if allowedSourceRanges is empty on OpenShift 4.12.
 
 | `dnsManagementPolicy`
 | `string`
-| dnsManagementPolicy indicates if the lifecycle of the wildcard DNS record associated with the load balancer service will be managed by the ingress operator. It defaults to Managed. Valid values are: Managed and Unmanaged.
+| dnsManagementPolicy indicates if the lifecycle of the wildcard DNS record
+associated with the load balancer service will be managed by
+the ingress operator. It defaults to Managed.
+Valid values are: Managed and Unmanaged.
 
 | `providerParameters`
 | `object`
-| providerParameters holds desired load balancer information specific to the underlying infrastructure provider. 
- If empty, defaults will be applied. See specific providerParameters fields for details about their defaults.
+| providerParameters holds desired load balancer information specific to
+the underlying infrastructure provider.
+
+If empty, defaults will be applied. See specific providerParameters
+fields for details about their defaults.
 
 | `scope`
 | `string`
-| scope indicates the scope at which the load balancer is exposed. Possible values are "External" and "Internal".
+| scope indicates the scope at which the load balancer is exposed.
+Possible values are "External" and "Internal".
 
 |===
 === .spec.endpointPublishingStrategy.loadBalancer.providerParameters
 Description::
 +
 --
-providerParameters holds desired load balancer information specific to the underlying infrastructure provider. 
- If empty, defaults will be applied. See specific providerParameters fields for details about their defaults.
+providerParameters holds desired load balancer information specific to
+the underlying infrastructure provider.
+
+If empty, defaults will be applied. See specific providerParameters
+fields for details about their defaults.
 --
 
 Type::
@@ -404,30 +656,52 @@ Required::
 
 | `aws`
 | `object`
-| aws provides configuration settings that are specific to AWS load balancers. 
- If empty, defaults will be applied. See specific aws fields for details about their defaults.
+| aws provides configuration settings that are specific to AWS
+load balancers.
+
+If empty, defaults will be applied. See specific aws fields for
+details about their defaults.
 
 | `gcp`
 | `object`
-| gcp provides configuration settings that are specific to GCP load balancers. 
- If empty, defaults will be applied. See specific gcp fields for details about their defaults.
+| gcp provides configuration settings that are specific to GCP
+load balancers.
+
+If empty, defaults will be applied. See specific gcp fields for
+details about their defaults.
 
 | `ibm`
 | `object`
-| ibm provides configuration settings that are specific to IBM Cloud load balancers. 
- If empty, defaults will be applied. See specific ibm fields for details about their defaults.
+| ibm provides configuration settings that are specific to IBM Cloud
+load balancers.
+
+If empty, defaults will be applied. See specific ibm fields for
+details about their defaults.
+
+| `openstack`
+| `object`
+| openstack provides configuration settings that are specific to OpenStack
+load balancers.
+
+If empty, defaults will be applied. See specific openstack fields for
+details about their defaults.
 
 | `type`
 | `string`
-| type is the underlying infrastructure provider for the load balancer. Allowed values are "AWS", "Azure", "BareMetal", "GCP", "IBM", "Nutanix", "OpenStack", and "VSphere".
+| type is the underlying infrastructure provider for the load balancer.
+Allowed values are "AWS", "Azure", "BareMetal", "GCP", "IBM", "Nutanix",
+"OpenStack", and "VSphere".
 
 |===
 === .spec.endpointPublishingStrategy.loadBalancer.providerParameters.aws
 Description::
 +
 --
-aws provides configuration settings that are specific to AWS load balancers. 
- If empty, defaults will be applied. See specific aws fields for details about their defaults.
+aws provides configuration settings that are specific to AWS
+load balancers.
+
+If empty, defaults will be applied. See specific aws fields for
+details about their defaults.
 --
 
 Type::
@@ -444,27 +718,38 @@ Required::
 
 | `classicLoadBalancer`
 | `object`
-| classicLoadBalancerParameters holds configuration parameters for an AWS classic load balancer. Present only if type is Classic.
+| classicLoadBalancerParameters holds configuration parameters for an AWS
+classic load balancer. Present only if type is Classic.
 
 | `networkLoadBalancer`
 | `object`
-| networkLoadBalancerParameters holds configuration parameters for an AWS network load balancer. Present only if type is NLB.
+| networkLoadBalancerParameters holds configuration parameters for an AWS
+network load balancer. Present only if type is NLB.
 
 | `type`
 | `string`
-| type is the type of AWS load balancer to instantiate for an ingresscontroller. 
- Valid values are: 
- * "Classic": A Classic Load Balancer that makes routing decisions at either the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). See the following for additional details: 
- https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb 
- * "NLB": A Network Load Balancer that makes routing decisions at the transport layer (TCP/SSL). See the following for additional details: 
- https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb
+| type is the type of AWS load balancer to instantiate for an ingresscontroller.
+
+Valid values are:
+
+* "Classic": A Classic Load Balancer that makes routing decisions at either
+  the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). See
+  the following for additional details:
+
+    https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb
+
+* "NLB": A Network Load Balancer that makes routing decisions at the
+  transport layer (TCP/SSL). See the following for additional details:
+
+    https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb
 
 |===
 === .spec.endpointPublishingStrategy.loadBalancer.providerParameters.aws.classicLoadBalancer
 Description::
 +
 --
-classicLoadBalancerParameters holds configuration parameters for an AWS classic load balancer. Present only if type is Classic.
+classicLoadBalancerParameters holds configuration parameters for an AWS
+classic load balancer. Present only if type is Classic.
 --
 
 Type::
@@ -479,22 +764,45 @@ Type::
 
 | `connectionIdleTimeout`
 | `string`
-| connectionIdleTimeout specifies the maximum time period that a connection may be idle before the load balancer closes the connection.  The value must be parseable as a time duration value; see <https://pkg.go.dev/time#ParseDuration>.  A nil or zero value means no opinion, in which case a default value is used.  The default value for this field is 60s.  This default is subject to change.
+| connectionIdleTimeout specifies the maximum time period that a
+connection may be idle before the load balancer closes the
+connection.  The value must be parseable as a time duration value;
+see <https://pkg.go.dev/time#ParseDuration>.  A nil or zero value
+means no opinion, in which case a default value is used.  The default
+value for this field is 60s.  This default is subject to change.
 
 | `subnets`
 | `object`
-| subnets specifies the subnets to which the load balancer will attach. The subnets may be specified by either their ID or name. The total number of subnets is limited to 10. 
- In order for the load balancer to be provisioned with subnets, each subnet must exist, each subnet must be from a different availability zone, and the load balancer service must be recreated to pick up new values. 
- When omitted from the spec, the subnets will be auto-discovered for each availability zone. Auto-discovered subnets are not reported in the status of the IngressController object.
+| subnets specifies the subnets to which the load balancer will
+attach. The subnets may be specified by either their
+ID or name. The total number of subnets is limited to 10.
+
+In order for the load balancer to be provisioned with subnets,
+each subnet must exist, each subnet must be from a different
+availability zone, and the load balancer service must be
+recreated to pick up new values.
+
+When omitted from the spec, the subnets will be auto-discovered
+for each availability zone. Auto-discovered subnets are not reported
+in the status of the IngressController object.
 
 |===
 === .spec.endpointPublishingStrategy.loadBalancer.providerParameters.aws.classicLoadBalancer.subnets
 Description::
 +
 --
-subnets specifies the subnets to which the load balancer will attach. The subnets may be specified by either their ID or name. The total number of subnets is limited to 10. 
- In order for the load balancer to be provisioned with subnets, each subnet must exist, each subnet must be from a different availability zone, and the load balancer service must be recreated to pick up new values. 
- When omitted from the spec, the subnets will be auto-discovered for each availability zone. Auto-discovered subnets are not reported in the status of the IngressController object.
+subnets specifies the subnets to which the load balancer will
+attach. The subnets may be specified by either their
+ID or name. The total number of subnets is limited to 10.
+
+In order for the load balancer to be provisioned with subnets,
+each subnet must exist, each subnet must be from a different
+availability zone, and the load balancer service must be
+recreated to pick up new values.
+
+When omitted from the spec, the subnets will be auto-discovered
+for each availability zone. Auto-discovered subnets are not reported
+in the status of the IngressController object.
 --
 
 Type::
@@ -509,18 +817,28 @@ Type::
 
 | `ids`
 | `array (string)`
-| ids specifies a list of AWS subnets by subnet ID. Subnet IDs must start with "subnet-", consist only of alphanumeric characters, must be exactly 24 characters long, must be unique, and the total number of subnets specified by ids and names must not exceed 10.
+| ids specifies a list of AWS subnets by subnet ID.
+Subnet IDs must start with "subnet-", consist only
+of alphanumeric characters, must be exactly 24
+characters long, must be unique, and the total
+number of subnets specified by ids and names
+must not exceed 10.
 
 | `names`
 | `array (string)`
-| names specifies a list of AWS subnets by subnet name. Subnet names must not start with "subnet-", must not include commas, must be under 256 characters in length, must be unique, and the total number of subnets specified by ids and names must not exceed 10.
+| names specifies a list of AWS subnets by subnet name.
+Subnet names must not start with "subnet-", must not
+include commas, must be under 256 characters in length,
+must be unique, and the total number of subnets
+specified by ids and names must not exceed 10.
 
 |===
 === .spec.endpointPublishingStrategy.loadBalancer.providerParameters.aws.networkLoadBalancer
 Description::
 +
 --
-networkLoadBalancerParameters holds configuration parameters for an AWS network load balancer. Present only if type is NLB.
+networkLoadBalancerParameters holds configuration parameters for an AWS
+network load balancer. Present only if type is NLB.
 --
 
 Type::
@@ -535,24 +853,51 @@ Type::
 
 | `eipAllocations`
 | `array (string)`
-| eipAllocations is a list of IDs for Elastic IP (EIP) addresses that are assigned to the Network Load Balancer. The following restrictions apply: 
- eipAllocations can only be used with external scope, not internal. An EIP can be allocated to only a single IngressController. The number of EIP allocations must match the number of subnets that are used for the load balancer. Each EIP allocation must be unique. A maximum of 10 EIP allocations are permitted. 
- See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html for general information about configuration, characteristics, and limitations of Elastic IP addresses.
+| eipAllocations is a list of IDs for Elastic IP (EIP) addresses that
+are assigned to the Network Load Balancer.
+The following restrictions apply:
+
+eipAllocations can only be used with external scope, not internal.
+An EIP can be allocated to only a single IngressController.
+The number of EIP allocations must match the number of subnets that are used for the load balancer.
+Each EIP allocation must be unique.
+A maximum of 10 EIP allocations are permitted.
+
+See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html for general
+information about configuration, characteristics, and limitations of Elastic IP addresses.
 
 | `subnets`
 | `object`
-| subnets specifies the subnets to which the load balancer will attach. The subnets may be specified by either their ID or name. The total number of subnets is limited to 10. 
- In order for the load balancer to be provisioned with subnets, each subnet must exist, each subnet must be from a different availability zone, and the load balancer service must be recreated to pick up new values. 
- When omitted from the spec, the subnets will be auto-discovered for each availability zone. Auto-discovered subnets are not reported in the status of the IngressController object.
+| subnets specifies the subnets to which the load balancer will
+attach. The subnets may be specified by either their
+ID or name. The total number of subnets is limited to 10.
+
+In order for the load balancer to be provisioned with subnets,
+each subnet must exist, each subnet must be from a different
+availability zone, and the load balancer service must be
+recreated to pick up new values.
+
+When omitted from the spec, the subnets will be auto-discovered
+for each availability zone. Auto-discovered subnets are not reported
+in the status of the IngressController object.
 
 |===
 === .spec.endpointPublishingStrategy.loadBalancer.providerParameters.aws.networkLoadBalancer.subnets
 Description::
 +
 --
-subnets specifies the subnets to which the load balancer will attach. The subnets may be specified by either their ID or name. The total number of subnets is limited to 10. 
- In order for the load balancer to be provisioned with subnets, each subnet must exist, each subnet must be from a different availability zone, and the load balancer service must be recreated to pick up new values. 
- When omitted from the spec, the subnets will be auto-discovered for each availability zone. Auto-discovered subnets are not reported in the status of the IngressController object.
+subnets specifies the subnets to which the load balancer will
+attach. The subnets may be specified by either their
+ID or name. The total number of subnets is limited to 10.
+
+In order for the load balancer to be provisioned with subnets,
+each subnet must exist, each subnet must be from a different
+availability zone, and the load balancer service must be
+recreated to pick up new values.
+
+When omitted from the spec, the subnets will be auto-discovered
+for each availability zone. Auto-discovered subnets are not reported
+in the status of the IngressController object.
 --
 
 Type::
@@ -567,19 +912,31 @@ Type::
 
 | `ids`
 | `array (string)`
-| ids specifies a list of AWS subnets by subnet ID. Subnet IDs must start with "subnet-", consist only of alphanumeric characters, must be exactly 24 characters long, must be unique, and the total number of subnets specified by ids and names must not exceed 10.
+| ids specifies a list of AWS subnets by subnet ID.
+Subnet IDs must start with "subnet-", consist only
+of alphanumeric characters, must be exactly 24
+characters long, must be unique, and the total
+number of subnets specified by ids and names
+must not exceed 10.
 
 | `names`
 | `array (string)`
-| names specifies a list of AWS subnets by subnet name. Subnet names must not start with "subnet-", must not include commas, must be under 256 characters in length, must be unique, and the total number of subnets specified by ids and names must not exceed 10.
+| names specifies a list of AWS subnets by subnet name.
+Subnet names must not start with "subnet-", must not
+include commas, must be under 256 characters in length,
+must be unique, and the total number of subnets
+specified by ids and names must not exceed 10.
 
 |===
 === .spec.endpointPublishingStrategy.loadBalancer.providerParameters.gcp
 Description::
 +
 --
-gcp provides configuration settings that are specific to GCP load balancers. 
- If empty, defaults will be applied. See specific gcp fields for details about their defaults.
+gcp provides configuration settings that are specific to GCP
+load balancers.
+
+If empty, defaults will be applied. See specific gcp fields for
+details about their defaults.
 --
 
 Type::
@@ -594,19 +951,32 @@ Type::
 
 | `clientAccess`
 | `string`
-| clientAccess describes how client access is restricted for internal load balancers. 
- Valid values are: * "Global": Specifying an internal load balancer with Global client access allows clients from any region within the VPC to communicate with the load balancer. 
- https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing#global_access 
- * "Local": Specifying an internal load balancer with Local client access means only clients within the same region (and VPC) as the GCP load balancer can communicate with the load balancer. Note that this is the default behavior. 
- https://cloud.google.com/load-balancing/docs/internal#client_access
+| clientAccess describes how client access is restricted for internal
+load balancers.
+
+Valid values are:
+* "Global": Specifying an internal load balancer with Global client access
+  allows clients from any region within the VPC to communicate with the load
+  balancer.
+
+    https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing#global_access
+
+* "Local": Specifying an internal load balancer with Local client access
+  means only clients within the same region (and VPC) as the GCP load balancer
+  can communicate with the load balancer. Note that this is the default behavior.
+
+    https://cloud.google.com/load-balancing/docs/internal#client_access
 
 |===
 === .spec.endpointPublishingStrategy.loadBalancer.providerParameters.ibm
 Description::
 +
 --
-ibm provides configuration settings that are specific to IBM Cloud load balancers. 
- If empty, defaults will be applied. See specific ibm fields for details about their defaults.
+ibm provides configuration settings that are specific to IBM Cloud
+load balancers.
+
+If empty, defaults will be applied. See specific ibm fields for
+details about their defaults.
 --
 
 Type::
@@ -621,16 +991,66 @@ Type::
 
 | `protocol`
 | `string`
-| protocol specifies whether the load balancer uses PROXY protocol to forward connections to the IngressController. See "service.kubernetes.io/ibm-load-balancer-cloud-provider-enable-features: "proxy-protocol"" at https://cloud.ibm.com/docs/containers?topic=containers-vpc-lbaas" 
- PROXY protocol can be used with load balancers that support it to communicate the source addresses of client connections when forwarding those connections to the IngressController.  Using PROXY protocol enables the IngressController to report those source addresses instead of reporting the load balancer's address in HTTP headers and logs.  Note that enabling PROXY protocol on the IngressController will cause connections to fail if you are not using a load balancer that uses PROXY protocol to forward connections to the IngressController.  See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for information about PROXY protocol. 
- Valid values for protocol are TCP, PROXY and omitted. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is TCP, without the proxy protocol enabled.
+| protocol specifies whether the load balancer uses PROXY protocol to forward connections to
+the IngressController. See "service.kubernetes.io/ibm-load-balancer-cloud-provider-enable-features:
+"proxy-protocol"" at https://cloud.ibm.com/docs/containers?topic=containers-vpc-lbaas"
+
+PROXY protocol can be used with load balancers that support it to
+communicate the source addresses of client connections when
+forwarding those connections to the IngressController.  Using PROXY
+protocol enables the IngressController to report those source
+addresses instead of reporting the load balancer's address in HTTP
+headers and logs.  Note that enabling PROXY protocol on the
+IngressController will cause connections to fail if you are not using
+a load balancer that uses PROXY protocol to forward connections to
+the IngressController.  See
+http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for
+information about PROXY protocol.
+
+Valid values for protocol are TCP, PROXY and omitted.
+When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.
+The current default is TCP, without the proxy protocol enabled.
+
+|===
+=== .spec.endpointPublishingStrategy.loadBalancer.providerParameters.openstack
+Description::
++
+--
+openstack provides configuration settings that are specific to OpenStack
+load balancers.
+
+If empty, defaults will be applied. See specific openstack fields for
+details about their defaults.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `floatingIP`
+| `string`
+| floatingIP specifies the IP address that the load balancer will use.
+When not specified, an IP address will be assigned randomly by the OpenStack cloud provider.
+When specified, the floating IP has to be pre-created.  If the
+specified value is not a floating IP or is already claimed, the
+OpenStack cloud provider won't be able to provision the load
+balancer.
+This field may only be used if the IngressController has External scope.
+This value must be a valid IPv4 or IPv6 address.
 
 |===
 === .spec.endpointPublishingStrategy.nodePort
 Description::
 +
 --
-nodePort holds parameters for the NodePortService endpoint publishing strategy. Present only if type is NodePortService.
+nodePort holds parameters for the NodePortService endpoint publishing strategy.
+Present only if type is NodePortService.
 --
 
 Type::
@@ -645,18 +1065,38 @@ Type::
 
 | `protocol`
 | `string`
-| protocol specifies whether the IngressController expects incoming connections to use plain TCP or whether the IngressController expects PROXY protocol. 
- PROXY protocol can be used with load balancers that support it to communicate the source addresses of client connections when forwarding those connections to the IngressController.  Using PROXY protocol enables the IngressController to report those source addresses instead of reporting the load balancer's address in HTTP headers and logs.  Note that enabling PROXY protocol on the IngressController will cause connections to fail if you are not using a load balancer that uses PROXY protocol to forward connections to the IngressController.  See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for information about PROXY protocol. 
- The following values are valid for this field: 
- * The empty string. * "TCP". * "PROXY". 
- The empty string specifies the default, which is TCP without PROXY protocol.  Note that the default is subject to change.
+| protocol specifies whether the IngressController expects incoming
+connections to use plain TCP or whether the IngressController expects
+PROXY protocol.
+
+PROXY protocol can be used with load balancers that support it to
+communicate the source addresses of client connections when
+forwarding those connections to the IngressController.  Using PROXY
+protocol enables the IngressController to report those source
+addresses instead of reporting the load balancer's address in HTTP
+headers and logs.  Note that enabling PROXY protocol on the
+IngressController will cause connections to fail if you are not using
+a load balancer that uses PROXY protocol to forward connections to
+the IngressController.  See
+http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for
+information about PROXY protocol.
+
+The following values are valid for this field:
+
+* The empty string.
+* "TCP".
+* "PROXY".
+
+The empty string specifies the default, which is TCP without PROXY
+protocol.  Note that the default is subject to change.
 
 |===
 === .spec.endpointPublishingStrategy.private
 Description::
 +
 --
-private holds parameters for the Private endpoint publishing strategy. Present only if type is Private.
+private holds parameters for the Private endpoint publishing
+strategy. Present only if type is Private.
 --
 
 Type::
@@ -671,18 +1111,38 @@ Type::
 
 | `protocol`
 | `string`
-| protocol specifies whether the IngressController expects incoming connections to use plain TCP or whether the IngressController expects PROXY protocol. 
- PROXY protocol can be used with load balancers that support it to communicate the source addresses of client connections when forwarding those connections to the IngressController.  Using PROXY protocol enables the IngressController to report those source addresses instead of reporting the load balancer's address in HTTP headers and logs.  Note that enabling PROXY protocol on the IngressController will cause connections to fail if you are not using a load balancer that uses PROXY protocol to forward connections to the IngressController.  See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for information about PROXY protocol. 
- The following values are valid for this field: 
- * The empty string. * "TCP". * "PROXY". 
- The empty string specifies the default, which is TCP without PROXY protocol.  Note that the default is subject to change.
+| protocol specifies whether the IngressController expects incoming
+connections to use plain TCP or whether the IngressController expects
+PROXY protocol.
+
+PROXY protocol can be used with load balancers that support it to
+communicate the source addresses of client connections when
+forwarding those connections to the IngressController.  Using PROXY
+protocol enables the IngressController to report those source
+addresses instead of reporting the load balancer's address in HTTP
+headers and logs.  Note that enabling PROXY protocol on the
+IngressController will cause connections to fail if you are not using
+a load balancer that uses PROXY protocol to forward connections to
+the IngressController.  See
+http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for
+information about PROXY protocol.
+
+The following values are valid for this field:
+
+* The empty string.
+* "TCP".
+* "PROXY".
+
+The empty string specifies the default, which is TCP without PROXY
+protocol.  Note that the default is subject to change.
 
 |===
 === .spec.httpCompression
 Description::
 +
 --
-httpCompression defines a policy for HTTP traffic compression. By default, there is no HTTP compression.
+httpCompression defines a policy for HTTP traffic compression.
+By default, there is no HTTP compression.
 --
 
 Type::
@@ -697,15 +1157,29 @@ Type::
 
 | `mimeTypes`
 | `array (string)`
-| mimeTypes is a list of MIME types that should have compression applied. This list can be empty, in which case the ingress controller does not apply compression. 
- Note: Not all MIME types benefit from compression, but HAProxy will still use resources to try to compress if instructed to.  Generally speaking, text (html, css, js, etc.) formats benefit from compression, but formats that are already compressed (image, audio, video, etc.) benefit little in exchange for the time and cpu spent on compressing again. See https://joehonton.medium.com/the-gzip-penalty-d31bd697f1a2
+| mimeTypes is a list of MIME types that should have compression applied.
+This list can be empty, in which case the ingress controller does not apply compression.
+
+Note: Not all MIME types benefit from compression, but HAProxy will still use resources
+to try to compress if instructed to.  Generally speaking, text (html, css, js, etc.)
+formats benefit from compression, but formats that are already compressed (image,
+audio, video, etc.) benefit little in exchange for the time and cpu spent on compressing
+again. See https://joehonton.medium.com/the-gzip-penalty-d31bd697f1a2
 
 |===
 === .spec.httpErrorCodePages
 Description::
 +
 --
-httpErrorCodePages specifies a configmap with custom error pages. The administrator must create this configmap in the openshift-config namespace. This configmap should have keys in the format "error-page-<error code>.http", where <error code> is an HTTP error code. For example, "error-page-503.http" defines an error page for HTTP 503 responses. Currently only error pages for 503 and 404 responses can be customized. Each value in the configmap should be the full response, including HTTP headers. Eg- https://raw.githubusercontent.com/openshift/router/fadab45747a9b30cc3f0a4b41ad2871f95827a93/images/router/haproxy/conf/error-page-503.http If this field is empty, the ingress controller uses the default error pages.
+httpErrorCodePages specifies a configmap with custom error pages.
+The administrator must create this configmap in the openshift-config namespace.
+This configmap should have keys in the format "error-page-<error code>.http",
+where <error code> is an HTTP error code.
+For example, "error-page-503.http" defines an error page for HTTP 503 responses.
+Currently only error pages for 503 and 404 responses can be customized.
+Each value in the configmap should be the full response, including HTTP headers.
+Eg- https://raw.githubusercontent.com/openshift/router/fadab45747a9b30cc3f0a4b41ad2871f95827a93/images/router/haproxy/conf/error-page-503.http
+If this field is empty, the ingress controller uses the default error pages.
 --
 
 Type::
@@ -729,8 +1203,9 @@ Required::
 Description::
 +
 --
-httpHeaders defines policy for HTTP headers. 
- If this field is empty, the default values are used.
+httpHeaders defines policy for HTTP headers.
+
+If this field is empty, the default values are used.
 --
 
 Type::
@@ -745,35 +1220,110 @@ Type::
 
 | `actions`
 | `object`
-| actions specifies options for modifying headers and their values. Note that this option only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections).  Headers cannot be modified for TLS passthrough connections. Setting the HSTS (`Strict-Transport-Security`) header is not supported via actions. `Strict-Transport-Security` may only be configured using the "haproxy.router.openshift.io/hsts_header" route annotation, and only in accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies. Any actions defined here are applied after any actions related to the following other fields: cache-control, spec.clientTLS, spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId, and spec.httpHeaders.headerNameCaseAdjustments. In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after the actions specified in the IngressController's spec.httpHeaders.actions field. In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be executed after the actions specified in the Route's spec.httpHeaders.actions field. Headers set using this API cannot be captured for use in access logs. The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. Please refer to the documentation for that API field for more details.
+| actions specifies options for modifying headers and their values.
+Note that this option only applies to cleartext HTTP connections
+and to secure HTTP connections for which the ingress controller
+terminates encryption (that is, edge-terminated or reencrypt
+connections).  Headers cannot be modified for TLS passthrough
+connections.
+Setting the HSTS (`Strict-Transport-Security`) header is not supported via actions. `Strict-Transport-Security`
+may only be configured using the "haproxy.router.openshift.io/hsts_header" route annotation, and only in
+accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies.
+Any actions defined here are applied after any actions related to the following other fields:
+cache-control, spec.clientTLS,
+spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId,
+and spec.httpHeaders.headerNameCaseAdjustments.
+In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after
+the actions specified in the IngressController's spec.httpHeaders.actions field.
+In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be
+executed after the actions specified in the Route's spec.httpHeaders.actions field.
+Headers set using this API cannot be captured for use in access logs.
+The following header names are reserved and may not be modified via this API:
+Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie.
+Note that the total size of all net added headers *after* interpolating dynamic values
+must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the
+IngressController. Please refer to the documentation
+for that API field for more details.
 
 | `forwardedHeaderPolicy`
 | `string`
-| forwardedHeaderPolicy specifies when and how the IngressController sets the Forwarded, X-Forwarded-For, X-Forwarded-Host, X-Forwarded-Port, X-Forwarded-Proto, and X-Forwarded-Proto-Version HTTP headers.  The value may be one of the following: 
- * "Append", which specifies that the IngressController appends the headers, preserving existing headers. 
- * "Replace", which specifies that the IngressController sets the headers, replacing any existing Forwarded or X-Forwarded-* headers. 
- * "IfNone", which specifies that the IngressController sets the headers if they are not already set. 
- * "Never", which specifies that the IngressController never sets the headers, preserving any existing headers. 
- By default, the policy is "Append".
+| forwardedHeaderPolicy specifies when and how the IngressController
+sets the Forwarded, X-Forwarded-For, X-Forwarded-Host,
+X-Forwarded-Port, X-Forwarded-Proto, and X-Forwarded-Proto-Version
+HTTP headers.  The value may be one of the following:
+
+* "Append", which specifies that the IngressController appends the
+  headers, preserving existing headers.
+
+* "Replace", which specifies that the IngressController sets the
+  headers, replacing any existing Forwarded or X-Forwarded-* headers.
+
+* "IfNone", which specifies that the IngressController sets the
+  headers if they are not already set.
+
+* "Never", which specifies that the IngressController never sets the
+  headers, preserving any existing headers.
+
+By default, the policy is "Append".
 
 | `headerNameCaseAdjustments`
 | ``
-| headerNameCaseAdjustments specifies case adjustments that can be applied to HTTP header names.  Each adjustment is specified as an HTTP header name with the desired capitalization.  For example, specifying "X-Forwarded-For" indicates that the "x-forwarded-for" HTTP header should be adjusted to have the specified capitalization. 
- These adjustments are only applied to cleartext, edge-terminated, and re-encrypt routes, and only when using HTTP/1. 
- For request headers, these adjustments are applied only for routes that have the haproxy.router.openshift.io/h1-adjust-case=true annotation.  For response headers, these adjustments are applied to all HTTP responses. 
- If this field is empty, no request headers are adjusted.
+| headerNameCaseAdjustments specifies case adjustments that can be
+applied to HTTP header names.  Each adjustment is specified as an
+HTTP header name with the desired capitalization.  For example,
+specifying "X-Forwarded-For" indicates that the "x-forwarded-for"
+HTTP header should be adjusted to have the specified capitalization.
+
+These adjustments are only applied to cleartext, edge-terminated, and
+re-encrypt routes, and only when using HTTP/1.
+
+For request headers, these adjustments are applied only for routes
+that have the haproxy.router.openshift.io/h1-adjust-case=true
+annotation.  For response headers, these adjustments are applied to
+all HTTP responses.
+
+If this field is empty, no request headers are adjusted.
 
 | `uniqueId`
 | `object`
-| uniqueId describes configuration for a custom HTTP header that the ingress controller should inject into incoming HTTP requests. Typically, this header is configured to have a value that is unique to the HTTP request.  The header can be used by applications or included in access logs to facilitate tracing individual HTTP requests. 
- If this field is empty, no such header is injected into requests.
+| uniqueId describes configuration for a custom HTTP header that the
+ingress controller should inject into incoming HTTP requests.
+Typically, this header is configured to have a value that is unique
+to the HTTP request.  The header can be used by applications or
+included in access logs to facilitate tracing individual HTTP
+requests.
+
+If this field is empty, no such header is injected into requests.
 
 |===
 === .spec.httpHeaders.actions
 Description::
 +
 --
-actions specifies options for modifying headers and their values. Note that this option only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections).  Headers cannot be modified for TLS passthrough connections. Setting the HSTS (`Strict-Transport-Security`) header is not supported via actions. `Strict-Transport-Security` may only be configured using the "haproxy.router.openshift.io/hsts_header" route annotation, and only in accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies. Any actions defined here are applied after any actions related to the following other fields: cache-control, spec.clientTLS, spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId, and spec.httpHeaders.headerNameCaseAdjustments. In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after the actions specified in the IngressController's spec.httpHeaders.actions field. In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be executed after the actions specified in the Route's spec.httpHeaders.actions field. Headers set using this API cannot be captured for use in access logs. The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. Please refer to the documentation for that API field for more details.
+actions specifies options for modifying headers and their values.
+Note that this option only applies to cleartext HTTP connections
+and to secure HTTP connections for which the ingress controller
+terminates encryption (that is, edge-terminated or reencrypt
+connections).  Headers cannot be modified for TLS passthrough
+connections.
+Setting the HSTS (`Strict-Transport-Security`) header is not supported via actions. `Strict-Transport-Security`
+may only be configured using the "haproxy.router.openshift.io/hsts_header" route annotation, and only in
+accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies.
+Any actions defined here are applied after any actions related to the following other fields:
+cache-control, spec.clientTLS,
+spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId,
+and spec.httpHeaders.headerNameCaseAdjustments.
+In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after
+the actions specified in the IngressController's spec.httpHeaders.actions field.
+In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be
+executed after the actions specified in the Route's spec.httpHeaders.actions field.
+Headers set using this API cannot be captured for use in access logs.
+The following header names are reserved and may not be modified via this API:
+Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie.
+Note that the total size of all net added headers *after* interpolating dynamic values
+must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the
+IngressController. Please refer to the documentation
+for that API field for more details.
 --
 
 Type::
@@ -788,7 +1338,16 @@ Type::
 
 | `request`
 | `array`
-| request is a list of HTTP request headers to modify. Actions defined here will modify the request headers of all requests passing through an ingress controller. These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. IngressController actions for request headers will be executed before Route actions. Currently, actions may define to either `Set` or `Delete` headers values. Actions are applied in sequence as defined in this list. A maximum of 20 request header actions may be configured. Sample fetchers allowed are "req.hdr" and "ssl_c_der". Converters allowed are "lower" and "base64". Example header values: "%[req.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]".
+| request is a list of HTTP request headers to modify.
+Actions defined here will modify the request headers of all requests passing through an ingress controller.
+These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster.
+IngressController actions for request headers will be executed before Route actions.
+Currently, actions may define to either `Set` or `Delete` headers values.
+Actions are applied in sequence as defined in this list.
+A maximum of 20 request header actions may be configured.
+Sample fetchers allowed are "req.hdr" and "ssl_c_der".
+Converters allowed are "lower" and "base64".
+Example header values: "%[req.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]".
 
 | `request[]`
 | `object`
@@ -796,7 +1355,16 @@ Type::
 
 | `response`
 | `array`
-| response is a list of HTTP response headers to modify. Actions defined here will modify the response headers of all requests passing through an ingress controller. These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. IngressController actions for response headers will be executed after Route actions. Currently, actions may define to either `Set` or `Delete` headers values. Actions are applied in sequence as defined in this list. A maximum of 20 response header actions may be configured. Sample fetchers allowed are "res.hdr" and "ssl_c_der". Converters allowed are "lower" and "base64". Example header values: "%[res.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]".
+| response is a list of HTTP response headers to modify.
+Actions defined here will modify the response headers of all requests passing through an ingress controller.
+These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster.
+IngressController actions for response headers will be executed after Route actions.
+Currently, actions may define to either `Set` or `Delete` headers values.
+Actions are applied in sequence as defined in this list.
+A maximum of 20 response header actions may be configured.
+Sample fetchers allowed are "res.hdr" and "ssl_c_der".
+Converters allowed are "lower" and "base64".
+Example header values: "%[res.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]".
 
 | `response[]`
 | `object`
@@ -807,7 +1375,16 @@ Type::
 Description::
 +
 --
-request is a list of HTTP request headers to modify. Actions defined here will modify the request headers of all requests passing through an ingress controller. These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. IngressController actions for request headers will be executed before Route actions. Currently, actions may define to either `Set` or `Delete` headers values. Actions are applied in sequence as defined in this list. A maximum of 20 request header actions may be configured. Sample fetchers allowed are "req.hdr" and "ssl_c_der". Converters allowed are "lower" and "base64". Example header values: "%[req.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]".
+request is a list of HTTP request headers to modify.
+Actions defined here will modify the request headers of all requests passing through an ingress controller.
+These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster.
+IngressController actions for request headers will be executed before Route actions.
+Currently, actions may define to either `Set` or `Delete` headers values.
+Actions are applied in sequence as defined in this list.
+A maximum of 20 request header actions may be configured.
+Sample fetchers allowed are "req.hdr" and "ssl_c_der".
+Converters allowed are "lower" and "base64".
+Example header values: "%[req.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]".
 --
 
 Type::
@@ -842,7 +1419,13 @@ Required::
 
 | `name`
 | `string`
-| name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2. The name must consist only of alphanumeric and the following special characters, "-!#$%&'*+.^_`". The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. It must be no more than 255 characters in length. Header name must be unique.
+| name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header
+name as defined in RFC 2616 section 4.2.
+The name must consist only of alphanumeric and the following special characters, "-!#$%&'*+.^_`".
+The following header names are reserved and may not be modified via this API:
+Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie.
+It must be no more than 255 characters in length.
+Header name must be unique.
 
 |===
 === .spec.httpHeaders.actions.request[].action
@@ -866,18 +1449,23 @@ Required::
 
 | `set`
 | `object`
-| set specifies how the HTTP header should be set. This field is required when type is Set and forbidden otherwise.
+| set specifies how the HTTP header should be set.
+This field is required when type is Set and forbidden otherwise.
 
 | `type`
 | `string`
-| type defines the type of the action to be applied on the header. Possible values are Set or Delete. Set allows you to set HTTP request and response headers. Delete allows you to delete HTTP request and response headers.
+| type defines the type of the action to be applied on the header.
+Possible values are Set or Delete.
+Set allows you to set HTTP request and response headers.
+Delete allows you to delete HTTP request and response headers.
 
 |===
 === .spec.httpHeaders.actions.request[].action.set
 Description::
 +
 --
-set specifies how the HTTP header should be set. This field is required when type is Set and forbidden otherwise.
+set specifies how the HTTP header should be set.
+This field is required when type is Set and forbidden otherwise.
 --
 
 Type::
@@ -894,14 +1482,30 @@ Required::
 
 | `value`
 | `string`
-| value specifies a header value. Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6  and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. The value of this field must be no more than 16384 characters in length. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController.
+| value specifies a header value.
+Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in
+http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6  and may use HAProxy's %[] syntax and
+otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2.
+The value of this field must be no more than 16384 characters in length.
+Note that the total size of all net added headers *after* interpolating dynamic values
+must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the
+IngressController.
 
 |===
 === .spec.httpHeaders.actions.response
 Description::
 +
 --
-response is a list of HTTP response headers to modify. Actions defined here will modify the response headers of all requests passing through an ingress controller. These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. IngressController actions for response headers will be executed after Route actions. Currently, actions may define to either `Set` or `Delete` headers values. Actions are applied in sequence as defined in this list. A maximum of 20 response header actions may be configured. Sample fetchers allowed are "res.hdr" and "ssl_c_der". Converters allowed are "lower" and "base64". Example header values: "%[res.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]".
+response is a list of HTTP response headers to modify.
+Actions defined here will modify the response headers of all requests passing through an ingress controller.
+These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster.
+IngressController actions for response headers will be executed after Route actions.
+Currently, actions may define to either `Set` or `Delete` headers values.
+Actions are applied in sequence as defined in this list.
+A maximum of 20 response header actions may be configured.
+Sample fetchers allowed are "res.hdr" and "ssl_c_der".
+Converters allowed are "lower" and "base64".
+Example header values: "%[res.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]".
 --
 
 Type::
@@ -936,7 +1540,13 @@ Required::
 
 | `name`
 | `string`
-| name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2. The name must consist only of alphanumeric and the following special characters, "-!#$%&'*+.^_`". The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. It must be no more than 255 characters in length. Header name must be unique.
+| name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header
+name as defined in RFC 2616 section 4.2.
+The name must consist only of alphanumeric and the following special characters, "-!#$%&'*+.^_`".
+The following header names are reserved and may not be modified via this API:
+Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie.
+It must be no more than 255 characters in length.
+Header name must be unique.
 
 |===
 === .spec.httpHeaders.actions.response[].action
@@ -960,18 +1570,23 @@ Required::
 
 | `set`
 | `object`
-| set specifies how the HTTP header should be set. This field is required when type is Set and forbidden otherwise.
+| set specifies how the HTTP header should be set.
+This field is required when type is Set and forbidden otherwise.
 
 | `type`
 | `string`
-| type defines the type of the action to be applied on the header. Possible values are Set or Delete. Set allows you to set HTTP request and response headers. Delete allows you to delete HTTP request and response headers.
+| type defines the type of the action to be applied on the header.
+Possible values are Set or Delete.
+Set allows you to set HTTP request and response headers.
+Delete allows you to delete HTTP request and response headers.
 
 |===
 === .spec.httpHeaders.actions.response[].action.set
 Description::
 +
 --
-set specifies how the HTTP header should be set. This field is required when type is Set and forbidden otherwise.
+set specifies how the HTTP header should be set.
+This field is required when type is Set and forbidden otherwise.
 --
 
 Type::
@@ -988,15 +1603,28 @@ Required::
 
 | `value`
 | `string`
-| value specifies a header value. Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6  and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. The value of this field must be no more than 16384 characters in length. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController.
+| value specifies a header value.
+Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in
+http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6  and may use HAProxy's %[] syntax and
+otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2.
+The value of this field must be no more than 16384 characters in length.
+Note that the total size of all net added headers *after* interpolating dynamic values
+must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the
+IngressController.
 
 |===
 === .spec.httpHeaders.uniqueId
 Description::
 +
 --
-uniqueId describes configuration for a custom HTTP header that the ingress controller should inject into incoming HTTP requests. Typically, this header is configured to have a value that is unique to the HTTP request.  The header can be used by applications or included in access logs to facilitate tracing individual HTTP requests. 
- If this field is empty, no such header is injected into requests.
+uniqueId describes configuration for a custom HTTP header that the
+ingress controller should inject into incoming HTTP requests.
+Typically, this header is configured to have a value that is unique
+to the HTTP request.  The header can be used by applications or
+included in access logs to facilitate tracing individual HTTP
+requests.
+
+If this field is empty, no such header is injected into requests.
 --
 
 Type::
@@ -1011,18 +1639,29 @@ Type::
 
 | `format`
 | `string`
-| format specifies the format for the injected HTTP header's value. This field has no effect unless name is specified.  For the HAProxy-based ingress controller implementation, this format uses the same syntax as the HTTP log format.  If the field is empty, the default value is "%{+X}o\\ %ci:%cp_%fi:%fp_%Ts_%rt:%pid"; see the corresponding HAProxy documentation: http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3
+| format specifies the format for the injected HTTP header's value.
+This field has no effect unless name is specified.  For the
+HAProxy-based ingress controller implementation, this format uses the
+same syntax as the HTTP log format.  If the field is empty, the
+default value is "%{+X}o\\ %ci:%cp_%fi:%fp_%Ts_%rt:%pid"; see the
+corresponding HAProxy documentation:
+http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3
 
 | `name`
 | `string`
-| name specifies the name of the HTTP header (for example, "unique-id") that the ingress controller should inject into HTTP requests.  The field's value must be a valid HTTP header name as defined in RFC 2616 section 4.2.  If the field is empty, no header is injected.
+| name specifies the name of the HTTP header (for example, "unique-id")
+that the ingress controller should inject into HTTP requests.  The
+field's value must be a valid HTTP header name as defined in RFC 2616
+section 4.2.  If the field is empty, no header is injected.
 
 |===
 === .spec.logging
 Description::
 +
 --
-logging defines parameters for what should be logged where.  If this field is empty, operational logs are enabled but access logs are disabled.
+logging defines parameters for what should be logged where.  If this
+field is empty, operational logs are enabled but access logs are
+disabled.
 --
 
 Type::
@@ -1037,16 +1676,18 @@ Type::
 
 | `access`
 | `object`
-| access describes how the client requests should be logged. 
- If this field is empty, access logging is disabled.
+| access describes how the client requests should be logged.
+
+If this field is empty, access logging is disabled.
 
 |===
 === .spec.logging.access
 Description::
 +
 --
-access describes how the client requests should be logged. 
- If this field is empty, access logging is disabled.
+access describes how the client requests should be logged.
+
+If this field is empty, access logging is disabled.
 --
 
 Type::
@@ -1067,22 +1708,48 @@ Required::
 
 | `httpCaptureCookies`
 | ``
-| httpCaptureCookies specifies HTTP cookies that should be captured in access logs.  If this field is empty, no cookies are captured.
+| httpCaptureCookies specifies HTTP cookies that should be captured in
+access logs.  If this field is empty, no cookies are captured.
 
 | `httpCaptureHeaders`
 | `object`
-| httpCaptureHeaders defines HTTP headers that should be captured in access logs.  If this field is empty, no headers are captured. 
- Note that this option only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections).  Headers cannot be captured for TLS passthrough connections.
+| httpCaptureHeaders defines HTTP headers that should be captured in
+access logs.  If this field is empty, no headers are captured.
+
+Note that this option only applies to cleartext HTTP connections
+and to secure HTTP connections for which the ingress controller
+terminates encryption (that is, edge-terminated or reencrypt
+connections).  Headers cannot be captured for TLS passthrough
+connections.
 
 | `httpLogFormat`
 | `string`
-| httpLogFormat specifies the format of the log message for an HTTP request. 
- If this field is empty, log messages use the implementation's default HTTP log format.  For HAProxy's default HTTP log format, see the HAProxy documentation: http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3 
- Note that this format only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections).  It does not affect the log format for TLS passthrough connections.
+| httpLogFormat specifies the format of the log message for an HTTP
+request.
+
+If this field is empty, log messages use the implementation's default
+HTTP log format.  For HAProxy's default HTTP log format, see the
+HAProxy documentation:
+http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3
+
+Note that this format only applies to cleartext HTTP connections
+and to secure HTTP connections for which the ingress controller
+terminates encryption (that is, edge-terminated or reencrypt
+connections).  It does not affect the log format for TLS passthrough
+connections.
 
 | `logEmptyRequests`
 | `string`
-| logEmptyRequests specifies how connections on which no request is received should be logged.  Typically, these empty requests come from load balancers' health probes or Web browsers' speculative connections ("preconnect"), in which case logging these requests may be undesirable.  However, these requests may also be caused by network errors, in which case logging empty requests may be useful for diagnosing the errors.  In addition, these requests may be caused by port scans, in which case logging empty requests may aid in detecting intrusion attempts.  Allowed values for this field are "Log" and "Ignore".  The default value is "Log".
+| logEmptyRequests specifies how connections on which no request is
+received should be logged.  Typically, these empty requests come from
+load balancers' health probes or Web browsers' speculative
+connections ("preconnect"), in which case logging these requests may
+be undesirable.  However, these requests may also be caused by
+network errors, in which case logging empty requests may be useful
+for diagnosing the errors.  In addition, these requests may be caused
+by port scans, in which case logging empty requests may aid in
+detecting intrusion attempts.  Allowed values for this field are
+"Log" and "Ignore".  The default value is "Log".
 
 |===
 === .spec.logging.access.destination
@@ -1106,26 +1773,43 @@ Required::
 
 | `container`
 | `object`
-| container holds parameters for the Container logging destination. Present only if type is Container.
+| container holds parameters for the Container logging destination.
+Present only if type is Container.
 
 | `syslog`
 | `object`
-| syslog holds parameters for a syslog endpoint.  Present only if type is Syslog.
+| syslog holds parameters for a syslog endpoint.  Present only if
+type is Syslog.
 
 | `type`
 | `string`
-| type is the type of destination for logs.  It must be one of the following: 
- * Container 
- The ingress operator configures the sidecar container named "logs" on the ingress controller pod and configures the ingress controller to write logs to the sidecar.  The logs are then available as container logs.  The expectation is that the administrator configures a custom logging solution that reads logs from this sidecar.  Note that using container logs means that logs may be dropped if the rate of logs exceeds the container runtime's or the custom logging solution's capacity. 
- * Syslog 
- Logs are sent to a syslog endpoint.  The administrator must specify an endpoint that can receive syslog messages.  The expectation is that the administrator has configured a custom syslog instance.
+| type is the type of destination for logs.  It must be one of the
+following:
+
+* Container
+
+The ingress operator configures the sidecar container named "logs" on
+the ingress controller pod and configures the ingress controller to
+write logs to the sidecar.  The logs are then available as container
+logs.  The expectation is that the administrator configures a custom
+logging solution that reads logs from this sidecar.  Note that using
+container logs means that logs may be dropped if the rate of logs
+exceeds the container runtime's or the custom logging solution's
+capacity.
+
+* Syslog
+
+Logs are sent to a syslog endpoint.  The administrator must specify
+an endpoint that can receive syslog messages.  The expectation is
+that the administrator has configured a custom syslog instance.
 
 |===
 === .spec.logging.access.destination.container
 Description::
 +
 --
-container holds parameters for the Container logging destination. Present only if type is Container.
+container holds parameters for the Container logging destination.
+Present only if type is Container.
 --
 
 Type::
@@ -1140,16 +1824,19 @@ Type::
 
 | `maxLength`
 | `integer`
-| maxLength is the maximum length of the log message. 
- Valid values are integers in the range 480 to 8192, inclusive. 
- When omitted, the default value is 1024.
+| maxLength is the maximum length of the log message.
+
+Valid values are integers in the range 480 to 8192, inclusive.
+
+When omitted, the default value is 1024.
 
 |===
 === .spec.logging.access.destination.syslog
 Description::
 +
 --
-syslog holds parameters for a syslog endpoint.  Present only if type is Syslog.
+syslog holds parameters for a syslog endpoint.  Present only if
+type is Syslog.
 --
 
 Type::
@@ -1167,30 +1854,41 @@ Required::
 
 | `address`
 | `string`
-| address is the IP address of the syslog endpoint that receives log messages.
+| address is the IP address of the syslog endpoint that receives log
+messages.
 
 | `facility`
 | `string`
-| facility specifies the syslog facility of log messages. 
- If this field is empty, the facility is "local1".
+| facility specifies the syslog facility of log messages.
+
+If this field is empty, the facility is "local1".
 
 | `maxLength`
 | `integer`
-| maxLength is the maximum length of the log message. 
- Valid values are integers in the range 480 to 4096, inclusive. 
- When omitted, the default value is 1024.
+| maxLength is the maximum length of the log message.
+
+Valid values are integers in the range 480 to 4096, inclusive.
+
+When omitted, the default value is 1024.
 
 | `port`
 | `integer`
-| port is the UDP port number of the syslog endpoint that receives log messages.
+| port is the UDP port number of the syslog endpoint that receives log
+messages.
 
 |===
 === .spec.logging.access.httpCaptureHeaders
 Description::
 +
 --
-httpCaptureHeaders defines HTTP headers that should be captured in access logs.  If this field is empty, no headers are captured. 
- Note that this option only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections).  Headers cannot be captured for TLS passthrough connections.
+httpCaptureHeaders defines HTTP headers that should be captured in
+access logs.  If this field is empty, no headers are captured.
+
+Note that this option only applies to cleartext HTTP connections
+and to secure HTTP connections for which the ingress controller
+terminates encryption (that is, edge-terminated or reencrypt
+connections).  Headers cannot be captured for TLS passthrough
+connections.
 --
 
 Type::
@@ -1205,21 +1903,25 @@ Type::
 
 | `request`
 | ``
-| request specifies which HTTP request headers to capture. 
- If this field is empty, no request headers are captured.
+| request specifies which HTTP request headers to capture.
+
+If this field is empty, no request headers are captured.
 
 | `response`
 | ``
-| response specifies which HTTP response headers to capture. 
- If this field is empty, no response headers are captured.
+| response specifies which HTTP response headers to capture.
+
+If this field is empty, no response headers are captured.
 
 |===
 === .spec.namespaceSelector
 Description::
 +
 --
-namespaceSelector is used to filter the set of namespaces serviced by the ingress controller. This is useful for implementing shards. 
- If unset, the default is no filtering.
+namespaceSelector is used to filter the set of namespaces serviced by the
+ingress controller. This is useful for implementing shards.
+
+If unset, the default is no filtering.
 --
 
 Type::
@@ -1238,11 +1940,14 @@ Type::
 
 | `matchExpressions[]`
 | `object`
-| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+| A label selector requirement is a selector that contains values, a key, and an operator that
+relates the key and values.
 
 | `matchLabels`
 | `object (string)`
-| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+map is equivalent to an element of matchExpressions, whose key field is "key", the
+operator is "In", and the values array contains only "value". The requirements are ANDed.
 
 |===
 === .spec.namespaceSelector.matchExpressions
@@ -1262,7 +1967,8 @@ Type::
 Description::
 +
 --
-A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+A label selector requirement is a selector that contains values, a key, and an operator that
+relates the key and values.
 --
 
 Type::
@@ -1284,19 +1990,25 @@ Required::
 
 | `operator`
 | `string`
-| operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+| operator represents a key's relationship to a set of values.
+Valid operators are In, NotIn, Exists and DoesNotExist.
 
 | `values`
 | `array (string)`
-| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+| values is an array of string values. If the operator is In or NotIn,
+the values array must be non-empty. If the operator is Exists or DoesNotExist,
+the values array must be empty. This array is replaced during a strategic
+merge patch.
 
 |===
 === .spec.nodePlacement
 Description::
 +
 --
-nodePlacement enables explicit control over the scheduling of the ingress controller. 
- If unset, defaults are used. See NodePlacement for more details.
+nodePlacement enables explicit control over the scheduling of the ingress
+controller.
+
+If unset, defaults are used. See NodePlacement for more details.
 --
 
 Type::
@@ -1311,40 +2023,74 @@ Type::
 
 | `nodeSelector`
 | `object`
-| nodeSelector is the node selector applied to ingress controller deployments. 
- If set, the specified selector is used and replaces the default. 
- If unset, the default depends on the value of the defaultPlacement field in the cluster config.openshift.io/v1/ingresses status. 
- When defaultPlacement is Workers, the default is: 
- kubernetes.io/os: linux node-role.kubernetes.io/worker: '' 
- When defaultPlacement is ControlPlane, the default is: 
- kubernetes.io/os: linux node-role.kubernetes.io/master: '' 
- These defaults are subject to change. 
- Note that using nodeSelector.matchExpressions is not supported.  Only nodeSelector.matchLabels may be used.  This is a limitation of the Kubernetes API: the pod spec does not allow complex expressions for node selectors.
+| nodeSelector is the node selector applied to ingress controller
+deployments.
+
+If set, the specified selector is used and replaces the default.
+
+If unset, the default depends on the value of the defaultPlacement
+field in the cluster config.openshift.io/v1/ingresses status.
+
+When defaultPlacement is Workers, the default is:
+
+  kubernetes.io/os: linux
+  node-role.kubernetes.io/worker: ''
+
+When defaultPlacement is ControlPlane, the default is:
+
+  kubernetes.io/os: linux
+  node-role.kubernetes.io/master: ''
+
+These defaults are subject to change.
+
+Note that using nodeSelector.matchExpressions is not supported.  Only
+nodeSelector.matchLabels may be used.  This is a limitation of the
+Kubernetes API: the pod spec does not allow complex expressions for
+node selectors.
 
 | `tolerations`
 | `array`
-| tolerations is a list of tolerations applied to ingress controller deployments. 
- The default is an empty list. 
- See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+| tolerations is a list of tolerations applied to ingress controller
+deployments.
+
+The default is an empty list.
+
+See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
 
 | `tolerations[]`
 | `object`
-| The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
+| The pod this Toleration is attached to tolerates any taint that matches
+the triple <key,value,effect> using the matching operator <operator>.
 
 |===
 === .spec.nodePlacement.nodeSelector
 Description::
 +
 --
-nodeSelector is the node selector applied to ingress controller deployments. 
- If set, the specified selector is used and replaces the default. 
- If unset, the default depends on the value of the defaultPlacement field in the cluster config.openshift.io/v1/ingresses status. 
- When defaultPlacement is Workers, the default is: 
- kubernetes.io/os: linux node-role.kubernetes.io/worker: '' 
- When defaultPlacement is ControlPlane, the default is: 
- kubernetes.io/os: linux node-role.kubernetes.io/master: '' 
- These defaults are subject to change. 
- Note that using nodeSelector.matchExpressions is not supported.  Only nodeSelector.matchLabels may be used.  This is a limitation of the Kubernetes API: the pod spec does not allow complex expressions for node selectors.
+nodeSelector is the node selector applied to ingress controller
+deployments.
+
+If set, the specified selector is used and replaces the default.
+
+If unset, the default depends on the value of the defaultPlacement
+field in the cluster config.openshift.io/v1/ingresses status.
+
+When defaultPlacement is Workers, the default is:
+
+  kubernetes.io/os: linux
+  node-role.kubernetes.io/worker: ''
+
+When defaultPlacement is ControlPlane, the default is:
+
+  kubernetes.io/os: linux
+  node-role.kubernetes.io/master: ''
+
+These defaults are subject to change.
+
+Note that using nodeSelector.matchExpressions is not supported.  Only
+nodeSelector.matchLabels may be used.  This is a limitation of the
+Kubernetes API: the pod spec does not allow complex expressions for
+node selectors.
 --
 
 Type::
@@ -1363,11 +2109,14 @@ Type::
 
 | `matchExpressions[]`
 | `object`
-| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+| A label selector requirement is a selector that contains values, a key, and an operator that
+relates the key and values.
 
 | `matchLabels`
 | `object (string)`
-| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+map is equivalent to an element of matchExpressions, whose key field is "key", the
+operator is "In", and the values array contains only "value". The requirements are ANDed.
 
 |===
 === .spec.nodePlacement.nodeSelector.matchExpressions
@@ -1387,7 +2136,8 @@ Type::
 Description::
 +
 --
-A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+A label selector requirement is a selector that contains values, a key, and an operator that
+relates the key and values.
 --
 
 Type::
@@ -1409,20 +2159,27 @@ Required::
 
 | `operator`
 | `string`
-| operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+| operator represents a key's relationship to a set of values.
+Valid operators are In, NotIn, Exists and DoesNotExist.
 
 | `values`
 | `array (string)`
-| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+| values is an array of string values. If the operator is In or NotIn,
+the values array must be non-empty. If the operator is Exists or DoesNotExist,
+the values array must be empty. This array is replaced during a strategic
+merge patch.
 
 |===
 === .spec.nodePlacement.tolerations
 Description::
 +
 --
-tolerations is a list of tolerations applied to ingress controller deployments. 
- The default is an empty list. 
- See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+tolerations is a list of tolerations applied to ingress controller
+deployments.
+
+The default is an empty list.
+
+See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
 --
 
 Type::
@@ -1435,7 +2192,8 @@ Type::
 Description::
 +
 --
-The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
+The pod this Toleration is attached to tolerates any taint that matches
+the triple <key,value,effect> using the matching operator <operator>.
 --
 
 Type::
@@ -1450,31 +2208,43 @@ Type::
 
 | `effect`
 | `string`
-| Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+| Effect indicates the taint effect to match. Empty means match all taint effects.
+When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
 
 | `key`
 | `string`
-| Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+| Key is the taint key that the toleration applies to. Empty means match all taint keys.
+If the key is empty, operator must be Exists; this combination means to match all values and all keys.
 
 | `operator`
 | `string`
-| Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
+| Operator represents a key's relationship to the value.
+Valid operators are Exists and Equal. Defaults to Equal.
+Exists is equivalent to wildcard for value, so that a pod can
+tolerate all taints of a particular category.
 
 | `tolerationSeconds`
 | `integer`
-| TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
+| TolerationSeconds represents the period of time the toleration (which must be
+of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+it is not set, which means tolerate the taint forever (do not evict). Zero and
+negative values will be treated as 0 (evict immediately) by the system.
 
 | `value`
 | `string`
-| Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
+| Value is the taint value the toleration matches to.
+If the operator is Exists, the value should be empty, otherwise just a regular string.
 
 |===
 === .spec.routeAdmission
 Description::
 +
 --
-routeAdmission defines a policy for handling new route claims (for example, to allow or deny claims across namespaces). 
- If empty, defaults will be applied. See specific routeAdmission fields for details about their defaults.
+routeAdmission defines a policy for handling new route claims (for example,
+to allow or deny claims across namespaces).
+
+If empty, defaults will be applied. See specific routeAdmission fields
+for details about their defaults.
 --
 
 Type::
@@ -1489,27 +2259,45 @@ Type::
 
 | `namespaceOwnership`
 | `string`
-| namespaceOwnership describes how host name claims across namespaces should be handled. 
- Value must be one of: 
- - Strict: Do not allow routes in different namespaces to claim the same host. 
- - InterNamespaceAllowed: Allow routes to claim different paths of the same host name across namespaces. 
- If empty, the default is Strict.
+| namespaceOwnership describes how host name claims across namespaces should
+be handled.
+
+Value must be one of:
+
+- Strict: Do not allow routes in different namespaces to claim the same host.
+
+- InterNamespaceAllowed: Allow routes to claim different paths of the same
+  host name across namespaces.
+
+If empty, the default is Strict.
 
 | `wildcardPolicy`
 | `string`
-| wildcardPolicy describes how routes with wildcard policies should be handled for the ingress controller. WildcardPolicy controls use of routes [1] exposed by the ingress controller based on the route's wildcard policy. 
- [1] https://github.com/openshift/api/blob/master/route/v1/types.go 
- Note: Updating WildcardPolicy from WildcardsAllowed to WildcardsDisallowed will cause admitted routes with a wildcard policy of Subdomain to stop working. These routes must be updated to a wildcard policy of None to be readmitted by the ingress controller. 
- WildcardPolicy supports WildcardsAllowed and WildcardsDisallowed values. 
- If empty, defaults to "WildcardsDisallowed".
+| wildcardPolicy describes how routes with wildcard policies should
+be handled for the ingress controller. WildcardPolicy controls use
+of routes [1] exposed by the ingress controller based on the route's
+wildcard policy.
+
+[1] https://github.com/openshift/api/blob/master/route/v1/types.go
+
+Note: Updating WildcardPolicy from WildcardsAllowed to WildcardsDisallowed
+will cause admitted routes with a wildcard policy of Subdomain to stop
+working. These routes must be updated to a wildcard policy of None to be
+readmitted by the ingress controller.
+
+WildcardPolicy supports WildcardsAllowed and WildcardsDisallowed values.
+
+If empty, defaults to "WildcardsDisallowed".
 
 |===
 === .spec.routeSelector
 Description::
 +
 --
-routeSelector is used to filter the set of Routes serviced by the ingress controller. This is useful for implementing shards. 
- If unset, the default is no filtering.
+routeSelector is used to filter the set of Routes serviced by the ingress
+controller. This is useful for implementing shards.
+
+If unset, the default is no filtering.
 --
 
 Type::
@@ -1528,11 +2316,14 @@ Type::
 
 | `matchExpressions[]`
 | `object`
-| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+| A label selector requirement is a selector that contains values, a key, and an operator that
+relates the key and values.
 
 | `matchLabels`
 | `object (string)`
-| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+map is equivalent to an element of matchExpressions, whose key field is "key", the
+operator is "In", and the values array contains only "value". The requirements are ANDed.
 
 |===
 === .spec.routeSelector.matchExpressions
@@ -1552,7 +2343,8 @@ Type::
 Description::
 +
 --
-A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+A label selector requirement is a selector that contains values, a key, and an operator that
+relates the key and values.
 --
 
 Type::
@@ -1574,20 +2366,30 @@ Required::
 
 | `operator`
 | `string`
-| operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+| operator represents a key's relationship to a set of values.
+Valid operators are In, NotIn, Exists and DoesNotExist.
 
 | `values`
 | `array (string)`
-| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+| values is an array of string values. If the operator is In or NotIn,
+the values array must be non-empty. If the operator is Exists or DoesNotExist,
+the values array must be empty. This array is replaced during a strategic
+merge patch.
 
 |===
 === .spec.tlsSecurityProfile
 Description::
 +
 --
-tlsSecurityProfile specifies settings for TLS connections for ingresscontrollers. 
- If unset, the default is based on the apiservers.config.openshift.io/cluster resource. 
- Note that when using the Old, Intermediate, and Modern profile types, the effective profile configuration is subject to change between releases. For example, given a specification to use the Intermediate profile deployed on release X.Y.Z, an upgrade to release X.Y.Z+1 may cause a new profile configuration to be applied to the ingress controller, resulting in a rollout.
+tlsSecurityProfile specifies settings for TLS connections for ingresscontrollers.
+
+If unset, the default is based on the apiservers.config.openshift.io/cluster resource.
+
+Note that when using the Old, Intermediate, and Modern profile types, the effective
+profile configuration is subject to change between releases. For example, given
+a specification to use the Intermediate profile deployed on release X.Y.Z, an upgrade
+to release X.Y.Z+1 may cause a new profile configuration to be applied to the ingress
+controller, resulting in a rollout.
 --
 
 Type::
@@ -1602,95 +2404,171 @@ Type::
 
 | `custom`
 | ``
-| custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this: 
- ciphers: 
- - ECDHE-ECDSA-CHACHA20-POLY1305 
- - ECDHE-RSA-CHACHA20-POLY1305 
- - ECDHE-RSA-AES128-GCM-SHA256 
- - ECDHE-ECDSA-AES128-GCM-SHA256 
- minTLSVersion: VersionTLS11
+| custom is a user-defined TLS security profile. Be extremely careful using a custom
+profile as invalid configurations can be catastrophic. An example custom profile
+looks like this:
+
+  ciphers:
+
+    - ECDHE-ECDSA-CHACHA20-POLY1305
+
+    - ECDHE-RSA-CHACHA20-POLY1305
+
+    - ECDHE-RSA-AES128-GCM-SHA256
+
+    - ECDHE-ECDSA-AES128-GCM-SHA256
+
+  minTLSVersion: VersionTLS11
 
 | `intermediate`
 | ``
-| intermediate is a TLS security profile based on: 
- https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 
- and looks like this (yaml): 
- ciphers: 
- - TLS_AES_128_GCM_SHA256 
- - TLS_AES_256_GCM_SHA384 
- - TLS_CHACHA20_POLY1305_SHA256 
- - ECDHE-ECDSA-AES128-GCM-SHA256 
- - ECDHE-RSA-AES128-GCM-SHA256 
- - ECDHE-ECDSA-AES256-GCM-SHA384 
- - ECDHE-RSA-AES256-GCM-SHA384 
- - ECDHE-ECDSA-CHACHA20-POLY1305 
- - ECDHE-RSA-CHACHA20-POLY1305 
- - DHE-RSA-AES128-GCM-SHA256 
- - DHE-RSA-AES256-GCM-SHA384 
- minTLSVersion: VersionTLS12
+| intermediate is a TLS security profile based on:
+
+https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29
+
+and looks like this (yaml):
+
+  ciphers:
+
+    - TLS_AES_128_GCM_SHA256
+
+    - TLS_AES_256_GCM_SHA384
+
+    - TLS_CHACHA20_POLY1305_SHA256
+
+    - ECDHE-ECDSA-AES128-GCM-SHA256
+
+    - ECDHE-RSA-AES128-GCM-SHA256
+
+    - ECDHE-ECDSA-AES256-GCM-SHA384
+
+    - ECDHE-RSA-AES256-GCM-SHA384
+
+    - ECDHE-ECDSA-CHACHA20-POLY1305
+
+    - ECDHE-RSA-CHACHA20-POLY1305
+
+    - DHE-RSA-AES128-GCM-SHA256
+
+    - DHE-RSA-AES256-GCM-SHA384
+
+  minTLSVersion: VersionTLS12
 
 | `modern`
 | ``
-| modern is a TLS security profile based on: 
- https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility 
- and looks like this (yaml): 
- ciphers: 
- - TLS_AES_128_GCM_SHA256 
- - TLS_AES_256_GCM_SHA384 
- - TLS_CHACHA20_POLY1305_SHA256 
- minTLSVersion: VersionTLS13
+| modern is a TLS security profile based on:
+
+https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
+
+and looks like this (yaml):
+
+  ciphers:
+
+    - TLS_AES_128_GCM_SHA256
+
+    - TLS_AES_256_GCM_SHA384
+
+    - TLS_CHACHA20_POLY1305_SHA256
+
+  minTLSVersion: VersionTLS13
 
 | `old`
 | ``
-| old is a TLS security profile based on: 
- https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility 
- and looks like this (yaml): 
- ciphers: 
- - TLS_AES_128_GCM_SHA256 
- - TLS_AES_256_GCM_SHA384 
- - TLS_CHACHA20_POLY1305_SHA256 
- - ECDHE-ECDSA-AES128-GCM-SHA256 
- - ECDHE-RSA-AES128-GCM-SHA256 
- - ECDHE-ECDSA-AES256-GCM-SHA384 
- - ECDHE-RSA-AES256-GCM-SHA384 
- - ECDHE-ECDSA-CHACHA20-POLY1305 
- - ECDHE-RSA-CHACHA20-POLY1305 
- - DHE-RSA-AES128-GCM-SHA256 
- - DHE-RSA-AES256-GCM-SHA384 
- - DHE-RSA-CHACHA20-POLY1305 
- - ECDHE-ECDSA-AES128-SHA256 
- - ECDHE-RSA-AES128-SHA256 
- - ECDHE-ECDSA-AES128-SHA 
- - ECDHE-RSA-AES128-SHA 
- - ECDHE-ECDSA-AES256-SHA384 
- - ECDHE-RSA-AES256-SHA384 
- - ECDHE-ECDSA-AES256-SHA 
- - ECDHE-RSA-AES256-SHA 
- - DHE-RSA-AES128-SHA256 
- - DHE-RSA-AES256-SHA256 
- - AES128-GCM-SHA256 
- - AES256-GCM-SHA384 
- - AES128-SHA256 
- - AES256-SHA256 
- - AES128-SHA 
- - AES256-SHA 
- - DES-CBC3-SHA 
- minTLSVersion: VersionTLS10
+| old is a TLS security profile based on:
+
+https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility
+
+and looks like this (yaml):
+
+  ciphers:
+
+    - TLS_AES_128_GCM_SHA256
+
+    - TLS_AES_256_GCM_SHA384
+
+    - TLS_CHACHA20_POLY1305_SHA256
+
+    - ECDHE-ECDSA-AES128-GCM-SHA256
+
+    - ECDHE-RSA-AES128-GCM-SHA256
+
+    - ECDHE-ECDSA-AES256-GCM-SHA384
+
+    - ECDHE-RSA-AES256-GCM-SHA384
+
+    - ECDHE-ECDSA-CHACHA20-POLY1305
+
+    - ECDHE-RSA-CHACHA20-POLY1305
+
+    - DHE-RSA-AES128-GCM-SHA256
+
+    - DHE-RSA-AES256-GCM-SHA384
+
+    - DHE-RSA-CHACHA20-POLY1305
+
+    - ECDHE-ECDSA-AES128-SHA256
+
+    - ECDHE-RSA-AES128-SHA256
+
+    - ECDHE-ECDSA-AES128-SHA
+
+    - ECDHE-RSA-AES128-SHA
+
+    - ECDHE-ECDSA-AES256-SHA384
+
+    - ECDHE-RSA-AES256-SHA384
+
+    - ECDHE-ECDSA-AES256-SHA
+
+    - ECDHE-RSA-AES256-SHA
+
+    - DHE-RSA-AES128-SHA256
+
+    - DHE-RSA-AES256-SHA256
+
+    - AES128-GCM-SHA256
+
+    - AES256-GCM-SHA384
+
+    - AES128-SHA256
+
+    - AES256-SHA256
+
+    - AES128-SHA
+
+    - AES256-SHA
+
+    - DES-CBC3-SHA
+
+  minTLSVersion: VersionTLS10
 
 | `type`
 | `string`
-| type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. Old, Intermediate and Modern are TLS security profiles based on: 
- https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations 
- The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure.  Depending on precisely which ciphers are available to a process, the list may be reduced. 
- Note that the Modern profile is currently not supported because it is not yet well adopted by common software libraries.
+| type is one of Old, Intermediate, Modern or Custom. Custom provides
+the ability to specify individual TLS security profile parameters.
+Old, Intermediate and Modern are TLS security profiles based on:
+
+https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations
+
+The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers
+are found to be insecure.  Depending on precisely which ciphers are available to a process, the list may be
+reduced.
+
+Note that the Modern profile is currently not supported because it is not
+yet well adopted by common software libraries.
 
 |===
 === .spec.tuningOptions
 Description::
 +
 --
-tuningOptions defines parameters for adjusting the performance of ingress controller pods. All fields are optional and will use their respective defaults if not set. See specific tuningOptions fields for more details. 
- Setting fields within tuningOptions is generally not recommended. The default values are suitable for most configurations.
+tuningOptions defines parameters for adjusting the performance of
+ingress controller pods. All fields are optional and will use their
+respective defaults if not set. See specific tuningOptions fields for
+more details.
+
+Setting fields within tuningOptions is generally not recommended. The
+default values are suitable for most configurations.
 --
 
 Type::
@@ -1705,82 +2583,205 @@ Type::
 
 | `clientFinTimeout`
 | `string`
-| clientFinTimeout defines how long a connection will be held open while waiting for the client response to the server/backend closing the connection. 
- If unset, the default timeout is 1s
+| clientFinTimeout defines how long a connection will be held open while
+waiting for the client response to the server/backend closing the
+connection.
+
+If unset, the default timeout is 1s
 
 | `clientTimeout`
 | `string`
-| clientTimeout defines how long a connection will be held open while waiting for a client response. 
- If unset, the default timeout is 30s
+| clientTimeout defines how long a connection will be held open while
+waiting for a client response.
+
+If unset, the default timeout is 30s
 
 | `connectTimeout`
 | `string`
-| ConnectTimeout defines the maximum time to wait for a connection attempt to a server/backend to succeed. 
- This field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, e.g. "300ms", "1.5h" or "2h45m". Valid time units are "ns", "us" (or "µs" U+00B5 or "μs" U+03BC), "ms", "s", "m", "h". 
- When omitted, this means the user has no opinion and the platform is left to choose a reasonable default. This default is subject to change over time. The current default is 5s.
+| ConnectTimeout defines the maximum time to wait for
+a connection attempt to a server/backend to succeed.
+
+This field expects an unsigned duration string of decimal numbers, each with optional
+fraction and a unit suffix, e.g. "300ms", "1.5h" or "2h45m".
+Valid time units are "ns", "us" (or "µs" U+00B5 or "μs" U+03BC), "ms", "s", "m", "h".
+
+When omitted, this means the user has no opinion and the platform is left
+to choose a reasonable default. This default is subject to change over time.
+The current default is 5s.
 
 | `headerBufferBytes`
 | `integer`
-| headerBufferBytes describes how much memory should be reserved (in bytes) for IngressController connection sessions. Note that this value must be at least 16384 if HTTP/2 is enabled for the IngressController (https://tools.ietf.org/html/rfc7540). If this field is empty, the IngressController will use a default value of 32768 bytes. 
- Setting this field is generally not recommended as headerBufferBytes values that are too small may break the IngressController and headerBufferBytes values that are too large could cause the IngressController to use significantly more memory than necessary.
+| headerBufferBytes describes how much memory should be reserved
+(in bytes) for IngressController connection sessions.
+Note that this value must be at least 16384 if HTTP/2 is
+enabled for the IngressController (https://tools.ietf.org/html/rfc7540).
+If this field is empty, the IngressController will use a default value
+of 32768 bytes.
+
+Setting this field is generally not recommended as headerBufferBytes
+values that are too small may break the IngressController and
+headerBufferBytes values that are too large could cause the
+IngressController to use significantly more memory than necessary.
 
 | `headerBufferMaxRewriteBytes`
 | `integer`
-| headerBufferMaxRewriteBytes describes how much memory should be reserved (in bytes) from headerBufferBytes for HTTP header rewriting and appending for IngressController connection sessions. Note that incoming HTTP requests will be limited to (headerBufferBytes - headerBufferMaxRewriteBytes) bytes, meaning headerBufferBytes must be greater than headerBufferMaxRewriteBytes. If this field is empty, the IngressController will use a default value of 8192 bytes. 
- Setting this field is generally not recommended as headerBufferMaxRewriteBytes values that are too small may break the IngressController and headerBufferMaxRewriteBytes values that are too large could cause the IngressController to use significantly more memory than necessary.
+| headerBufferMaxRewriteBytes describes how much memory should be reserved
+(in bytes) from headerBufferBytes for HTTP header rewriting
+and appending for IngressController connection sessions.
+Note that incoming HTTP requests will be limited to
+(headerBufferBytes - headerBufferMaxRewriteBytes) bytes, meaning
+headerBufferBytes must be greater than headerBufferMaxRewriteBytes.
+If this field is empty, the IngressController will use a default value
+of 8192 bytes.
+
+Setting this field is generally not recommended as
+headerBufferMaxRewriteBytes values that are too small may break the
+IngressController and headerBufferMaxRewriteBytes values that are too
+large could cause the IngressController to use significantly more memory
+than necessary.
 
 | `healthCheckInterval`
 | `string`
-| healthCheckInterval defines how long the router waits between two consecutive health checks on its configured backends.  This value is applied globally as a default for all routes, but may be overridden per-route by the route annotation "router.openshift.io/haproxy.health.check.interval". 
- Expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, eg "300ms", "1.5h" or "2h45m". Valid time units are "ns", "us" (or "µs" U+00B5 or "μs" U+03BC), "ms", "s", "m", "h". 
- Setting this to less than 5s can cause excess traffic due to too frequent TCP health checks and accompanying SYN packet storms.  Alternatively, setting this too high can result in increased latency, due to backend servers that are no longer available, but haven't yet been detected as such. 
- An empty or zero healthCheckInterval means no opinion and IngressController chooses a default, which is subject to change over time. Currently the default healthCheckInterval value is 5s. 
- Currently the minimum allowed value is 1s and the maximum allowed value is 2147483647ms (24.85 days).  Both are subject to change over time.
+| healthCheckInterval defines how long the router waits between two consecutive
+health checks on its configured backends.  This value is applied globally as
+a default for all routes, but may be overridden per-route by the route annotation
+"router.openshift.io/haproxy.health.check.interval".
+
+Expects an unsigned duration string of decimal numbers, each with optional
+fraction and a unit suffix, eg "300ms", "1.5h" or "2h45m".
+Valid time units are "ns", "us" (or "µs" U+00B5 or "μs" U+03BC), "ms", "s", "m", "h".
+
+Setting this to less than 5s can cause excess traffic due to too frequent
+TCP health checks and accompanying SYN packet storms.  Alternatively, setting
+this too high can result in increased latency, due to backend servers that are no
+longer available, but haven't yet been detected as such.
+
+An empty or zero healthCheckInterval means no opinion and IngressController chooses
+a default, which is subject to change over time.
+Currently the default healthCheckInterval value is 5s.
+
+Currently the minimum allowed value is 1s and the maximum allowed value is
+2147483647ms (24.85 days).  Both are subject to change over time.
 
 | `maxConnections`
 | `integer`
-| maxConnections defines the maximum number of simultaneous connections that can be established per HAProxy process. Increasing this value allows each ingress controller pod to handle more connections but at the cost of additional system resources being consumed. 
- Permitted values are: empty, 0, -1, and the range 2000-2000000. 
- If this field is empty or 0, the IngressController will use the default value of 50000, but the default is subject to change in future releases. 
- If the value is -1 then HAProxy will dynamically compute a maximum value based on the available ulimits in the running container. Selecting -1 (i.e., auto) will result in a large value being computed (~520000 on OpenShift >=4.10 clusters) and therefore each HAProxy process will incur significant memory usage compared to the current default of 50000. 
- Setting a value that is greater than the current operating system limit will prevent the HAProxy process from starting. 
- If you choose a discrete value (e.g., 750000) and the router pod is migrated to a new node, there's no guarantee that that new node has identical ulimits configured. In such a scenario the pod would fail to start. If you have nodes with different ulimits configured (e.g., different tuned profiles) and you choose a discrete value then the guidance is to use -1 and let the value be computed dynamically at runtime. 
- You can monitor memory usage for router containers with the following metric: 'container_memory_working_set_bytes{container="router",namespace="openshift-ingress"}'. 
- You can monitor memory usage of individual HAProxy processes in router containers with the following metric: 'container_memory_working_set_bytes{container="router",namespace="openshift-ingress"}/container_processes{container="router",namespace="openshift-ingress"}'.
+| maxConnections defines the maximum number of simultaneous
+connections that can be established per HAProxy process.
+Increasing this value allows each ingress controller pod to
+handle more connections but at the cost of additional
+system resources being consumed.
+
+Permitted values are: empty, 0, -1, and the range
+2000-2000000.
+
+If this field is empty or 0, the IngressController will use
+the default value of 50000, but the default is subject to
+change in future releases.
+
+If the value is -1 then HAProxy will dynamically compute a
+maximum value based on the available ulimits in the running
+container. Selecting -1 (i.e., auto) will result in a large
+value being computed (~520000 on OpenShift >=4.10 clusters)
+and therefore each HAProxy process will incur significant
+memory usage compared to the current default of 50000.
+
+Setting a value that is greater than the current operating
+system limit will prevent the HAProxy process from
+starting.
+
+If you choose a discrete value (e.g., 750000) and the
+router pod is migrated to a new node, there's no guarantee
+that that new node has identical ulimits configured. In
+such a scenario the pod would fail to start. If you have
+nodes with different ulimits configured (e.g., different
+tuned profiles) and you choose a discrete value then the
+guidance is to use -1 and let the value be computed
+dynamically at runtime.
+
+You can monitor memory usage for router containers with the
+following metric:
+'container_memory_working_set_bytes{container="router",namespace="openshift-ingress"}'.
+
+You can monitor memory usage of individual HAProxy
+processes in router containers with the following metric:
+'container_memory_working_set_bytes{container="router",namespace="openshift-ingress"}/container_processes{container="router",namespace="openshift-ingress"}'.
 
 | `reloadInterval`
 | `string`
-| reloadInterval defines the minimum interval at which the router is allowed to reload to accept new changes. Increasing this value can prevent the accumulation of HAProxy processes, depending on the scenario. Increasing this interval can also lessen load imbalance on a backend's servers when using the roundrobin balancing algorithm. Alternatively, decreasing this value may decrease latency since updates to HAProxy's configuration can take effect more quickly. 
- The value must be a time duration value; see <https://pkg.go.dev/time#ParseDuration>. Currently, the minimum value allowed is 1s, and the maximum allowed value is 120s. Minimum and maximum allowed values may change in future versions of OpenShift. Note that if a duration outside of these bounds is provided, the value of reloadInterval will be capped/floored and not rejected (e.g. a duration of over 120s will be capped to 120s; the IngressController will not reject and replace this disallowed value with the default). 
- A zero value for reloadInterval tells the IngressController to choose the default, which is currently 5s and subject to change without notice. 
- This field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, e.g. "300ms", "1.5h" or "2h45m". Valid time units are "ns", "us" (or "µs" U+00B5 or "μs" U+03BC), "ms", "s", "m", "h". 
- Note: Setting a value significantly larger than the default of 5s can cause latency in observing updates to routes and their endpoints. HAProxy's configuration will be reloaded less frequently, and newly created routes will not be served until the subsequent reload.
+| reloadInterval defines the minimum interval at which the router is allowed to reload
+to accept new changes. Increasing this value can prevent the accumulation of
+HAProxy processes, depending on the scenario. Increasing this interval can
+also lessen load imbalance on a backend's servers when using the roundrobin
+balancing algorithm. Alternatively, decreasing this value may decrease latency
+since updates to HAProxy's configuration can take effect more quickly.
+
+The value must be a time duration value; see <https://pkg.go.dev/time#ParseDuration>.
+Currently, the minimum value allowed is 1s, and the maximum allowed value is
+120s. Minimum and maximum allowed values may change in future versions of OpenShift.
+Note that if a duration outside of these bounds is provided, the value of reloadInterval
+will be capped/floored and not rejected (e.g. a duration of over 120s will be capped to
+120s; the IngressController will not reject and replace this disallowed value with
+the default).
+
+A zero value for reloadInterval tells the IngressController to choose the default,
+which is currently 5s and subject to change without notice.
+
+This field expects an unsigned duration string of decimal numbers, each with optional
+fraction and a unit suffix, e.g. "300ms", "1.5h" or "2h45m".
+Valid time units are "ns", "us" (or "µs" U+00B5 or "μs" U+03BC), "ms", "s", "m", "h".
+
+Note: Setting a value significantly larger than the default of 5s can cause latency
+in observing updates to routes and their endpoints. HAProxy's configuration will
+be reloaded less frequently, and newly created routes will not be served until the
+subsequent reload.
 
 | `serverFinTimeout`
 | `string`
-| serverFinTimeout defines how long a connection will be held open while waiting for the server/backend response to the client closing the connection. 
- If unset, the default timeout is 1s
+| serverFinTimeout defines how long a connection will be held open while
+waiting for the server/backend response to the client closing the
+connection.
+
+If unset, the default timeout is 1s
 
 | `serverTimeout`
 | `string`
-| serverTimeout defines how long a connection will be held open while waiting for a server/backend response. 
- If unset, the default timeout is 30s
+| serverTimeout defines how long a connection will be held open while
+waiting for a server/backend response.
+
+If unset, the default timeout is 30s
 
 | `threadCount`
 | `integer`
-| threadCount defines the number of threads created per HAProxy process. Creating more threads allows each ingress controller pod to handle more connections, at the cost of more system resources being used. HAProxy currently supports up to 64 threads. If this field is empty, the IngressController will use the default value.  The current default is 4 threads, but this may change in future releases. 
- Setting this field is generally not recommended. Increasing the number of HAProxy threads allows ingress controller pods to utilize more CPU time under load, potentially starving other pods if set too high. Reducing the number of threads may cause the ingress controller to perform poorly.
+| threadCount defines the number of threads created per HAProxy process.
+Creating more threads allows each ingress controller pod to handle more
+connections, at the cost of more system resources being used. HAProxy
+currently supports up to 64 threads. If this field is empty, the
+IngressController will use the default value.  The current default is 4
+threads, but this may change in future releases.
+
+Setting this field is generally not recommended. Increasing the number
+of HAProxy threads allows ingress controller pods to utilize more CPU
+time under load, potentially starving other pods if set too high.
+Reducing the number of threads may cause the ingress controller to
+perform poorly.
 
 | `tlsInspectDelay`
 | `string`
-| tlsInspectDelay defines how long the router can hold data to find a matching route. 
- Setting this too short can cause the router to fall back to the default certificate for edge-terminated or reencrypt routes even when a better matching certificate could be used. 
- If unset, the default inspect delay is 5s
+| tlsInspectDelay defines how long the router can hold data to find a
+matching route.
+
+Setting this too short can cause the router to fall back to the default
+certificate for edge-terminated or reencrypt routes even when a better
+matching certificate could be used.
+
+If unset, the default inspect delay is 5s
 
 | `tunnelTimeout`
 | `string`
-| tunnelTimeout defines how long a tunnel connection (including websockets) will be held open while the tunnel is idle. 
- If unset, the default timeout is 1h
+| tunnelTimeout defines how long a tunnel connection (including
+websockets) will be held open while the tunnel is idle.
+
+If unset, the default timeout is 1h
 
 |===
 === .status
@@ -1802,17 +2803,43 @@ Type::
 
 | `availableReplicas`
 | `integer`
-| availableReplicas is number of observed available replicas according to the ingress controller deployment.
+| availableReplicas is number of observed available replicas according to the
+ingress controller deployment.
 
 | `conditions`
 | `array`
-| conditions is a list of conditions and their status. 
- Available means the ingress controller deployment is available and servicing route and ingress resources (i.e, .status.availableReplicas equals .spec.replicas) 
- There are additional conditions which indicate the status of other ingress controller features and capabilities. 
- * LoadBalancerManaged - True if the following conditions are met: * The endpoint publishing strategy requires a service load balancer. - False if any of those conditions are unsatisfied. 
- * LoadBalancerReady - True if the following conditions are met: * A load balancer is managed. * The load balancer is ready. - False if any of those conditions are unsatisfied. 
- * DNSManaged - True if the following conditions are met: * The endpoint publishing strategy and platform support DNS. * The ingress controller domain is set. * dns.config.openshift.io/cluster configures DNS zones. - False if any of those conditions are unsatisfied. 
- * DNSReady - True if the following conditions are met: * DNS is managed. * DNS records have been successfully created. - False if any of those conditions are unsatisfied.
+| conditions is a list of conditions and their status.
+
+Available means the ingress controller deployment is available and
+servicing route and ingress resources (i.e, .status.availableReplicas
+equals .spec.replicas)
+
+There are additional conditions which indicate the status of other
+ingress controller features and capabilities.
+
+  * LoadBalancerManaged
+  - True if the following conditions are met:
+    * The endpoint publishing strategy requires a service load balancer.
+  - False if any of those conditions are unsatisfied.
+
+  * LoadBalancerReady
+  - True if the following conditions are met:
+    * A load balancer is managed.
+    * The load balancer is ready.
+  - False if any of those conditions are unsatisfied.
+
+  * DNSManaged
+  - True if the following conditions are met:
+    * The endpoint publishing strategy and platform support DNS.
+    * The ingress controller domain is set.
+    * dns.config.openshift.io/cluster configures DNS zones.
+  - False if any of those conditions are unsatisfied.
+
+  * DNSReady
+  - True if the following conditions are met:
+    * DNS is managed.
+    * DNS records have been successfully created.
+  - False if any of those conditions are unsatisfied.
 
 | `conditions[]`
 | `object`
@@ -1840,7 +2867,9 @@ Type::
 
 | `selector`
 | `string`
-| selector is a label selector, in string format, for ingress controller pods corresponding to the IngressController. The number of matching pods should equal the value of availableReplicas.
+| selector is a label selector, in string format, for ingress controller pods
+corresponding to the IngressController. The number of matching pods should
+equal the value of availableReplicas.
 
 | `tlsProfile`
 | `object`
@@ -1851,13 +2880,38 @@ Type::
 Description::
 +
 --
-conditions is a list of conditions and their status. 
- Available means the ingress controller deployment is available and servicing route and ingress resources (i.e, .status.availableReplicas equals .spec.replicas) 
- There are additional conditions which indicate the status of other ingress controller features and capabilities. 
- * LoadBalancerManaged - True if the following conditions are met: * The endpoint publishing strategy requires a service load balancer. - False if any of those conditions are unsatisfied. 
- * LoadBalancerReady - True if the following conditions are met: * A load balancer is managed. * The load balancer is ready. - False if any of those conditions are unsatisfied. 
- * DNSManaged - True if the following conditions are met: * The endpoint publishing strategy and platform support DNS. * The ingress controller domain is set. * dns.config.openshift.io/cluster configures DNS zones. - False if any of those conditions are unsatisfied. 
- * DNSReady - True if the following conditions are met: * DNS is managed. * DNS records have been successfully created. - False if any of those conditions are unsatisfied.
+conditions is a list of conditions and their status.
+
+Available means the ingress controller deployment is available and
+servicing route and ingress resources (i.e, .status.availableReplicas
+equals .spec.replicas)
+
+There are additional conditions which indicate the status of other
+ingress controller features and capabilities.
+
+  * LoadBalancerManaged
+  - True if the following conditions are met:
+    * The endpoint publishing strategy requires a service load balancer.
+  - False if any of those conditions are unsatisfied.
+
+  * LoadBalancerReady
+  - True if the following conditions are met:
+    * A load balancer is managed.
+    * The load balancer is ready.
+  - False if any of those conditions are unsatisfied.
+
+  * DNSManaged
+  - True if the following conditions are met:
+    * The endpoint publishing strategy and platform support DNS.
+    * The ingress controller domain is set.
+    * dns.config.openshift.io/cluster configures DNS zones.
+  - False if any of those conditions are unsatisfied.
+
+  * DNSReady
+  - True if the following conditions are met:
+    * DNS is managed.
+    * DNS records have been successfully created.
+  - False if any of those conditions are unsatisfied.
 --
 
 Type::
@@ -1877,6 +2931,8 @@ Type::
   `object`
 
 Required::
+  - `lastTransitionTime`
+  - `status`
   - `type`
 
 
@@ -1887,7 +2943,8 @@ Required::
 
 | `lastTransitionTime`
 | `string`
-| 
+| lastTransitionTime is the last time the condition transitioned from one status to another.
+This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
 
 | `message`
 | `string`
@@ -1899,11 +2956,11 @@ Required::
 
 | `status`
 | `string`
-| 
+| status of the condition, one of True, False, Unknown.
 
 | `type`
 | `string`
-| 
+| type of condition in CamelCase or in foo.example.com/CamelCase.
 
 |===
 === .status.endpointPublishingStrategy
@@ -1927,45 +2984,80 @@ Required::
 
 | `hostNetwork`
 | `object`
-| hostNetwork holds parameters for the HostNetwork endpoint publishing strategy. Present only if type is HostNetwork.
+| hostNetwork holds parameters for the HostNetwork endpoint publishing
+strategy. Present only if type is HostNetwork.
 
 | `loadBalancer`
 | `object`
-| loadBalancer holds parameters for the load balancer. Present only if type is LoadBalancerService.
+| loadBalancer holds parameters for the load balancer. Present only if
+type is LoadBalancerService.
 
 | `nodePort`
 | `object`
-| nodePort holds parameters for the NodePortService endpoint publishing strategy. Present only if type is NodePortService.
+| nodePort holds parameters for the NodePortService endpoint publishing strategy.
+Present only if type is NodePortService.
 
 | `private`
 | `object`
-| private holds parameters for the Private endpoint publishing strategy. Present only if type is Private.
+| private holds parameters for the Private endpoint publishing
+strategy. Present only if type is Private.
 
 | `type`
 | `string`
-| type is the publishing strategy to use. Valid values are: 
- * LoadBalancerService 
- Publishes the ingress controller using a Kubernetes LoadBalancer Service. 
- In this configuration, the ingress controller deployment uses container networking. A LoadBalancer Service is created to publish the deployment. 
- See: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer 
- If domain is set, a wildcard DNS record will be managed to point at the LoadBalancer Service's external name. DNS records are managed only in DNS zones defined by dns.config.openshift.io/cluster .spec.publicZone and .spec.privateZone. 
- Wildcard DNS management is currently supported only on the AWS, Azure, and GCP platforms. 
- * HostNetwork 
- Publishes the ingress controller on node ports where the ingress controller is deployed. 
- In this configuration, the ingress controller deployment uses host networking, bound to node ports 80 and 443. The user is responsible for configuring an external load balancer to publish the ingress controller via the node ports. 
- * Private 
- Does not publish the ingress controller. 
- In this configuration, the ingress controller deployment uses container networking, and is not explicitly published. The user must manually publish the ingress controller. 
- * NodePortService 
- Publishes the ingress controller using a Kubernetes NodePort Service. 
- In this configuration, the ingress controller deployment uses container networking. A NodePort Service is created to publish the deployment. The specific node ports are dynamically allocated by OpenShift; however, to support static port allocations, user changes to the node port field of the managed NodePort Service will preserved.
+| type is the publishing strategy to use. Valid values are:
+
+* LoadBalancerService
+
+Publishes the ingress controller using a Kubernetes LoadBalancer Service.
+
+In this configuration, the ingress controller deployment uses container
+networking. A LoadBalancer Service is created to publish the deployment.
+
+See: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer
+
+If domain is set, a wildcard DNS record will be managed to point at the
+LoadBalancer Service's external name. DNS records are managed only in DNS
+zones defined by dns.config.openshift.io/cluster .spec.publicZone and
+.spec.privateZone.
+
+Wildcard DNS management is currently supported only on the AWS, Azure,
+and GCP platforms.
+
+* HostNetwork
+
+Publishes the ingress controller on node ports where the ingress controller
+is deployed.
+
+In this configuration, the ingress controller deployment uses host
+networking, bound to node ports 80 and 443. The user is responsible for
+configuring an external load balancer to publish the ingress controller via
+the node ports.
+
+* Private
+
+Does not publish the ingress controller.
+
+In this configuration, the ingress controller deployment uses container
+networking, and is not explicitly published. The user must manually publish
+the ingress controller.
+
+* NodePortService
+
+Publishes the ingress controller using a Kubernetes NodePort Service.
+
+In this configuration, the ingress controller deployment uses container
+networking. A NodePort Service is created to publish the deployment. The
+specific node ports are dynamically allocated by OpenShift; however, to
+support static port allocations, user changes to the node port
+field of the managed NodePort Service will preserved.
 
 |===
 === .status.endpointPublishingStrategy.hostNetwork
 Description::
 +
 --
-hostNetwork holds parameters for the HostNetwork endpoint publishing strategy. Present only if type is HostNetwork.
+hostNetwork holds parameters for the HostNetwork endpoint publishing
+strategy. Present only if type is HostNetwork.
 --
 
 Type::
@@ -1980,30 +3072,69 @@ Type::
 
 | `httpPort`
 | `integer`
-| httpPort is the port on the host which should be used to listen for HTTP requests. This field should be set when port 80 is already in use. The value should not coincide with the NodePort range of the cluster. When the value is 0 or is not specified it defaults to 80.
+| httpPort is the port on the host which should be used to listen for
+HTTP requests. This field should be set when port 80 is already in use.
+The value should not coincide with the NodePort range of the cluster.
+When the value is 0 or is not specified it defaults to 80.
 
 | `httpsPort`
 | `integer`
-| httpsPort is the port on the host which should be used to listen for HTTPS requests. This field should be set when port 443 is already in use. The value should not coincide with the NodePort range of the cluster. When the value is 0 or is not specified it defaults to 443.
+| httpsPort is the port on the host which should be used to listen for
+HTTPS requests. This field should be set when port 443 is already in use.
+The value should not coincide with the NodePort range of the cluster.
+When the value is 0 or is not specified it defaults to 443.
 
 | `protocol`
 | `string`
-| protocol specifies whether the IngressController expects incoming connections to use plain TCP or whether the IngressController expects PROXY protocol. 
- PROXY protocol can be used with load balancers that support it to communicate the source addresses of client connections when forwarding those connections to the IngressController.  Using PROXY protocol enables the IngressController to report those source addresses instead of reporting the load balancer's address in HTTP headers and logs.  Note that enabling PROXY protocol on the IngressController will cause connections to fail if you are not using a load balancer that uses PROXY protocol to forward connections to the IngressController.  See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for information about PROXY protocol. 
- The following values are valid for this field: 
- * The empty string. * "TCP". * "PROXY". 
- The empty string specifies the default, which is TCP without PROXY protocol.  Note that the default is subject to change.
+| protocol specifies whether the IngressController expects incoming
+connections to use plain TCP or whether the IngressController expects
+PROXY protocol.
+
+PROXY protocol can be used with load balancers that support it to
+communicate the source addresses of client connections when
+forwarding those connections to the IngressController.  Using PROXY
+protocol enables the IngressController to report those source
+addresses instead of reporting the load balancer's address in HTTP
+headers and logs.  Note that enabling PROXY protocol on the
+IngressController will cause connections to fail if you are not using
+a load balancer that uses PROXY protocol to forward connections to
+the IngressController.  See
+http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for
+information about PROXY protocol.
+
+The following values are valid for this field:
+
+* The empty string.
+* "TCP".
+* "PROXY".
+
+The empty string specifies the default, which is TCP without PROXY
+protocol.  Note that the default is subject to change.
 
 | `statsPort`
 | `integer`
-| statsPort is the port on the host where the stats from the router are published. The value should not coincide with the NodePort range of the cluster. If an external load balancer is configured to forward connections to this IngressController, the load balancer should use this port for health checks. The load balancer can send HTTP probes on this port on a given node, with the path /healthz/ready to determine if the ingress controller is ready to receive traffic on the node. For proper operation the load balancer must not forward traffic to a node until the health check reports ready. The load balancer should also stop forwarding requests within a maximum of 45 seconds after /healthz/ready starts reporting not-ready. Probing every 5 to 10 seconds, with a 5-second timeout and with a threshold of two successful or failed requests to become healthy or unhealthy respectively, are well-tested values. When the value is 0 or is not specified it defaults to 1936.
+| statsPort is the port on the host where the stats from the router are
+published. The value should not coincide with the NodePort range of the
+cluster. If an external load balancer is configured to forward connections
+to this IngressController, the load balancer should use this port for
+health checks. The load balancer can send HTTP probes on this port on a
+given node, with the path /healthz/ready to determine if the ingress
+controller is ready to receive traffic on the node. For proper operation
+the load balancer must not forward traffic to a node until the health
+check reports ready. The load balancer should also stop forwarding requests
+within a maximum of 45 seconds after /healthz/ready starts reporting
+not-ready. Probing every 5 to 10 seconds, with a 5-second timeout and with
+a threshold of two successful or failed requests to become healthy or
+unhealthy respectively, are well-tested values. When the value is 0 or
+is not specified it defaults to 1936.
 
 |===
 === .status.endpointPublishingStrategy.loadBalancer
 Description::
 +
 --
-loadBalancer holds parameters for the load balancer. Present only if type is LoadBalancerService.
+loadBalancer holds parameters for the load balancer. Present only if
+type is LoadBalancerService.
 --
 
 Type::
@@ -2021,29 +3152,49 @@ Required::
 
 | `allowedSourceRanges`
 | ``
-| allowedSourceRanges specifies an allowlist of IP address ranges to which access to the load balancer should be restricted.  Each range must be specified using CIDR notation (e.g. "10.0.0.0/8" or "fd00::/8"). If no range is specified, "0.0.0.0/0" for IPv4 and "::/0" for IPv6 are used by default, which allows all source addresses. 
- To facilitate migration from earlier versions of OpenShift that did not have the allowedSourceRanges field, you may set the service.beta.kubernetes.io/load-balancer-source-ranges annotation on the "router-<ingresscontroller name>" service in the "openshift-ingress" namespace, and this annotation will take effect if allowedSourceRanges is empty on OpenShift 4.12.
+| allowedSourceRanges specifies an allowlist of IP address ranges to which
+access to the load balancer should be restricted.  Each range must be
+specified using CIDR notation (e.g. "10.0.0.0/8" or "fd00::/8"). If no range is
+specified, "0.0.0.0/0" for IPv4 and "::/0" for IPv6 are used by default,
+which allows all source addresses.
+
+To facilitate migration from earlier versions of OpenShift that did
+not have the allowedSourceRanges field, you may set the
+service.beta.kubernetes.io/load-balancer-source-ranges annotation on
+the "router-<ingresscontroller name>" service in the
+"openshift-ingress" namespace, and this annotation will take
+effect if allowedSourceRanges is empty on OpenShift 4.12.
 
 | `dnsManagementPolicy`
 | `string`
-| dnsManagementPolicy indicates if the lifecycle of the wildcard DNS record associated with the load balancer service will be managed by the ingress operator. It defaults to Managed. Valid values are: Managed and Unmanaged.
+| dnsManagementPolicy indicates if the lifecycle of the wildcard DNS record
+associated with the load balancer service will be managed by
+the ingress operator. It defaults to Managed.
+Valid values are: Managed and Unmanaged.
 
 | `providerParameters`
 | `object`
-| providerParameters holds desired load balancer information specific to the underlying infrastructure provider. 
- If empty, defaults will be applied. See specific providerParameters fields for details about their defaults.
+| providerParameters holds desired load balancer information specific to
+the underlying infrastructure provider.
+
+If empty, defaults will be applied. See specific providerParameters
+fields for details about their defaults.
 
 | `scope`
 | `string`
-| scope indicates the scope at which the load balancer is exposed. Possible values are "External" and "Internal".
+| scope indicates the scope at which the load balancer is exposed.
+Possible values are "External" and "Internal".
 
 |===
 === .status.endpointPublishingStrategy.loadBalancer.providerParameters
 Description::
 +
 --
-providerParameters holds desired load balancer information specific to the underlying infrastructure provider. 
- If empty, defaults will be applied. See specific providerParameters fields for details about their defaults.
+providerParameters holds desired load balancer information specific to
+the underlying infrastructure provider.
+
+If empty, defaults will be applied. See specific providerParameters
+fields for details about their defaults.
 --
 
 Type::
@@ -2060,30 +3211,52 @@ Required::
 
 | `aws`
 | `object`
-| aws provides configuration settings that are specific to AWS load balancers. 
- If empty, defaults will be applied. See specific aws fields for details about their defaults.
+| aws provides configuration settings that are specific to AWS
+load balancers.
+
+If empty, defaults will be applied. See specific aws fields for
+details about their defaults.
 
 | `gcp`
 | `object`
-| gcp provides configuration settings that are specific to GCP load balancers. 
- If empty, defaults will be applied. See specific gcp fields for details about their defaults.
+| gcp provides configuration settings that are specific to GCP
+load balancers.
+
+If empty, defaults will be applied. See specific gcp fields for
+details about their defaults.
 
 | `ibm`
 | `object`
-| ibm provides configuration settings that are specific to IBM Cloud load balancers. 
- If empty, defaults will be applied. See specific ibm fields for details about their defaults.
+| ibm provides configuration settings that are specific to IBM Cloud
+load balancers.
+
+If empty, defaults will be applied. See specific ibm fields for
+details about their defaults.
+
+| `openstack`
+| `object`
+| openstack provides configuration settings that are specific to OpenStack
+load balancers.
+
+If empty, defaults will be applied. See specific openstack fields for
+details about their defaults.
 
 | `type`
 | `string`
-| type is the underlying infrastructure provider for the load balancer. Allowed values are "AWS", "Azure", "BareMetal", "GCP", "IBM", "Nutanix", "OpenStack", and "VSphere".
+| type is the underlying infrastructure provider for the load balancer.
+Allowed values are "AWS", "Azure", "BareMetal", "GCP", "IBM", "Nutanix",
+"OpenStack", and "VSphere".
 
 |===
 === .status.endpointPublishingStrategy.loadBalancer.providerParameters.aws
 Description::
 +
 --
-aws provides configuration settings that are specific to AWS load balancers. 
- If empty, defaults will be applied. See specific aws fields for details about their defaults.
+aws provides configuration settings that are specific to AWS
+load balancers.
+
+If empty, defaults will be applied. See specific aws fields for
+details about their defaults.
 --
 
 Type::
@@ -2100,27 +3273,38 @@ Required::
 
 | `classicLoadBalancer`
 | `object`
-| classicLoadBalancerParameters holds configuration parameters for an AWS classic load balancer. Present only if type is Classic.
+| classicLoadBalancerParameters holds configuration parameters for an AWS
+classic load balancer. Present only if type is Classic.
 
 | `networkLoadBalancer`
 | `object`
-| networkLoadBalancerParameters holds configuration parameters for an AWS network load balancer. Present only if type is NLB.
+| networkLoadBalancerParameters holds configuration parameters for an AWS
+network load balancer. Present only if type is NLB.
 
 | `type`
 | `string`
-| type is the type of AWS load balancer to instantiate for an ingresscontroller. 
- Valid values are: 
- * "Classic": A Classic Load Balancer that makes routing decisions at either the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). See the following for additional details: 
- https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb 
- * "NLB": A Network Load Balancer that makes routing decisions at the transport layer (TCP/SSL). See the following for additional details: 
- https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb
+| type is the type of AWS load balancer to instantiate for an ingresscontroller.
+
+Valid values are:
+
+* "Classic": A Classic Load Balancer that makes routing decisions at either
+  the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). See
+  the following for additional details:
+
+    https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb
+
+* "NLB": A Network Load Balancer that makes routing decisions at the
+  transport layer (TCP/SSL). See the following for additional details:
+
+    https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb
 
 |===
 === .status.endpointPublishingStrategy.loadBalancer.providerParameters.aws.classicLoadBalancer
 Description::
 +
 --
-classicLoadBalancerParameters holds configuration parameters for an AWS classic load balancer. Present only if type is Classic.
+classicLoadBalancerParameters holds configuration parameters for an AWS
+classic load balancer. Present only if type is Classic.
 --
 
 Type::
@@ -2135,22 +3319,45 @@ Type::
 
 | `connectionIdleTimeout`
 | `string`
-| connectionIdleTimeout specifies the maximum time period that a connection may be idle before the load balancer closes the connection.  The value must be parseable as a time duration value; see <https://pkg.go.dev/time#ParseDuration>.  A nil or zero value means no opinion, in which case a default value is used.  The default value for this field is 60s.  This default is subject to change.
+| connectionIdleTimeout specifies the maximum time period that a
+connection may be idle before the load balancer closes the
+connection.  The value must be parseable as a time duration value;
+see <https://pkg.go.dev/time#ParseDuration>.  A nil or zero value
+means no opinion, in which case a default value is used.  The default
+value for this field is 60s.  This default is subject to change.
 
 | `subnets`
 | `object`
-| subnets specifies the subnets to which the load balancer will attach. The subnets may be specified by either their ID or name. The total number of subnets is limited to 10. 
- In order for the load balancer to be provisioned with subnets, each subnet must exist, each subnet must be from a different availability zone, and the load balancer service must be recreated to pick up new values. 
- When omitted from the spec, the subnets will be auto-discovered for each availability zone. Auto-discovered subnets are not reported in the status of the IngressController object.
+| subnets specifies the subnets to which the load balancer will
+attach. The subnets may be specified by either their
+ID or name. The total number of subnets is limited to 10.
+
+In order for the load balancer to be provisioned with subnets,
+each subnet must exist, each subnet must be from a different
+availability zone, and the load balancer service must be
+recreated to pick up new values.
+
+When omitted from the spec, the subnets will be auto-discovered
+for each availability zone. Auto-discovered subnets are not reported
+in the status of the IngressController object.
 
 |===
 === .status.endpointPublishingStrategy.loadBalancer.providerParameters.aws.classicLoadBalancer.subnets
 Description::
 +
 --
-subnets specifies the subnets to which the load balancer will attach. The subnets may be specified by either their ID or name. The total number of subnets is limited to 10. 
- In order for the load balancer to be provisioned with subnets, each subnet must exist, each subnet must be from a different availability zone, and the load balancer service must be recreated to pick up new values. 
- When omitted from the spec, the subnets will be auto-discovered for each availability zone. Auto-discovered subnets are not reported in the status of the IngressController object.
+subnets specifies the subnets to which the load balancer will
+attach. The subnets may be specified by either their
+ID or name. The total number of subnets is limited to 10.
+
+In order for the load balancer to be provisioned with subnets,
+each subnet must exist, each subnet must be from a different
+availability zone, and the load balancer service must be
+recreated to pick up new values.
+
+When omitted from the spec, the subnets will be auto-discovered
+for each availability zone. Auto-discovered subnets are not reported
+in the status of the IngressController object.
 --
 
 Type::
@@ -2165,18 +3372,28 @@ Type::
 
 | `ids`
 | `array (string)`
-| ids specifies a list of AWS subnets by subnet ID. Subnet IDs must start with "subnet-", consist only of alphanumeric characters, must be exactly 24 characters long, must be unique, and the total number of subnets specified by ids and names must not exceed 10.
+| ids specifies a list of AWS subnets by subnet ID.
+Subnet IDs must start with "subnet-", consist only
+of alphanumeric characters, must be exactly 24
+characters long, must be unique, and the total
+number of subnets specified by ids and names
+must not exceed 10.
 
 | `names`
 | `array (string)`
-| names specifies a list of AWS subnets by subnet name. Subnet names must not start with "subnet-", must not include commas, must be under 256 characters in length, must be unique, and the total number of subnets specified by ids and names must not exceed 10.
+| names specifies a list of AWS subnets by subnet name.
+Subnet names must not start with "subnet-", must not
+include commas, must be under 256 characters in length,
+must be unique, and the total number of subnets
+specified by ids and names must not exceed 10.
 
 |===
 === .status.endpointPublishingStrategy.loadBalancer.providerParameters.aws.networkLoadBalancer
 Description::
 +
 --
-networkLoadBalancerParameters holds configuration parameters for an AWS network load balancer. Present only if type is NLB.
+networkLoadBalancerParameters holds configuration parameters for an AWS
+network load balancer. Present only if type is NLB.
 --
 
 Type::
@@ -2191,24 +3408,51 @@ Type::
 
 | `eipAllocations`
 | `array (string)`
-| eipAllocations is a list of IDs for Elastic IP (EIP) addresses that are assigned to the Network Load Balancer. The following restrictions apply: 
- eipAllocations can only be used with external scope, not internal. An EIP can be allocated to only a single IngressController. The number of EIP allocations must match the number of subnets that are used for the load balancer. Each EIP allocation must be unique. A maximum of 10 EIP allocations are permitted. 
- See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html for general information about configuration, characteristics, and limitations of Elastic IP addresses.
+| eipAllocations is a list of IDs for Elastic IP (EIP) addresses that
+are assigned to the Network Load Balancer.
+The following restrictions apply:
+
+eipAllocations can only be used with external scope, not internal.
+An EIP can be allocated to only a single IngressController.
+The number of EIP allocations must match the number of subnets that are used for the load balancer.
+Each EIP allocation must be unique.
+A maximum of 10 EIP allocations are permitted.
+
+See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html for general
+information about configuration, characteristics, and limitations of Elastic IP addresses.
 
 | `subnets`
 | `object`
-| subnets specifies the subnets to which the load balancer will attach. The subnets may be specified by either their ID or name. The total number of subnets is limited to 10. 
- In order for the load balancer to be provisioned with subnets, each subnet must exist, each subnet must be from a different availability zone, and the load balancer service must be recreated to pick up new values. 
- When omitted from the spec, the subnets will be auto-discovered for each availability zone. Auto-discovered subnets are not reported in the status of the IngressController object.
+| subnets specifies the subnets to which the load balancer will
+attach. The subnets may be specified by either their
+ID or name. The total number of subnets is limited to 10.
+
+In order for the load balancer to be provisioned with subnets,
+each subnet must exist, each subnet must be from a different
+availability zone, and the load balancer service must be
+recreated to pick up new values.
+
+When omitted from the spec, the subnets will be auto-discovered
+for each availability zone. Auto-discovered subnets are not reported
+in the status of the IngressController object.
 
 |===
 === .status.endpointPublishingStrategy.loadBalancer.providerParameters.aws.networkLoadBalancer.subnets
 Description::
 +
 --
-subnets specifies the subnets to which the load balancer will attach. The subnets may be specified by either their ID or name. The total number of subnets is limited to 10. 
- In order for the load balancer to be provisioned with subnets, each subnet must exist, each subnet must be from a different availability zone, and the load balancer service must be recreated to pick up new values. 
- When omitted from the spec, the subnets will be auto-discovered for each availability zone. Auto-discovered subnets are not reported in the status of the IngressController object.
+subnets specifies the subnets to which the load balancer will
+attach. The subnets may be specified by either their
+ID or name. The total number of subnets is limited to 10.
+
+In order for the load balancer to be provisioned with subnets,
+each subnet must exist, each subnet must be from a different
+availability zone, and the load balancer service must be
+recreated to pick up new values.
+
+When omitted from the spec, the subnets will be auto-discovered
+for each availability zone. Auto-discovered subnets are not reported
+in the status of the IngressController object.
 --
 
 Type::
@@ -2223,19 +3467,31 @@ Type::
 
 | `ids`
 | `array (string)`
-| ids specifies a list of AWS subnets by subnet ID. Subnet IDs must start with "subnet-", consist only of alphanumeric characters, must be exactly 24 characters long, must be unique, and the total number of subnets specified by ids and names must not exceed 10.
+| ids specifies a list of AWS subnets by subnet ID.
+Subnet IDs must start with "subnet-", consist only
+of alphanumeric characters, must be exactly 24
+characters long, must be unique, and the total
+number of subnets specified by ids and names
+must not exceed 10.
 
 | `names`
 | `array (string)`
-| names specifies a list of AWS subnets by subnet name. Subnet names must not start with "subnet-", must not include commas, must be under 256 characters in length, must be unique, and the total number of subnets specified by ids and names must not exceed 10.
+| names specifies a list of AWS subnets by subnet name.
+Subnet names must not start with "subnet-", must not
+include commas, must be under 256 characters in length,
+must be unique, and the total number of subnets
+specified by ids and names must not exceed 10.
 
 |===
 === .status.endpointPublishingStrategy.loadBalancer.providerParameters.gcp
 Description::
 +
 --
-gcp provides configuration settings that are specific to GCP load balancers. 
- If empty, defaults will be applied. See specific gcp fields for details about their defaults.
+gcp provides configuration settings that are specific to GCP
+load balancers.
+
+If empty, defaults will be applied. See specific gcp fields for
+details about their defaults.
 --
 
 Type::
@@ -2250,19 +3506,32 @@ Type::
 
 | `clientAccess`
 | `string`
-| clientAccess describes how client access is restricted for internal load balancers. 
- Valid values are: * "Global": Specifying an internal load balancer with Global client access allows clients from any region within the VPC to communicate with the load balancer. 
- https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing#global_access 
- * "Local": Specifying an internal load balancer with Local client access means only clients within the same region (and VPC) as the GCP load balancer can communicate with the load balancer. Note that this is the default behavior. 
- https://cloud.google.com/load-balancing/docs/internal#client_access
+| clientAccess describes how client access is restricted for internal
+load balancers.
+
+Valid values are:
+* "Global": Specifying an internal load balancer with Global client access
+  allows clients from any region within the VPC to communicate with the load
+  balancer.
+
+    https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing#global_access
+
+* "Local": Specifying an internal load balancer with Local client access
+  means only clients within the same region (and VPC) as the GCP load balancer
+  can communicate with the load balancer. Note that this is the default behavior.
+
+    https://cloud.google.com/load-balancing/docs/internal#client_access
 
 |===
 === .status.endpointPublishingStrategy.loadBalancer.providerParameters.ibm
 Description::
 +
 --
-ibm provides configuration settings that are specific to IBM Cloud load balancers. 
- If empty, defaults will be applied. See specific ibm fields for details about their defaults.
+ibm provides configuration settings that are specific to IBM Cloud
+load balancers.
+
+If empty, defaults will be applied. See specific ibm fields for
+details about their defaults.
 --
 
 Type::
@@ -2277,16 +3546,66 @@ Type::
 
 | `protocol`
 | `string`
-| protocol specifies whether the load balancer uses PROXY protocol to forward connections to the IngressController. See "service.kubernetes.io/ibm-load-balancer-cloud-provider-enable-features: "proxy-protocol"" at https://cloud.ibm.com/docs/containers?topic=containers-vpc-lbaas" 
- PROXY protocol can be used with load balancers that support it to communicate the source addresses of client connections when forwarding those connections to the IngressController.  Using PROXY protocol enables the IngressController to report those source addresses instead of reporting the load balancer's address in HTTP headers and logs.  Note that enabling PROXY protocol on the IngressController will cause connections to fail if you are not using a load balancer that uses PROXY protocol to forward connections to the IngressController.  See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for information about PROXY protocol. 
- Valid values for protocol are TCP, PROXY and omitted. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is TCP, without the proxy protocol enabled.
+| protocol specifies whether the load balancer uses PROXY protocol to forward connections to
+the IngressController. See "service.kubernetes.io/ibm-load-balancer-cloud-provider-enable-features:
+"proxy-protocol"" at https://cloud.ibm.com/docs/containers?topic=containers-vpc-lbaas"
+
+PROXY protocol can be used with load balancers that support it to
+communicate the source addresses of client connections when
+forwarding those connections to the IngressController.  Using PROXY
+protocol enables the IngressController to report those source
+addresses instead of reporting the load balancer's address in HTTP
+headers and logs.  Note that enabling PROXY protocol on the
+IngressController will cause connections to fail if you are not using
+a load balancer that uses PROXY protocol to forward connections to
+the IngressController.  See
+http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for
+information about PROXY protocol.
+
+Valid values for protocol are TCP, PROXY and omitted.
+When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.
+The current default is TCP, without the proxy protocol enabled.
+
+|===
+=== .status.endpointPublishingStrategy.loadBalancer.providerParameters.openstack
+Description::
++
+--
+openstack provides configuration settings that are specific to OpenStack
+load balancers.
+
+If empty, defaults will be applied. See specific openstack fields for
+details about their defaults.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `floatingIP`
+| `string`
+| floatingIP specifies the IP address that the load balancer will use.
+When not specified, an IP address will be assigned randomly by the OpenStack cloud provider.
+When specified, the floating IP has to be pre-created.  If the
+specified value is not a floating IP or is already claimed, the
+OpenStack cloud provider won't be able to provision the load
+balancer.
+This field may only be used if the IngressController has External scope.
+This value must be a valid IPv4 or IPv6 address.
 
 |===
 === .status.endpointPublishingStrategy.nodePort
 Description::
 +
 --
-nodePort holds parameters for the NodePortService endpoint publishing strategy. Present only if type is NodePortService.
+nodePort holds parameters for the NodePortService endpoint publishing strategy.
+Present only if type is NodePortService.
 --
 
 Type::
@@ -2301,18 +3620,38 @@ Type::
 
 | `protocol`
 | `string`
-| protocol specifies whether the IngressController expects incoming connections to use plain TCP or whether the IngressController expects PROXY protocol. 
- PROXY protocol can be used with load balancers that support it to communicate the source addresses of client connections when forwarding those connections to the IngressController.  Using PROXY protocol enables the IngressController to report those source addresses instead of reporting the load balancer's address in HTTP headers and logs.  Note that enabling PROXY protocol on the IngressController will cause connections to fail if you are not using a load balancer that uses PROXY protocol to forward connections to the IngressController.  See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for information about PROXY protocol. 
- The following values are valid for this field: 
- * The empty string. * "TCP". * "PROXY". 
- The empty string specifies the default, which is TCP without PROXY protocol.  Note that the default is subject to change.
+| protocol specifies whether the IngressController expects incoming
+connections to use plain TCP or whether the IngressController expects
+PROXY protocol.
+
+PROXY protocol can be used with load balancers that support it to
+communicate the source addresses of client connections when
+forwarding those connections to the IngressController.  Using PROXY
+protocol enables the IngressController to report those source
+addresses instead of reporting the load balancer's address in HTTP
+headers and logs.  Note that enabling PROXY protocol on the
+IngressController will cause connections to fail if you are not using
+a load balancer that uses PROXY protocol to forward connections to
+the IngressController.  See
+http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for
+information about PROXY protocol.
+
+The following values are valid for this field:
+
+* The empty string.
+* "TCP".
+* "PROXY".
+
+The empty string specifies the default, which is TCP without PROXY
+protocol.  Note that the default is subject to change.
 
 |===
 === .status.endpointPublishingStrategy.private
 Description::
 +
 --
-private holds parameters for the Private endpoint publishing strategy. Present only if type is Private.
+private holds parameters for the Private endpoint publishing
+strategy. Present only if type is Private.
 --
 
 Type::
@@ -2327,11 +3666,30 @@ Type::
 
 | `protocol`
 | `string`
-| protocol specifies whether the IngressController expects incoming connections to use plain TCP or whether the IngressController expects PROXY protocol. 
- PROXY protocol can be used with load balancers that support it to communicate the source addresses of client connections when forwarding those connections to the IngressController.  Using PROXY protocol enables the IngressController to report those source addresses instead of reporting the load balancer's address in HTTP headers and logs.  Note that enabling PROXY protocol on the IngressController will cause connections to fail if you are not using a load balancer that uses PROXY protocol to forward connections to the IngressController.  See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for information about PROXY protocol. 
- The following values are valid for this field: 
- * The empty string. * "TCP". * "PROXY". 
- The empty string specifies the default, which is TCP without PROXY protocol.  Note that the default is subject to change.
+| protocol specifies whether the IngressController expects incoming
+connections to use plain TCP or whether the IngressController expects
+PROXY protocol.
+
+PROXY protocol can be used with load balancers that support it to
+communicate the source addresses of client connections when
+forwarding those connections to the IngressController.  Using PROXY
+protocol enables the IngressController to report those source
+addresses instead of reporting the load balancer's address in HTTP
+headers and logs.  Note that enabling PROXY protocol on the
+IngressController will cause connections to fail if you are not using
+a load balancer that uses PROXY protocol to forward connections to
+the IngressController.  See
+http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for
+information about PROXY protocol.
+
+The following values are valid for this field:
+
+* The empty string.
+* "TCP".
+* "PROXY".
+
+The empty string specifies the default, which is TCP without PROXY
+protocol.  Note that the default is subject to change.
 
 |===
 === .status.namespaceSelector
@@ -2357,11 +3715,14 @@ Type::
 
 | `matchExpressions[]`
 | `object`
-| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+| A label selector requirement is a selector that contains values, a key, and an operator that
+relates the key and values.
 
 | `matchLabels`
 | `object (string)`
-| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+map is equivalent to an element of matchExpressions, whose key field is "key", the
+operator is "In", and the values array contains only "value". The requirements are ANDed.
 
 |===
 === .status.namespaceSelector.matchExpressions
@@ -2381,7 +3742,8 @@ Type::
 Description::
 +
 --
-A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+A label selector requirement is a selector that contains values, a key, and an operator that
+relates the key and values.
 --
 
 Type::
@@ -2403,11 +3765,15 @@ Required::
 
 | `operator`
 | `string`
-| operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+| operator represents a key's relationship to a set of values.
+Valid operators are In, NotIn, Exists and DoesNotExist.
 
 | `values`
 | `array (string)`
-| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+| values is an array of string values. If the operator is In or NotIn,
+the values array must be non-empty. If the operator is Exists or DoesNotExist,
+the values array must be empty. This array is replaced during a strategic
+merge patch.
 
 |===
 === .status.routeSelector
@@ -2433,11 +3799,14 @@ Type::
 
 | `matchExpressions[]`
 | `object`
-| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+| A label selector requirement is a selector that contains values, a key, and an operator that
+relates the key and values.
 
 | `matchLabels`
 | `object (string)`
-| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+map is equivalent to an element of matchExpressions, whose key field is "key", the
+operator is "In", and the values array contains only "value". The requirements are ANDed.
 
 |===
 === .status.routeSelector.matchExpressions
@@ -2457,7 +3826,8 @@ Type::
 Description::
 +
 --
-A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+A label selector requirement is a selector that contains values, a key, and an operator that
+relates the key and values.
 --
 
 Type::
@@ -2479,11 +3849,15 @@ Required::
 
 | `operator`
 | `string`
-| operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+| operator represents a key's relationship to a set of values.
+Valid operators are In, NotIn, Exists and DoesNotExist.
 
 | `values`
 | `array (string)`
-| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+| values is an array of string values. If the operator is In or NotIn,
+the values array must be non-empty. If the operator is Exists or DoesNotExist,
+the values array must be empty. This array is replaced during a strategic
+merge patch.
 
 |===
 === .status.tlsProfile
@@ -2505,14 +3879,22 @@ Type::
 
 | `ciphers`
 | `array (string)`
-| ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake.  Operators may remove entries their operands do not support.  For example, to use DES-CBC3-SHA  (yaml): 
- ciphers: - DES-CBC3-SHA
+| ciphers is used to specify the cipher algorithms that are negotiated
+during the TLS handshake.  Operators may remove entries their operands
+do not support.  For example, to use DES-CBC3-SHA  (yaml):
+
+  ciphers:
+    - DES-CBC3-SHA
 
 | `minTLSVersion`
 | `string`
-| minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml): 
- minTLSVersion: VersionTLS11 
- NOTE: currently the highest minTLSVersion allowed is VersionTLS12
+| minTLSVersion is used to specify the minimal version of the TLS protocol
+that is negotiated during the TLS handshake. For example, to use TLS
+versions 1.1, 1.2 and 1.3 (yaml):
+
+  minTLSVersion: VersionTLS11
+
+NOTE: currently the highest minTLSVersion allowed is VersionTLS12
 
 |===
 
diff --git a/rest_api/operator_apis/kubeapiserver-operator-openshift-io-v1.adoc b/rest_api/operator_apis/kubeapiserver-operator-openshift-io-v1.adoc
index cb27639419..159a9bde68 100644
--- a/rest_api/operator_apis/kubeapiserver-operator-openshift-io-v1.adoc
+++ b/rest_api/operator_apis/kubeapiserver-operator-openshift-io-v1.adoc
@@ -11,8 +11,9 @@ toc::[]
 Description::
 +
 --
-KubeAPIServer provides information to configure an operator to manage kube-apiserver. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+KubeAPIServer provides information to configure an operator to manage kube-apiserver.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -68,16 +69,22 @@ Type::
 
 | `failedRevisionLimit`
 | `integer`
-| failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)
+| failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api
+-1 = unlimited, 0 or unset = 5 (default)
 
 | `forceRedeploymentReason`
 | `string`
-| forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work this time instead of failing again on the same config.
+| forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string.
+This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work
+this time instead of failing again on the same config.
 
 | `logLevel`
 | `string`
-| logLevel is an intent based logging for an overall component.  It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. 
- Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".
+| logLevel is an intent based logging for an overall component.  It does not give fine grained control, but it is a
+simple way to manage coarse grained logging choices that operators have to interpret for their operands.
+
+Valid values are: "Normal", "Debug", "Trace", "TraceAll".
+Defaults to "Normal".
 
 | `managementState`
 | `string`
@@ -85,20 +92,29 @@ Type::
 
 | `observedConfig`
 | ``
-| observedConfig holds a sparse config that controller has observed from the cluster state.  It exists in spec because it is an input to the level for the operator
+| observedConfig holds a sparse config that controller has observed from the cluster state.  It exists in spec because
+it is an input to the level for the operator
 
 | `operatorLogLevel`
 | `string`
-| operatorLogLevel is an intent based logging for the operator itself.  It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. 
- Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".
+| operatorLogLevel is an intent based logging for the operator itself.  It does not give fine grained control, but it is a
+simple way to manage coarse grained logging choices that operators have to interpret for themselves.
+
+Valid values are: "Normal", "Debug", "Trace", "TraceAll".
+Defaults to "Normal".
 
 | `succeededRevisionLimit`
 | `integer`
-| succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)
+| succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api
+-1 = unlimited, 0 or unset = 5 (default)
 
 | `unsupportedConfigOverrides`
 | ``
-| unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
+| unsupportedConfigOverrides overrides the final configuration that was computed by the operator.
+Red Hat does not support the use of this field.
+Misuse of this field could lead to unexpected behavior or conflict with other configuration options.
+Seek guidance from the Red Hat support before using this field.
+Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
 
 |===
 === .status
@@ -160,7 +176,11 @@ Type::
 
 | `serviceAccountIssuers`
 | `array`
-| serviceAccountIssuers tracks history of used service account issuers. The item without expiration time represents the currently used service account issuer. The other items represents service account issuers that were used previously and are still being trusted. The default expiration for the items is set by the platform and it defaults to 24h. see: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection
+| serviceAccountIssuers tracks history of used service account issuers.
+The item without expiration time represents the currently used service account issuer.
+The other items represents service account issuers that were used previously and are still being trusted.
+The default expiration for the items is set by the platform and it defaults to 24h.
+see: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection
 
 | `serviceAccountIssuers[]`
 | `object`
@@ -195,6 +215,8 @@ Type::
   `object`
 
 Required::
+  - `lastTransitionTime`
+  - `status`
   - `type`
 
 
@@ -205,7 +227,8 @@ Required::
 
 | `lastTransitionTime`
 | `string`
-| 
+| lastTransitionTime is the last time the condition transitioned from one status to another.
+This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
 
 | `message`
 | `string`
@@ -217,11 +240,11 @@ Required::
 
 | `status`
 | `string`
-| 
+| status of the condition, one of True, False, Unknown.
 
 | `type`
 | `string`
-| 
+| type of condition in CamelCase or in foo.example.com/CamelCase.
 
 |===
 === .status.generations
@@ -247,6 +270,11 @@ GenerationStatus keeps track of the generation for a given resource so that deci
 Type::
   `object`
 
+Required::
+  - `group`
+  - `name`
+  - `namespace`
+  - `resource`
 
 
 
@@ -352,7 +380,11 @@ Required::
 Description::
 +
 --
-serviceAccountIssuers tracks history of used service account issuers. The item without expiration time represents the currently used service account issuer. The other items represents service account issuers that were used previously and are still being trusted. The default expiration for the items is set by the platform and it defaults to 24h. see: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection
+serviceAccountIssuers tracks history of used service account issuers.
+The item without expiration time represents the currently used service account issuer.
+The other items represents service account issuers that were used previously and are still being trusted.
+The default expiration for the items is set by the platform and it defaults to 24h.
+see: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection
 --
 
 Type::
@@ -380,11 +412,12 @@ Type::
 
 | `expirationTime`
 | `string`
-| expirationTime is the time after which this service account issuer will be pruned and removed from the trusted list of service account issuers.
+| expirationTime is the time after which this service account issuer will be pruned and removed from the trusted list
+of service account issuers.
 
 | `name`
 | `string`
-| name is the name of the service account issuer ---
+| name is the name of the service account issuer
 
 |===
 
diff --git a/rest_api/operator_apis/kubecontrollermanager-operator-openshift-io-v1.adoc b/rest_api/operator_apis/kubecontrollermanager-operator-openshift-io-v1.adoc
index e452753bb9..426bf8c6f5 100644
--- a/rest_api/operator_apis/kubecontrollermanager-operator-openshift-io-v1.adoc
+++ b/rest_api/operator_apis/kubecontrollermanager-operator-openshift-io-v1.adoc
@@ -11,8 +11,9 @@ toc::[]
 Description::
 +
 --
-KubeControllerManager provides information to configure an operator to manage kube-controller-manager. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+KubeControllerManager provides information to configure an operator to manage kube-controller-manager.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -68,16 +69,22 @@ Type::
 
 | `failedRevisionLimit`
 | `integer`
-| failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)
+| failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api
+-1 = unlimited, 0 or unset = 5 (default)
 
 | `forceRedeploymentReason`
 | `string`
-| forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work this time instead of failing again on the same config.
+| forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string.
+This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work
+this time instead of failing again on the same config.
 
 | `logLevel`
 | `string`
-| logLevel is an intent based logging for an overall component.  It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. 
- Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".
+| logLevel is an intent based logging for an overall component.  It does not give fine grained control, but it is a
+simple way to manage coarse grained logging choices that operators have to interpret for their operands.
+
+Valid values are: "Normal", "Debug", "Trace", "TraceAll".
+Defaults to "Normal".
 
 | `managementState`
 | `string`
@@ -85,24 +92,37 @@ Type::
 
 | `observedConfig`
 | ``
-| observedConfig holds a sparse config that controller has observed from the cluster state.  It exists in spec because it is an input to the level for the operator
+| observedConfig holds a sparse config that controller has observed from the cluster state.  It exists in spec because
+it is an input to the level for the operator
 
 | `operatorLogLevel`
 | `string`
-| operatorLogLevel is an intent based logging for the operator itself.  It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. 
- Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".
+| operatorLogLevel is an intent based logging for the operator itself.  It does not give fine grained control, but it is a
+simple way to manage coarse grained logging choices that operators have to interpret for themselves.
+
+Valid values are: "Normal", "Debug", "Trace", "TraceAll".
+Defaults to "Normal".
 
 | `succeededRevisionLimit`
 | `integer`
-| succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)
+| succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api
+-1 = unlimited, 0 or unset = 5 (default)
 
 | `unsupportedConfigOverrides`
 | ``
-| unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
+| unsupportedConfigOverrides overrides the final configuration that was computed by the operator.
+Red Hat does not support the use of this field.
+Misuse of this field could lead to unexpected behavior or conflict with other configuration options.
+Seek guidance from the Red Hat support before using this field.
+Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
 
 | `useMoreSecureServiceCA`
 | `boolean`
-| useMoreSecureServiceCA indicates that the service-ca.crt provided in SA token volumes should include only enough certificates to validate service serving certificates. Once set to true, it cannot be set to false. Even if someone finds a way to set it back to false, the service-ca.crt files that previously existed will only have the more secure content.
+| useMoreSecureServiceCA indicates that the service-ca.crt provided in SA token volumes should include only
+enough certificates to validate service serving certificates.
+Once set to true, it cannot be set to false.
+Even if someone finds a way to set it back to false, the service-ca.crt files that previously existed will
+only have the more secure content.
 
 |===
 === .status
@@ -191,6 +211,8 @@ Type::
   `object`
 
 Required::
+  - `lastTransitionTime`
+  - `status`
   - `type`
 
 
@@ -201,7 +223,8 @@ Required::
 
 | `lastTransitionTime`
 | `string`
-| 
+| lastTransitionTime is the last time the condition transitioned from one status to another.
+This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
 
 | `message`
 | `string`
@@ -213,11 +236,11 @@ Required::
 
 | `status`
 | `string`
-| 
+| status of the condition, one of True, False, Unknown.
 
 | `type`
 | `string`
-| 
+| type of condition in CamelCase or in foo.example.com/CamelCase.
 
 |===
 === .status.generations
@@ -243,6 +266,11 @@ GenerationStatus keeps track of the generation for a given resource so that deci
 Type::
   `object`
 
+Required::
+  - `group`
+  - `name`
+  - `namespace`
+  - `resource`
 
 
 
diff --git a/rest_api/operator_apis/kubescheduler-operator-openshift-io-v1.adoc b/rest_api/operator_apis/kubescheduler-operator-openshift-io-v1.adoc
index b416d36cf4..7b2e8b76eb 100644
--- a/rest_api/operator_apis/kubescheduler-operator-openshift-io-v1.adoc
+++ b/rest_api/operator_apis/kubescheduler-operator-openshift-io-v1.adoc
@@ -11,8 +11,9 @@ toc::[]
 Description::
 +
 --
-KubeScheduler provides information to configure an operator to manage scheduler. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+KubeScheduler provides information to configure an operator to manage scheduler.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -68,16 +69,22 @@ Type::
 
 | `failedRevisionLimit`
 | `integer`
-| failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)
+| failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api
+-1 = unlimited, 0 or unset = 5 (default)
 
 | `forceRedeploymentReason`
 | `string`
-| forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work this time instead of failing again on the same config.
+| forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string.
+This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work
+this time instead of failing again on the same config.
 
 | `logLevel`
 | `string`
-| logLevel is an intent based logging for an overall component.  It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. 
- Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".
+| logLevel is an intent based logging for an overall component.  It does not give fine grained control, but it is a
+simple way to manage coarse grained logging choices that operators have to interpret for their operands.
+
+Valid values are: "Normal", "Debug", "Trace", "TraceAll".
+Defaults to "Normal".
 
 | `managementState`
 | `string`
@@ -85,20 +92,29 @@ Type::
 
 | `observedConfig`
 | ``
-| observedConfig holds a sparse config that controller has observed from the cluster state.  It exists in spec because it is an input to the level for the operator
+| observedConfig holds a sparse config that controller has observed from the cluster state.  It exists in spec because
+it is an input to the level for the operator
 
 | `operatorLogLevel`
 | `string`
-| operatorLogLevel is an intent based logging for the operator itself.  It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. 
- Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".
+| operatorLogLevel is an intent based logging for the operator itself.  It does not give fine grained control, but it is a
+simple way to manage coarse grained logging choices that operators have to interpret for themselves.
+
+Valid values are: "Normal", "Debug", "Trace", "TraceAll".
+Defaults to "Normal".
 
 | `succeededRevisionLimit`
 | `integer`
-| succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)
+| succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api
+-1 = unlimited, 0 or unset = 5 (default)
 
 | `unsupportedConfigOverrides`
 | ``
-| unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
+| unsupportedConfigOverrides overrides the final configuration that was computed by the operator.
+Red Hat does not support the use of this field.
+Misuse of this field could lead to unexpected behavior or conflict with other configuration options.
+Seek guidance from the Red Hat support before using this field.
+Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
 
 |===
 === .status
@@ -187,6 +203,8 @@ Type::
   `object`
 
 Required::
+  - `lastTransitionTime`
+  - `status`
   - `type`
 
 
@@ -197,7 +215,8 @@ Required::
 
 | `lastTransitionTime`
 | `string`
-| 
+| lastTransitionTime is the last time the condition transitioned from one status to another.
+This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
 
 | `message`
 | `string`
@@ -209,11 +228,11 @@ Required::
 
 | `status`
 | `string`
-| 
+| status of the condition, one of True, False, Unknown.
 
 | `type`
 | `string`
-| 
+| type of condition in CamelCase or in foo.example.com/CamelCase.
 
 |===
 === .status.generations
@@ -239,6 +258,11 @@ GenerationStatus keeps track of the generation for a given resource so that deci
 Type::
   `object`
 
+Required::
+  - `group`
+  - `name`
+  - `namespace`
+  - `resource`
 
 
 
diff --git a/rest_api/operator_apis/machineconfiguration-operator-openshift-io-v1.adoc b/rest_api/operator_apis/machineconfiguration-operator-openshift-io-v1.adoc
index f788990c68..1ea4d5f188 100644
--- a/rest_api/operator_apis/machineconfiguration-operator-openshift-io-v1.adoc
+++ b/rest_api/operator_apis/machineconfiguration-operator-openshift-io-v1.adoc
@@ -11,8 +11,9 @@ toc::[]
 Description::
 +
 --
-MachineConfiguration provides information to configure an operator to manage Machine Configuration. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+MachineConfiguration provides information to configure an operator to manage Machine Configuration.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -68,20 +69,30 @@ Type::
 
 | `failedRevisionLimit`
 | `integer`
-| failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)
+| failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api
+-1 = unlimited, 0 or unset = 5 (default)
 
 | `forceRedeploymentReason`
 | `string`
-| forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work this time instead of failing again on the same config.
+| forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string.
+This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work
+this time instead of failing again on the same config.
 
 | `logLevel`
 | `string`
-| logLevel is an intent based logging for an overall component.  It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. 
- Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".
+| logLevel is an intent based logging for an overall component.  It does not give fine grained control, but it is a
+simple way to manage coarse grained logging choices that operators have to interpret for their operands.
+
+Valid values are: "Normal", "Debug", "Trace", "TraceAll".
+Defaults to "Normal".
 
 | `managedBootImages`
 | `object`
-| managedBootImages allows configuration for the management of boot images for machine resources within the cluster. This configuration allows users to select resources that should be updated to the latest boot images during cluster upgrades, ensuring that new machines always boot with the current cluster version's boot image. When omitted, no boot images will be updated.
+| managedBootImages allows configuration for the management of boot images for machine
+resources within the cluster. This configuration allows users to select resources that should
+be updated to the latest boot images during cluster upgrades, ensuring that new machines
+always boot with the current cluster version's boot image. When omitted, no boot images
+will be updated.
 
 | `managementState`
 | `string`
@@ -89,31 +100,47 @@ Type::
 
 | `nodeDisruptionPolicy`
 | `object`
-| nodeDisruptionPolicy allows an admin to set granular node disruption actions for MachineConfig-based updates, such as drains, service reloads, etc. Specifying this will allow for less downtime when doing small configuration updates to the cluster. This configuration has no effect on cluster upgrades which will still incur node disruption where required.
+| nodeDisruptionPolicy allows an admin to set granular node disruption actions for
+MachineConfig-based updates, such as drains, service reloads, etc. Specifying this will allow
+for less downtime when doing small configuration updates to the cluster. This configuration
+has no effect on cluster upgrades which will still incur node disruption where required.
 
 | `observedConfig`
 | ``
-| observedConfig holds a sparse config that controller has observed from the cluster state.  It exists in spec because it is an input to the level for the operator
+| observedConfig holds a sparse config that controller has observed from the cluster state.  It exists in spec because
+it is an input to the level for the operator
 
 | `operatorLogLevel`
 | `string`
-| operatorLogLevel is an intent based logging for the operator itself.  It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. 
- Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".
+| operatorLogLevel is an intent based logging for the operator itself.  It does not give fine grained control, but it is a
+simple way to manage coarse grained logging choices that operators have to interpret for themselves.
+
+Valid values are: "Normal", "Debug", "Trace", "TraceAll".
+Defaults to "Normal".
 
 | `succeededRevisionLimit`
 | `integer`
-| succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)
+| succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api
+-1 = unlimited, 0 or unset = 5 (default)
 
 | `unsupportedConfigOverrides`
 | ``
-| unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
+| unsupportedConfigOverrides overrides the final configuration that was computed by the operator.
+Red Hat does not support the use of this field.
+Misuse of this field could lead to unexpected behavior or conflict with other configuration options.
+Seek guidance from the Red Hat support before using this field.
+Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
 
 |===
 === .spec.managedBootImages
 Description::
 +
 --
-managedBootImages allows configuration for the management of boot images for machine resources within the cluster. This configuration allows users to select resources that should be updated to the latest boot images during cluster upgrades, ensuring that new machines always boot with the current cluster version's boot image. When omitted, no boot images will be updated.
+managedBootImages allows configuration for the management of boot images for machine
+resources within the cluster. This configuration allows users to select resources that should
+be updated to the latest boot images during cluster upgrades, ensuring that new machines
+always boot with the current cluster version's boot image. When omitted, no boot images
+will be updated.
 --
 
 Type::
@@ -128,18 +155,21 @@ Type::
 
 | `machineManagers`
 | `array`
-| machineManagers can be used to register machine management resources for boot image updates. The Machine Config Operator will watch for changes to this list. Only one entry is permitted per type of machine management resource.
+| machineManagers can be used to register machine management resources for boot image updates. The Machine Config Operator
+will watch for changes to this list. Only one entry is permitted per type of machine management resource.
 
 | `machineManagers[]`
 | `object`
-| MachineManager describes a target machine resource that is registered for boot image updates. It stores identifying information such as the resource type and the API Group of the resource. It also provides granular control via the selection field.
+| MachineManager describes a target machine resource that is registered for boot image updates. It stores identifying information
+such as the resource type and the API Group of the resource. It also provides granular control via the selection field.
 
 |===
 === .spec.managedBootImages.machineManagers
 Description::
 +
 --
-machineManagers can be used to register machine management resources for boot image updates. The Machine Config Operator will watch for changes to this list. Only one entry is permitted per type of machine management resource.
+machineManagers can be used to register machine management resources for boot image updates. The Machine Config Operator
+will watch for changes to this list. Only one entry is permitted per type of machine management resource.
 --
 
 Type::
@@ -152,7 +182,8 @@ Type::
 Description::
 +
 --
-MachineManager describes a target machine resource that is registered for boot image updates. It stores identifying information such as the resource type and the API Group of the resource. It also provides granular control via the selection field.
+MachineManager describes a target machine resource that is registered for boot image updates. It stores identifying information
+such as the resource type and the API Group of the resource. It also provides granular control via the selection field.
 --
 
 Type::
@@ -171,11 +202,15 @@ Required::
 
 | `apiGroup`
 | `string`
-| apiGroup is name of the APIGroup that the machine management resource belongs to. The only current valid value is machine.openshift.io. machine.openshift.io means that the machine manager will only register resources that belong to OpenShift machine API group.
+| apiGroup is name of the APIGroup that the machine management resource belongs to.
+The only current valid value is machine.openshift.io.
+machine.openshift.io means that the machine manager will only register resources that belong to OpenShift machine API group.
 
 | `resource`
 | `string`
-| resource is the machine management resource's type. The only current valid value is machinesets. machinesets means that the machine manager will only register resources of the kind MachineSet.
+| resource is the machine management resource's type.
+The only current valid value is machinesets.
+machinesets means that the machine manager will only register resources of the kind MachineSet.
 
 | `selection`
 | `object`
@@ -203,18 +238,23 @@ Required::
 
 | `mode`
 | `string`
-| mode determines how machine managers will be selected for updates. Valid values are All and Partial. All means that every resource matched by the machine manager will be updated. Partial requires specified selector(s) and allows customisation of which resources matched by the machine manager will be updated.
+| mode determines how machine managers will be selected for updates.
+Valid values are All and Partial.
+All means that every resource matched by the machine manager will be updated.
+Partial requires specified selector(s) and allows customisation of which resources matched by the machine manager will be updated.
 
 | `partial`
 | `object`
-| partial provides label selector(s) that can be used to match machine management resources. Only permitted when mode is set to "Partial".
+| partial provides label selector(s) that can be used to match machine management resources.
+Only permitted when mode is set to "Partial".
 
 |===
 === .spec.managedBootImages.machineManagers[].selection.partial
 Description::
 +
 --
-partial provides label selector(s) that can be used to match machine management resources. Only permitted when mode is set to "Partial".
+partial provides label selector(s) that can be used to match machine management resources.
+Only permitted when mode is set to "Partial".
 --
 
 Type::
@@ -257,11 +297,14 @@ Type::
 
 | `matchExpressions[]`
 | `object`
-| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+| A label selector requirement is a selector that contains values, a key, and an operator that
+relates the key and values.
 
 | `matchLabels`
 | `object (string)`
-| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+map is equivalent to an element of matchExpressions, whose key field is "key", the
+operator is "In", and the values array contains only "value". The requirements are ANDed.
 
 |===
 === .spec.managedBootImages.machineManagers[].selection.partial.machineResourceSelector.matchExpressions
@@ -281,7 +324,8 @@ Type::
 Description::
 +
 --
-A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+A label selector requirement is a selector that contains values, a key, and an operator that
+relates the key and values.
 --
 
 Type::
@@ -303,18 +347,25 @@ Required::
 
 | `operator`
 | `string`
-| operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+| operator represents a key's relationship to a set of values.
+Valid operators are In, NotIn, Exists and DoesNotExist.
 
 | `values`
 | `array (string)`
-| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+| values is an array of string values. If the operator is In or NotIn,
+the values array must be non-empty. If the operator is Exists or DoesNotExist,
+the values array must be empty. This array is replaced during a strategic
+merge patch.
 
 |===
 === .spec.nodeDisruptionPolicy
 Description::
 +
 --
-nodeDisruptionPolicy allows an admin to set granular node disruption actions for MachineConfig-based updates, such as drains, service reloads, etc. Specifying this will allow for less downtime when doing small configuration updates to the cluster. This configuration has no effect on cluster upgrades which will still incur node disruption where required.
+nodeDisruptionPolicy allows an admin to set granular node disruption actions for
+MachineConfig-based updates, such as drains, service reloads, etc. Specifying this will allow
+for less downtime when doing small configuration updates to the cluster. This configuration
+has no effect on cluster upgrades which will still incur node disruption where required.
 --
 
 Type::
@@ -329,7 +380,8 @@ Type::
 
 | `files`
 | `array`
-| files is a list of MachineConfig file definitions and actions to take to changes on those paths This list supports a maximum of 50 entries.
+| files is a list of MachineConfig file definitions and actions to take to changes on those paths
+This list supports a maximum of 50 entries.
 
 | `files[]`
 | `object`
@@ -337,11 +389,13 @@ Type::
 
 | `sshkey`
 | `object`
-| sshkey maps to the ignition.sshkeys field in the MachineConfig object, definition an action for this will apply to all sshkey changes in the cluster
+| sshkey maps to the ignition.sshkeys field in the MachineConfig object, definition an action for this
+will apply to all sshkey changes in the cluster
 
 | `units`
 | `array`
-| units is a list MachineConfig unit definitions and actions to take on changes to those services This list supports a maximum of 50 entries.
+| units is a list MachineConfig unit definitions and actions to take on changes to those services
+This list supports a maximum of 50 entries.
 
 | `units[]`
 | `object`
@@ -352,7 +406,8 @@ Type::
 Description::
 +
 --
-files is a list of MachineConfig file definitions and actions to take to changes on those paths This list supports a maximum of 50 entries.
+files is a list of MachineConfig file definitions and actions to take to changes on those paths
+This list supports a maximum of 50 entries.
 --
 
 Type::
@@ -383,7 +438,13 @@ Required::
 
 | `actions`
 | `array`
-| actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.
+| actions represents the series of commands to be executed on changes to the file at
+the corresponding file path. Actions will be applied in the order that
+they are set in this list. If there are other incoming changes to other MachineConfig
+entries in the same update that require a reboot, the reboot will supercede these actions.
+Valid actions are Reboot, Drain, Reload, DaemonReload and None.
+The Reboot action and the None action cannot be used in conjunction with any of the other actions.
+This list supports a maximum of 10 entries.
 
 | `actions[]`
 | `object`
@@ -391,14 +452,21 @@ Required::
 
 | `path`
 | `string`
-| path is the location of a file being managed through a MachineConfig. The Actions in the policy will apply to changes to the file at this path.
+| path is the location of a file being managed through a MachineConfig.
+The Actions in the policy will apply to changes to the file at this path.
 
 |===
 === .spec.nodeDisruptionPolicy.files[].actions
 Description::
 +
 --
-actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.
+actions represents the series of commands to be executed on changes to the file at
+the corresponding file path. Actions will be applied in the order that
+they are set in this list. If there are other incoming changes to other MachineConfig
+entries in the same update that require a reboot, the reboot will supercede these actions.
+Valid actions are Reboot, Drain, Reload, DaemonReload and None.
+The Reboot action and the None action cannot be used in conjunction with any of the other actions.
+This list supports a maximum of 10 entries.
 --
 
 Type::
@@ -436,7 +504,10 @@ Required::
 
 | `type`
 | `string`
-| type represents the commands that will be carried out if this NodeDisruptionPolicySpecActionType is executed Valid values are Reboot, Drain, Reload, Restart, DaemonReload and None. reload/restart requires a corresponding service target specified in the reload/restart field. Other values require no further configuration
+| type represents the commands that will be carried out if this NodeDisruptionPolicySpecActionType is executed
+Valid values are Reboot, Drain, Reload, Restart, DaemonReload and None.
+reload/restart requires a corresponding service target specified in the reload/restart field.
+Other values require no further configuration
 
 |===
 === .spec.nodeDisruptionPolicy.files[].actions[].reload
@@ -460,7 +531,10 @@ Required::
 
 | `serviceName`
 | `string`
-| serviceName is the full name (e.g. crio.service) of the service to be reloaded Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope".
+| serviceName is the full name (e.g. crio.service) of the service to be reloaded
+Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long.
+${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\".
+${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope".
 
 |===
 === .spec.nodeDisruptionPolicy.files[].actions[].restart
@@ -484,14 +558,18 @@ Required::
 
 | `serviceName`
 | `string`
-| serviceName is the full name (e.g. crio.service) of the service to be restarted Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope".
+| serviceName is the full name (e.g. crio.service) of the service to be restarted
+Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long.
+${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\".
+${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope".
 
 |===
 === .spec.nodeDisruptionPolicy.sshkey
 Description::
 +
 --
-sshkey maps to the ignition.sshkeys field in the MachineConfig object, definition an action for this will apply to all sshkey changes in the cluster
+sshkey maps to the ignition.sshkeys field in the MachineConfig object, definition an action for this
+will apply to all sshkey changes in the cluster
 --
 
 Type::
@@ -508,7 +586,13 @@ Required::
 
 | `actions`
 | `array`
-| actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.
+| actions represents the series of commands to be executed on changes to the file at
+the corresponding file path. Actions will be applied in the order that
+they are set in this list. If there are other incoming changes to other MachineConfig
+entries in the same update that require a reboot, the reboot will supercede these actions.
+Valid actions are Reboot, Drain, Reload, DaemonReload and None.
+The Reboot action and the None action cannot be used in conjunction with any of the other actions.
+This list supports a maximum of 10 entries.
 
 | `actions[]`
 | `object`
@@ -519,7 +603,13 @@ Required::
 Description::
 +
 --
-actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.
+actions represents the series of commands to be executed on changes to the file at
+the corresponding file path. Actions will be applied in the order that
+they are set in this list. If there are other incoming changes to other MachineConfig
+entries in the same update that require a reboot, the reboot will supercede these actions.
+Valid actions are Reboot, Drain, Reload, DaemonReload and None.
+The Reboot action and the None action cannot be used in conjunction with any of the other actions.
+This list supports a maximum of 10 entries.
 --
 
 Type::
@@ -557,7 +647,10 @@ Required::
 
 | `type`
 | `string`
-| type represents the commands that will be carried out if this NodeDisruptionPolicySpecActionType is executed Valid values are Reboot, Drain, Reload, Restart, DaemonReload and None. reload/restart requires a corresponding service target specified in the reload/restart field. Other values require no further configuration
+| type represents the commands that will be carried out if this NodeDisruptionPolicySpecActionType is executed
+Valid values are Reboot, Drain, Reload, Restart, DaemonReload and None.
+reload/restart requires a corresponding service target specified in the reload/restart field.
+Other values require no further configuration
 
 |===
 === .spec.nodeDisruptionPolicy.sshkey.actions[].reload
@@ -581,7 +674,10 @@ Required::
 
 | `serviceName`
 | `string`
-| serviceName is the full name (e.g. crio.service) of the service to be reloaded Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope".
+| serviceName is the full name (e.g. crio.service) of the service to be reloaded
+Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long.
+${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\".
+${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope".
 
 |===
 === .spec.nodeDisruptionPolicy.sshkey.actions[].restart
@@ -605,14 +701,18 @@ Required::
 
 | `serviceName`
 | `string`
-| serviceName is the full name (e.g. crio.service) of the service to be restarted Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope".
+| serviceName is the full name (e.g. crio.service) of the service to be restarted
+Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long.
+${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\".
+${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope".
 
 |===
 === .spec.nodeDisruptionPolicy.units
 Description::
 +
 --
-units is a list MachineConfig unit definitions and actions to take on changes to those services This list supports a maximum of 50 entries.
+units is a list MachineConfig unit definitions and actions to take on changes to those services
+This list supports a maximum of 50 entries.
 --
 
 Type::
@@ -643,7 +743,13 @@ Required::
 
 | `actions`
 | `array`
-| actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.
+| actions represents the series of commands to be executed on changes to the file at
+the corresponding file path. Actions will be applied in the order that
+they are set in this list. If there are other incoming changes to other MachineConfig
+entries in the same update that require a reboot, the reboot will supercede these actions.
+Valid actions are Reboot, Drain, Reload, DaemonReload and None.
+The Reboot action and the None action cannot be used in conjunction with any of the other actions.
+This list supports a maximum of 10 entries.
 
 | `actions[]`
 | `object`
@@ -651,14 +757,24 @@ Required::
 
 | `name`
 | `string`
-| name represents the service name of a systemd service managed through a MachineConfig Actions specified will be applied for changes to the named service. Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope".
+| name represents the service name of a systemd service managed through a MachineConfig
+Actions specified will be applied for changes to the named service.
+Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long.
+${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\".
+${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope".
 
 |===
 === .spec.nodeDisruptionPolicy.units[].actions
 Description::
 +
 --
-actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.
+actions represents the series of commands to be executed on changes to the file at
+the corresponding file path. Actions will be applied in the order that
+they are set in this list. If there are other incoming changes to other MachineConfig
+entries in the same update that require a reboot, the reboot will supercede these actions.
+Valid actions are Reboot, Drain, Reload, DaemonReload and None.
+The Reboot action and the None action cannot be used in conjunction with any of the other actions.
+This list supports a maximum of 10 entries.
 --
 
 Type::
@@ -696,7 +812,10 @@ Required::
 
 | `type`
 | `string`
-| type represents the commands that will be carried out if this NodeDisruptionPolicySpecActionType is executed Valid values are Reboot, Drain, Reload, Restart, DaemonReload and None. reload/restart requires a corresponding service target specified in the reload/restart field. Other values require no further configuration
+| type represents the commands that will be carried out if this NodeDisruptionPolicySpecActionType is executed
+Valid values are Reboot, Drain, Reload, Restart, DaemonReload and None.
+reload/restart requires a corresponding service target specified in the reload/restart field.
+Other values require no further configuration
 
 |===
 === .spec.nodeDisruptionPolicy.units[].actions[].reload
@@ -720,7 +839,10 @@ Required::
 
 | `serviceName`
 | `string`
-| serviceName is the full name (e.g. crio.service) of the service to be reloaded Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope".
+| serviceName is the full name (e.g. crio.service) of the service to be reloaded
+Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long.
+${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\".
+${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope".
 
 |===
 === .spec.nodeDisruptionPolicy.units[].actions[].restart
@@ -744,7 +866,10 @@ Required::
 
 | `serviceName`
 | `string`
-| serviceName is the full name (e.g. crio.service) of the service to be restarted Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope".
+| serviceName is the full name (e.g. crio.service) of the service to be restarted
+Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long.
+${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\".
+${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope".
 
 |===
 === .status
@@ -770,13 +895,12 @@ Type::
 
 | `conditions[]`
 | `object`
-| Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions.  For example, 
- type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` 
- // other fields }
+| Condition contains details for one aspect of the current state of this API Resource.
 
 | `nodeDisruptionPolicyStatus`
 | `object`
-| nodeDisruptionPolicyStatus status reflects what the latest cluster-validated policies are, and will be used by the Machine Config Daemon during future node updates.
+| nodeDisruptionPolicyStatus status reflects what the latest cluster-validated policies are,
+and will be used by the Machine Config Daemon during future node updates.
 
 | `observedGeneration`
 | `integer`
@@ -800,9 +924,7 @@ Type::
 Description::
 +
 --
-Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions.  For example, 
- type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` 
- // other fields }
+Condition contains details for one aspect of the current state of this API Resource.
 --
 
 Type::
@@ -823,19 +945,27 @@ Required::
 
 | `lastTransitionTime`
 | `string`
-| lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
+| lastTransitionTime is the last time the condition transitioned from one status to another.
+This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
 
 | `message`
 | `string`
-| message is a human readable message indicating details about the transition. This may be an empty string.
+| message is a human readable message indicating details about the transition.
+This may be an empty string.
 
 | `observedGeneration`
 | `integer`
-| observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
+| observedGeneration represents the .metadata.generation that the condition was set based upon.
+For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+with respect to the current state of the instance.
 
 | `reason`
 | `string`
-| reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
+| reason contains a programmatic identifier indicating the reason for the condition's last transition.
+Producers of specific condition types may define expected values and meanings for this field,
+and whether the values are considered a guaranteed API.
+The value should be a CamelCase string.
+This field may not be empty.
 
 | `status`
 | `string`
@@ -843,14 +973,15 @@ Required::
 
 | `type`
 | `string`
-| type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+| type of condition in CamelCase or in foo.example.com/CamelCase.
 
 |===
 === .status.nodeDisruptionPolicyStatus
 Description::
 +
 --
-nodeDisruptionPolicyStatus status reflects what the latest cluster-validated policies are, and will be used by the Machine Config Daemon during future node updates.
+nodeDisruptionPolicyStatus status reflects what the latest cluster-validated policies are,
+and will be used by the Machine Config Daemon during future node updates.
 --
 
 Type::
@@ -941,7 +1072,13 @@ Required::
 
 | `actions`
 | `array`
-| actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.
+| actions represents the series of commands to be executed on changes to the file at
+the corresponding file path. Actions will be applied in the order that
+they are set in this list. If there are other incoming changes to other MachineConfig
+entries in the same update that require a reboot, the reboot will supercede these actions.
+Valid actions are Reboot, Drain, Reload, DaemonReload and None.
+The Reboot action and the None action cannot be used in conjunction with any of the other actions.
+This list supports a maximum of 10 entries.
 
 | `actions[]`
 | `object`
@@ -949,14 +1086,21 @@ Required::
 
 | `path`
 | `string`
-| path is the location of a file being managed through a MachineConfig. The Actions in the policy will apply to changes to the file at this path.
+| path is the location of a file being managed through a MachineConfig.
+The Actions in the policy will apply to changes to the file at this path.
 
 |===
 === .status.nodeDisruptionPolicyStatus.clusterPolicies.files[].actions
 Description::
 +
 --
-actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.
+actions represents the series of commands to be executed on changes to the file at
+the corresponding file path. Actions will be applied in the order that
+they are set in this list. If there are other incoming changes to other MachineConfig
+entries in the same update that require a reboot, the reboot will supercede these actions.
+Valid actions are Reboot, Drain, Reload, DaemonReload and None.
+The Reboot action and the None action cannot be used in conjunction with any of the other actions.
+This list supports a maximum of 10 entries.
 --
 
 Type::
@@ -994,7 +1138,10 @@ Required::
 
 | `type`
 | `string`
-| type represents the commands that will be carried out if this NodeDisruptionPolicyStatusActionType is executed Valid values are Reboot, Drain, Reload, Restart, DaemonReload, None and Special. reload/restart requires a corresponding service target specified in the reload/restart field. Other values require no further configuration
+| type represents the commands that will be carried out if this NodeDisruptionPolicyStatusActionType is executed
+Valid values are Reboot, Drain, Reload, Restart, DaemonReload, None and Special.
+reload/restart requires a corresponding service target specified in the reload/restart field.
+Other values require no further configuration
 
 |===
 === .status.nodeDisruptionPolicyStatus.clusterPolicies.files[].actions[].reload
@@ -1018,7 +1165,10 @@ Required::
 
 | `serviceName`
 | `string`
-| serviceName is the full name (e.g. crio.service) of the service to be reloaded Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope".
+| serviceName is the full name (e.g. crio.service) of the service to be reloaded
+Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long.
+${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\".
+${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope".
 
 |===
 === .status.nodeDisruptionPolicyStatus.clusterPolicies.files[].actions[].restart
@@ -1042,7 +1192,10 @@ Required::
 
 | `serviceName`
 | `string`
-| serviceName is the full name (e.g. crio.service) of the service to be restarted Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope".
+| serviceName is the full name (e.g. crio.service) of the service to be restarted
+Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long.
+${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\".
+${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope".
 
 |===
 === .status.nodeDisruptionPolicyStatus.clusterPolicies.sshkey
@@ -1066,7 +1219,13 @@ Required::
 
 | `actions`
 | `array`
-| actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.
+| actions represents the series of commands to be executed on changes to the file at
+the corresponding file path. Actions will be applied in the order that
+they are set in this list. If there are other incoming changes to other MachineConfig
+entries in the same update that require a reboot, the reboot will supercede these actions.
+Valid actions are Reboot, Drain, Reload, DaemonReload and None.
+The Reboot action and the None action cannot be used in conjunction with any of the other actions.
+This list supports a maximum of 10 entries.
 
 | `actions[]`
 | `object`
@@ -1077,7 +1236,13 @@ Required::
 Description::
 +
 --
-actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.
+actions represents the series of commands to be executed on changes to the file at
+the corresponding file path. Actions will be applied in the order that
+they are set in this list. If there are other incoming changes to other MachineConfig
+entries in the same update that require a reboot, the reboot will supercede these actions.
+Valid actions are Reboot, Drain, Reload, DaemonReload and None.
+The Reboot action and the None action cannot be used in conjunction with any of the other actions.
+This list supports a maximum of 10 entries.
 --
 
 Type::
@@ -1115,7 +1280,10 @@ Required::
 
 | `type`
 | `string`
-| type represents the commands that will be carried out if this NodeDisruptionPolicyStatusActionType is executed Valid values are Reboot, Drain, Reload, Restart, DaemonReload, None and Special. reload/restart requires a corresponding service target specified in the reload/restart field. Other values require no further configuration
+| type represents the commands that will be carried out if this NodeDisruptionPolicyStatusActionType is executed
+Valid values are Reboot, Drain, Reload, Restart, DaemonReload, None and Special.
+reload/restart requires a corresponding service target specified in the reload/restart field.
+Other values require no further configuration
 
 |===
 === .status.nodeDisruptionPolicyStatus.clusterPolicies.sshkey.actions[].reload
@@ -1139,7 +1307,10 @@ Required::
 
 | `serviceName`
 | `string`
-| serviceName is the full name (e.g. crio.service) of the service to be reloaded Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope".
+| serviceName is the full name (e.g. crio.service) of the service to be reloaded
+Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long.
+${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\".
+${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope".
 
 |===
 === .status.nodeDisruptionPolicyStatus.clusterPolicies.sshkey.actions[].restart
@@ -1163,7 +1334,10 @@ Required::
 
 | `serviceName`
 | `string`
-| serviceName is the full name (e.g. crio.service) of the service to be restarted Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope".
+| serviceName is the full name (e.g. crio.service) of the service to be restarted
+Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long.
+${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\".
+${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope".
 
 |===
 === .status.nodeDisruptionPolicyStatus.clusterPolicies.units
@@ -1201,7 +1375,13 @@ Required::
 
 | `actions`
 | `array`
-| actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.
+| actions represents the series of commands to be executed on changes to the file at
+the corresponding file path. Actions will be applied in the order that
+they are set in this list. If there are other incoming changes to other MachineConfig
+entries in the same update that require a reboot, the reboot will supercede these actions.
+Valid actions are Reboot, Drain, Reload, DaemonReload and None.
+The Reboot action and the None action cannot be used in conjunction with any of the other actions.
+This list supports a maximum of 10 entries.
 
 | `actions[]`
 | `object`
@@ -1209,14 +1389,24 @@ Required::
 
 | `name`
 | `string`
-| name represents the service name of a systemd service managed through a MachineConfig Actions specified will be applied for changes to the named service. Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope".
+| name represents the service name of a systemd service managed through a MachineConfig
+Actions specified will be applied for changes to the named service.
+Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long.
+${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\".
+${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope".
 
 |===
 === .status.nodeDisruptionPolicyStatus.clusterPolicies.units[].actions
 Description::
 +
 --
-actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.
+actions represents the series of commands to be executed on changes to the file at
+the corresponding file path. Actions will be applied in the order that
+they are set in this list. If there are other incoming changes to other MachineConfig
+entries in the same update that require a reboot, the reboot will supercede these actions.
+Valid actions are Reboot, Drain, Reload, DaemonReload and None.
+The Reboot action and the None action cannot be used in conjunction with any of the other actions.
+This list supports a maximum of 10 entries.
 --
 
 Type::
@@ -1254,7 +1444,10 @@ Required::
 
 | `type`
 | `string`
-| type represents the commands that will be carried out if this NodeDisruptionPolicyStatusActionType is executed Valid values are Reboot, Drain, Reload, Restart, DaemonReload, None and Special. reload/restart requires a corresponding service target specified in the reload/restart field. Other values require no further configuration
+| type represents the commands that will be carried out if this NodeDisruptionPolicyStatusActionType is executed
+Valid values are Reboot, Drain, Reload, Restart, DaemonReload, None and Special.
+reload/restart requires a corresponding service target specified in the reload/restart field.
+Other values require no further configuration
 
 |===
 === .status.nodeDisruptionPolicyStatus.clusterPolicies.units[].actions[].reload
@@ -1278,7 +1471,10 @@ Required::
 
 | `serviceName`
 | `string`
-| serviceName is the full name (e.g. crio.service) of the service to be reloaded Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope".
+| serviceName is the full name (e.g. crio.service) of the service to be reloaded
+Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long.
+${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\".
+${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope".
 
 |===
 === .status.nodeDisruptionPolicyStatus.clusterPolicies.units[].actions[].restart
@@ -1302,7 +1498,10 @@ Required::
 
 | `serviceName`
 | `string`
-| serviceName is the full name (e.g. crio.service) of the service to be restarted Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope".
+| serviceName is the full name (e.g. crio.service) of the service to be restarted
+Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long.
+${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\".
+${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope".
 
 |===
 
diff --git a/rest_api/operator_apis/network-operator-openshift-io-v1.adoc b/rest_api/operator_apis/network-operator-openshift-io-v1.adoc
index 09459b9d5f..fa0f8c53ad 100644
--- a/rest_api/operator_apis/network-operator-openshift-io-v1.adoc
+++ b/rest_api/operator_apis/network-operator-openshift-io-v1.adoc
@@ -11,8 +11,10 @@ toc::[]
 Description::
 +
 --
-Network describes the cluster's desired network configuration. It is consumed by the cluster-network-operator. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+Network describes the cluster's desired network configuration. It is
+consumed by the cluster-network-operator.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -44,7 +46,8 @@ Type::
 
 | `status`
 | `object`
-| NetworkStatus is detailed operator status, which is distilled up to the Network clusteroperator object.
+| NetworkStatus is detailed operator status, which is distilled
+up to the Network clusteroperator object.
 
 |===
 === .spec
@@ -66,19 +69,27 @@ Type::
 
 | `additionalNetworks`
 | `array`
-| additionalNetworks is a list of extra networks to make available to pods when multiple networks are enabled.
+| additionalNetworks is a list of extra networks to make available to pods
+when multiple networks are enabled.
 
 | `additionalNetworks[]`
 | `object`
-| AdditionalNetworkDefinition configures an extra network that is available but not created by default. Instead, pods must request them by name. type must be specified, along with exactly one "Config" that matches the type.
+| AdditionalNetworkDefinition configures an extra network that is available but not
+created by default. Instead, pods must request them by name.
+type must be specified, along with exactly one "Config" that matches the type.
 
 | `clusterNetwork`
 | `array`
-| clusterNetwork is the IP address pool to use for pod IPs. Some network providers support multiple ClusterNetworks. Others only support one. This is equivalent to the cluster-cidr.
+| clusterNetwork is the IP address pool to use for pod IPs.
+Some network providers support multiple ClusterNetworks.
+Others only support one. This is equivalent to the cluster-cidr.
 
 | `clusterNetwork[]`
 | `object`
-| ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If the HostPrefix field is not used by the plugin, it can be left unset. Not all network providers support multiple ClusterNetworks
+| ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size
+HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If
+the HostPrefix field is not used by the plugin, it can be left unset.
+Not all network providers support multiple ClusterNetworks
 
 | `defaultNetwork`
 | `object`
@@ -86,28 +97,44 @@ Type::
 
 | `deployKubeProxy`
 | `boolean`
-| deployKubeProxy specifies whether or not a standalone kube-proxy should be deployed by the operator. Some network providers include kube-proxy or similar functionality. If unset, the plugin will attempt to select the correct value, which is false when ovn-kubernetes is used and true otherwise.
+| deployKubeProxy specifies whether or not a standalone kube-proxy should
+be deployed by the operator. Some network providers include kube-proxy
+or similar functionality. If unset, the plugin will attempt to select
+the correct value, which is false when ovn-kubernetes is used and true
+otherwise.
 
 | `disableMultiNetwork`
 | `boolean`
-| disableMultiNetwork specifies whether or not multiple pod network support should be disabled. If unset, this property defaults to 'false' and multiple network support is enabled.
+| disableMultiNetwork specifies whether or not multiple pod network
+support should be disabled. If unset, this property defaults to
+'false' and multiple network support is enabled.
 
 | `disableNetworkDiagnostics`
 | `boolean`
-| disableNetworkDiagnostics specifies whether or not PodNetworkConnectivityCheck CRs from a test pod to every node, apiserver and LB should be disabled or not. If unset, this property defaults to 'false' and network diagnostics is enabled. Setting this to 'true' would reduce the additional load of the pods performing the checks.
+| disableNetworkDiagnostics specifies whether or not PodNetworkConnectivityCheck
+CRs from a test pod to every node, apiserver and LB should be disabled or not.
+If unset, this property defaults to 'false' and network diagnostics is enabled.
+Setting this to 'true' would reduce the additional load of the pods performing the checks.
 
 | `exportNetworkFlows`
 | `object`
-| exportNetworkFlows enables and configures the export of network flow metadata from the pod network by using protocols NetFlow, SFlow or IPFIX. Currently only supported on OVN-Kubernetes plugin. If unset, flows will not be exported to any collector.
+| exportNetworkFlows enables and configures the export of network flow metadata from the pod network
+by using protocols NetFlow, SFlow or IPFIX. Currently only supported on OVN-Kubernetes plugin.
+If unset, flows will not be exported to any collector.
 
 | `kubeProxyConfig`
 | `object`
-| kubeProxyConfig lets us configure desired proxy configuration, if deployKubeProxy is true. If not specified, sensible defaults will be chosen by OpenShift directly.
+| kubeProxyConfig lets us configure desired proxy configuration, if
+deployKubeProxy is true. If not specified, sensible defaults will be chosen by
+OpenShift directly.
 
 | `logLevel`
 | `string`
-| logLevel is an intent based logging for an overall component.  It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. 
- Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".
+| logLevel is an intent based logging for an overall component.  It does not give fine grained control, but it is a
+simple way to manage coarse grained logging choices that operators have to interpret for their operands.
+
+Valid values are: "Normal", "Debug", "Trace", "TraceAll".
+Defaults to "Normal".
 
 | `managementState`
 | `string`
@@ -115,35 +142,54 @@ Type::
 
 | `migration`
 | `object`
-| migration enables and configures cluster network migration, for network changes that cannot be made instantly.
+| migration enables and configures cluster network migration, for network changes
+that cannot be made instantly.
 
 | `observedConfig`
 | ``
-| observedConfig holds a sparse config that controller has observed from the cluster state.  It exists in spec because it is an input to the level for the operator
+| observedConfig holds a sparse config that controller has observed from the cluster state.  It exists in spec because
+it is an input to the level for the operator
 
 | `operatorLogLevel`
 | `string`
-| operatorLogLevel is an intent based logging for the operator itself.  It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. 
- Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".
+| operatorLogLevel is an intent based logging for the operator itself.  It does not give fine grained control, but it is a
+simple way to manage coarse grained logging choices that operators have to interpret for themselves.
+
+Valid values are: "Normal", "Debug", "Trace", "TraceAll".
+Defaults to "Normal".
 
 | `serviceNetwork`
 | `array (string)`
-| serviceNetwork is the ip address pool to use for Service IPs Currently, all existing network providers only support a single value here, but this is an array to allow for growth.
+| serviceNetwork is the ip address pool to use for Service IPs
+Currently, all existing network providers only support a single value
+here, but this is an array to allow for growth.
 
 | `unsupportedConfigOverrides`
 | ``
-| unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
+| unsupportedConfigOverrides overrides the final configuration that was computed by the operator.
+Red Hat does not support the use of this field.
+Misuse of this field could lead to unexpected behavior or conflict with other configuration options.
+Seek guidance from the Red Hat support before using this field.
+Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
 
 | `useMultiNetworkPolicy`
 | `boolean`
-| useMultiNetworkPolicy enables a controller which allows for MultiNetworkPolicy objects to be used on additional networks as created by Multus CNI. MultiNetworkPolicy are similar to NetworkPolicy objects, but NetworkPolicy objects only apply to the primary interface. With MultiNetworkPolicy, you can control the traffic that a pod can receive over the secondary interfaces. If unset, this property defaults to 'false' and MultiNetworkPolicy objects are ignored. If 'disableMultiNetwork' is 'true' then the value of this field is ignored.
+| useMultiNetworkPolicy enables a controller which allows for
+MultiNetworkPolicy objects to be used on additional networks as
+created by Multus CNI. MultiNetworkPolicy are similar to NetworkPolicy
+objects, but NetworkPolicy objects only apply to the primary interface.
+With MultiNetworkPolicy, you can control the traffic that a pod can receive
+over the secondary interfaces. If unset, this property defaults to 'false'
+and MultiNetworkPolicy objects are ignored. If 'disableMultiNetwork' is
+'true' then the value of this field is ignored.
 
 |===
 === .spec.additionalNetworks
 Description::
 +
 --
-additionalNetworks is a list of extra networks to make available to pods when multiple networks are enabled.
+additionalNetworks is a list of extra networks to make available to pods
+when multiple networks are enabled.
 --
 
 Type::
@@ -156,7 +202,9 @@ Type::
 Description::
 +
 --
-AdditionalNetworkDefinition configures an extra network that is available but not created by default. Instead, pods must request them by name. type must be specified, along with exactly one "Config" that matches the type.
+AdditionalNetworkDefinition configures an extra network that is available but not
+created by default. Instead, pods must request them by name.
+type must be specified, along with exactly one "Config" that matches the type.
 --
 
 Type::
@@ -173,15 +221,18 @@ Required::
 
 | `name`
 | `string`
-| name is the name of the network. This will be populated in the resulting CRD This must be unique.
+| name is the name of the network. This will be populated in the resulting CRD
+This must be unique.
 
 | `namespace`
 | `string`
-| namespace is the namespace of the network. This will be populated in the resulting CRD If not given the network will be created in the default namespace.
+| namespace is the namespace of the network. This will be populated in the resulting CRD
+If not given the network will be created in the default namespace.
 
 | `rawCNIConfig`
 | `string`
-| rawCNIConfig is the raw CNI configuration json to create in the NetworkAttachmentDefinition CRD
+| rawCNIConfig is the raw CNI configuration json to create in the
+NetworkAttachmentDefinition CRD
 
 | `simpleMacvlanConfig`
 | `object`
@@ -189,7 +240,8 @@ Required::
 
 | `type`
 | `string`
-| type is the type of network The supported values are NetworkTypeRaw, NetworkTypeSimpleMacvlan
+| type is the type of network
+The supported values are NetworkTypeRaw, NetworkTypeSimpleMacvlan
 
 |===
 === .spec.additionalNetworks[].simpleMacvlanConfig
@@ -215,7 +267,8 @@ Type::
 
 | `master`
 | `string`
-| master is the host interface to create the macvlan interface from. If not specified, it will be default route interface
+| master is the host interface to create the macvlan interface from.
+If not specified, it will be default route interface
 
 | `mode`
 | `string`
@@ -223,7 +276,8 @@ Type::
 
 | `mtu`
 | `integer`
-| mtu is the mtu to use for the macvlan interface. if unset, host's kernel will select the value.
+| mtu is the mtu to use for the macvlan interface. if unset, host's
+kernel will select the value.
 
 |===
 === .spec.additionalNetworks[].simpleMacvlanConfig.ipamConfig
@@ -249,7 +303,8 @@ Type::
 
 | `type`
 | `string`
-| Type is the type of IPAM module will be used for IP Address Management(IPAM). The supported values are IPAMTypeDHCP, IPAMTypeStatic
+| Type is the type of IPAM module will be used for IP Address Management(IPAM).
+The supported values are IPAMTypeDHCP, IPAMTypeStatic
 
 |===
 === .spec.additionalNetworks[].simpleMacvlanConfig.ipamConfig.staticIPAMConfig
@@ -395,14 +450,17 @@ Type::
 
 | `gateway`
 | `string`
-| Gateway is the route's next-hop IP address If unset, a default gateway is assumed (as determined by the CNI plugin).
+| Gateway is the route's next-hop IP address
+If unset, a default gateway is assumed (as determined by the CNI plugin).
 
 |===
 === .spec.clusterNetwork
 Description::
 +
 --
-clusterNetwork is the IP address pool to use for pod IPs. Some network providers support multiple ClusterNetworks. Others only support one. This is equivalent to the cluster-cidr.
+clusterNetwork is the IP address pool to use for pod IPs.
+Some network providers support multiple ClusterNetworks.
+Others only support one. This is equivalent to the cluster-cidr.
 --
 
 Type::
@@ -415,7 +473,10 @@ Type::
 Description::
 +
 --
-ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If the HostPrefix field is not used by the plugin, it can be left unset. Not all network providers support multiple ClusterNetworks
+ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size
+HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If
+the HostPrefix field is not used by the plugin, it can be left unset.
+Not all network providers support multiple ClusterNetworks
 --
 
 Type::
@@ -456,7 +517,8 @@ Type::
 
 | `openshiftSDNConfig`
 | `object`
-| openShiftSDNConfig was previously used to configure the openshift-sdn plugin. DEPRECATED: OpenShift SDN is no longer supported.
+| openShiftSDNConfig was previously used to configure the openshift-sdn plugin.
+DEPRECATED: OpenShift SDN is no longer supported.
 
 | `ovnKubernetesConfig`
 | `object`
@@ -464,14 +526,16 @@ Type::
 
 | `type`
 | `string`
-| type is the type of network All NetworkTypes are supported except for NetworkTypeRaw
+| type is the type of network
+All NetworkTypes are supported except for NetworkTypeRaw
 
 |===
 === .spec.defaultNetwork.openshiftSDNConfig
 Description::
 +
 --
-openShiftSDNConfig was previously used to configure the openshift-sdn plugin. DEPRECATED: OpenShift SDN is no longer supported.
+openShiftSDNConfig was previously used to configure the openshift-sdn plugin.
+DEPRECATED: OpenShift SDN is no longer supported.
 --
 
 Type::
@@ -486,7 +550,8 @@ Type::
 
 | `enableUnidling`
 | `boolean`
-| enableUnidling controls whether or not the service proxy will support idling and unidling of services. By default, unidling is enabled.
+| enableUnidling controls whether or not the service proxy will support idling
+and unidling of services. By default, unidling is enabled.
 
 | `mode`
 | `string`
@@ -494,11 +559,14 @@ Type::
 
 | `mtu`
 | `integer`
-| mtu is the mtu to use for the tunnel interface. Defaults to 1450 if unset. This must be 50 bytes smaller than the machine's uplink.
+| mtu is the mtu to use for the tunnel interface. Defaults to 1450 if unset.
+This must be 50 bytes smaller than the machine's uplink.
 
 | `useExternalOpenvswitch`
 | `boolean`
-| useExternalOpenvswitch used to control whether the operator would deploy an OVS DaemonSet itself or expect someone else to start OVS. As of 4.6, OVS is always run as a system service, and this flag is ignored.
+| useExternalOpenvswitch used to control whether the operator would deploy an OVS
+DaemonSet itself or expect someone else to start OVS. As of 4.6, OVS is always
+run as a system service, and this flag is ignored.
 
 | `vxlanPort`
 | `integer`
@@ -532,39 +600,59 @@ Type::
 
 | `genevePort`
 | `integer`
-| geneve port is the UDP port to be used by geneve encapulation. Default is 6081
+| geneve port is the UDP port to be used by geneve encapulation.
+Default is 6081
 
 | `hybridOverlayConfig`
 | `object`
-| HybridOverlayConfig configures an additional overlay network for peers that are not using OVN.
+| HybridOverlayConfig configures an additional overlay network for peers that are
+not using OVN.
 
 | `ipsecConfig`
 | `object`
-| ipsecConfig enables and configures IPsec for pods on the pod network within the cluster.
+| ipsecConfig enables and configures IPsec for pods on the pod network within the
+cluster.
 
 | `ipv4`
 | `object`
-| ipv4 allows users to configure IP settings for IPv4 connections. When ommitted, this means no opinions and the default configuration is used. Check individual fields within ipv4 for details of default values.
+| ipv4 allows users to configure IP settings for IPv4 connections. When ommitted,
+this means no opinions and the default configuration is used. Check individual
+fields within ipv4 for details of default values.
 
 | `ipv6`
 | `object`
-| ipv6 allows users to configure IP settings for IPv6 connections. When ommitted, this means no opinions and the default configuration is used. Check individual fields within ipv4 for details of default values.
+| ipv6 allows users to configure IP settings for IPv6 connections. When ommitted,
+this means no opinions and the default configuration is used. Check individual
+fields within ipv4 for details of default values.
 
 | `mtu`
 | `integer`
-| mtu is the MTU to use for the tunnel interface. This must be 100 bytes smaller than the uplink mtu. Default is 1400
+| mtu is the MTU to use for the tunnel interface. This must be 100
+bytes smaller than the uplink mtu.
+Default is 1400
 
 | `policyAuditConfig`
 | `object`
-| policyAuditConfig is the configuration for network policy audit events. If unset, reported defaults are used.
+| policyAuditConfig is the configuration for network policy audit events. If unset,
+reported defaults are used.
 
 | `v4InternalSubnet`
 | `string`
-| v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. The value cannot be changed after installation. Default is 100.64.0.0/16
+| v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
+default one is being already used by something else. It must not overlap with
+any other subnet being used by OpenShift or by the node network. The size of the
+subnet must be larger than the number of nodes. The value cannot be changed
+after installation.
+Default is 100.64.0.0/16
 
 | `v6InternalSubnet`
 | `string`
-| v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. The value cannot be changed after installation. Default is fd98::/48
+| v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
+default one is being already used by something else. It must not overlap with
+any other subnet being used by OpenShift or by the node network. The size of the
+subnet must be larger than the number of nodes. The value cannot be changed
+after installation.
+Default is fd98::/48
 
 |===
 === .spec.defaultNetwork.ovnKubernetesConfig.egressIPConfig
@@ -586,7 +674,13 @@ Type::
 
 | `reachabilityTotalTimeoutSeconds`
 | `integer`
-| reachabilityTotalTimeout configures the EgressIP node reachability check total timeout in seconds. If the EgressIP node cannot be reached within this timeout, the node is declared down. Setting a large value may cause the EgressIP feature to react slowly to node changes. In particular, it may react slowly for EgressIP nodes that really have a genuine problem and are unreachable. When omitted, this means the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is 1 second. A value of 0 disables the EgressIP node's reachability check.
+| reachabilityTotalTimeout configures the EgressIP node reachability check total timeout in seconds.
+If the EgressIP node cannot be reached within this timeout, the node is declared down.
+Setting a large value may cause the EgressIP feature to react slowly to node changes.
+In particular, it may react slowly for EgressIP nodes that really have a genuine problem and are unreachable.
+When omitted, this means the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time.
+The current default is 1 second.
+A value of 0 disables the EgressIP node's reachability check.
 
 |===
 === .spec.defaultNetwork.ovnKubernetesConfig.gatewayConfig
@@ -608,26 +702,36 @@ Type::
 
 | `ipForwarding`
 | `string`
-| IPForwarding controls IP forwarding for all traffic on OVN-Kubernetes managed interfaces (such as br-ex). By default this is set to Restricted, and Kubernetes related traffic is still forwarded appropriately, but other IP traffic will not be routed by the OCP node. If there is a desire to allow the host to forward traffic across OVN-Kubernetes managed interfaces, then set this field to "Global". The supported values are "Restricted" and "Global".
+| IPForwarding controls IP forwarding for all traffic on OVN-Kubernetes managed interfaces (such as br-ex).
+By default this is set to Restricted, and Kubernetes related traffic is still forwarded appropriately, but other
+IP traffic will not be routed by the OCP node. If there is a desire to allow the host to forward traffic across
+OVN-Kubernetes managed interfaces, then set this field to "Global".
+The supported values are "Restricted" and "Global".
 
 | `ipv4`
 | `object`
-| ipv4 allows users to configure IP settings for IPv4 connections. When omitted, this means no opinion and the default configuration is used. Check individual members fields within ipv4 for details of default values.
+| ipv4 allows users to configure IP settings for IPv4 connections. When omitted, this means no opinion and the default
+configuration is used. Check individual members fields within ipv4 for details of default values.
 
 | `ipv6`
 | `object`
-| ipv6 allows users to configure IP settings for IPv6 connections. When omitted, this means no opinion and the default configuration is used. Check individual members fields within ipv6 for details of default values.
+| ipv6 allows users to configure IP settings for IPv6 connections. When omitted, this means no opinion and the default
+configuration is used. Check individual members fields within ipv6 for details of default values.
 
 | `routingViaHost`
 | `boolean`
-| RoutingViaHost allows pod egress traffic to exit via the ovn-k8s-mp0 management port into the host before sending it out. If this is not set, traffic will always egress directly from OVN to outside without touching the host stack. Setting this to true means hardware offload will not be supported. Default is false if GatewayConfig is specified.
+| RoutingViaHost allows pod egress traffic to exit via the ovn-k8s-mp0 management port
+into the host before sending it out. If this is not set, traffic will always egress directly
+from OVN to outside without touching the host stack. Setting this to true means hardware
+offload will not be supported. Default is false if GatewayConfig is specified.
 
 |===
 === .spec.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipv4
 Description::
 +
 --
-ipv4 allows users to configure IP settings for IPv4 connections. When omitted, this means no opinion and the default configuration is used. Check individual members fields within ipv4 for details of default values.
+ipv4 allows users to configure IP settings for IPv4 connections. When omitted, this means no opinion and the default
+configuration is used. Check individual members fields within ipv4 for details of default values.
 --
 
 Type::
@@ -642,14 +746,23 @@ Type::
 
 | `internalMasqueradeSubnet`
 | `string`
-| internalMasqueradeSubnet contains the masquerade addresses in IPV4 CIDR format used internally by ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these addresses, as well as the shared gateway bridge interface. The values can be changed after installation. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must be large enough to accommodate 6 IPs (maximum prefix length /29). When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The current default subnet is 169.254.169.0/29 The value must be in proper IPV4 CIDR format
+| internalMasqueradeSubnet contains the masquerade addresses in IPV4 CIDR format used internally by
+ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these
+addresses, as well as the shared gateway bridge interface. The values can be changed after
+installation. The subnet chosen should not overlap with other networks specified for
+OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must
+be large enough to accommodate 6 IPs (maximum prefix length /29).
+When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time.
+The current default subnet is 169.254.169.0/29
+The value must be in proper IPV4 CIDR format
 
 |===
 === .spec.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipv6
 Description::
 +
 --
-ipv6 allows users to configure IP settings for IPv6 connections. When omitted, this means no opinion and the default configuration is used. Check individual members fields within ipv6 for details of default values.
+ipv6 allows users to configure IP settings for IPv6 connections. When omitted, this means no opinion and the default
+configuration is used. Check individual members fields within ipv6 for details of default values.
 --
 
 Type::
@@ -664,14 +777,23 @@ Type::
 
 | `internalMasqueradeSubnet`
 | `string`
-| internalMasqueradeSubnet contains the masquerade addresses in IPV6 CIDR format used internally by ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these addresses, as well as the shared gateway bridge interface. The values can be changed after installation. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must be large enough to accommodate 6 IPs (maximum prefix length /125). When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The current default subnet is fd69::/125 Note that IPV6 dual addresses are not permitted
+| internalMasqueradeSubnet contains the masquerade addresses in IPV6 CIDR format used internally by
+ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these
+addresses, as well as the shared gateway bridge interface. The values can be changed after
+installation. The subnet chosen should not overlap with other networks specified for
+OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must
+be large enough to accommodate 6 IPs (maximum prefix length /125).
+When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time.
+The current default subnet is fd69::/125
+Note that IPV6 dual addresses are not permitted
 
 |===
 === .spec.defaultNetwork.ovnKubernetesConfig.hybridOverlayConfig
 Description::
 +
 --
-HybridOverlayConfig configures an additional overlay network for peers that are not using OVN.
+HybridOverlayConfig configures an additional overlay network for peers that are
+not using OVN.
 --
 
 Type::
@@ -690,11 +812,15 @@ Type::
 
 | `hybridClusterNetwork[]`
 | `object`
-| ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If the HostPrefix field is not used by the plugin, it can be left unset. Not all network providers support multiple ClusterNetworks
+| ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size
+HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If
+the HostPrefix field is not used by the plugin, it can be left unset.
+Not all network providers support multiple ClusterNetworks
 
 | `hybridOverlayVXLANPort`
 | `integer`
-| HybridOverlayVXLANPort defines the VXLAN port number to be used by the additional overlay network. Default is 4789
+| HybridOverlayVXLANPort defines the VXLAN port number to be used by the additional overlay network.
+Default is 4789
 
 |===
 === .spec.defaultNetwork.ovnKubernetesConfig.hybridOverlayConfig.hybridClusterNetwork
@@ -714,7 +840,10 @@ Type::
 Description::
 +
 --
-ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If the HostPrefix field is not used by the plugin, it can be left unset. Not all network providers support multiple ClusterNetworks
+ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size
+HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If
+the HostPrefix field is not used by the plugin, it can be left unset.
+Not all network providers support multiple ClusterNetworks
 --
 
 Type::
@@ -740,7 +869,8 @@ Type::
 Description::
 +
 --
-ipsecConfig enables and configures IPsec for pods on the pod network within the cluster.
+ipsecConfig enables and configures IPsec for pods on the pod network within the
+cluster.
 --
 
 Type::
@@ -755,14 +885,23 @@ Type::
 
 | `mode`
 | `string`
-| mode defines the behaviour of the ipsec configuration within the platform. Valid values are `Disabled`, `External` and `Full`. When 'Disabled', ipsec will not be enabled at the node level. When 'External', ipsec is enabled on the node level but requires the user to configure the secure communication parameters. This mode is for external secure communications and the configuration can be done using the k8s-nmstate operator. When 'Full', ipsec is configured on the node level and inter-pod secure communication within the cluster is configured. Note with `Full`, if ipsec is desired for communication with external (to the cluster) entities (such as storage arrays), this is left to the user to configure.
+| mode defines the behaviour of the ipsec configuration within the platform.
+Valid values are `Disabled`, `External` and `Full`.
+When 'Disabled', ipsec will not be enabled at the node level.
+When 'External', ipsec is enabled on the node level but requires the user to configure the secure communication parameters.
+This mode is for external secure communications and the configuration can be done using the k8s-nmstate operator.
+When 'Full', ipsec is configured on the node level and inter-pod secure communication within the cluster is configured.
+Note with `Full`, if ipsec is desired for communication with external (to the cluster) entities (such as storage arrays),
+this is left to the user to configure.
 
 |===
 === .spec.defaultNetwork.ovnKubernetesConfig.ipv4
 Description::
 +
 --
-ipv4 allows users to configure IP settings for IPv4 connections. When ommitted, this means no opinions and the default configuration is used. Check individual fields within ipv4 for details of default values.
+ipv4 allows users to configure IP settings for IPv4 connections. When ommitted,
+this means no opinions and the default configuration is used. Check individual
+fields within ipv4 for details of default values.
 --
 
 Type::
@@ -777,18 +916,37 @@ Type::
 
 | `internalJoinSubnet`
 | `string`
-| internalJoinSubnet is a v4 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. The value cannot be changed after installation. The current default value is 100.64.0.0/16 The subnet must be large enough to accomadate one IP per node in your cluster The value must be in proper IPV4 CIDR format
+| internalJoinSubnet is a v4 subnet used internally by ovn-kubernetes in case the
+default one is being already used by something else. It must not overlap with
+any other subnet being used by OpenShift or by the node network. The size of the
+subnet must be larger than the number of nodes. The value cannot be changed
+after installation.
+The current default value is 100.64.0.0/16
+The subnet must be large enough to accomadate one IP per node in your cluster
+The value must be in proper IPV4 CIDR format
 
 | `internalTransitSwitchSubnet`
 | `string`
-| internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect architecture that connects the cluster routers on each node together to enable east west traffic. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. The value cannot be changed after installation. When ommitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The current default subnet is 100.88.0.0/16 The subnet must be large enough to accomadate one IP per node in your cluster The value must be in proper IPV4 CIDR format
+| internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally
+by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect
+architecture that connects the cluster routers on each node together to enable
+east west traffic. The subnet chosen should not overlap with other networks
+specified for OVN-Kubernetes as well as other networks used on the host.
+The value cannot be changed after installation.
+When ommitted, this means no opinion and the platform is left to choose a reasonable
+default which is subject to change over time.
+The current default subnet is 100.88.0.0/16
+The subnet must be large enough to accomadate one IP per node in your cluster
+The value must be in proper IPV4 CIDR format
 
 |===
 === .spec.defaultNetwork.ovnKubernetesConfig.ipv6
 Description::
 +
 --
-ipv6 allows users to configure IP settings for IPv6 connections. When ommitted, this means no opinions and the default configuration is used. Check individual fields within ipv4 for details of default values.
+ipv6 allows users to configure IP settings for IPv6 connections. When ommitted,
+this means no opinions and the default configuration is used. Check individual
+fields within ipv4 for details of default values.
 --
 
 Type::
@@ -803,18 +961,38 @@ Type::
 
 | `internalJoinSubnet`
 | `string`
-| internalJoinSubnet is a v6 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. The value cannot be changed after installation. The subnet must be large enough to accomadate one IP per node in your cluster The current default value is fd98::/48 The value must be in proper IPV6 CIDR format Note that IPV6 dual addresses are not permitted
+| internalJoinSubnet is a v6 subnet used internally by ovn-kubernetes in case the
+default one is being already used by something else. It must not overlap with
+any other subnet being used by OpenShift or by the node network. The size of the
+subnet must be larger than the number of nodes. The value cannot be changed
+after installation.
+The subnet must be large enough to accomadate one IP per node in your cluster
+The current default value is fd98::/48
+The value must be in proper IPV6 CIDR format
+Note that IPV6 dual addresses are not permitted
 
 | `internalTransitSwitchSubnet`
 | `string`
-| internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect architecture that connects the cluster routers on each node together to enable east west traffic. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. The value cannot be changed after installation. When ommitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The subnet must be large enough to accomadate one IP per node in your cluster The current default subnet is fd97::/64 The value must be in proper IPV6 CIDR format Note that IPV6 dual addresses are not permitted
+| internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally
+by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect
+architecture that connects the cluster routers on each node together to enable
+east west traffic. The subnet chosen should not overlap with other networks
+specified for OVN-Kubernetes as well as other networks used on the host.
+The value cannot be changed after installation.
+When ommitted, this means no opinion and the platform is left to choose a reasonable
+default which is subject to change over time.
+The subnet must be large enough to accomadate one IP per node in your cluster
+The current default subnet is fd97::/64
+The value must be in proper IPV6 CIDR format
+Note that IPV6 dual addresses are not permitted
 
 |===
 === .spec.defaultNetwork.ovnKubernetesConfig.policyAuditConfig
 Description::
 +
 --
-policyAuditConfig is the configuration for network policy audit events. If unset, reported defaults are used.
+policyAuditConfig is the configuration for network policy audit events. If unset,
+reported defaults are used.
 --
 
 Type::
@@ -829,11 +1007,21 @@ Type::
 
 | `destination`
 | `string`
-| destination is the location for policy log messages. Regardless of this config, persistent logs will always be dumped to the host at /var/log/ovn/ however Additionally syslog output may be configured as follows. Valid values are: - "libc" -> to use the libc syslog() function of the host node's journdald process - "udp:host:port" -> for sending syslog over UDP - "unix:file" -> for using the UNIX domain socket directly - "null" -> to discard all messages logged to syslog The default is "null"
+| destination is the location for policy log messages.
+Regardless of this config, persistent logs will always be dumped to the host
+at /var/log/ovn/ however
+Additionally syslog output may be configured as follows.
+Valid values are:
+- "libc" -> to use the libc syslog() function of the host node's journdald process
+- "udp:host:port" -> for sending syslog over UDP
+- "unix:file" -> for using the UNIX domain socket directly
+- "null" -> to discard all messages logged to syslog
+The default is "null"
 
 | `maxFileSize`
 | `integer`
-| maxFilesSize is the max size an ACL_audit log file is allowed to reach before rotation occurs Units are in MB and the Default is 50MB
+| maxFilesSize is the max size an ACL_audit log file is allowed to reach before rotation occurs
+Units are in MB and the Default is 50MB
 
 | `maxLogFiles`
 | `integer`
@@ -841,7 +1029,8 @@ Type::
 
 | `rateLimit`
 | `integer`
-| rateLimit is the approximate maximum number of messages to generate per-second per-node. If unset the default of 20 msg/sec is used.
+| rateLimit is the approximate maximum number of messages to generate per-second per-node. If
+unset the default of 20 msg/sec is used.
 
 | `syslogFacility`
 | `string`
@@ -852,7 +1041,9 @@ Type::
 Description::
 +
 --
-exportNetworkFlows enables and configures the export of network flow metadata from the pod network by using protocols NetFlow, SFlow or IPFIX. Currently only supported on OVN-Kubernetes plugin. If unset, flows will not be exported to any collector.
+exportNetworkFlows enables and configures the export of network flow metadata from the pod network
+by using protocols NetFlow, SFlow or IPFIX. Currently only supported on OVN-Kubernetes plugin.
+If unset, flows will not be exported to any collector.
 --
 
 Type::
@@ -919,7 +1110,8 @@ Type::
 
 | `collectors`
 | `array (string)`
-| netFlow defines the NetFlow collectors that will consume the flow data exported from OVS. It is a list of strings formatted as ip:port with a maximum of ten items
+| netFlow defines the NetFlow collectors that will consume the flow data exported from OVS.
+It is a list of strings formatted as ip:port with a maximum of ten items
 
 |===
 === .spec.exportNetworkFlows.sFlow
@@ -948,7 +1140,9 @@ Type::
 Description::
 +
 --
-kubeProxyConfig lets us configure desired proxy configuration, if deployKubeProxy is true. If not specified, sensible defaults will be chosen by OpenShift directly.
+kubeProxyConfig lets us configure desired proxy configuration, if
+deployKubeProxy is true. If not specified, sensible defaults will be chosen by
+OpenShift directly.
 --
 
 Type::
@@ -963,11 +1157,15 @@ Type::
 
 | `bindAddress`
 | `string`
-| The address to "bind" on Defaults to 0.0.0.0
+| The address to "bind" on
+Defaults to 0.0.0.0
 
 | `iptablesSyncPeriod`
 | `string`
-| An internal kube-proxy parameter. In older releases of OCP, this sometimes needed to be adjusted in large clusters for performance reasons, but this is no longer necessary, and there is no reason to change this from the default value. Default: 30s
+| An internal kube-proxy parameter. In older releases of OCP, this sometimes needed to be adjusted
+in large clusters for performance reasons, but this is no longer necessary, and there is no reason
+to change this from the default value.
+Default: 30s
 
 | `proxyArguments`
 | `object`
@@ -995,7 +1193,8 @@ Type::
 Description::
 +
 --
-migration enables and configures cluster network migration, for network changes that cannot be made instantly.
+migration enables and configures cluster network migration, for network changes
+that cannot be made instantly.
 --
 
 Type::
@@ -1010,26 +1209,42 @@ Type::
 
 | `features`
 | `object`
-| features was previously used to configure which network plugin features would be migrated in a network type migration. DEPRECATED: network type migration is no longer supported, and setting this to a non-empty value will result in the network operator rejecting the configuration.
+| features was previously used to configure which network plugin features
+would be migrated in a network type migration.
+DEPRECATED: network type migration is no longer supported, and setting
+this to a non-empty value will result in the network operator rejecting
+the configuration.
 
 | `mode`
 | `string`
-| mode indicates the mode of network type migration. DEPRECATED: network type migration is no longer supported, and setting this to a non-empty value will result in the network operator rejecting the configuration.
+| mode indicates the mode of network type migration.
+DEPRECATED: network type migration is no longer supported, and setting
+this to a non-empty value will result in the network operator rejecting
+the configuration.
 
 | `mtu`
 | `object`
-| mtu contains the MTU migration configuration. Set this to allow changing the MTU values for the default network. If unset, the operation of changing the MTU for the default network will be rejected.
+| mtu contains the MTU migration configuration. Set this to allow changing
+the MTU values for the default network. If unset, the operation of
+changing the MTU for the default network will be rejected.
 
 | `networkType`
 | `string`
-| networkType was previously used when changing the default network type. DEPRECATED: network type migration is no longer supported, and setting this to a non-empty value will result in the network operator rejecting the configuration.
+| networkType was previously used when changing the default network type.
+DEPRECATED: network type migration is no longer supported, and setting
+this to a non-empty value will result in the network operator rejecting
+the configuration.
 
 |===
 === .spec.migration.features
 Description::
 +
 --
-features was previously used to configure which network plugin features would be migrated in a network type migration. DEPRECATED: network type migration is no longer supported, and setting this to a non-empty value will result in the network operator rejecting the configuration.
+features was previously used to configure which network plugin features
+would be migrated in a network type migration.
+DEPRECATED: network type migration is no longer supported, and setting
+this to a non-empty value will result in the network operator rejecting
+the configuration.
 --
 
 Type::
@@ -1044,22 +1259,27 @@ Type::
 
 | `egressFirewall`
 | `boolean`
-| egressFirewall specified whether or not the Egress Firewall configuration was migrated. DEPRECATED: network type migration is no longer supported.
+| egressFirewall specified whether or not the Egress Firewall configuration was migrated.
+DEPRECATED: network type migration is no longer supported.
 
 | `egressIP`
 | `boolean`
-| egressIP specified whether or not the Egress IP configuration was migrated. DEPRECATED: network type migration is no longer supported.
+| egressIP specified whether or not the Egress IP configuration was migrated.
+DEPRECATED: network type migration is no longer supported.
 
 | `multicast`
 | `boolean`
-| multicast specified whether or not the multicast configuration was migrated. DEPRECATED: network type migration is no longer supported.
+| multicast specified whether or not the multicast configuration was migrated.
+DEPRECATED: network type migration is no longer supported.
 
 |===
 === .spec.migration.mtu
 Description::
 +
 --
-mtu contains the MTU migration configuration. Set this to allow changing the MTU values for the default network. If unset, the operation of changing the MTU for the default network will be rejected.
+mtu contains the MTU migration configuration. Set this to allow changing
+the MTU values for the default network. If unset, the operation of
+changing the MTU for the default network will be rejected.
 --
 
 Type::
@@ -1074,18 +1294,24 @@ Type::
 
 | `machine`
 | `object`
-| machine contains MTU migration configuration for the machine's uplink. Needs to be migrated along with the default network MTU unless the current uplink MTU already accommodates the default network MTU.
+| machine contains MTU migration configuration for the machine's uplink.
+Needs to be migrated along with the default network MTU unless the
+current uplink MTU already accommodates the default network MTU.
 
 | `network`
 | `object`
-| network contains information about MTU migration for the default network. Migrations are only allowed to MTU values lower than the machine's uplink MTU by the minimum appropriate offset.
+| network contains information about MTU migration for the default network.
+Migrations are only allowed to MTU values lower than the machine's uplink
+MTU by the minimum appropriate offset.
 
 |===
 === .spec.migration.mtu.machine
 Description::
 +
 --
-machine contains MTU migration configuration for the machine's uplink. Needs to be migrated along with the default network MTU unless the current uplink MTU already accommodates the default network MTU.
+machine contains MTU migration configuration for the machine's uplink.
+Needs to be migrated along with the default network MTU unless the
+current uplink MTU already accommodates the default network MTU.
 --
 
 Type::
@@ -1111,7 +1337,9 @@ Type::
 Description::
 +
 --
-network contains information about MTU migration for the default network. Migrations are only allowed to MTU values lower than the machine's uplink MTU by the minimum appropriate offset.
+network contains information about MTU migration for the default network.
+Migrations are only allowed to MTU values lower than the machine's uplink
+MTU by the minimum appropriate offset.
 --
 
 Type::
@@ -1137,7 +1365,8 @@ Type::
 Description::
 +
 --
-NetworkStatus is detailed operator status, which is distilled up to the Network clusteroperator object.
+NetworkStatus is detailed operator status, which is distilled
+up to the Network clusteroperator object.
 --
 
 Type::
@@ -1166,6 +1395,10 @@ Type::
 | `object`
 | GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.
 
+| `latestAvailableRevision`
+| `integer`
+| latestAvailableRevision is the deploymentID of the most recent deployment
+
 | `observedGeneration`
 | `integer`
 | observedGeneration is the last generation change you've dealt with
@@ -1203,6 +1436,8 @@ Type::
   `object`
 
 Required::
+  - `lastTransitionTime`
+  - `status`
   - `type`
 
 
@@ -1213,7 +1448,8 @@ Required::
 
 | `lastTransitionTime`
 | `string`
-| 
+| lastTransitionTime is the last time the condition transitioned from one status to another.
+This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
 
 | `message`
 | `string`
@@ -1225,11 +1461,11 @@ Required::
 
 | `status`
 | `string`
-| 
+| status of the condition, one of True, False, Unknown.
 
 | `type`
 | `string`
-| 
+| type of condition in CamelCase or in foo.example.com/CamelCase.
 
 |===
 === .status.generations
@@ -1255,6 +1491,11 @@ GenerationStatus keeps track of the generation for a given resource so that deci
 Type::
   `object`
 
+Required::
+  - `group`
+  - `name`
+  - `namespace`
+  - `resource`
 
 
 
@@ -1301,6 +1542,10 @@ The following API endpoints are available:
 - `GET`: read the specified Network
 - `PATCH`: partially update the specified Network
 - `PUT`: replace the specified Network
+* `/apis/operator.openshift.io/v1/networks/{name}/status`
+- `GET`: read status of the specified Network
+- `PATCH`: partially update status of the specified Network
+- `PUT`: replace status of the specified Network
 
 
 === /apis/operator.openshift.io/v1/networks
@@ -1519,3 +1764,105 @@ Description::
 |===
 
 
+=== /apis/operator.openshift.io/v1/networks/{name}/status
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the Network
+|===
+
+
+HTTP method::
+  `GET`
+
+Description::
+  read status of the specified Network
+
+
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../operator_apis/network-operator-openshift-io-v1.adoc#network-operator-openshift-io-v1[`Network`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update status of the specified Network
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../operator_apis/network-operator-openshift-io-v1.adoc#network-operator-openshift-io-v1[`Network`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace status of the specified Network
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../operator_apis/network-operator-openshift-io-v1.adoc#network-operator-openshift-io-v1[`Network`] schema
+| 
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../operator_apis/network-operator-openshift-io-v1.adoc#network-operator-openshift-io-v1[`Network`] schema
+| 201 - Created
+| xref:../operator_apis/network-operator-openshift-io-v1.adoc#network-operator-openshift-io-v1[`Network`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/rest_api/operator_apis/openshiftapiserver-operator-openshift-io-v1.adoc b/rest_api/operator_apis/openshiftapiserver-operator-openshift-io-v1.adoc
index ef13199d7f..c945328847 100644
--- a/rest_api/operator_apis/openshiftapiserver-operator-openshift-io-v1.adoc
+++ b/rest_api/operator_apis/openshiftapiserver-operator-openshift-io-v1.adoc
@@ -11,8 +11,9 @@ toc::[]
 Description::
 +
 --
-OpenShiftAPIServer provides information to configure an operator to manage openshift-apiserver. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+OpenShiftAPIServer provides information to configure an operator to manage openshift-apiserver.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -68,8 +69,11 @@ Type::
 
 | `logLevel`
 | `string`
-| logLevel is an intent based logging for an overall component.  It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. 
- Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".
+| logLevel is an intent based logging for an overall component.  It does not give fine grained control, but it is a
+simple way to manage coarse grained logging choices that operators have to interpret for their operands.
+
+Valid values are: "Normal", "Debug", "Trace", "TraceAll".
+Defaults to "Normal".
 
 | `managementState`
 | `string`
@@ -77,16 +81,24 @@ Type::
 
 | `observedConfig`
 | ``
-| observedConfig holds a sparse config that controller has observed from the cluster state.  It exists in spec because it is an input to the level for the operator
+| observedConfig holds a sparse config that controller has observed from the cluster state.  It exists in spec because
+it is an input to the level for the operator
 
 | `operatorLogLevel`
 | `string`
-| operatorLogLevel is an intent based logging for the operator itself.  It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. 
- Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".
+| operatorLogLevel is an intent based logging for the operator itself.  It does not give fine grained control, but it is a
+simple way to manage coarse grained logging choices that operators have to interpret for themselves.
+
+Valid values are: "Normal", "Debug", "Trace", "TraceAll".
+Defaults to "Normal".
 
 | `unsupportedConfigOverrides`
 | ``
-| unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
+| unsupportedConfigOverrides overrides the final configuration that was computed by the operator.
+Red Hat does not support the use of this field.
+Misuse of this field could lead to unexpected behavior or conflict with other configuration options.
+Seek guidance from the Red Hat support before using this field.
+Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
 
 |===
 === .status
@@ -124,7 +136,7 @@ Type::
 
 | `latestAvailableRevision`
 | `integer`
-| latestAvailableRevision is the latest revision used as suffix of revisioned secrets like encryption-config. A new revision causes a new deployment of pods.
+| latestAvailableRevision is the deploymentID of the most recent deployment
 
 | `observedGeneration`
 | `integer`
@@ -163,6 +175,8 @@ Type::
   `object`
 
 Required::
+  - `lastTransitionTime`
+  - `status`
   - `type`
 
 
@@ -173,7 +187,8 @@ Required::
 
 | `lastTransitionTime`
 | `string`
-| 
+| lastTransitionTime is the last time the condition transitioned from one status to another.
+This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
 
 | `message`
 | `string`
@@ -185,11 +200,11 @@ Required::
 
 | `status`
 | `string`
-| 
+| status of the condition, one of True, False, Unknown.
 
 | `type`
 | `string`
-| 
+| type of condition in CamelCase or in foo.example.com/CamelCase.
 
 |===
 === .status.generations
@@ -215,6 +230,11 @@ GenerationStatus keeps track of the generation for a given resource so that deci
 Type::
   `object`
 
+Required::
+  - `group`
+  - `name`
+  - `namespace`
+  - `resource`
 
 
 
diff --git a/rest_api/operator_apis/openshiftcontrollermanager-operator-openshift-io-v1.adoc b/rest_api/operator_apis/openshiftcontrollermanager-operator-openshift-io-v1.adoc
index 91e822d552..f6a62c34a9 100644
--- a/rest_api/operator_apis/openshiftcontrollermanager-operator-openshift-io-v1.adoc
+++ b/rest_api/operator_apis/openshiftcontrollermanager-operator-openshift-io-v1.adoc
@@ -11,8 +11,9 @@ toc::[]
 Description::
 +
 --
-OpenShiftControllerManager provides information to configure an operator to manage openshift-controller-manager. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+OpenShiftControllerManager provides information to configure an operator to manage openshift-controller-manager.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -68,8 +69,11 @@ Type::
 
 | `logLevel`
 | `string`
-| logLevel is an intent based logging for an overall component.  It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. 
- Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".
+| logLevel is an intent based logging for an overall component.  It does not give fine grained control, but it is a
+simple way to manage coarse grained logging choices that operators have to interpret for their operands.
+
+Valid values are: "Normal", "Debug", "Trace", "TraceAll".
+Defaults to "Normal".
 
 | `managementState`
 | `string`
@@ -77,16 +81,24 @@ Type::
 
 | `observedConfig`
 | ``
-| observedConfig holds a sparse config that controller has observed from the cluster state.  It exists in spec because it is an input to the level for the operator
+| observedConfig holds a sparse config that controller has observed from the cluster state.  It exists in spec because
+it is an input to the level for the operator
 
 | `operatorLogLevel`
 | `string`
-| operatorLogLevel is an intent based logging for the operator itself.  It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. 
- Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".
+| operatorLogLevel is an intent based logging for the operator itself.  It does not give fine grained control, but it is a
+simple way to manage coarse grained logging choices that operators have to interpret for themselves.
+
+Valid values are: "Normal", "Debug", "Trace", "TraceAll".
+Defaults to "Normal".
 
 | `unsupportedConfigOverrides`
 | ``
-| unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
+| unsupportedConfigOverrides overrides the final configuration that was computed by the operator.
+Red Hat does not support the use of this field.
+Misuse of this field could lead to unexpected behavior or conflict with other configuration options.
+Seek guidance from the Red Hat support before using this field.
+Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
 
 |===
 === .status
@@ -122,6 +134,10 @@ Type::
 | `object`
 | GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.
 
+| `latestAvailableRevision`
+| `integer`
+| latestAvailableRevision is the deploymentID of the most recent deployment
+
 | `observedGeneration`
 | `integer`
 | observedGeneration is the last generation change you've dealt with
@@ -159,6 +175,8 @@ Type::
   `object`
 
 Required::
+  - `lastTransitionTime`
+  - `status`
   - `type`
 
 
@@ -169,7 +187,8 @@ Required::
 
 | `lastTransitionTime`
 | `string`
-| 
+| lastTransitionTime is the last time the condition transitioned from one status to another.
+This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
 
 | `message`
 | `string`
@@ -181,11 +200,11 @@ Required::
 
 | `status`
 | `string`
-| 
+| status of the condition, one of True, False, Unknown.
 
 | `type`
 | `string`
-| 
+| type of condition in CamelCase or in foo.example.com/CamelCase.
 
 |===
 === .status.generations
@@ -211,6 +230,11 @@ GenerationStatus keeps track of the generation for a given resource so that deci
 Type::
   `object`
 
+Required::
+  - `group`
+  - `name`
+  - `namespace`
+  - `resource`
 
 
 
diff --git a/rest_api/operator_apis/operator-apis-index.adoc b/rest_api/operator_apis/operator-apis-index.adoc
index 92ab313774..d0e3365978 100644
--- a/rest_api/operator_apis/operator-apis-index.adoc
+++ b/rest_api/operator_apis/operator-apis-index.adoc
@@ -12,8 +12,9 @@ toc::[]
 Description::
 +
 --
-Authentication provides information to configure an operator to manage authentication. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+Authentication provides information to configure an operator to manage authentication.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -36,8 +37,11 @@ Type::
 Description::
 +
 --
-ClusterCSIDriver object allows management and configuration of a CSI driver operator installed by default in OpenShift. Name of the object must be name of the CSI driver it operates. See CSIDriverName type for list of allowed values. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ClusterCSIDriver object allows management and configuration of a CSI driver operator
+installed by default in OpenShift. Name of the object must be name of the CSI driver
+it operates. See CSIDriverName type for list of allowed values.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -48,8 +52,9 @@ Type::
 Description::
 +
 --
-Console provides a means to configure an operator to manage the console. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+Console provides a means to configure an operator to manage the console.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -60,8 +65,10 @@ Type::
 Description::
 +
 --
-Config specifies the behavior of the config operator which is responsible for creating the initial configuration of other components on the cluster.  The operator also handles installation, migration or synchronization of cloud configurations for AWS and Azure cloud based clusters 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+Config specifies the behavior of the config operator which is responsible for creating the initial configuration of other components
+on the cluster.  The operator also handles installation, migration or synchronization of cloud configurations for AWS and Azure cloud based clusters
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -96,8 +103,9 @@ Type::
 Description::
 +
 --
-CSISnapshotController provides a means to configure an operator to manage the CSI snapshots. `cluster` is the canonical name. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+CSISnapshotController provides a means to configure an operator to manage the CSI snapshots. `cluster` is the canonical name.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -122,10 +130,16 @@ Type::
 Description::
 +
 --
-DNSRecord is a DNS record managed in the zones defined by dns.config.openshift.io/cluster .spec.publicZone and .spec.privateZone. 
- Cluster admin manipulation of this resource is not supported. This resource is only for internal communication of OpenShift operators. 
- If DNSManagementPolicy is "Unmanaged", the operator will not be responsible for managing the DNS records on the cloud provider. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+DNSRecord is a DNS record managed in the zones defined by
+dns.config.openshift.io/cluster .spec.publicZone and .spec.privateZone.
+
+Cluster admin manipulation of this resource is not supported. This resource
+is only for internal communication of OpenShift operators.
+
+If DNSManagementPolicy is "Unmanaged", the operator will not be responsible
+for managing the DNS records on the cloud provider.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -136,8 +150,9 @@ Type::
 Description::
 +
 --
-Etcd provides information to configure an operator to manage etcd. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+Etcd provides information to configure an operator to manage etcd.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -148,8 +163,10 @@ Type::
 Description::
 +
 --
-ImageContentSourcePolicy holds cluster-wide information about how to handle registry mirror rules. When multiple policies are defined, the outcome of the behavior is defined on each field. 
- Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.
+ImageContentSourcePolicy holds cluster-wide information about how to handle registry mirror rules.
+When multiple policies are defined, the outcome of the behavior is defined on each field.
+
+Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.
 --
 
 Type::
@@ -172,11 +189,21 @@ Type::
 Description::
 +
 --
-IngressController describes a managed ingress controller for the cluster. The controller can service OpenShift Route and Kubernetes Ingress resources. 
- When an IngressController is created, a new ingress controller deployment is created to allow external traffic to reach the services that expose Ingress or Route resources. Updating this resource may lead to disruption for public facing network connections as a new ingress controller revision may be rolled out. 
- https://kubernetes.io/docs/concepts/services-networking/ingress-controllers 
- Whenever possible, sensible defaults for the platform are used. See each field for more details. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+IngressController describes a managed ingress controller for the cluster. The
+controller can service OpenShift Route and Kubernetes Ingress resources.
+
+When an IngressController is created, a new ingress controller deployment is
+created to allow external traffic to reach the services that expose Ingress
+or Route resources. Updating this resource may lead to disruption for public
+facing network connections as a new ingress controller revision may be rolled
+out.
+
+https://kubernetes.io/docs/concepts/services-networking/ingress-controllers
+
+Whenever possible, sensible defaults for the platform are used. See each
+field for more details.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -199,8 +226,9 @@ Type::
 Description::
 +
 --
-KubeAPIServer provides information to configure an operator to manage kube-apiserver. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+KubeAPIServer provides information to configure an operator to manage kube-apiserver.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -211,8 +239,9 @@ Type::
 Description::
 +
 --
-KubeControllerManager provides information to configure an operator to manage kube-controller-manager. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+KubeControllerManager provides information to configure an operator to manage kube-controller-manager.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -223,8 +252,9 @@ Type::
 Description::
 +
 --
-KubeScheduler provides information to configure an operator to manage scheduler. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+KubeScheduler provides information to configure an operator to manage scheduler.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -247,8 +277,9 @@ Type::
 Description::
 +
 --
-MachineConfiguration provides information to configure an operator to manage Machine Configuration. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+MachineConfiguration provides information to configure an operator to manage Machine Configuration.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -259,8 +290,10 @@ Type::
 Description::
 +
 --
-Network describes the cluster's desired network configuration. It is consumed by the cluster-network-operator. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+Network describes the cluster's desired network configuration. It is
+consumed by the cluster-network-operator.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -271,8 +304,9 @@ Type::
 Description::
 +
 --
-OpenShiftAPIServer provides information to configure an operator to manage openshift-apiserver. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+OpenShiftAPIServer provides information to configure an operator to manage openshift-apiserver.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -283,8 +317,9 @@ Type::
 Description::
 +
 --
-OpenShiftControllerManager provides information to configure an operator to manage openshift-controller-manager. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+OpenShiftControllerManager provides information to configure an operator to manage openshift-controller-manager.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -300,28 +335,22 @@ use - rather, it is internal to the network operator. The CNO creates a CA and
 a certificate signed by that CA. The certificate has both ClientAuth
 and ServerAuth extended usages enabled.
 
-
 	More specifically, given an OperatorPKI with <name>, the CNO will manage:
 
-
 - A Secret called <name>-ca with two data keys:
   - tls.key - the private key
   - tls.crt - the CA certificate
 
-
 - A ConfigMap called <name>-ca with a single data key:
   - cabundle.crt - the CA certificate(s)
 
-
 - A Secret called <name>-cert with two data keys:
   - tls.key - the private key
   - tls.crt - the certificate, signed by the CA
 
-
 The CA certificate will have a validity of 10 years, rotated after 9.
 The target certificate will have a validity of 6 months, rotated after 3
 
-
 The CA certificate will have a CommonName of "<namespace>_<name>-ca@<timestamp>", where
 <timestamp> is the last rotation time.
 --
@@ -346,8 +375,9 @@ Type::
 Description::
 +
 --
-Storage provides a means to configure an operator to manage the cluster storage operator. `cluster` is the canonical name. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+Storage provides a means to configure an operator to manage the cluster storage operator. `cluster` is the canonical name.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
diff --git a/rest_api/operator_apis/operatorpki-network-operator-openshift-io-v1.adoc b/rest_api/operator_apis/operatorpki-network-operator-openshift-io-v1.adoc
index 55c9db7c45..fb66fcea28 100644
--- a/rest_api/operator_apis/operatorpki-network-operator-openshift-io-v1.adoc
+++ b/rest_api/operator_apis/operatorpki-network-operator-openshift-io-v1.adoc
@@ -16,28 +16,22 @@ use - rather, it is internal to the network operator. The CNO creates a CA and
 a certificate signed by that CA. The certificate has both ClientAuth
 and ServerAuth extended usages enabled.
 
-
 	More specifically, given an OperatorPKI with <name>, the CNO will manage:
 
-
 - A Secret called <name>-ca with two data keys:
   - tls.key - the private key
   - tls.crt - the CA certificate
 
-
 - A ConfigMap called <name>-ca with a single data key:
   - cabundle.crt - the CA certificate(s)
 
-
 - A Secret called <name>-cert with two data keys:
   - tls.key - the private key
   - tls.crt - the certificate, signed by the CA
 
-
 The CA certificate will have a validity of 10 years, rotated after 9.
 The target certificate will have a validity of 6 months, rotated after 3
 
-
 The CA certificate will have a CommonName of "<namespace>_<name>-ca@<timestamp>", where
 <timestamp> is the last rotation time.
 --
diff --git a/rest_api/operator_apis/storage-operator-openshift-io-v1.adoc b/rest_api/operator_apis/storage-operator-openshift-io-v1.adoc
index ed630f66b5..b1dd77ee30 100644
--- a/rest_api/operator_apis/storage-operator-openshift-io-v1.adoc
+++ b/rest_api/operator_apis/storage-operator-openshift-io-v1.adoc
@@ -11,8 +11,9 @@ toc::[]
 Description::
 +
 --
-Storage provides a means to configure an operator to manage the cluster storage operator. `cluster` is the canonical name. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+Storage provides a means to configure an operator to manage the cluster storage operator. `cluster` is the canonical name.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -68,8 +69,11 @@ Type::
 
 | `logLevel`
 | `string`
-| logLevel is an intent based logging for an overall component.  It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. 
- Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".
+| logLevel is an intent based logging for an overall component.  It does not give fine grained control, but it is a
+simple way to manage coarse grained logging choices that operators have to interpret for their operands.
+
+Valid values are: "Normal", "Debug", "Trace", "TraceAll".
+Defaults to "Normal".
 
 | `managementState`
 | `string`
@@ -77,20 +81,33 @@ Type::
 
 | `observedConfig`
 | ``
-| observedConfig holds a sparse config that controller has observed from the cluster state.  It exists in spec because it is an input to the level for the operator
+| observedConfig holds a sparse config that controller has observed from the cluster state.  It exists in spec because
+it is an input to the level for the operator
 
 | `operatorLogLevel`
 | `string`
-| operatorLogLevel is an intent based logging for the operator itself.  It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. 
- Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".
+| operatorLogLevel is an intent based logging for the operator itself.  It does not give fine grained control, but it is a
+simple way to manage coarse grained logging choices that operators have to interpret for themselves.
+
+Valid values are: "Normal", "Debug", "Trace", "TraceAll".
+Defaults to "Normal".
 
 | `unsupportedConfigOverrides`
 | ``
-| unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
+| unsupportedConfigOverrides overrides the final configuration that was computed by the operator.
+Red Hat does not support the use of this field.
+Misuse of this field could lead to unexpected behavior or conflict with other configuration options.
+Seek guidance from the Red Hat support before using this field.
+Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
 
 | `vsphereStorageDriver`
 | `string`
-| VSphereStorageDriver indicates the storage driver to use on VSphere clusters. Once this field is set to CSIWithMigrationDriver, it can not be changed. If this is empty, the platform will choose a good default, which may change over time without notice. The current default is CSIWithMigrationDriver and may not be changed. DEPRECATED: This field will be removed in a future release.
+| VSphereStorageDriver indicates the storage driver to use on VSphere clusters.
+Once this field is set to CSIWithMigrationDriver, it can not be changed.
+If this is empty, the platform will choose a good default,
+which may change over time without notice.
+The current default is CSIWithMigrationDriver and may not be changed.
+DEPRECATED: This field will be removed in a future release.
 
 |===
 === .status
@@ -126,6 +143,10 @@ Type::
 | `object`
 | GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.
 
+| `latestAvailableRevision`
+| `integer`
+| latestAvailableRevision is the deploymentID of the most recent deployment
+
 | `observedGeneration`
 | `integer`
 | observedGeneration is the last generation change you've dealt with
@@ -163,6 +184,8 @@ Type::
   `object`
 
 Required::
+  - `lastTransitionTime`
+  - `status`
   - `type`
 
 
@@ -173,7 +196,8 @@ Required::
 
 | `lastTransitionTime`
 | `string`
-| 
+| lastTransitionTime is the last time the condition transitioned from one status to another.
+This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
 
 | `message`
 | `string`
@@ -185,11 +209,11 @@ Required::
 
 | `status`
 | `string`
-| 
+| status of the condition, one of True, False, Unknown.
 
 | `type`
 | `string`
-| 
+| type of condition in CamelCase or in foo.example.com/CamelCase.
 
 |===
 === .status.generations
@@ -215,6 +239,11 @@ GenerationStatus keeps track of the generation for a given resource so that deci
 Type::
   `object`
 
+Required::
+  - `group`
+  - `name`
+  - `namespace`
+  - `resource`
 
 
 
diff --git a/rest_api/operatorhub_apis/catalogsource-operators-coreos-com-v1alpha1.adoc b/rest_api/operatorhub_apis/catalogsource-operators-coreos-com-v1alpha1.adoc
index 55293c2d93..9820aaf63b 100644
--- a/rest_api/operatorhub_apis/catalogsource-operators-coreos-com-v1alpha1.adoc
+++ b/rest_api/operatorhub_apis/catalogsource-operators-coreos-com-v1alpha1.adoc
@@ -172,13 +172,11 @@ will have the following modifications made to the container running the server:
 - the $GOMEMLIMIT environment variable will be set to this value in bytes
 - the memory request will be set to this value
 
-
 This field should be set if it's desired to reduce the footprint of a catalog server as much as possible, or if
 a catalog being served is very large and needs more than the default allocation. If your index image has a file-
 system cache, determine a good approximation for this value by doubling the size of the package cache at
 /tmp/cache/cache/packages.json in the index image.
 
-
 This field is best-effort; if unset, no default will be used and no Pod memory limit or $GOMEMLIMIT value will be set.
 
 | `nodeSelector`
@@ -203,7 +201,6 @@ will be configured as if `restricted` was specified. Otherwise, it will be confi
 specified. Specifying a value other than `legacy` or `restricted` result in a validation error. When using older
 catalog images, which can not run in `restricted` mode, the SecurityContextConfig should be set to `legacy`.
 
-
 More information about PSA can be found here: https://kubernetes.io/docs/concepts/security/pod-security-admission/'
 
 | `tolerations`
@@ -807,7 +804,7 @@ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incomin
 pod labels will be ignored. The default value is empty.
 The same key is forbidden to exist in both matchLabelKeys and labelSelector.
 Also, matchLabelKeys cannot be set when labelSelector isn't set.
-This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `mismatchLabelKeys`
 | `array (string)`
@@ -819,7 +816,7 @@ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incomin
 pod labels will be ignored. The default value is empty.
 The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
 Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
-This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `namespaceSelector`
 | `object`
@@ -1076,7 +1073,7 @@ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incomin
 pod labels will be ignored. The default value is empty.
 The same key is forbidden to exist in both matchLabelKeys and labelSelector.
 Also, matchLabelKeys cannot be set when labelSelector isn't set.
-This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `mismatchLabelKeys`
 | `array (string)`
@@ -1088,7 +1085,7 @@ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incomin
 pod labels will be ignored. The default value is empty.
 The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
 Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
-This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `namespaceSelector`
 | `object`
@@ -1425,7 +1422,7 @@ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incomin
 pod labels will be ignored. The default value is empty.
 The same key is forbidden to exist in both matchLabelKeys and labelSelector.
 Also, matchLabelKeys cannot be set when labelSelector isn't set.
-This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `mismatchLabelKeys`
 | `array (string)`
@@ -1437,7 +1434,7 @@ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incomin
 pod labels will be ignored. The default value is empty.
 The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
 Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
-This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `namespaceSelector`
 | `object`
@@ -1694,7 +1691,7 @@ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incomin
 pod labels will be ignored. The default value is empty.
 The same key is forbidden to exist in both matchLabelKeys and labelSelector.
 Also, matchLabelKeys cannot be set when labelSelector isn't set.
-This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `mismatchLabelKeys`
 | `array (string)`
@@ -1706,7 +1703,7 @@ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incomin
 pod labels will be ignored. The default value is empty.
 The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
 Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
-This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `namespaceSelector`
 | `object`
@@ -2099,22 +2096,6 @@ introduced will use conditions.
 | `conditions[]`
 | `object`
 | Condition contains details for one aspect of the current state of this API Resource.
----
-This struct is intended for direct use as an array at the field path .status.conditions.  For example,
-
-
-	type FooStatus struct{
-	    // Represents the observations of a foo's current state.
-	    // Known .status.conditions.type are: "Available", "Progressing", and "Degraded"
-	    // +patchMergeKey=type
-	    // +patchStrategy=merge
-	    // +listType=map
-	    // +listMapKey=type
-	    Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"`
-
-
-	    // other fields
-	}
 
 | `configMapReference`
 | `object`
@@ -2161,22 +2142,6 @@ Description::
 +
 --
 Condition contains details for one aspect of the current state of this API Resource.
----
-This struct is intended for direct use as an array at the field path .status.conditions.  For example,
-
-
-	type FooStatus struct{
-	    // Represents the observations of a foo's current state.
-	    // Known .status.conditions.type are: "Available", "Progressing", and "Degraded"
-	    // +patchMergeKey=type
-	    // +patchStrategy=merge
-	    // +listType=map
-	    // +listMapKey=type
-	    Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"`
-
-
-	    // other fields
-	}
 --
 
 Type::
@@ -2226,10 +2191,6 @@ This field may not be empty.
 | `type`
 | `string`
 | type of condition in CamelCase or in foo.example.com/CamelCase.
----
-Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
-useful (see .node.status.conditions), the ability to deconflict is important.
-The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
 
 |===
 === .status.configMapReference
diff --git a/rest_api/operatorhub_apis/clusterserviceversion-operators-coreos-com-v1alpha1.adoc b/rest_api/operatorhub_apis/clusterserviceversion-operators-coreos-com-v1alpha1.adoc
index 970c92bfec..617b178add 100644
--- a/rest_api/operatorhub_apis/clusterserviceversion-operators-coreos-com-v1alpha1.adoc
+++ b/rest_api/operatorhub_apis/clusterserviceversion-operators-coreos-com-v1alpha1.adoc
@@ -91,7 +91,6 @@ an operator being ran by ClusterServiceVersion.
 | CustomResourceDefinitions declares all of the CRDs managed or required by
 an operator being ran by ClusterServiceVersion.
 
-
 If the CRD is present in the Owned list, it is implicitly required.
 
 | `description`
@@ -897,7 +896,6 @@ Description::
 CustomResourceDefinitions declares all of the CRDs managed or required by
 an operator being ran by ClusterServiceVersion.
 
-
 If the CRD is present in the Owned list, it is implicitly required.
 --
 
@@ -1965,9 +1963,6 @@ Type::
 | `object`
 | Rolling update config params. Present only if DeploymentStrategyType =
 RollingUpdate.
----
-TODO: Update this to follow our convention for oneOf, whatever we decide it
-to be.
 
 | `type`
 | `string`
@@ -1980,9 +1975,6 @@ Description::
 --
 Rolling update config params. Present only if DeploymentStrategyType =
 RollingUpdate.
----
-TODO: Update this to follow our convention for oneOf, whatever we decide it
-to be.
 --
 
 Type::
@@ -2133,7 +2125,6 @@ scheduling guarantees, and they will not be restarted when they exit or when a P
 removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the
 Pod to exceed its resource allocation.
 
-
 To add an ephemeral container, use the ephemeralcontainers subresource of an existing
 Pod. Ephemeral containers may not be removed or restarted.
 
@@ -2213,9 +2204,11 @@ More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
 
 | `nodeName`
 | `string`
-| NodeName is a request to schedule this pod onto a specific node. If it is non-empty,
-the scheduler simply schedules this pod onto that node, assuming that it fits resource
-requirements.
+| NodeName indicates in which node this pod is scheduled.
+If empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName.
+Once this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod.
+This field should not be used to express a desire for the pod to be scheduled on a specific node.
+https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename
 
 | `nodeSelector`
 | `object (string)`
@@ -2228,11 +2221,9 @@ More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
 | Specifies the OS of the containers in the pod.
 Some pod and container fields are restricted if this is set.
 
-
 If the OS field is set to linux, the following fields must be unset:
 -securityContext.windowsOptions
 
-
 If the OS field is set to windows, following fields must be unset:
 - spec.hostPID
 - spec.hostIPC
@@ -2247,6 +2238,7 @@ If the OS field is set to windows, following fields must be unset:
 - spec.securityContext.runAsUser
 - spec.securityContext.runAsGroup
 - spec.securityContext.supplementalGroups
+- spec.securityContext.supplementalGroupsPolicy
 - spec.containers[*].securityContext.appArmorProfile
 - spec.containers[*].securityContext.seLinuxOptions
 - spec.containers[*].securityContext.seccompProfile
@@ -2309,16 +2301,17 @@ and reserved before the Pod is allowed to start. The resources
 will be made available to those containers which consume them
 by name.
 
-
 This is an alpha field and requires enabling the
 DynamicResourceAllocation feature gate.
 
-
 This field is immutable.
 
 | `resourceClaims[]`
 | `object`
-| PodResourceClaim references exactly one ResourceClaim through a ClaimSource.
+| PodResourceClaim references exactly one ResourceClaim, either directly
+or by naming a ResourceClaimTemplate which is then turned into a ResourceClaim
+for the pod.
+
 It adds a name to it that uniquely identifies the ResourceClaim inside the Pod.
 Containers that need access to the ResourceClaim reference it with this name.
 
@@ -2348,7 +2341,6 @@ If not specified, the pod will be dispatched by default scheduler.
 If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the
 scheduler will not attempt to schedule the pod.
 
-
 SchedulingGates can only be set at pod creation time, and be removed only afterwards.
 
 | `schedulingGates[]`
@@ -3022,7 +3014,7 @@ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incomin
 pod labels will be ignored. The default value is empty.
 The same key is forbidden to exist in both matchLabelKeys and labelSelector.
 Also, matchLabelKeys cannot be set when labelSelector isn't set.
-This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `mismatchLabelKeys`
 | `array (string)`
@@ -3034,7 +3026,7 @@ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incomin
 pod labels will be ignored. The default value is empty.
 The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
 Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
-This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `namespaceSelector`
 | `object`
@@ -3291,7 +3283,7 @@ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incomin
 pod labels will be ignored. The default value is empty.
 The same key is forbidden to exist in both matchLabelKeys and labelSelector.
 Also, matchLabelKeys cannot be set when labelSelector isn't set.
-This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `mismatchLabelKeys`
 | `array (string)`
@@ -3303,7 +3295,7 @@ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incomin
 pod labels will be ignored. The default value is empty.
 The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
 Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
-This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `namespaceSelector`
 | `object`
@@ -3640,7 +3632,7 @@ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incomin
 pod labels will be ignored. The default value is empty.
 The same key is forbidden to exist in both matchLabelKeys and labelSelector.
 Also, matchLabelKeys cannot be set when labelSelector isn't set.
-This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `mismatchLabelKeys`
 | `array (string)`
@@ -3652,7 +3644,7 @@ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incomin
 pod labels will be ignored. The default value is empty.
 The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
 Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
-This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `namespaceSelector`
 | `object`
@@ -3909,7 +3901,7 @@ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incomin
 pod labels will be ignored. The default value is empty.
 The same key is forbidden to exist in both matchLabelKeys and labelSelector.
 Also, matchLabelKeys cannot be set when labelSelector isn't set.
-This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `mismatchLabelKeys`
 | `array (string)`
@@ -3921,7 +3913,7 @@ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incomin
 pod labels will be ignored. The default value is empty.
 The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
 Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
-This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `namespaceSelector`
 | `object`
@@ -4486,9 +4478,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -4586,9 +4576,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -4666,9 +4654,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -4698,9 +4684,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -5304,7 +5288,6 @@ Required::
 | Service is the name of the service to place in the gRPC HealthCheckRequest
 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
 
-
 If this is not specified, the default behavior is defined by gRPC.
 
 |===
@@ -5625,7 +5608,6 @@ Required::
 | Service is the name of the service to place in the gRPC HealthCheckRequest
 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
 
-
 If this is not specified, the default behavior is defined by gRPC.
 
 |===
@@ -5818,11 +5800,9 @@ Type::
 | Claims lists the names of resources, defined in spec.resourceClaims,
 that are used by this container.
 
-
 This is an alpha field and requires enabling the
 DynamicResourceAllocation feature gate.
 
-
 This field is immutable. It can only be set for containers.
 
 | `claims[]`
@@ -5849,11 +5829,9 @@ Description::
 Claims lists the names of resources, defined in spec.resourceClaims,
 that are used by this container.
 
-
 This is an alpha field and requires enabling the
 DynamicResourceAllocation feature gate.
 
-
 This field is immutable. It can only be set for containers.
 --
 
@@ -5888,6 +5866,12 @@ Required::
 the Pod where this field is used. It makes that resource available
 inside a container.
 
+| `request`
+| `string`
+| Request is the name chosen for a request in the referenced claim.
+If empty, everything from the claim is made available, otherwise
+only the result of this request.
+
 |===
 === .spec.install.spec.deployments[].spec.template.spec.containers[].securityContext
 Description::
@@ -5940,7 +5924,7 @@ Note that this field cannot be set when spec.os.name is windows.
 | `procMount`
 | `string`
 | procMount denotes the type of proc mount to use for the containers.
-The default is DefaultProcMount which uses the container runtime defaults for
+The default value is Default which uses the container runtime defaults for
 readonly paths and masked paths.
 This requires the ProcMountType feature flag to be enabled.
 Note that this field cannot be set when spec.os.name is windows.
@@ -6136,7 +6120,6 @@ Must be set if type is "Localhost". Must NOT be set for any other type.
 | type indicates which kind of seccomp profile will be applied.
 Valid options are:
 
-
 Localhost - a profile defined in a file on the node should be used.
 RuntimeDefault - the container runtime default profile should be used.
 Unconfined - no profile should be applied.
@@ -6320,7 +6303,6 @@ Required::
 | Service is the name of the service to place in the gRPC HealthCheckRequest
 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
 
-
 If this is not specified, the default behavior is defined by gRPC.
 
 |===
@@ -6549,10 +6531,8 @@ Defaults to false.
 | RecursiveReadOnly specifies whether read-only mounts should be handled
 recursively.
 
-
 If ReadOnly is false, this field has no meaning and must be unspecified.
 
-
 If ReadOnly is true, and this field is set to Disabled, the mount is not made
 recursively read-only.  If this field is set to IfPossible, the mount is made
 recursively read-only, if it is supported by the container runtime.  If this
@@ -6560,11 +6540,9 @@ field is set to Enabled, the mount is made recursively read-only if it is
 supported by the container runtime, otherwise the pod will not be started and
 an error will be generated to indicate the reason.
 
-
 If this field is set to IfPossible or Enabled, MountPropagation must be set to
 None (or be unspecified, which defaults to None).
 
-
 If this field is not specified, it is treated as an equivalent of Disabled.
 
 | `subPath`
@@ -6691,7 +6669,6 @@ scheduling guarantees, and they will not be restarted when they exit or when a P
 removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the
 Pod to exceed its resource allocation.
 
-
 To add an ephemeral container, use the ephemeralcontainers subresource of an existing
 Pod. Ephemeral containers may not be removed or restarted.
 --
@@ -6841,7 +6818,6 @@ Default is false
 The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.
 If not set then the ephemeral container uses the namespaces configured in the Pod spec.
 
-
 The container runtime must implement support for this feature. If the runtime does not
 support namespace targeting then the result of setting this field is undefined.
 
@@ -7014,9 +6990,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -7114,9 +7088,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -7194,9 +7166,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -7226,9 +7196,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -7828,7 +7796,6 @@ Required::
 | Service is the name of the service to place in the gRPC HealthCheckRequest
 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
 
-
 If this is not specified, the default behavior is defined by gRPC.
 
 |===
@@ -8140,7 +8107,6 @@ Required::
 | Service is the name of the service to place in the gRPC HealthCheckRequest
 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
 
-
 If this is not specified, the default behavior is defined by gRPC.
 
 |===
@@ -8332,11 +8298,9 @@ Type::
 | Claims lists the names of resources, defined in spec.resourceClaims,
 that are used by this container.
 
-
 This is an alpha field and requires enabling the
 DynamicResourceAllocation feature gate.
 
-
 This field is immutable. It can only be set for containers.
 
 | `claims[]`
@@ -8363,11 +8327,9 @@ Description::
 Claims lists the names of resources, defined in spec.resourceClaims,
 that are used by this container.
 
-
 This is an alpha field and requires enabling the
 DynamicResourceAllocation feature gate.
 
-
 This field is immutable. It can only be set for containers.
 --
 
@@ -8402,6 +8364,12 @@ Required::
 the Pod where this field is used. It makes that resource available
 inside a container.
 
+| `request`
+| `string`
+| Request is the name chosen for a request in the referenced claim.
+If empty, everything from the claim is made available, otherwise
+only the result of this request.
+
 |===
 === .spec.install.spec.deployments[].spec.template.spec.ephemeralContainers[].securityContext
 Description::
@@ -8453,7 +8421,7 @@ Note that this field cannot be set when spec.os.name is windows.
 | `procMount`
 | `string`
 | procMount denotes the type of proc mount to use for the containers.
-The default is DefaultProcMount which uses the container runtime defaults for
+The default value is Default which uses the container runtime defaults for
 readonly paths and masked paths.
 This requires the ProcMountType feature flag to be enabled.
 Note that this field cannot be set when spec.os.name is windows.
@@ -8649,7 +8617,6 @@ Must be set if type is "Localhost". Must NOT be set for any other type.
 | type indicates which kind of seccomp profile will be applied.
 Valid options are:
 
-
 Localhost - a profile defined in a file on the node should be used.
 RuntimeDefault - the container runtime default profile should be used.
 Unconfined - no profile should be applied.
@@ -8827,7 +8794,6 @@ Required::
 | Service is the name of the service to place in the gRPC HealthCheckRequest
 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
 
-
 If this is not specified, the default behavior is defined by gRPC.
 
 |===
@@ -9056,10 +9022,8 @@ Defaults to false.
 | RecursiveReadOnly specifies whether read-only mounts should be handled
 recursively.
 
-
 If ReadOnly is false, this field has no meaning and must be unspecified.
 
-
 If ReadOnly is true, and this field is set to Disabled, the mount is not made
 recursively read-only.  If this field is set to IfPossible, the mount is made
 recursively read-only, if it is supported by the container runtime.  If this
@@ -9067,11 +9031,9 @@ field is set to Enabled, the mount is made recursively read-only if it is
 supported by the container runtime, otherwise the pod will not be started and
 an error will be generated to indicate the reason.
 
-
 If this field is set to IfPossible or Enabled, MountPropagation must be set to
 None (or be unspecified, which defaults to None).
 
-
 If this field is not specified, it is treated as an equivalent of Disabled.
 
 | `subPath`
@@ -9169,9 +9131,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 |===
 === .spec.install.spec.deployments[].spec.template.spec.initContainers
@@ -9549,9 +9509,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -9649,9 +9607,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -9729,9 +9685,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -9761,9 +9715,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -10367,7 +10319,6 @@ Required::
 | Service is the name of the service to place in the gRPC HealthCheckRequest
 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
 
-
 If this is not specified, the default behavior is defined by gRPC.
 
 |===
@@ -10688,7 +10639,6 @@ Required::
 | Service is the name of the service to place in the gRPC HealthCheckRequest
 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
 
-
 If this is not specified, the default behavior is defined by gRPC.
 
 |===
@@ -10881,11 +10831,9 @@ Type::
 | Claims lists the names of resources, defined in spec.resourceClaims,
 that are used by this container.
 
-
 This is an alpha field and requires enabling the
 DynamicResourceAllocation feature gate.
 
-
 This field is immutable. It can only be set for containers.
 
 | `claims[]`
@@ -10912,11 +10860,9 @@ Description::
 Claims lists the names of resources, defined in spec.resourceClaims,
 that are used by this container.
 
-
 This is an alpha field and requires enabling the
 DynamicResourceAllocation feature gate.
 
-
 This field is immutable. It can only be set for containers.
 --
 
@@ -10951,6 +10897,12 @@ Required::
 the Pod where this field is used. It makes that resource available
 inside a container.
 
+| `request`
+| `string`
+| Request is the name chosen for a request in the referenced claim.
+If empty, everything from the claim is made available, otherwise
+only the result of this request.
+
 |===
 === .spec.install.spec.deployments[].spec.template.spec.initContainers[].securityContext
 Description::
@@ -11003,7 +10955,7 @@ Note that this field cannot be set when spec.os.name is windows.
 | `procMount`
 | `string`
 | procMount denotes the type of proc mount to use for the containers.
-The default is DefaultProcMount which uses the container runtime defaults for
+The default value is Default which uses the container runtime defaults for
 readonly paths and masked paths.
 This requires the ProcMountType feature flag to be enabled.
 Note that this field cannot be set when spec.os.name is windows.
@@ -11199,7 +11151,6 @@ Must be set if type is "Localhost". Must NOT be set for any other type.
 | type indicates which kind of seccomp profile will be applied.
 Valid options are:
 
-
 Localhost - a profile defined in a file on the node should be used.
 RuntimeDefault - the container runtime default profile should be used.
 Unconfined - no profile should be applied.
@@ -11383,7 +11334,6 @@ Required::
 | Service is the name of the service to place in the gRPC HealthCheckRequest
 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
 
-
 If this is not specified, the default behavior is defined by gRPC.
 
 |===
@@ -11612,10 +11562,8 @@ Defaults to false.
 | RecursiveReadOnly specifies whether read-only mounts should be handled
 recursively.
 
-
 If ReadOnly is false, this field has no meaning and must be unspecified.
 
-
 If ReadOnly is true, and this field is set to Disabled, the mount is not made
 recursively read-only.  If this field is set to IfPossible, the mount is made
 recursively read-only, if it is supported by the container runtime.  If this
@@ -11623,11 +11571,9 @@ field is set to Enabled, the mount is made recursively read-only if it is
 supported by the container runtime, otherwise the pod will not be started and
 an error will be generated to indicate the reason.
 
-
 If this field is set to IfPossible or Enabled, MountPropagation must be set to
 None (or be unspecified, which defaults to None).
 
-
 If this field is not specified, it is treated as an equivalent of Disabled.
 
 | `subPath`
@@ -11650,11 +11596,9 @@ Description::
 Specifies the OS of the containers in the pod.
 Some pod and container fields are restricted if this is set.
 
-
 If the OS field is set to linux, the following fields must be unset:
 -securityContext.windowsOptions
 
-
 If the OS field is set to windows, following fields must be unset:
 - spec.hostPID
 - spec.hostIPC
@@ -11669,6 +11613,7 @@ If the OS field is set to windows, following fields must be unset:
 - spec.securityContext.runAsUser
 - spec.securityContext.runAsGroup
 - spec.securityContext.supplementalGroups
+- spec.securityContext.supplementalGroupsPolicy
 - spec.containers[*].securityContext.appArmorProfile
 - spec.containers[*].securityContext.seLinuxOptions
 - spec.containers[*].securityContext.seccompProfile
@@ -11750,11 +11695,9 @@ and reserved before the Pod is allowed to start. The resources
 will be made available to those containers which consume them
 by name.
 
-
 This is an alpha field and requires enabling the
 DynamicResourceAllocation feature gate.
 
-
 This field is immutable.
 --
 
@@ -11768,7 +11711,10 @@ Type::
 Description::
 +
 --
-PodResourceClaim references exactly one ResourceClaim through a ClaimSource.
+PodResourceClaim references exactly one ResourceClaim, either directly
+or by naming a ResourceClaimTemplate which is then turned into a ResourceClaim
+for the pod.
+
 It adds a name to it that uniquely identifies the ResourceClaim inside the Pod.
 Containers that need access to the ResourceClaim reference it with this name.
 --
@@ -11790,50 +11736,32 @@ Required::
 | Name uniquely identifies this resource claim inside the pod.
 This must be a DNS_LABEL.
 
-| `source`
-| `object`
-| Source describes where to find the ResourceClaim.
-
-|===
-=== .spec.install.spec.deployments[].spec.template.spec.resourceClaims[].source
-Description::
-+
---
-Source describes where to find the ResourceClaim.
---
-
-Type::
-  `object`
-
-
-
-
-[cols="1,1,1",options="header"]
-|===
-| Property | Type | Description
-
 | `resourceClaimName`
 | `string`
 | ResourceClaimName is the name of a ResourceClaim object in the same
 namespace as this pod.
 
+Exactly one of ResourceClaimName and ResourceClaimTemplateName must
+be set.
+
 | `resourceClaimTemplateName`
 | `string`
 | ResourceClaimTemplateName is the name of a ResourceClaimTemplate
 object in the same namespace as this pod.
 
-
 The template will be used to create a new ResourceClaim, which will
 be bound to this pod. When this pod is deleted, the ResourceClaim
 will also be deleted. The pod name and resource name, along with a
 generated component, will be used to form a unique name for the
 ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.
 
-
 This field is immutable and no changes will be made to the
 corresponding ResourceClaim by the control plane after creating the
 ResourceClaim.
 
+Exactly one of ResourceClaimName and ResourceClaimTemplateName must
+be set.
+
 |===
 === .spec.install.spec.deployments[].spec.template.spec.schedulingGates
 Description::
@@ -11843,7 +11771,6 @@ SchedulingGates is an opaque list of values that if specified will block schedul
 If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the
 scheduler will not attempt to schedule the pod.
 
-
 SchedulingGates can only be set at pod creation time, and be removed only afterwards.
 --
 
@@ -11907,12 +11834,10 @@ Note that this field cannot be set when spec.os.name is windows.
 Some volume types allow the Kubelet to change the ownership of that volume
 to be owned by the pod:
 
-
 1. The owning GID will be the FSGroup
 2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
 3. The permission bits are OR'd with rw-rw----
 
-
 If unset, the Kubelet will not modify the ownership and permissions of any volume.
 Note that this field cannot be set when spec.os.name is windows.
 
@@ -11969,12 +11894,22 @@ Note that this field cannot be set when spec.os.name is windows.
 
 | `supplementalGroups`
 | `array (integer)`
-| A list of groups applied to the first process run in each container, in addition
-to the container's primary GID, the fsGroup (if specified), and group memberships
-defined in the container image for the uid of the container process. If unspecified,
-no additional groups are added to any container. Note that group memberships
-defined in the container image for the uid of the container process are still effective,
-even if they are not included in this list.
+| A list of groups applied to the first process run in each container, in
+addition to the container's primary GID and fsGroup (if specified).  If
+the SupplementalGroupsPolicy feature is enabled, the
+supplementalGroupsPolicy field determines whether these are in addition
+to or instead of any group memberships defined in the container image.
+If unspecified, no additional groups are added, though group memberships
+defined in the container image may still be used, depending on the
+supplementalGroupsPolicy field.
+Note that this field cannot be set when spec.os.name is windows.
+
+| `supplementalGroupsPolicy`
+| `string`
+| Defines how supplemental groups of the first container processes are calculated.
+Valid values are "Merge" and "Strict". If not specified, "Merge" is used.
+(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled
+and the container runtime must implement support for this feature.
 Note that this field cannot be set when spec.os.name is windows.
 
 | `sysctls`
@@ -12102,7 +12037,6 @@ Must be set if type is "Localhost". Must NOT be set for any other type.
 | type indicates which kind of seccomp profile will be applied.
 Valid options are:
 
-
 Localhost - a profile defined in a file on the node should be used.
 RuntimeDefault - the container runtime default profile should be used.
 Unconfined - no profile should be applied.
@@ -12311,7 +12245,6 @@ MatchLabelKeys cannot be set when LabelSelector isn't set.
 Keys that don't exist in the incoming pod labels will
 be ignored. A null or empty list means only match against labelSelector.
 
-
 This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
 
 | `maxSkew`
@@ -12347,7 +12280,6 @@ If value is nil, the constraint behaves as if MinDomains is equal to 1.
 Valid values are integers greater than 0.
 When value is not nil, WhenUnsatisfiable must be DoNotSchedule.
 
-
 For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same
 labelSelector spread as 2/2/2:
 \| zone1 \| zone2 \| zone3 \|
@@ -12364,7 +12296,6 @@ when calculating pod topology spread skew. Options are:
 - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.
 - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.
 
-
 If this value is nil, the behavior is equivalent to the Honor policy.
 This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
 
@@ -12376,7 +12307,6 @@ pod topology spread skew. Options are:
 has a toleration, are included.
 - Ignore: node taints are ignored. All nodes are included.
 
-
 If this value is nil, the behavior is equivalent to the Ignore policy.
 This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
 
@@ -12580,7 +12510,6 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
 The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,
 and deleted when the pod is removed.
 
-
 Use this if:
 a) the volume is only needed while the pod runs,
 b) features of normal volumes like restoring from snapshot or capacity
@@ -12591,17 +12520,14 @@ d) the storage driver supports dynamic volume provisioning through
    information on the connection between this volume type
    and PersistentVolumeClaim).
 
-
 Use PersistentVolumeClaim or one of the vendor-specific
 APIs for volumes that persist for longer than the lifecycle
 of an individual pod.
 
-
 Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to
 be used that way - see the documentation of the driver for
 more information.
 
-
 A pod can use both types of ephemeral volumes and
 persistent volumes at the same time.
 
@@ -12643,9 +12569,23 @@ machine that is directly exposed to the container. This is generally
 used for system agents or other privileged things that are allowed
 to see the host machine. Most containers will NOT need this.
 More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
----
-TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not
-mount host directories as read/write.
+
+| `image`
+| `object`
+| image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.
+The volume is resolved at pod startup depending on which PullPolicy value is provided:
+
+- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.
+- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.
+- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.
+
+The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.
+A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.
+The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.
+The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.
+The volume will be mounted read-only (ro) and non-executable files (noexec).
+Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).
+The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.
 
 | `iscsi`
 | `object`
@@ -12736,7 +12676,6 @@ Required::
 Tip: Ensure that the filesystem type is supported by the host operating system.
 Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
-TODO: how do we prevent errors in the filesystem from compromising the machine
 
 | `partition`
 | `integer`
@@ -12912,9 +12851,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 |===
 === .spec.install.spec.deployments[].spec.template.spec.volumes[].cinder
@@ -12985,9 +12922,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 |===
 === .spec.install.spec.deployments[].spec.template.spec.volumes[].configMap
@@ -13037,9 +12972,7 @@ relative and may not contain the '..' path or start with '..'.
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -13182,9 +13115,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 |===
 === .spec.install.spec.deployments[].spec.template.spec.volumes[].downwardAPI
@@ -13383,7 +13314,6 @@ ephemeral represents a volume that is handled by a cluster storage driver.
 The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,
 and deleted when the pod is removed.
 
-
 Use this if:
 a) the volume is only needed while the pod runs,
 b) features of normal volumes like restoring from snapshot or capacity
@@ -13394,17 +13324,14 @@ d) the storage driver supports dynamic volume provisioning through
    information on the connection between this volume type
    and PersistentVolumeClaim).
 
-
 Use PersistentVolumeClaim or one of the vendor-specific
 APIs for volumes that persist for longer than the lifecycle
 of an individual pod.
 
-
 Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to
 be used that way - see the documentation of the driver for
 more information.
 
-
 A pod can use both types of ephemeral volumes and
 persistent volumes at the same time.
 --
@@ -13429,7 +13356,6 @@ pod.  The name of the PVC will be `<pod name>-<volume name>` where
 entry. Pod validation will reject the pod if the concatenated name
 is not valid for a PVC (for example, too long).
 
-
 An existing PVC with that name that is not owned by the pod
 will *not* be used for the pod to avoid using an unrelated
 volume by mistake. Starting the pod is then blocked until
@@ -13439,11 +13365,9 @@ owner reference to the pod once the pod exists. Normally
 this should not be necessary, but it may be useful when
 manually reconstructing a broken cluster.
 
-
 This field is read-only and no changes will be made by Kubernetes
 to the PVC after it has been created.
 
-
 Required, must not be nil.
 
 |===
@@ -13459,7 +13383,6 @@ pod.  The name of the PVC will be `<pod name>-<volume name>` where
 entry. Pod validation will reject the pod if the concatenated name
 is not valid for a PVC (for example, too long).
 
-
 An existing PVC with that name that is not owned by the pod
 will *not* be used for the pod to avoid using an unrelated
 volume by mistake. Starting the pod is then blocked until
@@ -13469,11 +13392,9 @@ owner reference to the pod once the pod exists. Normally
 this should not be necessary, but it may be useful when
 manually reconstructing a broken cluster.
 
-
 This field is read-only and no changes will be made by Kubernetes
 to the PVC after it has been created.
 
-
 Required, must not be nil.
 --
 
@@ -13610,7 +13531,7 @@ If the resource referred to by volumeAttributesClass does not exist, this Persis
 set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource
 exists.
 More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/
-(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
+(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
 
 | `volumeMode`
 | `string`
@@ -13867,7 +13788,6 @@ Type::
 | fsType is the filesystem type to mount.
 Must be a filesystem type supported by the host operating system.
 Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
-TODO: how do we prevent errors in the filesystem from compromising the machine
 
 | `lun`
 | `integer`
@@ -13963,9 +13883,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 |===
 === .spec.install.spec.deployments[].spec.template.spec.volumes[].flocker
@@ -14022,7 +13940,6 @@ Required::
 Tip: Ensure that the filesystem type is supported by the host operating system.
 Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
-TODO: how do we prevent errors in the filesystem from compromising the machine
 
 | `partition`
 | `integer`
@@ -14129,9 +14046,6 @@ machine that is directly exposed to the container. This is generally
 used for system agents or other privileged things that are allowed
 to see the host machine. Most containers will NOT need this.
 More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
----
-TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not
-mount host directories as read/write.
 --
 
 Type::
@@ -14158,6 +14072,54 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
 Defaults to ""
 More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
 
+|===
+=== .spec.install.spec.deployments[].spec.template.spec.volumes[].image
+Description::
++
+--
+image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.
+The volume is resolved at pod startup depending on which PullPolicy value is provided:
+
+- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.
+- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.
+- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.
+
+The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.
+A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.
+The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.
+The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.
+The volume will be mounted read-only (ro) and non-executable files (noexec).
+Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).
+The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `pullPolicy`
+| `string`
+| Policy for pulling OCI objects. Possible values are:
+Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.
+Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.
+IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.
+Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+
+| `reference`
+| `string`
+| Required: Image or artifact reference to be used.
+Behaves in the same way as pod.spec.containers[*].image.
+Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.
+More info: https://kubernetes.io/docs/concepts/containers/images
+This field is optional to allow higher level config management to default or override
+container images in workload controllers like Deployments and StatefulSets.
+
 |===
 === .spec.install.spec.deployments[].spec.template.spec.volumes[].iscsi
 Description::
@@ -14196,7 +14158,6 @@ Required::
 Tip: Ensure that the filesystem type is supported by the host operating system.
 Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
-TODO: how do we prevent errors in the filesystem from compromising the machine
 
 | `initiatorName`
 | `string`
@@ -14260,9 +14221,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 |===
 === .spec.install.spec.deployments[].spec.template.spec.volumes[].nfs
@@ -14428,18 +14387,21 @@ mode, like fsGroup, and the result can be other mode bits set.
 
 | `sources`
 | `array`
-| sources is the list of volume projections
+| sources is the list of volume projections. Each entry in this list
+handles one source.
 
 | `sources[]`
 | `object`
-| Projection that may be projected along with other supported volume types
+| Projection that may be projected along with other supported volume types.
+Exactly one of these fields must be set.
 
 |===
 === .spec.install.spec.deployments[].spec.template.spec.volumes[].projected.sources
 Description::
 +
 --
-sources is the list of volume projections
+sources is the list of volume projections. Each entry in this list
+handles one source.
 --
 
 Type::
@@ -14452,7 +14414,8 @@ Type::
 Description::
 +
 --
-Projection that may be projected along with other supported volume types
+Projection that may be projected along with other supported volume types.
+Exactly one of these fields must be set.
 --
 
 Type::
@@ -14470,14 +14433,11 @@ Type::
 | ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field
 of ClusterTrustBundle objects in an auto-updating file.
 
-
 Alpha, gated by the ClusterTrustBundleProjection feature gate.
 
-
 ClusterTrustBundle objects can either be selected by name, or by the
 combination of signer name and a label selector.
 
-
 Kubelet performs aggressive normalization of the PEM contents written
 into the pod filesystem.  Esoteric PEM features such as inter-block
 comments and block headers are stripped.  Certificates are deduplicated.
@@ -14508,14 +14468,11 @@ Description::
 ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field
 of ClusterTrustBundle objects in an auto-updating file.
 
-
 Alpha, gated by the ClusterTrustBundleProjection feature gate.
 
-
 ClusterTrustBundle objects can either be selected by name, or by the
 combination of signer name and a label selector.
 
-
 Kubelet performs aggressive normalization of the PEM contents written
 into the pod filesystem.  Esoteric PEM features such as inter-block
 comments and block headers are stripped.  Certificates are deduplicated.
@@ -14690,9 +14647,7 @@ relative and may not contain the '..' path or start with '..'.
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -14938,9 +14893,7 @@ relative and may not contain the '..' path or start with '..'.
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -15126,7 +15079,6 @@ Required::
 Tip: Ensure that the filesystem type is supported by the host operating system.
 Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
-TODO: how do we prevent errors in the filesystem from compromising the machine
 
 | `image`
 | `string`
@@ -15196,9 +15148,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 |===
 === .spec.install.spec.deployments[].spec.template.spec.volumes[].scaleIO
@@ -15294,9 +15244,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 |===
 === .spec.install.spec.deployments[].spec.template.spec.volumes[].secret
@@ -15483,9 +15431,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 |===
 === .spec.install.spec.deployments[].spec.template.spec.volumes[].vsphereVolume
@@ -16195,7 +16141,6 @@ Required.
 | `array (string)`
 | Resources is a list of resources this rule applies to.
 
-
 For example:
 'pods' means pods.
 'pods/log' means the log subresource of pods.
@@ -16204,11 +16149,9 @@ For example:
 '*/scale' means all scale subresources.
 '*/*' means all resources and their subresources.
 
-
 If wildcard is present, the validation rule will ensure resources do not
 overlap with each other.
 
-
 Depending on the enclosing object, subresources might not be allowed.
 Required.
 
diff --git a/rest_api/operatorhub_apis/installplan-operators-coreos-com-v1alpha1.adoc b/rest_api/operatorhub_apis/installplan-operators-coreos-com-v1alpha1.adoc
index 940a58f219..860da46bc6 100644
--- a/rest_api/operatorhub_apis/installplan-operators-coreos-com-v1alpha1.adoc
+++ b/rest_api/operatorhub_apis/installplan-operators-coreos-com-v1alpha1.adoc
@@ -49,7 +49,6 @@ Required::
 | InstallPlanStatus represents the information about the status of
 steps required to complete installation.
 
-
 Status may trail the actual state of a system.
 
 |===
@@ -107,7 +106,6 @@ Description::
 InstallPlanStatus represents the information about the status of
 steps required to complete installation.
 
-
 Status may trail the actual state of a system.
 --
 
@@ -205,7 +203,6 @@ For example, if the object reference is to a container within a pod, this would
 the event) or if no container name is specified "spec.containers[2]" (container with
 index 2 in this pod). This syntax is chosen only to have some well-defined way of
 referencing a part of an object.
-TODO: this design is not final and this field is subject to change in the future.
 
 | `kind`
 | `string`
@@ -328,7 +325,6 @@ For example, if the object reference is to a container within a pod, this would
 the event) or if no container name is specified "spec.containers[2]" (container with
 index 2 in this pod). This syntax is chosen only to have some well-defined way of
 referencing a part of an object.
-TODO: this design is not final and this field is subject to change in the future.
 
 | `kind`
 | `string`
diff --git a/rest_api/operatorhub_apis/olmconfig-operators-coreos-com-v1.adoc b/rest_api/operatorhub_apis/olmconfig-operators-coreos-com-v1.adoc
index 848828c3b3..8f6564e089 100644
--- a/rest_api/operatorhub_apis/olmconfig-operators-coreos-com-v1.adoc
+++ b/rest_api/operatorhub_apis/olmconfig-operators-coreos-com-v1.adoc
@@ -130,22 +130,6 @@ Type::
 | `conditions[]`
 | `object`
 | Condition contains details for one aspect of the current state of this API Resource.
----
-This struct is intended for direct use as an array at the field path .status.conditions.  For example,
-
-
-	type FooStatus struct{
-	    // Represents the observations of a foo's current state.
-	    // Known .status.conditions.type are: "Available", "Progressing", and "Degraded"
-	    // +patchMergeKey=type
-	    // +patchStrategy=merge
-	    // +listType=map
-	    // +listMapKey=type
-	    Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"`
-
-
-	    // other fields
-	}
 
 |===
 === .status.conditions
@@ -166,22 +150,6 @@ Description::
 +
 --
 Condition contains details for one aspect of the current state of this API Resource.
----
-This struct is intended for direct use as an array at the field path .status.conditions.  For example,
-
-
-	type FooStatus struct{
-	    // Represents the observations of a foo's current state.
-	    // Known .status.conditions.type are: "Available", "Progressing", and "Degraded"
-	    // +patchMergeKey=type
-	    // +patchStrategy=merge
-	    // +listType=map
-	    // +listMapKey=type
-	    Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"`
-
-
-	    // other fields
-	}
 --
 
 Type::
@@ -231,10 +199,6 @@ This field may not be empty.
 | `type`
 | `string`
 | type of condition in CamelCase or in foo.example.com/CamelCase.
----
-Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
-useful (see .node.status.conditions), the ability to deconflict is important.
-The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
 
 |===
 
diff --git a/rest_api/operatorhub_apis/operator-operators-coreos-com-v1.adoc b/rest_api/operatorhub_apis/operator-operators-coreos-com-v1.adoc
index 6e15a62003..373fbda719 100644
--- a/rest_api/operatorhub_apis/operator-operators-coreos-com-v1.adoc
+++ b/rest_api/operatorhub_apis/operator-operators-coreos-com-v1.adoc
@@ -248,7 +248,6 @@ For example, if the object reference is to a container within a pod, this would
 the event) or if no container name is specified "spec.containers[2]" (container with
 index 2 in this pod). This syntax is chosen only to have some well-defined way of
 referencing a part of an object.
-TODO: this design is not final and this field is subject to change in the future.
 
 | `kind`
 | `string`
diff --git a/rest_api/operatorhub_apis/operatorcondition-operators-coreos-com-v2.adoc b/rest_api/operatorhub_apis/operatorcondition-operators-coreos-com-v2.adoc
index f0737b1ff0..8369d93f07 100644
--- a/rest_api/operatorhub_apis/operatorcondition-operators-coreos-com-v2.adoc
+++ b/rest_api/operatorhub_apis/operatorcondition-operators-coreos-com-v2.adoc
@@ -74,22 +74,6 @@ Type::
 | `conditions[]`
 | `object`
 | Condition contains details for one aspect of the current state of this API Resource.
----
-This struct is intended for direct use as an array at the field path .status.conditions.  For example,
-
-
-	type FooStatus struct{
-	    // Represents the observations of a foo's current state.
-	    // Known .status.conditions.type are: "Available", "Progressing", and "Degraded"
-	    // +patchMergeKey=type
-	    // +patchStrategy=merge
-	    // +listType=map
-	    // +listMapKey=type
-	    Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"`
-
-
-	    // other fields
-	}
 
 | `deployments`
 | `array (string)`
@@ -102,22 +86,6 @@ This struct is intended for direct use as an array at the field path .status.con
 | `overrides[]`
 | `object`
 | Condition contains details for one aspect of the current state of this API Resource.
----
-This struct is intended for direct use as an array at the field path .status.conditions.  For example,
-
-
-	type FooStatus struct{
-	    // Represents the observations of a foo's current state.
-	    // Known .status.conditions.type are: "Available", "Progressing", and "Degraded"
-	    // +patchMergeKey=type
-	    // +patchStrategy=merge
-	    // +listType=map
-	    // +listMapKey=type
-	    Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"`
-
-
-	    // other fields
-	}
 
 | `serviceAccounts`
 | `array (string)`
@@ -142,22 +110,6 @@ Description::
 +
 --
 Condition contains details for one aspect of the current state of this API Resource.
----
-This struct is intended for direct use as an array at the field path .status.conditions.  For example,
-
-
-	type FooStatus struct{
-	    // Represents the observations of a foo's current state.
-	    // Known .status.conditions.type are: "Available", "Progressing", and "Degraded"
-	    // +patchMergeKey=type
-	    // +patchStrategy=merge
-	    // +listType=map
-	    // +listMapKey=type
-	    Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"`
-
-
-	    // other fields
-	}
 --
 
 Type::
@@ -207,10 +159,6 @@ This field may not be empty.
 | `type`
 | `string`
 | type of condition in CamelCase or in foo.example.com/CamelCase.
----
-Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
-useful (see .node.status.conditions), the ability to deconflict is important.
-The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
 
 |===
 === .spec.overrides
@@ -231,22 +179,6 @@ Description::
 +
 --
 Condition contains details for one aspect of the current state of this API Resource.
----
-This struct is intended for direct use as an array at the field path .status.conditions.  For example,
-
-
-	type FooStatus struct{
-	    // Represents the observations of a foo's current state.
-	    // Known .status.conditions.type are: "Available", "Progressing", and "Degraded"
-	    // +patchMergeKey=type
-	    // +patchStrategy=merge
-	    // +listType=map
-	    // +listMapKey=type
-	    Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"`
-
-
-	    // other fields
-	}
 --
 
 Type::
@@ -295,10 +227,6 @@ This field may not be empty.
 | `type`
 | `string`
 | type of condition in CamelCase or in foo.example.com/CamelCase.
----
-Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
-useful (see .node.status.conditions), the ability to deconflict is important.
-The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
 
 |===
 === .status
@@ -325,22 +253,6 @@ Type::
 | `conditions[]`
 | `object`
 | Condition contains details for one aspect of the current state of this API Resource.
----
-This struct is intended for direct use as an array at the field path .status.conditions.  For example,
-
-
-	type FooStatus struct{
-	    // Represents the observations of a foo's current state.
-	    // Known .status.conditions.type are: "Available", "Progressing", and "Degraded"
-	    // +patchMergeKey=type
-	    // +patchStrategy=merge
-	    // +listType=map
-	    // +listMapKey=type
-	    Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"`
-
-
-	    // other fields
-	}
 
 |===
 === .status.conditions
@@ -361,22 +273,6 @@ Description::
 +
 --
 Condition contains details for one aspect of the current state of this API Resource.
----
-This struct is intended for direct use as an array at the field path .status.conditions.  For example,
-
-
-	type FooStatus struct{
-	    // Represents the observations of a foo's current state.
-	    // Known .status.conditions.type are: "Available", "Progressing", and "Degraded"
-	    // +patchMergeKey=type
-	    // +patchStrategy=merge
-	    // +listType=map
-	    // +listMapKey=type
-	    Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"`
-
-
-	    // other fields
-	}
 --
 
 Type::
@@ -426,10 +322,6 @@ This field may not be empty.
 | `type`
 | `string`
 | type of condition in CamelCase or in foo.example.com/CamelCase.
----
-Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
-useful (see .node.status.conditions), the ability to deconflict is important.
-The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
 
 |===
 
diff --git a/rest_api/operatorhub_apis/operatorgroup-operators-coreos-com-v1.adoc b/rest_api/operatorhub_apis/operatorgroup-operators-coreos-com-v1.adoc
index b65ee28d10..d0d2dcccdc 100644
--- a/rest_api/operatorhub_apis/operatorgroup-operators-coreos-com-v1.adoc
+++ b/rest_api/operatorhub_apis/operatorgroup-operators-coreos-com-v1.adoc
@@ -89,20 +89,17 @@ If it is set, Selector is ignored.
 | UpgradeStrategy defines the upgrade strategy for operators in the namespace.
 There are currently two supported upgrade strategies:
 
-
 Default: OLM will only allow clusterServiceVersions to move to the replacing
 phase from the succeeded phase. This effectively means that OLM will not
 allow operators to move to the next version if an installation or upgrade
 has failed.
 
-
 TechPreviewUnsafeFailForward: OLM will allow clusterServiceVersions to move to the
 replacing phase from the succeeded phase or from the failed phase.
 Additionally, OLM will generate new installPlans when a subscription references
 a failed installPlan and the catalog has been updated with a new upgrade for
 the existing set of operators.
 
-
 WARNING: The TechPreviewUnsafeFailForward upgrade strategy is unsafe and may result
 in unexpected behavior or unrecoverable data loss unless you have deep
 understanding of the set of operators being managed in the namespace.
@@ -218,22 +215,6 @@ Required::
 | `conditions[]`
 | `object`
 | Condition contains details for one aspect of the current state of this API Resource.
----
-This struct is intended for direct use as an array at the field path .status.conditions.  For example,
-
-
-	type FooStatus struct{
-	    // Represents the observations of a foo's current state.
-	    // Known .status.conditions.type are: "Available", "Progressing", and "Degraded"
-	    // +patchMergeKey=type
-	    // +patchStrategy=merge
-	    // +listType=map
-	    // +listMapKey=type
-	    Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"`
-
-
-	    // other fields
-	}
 
 | `lastUpdated`
 | `string`
@@ -266,22 +247,6 @@ Description::
 +
 --
 Condition contains details for one aspect of the current state of this API Resource.
----
-This struct is intended for direct use as an array at the field path .status.conditions.  For example,
-
-
-	type FooStatus struct{
-	    // Represents the observations of a foo's current state.
-	    // Known .status.conditions.type are: "Available", "Progressing", and "Degraded"
-	    // +patchMergeKey=type
-	    // +patchStrategy=merge
-	    // +listType=map
-	    // +listMapKey=type
-	    Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"`
-
-
-	    // other fields
-	}
 --
 
 Type::
@@ -331,10 +296,6 @@ This field may not be empty.
 | `type`
 | `string`
 | type of condition in CamelCase or in foo.example.com/CamelCase.
----
-Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
-useful (see .node.status.conditions), the ability to deconflict is important.
-The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
 
 |===
 === .status.serviceAccountRef
@@ -367,7 +328,6 @@ For example, if the object reference is to a container within a pod, this would
 the event) or if no container name is specified "spec.containers[2]" (container with
 index 2 in this pod). This syntax is chosen only to have some well-defined way of
 referencing a part of an object.
-TODO: this design is not final and this field is subject to change in the future.
 
 | `kind`
 | `string`
diff --git a/rest_api/operatorhub_apis/subscription-operators-coreos-com-v1alpha1.adoc b/rest_api/operatorhub_apis/subscription-operators-coreos-com-v1alpha1.adoc
index 9bef64db81..30d963f91e 100644
--- a/rest_api/operatorhub_apis/subscription-operators-coreos-com-v1alpha1.adoc
+++ b/rest_api/operatorhub_apis/subscription-operators-coreos-com-v1alpha1.adoc
@@ -790,7 +790,7 @@ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incomin
 pod labels will be ignored. The default value is empty.
 The same key is forbidden to exist in both matchLabelKeys and labelSelector.
 Also, matchLabelKeys cannot be set when labelSelector isn't set.
-This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `mismatchLabelKeys`
 | `array (string)`
@@ -802,7 +802,7 @@ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incomin
 pod labels will be ignored. The default value is empty.
 The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
 Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
-This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `namespaceSelector`
 | `object`
@@ -1059,7 +1059,7 @@ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incomin
 pod labels will be ignored. The default value is empty.
 The same key is forbidden to exist in both matchLabelKeys and labelSelector.
 Also, matchLabelKeys cannot be set when labelSelector isn't set.
-This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `mismatchLabelKeys`
 | `array (string)`
@@ -1071,7 +1071,7 @@ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incomin
 pod labels will be ignored. The default value is empty.
 The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
 Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
-This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `namespaceSelector`
 | `object`
@@ -1408,7 +1408,7 @@ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incomin
 pod labels will be ignored. The default value is empty.
 The same key is forbidden to exist in both matchLabelKeys and labelSelector.
 Also, matchLabelKeys cannot be set when labelSelector isn't set.
-This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `mismatchLabelKeys`
 | `array (string)`
@@ -1420,7 +1420,7 @@ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incomin
 pod labels will be ignored. The default value is empty.
 The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
 Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
-This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `namespaceSelector`
 | `object`
@@ -1677,7 +1677,7 @@ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incomin
 pod labels will be ignored. The default value is empty.
 The same key is forbidden to exist in both matchLabelKeys and labelSelector.
 Also, matchLabelKeys cannot be set when labelSelector isn't set.
-This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `mismatchLabelKeys`
 | `array (string)`
@@ -1689,7 +1689,7 @@ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incomin
 pod labels will be ignored. The default value is empty.
 The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
 Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
-This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `namespaceSelector`
 | `object`
@@ -2007,9 +2007,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -2107,9 +2105,7 @@ Required::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -2187,9 +2183,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -2219,9 +2213,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -2252,11 +2244,9 @@ Type::
 | Claims lists the names of resources, defined in spec.resourceClaims,
 that are used by this container.
 
-
 This is an alpha field and requires enabling the
 DynamicResourceAllocation feature gate.
 
-
 This field is immutable. It can only be set for containers.
 
 | `claims[]`
@@ -2283,11 +2273,9 @@ Description::
 Claims lists the names of resources, defined in spec.resourceClaims,
 that are used by this container.
 
-
 This is an alpha field and requires enabling the
 DynamicResourceAllocation feature gate.
 
-
 This field is immutable. It can only be set for containers.
 --
 
@@ -2322,6 +2310,12 @@ Required::
 the Pod where this field is used. It makes that resource available
 inside a container.
 
+| `request`
+| `string`
+| Request is the name chosen for a request in the referenced claim.
+If empty, everything from the claim is made available, otherwise
+only the result of this request.
+
 |===
 === .spec.config.selector
 Description::
@@ -2532,10 +2526,8 @@ Defaults to false.
 | RecursiveReadOnly specifies whether read-only mounts should be handled
 recursively.
 
-
 If ReadOnly is false, this field has no meaning and must be unspecified.
 
-
 If ReadOnly is true, and this field is set to Disabled, the mount is not made
 recursively read-only.  If this field is set to IfPossible, the mount is made
 recursively read-only, if it is supported by the container runtime.  If this
@@ -2543,11 +2535,9 @@ field is set to Enabled, the mount is made recursively read-only if it is
 supported by the container runtime, otherwise the pod will not be started and
 an error will be generated to indicate the reason.
 
-
 If this field is set to IfPossible or Enabled, MountPropagation must be set to
 None (or be unspecified, which defaults to None).
 
-
 If this field is not specified, it is treated as an equivalent of Disabled.
 
 | `subPath`
@@ -2641,7 +2631,6 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
 The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,
 and deleted when the pod is removed.
 
-
 Use this if:
 a) the volume is only needed while the pod runs,
 b) features of normal volumes like restoring from snapshot or capacity
@@ -2652,17 +2641,14 @@ d) the storage driver supports dynamic volume provisioning through
    information on the connection between this volume type
    and PersistentVolumeClaim).
 
-
 Use PersistentVolumeClaim or one of the vendor-specific
 APIs for volumes that persist for longer than the lifecycle
 of an individual pod.
 
-
 Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to
 be used that way - see the documentation of the driver for
 more information.
 
-
 A pod can use both types of ephemeral volumes and
 persistent volumes at the same time.
 
@@ -2704,9 +2690,23 @@ machine that is directly exposed to the container. This is generally
 used for system agents or other privileged things that are allowed
 to see the host machine. Most containers will NOT need this.
 More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
----
-TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not
-mount host directories as read/write.
+
+| `image`
+| `object`
+| image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.
+The volume is resolved at pod startup depending on which PullPolicy value is provided:
+
+- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.
+- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.
+- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.
+
+The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.
+A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.
+The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.
+The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.
+The volume will be mounted read-only (ro) and non-executable files (noexec).
+Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).
+The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.
 
 | `iscsi`
 | `object`
@@ -2797,7 +2797,6 @@ Required::
 Tip: Ensure that the filesystem type is supported by the host operating system.
 Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
-TODO: how do we prevent errors in the filesystem from compromising the machine
 
 | `partition`
 | `integer`
@@ -2973,9 +2972,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 |===
 === .spec.config.volumes[].cinder
@@ -3046,9 +3043,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 |===
 === .spec.config.volumes[].configMap
@@ -3098,9 +3093,7 @@ relative and may not contain the '..' path or start with '..'.
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -3243,9 +3236,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 |===
 === .spec.config.volumes[].downwardAPI
@@ -3444,7 +3435,6 @@ ephemeral represents a volume that is handled by a cluster storage driver.
 The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,
 and deleted when the pod is removed.
 
-
 Use this if:
 a) the volume is only needed while the pod runs,
 b) features of normal volumes like restoring from snapshot or capacity
@@ -3455,17 +3445,14 @@ d) the storage driver supports dynamic volume provisioning through
    information on the connection between this volume type
    and PersistentVolumeClaim).
 
-
 Use PersistentVolumeClaim or one of the vendor-specific
 APIs for volumes that persist for longer than the lifecycle
 of an individual pod.
 
-
 Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to
 be used that way - see the documentation of the driver for
 more information.
 
-
 A pod can use both types of ephemeral volumes and
 persistent volumes at the same time.
 --
@@ -3490,7 +3477,6 @@ pod.  The name of the PVC will be `<pod name>-<volume name>` where
 entry. Pod validation will reject the pod if the concatenated name
 is not valid for a PVC (for example, too long).
 
-
 An existing PVC with that name that is not owned by the pod
 will *not* be used for the pod to avoid using an unrelated
 volume by mistake. Starting the pod is then blocked until
@@ -3500,11 +3486,9 @@ owner reference to the pod once the pod exists. Normally
 this should not be necessary, but it may be useful when
 manually reconstructing a broken cluster.
 
-
 This field is read-only and no changes will be made by Kubernetes
 to the PVC after it has been created.
 
-
 Required, must not be nil.
 
 |===
@@ -3520,7 +3504,6 @@ pod.  The name of the PVC will be `<pod name>-<volume name>` where
 entry. Pod validation will reject the pod if the concatenated name
 is not valid for a PVC (for example, too long).
 
-
 An existing PVC with that name that is not owned by the pod
 will *not* be used for the pod to avoid using an unrelated
 volume by mistake. Starting the pod is then blocked until
@@ -3530,11 +3513,9 @@ owner reference to the pod once the pod exists. Normally
 this should not be necessary, but it may be useful when
 manually reconstructing a broken cluster.
 
-
 This field is read-only and no changes will be made by Kubernetes
 to the PVC after it has been created.
 
-
 Required, must not be nil.
 --
 
@@ -3671,7 +3652,7 @@ If the resource referred to by volumeAttributesClass does not exist, this Persis
 set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource
 exists.
 More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/
-(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
+(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
 
 | `volumeMode`
 | `string`
@@ -3928,7 +3909,6 @@ Type::
 | fsType is the filesystem type to mount.
 Must be a filesystem type supported by the host operating system.
 Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
-TODO: how do we prevent errors in the filesystem from compromising the machine
 
 | `lun`
 | `integer`
@@ -4024,9 +4004,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 |===
 === .spec.config.volumes[].flocker
@@ -4083,7 +4061,6 @@ Required::
 Tip: Ensure that the filesystem type is supported by the host operating system.
 Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
-TODO: how do we prevent errors in the filesystem from compromising the machine
 
 | `partition`
 | `integer`
@@ -4190,9 +4167,6 @@ machine that is directly exposed to the container. This is generally
 used for system agents or other privileged things that are allowed
 to see the host machine. Most containers will NOT need this.
 More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
----
-TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not
-mount host directories as read/write.
 --
 
 Type::
@@ -4219,6 +4193,54 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
 Defaults to ""
 More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
 
+|===
+=== .spec.config.volumes[].image
+Description::
++
+--
+image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.
+The volume is resolved at pod startup depending on which PullPolicy value is provided:
+
+- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.
+- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.
+- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.
+
+The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.
+A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.
+The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.
+The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.
+The volume will be mounted read-only (ro) and non-executable files (noexec).
+Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).
+The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `pullPolicy`
+| `string`
+| Policy for pulling OCI objects. Possible values are:
+Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.
+Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.
+IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.
+Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+
+| `reference`
+| `string`
+| Required: Image or artifact reference to be used.
+Behaves in the same way as pod.spec.containers[*].image.
+Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.
+More info: https://kubernetes.io/docs/concepts/containers/images
+This field is optional to allow higher level config management to default or override
+container images in workload controllers like Deployments and StatefulSets.
+
 |===
 === .spec.config.volumes[].iscsi
 Description::
@@ -4257,7 +4279,6 @@ Required::
 Tip: Ensure that the filesystem type is supported by the host operating system.
 Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
-TODO: how do we prevent errors in the filesystem from compromising the machine
 
 | `initiatorName`
 | `string`
@@ -4321,9 +4342,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 |===
 === .spec.config.volumes[].nfs
@@ -4489,18 +4508,21 @@ mode, like fsGroup, and the result can be other mode bits set.
 
 | `sources`
 | `array`
-| sources is the list of volume projections
+| sources is the list of volume projections. Each entry in this list
+handles one source.
 
 | `sources[]`
 | `object`
-| Projection that may be projected along with other supported volume types
+| Projection that may be projected along with other supported volume types.
+Exactly one of these fields must be set.
 
 |===
 === .spec.config.volumes[].projected.sources
 Description::
 +
 --
-sources is the list of volume projections
+sources is the list of volume projections. Each entry in this list
+handles one source.
 --
 
 Type::
@@ -4513,7 +4535,8 @@ Type::
 Description::
 +
 --
-Projection that may be projected along with other supported volume types
+Projection that may be projected along with other supported volume types.
+Exactly one of these fields must be set.
 --
 
 Type::
@@ -4531,14 +4554,11 @@ Type::
 | ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field
 of ClusterTrustBundle objects in an auto-updating file.
 
-
 Alpha, gated by the ClusterTrustBundleProjection feature gate.
 
-
 ClusterTrustBundle objects can either be selected by name, or by the
 combination of signer name and a label selector.
 
-
 Kubelet performs aggressive normalization of the PEM contents written
 into the pod filesystem.  Esoteric PEM features such as inter-block
 comments and block headers are stripped.  Certificates are deduplicated.
@@ -4569,14 +4589,11 @@ Description::
 ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field
 of ClusterTrustBundle objects in an auto-updating file.
 
-
 Alpha, gated by the ClusterTrustBundleProjection feature gate.
 
-
 ClusterTrustBundle objects can either be selected by name, or by the
 combination of signer name and a label selector.
 
-
 Kubelet performs aggressive normalization of the PEM contents written
 into the pod filesystem.  Esoteric PEM features such as inter-block
 comments and block headers are stripped.  Certificates are deduplicated.
@@ -4751,9 +4768,7 @@ relative and may not contain the '..' path or start with '..'.
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -4999,9 +5014,7 @@ relative and may not contain the '..' path or start with '..'.
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 | `optional`
 | `boolean`
@@ -5187,7 +5200,6 @@ Required::
 Tip: Ensure that the filesystem type is supported by the host operating system.
 Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
-TODO: how do we prevent errors in the filesystem from compromising the machine
 
 | `image`
 | `string`
@@ -5257,9 +5269,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 |===
 === .spec.config.volumes[].scaleIO
@@ -5355,9 +5365,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 |===
 === .spec.config.volumes[].secret
@@ -5544,9 +5552,7 @@ Type::
 This field is effectively required, but due to backwards compatibility is
 allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
 
 |===
 === .spec.config.volumes[].vsphereVolume
@@ -5735,7 +5741,6 @@ For example, if the object reference is to a container within a pod, this would
 the event) or if no container name is specified "spec.containers[2]" (container with
 index 2 in this pod). This syntax is chosen only to have some well-defined way of
 referencing a part of an object.
-TODO: this design is not final and this field is subject to change in the future.
 
 | `kind`
 | `string`
@@ -5851,7 +5856,6 @@ For example, if the object reference is to a container within a pod, this would
 the event) or if no container name is specified "spec.containers[2]" (container with
 index 2 in this pod). This syntax is chosen only to have some well-defined way of
 referencing a part of an object.
-TODO: this design is not final and this field is subject to change in the future.
 
 | `kind`
 | `string`
diff --git a/rest_api/project_apis/project-project-openshift-io-v1.adoc b/rest_api/project_apis/project-project-openshift-io-v1.adoc
index 7f2f570b47..b884ae52eb 100644
--- a/rest_api/project_apis/project-project-openshift-io-v1.adoc
+++ b/rest_api/project_apis/project-project-openshift-io-v1.adoc
@@ -245,9 +245,9 @@ Description::
 |===
 | HTTP code | Reponse body
 | 200 - OK
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status_v7[`Status_v7`] schema
+| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status_v6[`Status_v6`] schema
 | 202 - Accepted
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status_v7[`Status_v7`] schema
+| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status_v6[`Status_v6`] schema
 | 401 - Unauthorized
 | Empty
 |===
diff --git a/rest_api/project_apis/projectrequest-project-openshift-io-v1.adoc b/rest_api/project_apis/projectrequest-project-openshift-io-v1.adoc
index 6495736315..d14f7df67a 100644
--- a/rest_api/project_apis/projectrequest-project-openshift-io-v1.adoc
+++ b/rest_api/project_apis/projectrequest-project-openshift-io-v1.adoc
@@ -76,7 +76,7 @@ Description::
 |===
 | HTTP code | Reponse body
 | 200 - OK
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status_v7[`Status_v7`] schema
+| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status_v6[`Status_v6`] schema
 | 401 - Unauthorized
 | Empty
 |===
diff --git a/rest_api/provisioning_apis/baremetalhost-metal3-io-v1alpha1.adoc b/rest_api/provisioning_apis/baremetalhost-metal3-io-v1alpha1.adoc
index 8fac0bb961..44a1dda292 100644
--- a/rest_api/provisioning_apis/baremetalhost-metal3-io-v1alpha1.adoc
+++ b/rest_api/provisioning_apis/baremetalhost-metal3-io-v1alpha1.adoc
@@ -67,94 +67,143 @@ Required::
 
 | `architecture`
 | `string`
-| CPU architecture of the host, e.g. "x86_64" or "aarch64". If unset, eventually populated by inspection.
+| CPU architecture of the host, e.g. "x86_64" or "aarch64". If unset,
+eventually populated by inspection.
 
 | `automatedCleaningMode`
 | `string`
-| When set to disabled, automated cleaning will be avoided during provisioning and deprovisioning.
+| When set to disabled, automated cleaning will be skipped
+during provisioning and deprovisioning.
 
 | `bmc`
 | `object`
-| How do we connect to the BMC?
+| How do we connect to the BMC (Baseboard Management Controller) on
+the host?
 
 | `bootMACAddress`
 | `string`
-| Which MAC address will PXE boot? This is optional for some types, but required for libvirt VMs driven by vbmc.
+| The MAC address of the NIC used for provisioning the host. In case
+of network boot, this is the MAC address of the PXE booting
+interface. The MAC address of the BMC must never be used here!
 
 | `bootMode`
 | `string`
-| Select the method of initializing the hardware during boot. Defaults to UEFI.
+| Select the method of initializing the hardware during boot.
+Defaults to UEFI. Legacy boot should only be used for hardware that
+does not support UEFI correctly. Set to UEFISecureBoot to turn
+secure boot on automatically after provisioning.
 
 | `consumerRef`
 | `object`
-| ConsumerRef can be used to store information about something that is using a host. When it is not empty, the host is considered "in use".
+| ConsumerRef can be used to store information about something
+that is using a host. When it is not empty, the host is
+considered "in use". The common use case is a link to a Machine
+resource when the host is used by Cluster API.
 
 | `customDeploy`
 | `object`
-| A custom deploy procedure.
+| A custom deploy procedure. This is an advanced feature that allows
+using a custom deploy step provided by a site-specific deployment
+ramdisk. Most users will want to use "image" instead. Setting this
+field triggers provisioning.
 
 | `description`
 | `string`
-| Description is a human-entered text used to help identify the host
+| Description is a human-entered text used to help identify the host.
 
 | `externallyProvisioned`
 | `boolean`
-| ExternallyProvisioned means something else is managing the image running on the host and the operator should only manage the power status and hardware inventory inspection. If the Image field is filled in, this field is ignored.
+| ExternallyProvisioned means something else has provisioned the
+image running on the host, and the operator should only manage
+the power status. This field is used for integration with already
+provisioned hosts and when pivoting hosts between clusters. If
+unsure, leave this field as false.
 
 | `firmware`
 | `object`
-| BIOS configuration for bare metal server
+| Firmware (BIOS) configuration for bare metal server. If set, the
+requested settings will be applied before the host is provisioned.
+Only some vendor drivers support this field. An alternative is to
+use HostFirmwareSettings resources that allow changing arbitrary
+values and support the generic Redfish-based drivers.
 
 | `hardwareProfile`
 | `string`
-| What is the name of the hardware profile for this host? Hardware profiles are deprecated and should not be used. Use the separate fields Architecture and RootDeviceHints instead. Set to "empty" to prepare for the future version of the API without hardware profiles.
+| What is the name of the hardware profile for this host?
+Hardware profiles are deprecated and should not be used.
+Use the separate fields Architecture and RootDeviceHints instead.
+Set to "empty" to prepare for the future version of the API
+without hardware profiles.
 
 | `image`
 | `object`
-| Image holds the details of the image to be provisioned.
+| Image holds the details of the image to be provisioned. Populating
+the image will cause the host to start provisioning.
 
 | `metaData`
 | `object`
-| MetaData holds the reference to the Secret containing host metadata (e.g. meta_data.json) which is passed to the Config Drive.
+| MetaData holds the reference to the Secret containing host metadata
+which is passed to the Config Drive. By default, metadata will be
+generated for the host, so most users do not need to set this field.
 
 | `networkData`
 | `object`
-| NetworkData holds the reference to the Secret containing network configuration (e.g content of network_data.json) which is passed to the Config Drive.
+| NetworkData holds the reference to the Secret containing network
+configuration which is passed to the Config Drive and interpreted
+by the first boot software such as cloud-init.
 
 | `online`
 | `boolean`
-| Should the server be online?
+| Should the host be powered on? If the host is currently in a stable
+state (e.g. provisioned), its power state will be forced to match
+this value.
 
 | `preprovisioningNetworkDataName`
 | `string`
-| PreprovisioningNetworkDataName is the name of the Secret in the local namespace containing network configuration (e.g content of network_data.json) which is passed to the preprovisioning image, and to the Config Drive if not overridden by specifying NetworkData.
+| PreprovisioningNetworkDataName is the name of the Secret in the
+local namespace containing network configuration which is passed to
+the preprovisioning image, and to the Config Drive if not overridden
+by specifying NetworkData.
 
 | `raid`
 | `object`
-| RAID configuration for bare metal server
+| RAID configuration for bare metal server. If set, the RAID settings
+will be applied before the host is provisioned. If not, the current
+settings will not be modified. Only one of the sub-fields
+hardwareRAIDVolumes and softwareRAIDVolumes can be set at the same
+time.
 
 | `rootDeviceHints`
 | `object`
-| Provide guidance about how to choose the device for the image being provisioned.
+| Provide guidance about how to choose the device for the image
+being provisioned. The default is currently to use /dev/sda as
+the root device.
 
 | `taints`
 | `array`
-| Taints is the full, authoritative list of taints to apply to the corresponding Machine. This list will overwrite any modifications made to the Machine on an ongoing basis.
+| Taints is the full, authoritative list of taints to apply to
+the corresponding Machine. This list will overwrite any
+modifications made to the Machine on an ongoing basis.
 
 | `taints[]`
 | `object`
-| The node this Taint is attached to has the "effect" on any pod that does not tolerate the Taint.
+| The node this Taint is attached to has the "effect" on
+any pod that does not tolerate the Taint.
 
 | `userData`
 | `object`
-| UserData holds the reference to the Secret containing the user data to be passed to the host before it boots.
+| UserData holds the reference to the Secret containing the user data
+which is passed to the Config Drive and interpreted by the
+first-boot software such as cloud-init. The format of user data is
+specific to the first-boot software.
 
 |===
 === .spec.bmc
 Description::
 +
 --
-How do we connect to the BMC?
+How do we connect to the BMC (Baseboard Management Controller) on
+the host?
 --
 
 Type::
@@ -173,21 +222,30 @@ Required::
 | `address`
 | `string`
 | Address holds the URL for accessing the controller on the network.
+The scheme part designates the driver to use with the host.
 
 | `credentialsName`
 | `string`
-| The name of the secret containing the BMC credentials (requires keys "username" and "password").
+| The name of the secret containing the BMC credentials (requires
+keys "username" and "password").
 
 | `disableCertificateVerification`
 | `boolean`
-| DisableCertificateVerification disables verification of server certificates when using HTTPS to connect to the BMC. This is required when the server certificate is self-signed, but is insecure because it allows a man-in-the-middle to intercept the connection.
+| DisableCertificateVerification disables verification of server
+certificates when using HTTPS to connect to the BMC. This is
+required when the server certificate is self-signed, but is
+insecure because it allows a man-in-the-middle to intercept the
+connection.
 
 |===
 === .spec.consumerRef
 Description::
 +
 --
-ConsumerRef can be used to store information about something that is using a host. When it is not empty, the host is considered "in use".
+ConsumerRef can be used to store information about something
+that is using a host. When it is not empty, the host is
+considered "in use". The common use case is a link to a Machine
+resource when the host is used by Cluster API.
 --
 
 Type::
@@ -206,34 +264,48 @@ Type::
 
 | `fieldPath`
 | `string`
-| If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.
+| If referring to a piece of an object instead of an entire object, this string
+should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+For example, if the object reference is to a container within a pod, this would take on a value like:
+"spec.containers{name}" (where "name" refers to the name of the container that triggered
+the event) or if no container name is specified "spec.containers[2]" (container with
+index 2 in this pod). This syntax is chosen only to have some well-defined way of
+referencing a part of an object.
 
 | `kind`
 | `string`
-| Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+| Kind of the referent.
+More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
 
 | `name`
 | `string`
-| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+| Name of the referent.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 
 | `namespace`
 | `string`
-| Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+| Namespace of the referent.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
 
 | `resourceVersion`
 | `string`
-| Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+| Specific resourceVersion to which this reference is made, if any.
+More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
 
 | `uid`
 | `string`
-| UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+| UID of the referent.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
 
 |===
 === .spec.customDeploy
 Description::
 +
 --
-A custom deploy procedure.
+A custom deploy procedure. This is an advanced feature that allows
+using a custom deploy step provided by a site-specific deployment
+ramdisk. Most users will want to use "image" instead. Setting this
+field triggers provisioning.
 --
 
 Type::
@@ -250,14 +322,20 @@ Required::
 
 | `method`
 | `string`
-| Custom deploy method name. This name is specific to the deploy ramdisk used. If you don't have a custom deploy ramdisk, you shouldn't use CustomDeploy.
+| Custom deploy method name.
+This name is specific to the deploy ramdisk used. If you don't have
+a custom deploy ramdisk, you shouldn't use CustomDeploy.
 
 |===
 === .spec.firmware
 Description::
 +
 --
-BIOS configuration for bare metal server
+Firmware (BIOS) configuration for bare metal server. If set, the
+requested settings will be applied before the host is provisioned.
+Only some vendor drivers support this field. An alternative is to
+use HostFirmwareSettings resources that allow changing arbitrary
+values and support the generic Redfish-based drivers.
 --
 
 Type::
@@ -272,22 +350,23 @@ Type::
 
 | `simultaneousMultithreadingEnabled`
 | `boolean`
-| Allows a single physical processor core to appear as several logical processors. This supports following options: true, false.
+| Allows a single physical processor core to appear as several logical processors.
 
 | `sriovEnabled`
 | `boolean`
-| SR-IOV support enables a hypervisor to create virtual instances of a PCI-express device, potentially increasing performance. This supports following options: true, false.
+| SR-IOV support enables a hypervisor to create virtual instances of a PCI-express device, potentially increasing performance.
 
 | `virtualizationEnabled`
 | `boolean`
-| Supports the virtualization of platform hardware. This supports following options: true, false.
+| Supports the virtualization of platform hardware.
 
 |===
 === .spec.image
 Description::
 +
 --
-Image holds the details of the image to be provisioned.
+Image holds the details of the image to be provisioned. Populating
+the image will cause the host to start provisioning.
 --
 
 Type::
@@ -304,15 +383,20 @@ Required::
 
 | `checksum`
 | `string`
-| Checksum is the checksum for the image.
+| Checksum is the checksum for the image. Required for all formats
+except for "live-iso".
 
 | `checksumType`
 | `string`
-| ChecksumType is the checksum algorithm for the image, e.g md5, sha256 or sha512. The special value "auto" can be used to detect the algorithm from the checksum. If missing, MD5 is used. If in doubt, use "auto".
+| ChecksumType is the checksum algorithm for the image, e.g md5, sha256 or sha512.
+The special value "auto" can be used to detect the algorithm from the checksum.
+If missing, MD5 is used. If in doubt, use "auto".
 
 | `format`
 | `string`
-| DiskFormat contains the format of the image (raw, qcow2, ...). Needs to be set to raw for raw images streaming. Note live-iso means an iso referenced by the url will be live-booted and not deployed to disk, and in this case the checksum options are not required and if specified will be ignored.
+| Format contains the format of the image (raw, qcow2, ...).
+When set to "live-iso", an ISO 9660 image referenced by the url will
+be live-booted and not deployed to disk.
 
 | `url`
 | `string`
@@ -323,7 +407,9 @@ Required::
 Description::
 +
 --
-MetaData holds the reference to the Secret containing host metadata (e.g. meta_data.json) which is passed to the Config Drive.
+MetaData holds the reference to the Secret containing host metadata
+which is passed to the Config Drive. By default, metadata will be
+generated for the host, so most users do not need to set this field.
 --
 
 Type::
@@ -349,7 +435,9 @@ Type::
 Description::
 +
 --
-NetworkData holds the reference to the Secret containing network configuration (e.g content of network_data.json) which is passed to the Config Drive.
+NetworkData holds the reference to the Secret containing network
+configuration which is passed to the Config Drive and interpreted
+by the first boot software such as cloud-init.
 --
 
 Type::
@@ -375,7 +463,11 @@ Type::
 Description::
 +
 --
-RAID configuration for bare metal server
+RAID configuration for bare metal server. If set, the RAID settings
+will be applied before the host is provisioned. If not, the current
+settings will not be modified. Only one of the sub-fields
+hardwareRAIDVolumes and softwareRAIDVolumes can be set at the same
+time.
 --
 
 Type::
@@ -390,18 +482,28 @@ Type::
 
 | `hardwareRAIDVolumes`
 | ``
-| The list of logical disks for hardware RAID, if rootDeviceHints isn't used, first volume is root volume. You can set the value of this field to `[]` to clear all the hardware RAID configurations.
+| The list of logical disks for hardware RAID, if rootDeviceHints isn't used, first volume is root volume.
+You can set the value of this field to `[]` to clear all the hardware RAID configurations.
 
 | `softwareRAIDVolumes`
 | ``
-| The list of logical disks for software RAID, if rootDeviceHints isn't used, first volume is root volume. If HardwareRAIDVolumes is set this item will be invalid. The number of created Software RAID devices must be 1 or 2. If there is only one Software RAID device, it has to be a RAID-1. If there are two, the first one has to be a RAID-1, while the RAID level for the second one can be 0, 1, or 1+0. As the first RAID device will be the deployment device, enforcing a RAID-1 reduces the risk of ending up with a non-booting node in case of a disk failure. Software RAID will always be deleted.
+| The list of logical disks for software RAID, if rootDeviceHints isn't used, first volume is root volume.
+If HardwareRAIDVolumes is set this item will be invalid.
+The number of created Software RAID devices must be 1 or 2.
+If there is only one Software RAID device, it has to be a RAID-1.
+If there are two, the first one has to be a RAID-1, while the RAID level for the second one can be 0, 1, or 1+0.
+As the first RAID device will be the deployment device,
+enforcing a RAID-1 reduces the risk of ending up with a non-booting host in case of a disk failure.
+Software RAID will always be deleted.
 
 |===
 === .spec.rootDeviceHints
 Description::
 +
 --
-Provide guidance about how to choose the device for the image being provisioned.
+Provide guidance about how to choose the device for the image
+being provisioned. The default is currently to use /dev/sda as
+the root device.
 --
 
 Type::
@@ -416,11 +518,14 @@ Type::
 
 | `deviceName`
 | `string`
-| A Linux device name like "/dev/vda", or a by-path link to it like "/dev/disk/by-path/pci-0000:01:00.0-scsi-0:2:0:0". The hint must match the actual value exactly.
+| A Linux device name like "/dev/vda", or a by-path link to it like
+"/dev/disk/by-path/pci-0000:01:00.0-scsi-0:2:0:0". The hint must match
+the actual value exactly.
 
 | `hctl`
 | `string`
-| A SCSI bus address like 0:0:0:0. The hint must match the actual value exactly.
+| A SCSI bus address like 0:0:0:0. The hint must match the actual
+value exactly.
 
 | `minSizeGigabytes`
 | `integer`
@@ -428,7 +533,8 @@ Type::
 
 | `model`
 | `string`
-| A vendor-specific device identifier. The hint can be a substring of the actual value.
+| A vendor-specific device identifier. The hint can be a
+substring of the actual value.
 
 | `rotational`
 | `boolean`
@@ -436,30 +542,37 @@ Type::
 
 | `serialNumber`
 | `string`
-| Device serial number. The hint must match the actual value exactly.
+| Device serial number. The hint must match the actual value
+exactly.
 
 | `vendor`
 | `string`
-| The name of the vendor or manufacturer of the device. The hint can be a substring of the actual value.
+| The name of the vendor or manufacturer of the device. The hint
+can be a substring of the actual value.
 
 | `wwn`
 | `string`
-| Unique storage identifier. The hint must match the actual value exactly.
+| Unique storage identifier. The hint must match the actual value
+exactly.
 
 | `wwnVendorExtension`
 | `string`
-| Unique vendor storage identifier. The hint must match the actual value exactly.
+| Unique vendor storage identifier. The hint must match the
+actual value exactly.
 
 | `wwnWithExtension`
 | `string`
-| Unique storage identifier with the vendor extension appended. The hint must match the actual value exactly.
+| Unique storage identifier with the vendor extension
+appended. The hint must match the actual value exactly.
 
 |===
 === .spec.taints
 Description::
 +
 --
-Taints is the full, authoritative list of taints to apply to the corresponding Machine. This list will overwrite any modifications made to the Machine on an ongoing basis.
+Taints is the full, authoritative list of taints to apply to
+the corresponding Machine. This list will overwrite any
+modifications made to the Machine on an ongoing basis.
 --
 
 Type::
@@ -472,7 +585,8 @@ Type::
 Description::
 +
 --
-The node this Taint is attached to has the "effect" on any pod that does not tolerate the Taint.
+The node this Taint is attached to has the "effect" on
+any pod that does not tolerate the Taint.
 --
 
 Type::
@@ -490,7 +604,9 @@ Required::
 
 | `effect`
 | `string`
-| Required. The effect of the taint on pods that do not tolerate the taint. Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
+| Required. The effect of the taint on pods
+that do not tolerate the taint.
+Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
 
 | `key`
 | `string`
@@ -498,7 +614,8 @@ Required::
 
 | `timeAdded`
 | `string`
-| TimeAdded represents the time at which the taint was added. It is only written for NoExecute taints.
+| TimeAdded represents the time at which the taint was added.
+It is only written for NoExecute taints.
 
 | `value`
 | `string`
@@ -509,7 +626,10 @@ Required::
 Description::
 +
 --
-UserData holds the reference to the Secret containing the user data to be passed to the host before it boots.
+UserData holds the reference to the Secret containing the user data
+which is passed to the Config Drive and interpreted by the
+first-boot software such as cloud-init. The format of user data is
+specific to the first-boot software.
 --
 
 Type::
@@ -544,7 +664,6 @@ Type::
 Required::
   - `errorCount`
   - `errorMessage`
-  - `hardwareProfile`
   - `operationalStatus`
   - `poweredOn`
   - `provisioning`
@@ -561,23 +680,27 @@ Required::
 
 | `errorMessage`
 | `string`
-| the last error message reported by the provisioning subsystem
+| The last error message reported by the provisioning subsystem.
 
 | `errorType`
 | `string`
-| ErrorType indicates the type of failure encountered when the OperationalStatus is OperationalStatusError
+| ErrorType indicates the type of failure encountered when the
+OperationalStatus is OperationalStatusError
 
 | `goodCredentials`
 | `object`
-| the last credentials we were able to validate as working
+| The last credentials we were able to validate as working.
 
 | `hardware`
 | `object`
 | The hardware discovered to exist on the host.
+This field will be removed in the next API version in favour of the
+separate HardwareData resource.
 
 | `hardwareProfile`
 | `string`
 | The name of the profile matching the hardware details.
+Hardware profiles are deprecated and should not be relied on.
 
 | `lastUpdated`
 | `string`
@@ -585,7 +708,8 @@ Required::
 
 | `operationHistory`
 | `object`
-| OperationHistory holds information about operations performed on this host.
+| OperationHistory holds information about operations performed
+on this host.
 
 | `operationalStatus`
 | `string`
@@ -593,7 +717,9 @@ Required::
 
 | `poweredOn`
 | `boolean`
-| indicator for whether or not the host is powered on
+| The currently detected power state of the host. This field may get
+briefly out of sync with the actual state of the hardware while
+provisioning processes are running.
 
 | `provisioning`
 | `object`
@@ -601,14 +727,14 @@ Required::
 
 | `triedCredentials`
 | `object`
-| the last credentials we sent to the provisioning backend
+| The last credentials we sent to the provisioning backend.
 
 |===
 === .status.goodCredentials
 Description::
 +
 --
-the last credentials we were able to validate as working
+The last credentials we were able to validate as working.
 --
 
 Type::
@@ -623,7 +749,8 @@ Type::
 
 | `credentials`
 | `object`
-| SecretReference represents a Secret Reference. It has enough information to retrieve secret in any namespace
+| SecretReference represents a Secret Reference. It has enough information to retrieve secret
+in any namespace
 
 | `credentialsVersion`
 | `string`
@@ -634,7 +761,8 @@ Type::
 Description::
 +
 --
-SecretReference represents a Secret Reference. It has enough information to retrieve secret in any namespace
+SecretReference represents a Secret Reference. It has enough information to retrieve secret
+in any namespace
 --
 
 Type::
@@ -661,6 +789,8 @@ Description::
 +
 --
 The hardware discovered to exist on the host.
+This field will be removed in the next API version in favour of the
+separate HardwareData resource.
 --
 
 Type::
@@ -675,11 +805,11 @@ Type::
 
 | `cpu`
 | `object`
-| CPU describes one processor on the host.
+| Details of the CPU(s) in the system.
 
 | `firmware`
 | `object`
-| Firmware describes the firmware on the host.
+| System firmware information.
 
 | `hostname`
 | `string`
@@ -687,7 +817,7 @@ Type::
 
 | `nics`
 | `array`
-| 
+| List of network interfaces for the host.
 
 | `nics[]`
 | `object`
@@ -695,11 +825,11 @@ Type::
 
 | `ramMebibytes`
 | `integer`
-| 
+| The host's amount of memory in Mebibytes.
 
 | `storage`
 | `array`
-| 
+| List of storage (disk, SSD, etc.) available to the host.
 
 | `storage[]`
 | `object`
@@ -707,14 +837,14 @@ Type::
 
 | `systemVendor`
 | `object`
-| HardwareSystemVendor stores details about the whole hardware system.
+| System vendor information.
 
 |===
 === .status.hardware.cpu
 Description::
 +
 --
-CPU describes one processor on the host.
+Details of the CPU(s) in the system.
 --
 
 Type::
@@ -752,7 +882,7 @@ Type::
 Description::
 +
 --
-Firmware describes the firmware on the host.
+System firmware information.
 --
 
 Type::
@@ -804,7 +934,7 @@ Type::
 Description::
 +
 --
-
+List of network interfaces for the host.
 --
 
 Type::
@@ -832,7 +962,9 @@ Type::
 
 | `ip`
 | `string`
-| The IP address of the interface. This will be an IPv4 or IPv6 address if one is present.  If both IPv4 and IPv6 addresses are present in a dual-stack environment, two nics will be output, one with each IP.
+| The IP address of the interface. This will be an IPv4 or IPv6 address
+if one is present.  If both IPv4 and IPv6 addresses are present in a
+dual-stack environment, two nics will be output, one with each IP.
 
 | `mac`
 | `string`
@@ -910,7 +1042,7 @@ Type::
 Description::
 +
 --
-
+List of storage (disk, SSD, etc.) available to the host.
 --
 
 Type::
@@ -938,7 +1070,9 @@ Type::
 
 | `alternateNames`
 | `array (string)`
-| A list of alternate Linux device names of the disk, e.g. "/dev/sda". Note that this list is not exhaustive, and names may not be stable across reboots.
+| A list of alternate Linux device names of the disk, e.g. "/dev/sda".
+Note that this list is not exhaustive, and names may not be stable
+across reboots.
 
 | `hctl`
 | `string`
@@ -950,11 +1084,16 @@ Type::
 
 | `name`
 | `string`
-| A Linux device name of the disk, e.g. "/dev/disk/by-path/pci-0000:01:00.0-scsi-0:2:0:0". This will be a name that is stable across reboots if one is available.
+| A Linux device name of the disk, e.g.
+"/dev/disk/by-path/pci-0000:01:00.0-scsi-0:2:0:0". This will be a name
+that is stable across reboots if one is available.
 
 | `rotational`
 | `boolean`
-| Whether this disk represents rotational storage. This field is not recommended for usage, please prefer using 'Type' field instead, this field will be deprecated eventually.
+| Whether this disk represents rotational storage.
+This field is not recommended for usage, please
+prefer using 'Type' field instead, this field
+will be deprecated eventually.
 
 | `serialNumber`
 | `string`
@@ -989,7 +1128,7 @@ Type::
 Description::
 +
 --
-HardwareSystemVendor stores details about the whole hardware system.
+System vendor information.
 --
 
 Type::
@@ -1019,7 +1158,8 @@ Type::
 Description::
 +
 --
-OperationHistory holds information about operations performed on this host.
+OperationHistory holds information about operations performed
+on this host.
 --
 
 Type::
@@ -1034,26 +1174,31 @@ Type::
 
 | `deprovision`
 | `object`
-| OperationMetric contains metadata about an operation (inspection, provisioning, etc.) used for tracking metrics.
+| OperationMetric contains metadata about an operation (inspection,
+provisioning, etc.) used for tracking metrics.
 
 | `inspect`
 | `object`
-| OperationMetric contains metadata about an operation (inspection, provisioning, etc.) used for tracking metrics.
+| OperationMetric contains metadata about an operation (inspection,
+provisioning, etc.) used for tracking metrics.
 
 | `provision`
 | `object`
-| OperationMetric contains metadata about an operation (inspection, provisioning, etc.) used for tracking metrics.
+| OperationMetric contains metadata about an operation (inspection,
+provisioning, etc.) used for tracking metrics.
 
 | `register`
 | `object`
-| OperationMetric contains metadata about an operation (inspection, provisioning, etc.) used for tracking metrics.
+| OperationMetric contains metadata about an operation (inspection,
+provisioning, etc.) used for tracking metrics.
 
 |===
 === .status.operationHistory.deprovision
 Description::
 +
 --
-OperationMetric contains metadata about an operation (inspection, provisioning, etc.) used for tracking metrics.
+OperationMetric contains metadata about an operation (inspection,
+provisioning, etc.) used for tracking metrics.
 --
 
 Type::
@@ -1079,7 +1224,8 @@ Type::
 Description::
 +
 --
-OperationMetric contains metadata about an operation (inspection, provisioning, etc.) used for tracking metrics.
+OperationMetric contains metadata about an operation (inspection,
+provisioning, etc.) used for tracking metrics.
 --
 
 Type::
@@ -1105,7 +1251,8 @@ Type::
 Description::
 +
 --
-OperationMetric contains metadata about an operation (inspection, provisioning, etc.) used for tracking metrics.
+OperationMetric contains metadata about an operation (inspection,
+provisioning, etc.) used for tracking metrics.
 --
 
 Type::
@@ -1131,7 +1278,8 @@ Type::
 Description::
 +
 --
-OperationMetric contains metadata about an operation (inspection, provisioning, etc.) used for tracking metrics.
+OperationMetric contains metadata about an operation (inspection,
+provisioning, etc.) used for tracking metrics.
 --
 
 Type::
@@ -1175,11 +1323,12 @@ Required::
 
 | `ID`
 | `string`
-| The machine's UUID from the underlying provisioning tool
+| The hosts's ID from the underlying provisioning tool (e.g. the
+Ironic node UUID).
 
 | `bootMode`
 | `string`
-| BootMode indicates the boot mode used to provision the node
+| BootMode indicates the boot mode used to provision the host.
 
 | `customDeploy`
 | `object`
@@ -1187,23 +1336,24 @@ Required::
 
 | `firmware`
 | `object`
-| The Bios set by the user
+| The firmware settings that have been applied.
 
 | `image`
 | `object`
-| Image holds the details of the last image successfully provisioned to the host.
+| Image holds the details of the last image successfully
+provisioned to the host.
 
 | `raid`
 | `object`
-| The Raid set by the user
+| The RAID configuration that has been applied.
 
 | `rootDeviceHints`
 | `object`
-| The RootDevicehints set by the user
+| The root device hints used to provision the host.
 
 | `state`
 | `string`
-| An indiciator for what the provisioner is doing with the host.
+| An indicator for what the provisioner is doing with the host.
 
 |===
 === .status.provisioning.customDeploy
@@ -1227,14 +1377,16 @@ Required::
 
 | `method`
 | `string`
-| Custom deploy method name. This name is specific to the deploy ramdisk used. If you don't have a custom deploy ramdisk, you shouldn't use CustomDeploy.
+| Custom deploy method name.
+This name is specific to the deploy ramdisk used. If you don't have
+a custom deploy ramdisk, you shouldn't use CustomDeploy.
 
 |===
 === .status.provisioning.firmware
 Description::
 +
 --
-The Bios set by the user
+The firmware settings that have been applied.
 --
 
 Type::
@@ -1249,22 +1401,23 @@ Type::
 
 | `simultaneousMultithreadingEnabled`
 | `boolean`
-| Allows a single physical processor core to appear as several logical processors. This supports following options: true, false.
+| Allows a single physical processor core to appear as several logical processors.
 
 | `sriovEnabled`
 | `boolean`
-| SR-IOV support enables a hypervisor to create virtual instances of a PCI-express device, potentially increasing performance. This supports following options: true, false.
+| SR-IOV support enables a hypervisor to create virtual instances of a PCI-express device, potentially increasing performance.
 
 | `virtualizationEnabled`
 | `boolean`
-| Supports the virtualization of platform hardware. This supports following options: true, false.
+| Supports the virtualization of platform hardware.
 
 |===
 === .status.provisioning.image
 Description::
 +
 --
-Image holds the details of the last image successfully provisioned to the host.
+Image holds the details of the last image successfully
+provisioned to the host.
 --
 
 Type::
@@ -1281,15 +1434,20 @@ Required::
 
 | `checksum`
 | `string`
-| Checksum is the checksum for the image.
+| Checksum is the checksum for the image. Required for all formats
+except for "live-iso".
 
 | `checksumType`
 | `string`
-| ChecksumType is the checksum algorithm for the image, e.g md5, sha256 or sha512. The special value "auto" can be used to detect the algorithm from the checksum. If missing, MD5 is used. If in doubt, use "auto".
+| ChecksumType is the checksum algorithm for the image, e.g md5, sha256 or sha512.
+The special value "auto" can be used to detect the algorithm from the checksum.
+If missing, MD5 is used. If in doubt, use "auto".
 
 | `format`
 | `string`
-| DiskFormat contains the format of the image (raw, qcow2, ...). Needs to be set to raw for raw images streaming. Note live-iso means an iso referenced by the url will be live-booted and not deployed to disk, and in this case the checksum options are not required and if specified will be ignored.
+| Format contains the format of the image (raw, qcow2, ...).
+When set to "live-iso", an ISO 9660 image referenced by the url will
+be live-booted and not deployed to disk.
 
 | `url`
 | `string`
@@ -1300,7 +1458,7 @@ Required::
 Description::
 +
 --
-The Raid set by the user
+The RAID configuration that has been applied.
 --
 
 Type::
@@ -1315,18 +1473,26 @@ Type::
 
 | `hardwareRAIDVolumes`
 | ``
-| The list of logical disks for hardware RAID, if rootDeviceHints isn't used, first volume is root volume. You can set the value of this field to `[]` to clear all the hardware RAID configurations.
+| The list of logical disks for hardware RAID, if rootDeviceHints isn't used, first volume is root volume.
+You can set the value of this field to `[]` to clear all the hardware RAID configurations.
 
 | `softwareRAIDVolumes`
 | ``
-| The list of logical disks for software RAID, if rootDeviceHints isn't used, first volume is root volume. If HardwareRAIDVolumes is set this item will be invalid. The number of created Software RAID devices must be 1 or 2. If there is only one Software RAID device, it has to be a RAID-1. If there are two, the first one has to be a RAID-1, while the RAID level for the second one can be 0, 1, or 1+0. As the first RAID device will be the deployment device, enforcing a RAID-1 reduces the risk of ending up with a non-booting node in case of a disk failure. Software RAID will always be deleted.
+| The list of logical disks for software RAID, if rootDeviceHints isn't used, first volume is root volume.
+If HardwareRAIDVolumes is set this item will be invalid.
+The number of created Software RAID devices must be 1 or 2.
+If there is only one Software RAID device, it has to be a RAID-1.
+If there are two, the first one has to be a RAID-1, while the RAID level for the second one can be 0, 1, or 1+0.
+As the first RAID device will be the deployment device,
+enforcing a RAID-1 reduces the risk of ending up with a non-booting host in case of a disk failure.
+Software RAID will always be deleted.
 
 |===
 === .status.provisioning.rootDeviceHints
 Description::
 +
 --
-The RootDevicehints set by the user
+The root device hints used to provision the host.
 --
 
 Type::
@@ -1341,11 +1507,14 @@ Type::
 
 | `deviceName`
 | `string`
-| A Linux device name like "/dev/vda", or a by-path link to it like "/dev/disk/by-path/pci-0000:01:00.0-scsi-0:2:0:0". The hint must match the actual value exactly.
+| A Linux device name like "/dev/vda", or a by-path link to it like
+"/dev/disk/by-path/pci-0000:01:00.0-scsi-0:2:0:0". The hint must match
+the actual value exactly.
 
 | `hctl`
 | `string`
-| A SCSI bus address like 0:0:0:0. The hint must match the actual value exactly.
+| A SCSI bus address like 0:0:0:0. The hint must match the actual
+value exactly.
 
 | `minSizeGigabytes`
 | `integer`
@@ -1353,7 +1522,8 @@ Type::
 
 | `model`
 | `string`
-| A vendor-specific device identifier. The hint can be a substring of the actual value.
+| A vendor-specific device identifier. The hint can be a
+substring of the actual value.
 
 | `rotational`
 | `boolean`
@@ -1361,30 +1531,35 @@ Type::
 
 | `serialNumber`
 | `string`
-| Device serial number. The hint must match the actual value exactly.
+| Device serial number. The hint must match the actual value
+exactly.
 
 | `vendor`
 | `string`
-| The name of the vendor or manufacturer of the device. The hint can be a substring of the actual value.
+| The name of the vendor or manufacturer of the device. The hint
+can be a substring of the actual value.
 
 | `wwn`
 | `string`
-| Unique storage identifier. The hint must match the actual value exactly.
+| Unique storage identifier. The hint must match the actual value
+exactly.
 
 | `wwnVendorExtension`
 | `string`
-| Unique vendor storage identifier. The hint must match the actual value exactly.
+| Unique vendor storage identifier. The hint must match the
+actual value exactly.
 
 | `wwnWithExtension`
 | `string`
-| Unique storage identifier with the vendor extension appended. The hint must match the actual value exactly.
+| Unique storage identifier with the vendor extension
+appended. The hint must match the actual value exactly.
 
 |===
 === .status.triedCredentials
 Description::
 +
 --
-the last credentials we sent to the provisioning backend
+The last credentials we sent to the provisioning backend.
 --
 
 Type::
@@ -1399,7 +1574,8 @@ Type::
 
 | `credentials`
 | `object`
-| SecretReference represents a Secret Reference. It has enough information to retrieve secret in any namespace
+| SecretReference represents a Secret Reference. It has enough information to retrieve secret
+in any namespace
 
 | `credentialsVersion`
 | `string`
@@ -1410,7 +1586,8 @@ Type::
 Description::
 +
 --
-SecretReference represents a Secret Reference. It has enough information to retrieve secret in any namespace
+SecretReference represents a Secret Reference. It has enough information to retrieve secret
+in any namespace
 --
 
 Type::
diff --git a/rest_api/provisioning_apis/bmceventsubscription-metal3-io-v1alpha1.adoc b/rest_api/provisioning_apis/bmceventsubscription-metal3-io-v1alpha1.adoc
index 4b40fa8ed2..a24f4e76dc 100644
--- a/rest_api/provisioning_apis/bmceventsubscription-metal3-io-v1alpha1.adoc
+++ b/rest_api/provisioning_apis/bmceventsubscription-metal3-io-v1alpha1.adoc
@@ -77,14 +77,16 @@ Type::
 
 | `httpHeadersRef`
 | `object`
-| A secret containing HTTP headers which should be passed along to the Destination when making a request
+| A secret containing HTTP headers which should be passed along to the Destination
+when making a request
 
 |===
 === .spec.httpHeadersRef
 Description::
 +
 --
-A secret containing HTTP headers which should be passed along to the Destination when making a request
+A secret containing HTTP headers which should be passed along to the Destination
+when making a request
 --
 
 Type::
diff --git a/rest_api/provisioning_apis/dataimage-metal3-io-v1alpha1.adoc b/rest_api/provisioning_apis/dataimage-metal3-io-v1alpha1.adoc
index 9eec871b2f..cc2e987d26 100644
--- a/rest_api/provisioning_apis/dataimage-metal3-io-v1alpha1.adoc
+++ b/rest_api/provisioning_apis/dataimage-metal3-io-v1alpha1.adoc
@@ -67,7 +67,8 @@ Required::
 
 | `url`
 | `string`
-| Url is the address of the dataImage that we want to attach to a BareMetalHost
+| Url is the address of the dataImage that we want to attach
+to a BareMetalHost
 
 |===
 === .status
diff --git a/rest_api/provisioning_apis/firmwareschema-metal3-io-v1alpha1.adoc b/rest_api/provisioning_apis/firmwareschema-metal3-io-v1alpha1.adoc
index f1717bdaef..3eb8c96e69 100644
--- a/rest_api/provisioning_apis/firmwareschema-metal3-io-v1alpha1.adoc
+++ b/rest_api/provisioning_apis/firmwareschema-metal3-io-v1alpha1.adoc
@@ -134,7 +134,8 @@ Type::
 
 | `unique`
 | `boolean`
-| Whether or not this setting's value is unique to this node, e.g. a serial number.
+| Whether or not this setting's value is unique to this node, e.g.
+a serial number.
 
 | `upper_bound`
 | `integer`
diff --git a/rest_api/provisioning_apis/hardwaredata-metal3-io-v1alpha1.adoc b/rest_api/provisioning_apis/hardwaredata-metal3-io-v1alpha1.adoc
index 0e390199a1..c5041ee4dd 100644
--- a/rest_api/provisioning_apis/hardwaredata-metal3-io-v1alpha1.adoc
+++ b/rest_api/provisioning_apis/hardwaredata-metal3-io-v1alpha1.adoc
@@ -83,11 +83,11 @@ Type::
 
 | `cpu`
 | `object`
-| CPU describes one processor on the host.
+| Details of the CPU(s) in the system.
 
 | `firmware`
 | `object`
-| Firmware describes the firmware on the host.
+| System firmware information.
 
 | `hostname`
 | `string`
@@ -95,7 +95,7 @@ Type::
 
 | `nics`
 | `array`
-| 
+| List of network interfaces for the host.
 
 | `nics[]`
 | `object`
@@ -103,11 +103,11 @@ Type::
 
 | `ramMebibytes`
 | `integer`
-| 
+| The host's amount of memory in Mebibytes.
 
 | `storage`
 | `array`
-| 
+| List of storage (disk, SSD, etc.) available to the host.
 
 | `storage[]`
 | `object`
@@ -115,14 +115,14 @@ Type::
 
 | `systemVendor`
 | `object`
-| HardwareSystemVendor stores details about the whole hardware system.
+| System vendor information.
 
 |===
 === .spec.hardware.cpu
 Description::
 +
 --
-CPU describes one processor on the host.
+Details of the CPU(s) in the system.
 --
 
 Type::
@@ -160,7 +160,7 @@ Type::
 Description::
 +
 --
-Firmware describes the firmware on the host.
+System firmware information.
 --
 
 Type::
@@ -212,7 +212,7 @@ Type::
 Description::
 +
 --
-
+List of network interfaces for the host.
 --
 
 Type::
@@ -240,7 +240,9 @@ Type::
 
 | `ip`
 | `string`
-| The IP address of the interface. This will be an IPv4 or IPv6 address if one is present.  If both IPv4 and IPv6 addresses are present in a dual-stack environment, two nics will be output, one with each IP.
+| The IP address of the interface. This will be an IPv4 or IPv6 address
+if one is present.  If both IPv4 and IPv6 addresses are present in a
+dual-stack environment, two nics will be output, one with each IP.
 
 | `mac`
 | `string`
@@ -318,7 +320,7 @@ Type::
 Description::
 +
 --
-
+List of storage (disk, SSD, etc.) available to the host.
 --
 
 Type::
@@ -346,7 +348,9 @@ Type::
 
 | `alternateNames`
 | `array (string)`
-| A list of alternate Linux device names of the disk, e.g. "/dev/sda". Note that this list is not exhaustive, and names may not be stable across reboots.
+| A list of alternate Linux device names of the disk, e.g. "/dev/sda".
+Note that this list is not exhaustive, and names may not be stable
+across reboots.
 
 | `hctl`
 | `string`
@@ -358,11 +362,16 @@ Type::
 
 | `name`
 | `string`
-| A Linux device name of the disk, e.g. "/dev/disk/by-path/pci-0000:01:00.0-scsi-0:2:0:0". This will be a name that is stable across reboots if one is available.
+| A Linux device name of the disk, e.g.
+"/dev/disk/by-path/pci-0000:01:00.0-scsi-0:2:0:0". This will be a name
+that is stable across reboots if one is available.
 
 | `rotational`
 | `boolean`
-| Whether this disk represents rotational storage. This field is not recommended for usage, please prefer using 'Type' field instead, this field will be deprecated eventually.
+| Whether this disk represents rotational storage.
+This field is not recommended for usage, please
+prefer using 'Type' field instead, this field
+will be deprecated eventually.
 
 | `serialNumber`
 | `string`
@@ -397,7 +406,7 @@ Type::
 Description::
 +
 --
-HardwareSystemVendor stores details about the whole hardware system.
+System vendor information.
 --
 
 Type::
diff --git a/rest_api/provisioning_apis/hostfirmwarecomponents-metal3-io-v1alpha1.adoc b/rest_api/provisioning_apis/hostfirmwarecomponents-metal3-io-v1alpha1.adoc
index 0f3e57ab61..8e0dd47c4c 100644
--- a/rest_api/provisioning_apis/hostfirmwarecomponents-metal3-io-v1alpha1.adoc
+++ b/rest_api/provisioning_apis/hostfirmwarecomponents-metal3-io-v1alpha1.adoc
@@ -147,9 +147,7 @@ Type::
 
 | `conditions[]`
 | `object`
-| Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions.  For example, 
- type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` 
- // other fields }
+| Condition contains details for one aspect of the current state of this API Resource.
 
 | `lastUpdated`
 | `string`
@@ -157,7 +155,8 @@ Type::
 
 | `updates`
 | `array`
-| Updates is the list of all firmware components that should be updated they are specified via name and url fields.
+| Updates is the list of all firmware components that should be updated
+they are specified via name and url fields.
 
 | `updates[]`
 | `object`
@@ -235,9 +234,7 @@ Type::
 Description::
 +
 --
-Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions.  For example, 
- type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` 
- // other fields }
+Condition contains details for one aspect of the current state of this API Resource.
 --
 
 Type::
@@ -258,19 +255,27 @@ Required::
 
 | `lastTransitionTime`
 | `string`
-| lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
+| lastTransitionTime is the last time the condition transitioned from one status to another.
+This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
 
 | `message`
 | `string`
-| message is a human readable message indicating details about the transition. This may be an empty string.
+| message is a human readable message indicating details about the transition.
+This may be an empty string.
 
 | `observedGeneration`
 | `integer`
-| observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
+| observedGeneration represents the .metadata.generation that the condition was set based upon.
+For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+with respect to the current state of the instance.
 
 | `reason`
 | `string`
-| reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
+| reason contains a programmatic identifier indicating the reason for the condition's last transition.
+Producers of specific condition types may define expected values and meanings for this field,
+and whether the values are considered a guaranteed API.
+The value should be a CamelCase string.
+This field may not be empty.
 
 | `status`
 | `string`
@@ -278,14 +283,15 @@ Required::
 
 | `type`
 | `string`
-| type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+| type of condition in CamelCase or in foo.example.com/CamelCase.
 
 |===
 === .status.updates
 Description::
 +
 --
-Updates is the list of all firmware components that should be updated they are specified via name and url fields.
+Updates is the list of all firmware components that should be updated
+they are specified via name and url fields.
 --
 
 Type::
diff --git a/rest_api/provisioning_apis/hostfirmwaresettings-metal3-io-v1alpha1.adoc b/rest_api/provisioning_apis/hostfirmwaresettings-metal3-io-v1alpha1.adoc
index db711e65bf..e024361e7d 100644
--- a/rest_api/provisioning_apis/hostfirmwaresettings-metal3-io-v1alpha1.adoc
+++ b/rest_api/provisioning_apis/hostfirmwaresettings-metal3-io-v1alpha1.adoc
@@ -95,9 +95,7 @@ Required::
 
 | `conditions[]`
 | `object`
-| Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions.  For example, 
- type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` 
- // other fields }
+| Condition contains details for one aspect of the current state of this API Resource.
 
 | `lastUpdated`
 | `string`
@@ -105,7 +103,9 @@ Required::
 
 | `schema`
 | `object`
-| FirmwareSchema is a reference to the Schema used to describe each FirmwareSetting. By default, this will be a Schema in the same Namespace as the settings but it can be overwritten in the Spec
+| FirmwareSchema is a reference to the Schema used to describe each
+FirmwareSetting. By default, this will be a Schema in the same
+Namespace as the settings but it can be overwritten in the Spec
 
 | `settings`
 | `object (string)`
@@ -129,9 +129,7 @@ Type::
 Description::
 +
 --
-Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions.  For example, 
- type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` 
- // other fields }
+Condition contains details for one aspect of the current state of this API Resource.
 --
 
 Type::
@@ -152,19 +150,27 @@ Required::
 
 | `lastTransitionTime`
 | `string`
-| lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
+| lastTransitionTime is the last time the condition transitioned from one status to another.
+This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
 
 | `message`
 | `string`
-| message is a human readable message indicating details about the transition. This may be an empty string.
+| message is a human readable message indicating details about the transition.
+This may be an empty string.
 
 | `observedGeneration`
 | `integer`
-| observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
+| observedGeneration represents the .metadata.generation that the condition was set based upon.
+For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+with respect to the current state of the instance.
 
 | `reason`
 | `string`
-| reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
+| reason contains a programmatic identifier indicating the reason for the condition's last transition.
+Producers of specific condition types may define expected values and meanings for this field,
+and whether the values are considered a guaranteed API.
+The value should be a CamelCase string.
+This field may not be empty.
 
 | `status`
 | `string`
@@ -172,14 +178,16 @@ Required::
 
 | `type`
 | `string`
-| type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+| type of condition in CamelCase or in foo.example.com/CamelCase.
 
 |===
 === .status.schema
 Description::
 +
 --
-FirmwareSchema is a reference to the Schema used to describe each FirmwareSetting. By default, this will be a Schema in the same Namespace as the settings but it can be overwritten in the Spec
+FirmwareSchema is a reference to the Schema used to describe each
+FirmwareSetting. By default, this will be a Schema in the same
+Namespace as the settings but it can be overwritten in the Spec
 --
 
 Type::
diff --git a/rest_api/provisioning_apis/preprovisioningimage-metal3-io-v1alpha1.adoc b/rest_api/provisioning_apis/preprovisioningimage-metal3-io-v1alpha1.adoc
index fac6013691..bc1077f52a 100644
--- a/rest_api/provisioning_apis/preprovisioningimage-metal3-io-v1alpha1.adoc
+++ b/rest_api/provisioning_apis/preprovisioningimage-metal3-io-v1alpha1.adoc
@@ -73,7 +73,8 @@ Type::
 
 | `networkDataName`
 | `string`
-| networkDataName is the name of a Secret in the local namespace that contains network data to build in to the image.
+| networkDataName is the name of a Secret in the local namespace that
+contains network data to build in to the image.
 
 |===
 === .status
@@ -103,17 +104,17 @@ Type::
 
 | `conditions[]`
 | `object`
-| Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions.  For example, 
- type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` 
- // other fields }
+| Condition contains details for one aspect of the current state of this API Resource.
 
 | `extraKernelParams`
 | `string`
-| extraKernelParams is a string with extra parameters to pass to the kernel when booting the image over network. Only makes sense for initrd images.
+| extraKernelParams is a string with extra parameters to pass to the
+kernel when booting the image over network. Only makes sense for initrd images.
 
 | `format`
 | `string`
-| format is the type of image that is available at the download url: either iso or initrd.
+| format is the type of image that is available at the download url:
+either iso or initrd.
 
 | `imageUrl`
 | `string`
@@ -121,11 +122,13 @@ Type::
 
 | `kernelUrl`
 | `string`
-| kernelUrl is the URL from which the kernel of the image can be downloaded. Only makes sense for initrd images.
+| kernelUrl is the URL from which the kernel of the image can be downloaded.
+Only makes sense for initrd images.
 
 | `networkData`
 | `object`
-| networkData is a reference to the version of the Secret containing the network data used to build the image.
+| networkData is a reference to the version of the Secret containing the
+network data used to build the image.
 
 |===
 === .status.conditions
@@ -145,9 +148,7 @@ Type::
 Description::
 +
 --
-Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions.  For example, 
- type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` 
- // other fields }
+Condition contains details for one aspect of the current state of this API Resource.
 --
 
 Type::
@@ -168,19 +169,27 @@ Required::
 
 | `lastTransitionTime`
 | `string`
-| lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
+| lastTransitionTime is the last time the condition transitioned from one status to another.
+This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
 
 | `message`
 | `string`
-| message is a human readable message indicating details about the transition. This may be an empty string.
+| message is a human readable message indicating details about the transition.
+This may be an empty string.
 
 | `observedGeneration`
 | `integer`
-| observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
+| observedGeneration represents the .metadata.generation that the condition was set based upon.
+For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+with respect to the current state of the instance.
 
 | `reason`
 | `string`
-| reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
+| reason contains a programmatic identifier indicating the reason for the condition's last transition.
+Producers of specific condition types may define expected values and meanings for this field,
+and whether the values are considered a guaranteed API.
+The value should be a CamelCase string.
+This field may not be empty.
 
 | `status`
 | `string`
@@ -188,14 +197,15 @@ Required::
 
 | `type`
 | `string`
-| type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+| type of condition in CamelCase or in foo.example.com/CamelCase.
 
 |===
 === .status.networkData
 Description::
 +
 --
-networkData is a reference to the version of the Secret containing the network data used to build the image.
+networkData is a reference to the version of the Secret containing the
+network data used to build the image.
 --
 
 Type::
diff --git a/rest_api/provisioning_apis/provisioning-metal3-io-v1alpha1.adoc b/rest_api/provisioning_apis/provisioning-metal3-io-v1alpha1.adoc
index 9e963d9f23..7ee534a98c 100644
--- a/rest_api/provisioning_apis/provisioning-metal3-io-v1alpha1.adoc
+++ b/rest_api/provisioning_apis/provisioning-metal3-io-v1alpha1.adoc
@@ -70,6 +70,11 @@ Type::
 |===
 | Property | Type | Description
 
+| `additionalNTPServers`
+| `array (string)`
+| AdditionalNTPServers is a list of NTP Servers to be used by the
+provisioning service
+
 | `bootIsoSource`
 | `string`
 | BootIsoSource provides a way to set the location where the iso image
diff --git a/rest_api/role_apis/role-apis-index.adoc b/rest_api/role_apis/role-apis-index.adoc
index 0368c28d87..3a26b5660c 100644
--- a/rest_api/role_apis/role-apis-index.adoc
+++ b/rest_api/role_apis/role-apis-index.adoc
@@ -38,8 +38,13 @@ Type::
 Description::
 +
 --
-RoleBindingRestriction is an object that can be matched against a subject (user, group, or service account) to determine whether rolebindings on that subject are allowed in the namespace to which the RoleBindingRestriction belongs.  If any one of those RoleBindingRestriction objects matches a subject, rolebindings on that subject in the namespace are allowed. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+RoleBindingRestriction is an object that can be matched against a subject
+(user, group, or service account) to determine whether rolebindings on that
+subject are allowed in the namespace to which the RoleBindingRestriction
+belongs.  If any one of those RoleBindingRestriction objects matches
+a subject, rolebindings on that subject in the namespace are allowed.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
diff --git a/rest_api/role_apis/rolebindingrestriction-authorization-openshift-io-v1.adoc b/rest_api/role_apis/rolebindingrestriction-authorization-openshift-io-v1.adoc
index 944a3e31fb..088b59ecdb 100644
--- a/rest_api/role_apis/rolebindingrestriction-authorization-openshift-io-v1.adoc
+++ b/rest_api/role_apis/rolebindingrestriction-authorization-openshift-io-v1.adoc
@@ -11,8 +11,13 @@ toc::[]
 Description::
 +
 --
-RoleBindingRestriction is an object that can be matched against a subject (user, group, or service account) to determine whether rolebindings on that subject are allowed in the namespace to which the RoleBindingRestriction belongs.  If any one of those RoleBindingRestriction objects matches a subject, rolebindings on that subject in the namespace are allowed. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+RoleBindingRestriction is an object that can be matched against a subject
+(user, group, or service account) to determine whether rolebindings on that
+subject are allowed in the namespace to which the RoleBindingRestriction
+belongs.  If any one of those RoleBindingRestriction objects matches
+a subject, rolebindings on that subject in the namespace are allowed.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
diff --git a/rest_api/schedule_and_quota_apis/clusterresourcequota-quota-openshift-io-v1.adoc b/rest_api/schedule_and_quota_apis/clusterresourcequota-quota-openshift-io-v1.adoc
index 7fc4e99cad..d45513ef0e 100644
--- a/rest_api/schedule_and_quota_apis/clusterresourcequota-quota-openshift-io-v1.adoc
+++ b/rest_api/schedule_and_quota_apis/clusterresourcequota-quota-openshift-io-v1.adoc
@@ -11,8 +11,10 @@ toc::[]
 Description::
 +
 --
-ClusterResourceQuota mirrors ResourceQuota at a cluster scope.  This object is easily convertible to synthetic ResourceQuota object to allow quota evaluation re-use. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ClusterResourceQuota mirrors ResourceQuota at a cluster scope.  This object is easily convertible to
+synthetic ResourceQuota object to allow quota evaluation re-use.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -76,7 +78,10 @@ Required::
 
 | `selector`
 | `object`
-| Selector is the selector used to match projects. It should only select active projects on the scale of dozens (though it can select many more less active projects).  These projects will contend on object creation through this resource.
+| Selector is the selector used to match projects.
+It should only select active projects on the scale of dozens (though it can select
+many more less active projects).  These projects will contend on object creation through
+this resource.
 
 |===
 === .spec.quota
@@ -98,22 +103,28 @@ Type::
 
 | `hard`
 | `integer-or-string`
-| hard is the set of desired hard limits for each named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/
+| hard is the set of desired hard limits for each named resource.
+More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/
 
 | `scopeSelector`
 | `object`
-| scopeSelector is also a collection of filters like scopes that must match each object tracked by a quota but expressed using ScopeSelectorOperator in combination with possible values. For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched.
+| scopeSelector is also a collection of filters like scopes that must match each object tracked by a quota
+but expressed using ScopeSelectorOperator in combination with possible values.
+For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched.
 
 | `scopes`
 | `array (string)`
-| A collection of filters that must match each object tracked by a quota. If not specified, the quota matches all objects.
+| A collection of filters that must match each object tracked by a quota.
+If not specified, the quota matches all objects.
 
 |===
 === .spec.quota.scopeSelector
 Description::
 +
 --
-scopeSelector is also a collection of filters like scopes that must match each object tracked by a quota but expressed using ScopeSelectorOperator in combination with possible values. For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched.
+scopeSelector is also a collection of filters like scopes that must match each object tracked by a quota
+but expressed using ScopeSelectorOperator in combination with possible values.
+For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched.
 --
 
 Type::
@@ -132,7 +143,8 @@ Type::
 
 | `matchExpressions[]`
 | `object`
-| A scoped-resource selector requirement is a selector that contains values, a scope name, and an operator that relates the scope name and values.
+| A scoped-resource selector requirement is a selector that contains values, a scope name, and an operator
+that relates the scope name and values.
 
 |===
 === .spec.quota.scopeSelector.matchExpressions
@@ -152,7 +164,8 @@ Type::
 Description::
 +
 --
-A scoped-resource selector requirement is a selector that contains values, a scope name, and an operator that relates the scope name and values.
+A scoped-resource selector requirement is a selector that contains values, a scope name, and an operator
+that relates the scope name and values.
 --
 
 Type::
@@ -170,7 +183,8 @@ Required::
 
 | `operator`
 | `string`
-| Represents a scope's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist.
+| Represents a scope's relationship to a set of values.
+Valid operators are In, NotIn, Exists, DoesNotExist.
 
 | `scopeName`
 | `string`
@@ -178,14 +192,20 @@ Required::
 
 | `values`
 | `array (string)`
-| An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+| An array of string values. If the operator is In or NotIn,
+the values array must be non-empty. If the operator is Exists or DoesNotExist,
+the values array must be empty.
+This array is replaced during a strategic merge patch.
 
 |===
 === .spec.selector
 Description::
 +
 --
-Selector is the selector used to match projects. It should only select active projects on the scale of dozens (though it can select many more less active projects).  These projects will contend on object creation through this resource.
+Selector is the selector used to match projects.
+It should only select active projects on the scale of dozens (though it can select
+many more less active projects).  These projects will contend on object creation through
+this resource.
 --
 
 Type::
@@ -228,7 +248,9 @@ Required::
 
 | `namespaces`
 | ``
-| Namespaces slices the usage by project.  This division allows for quick resolution of deletion reconciliation inside of a single project without requiring a recalculation across all projects.  This can be used to pull the deltas for a given project.
+| Namespaces slices the usage by project.  This division allows for quick resolution of
+deletion reconciliation inside of a single project without requiring a recalculation
+across all projects.  This can be used to pull the deltas for a given project.
 
 | `total`
 | `object`
@@ -254,7 +276,8 @@ Type::
 
 | `hard`
 | `integer-or-string`
-| Hard is the set of enforced hard limits for each named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/
+| Hard is the set of enforced hard limits for each named resource.
+More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/
 
 | `used`
 | `integer-or-string`
diff --git a/rest_api/schedule_and_quota_apis/schedule-and-quota-apis-index.adoc b/rest_api/schedule_and_quota_apis/schedule-and-quota-apis-index.adoc
index 5d0f3fef34..c321217daf 100644
--- a/rest_api/schedule_and_quota_apis/schedule-and-quota-apis-index.adoc
+++ b/rest_api/schedule_and_quota_apis/schedule-and-quota-apis-index.adoc
@@ -25,8 +25,10 @@ Type::
 Description::
 +
 --
-ClusterResourceQuota mirrors ResourceQuota at a cluster scope.  This object is easily convertible to synthetic ResourceQuota object to allow quota evaluation re-use. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ClusterResourceQuota mirrors ResourceQuota at a cluster scope.  This object is easily convertible to
+synthetic ResourceQuota object to allow quota evaluation re-use.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
diff --git a/rest_api/security_apis/credentialsrequest-cloudcredential-openshift-io-v1.adoc b/rest_api/security_apis/credentialsrequest-cloudcredential-openshift-io-v1.adoc
index 92ee125ddb..d836b85e08 100644
--- a/rest_api/security_apis/credentialsrequest-cloudcredential-openshift-io-v1.adoc
+++ b/rest_api/security_apis/credentialsrequest-cloudcredential-openshift-io-v1.adoc
@@ -69,8 +69,15 @@ Required::
 
 | `cloudTokenPath`
 | `string`
-| cloudTokenPath is the path where the Kubernetes ServiceAccount token (JSON Web Token) is mounted on the deployment for the workload requesting a credentials secret. The presence of this field in combination with fields such as spec.providerSpec.stsIAMRoleARN indicate that CCO should broker creation of a credentials secret containing fields necessary for token based authentication methods such as with the AWS Secure Token Service (STS). 
- cloudTokenPath may also be used to specify the azure_federated_token_file path used in Azure configuration secrets generated by ccoctl. Defaults to "/var/run/secrets/openshift/serviceaccount/token".
+| cloudTokenPath is the path where the Kubernetes ServiceAccount token (JSON Web Token) is mounted
+on the deployment for the workload requesting a credentials secret.
+The presence of this field in combination with fields such as spec.providerSpec.stsIAMRoleARN
+indicate that CCO should broker creation of a credentials secret containing fields necessary for
+token based authentication methods such as with the AWS Secure Token Service (STS).
+
+cloudTokenPath may also be used to specify the azure_federated_token_file path used
+in Azure configuration secrets generated by ccoctl.
+Defaults to "/var/run/secrets/openshift/serviceaccount/token".
 
 | `providerSpec`
 | ``
@@ -82,7 +89,10 @@ Required::
 
 | `serviceAccountNames`
 | `array (string)`
-| ServiceAccountNames contains a list of ServiceAccounts that will use permissions associated with this CredentialsRequest. This is not used by CCO, but the information is needed for being able to properly set up access control in the cloud provider when the ServiceAccounts are used as part of the cloud credentials flow.
+| ServiceAccountNames contains a list of ServiceAccounts that will use permissions associated with this
+CredentialsRequest. This is not used by CCO, but the information is needed for being able to properly
+set up access control in the cloud provider when the ServiceAccounts are used as part of the cloud
+credentials flow.
 
 |===
 === .spec.secretRef
@@ -108,27 +118,38 @@ Type::
 
 | `fieldPath`
 | `string`
-| If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.
+| If referring to a piece of an object instead of an entire object, this string
+should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+For example, if the object reference is to a container within a pod, this would take on a value like:
+"spec.containers{name}" (where "name" refers to the name of the container that triggered
+the event) or if no container name is specified "spec.containers[2]" (container with
+index 2 in this pod). This syntax is chosen only to have some well-defined way of
+referencing a part of an object.
 
 | `kind`
 | `string`
-| Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+| Kind of the referent.
+More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
 
 | `name`
 | `string`
-| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+| Name of the referent.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 
 | `namespace`
 | `string`
-| Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+| Namespace of the referent.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
 
 | `resourceVersion`
 | `string`
-| Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+| Specific resourceVersion to which this reference is made, if any.
+More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
 
 | `uid`
 | `string`
-| UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+| UID of the referent.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
 
 |===
 === .status
@@ -161,11 +182,22 @@ Required::
 
 | `lastSyncCloudCredsSecretResourceVersion`
 | `string`
-| LastSyncCloudCredsSecretResourceVersion is the resource version of the cloud credentials secret resource when the credentials request resource was last synced. Used to determine if the cloud credentials have been updated since the last sync.
+| LastSyncCloudCredsSecretResourceVersion is the resource version of the
+cloud credentials secret resource when the credentials request resource
+was last synced. Used to determine if the cloud credentials have
+been updated since the last sync.
 
 | `lastSyncGeneration`
 | `integer`
-| LastSyncGeneration is the generation of the credentials request resource that was last synced. Used to determine if the object has changed and requires a sync.
+| LastSyncGeneration is the generation of the credentials request resource
+that was last synced. Used to determine if the object has changed and
+requires a sync.
+
+| `lastSyncInfrastructureResourceVersion`
+| `string`
+| LastSyncInfrastructureResourceVersion is the resource version of the
+Infrastructure resource. It is used to determine if the user provided tags have
+been updated since the last sync.
 
 | `lastSyncTimestamp`
 | `string`
diff --git a/rest_api/security_apis/rangeallocation-security-openshift-io-v1.adoc b/rest_api/security_apis/rangeallocation-security-openshift-io-v1.adoc
index c7f5e0f33f..60307bc996 100644
--- a/rest_api/security_apis/rangeallocation-security-openshift-io-v1.adoc
+++ b/rest_api/security_apis/rangeallocation-security-openshift-io-v1.adoc
@@ -97,7 +97,7 @@ Description::
 |===
 | HTTP code | Reponse body
 | 200 - OK
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status_v9[`Status_v9`] schema
+| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status_v8[`Status_v8`] schema
 | 401 - Unauthorized
 | Empty
 |===
@@ -220,9 +220,9 @@ Description::
 |===
 | HTTP code | Reponse body
 | 200 - OK
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status_v9[`Status_v9`] schema
+| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status_v8[`Status_v8`] schema
 | 202 - Accepted
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status_v9[`Status_v9`] schema
+| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status_v8[`Status_v8`] schema
 | 401 - Unauthorized
 | Empty
 |===
diff --git a/rest_api/security_apis/security-apis-index.adoc b/rest_api/security_apis/security-apis-index.adoc
index 33137456f7..81a528455a 100644
--- a/rest_api/security_apis/security-apis-index.adoc
+++ b/rest_api/security_apis/security-apis-index.adoc
@@ -103,8 +103,14 @@ Type::
 Description::
 +
 --
-SecurityContextConstraints governs the ability to make requests that affect the SecurityContext that will be applied to a container. For historical reasons SCC was exposed under the core Kubernetes API group. That exposure is deprecated and will be removed in a future release - users should instead use the security.openshift.io group to manage SecurityContextConstraints. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+SecurityContextConstraints governs the ability to make requests that affect the SecurityContext
+that will be applied to a container.
+For historical reasons SCC was exposed under the core Kubernetes API group.
+That exposure is deprecated and will be removed in a future release - users
+should instead use the security.openshift.io group to manage
+SecurityContextConstraints.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
diff --git a/rest_api/security_apis/securitycontextconstraints-security-openshift-io-v1.adoc b/rest_api/security_apis/securitycontextconstraints-security-openshift-io-v1.adoc
index 8d736a4fbb..1456b1c5f9 100644
--- a/rest_api/security_apis/securitycontextconstraints-security-openshift-io-v1.adoc
+++ b/rest_api/security_apis/securitycontextconstraints-security-openshift-io-v1.adoc
@@ -11,8 +11,14 @@ toc::[]
 Description::
 +
 --
-SecurityContextConstraints governs the ability to make requests that affect the SecurityContext that will be applied to a container. For historical reasons SCC was exposed under the core Kubernetes API group. That exposure is deprecated and will be removed in a future release - users should instead use the security.openshift.io group to manage SecurityContextConstraints. 
- Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+SecurityContextConstraints governs the ability to make requests that affect the SecurityContext
+that will be applied to a container.
+For historical reasons SCC was exposed under the core Kubernetes API group.
+That exposure is deprecated and will be removed in a future release - users
+should instead use the security.openshift.io group to manage
+SecurityContextConstraints.
+
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -56,7 +62,8 @@ Required::
 
 | `allowPrivilegeEscalation`
 | ``
-| AllowPrivilegeEscalation determines if a pod can request to allow privilege escalation. If unspecified, defaults to true.
+| AllowPrivilegeEscalation determines if a pod can request to allow
+privilege escalation. If unspecified, defaults to true.
 
 | `allowPrivilegedContainer`
 | `boolean`
@@ -64,16 +71,27 @@ Required::
 
 | `allowedCapabilities`
 | ``
-| AllowedCapabilities is a list of capabilities that can be requested to add to the container. Capabilities in this field maybe added at the pod author's discretion. You must not list a capability in both AllowedCapabilities and RequiredDropCapabilities. To allow all capabilities you may use '*'.
+| AllowedCapabilities is a list of capabilities that can be requested to add to the container.
+Capabilities in this field maybe added at the pod author's discretion.
+You must not list a capability in both AllowedCapabilities and RequiredDropCapabilities.
+To allow all capabilities you may use '*'.
 
 | `allowedFlexVolumes`
 | ``
-| AllowedFlexVolumes is a whitelist of allowed Flexvolumes.  Empty or nil indicates that all Flexvolumes may be used.  This parameter is effective only when the usage of the Flexvolumes is allowed in the "Volumes" field.
+| AllowedFlexVolumes is a whitelist of allowed Flexvolumes.  Empty or nil indicates that all
+Flexvolumes may be used.  This parameter is effective only when the usage of the Flexvolumes
+is allowed in the "Volumes" field.
 
 | `allowedUnsafeSysctls`
 | ``
-| AllowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none. Each entry is either a plain sysctl name or ends in "*" in which case it is considered as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed. Kubelet has to whitelist all allowed unsafe sysctls explicitly to avoid rejection. 
- Examples: e.g. "foo/*" allows "foo/bar", "foo/baz", etc. e.g. "foo.*" allows "foo.bar", "foo.baz", etc.
+| AllowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none.
+Each entry is either a plain sysctl name or ends in "*" in which case it is considered
+as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed.
+Kubelet has to whitelist all allowed unsafe sysctls explicitly to avoid rejection.
+
+Examples:
+e.g. "foo/*" allows "foo/bar", "foo/baz", etc.
+e.g. "foo.*" allows "foo.bar", "foo.baz", etc.
 
 | `apiVersion`
 | `string`
@@ -81,16 +99,24 @@ Required::
 
 | `defaultAddCapabilities`
 | ``
-| DefaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability.  You may not list a capabiility in both DefaultAddCapabilities and RequiredDropCapabilities.
+| DefaultAddCapabilities is the default set of capabilities that will be added to the container
+unless the pod spec specifically drops the capability.  You may not list a capabiility in both
+DefaultAddCapabilities and RequiredDropCapabilities.
 
 | `defaultAllowPrivilegeEscalation`
 | ``
-| DefaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than its parent process.
+| DefaultAllowPrivilegeEscalation controls the default setting for whether a
+process can gain more privileges than its parent process.
 
 | `forbiddenSysctls`
 | ``
-| ForbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none. Each entry is either a plain sysctl name or ends in "*" in which case it is considered as a prefix of forbidden sysctls. Single * means all sysctls are forbidden. 
- Examples: e.g. "foo/*" forbids "foo/bar", "foo/baz", etc. e.g. "foo.*" forbids "foo.bar", "foo.baz", etc.
+| ForbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none.
+Each entry is either a plain sysctl name or ends in "*" in which case it is considered
+as a prefix of forbidden sysctls. Single * means all sysctls are forbidden.
+
+Examples:
+e.g. "foo/*" forbids "foo/bar", "foo/baz", etc.
+e.g. "foo.*" forbids "foo.bar", "foo.baz", etc.
 
 | `fsGroup`
 | ``
@@ -110,15 +136,25 @@ Required::
 
 | `priority`
 | ``
-| Priority influences the sort order of SCCs when evaluating which SCCs to try first for a given pod request based on access in the Users and Groups fields.  The higher the int, the higher priority. An unset value is considered a 0 priority. If scores for multiple SCCs are equal they will be sorted from most restrictive to least restrictive. If both priorities and restrictions are equal the SCCs will be sorted by name.
+| Priority influences the sort order of SCCs when evaluating which SCCs to try first for
+a given pod request based on access in the Users and Groups fields.  The higher the int, the
+higher priority. An unset value is considered a 0 priority. If scores
+for multiple SCCs are equal they will be sorted from most restrictive to
+least restrictive. If both priorities and restrictions are equal the
+SCCs will be sorted by name.
 
 | `readOnlyRootFilesystem`
 | `boolean`
-| ReadOnlyRootFilesystem when set to true will force containers to run with a read only root file system.  If the container specifically requests to run with a non-read only root file system the SCC should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to.
+| ReadOnlyRootFilesystem when set to true will force containers to run with a read only root file
+system.  If the container specifically requests to run with a non-read only root file system
+the SCC should deny the pod.
+If set to false the container may run with a read only root file system if it wishes but it
+will not be forced to.
 
 | `requiredDropCapabilities`
 | ``
-| RequiredDropCapabilities are the capabilities that will be dropped from the container.  These are required to be dropped and cannot be added.
+| RequiredDropCapabilities are the capabilities that will be dropped from the container.  These
+are required to be dropped and cannot be added.
 
 | `runAsUser`
 | ``
@@ -130,7 +166,11 @@ Required::
 
 | `seccompProfiles`
 | ``
-| SeccompProfiles lists the allowed profiles that may be set for the pod or container's seccomp annotations.  An unset (nil) or empty value means that no profiles may be specifid by the pod or container.	The wildcard '*' may be used to allow all profiles.  When used to generate a value for a pod the first non-wildcard profile will be used as the default.
+| SeccompProfiles lists the allowed profiles that may be set for the pod or
+container's seccomp annotations.  An unset (nil) or empty value means that no profiles may
+be specifid by the pod or container.	The wildcard '*' may be used to allow all profiles.  When
+used to generate a value for a pod the first non-wildcard profile will be used as
+the default.
 
 | `supplementalGroups`
 | ``
@@ -142,7 +182,9 @@ Required::
 
 | `volumes`
 | ``
-| Volumes is a white list of allowed volume plugins.  FSType corresponds directly with the field names of a VolumeSource (azureFile, configMap, emptyDir).  To allow all volumes you may use "*". To allow no volumes, set to ["none"].
+| Volumes is a white list of allowed volume plugins.  FSType corresponds directly with the field names
+of a VolumeSource (azureFile, configMap, emptyDir).  To allow all volumes you may use "*".
+To allow no volumes, set to ["none"].
 
 |===
 
diff --git a/rest_api/storage_apis/persistentvolume-v1.adoc b/rest_api/storage_apis/persistentvolume-v1.adoc
index 73874d2e89..041e221bcd 100644
--- a/rest_api/storage_apis/persistentvolume-v1.adoc
+++ b/rest_api/storage_apis/persistentvolume-v1.adoc
@@ -186,7 +186,7 @@ Possible enum values:
 
 | `volumeAttributesClassName`
 | `string`
-| Name of VolumeAttributesClass to which this persistent volume belongs. Empty value is not allowed. When this field is not set, it indicates that this volume does not belong to any VolumeAttributesClass. This field is mutable and can be changed by the CSI driver after a volume has been updated successfully to a new class. For an unbound PersistentVolume, the volumeAttributesClassName will be matched with unbound PersistentVolumeClaims during the binding process. This is an alpha field and requires enabling VolumeAttributesClass feature.
+| Name of VolumeAttributesClass to which this persistent volume belongs. Empty value is not allowed. When this field is not set, it indicates that this volume does not belong to any VolumeAttributesClass. This field is mutable and can be changed by the CSI driver after a volume has been updated successfully to a new class. For an unbound PersistentVolume, the volumeAttributesClassName will be matched with unbound PersistentVolumeClaims during the binding process. This is a beta field and requires enabling VolumeAttributesClass feature (off by default).
 
 | `volumeMode`
 | `string`
@@ -1712,7 +1712,7 @@ Type::
 
 | `lastPhaseTransitionTime`
 | xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Time[`Time`]
-| lastPhaseTransitionTime is the time the phase transitioned from one to another and automatically resets to current time everytime a volume phase transitions. This is a beta field and requires the PersistentVolumeLastPhaseTransitionTime feature to be enabled (enabled by default).
+| lastPhaseTransitionTime is the time the phase transitioned from one to another and automatically resets to current time everytime a volume phase transitions.
 
 | `message`
 | `string`
diff --git a/rest_api/storage_apis/persistentvolumeclaim-v1.adoc b/rest_api/storage_apis/persistentvolumeclaim-v1.adoc
index 8b40f3bded..4b65d0882a 100644
--- a/rest_api/storage_apis/persistentvolumeclaim-v1.adoc
+++ b/rest_api/storage_apis/persistentvolumeclaim-v1.adoc
@@ -96,7 +96,7 @@ Type::
 
 | `volumeAttributesClassName`
 | `string`
-| volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
+| volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
 
 | `volumeMode`
 | `string`
@@ -296,7 +296,7 @@ This is an alpha field and requires enabling RecoverVolumeExpansionFailure featu
 
 | `currentVolumeAttributesClassName`
 | `string`
-| currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim This is an alpha field and requires enabling VolumeAttributesClass feature.
+| currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim This is a beta field and requires enabling VolumeAttributesClass feature (off by default).
 
 | `modifyVolumeStatus`
 | `object`
diff --git a/rest_api/template_apis/brokertemplateinstance-template-openshift-io-v1.adoc b/rest_api/template_apis/brokertemplateinstance-template-openshift-io-v1.adoc
index e6002dde86..383152b340 100644
--- a/rest_api/template_apis/brokertemplateinstance-template-openshift-io-v1.adoc
+++ b/rest_api/template_apis/brokertemplateinstance-template-openshift-io-v1.adoc
@@ -125,7 +125,7 @@ Description::
 |===
 | HTTP code | Reponse body
 | 200 - OK
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status_v10[`Status_v10`] schema
+| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status_v9[`Status_v9`] schema
 | 401 - Unauthorized
 | Empty
 |===
@@ -248,9 +248,9 @@ Description::
 |===
 | HTTP code | Reponse body
 | 200 - OK
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status_v10[`Status_v10`] schema
+| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status_v9[`Status_v9`] schema
 | 202 - Accepted
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status_v10[`Status_v10`] schema
+| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status_v9[`Status_v9`] schema
 | 401 - Unauthorized
 | Empty
 |===
diff --git a/rest_api/template_apis/podtemplate-v1.adoc b/rest_api/template_apis/podtemplate-v1.adoc
index 41cd45340e..e62b618d1b 100644
--- a/rest_api/template_apis/podtemplate-v1.adoc
+++ b/rest_api/template_apis/podtemplate-v1.adoc
@@ -181,7 +181,7 @@ To add an ephemeral container, use the ephemeralcontainers subresource of an exi
 
 | `nodeName`
 | `string`
-| NodeName is a request to schedule this pod onto a specific node. If it is non-empty, the scheduler simply schedules this pod onto that node, assuming that it fits resource requirements.
+| NodeName indicates in which node this pod is scheduled. If empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName. Once this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod. This field should not be used to express a desire for the pod to be scheduled on a specific node. https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename
 
 | `nodeSelector`
 | `object (string)`
@@ -229,7 +229,9 @@ This field is immutable.
 
 | `resourceClaims[]`
 | `object`
-| PodResourceClaim references exactly one ResourceClaim through a ClaimSource. It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. Containers that need access to the ResourceClaim reference it with this name.
+| PodResourceClaim references exactly one ResourceClaim, either directly or by naming a ResourceClaimTemplate which is then turned into a ResourceClaim for the pod.
+
+It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. Containers that need access to the ResourceClaim reference it with this name.
 
 | `restartPolicy`
 | `string`
@@ -839,11 +841,11 @@ Required::
 
 | `matchLabelKeys`
 | `array (string)`
-| MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+| MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `mismatchLabelKeys`
 | `array (string)`
-| MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+| MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `namespaceSelector`
 | xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-LabelSelector[`LabelSelector`]
@@ -896,11 +898,11 @@ Required::
 
 | `matchLabelKeys`
 | `array (string)`
-| MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+| MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `mismatchLabelKeys`
 | `array (string)`
-| MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+| MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `namespaceSelector`
 | xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-LabelSelector[`LabelSelector`]
@@ -1016,11 +1018,11 @@ Required::
 
 | `matchLabelKeys`
 | `array (string)`
-| MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+| MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `mismatchLabelKeys`
 | `array (string)`
-| MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+| MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `namespaceSelector`
 | xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-LabelSelector[`LabelSelector`]
@@ -1073,11 +1075,11 @@ Required::
 
 | `matchLabelKeys`
 | `array (string)`
-| MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+| MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `mismatchLabelKeys`
 | `array (string)`
-| MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+| MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `namespaceSelector`
 | xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-LabelSelector[`LabelSelector`]
@@ -2616,6 +2618,10 @@ Required::
 | `string`
 | Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
 
+| `request`
+| `string`
+| Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.
+
 |===
 === .template.spec.containers[].securityContext
 Description::
@@ -2652,7 +2658,7 @@ Type::
 
 | `procMount`
 | `string`
-| procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
+| procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
 
 Possible enum values:
  - `"Default"` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information.
@@ -4802,6 +4808,10 @@ Required::
 | `string`
 | Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
 
+| `request`
+| `string`
+| Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.
+
 |===
 === .template.spec.ephemeralContainers[].securityContext
 Description::
@@ -4838,7 +4848,7 @@ Type::
 
 | `procMount`
 | `string`
-| procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
+| procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
 
 Possible enum values:
  - `"Default"` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information.
@@ -6983,6 +6993,10 @@ Required::
 | `string`
 | Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
 
+| `request`
+| `string`
+| Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.
+
 |===
 === .template.spec.initContainers[].securityContext
 Description::
@@ -7019,7 +7033,7 @@ Type::
 
 | `procMount`
 | `string`
-| procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
+| procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
 
 Possible enum values:
  - `"Default"` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information.
@@ -7646,7 +7660,9 @@ Type::
 Description::
 +
 --
-PodResourceClaim references exactly one ResourceClaim through a ClaimSource. It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. Containers that need access to the ResourceClaim reference it with this name.
+PodResourceClaim references exactly one ResourceClaim, either directly or by naming a ResourceClaimTemplate which is then turned into a ResourceClaim for the pod.
+
+It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. Containers that need access to the ResourceClaim reference it with this name.
 --
 
 Type::
@@ -7665,36 +7681,12 @@ Required::
 | `string`
 | Name uniquely identifies this resource claim inside the pod. This must be a DNS_LABEL.
 
-| `source`
-| `object`
-| ClaimSource describes a reference to a ResourceClaim.
-
-Exactly one of these fields should be set.  Consumers of this type must treat an empty object as if it has an unknown value.
-
-|===
-=== .template.spec.resourceClaims[].source
-Description::
-+
---
-ClaimSource describes a reference to a ResourceClaim.
-
-Exactly one of these fields should be set.  Consumers of this type must treat an empty object as if it has an unknown value.
---
-
-Type::
-  `object`
-
-
-
-
-[cols="1,1,1",options="header"]
-|===
-| Property | Type | Description
-
 | `resourceClaimName`
 | `string`
 | ResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod.
 
+Exactly one of ResourceClaimName and ResourceClaimTemplateName must be set.
+
 | `resourceClaimTemplateName`
 | `string`
 | ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod.
@@ -7703,6 +7695,8 @@ The template will be used to create a new ResourceClaim, which will be bound to
 
 This field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim.
 
+Exactly one of ResourceClaimName and ResourceClaimTemplateName must be set.
+
 |===
 === .template.spec.schedulingGates
 Description::
@@ -7802,7 +7796,15 @@ Possible enum values:
 
 | `supplementalGroups`
 | `array (integer)`
-| A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows.
+| A list of groups applied to the first process run in each container, in addition to the container's primary GID and fsGroup (if specified).  If the SupplementalGroupsPolicy feature is enabled, the supplementalGroupsPolicy field determines whether these are in addition to or instead of any group memberships defined in the container image. If unspecified, no additional groups are added, though group memberships defined in the container image may still be used, depending on the supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows.
+
+| `supplementalGroupsPolicy`
+| `string`
+| Defines how supplemental groups of the first container processes are calculated. Valid values are "Merge" and "Strict". If not specified, "Merge" is used. (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows.
+
+Possible enum values:
+ - `"Merge"` means that the container's provided SupplementalGroups and FsGroup (specified in SecurityContext) will be merged with the primary user's groups as defined in the container image (in /etc/group).
+ - `"Strict"` means that the container's provided SupplementalGroups and FsGroup (specified in SecurityContext) will be used instead of any groups defined in the container image.
 
 | `sysctls`
 | `array`
@@ -8256,6 +8258,10 @@ DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mou
 | `object`
 | Represents a host path mapped into a pod. Host path volumes do not support ownership management or SELinux relabeling.
 
+| `image`
+| `object`
+| ImageVolumeSource represents a image volume resource.
+
 | `iscsi`
 | `object`
 | Represents an ISCSI disk. ISCSI volumes can only be mounted as read/write once. ISCSI volumes support ownership management and SELinux relabeling.
@@ -8974,7 +8980,7 @@ Type::
 
 | `volumeAttributesClassName`
 | `string`
-| volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
+| volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
 
 | `volumeMode`
 | `string`
@@ -9360,6 +9366,37 @@ Possible enum values:
  - `"FileOrCreate"` If nothing exists at the given path, an empty file will be created there as needed with file mode 0644, having the same group and ownership with Kubelet.
  - `"Socket"` A UNIX socket must exist at the given path
 
+|===
+=== .template.spec.volumes[].image
+Description::
++
+--
+ImageVolumeSource represents a image volume resource.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `pullPolicy`
+| `string`
+| Policy for pulling OCI objects. Possible values are: Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+
+Possible enum values:
+ - `"Always"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails.
+ - `"IfNotPresent"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails.
+ - `"Never"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present
+
+| `reference`
+| `string`
+| Required: Image or artifact reference to be used. Behaves in the same way as pod.spec.containers[*].image. Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.
+
 |===
 === .template.spec.volumes[].iscsi
 Description::
@@ -9593,18 +9630,18 @@ Type::
 
 | `sources`
 | `array`
-| sources is the list of volume projections
+| sources is the list of volume projections. Each entry in this list handles one source.
 
 | `sources[]`
 | `object`
-| Projection that may be projected along with other supported volume types
+| Projection that may be projected along with other supported volume types. Exactly one of these fields must be set.
 
 |===
 === .template.spec.volumes[].projected.sources
 Description::
 +
 --
-sources is the list of volume projections
+sources is the list of volume projections. Each entry in this list handles one source.
 --
 
 Type::
@@ -9617,7 +9654,7 @@ Type::
 Description::
 +
 --
-Projection that may be projected along with other supported volume types
+Projection that may be projected along with other supported volume types. Exactly one of these fields must be set.
 --
 
 Type::
diff --git a/rest_api/template_apis/template-template-openshift-io-v1.adoc b/rest_api/template_apis/template-template-openshift-io-v1.adoc
index 33535e7257..6638950e87 100644
--- a/rest_api/template_apis/template-template-openshift-io-v1.adoc
+++ b/rest_api/template_apis/template-template-openshift-io-v1.adoc
@@ -225,7 +225,7 @@ Description::
 |===
 | HTTP code | Reponse body
 | 200 - OK
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status_v10[`Status_v10`] schema
+| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status_v9[`Status_v9`] schema
 | 401 - Unauthorized
 | Empty
 |===
diff --git a/rest_api/template_apis/templateinstance-template-openshift-io-v1.adoc b/rest_api/template_apis/templateinstance-template-openshift-io-v1.adoc
index 4476baebce..19eb1918bf 100644
--- a/rest_api/template_apis/templateinstance-template-openshift-io-v1.adoc
+++ b/rest_api/template_apis/templateinstance-template-openshift-io-v1.adoc
@@ -480,7 +480,7 @@ Description::
 |===
 | HTTP code | Reponse body
 | 200 - OK
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status_v10[`Status_v10`] schema
+| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status_v9[`Status_v9`] schema
 | 401 - Unauthorized
 | Empty
 |===
@@ -603,9 +603,9 @@ Description::
 |===
 | HTTP code | Reponse body
 | 200 - OK
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status_v10[`Status_v10`] schema
+| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status_v9[`Status_v9`] schema
 | 202 - Accepted
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status_v10[`Status_v10`] schema
+| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status_v9[`Status_v9`] schema
 | 401 - Unauthorized
 | Empty
 |===
diff --git a/rest_api/user_and_group_apis/group-user-openshift-io-v1.adoc b/rest_api/user_and_group_apis/group-user-openshift-io-v1.adoc
index 231e6e0926..0c65c30bc0 100644
--- a/rest_api/user_and_group_apis/group-user-openshift-io-v1.adoc
+++ b/rest_api/user_and_group_apis/group-user-openshift-io-v1.adoc
@@ -38,7 +38,7 @@ Required::
 | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
 
 | `metadata`
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-ObjectMeta_v2[`ObjectMeta_v2`]
+| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-ObjectMeta[`ObjectMeta`]
 | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `users`
@@ -92,7 +92,7 @@ Description::
 |===
 | HTTP code | Reponse body
 | 200 - OK
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status_v11[`Status_v11`] schema
+| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status[`Status`] schema
 | 401 - Unauthorized
 | Empty
 |===
@@ -215,9 +215,9 @@ Description::
 |===
 | HTTP code | Reponse body
 | 200 - OK
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status_v11[`Status_v11`] schema
+| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status[`Status`] schema
 | 202 - Accepted
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status_v11[`Status_v11`] schema
+| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status[`Status`] schema
 | 401 - Unauthorized
 | Empty
 |===
diff --git a/rest_api/user_and_group_apis/identity-user-openshift-io-v1.adoc b/rest_api/user_and_group_apis/identity-user-openshift-io-v1.adoc
index dfae8811be..90df843b48 100644
--- a/rest_api/user_and_group_apis/identity-user-openshift-io-v1.adoc
+++ b/rest_api/user_and_group_apis/identity-user-openshift-io-v1.adoc
@@ -44,7 +44,7 @@ Required::
 | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
 
 | `metadata`
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-ObjectMeta_v2[`ObjectMeta_v2`]
+| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-ObjectMeta[`ObjectMeta`]
 | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `providerName`
@@ -106,7 +106,7 @@ Description::
 |===
 | HTTP code | Reponse body
 | 200 - OK
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status_v11[`Status_v11`] schema
+| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status[`Status`] schema
 | 401 - Unauthorized
 | Empty
 |===
@@ -229,9 +229,9 @@ Description::
 |===
 | HTTP code | Reponse body
 | 200 - OK
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status_v11[`Status_v11`] schema
+| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status[`Status`] schema
 | 202 - Accepted
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status_v11[`Status_v11`] schema
+| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status[`Status`] schema
 | 401 - Unauthorized
 | Empty
 |===
diff --git a/rest_api/user_and_group_apis/user-user-openshift-io-v1.adoc b/rest_api/user_and_group_apis/user-user-openshift-io-v1.adoc
index 66f3b2dd83..ba17da5364 100644
--- a/rest_api/user_and_group_apis/user-user-openshift-io-v1.adoc
+++ b/rest_api/user_and_group_apis/user-user-openshift-io-v1.adoc
@@ -50,7 +50,7 @@ Required::
 | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
 
 | `metadata`
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-ObjectMeta_v2[`ObjectMeta_v2`]
+| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-ObjectMeta[`ObjectMeta`]
 | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 |===
@@ -100,7 +100,7 @@ Description::
 |===
 | HTTP code | Reponse body
 | 200 - OK
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status_v11[`Status_v11`] schema
+| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status[`Status`] schema
 | 401 - Unauthorized
 | Empty
 |===
@@ -223,9 +223,9 @@ Description::
 |===
 | HTTP code | Reponse body
 | 200 - OK
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status_v11[`Status_v11`] schema
+| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status[`Status`] schema
 | 202 - Accepted
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status_v11[`Status_v11`] schema
+| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status[`Status`] schema
 | 401 - Unauthorized
 | Empty
 |===
diff --git a/rest_api/user_and_group_apis/useridentitymapping-user-openshift-io-v1.adoc b/rest_api/user_and_group_apis/useridentitymapping-user-openshift-io-v1.adoc
index f63ddb09e2..01bb0fa009 100644
--- a/rest_api/user_and_group_apis/useridentitymapping-user-openshift-io-v1.adoc
+++ b/rest_api/user_and_group_apis/useridentitymapping-user-openshift-io-v1.adoc
@@ -40,7 +40,7 @@ Type::
 | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
 
 | `metadata`
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-ObjectMeta_v2[`ObjectMeta_v2`]
+| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-ObjectMeta[`ObjectMeta`]
 | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `user`
@@ -143,9 +143,9 @@ Description::
 |===
 | HTTP code | Reponse body
 | 200 - OK
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status_v11[`Status_v11`] schema
+| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status[`Status`] schema
 | 202 - Accepted
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status_v11[`Status_v11`] schema
+| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status[`Status`] schema
 | 401 - Unauthorized
 | Empty
 |===
diff --git a/rest_api/workloads_apis/cronjob-batch-v1.adoc b/rest_api/workloads_apis/cronjob-batch-v1.adoc
index ae5f54235e..7c309161bc 100644
--- a/rest_api/workloads_apis/cronjob-batch-v1.adoc
+++ b/rest_api/workloads_apis/cronjob-batch-v1.adoc
@@ -183,7 +183,7 @@ Possible enum values:
 
 | `managedBy`
 | `string`
-| ManagedBy field indicates the controller that manages a Job. The k8s Job controller reconciles jobs which don't have this field at all or the field value is the reserved string `kubernetes.io/job-controller`, but skips reconciling Jobs with a custom value for this field. The value must be a valid domain-prefixed path (e.g. acme.io/foo) - all characters before the first "/" must be a valid subdomain as defined by RFC 1123. All characters trailing the first "/" must be valid HTTP Path characters as defined by RFC 3986. The value cannot exceed 64 characters.
+| ManagedBy field indicates the controller that manages a Job. The k8s Job controller reconciles jobs which don't have this field at all or the field value is the reserved string `kubernetes.io/job-controller`, but skips reconciling Jobs with a custom value for this field. The value must be a valid domain-prefixed path (e.g. acme.io/foo) - all characters before the first "/" must be a valid subdomain as defined by RFC 1123. All characters trailing the first "/" must be valid HTTP Path characters as defined by RFC 3986. The value cannot exceed 63 characters. This field is immutable.
 
 This field is alpha-level. The job controller accepts setting the field when the feature gate JobManagedBy is enabled (disabled by default).
 
diff --git a/rest_api/workloads_apis/job-batch-v1.adoc b/rest_api/workloads_apis/job-batch-v1.adoc
index 106402dd46..47c4f61d50 100644
--- a/rest_api/workloads_apis/job-batch-v1.adoc
+++ b/rest_api/workloads_apis/job-batch-v1.adoc
@@ -97,7 +97,7 @@ Possible enum values:
 
 | `managedBy`
 | `string`
-| ManagedBy field indicates the controller that manages a Job. The k8s Job controller reconciles jobs which don't have this field at all or the field value is the reserved string `kubernetes.io/job-controller`, but skips reconciling Jobs with a custom value for this field. The value must be a valid domain-prefixed path (e.g. acme.io/foo) - all characters before the first "/" must be a valid subdomain as defined by RFC 1123. All characters trailing the first "/" must be valid HTTP Path characters as defined by RFC 3986. The value cannot exceed 64 characters.
+| ManagedBy field indicates the controller that manages a Job. The k8s Job controller reconciles jobs which don't have this field at all or the field value is the reserved string `kubernetes.io/job-controller`, but skips reconciling Jobs with a custom value for this field. The value must be a valid domain-prefixed path (e.g. acme.io/foo) - all characters before the first "/" must be a valid subdomain as defined by RFC 1123. All characters trailing the first "/" must be valid HTTP Path characters as defined by RFC 3986. The value cannot exceed 63 characters. This field is immutable.
 
 This field is alpha-level. The job controller accepts setting the field when the feature gate JobManagedBy is enabled (disabled by default).
 
@@ -453,7 +453,7 @@ This field is beta-level. It can be used when the `JobBackoffLimitPerIndex` feat
 
 | `ready`
 | `integer`
-| The number of pods which have a Ready condition.
+| The number of active pods which have a Ready condition and are not terminating (without a deletionTimestamp).
 
 | `startTime`
 | xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Time[`Time`]
diff --git a/rest_api/workloads_apis/pod-v1.adoc b/rest_api/workloads_apis/pod-v1.adoc
index 696b5c5731..4496db1608 100644
--- a/rest_api/workloads_apis/pod-v1.adoc
+++ b/rest_api/workloads_apis/pod-v1.adoc
@@ -159,7 +159,7 @@ To add an ephemeral container, use the ephemeralcontainers subresource of an exi
 
 | `nodeName`
 | `string`
-| NodeName is a request to schedule this pod onto a specific node. If it is non-empty, the scheduler simply schedules this pod onto that node, assuming that it fits resource requirements.
+| NodeName indicates in which node this pod is scheduled. If empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName. Once this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod. This field should not be used to express a desire for the pod to be scheduled on a specific node. https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename
 
 | `nodeSelector`
 | `object (string)`
@@ -207,7 +207,9 @@ This field is immutable.
 
 | `resourceClaims[]`
 | `object`
-| PodResourceClaim references exactly one ResourceClaim through a ClaimSource. It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. Containers that need access to the ResourceClaim reference it with this name.
+| PodResourceClaim references exactly one ResourceClaim, either directly or by naming a ResourceClaimTemplate which is then turned into a ResourceClaim for the pod.
+
+It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. Containers that need access to the ResourceClaim reference it with this name.
 
 | `restartPolicy`
 | `string`
@@ -817,11 +819,11 @@ Required::
 
 | `matchLabelKeys`
 | `array (string)`
-| MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+| MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `mismatchLabelKeys`
 | `array (string)`
-| MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+| MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `namespaceSelector`
 | xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-LabelSelector[`LabelSelector`]
@@ -874,11 +876,11 @@ Required::
 
 | `matchLabelKeys`
 | `array (string)`
-| MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+| MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `mismatchLabelKeys`
 | `array (string)`
-| MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+| MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `namespaceSelector`
 | xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-LabelSelector[`LabelSelector`]
@@ -994,11 +996,11 @@ Required::
 
 | `matchLabelKeys`
 | `array (string)`
-| MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+| MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `mismatchLabelKeys`
 | `array (string)`
-| MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+| MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `namespaceSelector`
 | xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-LabelSelector[`LabelSelector`]
@@ -1051,11 +1053,11 @@ Required::
 
 | `matchLabelKeys`
 | `array (string)`
-| MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+| MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `mismatchLabelKeys`
 | `array (string)`
-| MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+| MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `namespaceSelector`
 | xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-LabelSelector[`LabelSelector`]
@@ -2594,6 +2596,10 @@ Required::
 | `string`
 | Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
 
+| `request`
+| `string`
+| Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.
+
 |===
 === .spec.containers[].securityContext
 Description::
@@ -2630,7 +2636,7 @@ Type::
 
 | `procMount`
 | `string`
-| procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
+| procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
 
 Possible enum values:
  - `"Default"` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information.
@@ -4780,6 +4786,10 @@ Required::
 | `string`
 | Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
 
+| `request`
+| `string`
+| Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.
+
 |===
 === .spec.ephemeralContainers[].securityContext
 Description::
@@ -4816,7 +4826,7 @@ Type::
 
 | `procMount`
 | `string`
-| procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
+| procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
 
 Possible enum values:
  - `"Default"` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information.
@@ -6961,6 +6971,10 @@ Required::
 | `string`
 | Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
 
+| `request`
+| `string`
+| Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.
+
 |===
 === .spec.initContainers[].securityContext
 Description::
@@ -6997,7 +7011,7 @@ Type::
 
 | `procMount`
 | `string`
-| procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
+| procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
 
 Possible enum values:
  - `"Default"` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information.
@@ -7624,7 +7638,9 @@ Type::
 Description::
 +
 --
-PodResourceClaim references exactly one ResourceClaim through a ClaimSource. It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. Containers that need access to the ResourceClaim reference it with this name.
+PodResourceClaim references exactly one ResourceClaim, either directly or by naming a ResourceClaimTemplate which is then turned into a ResourceClaim for the pod.
+
+It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. Containers that need access to the ResourceClaim reference it with this name.
 --
 
 Type::
@@ -7643,36 +7659,12 @@ Required::
 | `string`
 | Name uniquely identifies this resource claim inside the pod. This must be a DNS_LABEL.
 
-| `source`
-| `object`
-| ClaimSource describes a reference to a ResourceClaim.
-
-Exactly one of these fields should be set.  Consumers of this type must treat an empty object as if it has an unknown value.
-
-|===
-=== .spec.resourceClaims[].source
-Description::
-+
---
-ClaimSource describes a reference to a ResourceClaim.
-
-Exactly one of these fields should be set.  Consumers of this type must treat an empty object as if it has an unknown value.
---
-
-Type::
-  `object`
-
-
-
-
-[cols="1,1,1",options="header"]
-|===
-| Property | Type | Description
-
 | `resourceClaimName`
 | `string`
 | ResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod.
 
+Exactly one of ResourceClaimName and ResourceClaimTemplateName must be set.
+
 | `resourceClaimTemplateName`
 | `string`
 | ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod.
@@ -7681,6 +7673,8 @@ The template will be used to create a new ResourceClaim, which will be bound to
 
 This field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim.
 
+Exactly one of ResourceClaimName and ResourceClaimTemplateName must be set.
+
 |===
 === .spec.schedulingGates
 Description::
@@ -7780,7 +7774,15 @@ Possible enum values:
 
 | `supplementalGroups`
 | `array (integer)`
-| A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows.
+| A list of groups applied to the first process run in each container, in addition to the container's primary GID and fsGroup (if specified).  If the SupplementalGroupsPolicy feature is enabled, the supplementalGroupsPolicy field determines whether these are in addition to or instead of any group memberships defined in the container image. If unspecified, no additional groups are added, though group memberships defined in the container image may still be used, depending on the supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows.
+
+| `supplementalGroupsPolicy`
+| `string`
+| Defines how supplemental groups of the first container processes are calculated. Valid values are "Merge" and "Strict". If not specified, "Merge" is used. (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows.
+
+Possible enum values:
+ - `"Merge"` means that the container's provided SupplementalGroups and FsGroup (specified in SecurityContext) will be merged with the primary user's groups as defined in the container image (in /etc/group).
+ - `"Strict"` means that the container's provided SupplementalGroups and FsGroup (specified in SecurityContext) will be used instead of any groups defined in the container image.
 
 | `sysctls`
 | `array`
@@ -8234,6 +8236,10 @@ DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mou
 | `object`
 | Represents a host path mapped into a pod. Host path volumes do not support ownership management or SELinux relabeling.
 
+| `image`
+| `object`
+| ImageVolumeSource represents a image volume resource.
+
 | `iscsi`
 | `object`
 | Represents an ISCSI disk. ISCSI volumes can only be mounted as read/write once. ISCSI volumes support ownership management and SELinux relabeling.
@@ -8952,7 +8958,7 @@ Type::
 
 | `volumeAttributesClassName`
 | `string`
-| volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
+| volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
 
 | `volumeMode`
 | `string`
@@ -9338,6 +9344,37 @@ Possible enum values:
  - `"FileOrCreate"` If nothing exists at the given path, an empty file will be created there as needed with file mode 0644, having the same group and ownership with Kubelet.
  - `"Socket"` A UNIX socket must exist at the given path
 
+|===
+=== .spec.volumes[].image
+Description::
++
+--
+ImageVolumeSource represents a image volume resource.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `pullPolicy`
+| `string`
+| Policy for pulling OCI objects. Possible values are: Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+
+Possible enum values:
+ - `"Always"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails.
+ - `"IfNotPresent"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails.
+ - `"Never"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present
+
+| `reference`
+| `string`
+| Required: Image or artifact reference to be used. Behaves in the same way as pod.spec.containers[*].image. Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.
+
 |===
 === .spec.volumes[].iscsi
 Description::
@@ -9571,18 +9608,18 @@ Type::
 
 | `sources`
 | `array`
-| sources is the list of volume projections
+| sources is the list of volume projections. Each entry in this list handles one source.
 
 | `sources[]`
 | `object`
-| Projection that may be projected along with other supported volume types
+| Projection that may be projected along with other supported volume types. Exactly one of these fields must be set.
 
 |===
 === .spec.volumes[].projected.sources
 Description::
 +
 --
-sources is the list of volume projections
+sources is the list of volume projections. Each entry in this list handles one source.
 --
 
 Type::
@@ -9595,7 +9632,7 @@ Type::
 Description::
 +
 --
-Projection that may be projected along with other supported volume types
+Projection that may be projected along with other supported volume types. Exactly one of these fields must be set.
 --
 
 Type::
@@ -10614,6 +10651,14 @@ Required::
 | xref:../objects/index.adoc#io-k8s-apimachinery-pkg-api-resource-Quantity[`object (Quantity)`]
 | AllocatedResources represents the compute resources allocated for this container by the node. Kubelet sets this value to Container.Resources.Requests upon successful pod admission and after successfully admitting desired pod resize.
 
+| `allocatedResourcesStatus`
+| `array`
+| AllocatedResourcesStatus represents the status of various resources allocated for this Pod.
+
+| `allocatedResourcesStatus[]`
+| `object`
+| 
+
 | `containerID`
 | `string`
 | ContainerID is the ID of the container in the format '<type>://<container_id>'. Where type is a container runtime identifier, returned from Version call of CRI API (for example "containerd").
@@ -10656,6 +10701,10 @@ The value is typically used to determine whether a container is ready to accept
 | `object`
 | ContainerState holds a possible state of container. Only one of its members may be specified. If none of them is specified, the default one is ContainerStateWaiting.
 
+| `user`
+| `object`
+| ContainerUser represents user identity information
+
 | `volumeMounts`
 | `array`
 | Status of volume mounts.
@@ -10664,6 +10713,100 @@ The value is typically used to determine whether a container is ready to accept
 | `object`
 | VolumeMountStatus shows status of volume mounts.
 
+|===
+=== .status.containerStatuses[].allocatedResourcesStatus
+Description::
++
+--
+AllocatedResourcesStatus represents the status of various resources allocated for this Pod.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.containerStatuses[].allocatedResourcesStatus[]
+Description::
++
+--
+
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the resource. Must be unique within the pod and match one of the resources from the pod spec.
+
+| `resources`
+| `array`
+| List of unique Resources health. Each element in the list contains an unique resource ID and resource health. At a minimum, ResourceID must uniquely identify the Resource allocated to the Pod on the Node for the lifetime of a Pod. See ResourceID type for it's definition.
+
+| `resources[]`
+| `object`
+| ResourceHealth represents the health of a resource. It has the latest device health information. This is a part of KEP https://kep.k8s.io/4680 and historical health changes are planned to be added in future iterations of a KEP.
+
+|===
+=== .status.containerStatuses[].allocatedResourcesStatus[].resources
+Description::
++
+--
+List of unique Resources health. Each element in the list contains an unique resource ID and resource health. At a minimum, ResourceID must uniquely identify the Resource allocated to the Pod on the Node for the lifetime of a Pod. See ResourceID type for it's definition.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.containerStatuses[].allocatedResourcesStatus[].resources[]
+Description::
++
+--
+ResourceHealth represents the health of a resource. It has the latest device health information. This is a part of KEP https://kep.k8s.io/4680 and historical health changes are planned to be added in future iterations of a KEP.
+--
+
+Type::
+  `object`
+
+Required::
+  - `resourceID`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `health`
+| `string`
+| Health of the resource. can be one of:
+ - Healthy: operates as normal
+ - Unhealthy: reported unhealthy. We consider this a temporary health issue
+              since we do not have a mechanism today to distinguish
+              temporary and permanent issues.
+ - Unknown: The status cannot be determined.
+            For example, Device Plugin got unregistered and hasn't been re-registered since.
+
+In future we may want to introduce the PermanentlyUnhealthy Status.
+
+| `resourceID`
+| `string`
+| ResourceID is the unique identifier of the resource. See the ResourceID type for more information.
+
 |===
 === .status.containerStatuses[].lastState
 Description::
@@ -10869,6 +11012,10 @@ Required::
 | `string`
 | Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
 
+| `request`
+| `string`
+| Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.
+
 |===
 === .status.containerStatuses[].state
 Description::
@@ -10995,6 +11142,61 @@ Type::
 | `string`
 | (brief) reason the container is not yet running.
 
+|===
+=== .status.containerStatuses[].user
+Description::
++
+--
+ContainerUser represents user identity information
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `linux`
+| `object`
+| LinuxContainerUser represents user identity information in Linux containers
+
+|===
+=== .status.containerStatuses[].user.linux
+Description::
++
+--
+LinuxContainerUser represents user identity information in Linux containers
+--
+
+Type::
+  `object`
+
+Required::
+  - `uid`
+  - `gid`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `gid`
+| `integer`
+| GID is the primary gid initially attached to the first process in the container
+
+| `supplementalGroups`
+| `array (integer)`
+| SupplementalGroups are the supplemental groups initially attached to the first process in the container
+
+| `uid`
+| `integer`
+| UID is the primary uid initially attached to the first process in the container
+
 |===
 === .status.containerStatuses[].volumeMounts
 Description::
@@ -11086,6 +11288,14 @@ Required::
 | xref:../objects/index.adoc#io-k8s-apimachinery-pkg-api-resource-Quantity[`object (Quantity)`]
 | AllocatedResources represents the compute resources allocated for this container by the node. Kubelet sets this value to Container.Resources.Requests upon successful pod admission and after successfully admitting desired pod resize.
 
+| `allocatedResourcesStatus`
+| `array`
+| AllocatedResourcesStatus represents the status of various resources allocated for this Pod.
+
+| `allocatedResourcesStatus[]`
+| `object`
+| 
+
 | `containerID`
 | `string`
 | ContainerID is the ID of the container in the format '<type>://<container_id>'. Where type is a container runtime identifier, returned from Version call of CRI API (for example "containerd").
@@ -11128,6 +11338,10 @@ The value is typically used to determine whether a container is ready to accept
 | `object`
 | ContainerState holds a possible state of container. Only one of its members may be specified. If none of them is specified, the default one is ContainerStateWaiting.
 
+| `user`
+| `object`
+| ContainerUser represents user identity information
+
 | `volumeMounts`
 | `array`
 | Status of volume mounts.
@@ -11136,6 +11350,100 @@ The value is typically used to determine whether a container is ready to accept
 | `object`
 | VolumeMountStatus shows status of volume mounts.
 
+|===
+=== .status.ephemeralContainerStatuses[].allocatedResourcesStatus
+Description::
++
+--
+AllocatedResourcesStatus represents the status of various resources allocated for this Pod.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.ephemeralContainerStatuses[].allocatedResourcesStatus[]
+Description::
++
+--
+
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the resource. Must be unique within the pod and match one of the resources from the pod spec.
+
+| `resources`
+| `array`
+| List of unique Resources health. Each element in the list contains an unique resource ID and resource health. At a minimum, ResourceID must uniquely identify the Resource allocated to the Pod on the Node for the lifetime of a Pod. See ResourceID type for it's definition.
+
+| `resources[]`
+| `object`
+| ResourceHealth represents the health of a resource. It has the latest device health information. This is a part of KEP https://kep.k8s.io/4680 and historical health changes are planned to be added in future iterations of a KEP.
+
+|===
+=== .status.ephemeralContainerStatuses[].allocatedResourcesStatus[].resources
+Description::
++
+--
+List of unique Resources health. Each element in the list contains an unique resource ID and resource health. At a minimum, ResourceID must uniquely identify the Resource allocated to the Pod on the Node for the lifetime of a Pod. See ResourceID type for it's definition.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.ephemeralContainerStatuses[].allocatedResourcesStatus[].resources[]
+Description::
++
+--
+ResourceHealth represents the health of a resource. It has the latest device health information. This is a part of KEP https://kep.k8s.io/4680 and historical health changes are planned to be added in future iterations of a KEP.
+--
+
+Type::
+  `object`
+
+Required::
+  - `resourceID`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `health`
+| `string`
+| Health of the resource. can be one of:
+ - Healthy: operates as normal
+ - Unhealthy: reported unhealthy. We consider this a temporary health issue
+              since we do not have a mechanism today to distinguish
+              temporary and permanent issues.
+ - Unknown: The status cannot be determined.
+            For example, Device Plugin got unregistered and hasn't been re-registered since.
+
+In future we may want to introduce the PermanentlyUnhealthy Status.
+
+| `resourceID`
+| `string`
+| ResourceID is the unique identifier of the resource. See the ResourceID type for more information.
+
 |===
 === .status.ephemeralContainerStatuses[].lastState
 Description::
@@ -11341,6 +11649,10 @@ Required::
 | `string`
 | Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
 
+| `request`
+| `string`
+| Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.
+
 |===
 === .status.ephemeralContainerStatuses[].state
 Description::
@@ -11467,6 +11779,61 @@ Type::
 | `string`
 | (brief) reason the container is not yet running.
 
+|===
+=== .status.ephemeralContainerStatuses[].user
+Description::
++
+--
+ContainerUser represents user identity information
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `linux`
+| `object`
+| LinuxContainerUser represents user identity information in Linux containers
+
+|===
+=== .status.ephemeralContainerStatuses[].user.linux
+Description::
++
+--
+LinuxContainerUser represents user identity information in Linux containers
+--
+
+Type::
+  `object`
+
+Required::
+  - `uid`
+  - `gid`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `gid`
+| `integer`
+| GID is the primary gid initially attached to the first process in the container
+
+| `supplementalGroups`
+| `array (integer)`
+| SupplementalGroups are the supplemental groups initially attached to the first process in the container
+
+| `uid`
+| `integer`
+| UID is the primary uid initially attached to the first process in the container
+
 |===
 === .status.ephemeralContainerStatuses[].volumeMounts
 Description::
@@ -11595,6 +11962,14 @@ Required::
 | xref:../objects/index.adoc#io-k8s-apimachinery-pkg-api-resource-Quantity[`object (Quantity)`]
 | AllocatedResources represents the compute resources allocated for this container by the node. Kubelet sets this value to Container.Resources.Requests upon successful pod admission and after successfully admitting desired pod resize.
 
+| `allocatedResourcesStatus`
+| `array`
+| AllocatedResourcesStatus represents the status of various resources allocated for this Pod.
+
+| `allocatedResourcesStatus[]`
+| `object`
+| 
+
 | `containerID`
 | `string`
 | ContainerID is the ID of the container in the format '<type>://<container_id>'. Where type is a container runtime identifier, returned from Version call of CRI API (for example "containerd").
@@ -11637,6 +12012,10 @@ The value is typically used to determine whether a container is ready to accept
 | `object`
 | ContainerState holds a possible state of container. Only one of its members may be specified. If none of them is specified, the default one is ContainerStateWaiting.
 
+| `user`
+| `object`
+| ContainerUser represents user identity information
+
 | `volumeMounts`
 | `array`
 | Status of volume mounts.
@@ -11645,6 +12024,100 @@ The value is typically used to determine whether a container is ready to accept
 | `object`
 | VolumeMountStatus shows status of volume mounts.
 
+|===
+=== .status.initContainerStatuses[].allocatedResourcesStatus
+Description::
++
+--
+AllocatedResourcesStatus represents the status of various resources allocated for this Pod.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.initContainerStatuses[].allocatedResourcesStatus[]
+Description::
++
+--
+
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the resource. Must be unique within the pod and match one of the resources from the pod spec.
+
+| `resources`
+| `array`
+| List of unique Resources health. Each element in the list contains an unique resource ID and resource health. At a minimum, ResourceID must uniquely identify the Resource allocated to the Pod on the Node for the lifetime of a Pod. See ResourceID type for it's definition.
+
+| `resources[]`
+| `object`
+| ResourceHealth represents the health of a resource. It has the latest device health information. This is a part of KEP https://kep.k8s.io/4680 and historical health changes are planned to be added in future iterations of a KEP.
+
+|===
+=== .status.initContainerStatuses[].allocatedResourcesStatus[].resources
+Description::
++
+--
+List of unique Resources health. Each element in the list contains an unique resource ID and resource health. At a minimum, ResourceID must uniquely identify the Resource allocated to the Pod on the Node for the lifetime of a Pod. See ResourceID type for it's definition.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.initContainerStatuses[].allocatedResourcesStatus[].resources[]
+Description::
++
+--
+ResourceHealth represents the health of a resource. It has the latest device health information. This is a part of KEP https://kep.k8s.io/4680 and historical health changes are planned to be added in future iterations of a KEP.
+--
+
+Type::
+  `object`
+
+Required::
+  - `resourceID`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `health`
+| `string`
+| Health of the resource. can be one of:
+ - Healthy: operates as normal
+ - Unhealthy: reported unhealthy. We consider this a temporary health issue
+              since we do not have a mechanism today to distinguish
+              temporary and permanent issues.
+ - Unknown: The status cannot be determined.
+            For example, Device Plugin got unregistered and hasn't been re-registered since.
+
+In future we may want to introduce the PermanentlyUnhealthy Status.
+
+| `resourceID`
+| `string`
+| ResourceID is the unique identifier of the resource. See the ResourceID type for more information.
+
 |===
 === .status.initContainerStatuses[].lastState
 Description::
@@ -11850,6 +12323,10 @@ Required::
 | `string`
 | Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
 
+| `request`
+| `string`
+| Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.
+
 |===
 === .status.initContainerStatuses[].state
 Description::
@@ -11976,6 +12453,61 @@ Type::
 | `string`
 | (brief) reason the container is not yet running.
 
+|===
+=== .status.initContainerStatuses[].user
+Description::
++
+--
+ContainerUser represents user identity information
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `linux`
+| `object`
+| LinuxContainerUser represents user identity information in Linux containers
+
+|===
+=== .status.initContainerStatuses[].user.linux
+Description::
++
+--
+LinuxContainerUser represents user identity information in Linux containers
+--
+
+Type::
+  `object`
+
+Required::
+  - `uid`
+  - `gid`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `gid`
+| `integer`
+| GID is the primary gid initially attached to the first process in the container
+
+| `supplementalGroups`
+| `array (integer)`
+| SupplementalGroups are the supplemental groups initially attached to the first process in the container
+
+| `uid`
+| `integer`
+| UID is the primary uid initially attached to the first process in the container
+
 |===
 === .status.initContainerStatuses[].volumeMounts
 Description::
@@ -12102,7 +12634,7 @@ Required::
 
 | `resourceClaimName`
 | `string`
-| ResourceClaimName is the name of the ResourceClaim that was generated for the Pod in the namespace of the Pod. It this is unset, then generating a ResourceClaim was not necessary. The pod.spec.resourceClaims entry can be ignored in this case.
+| ResourceClaimName is the name of the ResourceClaim that was generated for the Pod in the namespace of the Pod. If this is unset, then generating a ResourceClaim was not necessary. The pod.spec.resourceClaims entry can be ignored in this case.
 
 |===
 
diff --git a/rest_api/workloads_apis/replicationcontroller-v1.adoc b/rest_api/workloads_apis/replicationcontroller-v1.adoc
index 9f46951124..b3d7356ed0 100644
--- a/rest_api/workloads_apis/replicationcontroller-v1.adoc
+++ b/rest_api/workloads_apis/replicationcontroller-v1.adoc
@@ -219,7 +219,7 @@ To add an ephemeral container, use the ephemeralcontainers subresource of an exi
 
 | `nodeName`
 | `string`
-| NodeName is a request to schedule this pod onto a specific node. If it is non-empty, the scheduler simply schedules this pod onto that node, assuming that it fits resource requirements.
+| NodeName indicates in which node this pod is scheduled. If empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName. Once this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod. This field should not be used to express a desire for the pod to be scheduled on a specific node. https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename
 
 | `nodeSelector`
 | `object (string)`
@@ -267,7 +267,9 @@ This field is immutable.
 
 | `resourceClaims[]`
 | `object`
-| PodResourceClaim references exactly one ResourceClaim through a ClaimSource. It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. Containers that need access to the ResourceClaim reference it with this name.
+| PodResourceClaim references exactly one ResourceClaim, either directly or by naming a ResourceClaimTemplate which is then turned into a ResourceClaim for the pod.
+
+It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. Containers that need access to the ResourceClaim reference it with this name.
 
 | `restartPolicy`
 | `string`
@@ -877,11 +879,11 @@ Required::
 
 | `matchLabelKeys`
 | `array (string)`
-| MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+| MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `mismatchLabelKeys`
 | `array (string)`
-| MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+| MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `namespaceSelector`
 | xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-LabelSelector[`LabelSelector`]
@@ -934,11 +936,11 @@ Required::
 
 | `matchLabelKeys`
 | `array (string)`
-| MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+| MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `mismatchLabelKeys`
 | `array (string)`
-| MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+| MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `namespaceSelector`
 | xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-LabelSelector[`LabelSelector`]
@@ -1054,11 +1056,11 @@ Required::
 
 | `matchLabelKeys`
 | `array (string)`
-| MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+| MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `mismatchLabelKeys`
 | `array (string)`
-| MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+| MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `namespaceSelector`
 | xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-LabelSelector[`LabelSelector`]
@@ -1111,11 +1113,11 @@ Required::
 
 | `matchLabelKeys`
 | `array (string)`
-| MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+| MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `mismatchLabelKeys`
 | `array (string)`
-| MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+| MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
 
 | `namespaceSelector`
 | xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-LabelSelector[`LabelSelector`]
@@ -2654,6 +2656,10 @@ Required::
 | `string`
 | Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
 
+| `request`
+| `string`
+| Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.
+
 |===
 === .spec.template.spec.containers[].securityContext
 Description::
@@ -2690,7 +2696,7 @@ Type::
 
 | `procMount`
 | `string`
-| procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
+| procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
 
 Possible enum values:
  - `"Default"` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information.
@@ -4840,6 +4846,10 @@ Required::
 | `string`
 | Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
 
+| `request`
+| `string`
+| Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.
+
 |===
 === .spec.template.spec.ephemeralContainers[].securityContext
 Description::
@@ -4876,7 +4886,7 @@ Type::
 
 | `procMount`
 | `string`
-| procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
+| procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
 
 Possible enum values:
  - `"Default"` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information.
@@ -7021,6 +7031,10 @@ Required::
 | `string`
 | Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
 
+| `request`
+| `string`
+| Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.
+
 |===
 === .spec.template.spec.initContainers[].securityContext
 Description::
@@ -7057,7 +7071,7 @@ Type::
 
 | `procMount`
 | `string`
-| procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
+| procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
 
 Possible enum values:
  - `"Default"` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information.
@@ -7684,7 +7698,9 @@ Type::
 Description::
 +
 --
-PodResourceClaim references exactly one ResourceClaim through a ClaimSource. It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. Containers that need access to the ResourceClaim reference it with this name.
+PodResourceClaim references exactly one ResourceClaim, either directly or by naming a ResourceClaimTemplate which is then turned into a ResourceClaim for the pod.
+
+It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. Containers that need access to the ResourceClaim reference it with this name.
 --
 
 Type::
@@ -7703,36 +7719,12 @@ Required::
 | `string`
 | Name uniquely identifies this resource claim inside the pod. This must be a DNS_LABEL.
 
-| `source`
-| `object`
-| ClaimSource describes a reference to a ResourceClaim.
-
-Exactly one of these fields should be set.  Consumers of this type must treat an empty object as if it has an unknown value.
-
-|===
-=== .spec.template.spec.resourceClaims[].source
-Description::
-+
---
-ClaimSource describes a reference to a ResourceClaim.
-
-Exactly one of these fields should be set.  Consumers of this type must treat an empty object as if it has an unknown value.
---
-
-Type::
-  `object`
-
-
-
-
-[cols="1,1,1",options="header"]
-|===
-| Property | Type | Description
-
 | `resourceClaimName`
 | `string`
 | ResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod.
 
+Exactly one of ResourceClaimName and ResourceClaimTemplateName must be set.
+
 | `resourceClaimTemplateName`
 | `string`
 | ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod.
@@ -7741,6 +7733,8 @@ The template will be used to create a new ResourceClaim, which will be bound to
 
 This field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim.
 
+Exactly one of ResourceClaimName and ResourceClaimTemplateName must be set.
+
 |===
 === .spec.template.spec.schedulingGates
 Description::
@@ -7840,7 +7834,15 @@ Possible enum values:
 
 | `supplementalGroups`
 | `array (integer)`
-| A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows.
+| A list of groups applied to the first process run in each container, in addition to the container's primary GID and fsGroup (if specified).  If the SupplementalGroupsPolicy feature is enabled, the supplementalGroupsPolicy field determines whether these are in addition to or instead of any group memberships defined in the container image. If unspecified, no additional groups are added, though group memberships defined in the container image may still be used, depending on the supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows.
+
+| `supplementalGroupsPolicy`
+| `string`
+| Defines how supplemental groups of the first container processes are calculated. Valid values are "Merge" and "Strict". If not specified, "Merge" is used. (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows.
+
+Possible enum values:
+ - `"Merge"` means that the container's provided SupplementalGroups and FsGroup (specified in SecurityContext) will be merged with the primary user's groups as defined in the container image (in /etc/group).
+ - `"Strict"` means that the container's provided SupplementalGroups and FsGroup (specified in SecurityContext) will be used instead of any groups defined in the container image.
 
 | `sysctls`
 | `array`
@@ -8294,6 +8296,10 @@ DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mou
 | `object`
 | Represents a host path mapped into a pod. Host path volumes do not support ownership management or SELinux relabeling.
 
+| `image`
+| `object`
+| ImageVolumeSource represents a image volume resource.
+
 | `iscsi`
 | `object`
 | Represents an ISCSI disk. ISCSI volumes can only be mounted as read/write once. ISCSI volumes support ownership management and SELinux relabeling.
@@ -9012,7 +9018,7 @@ Type::
 
 | `volumeAttributesClassName`
 | `string`
-| volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
+| volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
 
 | `volumeMode`
 | `string`
@@ -9398,6 +9404,37 @@ Possible enum values:
  - `"FileOrCreate"` If nothing exists at the given path, an empty file will be created there as needed with file mode 0644, having the same group and ownership with Kubelet.
  - `"Socket"` A UNIX socket must exist at the given path
 
+|===
+=== .spec.template.spec.volumes[].image
+Description::
++
+--
+ImageVolumeSource represents a image volume resource.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `pullPolicy`
+| `string`
+| Policy for pulling OCI objects. Possible values are: Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+
+Possible enum values:
+ - `"Always"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails.
+ - `"IfNotPresent"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails.
+ - `"Never"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present
+
+| `reference`
+| `string`
+| Required: Image or artifact reference to be used. Behaves in the same way as pod.spec.containers[*].image. Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.
+
 |===
 === .spec.template.spec.volumes[].iscsi
 Description::
@@ -9631,18 +9668,18 @@ Type::
 
 | `sources`
 | `array`
-| sources is the list of volume projections
+| sources is the list of volume projections. Each entry in this list handles one source.
 
 | `sources[]`
 | `object`
-| Projection that may be projected along with other supported volume types
+| Projection that may be projected along with other supported volume types. Exactly one of these fields must be set.
 
 |===
 === .spec.template.spec.volumes[].projected.sources
 Description::
 +
 --
-sources is the list of volume projections
+sources is the list of volume projections. Each entry in this list handles one source.
 --
 
 Type::
@@ -9655,7 +9692,7 @@ Type::
 Description::
 +
 --
-Projection that may be projected along with other supported volume types
+Projection that may be projected along with other supported volume types. Exactly one of these fields must be set.
 --
 
 Type::