Merge pull request #947 from lsviben/update-v2-preview-with-v2-xrd

update v2 preview with v2 XRD
Merge pull request #952 from jbw976/cncf-accounts
2025-07-22 12:10:45 +03:00 · 2025-07-18 17:16:00 -07:00 · 2025-07-18 13:52:55 -07:00 · 2025-07-01 08:55:50 -07:00 · 2025-07-01 13:04:02 +02:00 · 2025-07-01 13:04:02 +02:00
287 changed files with 41210 additions and 11685 deletions
--- a/.github/ISSUE_TEMPLATE/new_release.md
+++ b/.github/ISSUE_TEMPLATE/new_release.md
@ -7,8 +7,9 @@ labels: release
 - [ ] Update the `$LATEST_VER` parameter in [netlify_build.sh](https://github.com/crossplane/docs/blob/master/netlify_build.sh#L3)
 - [ ] Update `params.latest` in [config.yaml](https://github.com/crossplane/docs/blob/master/config.yaml#L93)
 - [ ] Copy Crossplane [cluster/crds](https://github.com/crossplane/crossplane/tree/main/cluster/crds) contents to `/content/master/api/crds`
 - [ ] Copy `/content/master` directory to `/content/<new latest>`
 - [ ] Update `version` in the `_index.md` file of `/content/<new latest>` from `master` to the correct version.
- [ ] Copy Crossplane [cluster/crds](https://github.com/crossplane/crossplane/tree/main/cluster/crds) contents to `/content/<new latest>/api/crds`.
+- [ ] Create a [new release/tag](https://github.com/crossplane/docs/releases/new) named `v<EOL version>-archive` to snapshot EOL'd docs.
 - [ ] Create a [new release/tag](https://github.com/crossplane/docs/releases/new) named "v<EOL version>-archive" to snapshot EOL'd docs.
 - [ ] Remove EOL'd docs version from "/content" directory and run `hugo` locally to check for broken links.
 - [ ] Trigger [Algolia Crawler](https://crawler.algolia.com/) after publishing to reindex results.
--- a/OWNERS.md
+++ b/OWNERS.md
@ -10,21 +10,23 @@ guidelines and responsibilities for the steering committee and maintainers.
 The Maintainers and Reviewers mirror the [crossplane/crossplane OWNERS](https://github.com/crossplane/crossplane/blob/main/OWNERS.md) with the following changes:
-
+* Jared Watts <jared@upbound.io> ([jbw976](https://github.com/jbw976)) as a maintainer
 * Pete Lumbis <pete@upbound.io> ([plumbis](https://github.com/plumbis)) as a maintainer
 * Michael Goff <michael@upbound.io> ([thephred](https://github.com/thephred)) as a maintainer
-* Jean du Plessis <jean@upbound.io> ([jeanduplessis](https://github.com/jeanduplessis) as a maintainer
+* Jean du Plessis <jean@upbound.io> ([jeanduplessis](https://github.com/jeanduplessis)) as a maintainer
 * Rae Sharp <rae@upbound.io> ([tr0njavolta](https://github.com/tr0njavolta)) as a maintainer
 ## Maintainers
 * Bob Haddleton <bob.haddleton@nokia.com> ([bobh66](https://github.com/bobh66))
 * Jared Watts <jared@upbound.io> ([jbw976](https://github.com/jbw976))
 * Michael Goff <michael@upbound.io> ([thephred](https://github.com/thephred))
 * Nic Cope <negz@upbound.io> ([negz](https://github.com/negz))
 * Pete Lumbis <pete@upbound.io> ([plumbis](https://github.com/plumbis))
 * Muvaffak Onus <monus@upbound.io> ([muvaf](https://github.com/muvaf))
 * Hasan Turken <hasan@upbound.io> ([turkenh](https://github.com/turkenh))
-* Jean du Plessis <jean@upbound.io> ([jeanduplessis](https://github.com/jeanduplessis)
+* Bob Haddleton <bob.haddleton@nokia.com> ([bobh66](https://github.com/bobh66))
 * Philippe Scorsolini <philippe.scorsolini@upbound.io> ([phisco](https://github.com/phisco))
 * Jared Watts <jared@upbound.io> ([jbw976](https://github.com/jbw976))
 * Pete Lumbis <pete@upbound.io> ([plumbis](https://github.com/plumbis))
 * Michael Goff <michael@upbound.io> ([thephred](https://github.com/thephred))
 * Jean du Plessis <jean@upbound.io> ([jeanduplessis](https://github.com/jeanduplessis))
 * Rae Sharp <rae@upbound.io> ([tr0njavolta](https://github.com/tr0njavolta))
 ## Reviewers
@ -32,10 +34,10 @@ The Maintainers and Reviewers mirror the [crossplane/crossplane OWNERS](https://
 * Daren Iott <daren@upbound.io> ([nullable-eth](https://github.com/nullable-eth))
 * Ezgi Demirel <ezgi@upbound.io> ([ezgidemirel](https://github.com/ezgidemirel))
 * Max Blatt ([MisterMX](https://github.com/MisterMX))
 * Philippe Scorsolini <philippe.scorsolini@upbound.io> ([phisco](https://github.com/phisco))
 * Lovro Sviben <lovro.sviben@upbound.io> ([lsviben](https://github.com/lsviben))
 ## Emeritus maintainers
 * Connor Chan <connor@upbound.io> ([connorchan](https://github.com/connorchan))
 * Daniel Mangum <dan@upbound.io> ([hasheddan](https://github.com/hasheddan))
 * Muvaffak Onus <monus@upbound.io> ([muvaf](https://github.com/muvaf))
--- a/config.yaml
+++ b/config.yaml
@ -90,7 +90,7 @@ security:
 # Global parameters accessible by any Page
 params:
  # The current "latest" version. Used in the version dropdown
-  latest: "1.18"
+  latest: "1.20"
  docs: true
  anchors:
    # Generate heading anchors for any heading between min and max
--- a/content/contribute/_index.md
+++ b/content/contribute/_index.md
@ -32,10 +32,9 @@ Taken directly from the code:
 <!-- vale on -->
 ## Reporting violations
-To report violations contact the Crossplane maintainers at `info@crossplane.io`
+To report violations contact the Crossplane maintainers at `crossplane-info@lists.cncf.io`
 or the CNCF at `conduct@cncf.io`.
 All the information needed to contribute to the Crossplane documentation is
 here.
--- a/content/contribute/features.md
+++ b/content/contribute/features.md
@ -195,7 +195,7 @@ without using the
 For example, 
 ```markdown
-[Go to Upbound](http://upbound.io)
+[Go to Crossplane](http://crossplane.io)
 ```
 ## Tables
--- a/content/contribute/infrastructure.md
+++ b/content/contribute/infrastructure.md
@ -390,6 +390,7 @@ Expand the tab below to see an annotated `tree` output of the website repository
 │       │   │   ├── meta-common.html  # <meta> tags used on all pages
 │       │   │   ├── ms-clarity.html   # Microsoft Clarity tags
 │       │   │   ├── old-version-alert.html  # Alert box for versions that aren't the latest
 │       │   │   ├── preview-version-alert.html  # Alert box for preview versions
 │       │   │   ├── redirect.html     # HTML meta redirect
 │       │   │   ├── release-notes.html  # Release note summary page generator
 │       │   │   ├── rollworks.html    # Rollworks analytics tags
--- a/content/master/api/crds/apiextensions.crossplane.io_usages.yaml
+++ b/content/master/api/crds/apiextensions.crossplane.io_usages.yaml
@ -213,3 +213,200 @@ spec:
    storage: true
    subresources:
      status: {}
  - additionalPrinterColumns:
    - jsonPath: .metadata.annotations.crossplane\.io/usage-details
      name: DETAILS
      type: string
    - jsonPath: .status.conditions[?(@.type=='Ready')].status
      name: READY
      type: string
    - jsonPath: .metadata.creationTimestamp
      name: AGE
      type: date
    name: v1beta1
    schema:
      openAPIV3Schema:
        description: |-
          A Usage defines a deletion blocking relationship between two resources.
          Usages prevent accidental deletion of a single resource or deletion of
          resources with dependent resources.
          Read the Crossplane documentation for
          [more information about Compositions](https://docs.crossplane.io/latest/concepts/usages).
        properties:
          apiVersion:
            description: |-
              APIVersion defines the versioned schema of this representation of an object.
              Servers should convert recognized schemas to the latest internal value, and
              may reject unrecognized values.
              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
            type: string
          kind:
            description: |-
              Kind is a string value representing the REST resource this object represents.
              Servers may infer this from the endpoint the client submits requests to.
              Cannot be updated.
              In CamelCase.
              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
            type: string
          metadata:
            type: object
          spec:
            description: UsageSpec defines the desired state of Usage.
            properties:
              by:
                description: By is the resource that is "using the other resource".
                properties:
                  apiVersion:
                    description: API version of the referent.
                    type: string
                  kind:
                    description: |-
                      Kind of the referent.
                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
                    type: string
                  resourceRef:
                    description: Reference to the resource.
                    properties:
                      name:
                        description: Name of the referent.
                        type: string
                    required:
                    - name
                    type: object
                  resourceSelector:
                    description: |-
                      Selector to the resource.
                      This field will be ignored if ResourceRef is set.
                    properties:
                      matchControllerRef:
                        description: |-
                          MatchControllerRef ensures an object with the same controller reference
                          as the selecting object is selected.
                        type: boolean
                      matchLabels:
                        additionalProperties:
                          type: string
                        description: MatchLabels ensures an object with matching labels
                          is selected.
                        type: object
                    type: object
                type: object
                x-kubernetes-validations:
                - message: either a resource reference or a resource selector should
                    be set.
                  rule: has(self.resourceRef) || has(self.resourceSelector)
              of:
                description: Of is the resource that is "being used".
                properties:
                  apiVersion:
                    description: API version of the referent.
                    type: string
                  kind:
                    description: |-
                      Kind of the referent.
                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
                    type: string
                  resourceRef:
                    description: Reference to the resource.
                    properties:
                      name:
                        description: Name of the referent.
                        type: string
                    required:
                    - name
                    type: object
                  resourceSelector:
                    description: |-
                      Selector to the resource.
                      This field will be ignored if ResourceRef is set.
                    properties:
                      matchControllerRef:
                        description: |-
                          MatchControllerRef ensures an object with the same controller reference
                          as the selecting object is selected.
                        type: boolean
                      matchLabels:
                        additionalProperties:
                          type: string
                        description: MatchLabels ensures an object with matching labels
                          is selected.
                        type: object
                    type: object
                type: object
                x-kubernetes-validations:
                - message: either a resource reference or a resource selector should
                    be set.
                  rule: has(self.resourceRef) || has(self.resourceSelector)
              reason:
                description: Reason is the reason for blocking deletion of the resource.
                type: string
              replayDeletion:
                description: ReplayDeletion will trigger a deletion on the used resource
                  during the deletion of the usage itself, if it was attempted to
                  be deleted at least once.
                type: boolean
            required:
            - of
            type: object
            x-kubernetes-validations:
            - message: either "spec.by" or "spec.reason" must be specified.
              rule: has(self.by) || has(self.reason)
          status:
            description: UsageStatus defines the observed state of Usage.
            properties:
              conditions:
                description: Conditions of the resource.
                items:
                  description: A Condition that may apply to a resource.
                  properties:
                    lastTransitionTime:
                      description: |-
                        LastTransitionTime is the last time this condition transitioned from one
                        status to another.
                      format: date-time
                      type: string
                    message:
                      description: |-
                        A Message containing details about this condition's last transition from
                        one status to another, if any.
                      type: string
                    observedGeneration:
                      description: |-
                        ObservedGeneration represents the .metadata.generation that the condition was set based upon.
                        For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
                        with respect to the current state of the instance.
                      format: int64
                      type: integer
                    reason:
                      description: A Reason for this condition's last transition from
                        one status to another.
                      type: string
                    status:
                      description: Status of this condition; is it currently True,
                        False, or Unknown?
                      type: string
                    type:
                      description: |-
                        Type of this condition. At most one of each condition type may apply to
                        a resource at any point in time.
                      type: string
                  required:
                  - lastTransitionTime
                  - reason
                  - status
                  - type
                  type: object
                type: array
                x-kubernetes-list-map-keys:
                - type
                x-kubernetes-list-type: map
            type: object
        required:
        - spec
        type: object
    served: true
    storage: false
    subresources:
      status: {}
--- a/content/master/api/crds/pkg.crossplane.io_configurationrevisions.yaml
+++ b/content/master/api/crds/pkg.crossplane.io_configurationrevisions.yaml
@ -146,6 +146,27 @@ spec:
            description: PackageRevisionStatus represents the observed state of a
              PackageRevision.
            properties:
              appliedImageConfigRefs:
                description: |-
                  AppliedImageConfigRefs records any image configs that were applied in
                  reconciling this revision, and what they were used for.
                items:
                  description: |-
                    ImageConfigRef is a reference to an image config that indicates how the
                    referenced image config was used by the package manager.
                  properties:
                    name:
                      description: Name is the name of the image config.
                      type: string
                    reason:
                      description: Reason indicates what the image config was used
                        for.
                      type: string
                  required:
                  - name
                  - reason
                  type: object
                type: array
              conditions:
                description: Conditions of the resource.
                items:
@ -281,6 +302,12 @@ spec:
                  - verbs
                  type: object
                type: array
              resolvedImage:
                description: |-
                  ResolvedPackage is the name of the package that was installed. It may be
                  different from spec.image if the package path was rewritten using an
                  image config.
                type: string
            type: object
        type: object
    served: true
--- a/content/master/api/crds/pkg.crossplane.io_configurations.yaml
+++ b/content/master/api/crds/pkg.crossplane.io_configurations.yaml
@ -138,6 +138,27 @@ spec:
          status:
            description: ConfigurationStatus represents the observed state of a Configuration.
            properties:
              appliedImageConfigRefs:
                description: |-
                  AppliedImageConfigRefs records any image configs that were applied in
                  reconciling this package, and what they were used for.
                items:
                  description: |-
                    ImageConfigRef is a reference to an image config that indicates how the
                    referenced image config was used by the package manager.
                  properties:
                    name:
                      description: Name is the name of the image config.
                      type: string
                    reason:
                      description: Reason indicates what the image config was used
                        for.
                      type: string
                  required:
                  - name
                  - reason
                  type: object
                type: array
              conditions:
                description: Conditions of the resource.
                items:
@ -199,6 +220,12 @@ spec:
                  reflect the most up to date revision, whether it has been activated or
                  not.
                type: string
              resolvedPackage:
                description: |-
                  ResolvedPackage is the name of the package that was used for version
                  resolution. It may be different from spec.package if the package path was
                  rewritten using an image config.
                type: string
            type: object
        type: object
    served: true
--- a/content/master/api/crds/pkg.crossplane.io_functionrevisions.yaml
+++ b/content/master/api/crds/pkg.crossplane.io_functionrevisions.yaml
@ -189,6 +189,27 @@ spec:
            description: FunctionRevisionStatus represents the observed state of a
              FunctionRevision.
            properties:
              appliedImageConfigRefs:
                description: |-
                  AppliedImageConfigRefs records any image configs that were applied in
                  reconciling this revision, and what they were used for.
                items:
                  description: |-
                    ImageConfigRef is a reference to an image config that indicates how the
                    referenced image config was used by the package manager.
                  properties:
                    name:
                      description: Name is the name of the image config.
                      type: string
                    reason:
                      description: Reason indicates what the image config was used
                        for.
                      type: string
                  required:
                  - name
                  - reason
                  type: object
                type: array
              conditions:
                description: Conditions of the resource.
                items:
@ -329,6 +350,12 @@ spec:
                  - verbs
                  type: object
                type: array
              resolvedImage:
                description: |-
                  ResolvedPackage is the name of the package that was installed. It may be
                  different from spec.image if the package path was rewritten using an
                  image config.
                type: string
            type: object
        type: object
    served: true
@ -507,6 +534,27 @@ spec:
            description: FunctionRevisionStatus represents the observed state of a
              FunctionRevision.
            properties:
              appliedImageConfigRefs:
                description: |-
                  AppliedImageConfigRefs records any image configs that were applied in
                  reconciling this revision, and what they were used for.
                items:
                  description: |-
                    ImageConfigRef is a reference to an image config that indicates how the
                    referenced image config was used by the package manager.
                  properties:
                    name:
                      description: Name is the name of the image config.
                      type: string
                    reason:
                      description: Reason indicates what the image config was used
                        for.
                      type: string
                  required:
                  - name
                  - reason
                  type: object
                type: array
              conditions:
                description: Conditions of the resource.
                items:
@ -647,6 +695,12 @@ spec:
                  - verbs
                  type: object
                type: array
              resolvedImage:
                description: |-
                  ResolvedPackage is the name of the package that was installed. It may be
                  different from spec.image if the package path was rewritten using an
                  image config.
                type: string
            type: object
        type: object
    served: true
--- a/content/master/api/crds/pkg.crossplane.io_functions.yaml
+++ b/content/master/api/crds/pkg.crossplane.io_functions.yaml
@ -168,6 +168,27 @@ spec:
          status:
            description: FunctionStatus represents the observed state of a Function.
            properties:
              appliedImageConfigRefs:
                description: |-
                  AppliedImageConfigRefs records any image configs that were applied in
                  reconciling this package, and what they were used for.
                items:
                  description: |-
                    ImageConfigRef is a reference to an image config that indicates how the
                    referenced image config was used by the package manager.
                  properties:
                    name:
                      description: Name is the name of the image config.
                      type: string
                    reason:
                      description: Reason indicates what the image config was used
                        for.
                      type: string
                  required:
                  - name
                  - reason
                  type: object
                type: array
              conditions:
                description: Conditions of the resource.
                items:
@ -229,6 +250,12 @@ spec:
                  reflect the most up to date revision, whether it has been activated or
                  not.
                type: string
              resolvedPackage:
                description: |-
                  ResolvedPackage is the name of the package that was used for version
                  resolution. It may be different from spec.package if the package path was
                  rewritten using an image config.
                type: string
            type: object
        type: object
    served: true
@ -386,6 +413,27 @@ spec:
          status:
            description: FunctionStatus represents the observed state of a Function.
            properties:
              appliedImageConfigRefs:
                description: |-
                  AppliedImageConfigRefs records any image configs that were applied in
                  reconciling this package, and what they were used for.
                items:
                  description: |-
                    ImageConfigRef is a reference to an image config that indicates how the
                    referenced image config was used by the package manager.
                  properties:
                    name:
                      description: Name is the name of the image config.
                      type: string
                    reason:
                      description: Reason indicates what the image config was used
                        for.
                      type: string
                  required:
                  - name
                  - reason
                  type: object
                type: array
              conditions:
                description: Conditions of the resource.
                items:
@ -447,6 +495,12 @@ spec:
                  reflect the most up to date revision, whether it has been activated or
                  not.
                type: string
              resolvedPackage:
                description: |-
                  ResolvedPackage is the name of the package that was used for version
                  resolution. It may be different from spec.package if the package path was
                  rewritten using an image config.
                type: string
            type: object
        type: object
    served: true
--- a/content/master/api/crds/pkg.crossplane.io_imageconfigs.yaml
+++ b/content/master/api/crds/pkg.crossplane.io_imageconfigs.yaml
@ -47,13 +47,19 @@ spec:
            description: ImageConfigSpec contains the configuration for matching images.
            properties:
              matchImages:
-                description: MatchImages is a list of image matching rules that should
+                description: |-
-                  be satisfied.
+                  MatchImages is a list of image matching rules. This ImageConfig will
                  match an image if any one of these rules is satisfied. In the case where
                  multiple ImageConfigs match an image for a given purpose the one with the
                  most specific match will be used. If multiple rules of equal specificity
                  match an arbitrary one will be selected.
                items:
                  description: ImageMatch defines a rule for matching image.
                  properties:
                    prefix:
-                      description: Prefix is the prefix that should be matched.
+                      description: |-
                        Prefix is the prefix that should be matched. When multiple prefix rules
                        match an image path, the longest one takes precedence.
                      type: string
                    type:
                      default: Prefix
@ -95,6 +101,19 @@ spec:
                    - pullSecretRef
                    type: object
                type: object
              rewriteImage:
                description: RewriteImage defines how a matched image's path should
                  be rewritten.
                properties:
                  prefix:
                    description: |-
                      Prefix is the prefix that will replace the portion of the image's path
                      matched by the prefix in the ImageMatch. If multiple prefixes matched,
                      the longest one will be replaced.
                    type: string
                required:
                - prefix
                type: object
              verification:
                description: Verification contains the configuration for verifying
                  the image.
--- a/content/master/api/crds/pkg.crossplane.io_locks.yaml
+++ b/content/master/api/crds/pkg.crossplane.io_locks.yaml
@ -44,6 +44,9 @@ spec:
            items:
              description: LockPackage is a package that is in the lock.
              properties:
                apiVersion:
                  description: APIVersion of the package.
                  type: string
                dependencies:
                  description: |-
                    Dependencies are the list of dependencies of this package. The order of
@ -52,25 +55,39 @@ spec:
                    description: A Dependency is a dependency of a package in the
                      lock.
                    properties:
                      apiVersion:
                        description: APIVersion of the package.
                        type: string
                      constraints:
                        description: |-
                          Constraints is a valid semver range or a digest, which will be used to select a valid
                          dependency version.
                        type: string
                      kind:
                        description: Kind of the package (not the kind of the package
                          revision).
                        type: string
                      package:
                        description: Package is the OCI image name without a tag or
                          digest.
                        type: string
                      type:
-                        description: Type is the type of package. Can be either Configuration
+                        description: |-
-                          or Provider.
+                          Type is the type of package. Can be either Configuration or Provider.
                          Deprecated: Specify an apiVersion and kind instead.
                        enum:
                        - Configuration
                        - Provider
                        - Function
                        type: string
                    required:
                    - constraints
                    - package
                    - type
                    type: object
                  type: array
                kind:
                  description: Kind of the package (not the kind of the package revision).
                  type: string
                name:
                  description: Name corresponds to the name of the package revision
                    for this package.
@ -79,8 +96,13 @@ spec:
                  description: Source is the OCI image name without a tag or digest.
                  type: string
                type:
-                  description: Type is the type of package. Can be either Configuration
+                  description: |-
-                    or Provider.
+                    Type is the type of package.
                    Deprecated: Specify an apiVersion and kind instead.
                  enum:
                  - Configuration
                  - Provider
                  - Function
                  type: string
                version:
                  description: Version is the tag or digest of the OCI image.
@ -89,7 +111,6 @@ spec:
              - dependencies
              - name
              - source
              - type
              - version
              type: object
            type: array
--- a/content/master/api/crds/pkg.crossplane.io_providerrevisions.yaml
+++ b/content/master/api/crds/pkg.crossplane.io_providerrevisions.yaml
@ -189,6 +189,27 @@ spec:
            description: PackageRevisionStatus represents the observed state of a
              PackageRevision.
            properties:
              appliedImageConfigRefs:
                description: |-
                  AppliedImageConfigRefs records any image configs that were applied in
                  reconciling this revision, and what they were used for.
                items:
                  description: |-
                    ImageConfigRef is a reference to an image config that indicates how the
                    referenced image config was used by the package manager.
                  properties:
                    name:
                      description: Name is the name of the image config.
                      type: string
                    reason:
                      description: Reason indicates what the image config was used
                        for.
                      type: string
                  required:
                  - name
                  - reason
                  type: object
                type: array
              conditions:
                description: Conditions of the resource.
                items:
@ -324,6 +345,12 @@ spec:
                  - verbs
                  type: object
                type: array
              resolvedImage:
                description: |-
                  ResolvedPackage is the name of the package that was installed. It may be
                  different from spec.image if the package path was rewritten using an
                  image config.
                type: string
            type: object
        type: object
    served: true
--- a/content/master/api/crds/pkg.crossplane.io_providers.yaml
+++ b/content/master/api/crds/pkg.crossplane.io_providers.yaml
@ -170,6 +170,27 @@ spec:
          status:
            description: ProviderStatus represents the observed state of a Provider.
            properties:
              appliedImageConfigRefs:
                description: |-
                  AppliedImageConfigRefs records any image configs that were applied in
                  reconciling this package, and what they were used for.
                items:
                  description: |-
                    ImageConfigRef is a reference to an image config that indicates how the
                    referenced image config was used by the package manager.
                  properties:
                    name:
                      description: Name is the name of the image config.
                      type: string
                    reason:
                      description: Reason indicates what the image config was used
                        for.
                      type: string
                  required:
                  - name
                  - reason
                  type: object
                type: array
              conditions:
                description: Conditions of the resource.
                items:
@ -231,6 +252,12 @@ spec:
                  reflect the most up to date revision, whether it has been activated or
                  not.
                type: string
              resolvedPackage:
                description: |-
                  ResolvedPackage is the name of the package that was used for version
                  resolution. It may be different from spec.package if the package path was
                  rewritten using an image config.
                type: string
            type: object
        type: object
    served: true
--- a/content/master/cli/_index.md
+++ b/content/master/cli/_index.md
@ -62,3 +62,20 @@ For example, to install CLI version `v1.14.0` add `XP_VERSION=v1.14.0` to the
 download script curl command:  
 `curl -sL "https://raw.githubusercontent.com/crossplane/crossplane/main/install.sh" | XP_VERSION=v1.14.0 sh`
 ## Installing shell autocompletions
 The Crossplane CLI supports shell autocompletions for `bash`, `zsh` and `fish`.
 You can install the autocompletions with the `completions` command by adding it to
 your shell's configuration file.
 ```shell
 source <(crossplane completions)
 ```
 {{<hint "note" >}}
 The `completions` command generates the autocompletions for your default shell.
 It's not possible to generate autocompletions for a different shell, if you want to
 install the autocompletions for a different shell, you have to configure the Crossplane
 CLI as the completer manually.
 {{< /hint >}}
--- a/content/master/cli/command-reference.md
+++ b/content/master/cli/command-reference.md
@ -240,9 +240,6 @@ For example,
 Include YAML files demonstrating how to use the package with `--examples-root`. 
 [Upbound Marketplace](https://marketplace.upbound.io/) uses files included with 
 `--examples-root` as documentation for published packages.
 #### Include a runtime image
 Functions and Providers require YAML files describing their dependencies and 
@ -326,9 +323,9 @@ inside Crossplane.
 The `<package-kind>` is either a `configuration`, `function` or `provider`.
 For example, to install the latest version of the
-[AWS S3 provider](https://marketplace.upbound.io/providers/upbound/provider-aws-s3/):
+[AWS S3 provider](https://github.com/crossplane-contrib/provider-upjet-aws):
-`crossplane xpkg install provider xpkg.upbound.io/upbound/provider-aws-s3:v1`
+`crossplane xpkg install provider xpkg.crossplane.io/crossplane-contrib/provider-aws-s3:v1.21.1`
 #### Flags
 {{< table "table table-sm table-striped">}}
@ -380,11 +377,7 @@ in the package documentation.
 ### xpkg login
-Use `xpkg login` to authenticate to `xpkg.upbound.io`, the 
+Use `xpkg login` to authenticate to registries that host Crossplane packages.
 [Upbound Marketplace](https://marketplace.upbound.io/) container registry.
 [Register with the Upbound Marketplace](https://accounts.upbound.io/register) 
 to push packages and create private repositories. 
 #### Flags
@ -451,10 +444,6 @@ Using `crossplane xpkg logout` removes the `session` from the
 Push a Crossplane package file to a package registry. 
 The Crossplane CLI pushes images to the 
 [Upbound Marketplace](https://marketplace.upbound.io/) at `xpkg.upbound.io` by 
 default.
 {{< hint "note" >}}
 Pushing a package may require authentication with 
 [`crossplane xpkg login`](#xpkg-login)
@ -504,13 +493,10 @@ already installed in Crossplane.
 `crossplane xpkg update <package-kind> <registry package name and tag> [<optional-name>]`
 The package file must be an organization, image and tag on the `xpkg.upbound.io`
 registry on [Upbound Marketplace](https://marketplace.upbound.io/).
 For example, to update to the latest version of the
-[AWS S3 provider](https://marketplace.upbound.io/providers/upbound/provider-aws-s3/):
+[AWS S3 provider](https://github.com/crossplane-contrib/provider-upjet-aws):
-`crossplane xpkg update provider xpkg.upbound.io/upbound/provider-aws-s3:v1`
+`crossplane xpkg update provider xpkg.crossplane.io/crossplane-contrib/provider-aws-s3:v1.21.1`
 ## beta
@ -573,7 +559,7 @@ TYPE         NAMESPACE   NAME
 crossplane   default     crossplane-f98f9ddfd-tnm46                                            4m           32Mi
 crossplane   default     crossplane-rbac-manager-74ff459b88-94p8p                              4m           14Mi
 provider     default     provider-aws-s3-1f1a3fb08cbc-5c49d84447-sggrq                         3m           108Mi
-provider     default     upbound-provider-family-aws-48b3b5ccf964-76c9686b6-bgg65   2m           89Mi
+provider     default     crossplane-contrib-provider-family-aws-48b3b5ccf964-76c9686b6-bgg65   2m           89Mi
 ```
 {{<hint "important" >}}
@ -916,6 +902,7 @@ A Kubernetes cluster running Crossplane isn't required.
 |              | `--cache-dir=".crossplane/cache"` | Specify the absolute path to the cache directory to store downloaded schemas. |
 |              | `--clean-cache`          | Clean the cache directory before downloading package schemas. |
 |              | `--skip-success-results` | Skip printing success results.                        |
 |              | `--error-on-missing-schemas` | Return a non zero exit code if any schemas are missing. |
 |              | `--verbose`              | Print verbose logging statements.                     |
 {{< /table >}}
@ -942,7 +929,7 @@ To clear the cache and download the CRD files again use the `--clean-cache` flag
 To validate a managed resource against a provider,
 first, create a provider manifest file. For example, to validate an IAM role
 from Provider AWS, use the 
-[Provider AWS IAM](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.0.0) 
+[Provider AWS IAM](https://github.com/crossplane-contrib/provider-upjet-aws) 
 manifest.
 {{<hint "tip" >}}
@ -957,7 +944,7 @@ kind: Provider
 metadata:
  name: provider-aws-iam
 spec:
-  package: xpkg.upbound.io/upbound/provider-aws-iam:v1
+  package: xpkg.crossplane.io/crossplane-contrib/provider-aws-iam:v1.21.1
 ```
 Now include the XR or managed resource to validate.
--- a/content/master/concepts/compositions.md
+++ b/content/master/concepts/compositions.md
@ -134,7 +134,7 @@ kind: Function
 metadata:
  name: function-patch-and-transform
 spec:
-  package: xpkg.upbound.io/crossplane-contrib/function-patch-and-transform:v0.1.4
+  package: xpkg.crossplane.io/crossplane-contrib/function-patch-and-transform:v0.8.2
 ```
 {{< hint "tip" >}}
@ -155,7 +155,7 @@ During the install a Function reports `INSTALLED` as `True` and `HEALTHY` as
 ```shell {copy-lines="1"}
 kubectl get functions
 NAME                              INSTALLED   HEALTHY   PACKAGE                                                                  AGE
-function-patch-and-transform      True        Unknown   xpkg.upbound.io/crossplane-contrib/function-patch-and-transform:v0.1.4   10s
+function-patch-and-transform      True        Unknown   xpkg.crossplane.io/crossplane-contrib/function-patch-and-transform:v0.8.2   10s
 ```
 After the Function install completes and it's ready for use the `HEALTHY` status
@ -545,7 +545,7 @@ kind: Function
 metadata:
  name: function-patch-and-transform
 spec:
-  package: xpkg.upbound.io/crossplane-contrib/function-patch-and-transform:v0.1.4
+  package: xpkg.crossplane.io/crossplane-contrib/function-patch-and-transform:v0.8.2
 ```
 {{</expand>}}
@ -576,7 +576,7 @@ metadata:
  annotations:
    render.crossplane.io/runtime: Development
 spec:
-  package: xpkg.upbound.io/crossplane-contrib/function-patch-and-transform:v0.1.4
+  package: xpkg.crossplane.io/crossplane-contrib/function-patch-and-transform:v0.8.2
 ```
 {{<hint "tip">}}
@ -599,6 +599,11 @@ the container, and `Orphan`, to leave it running.
  `Development` runtime this annotation tells the CLI to connect to a Function
  running at the specified target. It uses
  [gRPC target syntax](https://github.com/grpc/grpc/blob/v1.59.1/doc/naming.md).
 * `render.crossplane.io/runtime-docker-env` - When using the `Docker` runtime this
  annotation specifies the environment variables that will be used for the
  container. This is helpful to e.g. control KCL registry access to use a different
  registry. The annotations value is a comma separated string of key=value pairs 
  e.g. "key1=value1,key2=value2".
 ## Verify a Composition
--- a/content/master/concepts/connection-details.md
+++ b/content/master/concepts/connection-details.md
@ -49,7 +49,7 @@ All the following examples use the same set of Compositions,
 CompositeResourceDefinitions and Claims.
 All examples rely on 
-[Upbound provider-aws-iam](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/)
+[provider-aws-iam](https://github.com/crossplane-contrib/provider-upjet-aws)
 to create resources.
 {{<expand "Reference Composition" >}}
@ -534,11 +534,10 @@ the secret key names to create. Crossplane only adds the keys listed to the
 combined secret.
 {{<hint "warning">}}
-You can't change the 
+When changing the {{<hover label="xrd" line="4">}}connectionSecretKeys{{</hover>}} of an XRD the change isn't immediately reflected.
-{{<hover label="xrd" line="4">}}connectionSecretKeys{{</hover>}} of an XRD. 
+You have two options to change the keys in the combined secret object.
-You must delete and
+- Delete and recreate the XRD. This only makes sense if the XRD isn't used as it leads to the deletion of XRs.
-recreate the XRD to change the 
+- Restart the XR reconciler, which can be done by restarting the Crossplane pod.
 {{<hover label="xrd" line="4">}}connectionSecretKeys{{</hover>}}.
 {{</hint >}}
 For example, an XRD may restrict the secrets to only the 
--- a/content/master/concepts/image-configs.md
+++ b/content/master/concepts/image-configs.md
@ -10,6 +10,35 @@ description: "Image Configs is an API for centralized control of the configurati
 Crossplane package images. It allows you to configure package manager behavior
 for images globally, without needing to be referenced by other objects.
 ## Matching image references
 `spec.matchImages` is a list of image references that the `ImageConfig` applies
 to. Each item in the list specifies the type and configuration of the image
 reference to match. The only supported type is `Prefix`, which matches the
 prefix of the image reference. No wildcards are supported. The `type` defaults
 to `Prefix` and can be omitted.
 When there are multiple `ImageConfigs` matching an image reference, the one with
 the longest matching prefix is selected. If there are multiple `ImageConfigs`
 with the same longest matching prefix, one of them is selected
 arbitrarily. Please note that this situation occurs only if there are
 overlapping prefixes in the `matchImages` lists of different `ImageConfig`
 resources, which should be avoided.
 The default registry isn't taken into account for `ImageConfig` matching. That
 is, an `ImageConfig` matching the prefix `xpkg.crossplane.io/crossplane-contrib`
 doesn't match the following provider, even if the default registry is
 `xpkg.crossplane.io`:
 ```yaml
 apiVersion: pkg.crossplane.io/v1
 kind: Provider
 metadata:
  name: provider-nop
 spec:
  package: crossplane-contrib/provider-nop:v0.4.0
 ```
 ## Configuring a pull secret
 You can use `ImageConfig` to inject a pull secret into the Crossplane package
@ -46,43 +75,6 @@ following command:
 kubectl -n crossplane-system create secret docker-registry acme-registry-credentials --docker-server=registry1.com --docker-username=<user> --docker-password=<password>
 ```
 ### Matching image references
 `spec.matchImages` is a list of image references that the `ImageConfig` applies
 to. Each item in the list specifies the type and configuration of the image
 reference to match. The only supported type is `Prefix`, which matches the
 prefix of the image reference. No wildcards are supported. The `type` defaults
 to `Prefix` and can be omitted.
 When there are multiple `ImageConfigs`  matching an image reference, the one
 with the longest matching prefix is selected. If there are multiple
 `ImageConfigs` with the same longest matching prefix, one of them is selected
 arbitrarily. Please note that this situation occurs only if there are
 overlapping prefixes in the `matchImages` lists of different `ImageConfig`
 resources, which should be avoided.
 ### Debugging
 When the package manager selects an `ImageConfig` for a package, it throws an
 event with the reason `ImageConfigSelection` and the name of the selected
 `ImageConfig` and injected pull secret. You can find these events both on the
 package and package revision resources.
 For example, the following event indicates that the `ImageConfig` named
 `acme-packages` was selected for the configuration named `acme-configuration-foo`:
 ```shell
 $ kubectl describe configuration acme-configuration-foo
 ...
 Events:
  Type     Reason                Age                From                                              Message
  ----     ------                ----               ----                                              -------
  Normal   ImageConfigSelection  45s                packages/configuration.pkg.crossplane.io          Selected pullSecret "acme-registry-credentials" from ImageConfig "acme-packages" for registry authentication
 ```
 If you can't find the expected event, ensure the prefix of the image reference
 matches the `matchImages` list of any `ImageConfig` resources in the cluster.
 ## Configuring signature verification
 {{<hint "important" >}}
@ -211,4 +203,129 @@ If you can't see this condition on the package revision resource, namely
 `ProviderRevision`, `ConfigurationRevision`, or `FunctionRevision`, ensure that
 the feature is enabled.
 ## Rewriting image paths
 You can use an `ImageConfig` to pull package images from an alternative location
 such as a private registry. `spec.rewriteImages` specifies how to rewrite the
 paths of matched images.
 Only prefix replacement is supported. The prefix specified in
 `spec.rewriteImage.prefix` replaces the matched prefix from `matchImages`. For
 example, the following `ImageConfig` replaces `xpkg.crossplane.io` with
 `registry1.com` for any image with the prefix `xpkg.crossplane.io`.
 ```yaml
 apiVersion: pkg.crossplane.io/v1beta1
 kind: ImageConfig
 metadata:
  name: private-registry-rewrite
 spec:
  matchImages:
    - prefix: xpkg.crossplane.io
  rewriteImage:
    prefix: registry1.com
 ```
 In this example, installing the provider package
 `xpkg.crossplane.io/crossplane-contrib/provider-nop:v0.4.0` will result in the
 package manager pulling the provider from
 `registry1.com/crossplane-contrib/provider-nop:v0.4.0`.
 Rewriting image paths via `ImageConfig` is useful when mirroring packages to a
 private registry, because it allows a package and all its dependencies to be
 pulled from the same registry. For example, the provider
 `xpkg.crossplane.io/crossplane-contrib/provider-aws-s3` has a dependency on
 `xpkg.crossplane.io/crossplane-contrib/provider-family-aws`. If you mirror the
 packages to your own registry at `registry1.com` and install them without an
 `ImageConfig`, the package manager still attempts to pull the dependency from
 `xpkg.crossplane.io`. With the preceding `ImageConfig`, the dependency is pulled
 from `registry1.com`.
 Rewriting an image path with `ImageConfig` doesn't change the `spec.package`
 field of the package resource. The rewritten path is recorded in the
 `status.resolvedPackage` field. The preceding example results in the following:
 ```shell
 kubectl describe provider crossplane-contrib-provider-family-aws
 ...
 Spec:
  ...
  Package:                        xpkg.crossplane.io/crossplane-contrib/provider-family-aws:v1.22.0
 Status:
  ...
  Resolved Package:        registry1.com/crossplane-contrib/provider-family-aws:v1.22.0
 ```
 ### Interaction with other operations
 {{<hint "tip" >}}
 Image rewriting is always done before other `ImageConfig` operations. If you
 wish to configure pull secrets or signature verification as well as rewriting,
 additional `ImageConfig` resources must match the rewritten image path.
 {{< /hint >}}
 For example, if you are mirroring packages from `xpkg.crossplane.io` to
 `registry1.com` and need to configure pull secrets for `registry1.com`, two
 `ImageConfig` resources are necessary:
 ```yaml
 # Rewrite xpkg.crossplane.io -> registry1.com
 ---
 apiVersion: pkg.crossplane.io/v1beta1
 kind: ImageConfig
 metadata:
  name: private-registry-rewrite
 spec:
  matchImages:
    - prefix: xpkg.crossplane.io
  rewriteImage:
    prefix: registry1.com
 # Configure pull secrets for registry1.com
 ---
 apiVersion: pkg.crossplane.io/v1beta1
 kind: ImageConfig
 metadata:
  name: private-registry-auth
 spec:
  matchImages:
    - type: Prefix
      prefix: registry1.com
  registry:
    authentication:
      pullSecretRef:
        name: private-registry-credentials
 ```
 ## Debugging
 When the package manager selects an `ImageConfig` for a package, it throws an
 event with the reason `ImageConfigSelection` and the name of the selected
 `ImageConfig` and injected pull secret. You can find these events both on the
 package and package revision resources. The package manager also updates the
 `appliedImageConfigRefs` field in the package status to show the purpose for
 which each `ImageConfig` was selected.
 For example, the following event and status show that the `ImageConfig` named
 `acme-packages` was used to provide a pull secret for the configuration named
 `acme-configuration-foo`:
 ```shell
 kubectl describe configuration acme-configuration-foo
 ...
 Status:
  Applied Image Config Refs:
    Name:    acme-packages
    Reason:  SetImagePullSecret
 ...
 Events:
  Type     Reason                Age                From                                              Message
  ----     ------                ----               ----                                              -------
  Normal   ImageConfigSelection  45s                packages/configuration.pkg.crossplane.io          Selected pullSecret "acme-registry-credentials" from ImageConfig "acme-packages" for registry authentication
 ```
 If you can't find the expected event and `appliedImageConfigRefs` entry, ensure
 the prefix of the image reference matches the `matchImages` list of any
 `ImageConfig` resources in the cluster.
 <!-- vale write-good.Passive = YES -->
--- a/content/master/concepts/managed-resources.md
+++ b/content/master/concepts/managed-resources.md
@ -15,9 +15,9 @@ external object inside the Provider an _external resource_.
 {{< /hint >}}
 Examples of managed resources include:
-* Amazon AWS EC2 [`Instance`](https://marketplace.upbound.io/providers/upbound/provider-aws/latest/resources/ec2.aws.upbound.io/Instance/v1beta1)
+* Amazon AWS EC2 `Instance` defined in [provider-upjet-aws](https://github.com/crossplane-contrib/provider-upjet-aws).
-* Google Cloud GKE [`Cluster`](https://marketplace.upbound.io/providers/upbound/provider-gcp/latest/resources/container.gcp.upbound.io/Cluster/v1beta1)
+* Google Cloud GKE `Cluster` defined in [provider-upjet-gcp](https://github.com/crossplane-contrib/provider-upjet-gcp).
-* Microsoft Azure PostgreSQL [`Database`](https://marketplace.upbound.io/providers/upbound/provider-azure/latest/resources/dbforpostgresql.azure.upbound.io/Database/v1beta1)
+* Microsoft Azure PostgreSQL `Database` defined in [provider-upjet-azure](https://github.com/crossplane-contrib/provider-upjet-azure).
 {{< hint "tip" >}}
@ -35,7 +35,7 @@ Provider also define the available settings of a managed resource.
 Each managed resource is a unique API endpoint with their own
 group, kind and version. 
-For example the [Upbound AWS Provider](https://marketplace.upbound.io/providers/upbound/provider-aws/latest/)
+For example the [AWS Provider](https://github.com/crossplane-contrib/provider-upjet-aws)
 defines the {{<hover label="gkv" line="2">}}Instance{{</hover>}} kind from the
 group {{<hover label="gkv" line="1">}}ec2.aws.upbound.io{{</hover>}}
@ -529,7 +529,7 @@ Crossplane stores these details in a Kubernetes Secret object specified by the
 `writeConnectionSecretToRef` values. 
 For example, when creating an AWS RDS database instance with the Crossplane 
-[community AWS provider](https://marketplace.upbound.io/providers/crossplane-contrib/provider-aws/v0.40.0) 
+[community AWS provider](https://github.com/crossplane-contrib/provider-aws) 
 generates an endpoint, password, port and username data. The Provider saves
 these variables in the Kubernetes secret 
 {{<hover label="secretname" line="9" >}}rds-secret{{</hover>}}, referenced by
--- a/content/master/concepts/packages.md
+++ b/content/master/concepts/packages.md
@ -34,8 +34,7 @@ the {{<hover line="6" label="install">}}spec.package{{</hover>}} value to the
 location of the configuration package.
 {{< hint "important" >}}
-Beginning with Crossplane version 1.15.0 Crossplane uses the Upbound Marketplace
+Beginning with Crossplane version 1.20.0 Crossplane uses the [crossplane-contrib](https://github.com/orgs/crossplane-contrib/packages) GitHub Container Registry at `xpkg.crossplane.io` by default for downloading and
 Crossplane package registry at `xpkg.upbound.io` by default for downloading and
 installing packages.
 Specify the full domain name with the `package` or change the default Crossplane
@ -43,15 +42,15 @@ registry with the `--registry` flag on the [Crossplane pod]({{<ref "./pods">}})
 {{< /hint >}}
 For example to install the
-[Upbound AWS reference platform](https://marketplace.upbound.io/configurations/upbound/platform-ref-aws/v0.6.0).
+[Getting Started Configuration](https://github.com/crossplane-contrib/configuration-quickstart),
 ```yaml {label="install"}
 apiVersion: pkg.crossplane.io/v1
 kind: Configuration
 metadata:
-  name: platform-ref-aws
+  name: configuration-quickstart
 spec:
-  package: xpkg.upbound.io/upbound/platform-ref-aws:v0.6.0
+  package: xpkg.crossplane.io/crossplane-contrib/configuration-quickstart:v0.1.0
 ```
 {{<hint "tip" >}}
@ -62,9 +61,9 @@ and repeatable installations.
 apiVersion: pkg.crossplane.io/v1
 kind: Configuration
 metadata:
-  name: platform-ref-aws
+  name: configuration-quickstart
 spec:
-  package: xpkg.upbound.io/upbound/platform-ref-aws@sha256:a30ad655c7699218d9234285d838d85582f015d02f7f061f8486b28248fd7db7
+  package: xpkg.crossplane.io/crossplane-contrib/configuration-quickstart@sha256:ef9795d146190637351a5c5848e0bab5e0c190fec7780f6c426fbffa0cb68358
 ```
 {{< /hint >}}
@ -80,14 +79,14 @@ Use the
 {{<hover label="helm" line="5" >}}--set configuration.packages{{</hover >}}
 argument with `helm install`.
-For example, to install the Upbound AWS reference platform,
+For example, to install the Getting Started configuration,
 ```shell {label="helm"}
 helm install crossplane \
 crossplane-stable/crossplane \
 --namespace crossplane-system \
 --create-namespace \
--set configuration.packages='{xpkg.upbound.io/upbound/platform-ref-aws:v0.6.0}'
+--set configuration.packages='{xpkg.crossplane.io/crossplane-contrib/configuration-quickstart:v0.1.0}'
 ```
 ### Install offline
@ -116,8 +115,8 @@ View the configuration revisions with
 ```shell {label="rev",copy-lines="1"}
 kubectl get configurationrevisions
 NAME                            HEALTHY   REVISION   IMAGE                                             STATE      DEP-FOUND   DEP-INSTALLED   AGE
-platform-ref-aws-1735d56cd88d   True      2          xpkg.upbound.io/upbound/platform-ref-aws:v0.5.0   Active     2           2               46s
+platform-ref-aws-1735d56cd88d   True      2          xpkg.crossplane.io/crossplane-contrib/platform-ref-aws:v0.5.0   Active     2           2               46s
-platform-ref-aws-3ac761211893   True      1          xpkg.upbound.io/upbound/platform-ref-aws:v0.4.1   Inactive                               5m13s
+platform-ref-aws-3ac761211893   True      1          xpkg.crossplane.io/crossplane-contrib/platform-ref-aws:v0.4.1   Inactive                               5m13s
 ```
 Only a single revision is active at a time. The active revision determines the
@ -275,6 +274,47 @@ spec:
 # Removed for brevity
 ```
 #### Automatically update dependency versions
 Crossplane can automatically upgrade a package's dependency version to the minimum
 valid version that satisfies all the constraints. It's an alpha feature that
 requires enabling with the `--enable-dependency-version-upgrades` flag.
 In some cases, dependency version downgrade is required for proceeding with
 installations. Suppose configuration A, which depends on package X with the
 constraint`>=v0.0.0`, is installed on the control plane. In this case, the package
 manager installs the latest version of package X, such as `v3.0.0`. Later, you decide
 to install configuration B, which depends on package X with the constraint `<=v2.0.0`.
 Since version `v2.0.0` satisfies both conditions, package X must be downgraded to
 allow the installation of configuration B which is disabled by default.
 Automatic dependency version downgrades is also an alpha feature that can be
 enabled with the `--enable-dependency-version-downgrades` flag. Downgrading a
 package can cause unexpected behavior, therefore, this option is disabled by
 default. After enabling this option, the package manager will automatically
 downgrade a package's dependency version to the maximum valid version that
 satisfies the constraints.
 {{<hint "note" >}}
 This configuration requires the `--enable-dependency-version-upgrades` flag.
 Please check the
 [configuration options]({{<ref "../software/install#customize-the-crossplane-helm-chart">}})
 and
 [feature flags]({{<ref "../software/install#feature-flags">}})
 are available in the
 [Crossplane Install]({{<ref "../software/install">}})
 section for more details.
 {{</hint >}}
 {{<hint "important" >}}
 Enabling automatic dependency downgrades may have unintended consequences, such as:
 1) CRDs missing in the downgraded version, possibly leaving orphaned MRs without
 controllers to reconcile them.
 2) Loss of data if downgraded CRD versions omit fields that were set before.
 3) Changes in the CRD storage version, which may prevent package version update.
 {{</hint >}}
 #### Ignore Crossplane version requirements
 A Configuration package may require a specific or minimum Crossplane version
@ -309,7 +349,7 @@ A working configuration reports `Installed` and `Healthy` as `True`.
 ```shell {label="verify",copy-lines="1"}
 kubectl get configuration
 NAME               INSTALLED   HEALTHY   PACKAGE                                           AGE
-platform-ref-aws   True        True      xpkg.upbound.io/upbound/platform-ref-aws:v0.6.0   54s
+platform-ref-aws   True        True      xpkg.crossplane.io/crossplane-contrib/configuration-quickstart:v0.1.0   54s
 ```
 ### Manage dependencies
@ -320,13 +360,13 @@ Functions, Providers or other Configurations.
 If Crossplane can't meet the dependencies of a Configuration the Configuration
 reports `HEALTHY` as `False`.
-For example, this installation of the Upbound AWS reference platform is
+For example, this installation of the Getting Started Configuration is
 `HEALTHY: False`.
 ```shell {copy-lines="1"}
 kubectl get configuration
 NAME               INSTALLED   HEALTHY   PACKAGE                                           AGE
-platform-ref-aws   True        False     xpkg.upbound.io/upbound/platform-ref-aws:v0.6.0   71s
+platform-ref-aws   True        False     xpkg.crossplane.io/crossplane-contrib/configuration-quickstart:v0.1.0   71s
 ```
 To see more information on why the Configuration isn't `HEALTHY` use
@ -340,7 +380,7 @@ Kind:         ConfigurationRevision
 # Removed for brevity
 Spec:
  Desired State:                  Active
-  Image:                          xpkg.upbound.io/upbound/platform-ref-aws:v0.6.0
+  Image:                          xpkg.crossplane.io/crossplane-contrib/configuration-quickstart:v0.1.0
  Revision:                       1
 Status:
  Conditions:
@ -426,7 +466,7 @@ spec:
  dependsOn:
    - apiVersion: pkg.crossplane.io/v1
      kind: Provider
-      package: xpkg.upbound.io/crossplane-contrib/provider-aws
+      package: xpkg.crossplane.io/crossplane-contrib/provider-aws
      version: ">=v0.36.0"
  crossplane:
    version: ">=v1.12.1-0"
--- a/content/master/concepts/pods.md
+++ b/content/master/concepts/pods.md
@ -350,7 +350,7 @@ the Helm `values.yml` file or after installation by editing the `Deployment`.
 The full list of 
 [configuration options]({{<ref "../software/install#customize-the-crossplane-helm-chart">}}) 
 and 
-[feature flags]({{<ref "../software/install#customize-the-crossplane-helm-chart">}}) 
+[feature flags]({{<ref "../software/install#feature-flags">}})
 are available in the 
 [Crossplane Install]({{<ref "../software/install">}}) 
 section. 
--- a/content/master/concepts/providers.md
+++ b/content/master/concepts/providers.md
@ -21,10 +21,6 @@ Examples of providers include:
 * [Provider GCP](https://github.com/upbound/provider-gcp)
 * [Provider Kubernetes](https://github.com/crossplane-contrib/provider-kubernetes)
 {{< hint "tip" >}}
 Find more providers in Crossplane's [public package registries](https://www.crossplane.io/registries).
 {{< /hint >}}
 <!-- vale write-good.Passive = NO -->
 <!-- "are Managed" isn't passive in this context -->
 Providers define every external resource they can create in Kubernetes as a
@ -48,8 +44,7 @@ Install a Provider with a Crossplane
 location of the provider package.
 {{< hint "important" >}}
-Beginning with Crossplane version 1.15.0 Crossplane uses the Upbound Marketplace
+Beginning with Crossplane version 1.20.0 Crossplane uses the [crossplane-contrib](https://github.com/orgs/crossplane-contrib/packages) GitHub Container Registry at `xpkg.crossplane.io` by default for downloading and
 Crossplane package registry at `xpkg.upbound.io` by default for downloading and
 installing packages.
 Specify the full domain name with the `package` or change the default Crossplane
@ -65,7 +60,7 @@ kind: Provider
 metadata:
  name: provider-aws
 spec:
-  package: xpkg.upbound.io/crossplane-contrib/provider-aws:v0.39.0
+  package: xpkg.crossplane.io/crossplane-contrib/provider-aws:v0.39.0
 ```
 By default, the Provider pod installs in the same namespace as Crossplane
@ -113,7 +108,7 @@ helm install crossplane \
 crossplane-stable/crossplane \
 --namespace crossplane-system \
 --create-namespace \
--set provider.packages='{xpkg.upbound.io/crossplane-contrib/provider-aws:v0.39.0}'
+--set provider.packages='{xpkg.crossplane.io/crossplane-contrib/provider-aws:v0.39.0}'
 ```
 ### Install offline
@ -140,7 +135,7 @@ kind: Provider
 metadata:
  name: provider-aws
 spec:
-  package: xpkg.upbound.io/crossplane-contrib/provider-aws@sha256:ee6bece46dbb54cc3f0233961f5baac317fa4e4a81b41198bdc72fc472d113d0
+  package: xpkg.crossplane.io/crossplane-contrib/provider-aws@sha256:ee6bece46dbb54cc3f0233961f5baac317fa4e4a81b41198bdc72fc472d113d0
 ```
 {{< /hint >}}
@ -302,6 +297,47 @@ spec:
 # Removed for brevity
 ```
 #### Automatically update dependency versions
 Crossplane can automatically upgrade a package's dependency version to the minimum
 valid version that satisfies all the constraints. It's an alpha feature that
 requires enabling with the `--enable-dependency-version-upgrades` flag.
 In some cases, dependency version downgrade is required for proceeding with
 installations. Suppose configuration A, which depends on package X with the
 constraint`>=v0.0.0`, is installed on the control plane. In this case, the package
 manager installs the latest version of package X, such as `v3.0.0`. Later, you decide
 to install configuration B, which depends on package X with the constraint `<=v2.0.0`.
 Since version `v2.0.0` satisfies both conditions, package X must be downgraded to
 allow the installation of configuration B which is disabled by default.
 Automatic dependency version downgrades is also an alpha feature that can be
 enabled with the `--enable-dependency-version-downgrades` flag. Downgrading a
 package can cause unexpected behavior, therefore, this option is disabled by
 default. After enabling this option, the package manager will automatically
 downgrade a package's dependency version to the maximum valid version that
 satisfies the constraints.
 {{<hint "note" >}}
 This configuration requires the `--enable-dependency-version-upgrades` flag.
 Please check the
 [configuration options]({{<ref "../software/install#customize-the-crossplane-helm-chart">}})
 and
 [feature flags]({{<ref "../software/install#feature-flags">}})
 are available in the
 [Crossplane Install]({{<ref "../software/install">}})
 section for more details.
 {{</hint >}}
 {{<hint "important" >}}
 Enabling automatic dependency downgrades may have unintended consequences, such as:
 1) CRDs missing in the downgraded version, possibly leaving orphaned MRs without
 controllers to reconcile them.
 2) Loss of data if downgraded CRD versions omit fields that were set before.
 3) Changes in the CRD storage version, which may prevent package version update.
 {{</hint >}}
 #### Ignore Crossplane version requirements
 A Provider package may require a specific or minimum Crossplane version before
@ -333,13 +369,13 @@ Configurations or other Providers.
 If Crossplane can't meet the dependencies of a Provider package the Provider
 reports `HEALTHY` as `False`.
-For example, this installation of the Upbound AWS reference platform is
+For example, this installation of the Getting Started Configuration is
 `HEALTHY: False`.
 ```shell {copy-lines="1"}
 kubectl get providers
 NAME              INSTALLED   HEALTHY   PACKAGE                                           AGE
-provider-aws-s3   True        False     xpkg.upbound.io/upbound/provider-aws-s3:v1.0.0   12s
+provider-aws-s3   True        False     xpkg.crossplane.io/crossplane-contrib/provider-aws-s3:v1.21.1   12s
 ```
 To see more information on why the Provider isn't `HEALTHY` use
@ -352,7 +388,7 @@ API Version:  pkg.crossplane.io/v1
 Kind:         ProviderRevision
 Spec:
  Desired State:                  Active
-  Image:                          xpkg.upbound.io/upbound/provider-aws-s3:v1.0.0
+  Image:                          xpkg.crossplane.io/crossplane-contrib/provider-aws-s3:v1.21.1
  Revision:                       1
 Status:
  Conditions:
@ -390,10 +426,10 @@ View the `ProviderRevisions` with
 ```shell {label="getPR",copy-lines="1"}
 kubectl get providerrevisions
 NAME                                       HEALTHY   REVISION   IMAGE                                                    STATE      DEP-FOUND   DEP-INSTALLED   AGE
-provider-aws-s3-dbc7f981d81f               True      1          xpkg.upbound.io/upbound/provider-aws-s3:v1.0.0           Active     1           1               10d
+provider-aws-s3-dbc7f981d81f               True      1          xpkg.crossplane.io/crossplane-contrib/provider-aws-s3:v1.21.1           Active     1           1               10d
-provider-nop-552a394a8acc                  True      2          xpkg.upbound.io/crossplane-contrib/provider-nop:v0.3.0   Active                                 11d
+provider-nop-552a394a8acc                  True      2          xpkg.crossplane.io/crossplane-contrib/provider-nop:v0.3.0   Active                                 11d
-provider-nop-7e62d2a1a709                  True      1          xpkg.upbound.io/crossplane-contrib/provider-nop:v0.2.0   Inactive                               13d
+provider-nop-7e62d2a1a709                  True      1          xpkg.crossplane.io/crossplane-contrib/provider-nop:v0.2.0   Inactive                               13d
-upbound-provider-family-aws-710d8cfe9f53   True      1          xpkg.upbound.io/upbound/provider-family-aws:v1.0.0       Active                                 10d
+crossplane-contrib-provider-family-aws-710d8cfe9f53   True      1          xpkg.crossplane.io/crossplane-contrib/provider-family-aws:v1.21.1        Active                                 10d
 ```
 By default Crossplane keeps a single
@ -436,7 +472,7 @@ During the install a Provider report `INSTALLED` as `True` and `HEALTHY` as
 ```shell {copy-lines="1"}
 kubectl get providers
 NAME                              INSTALLED   HEALTHY   PACKAGE                                                   AGE
-crossplane-contrib-provider-aws   True        Unknown   xpkg.upbound.io/crossplane-contrib/provider-aws:v0.39.0   63s
+crossplane-contrib-provider-aws   True        Unknown   xpkg.crossplane.io/crossplane-contrib/provider-aws:v0.39.0   63s
 ```
 After the Provider install completes and it's ready for use the `HEALTHY` status
@ -445,7 +481,7 @@ reports `True`.
 ```shell {copy-lines="1"}
 kubectl get providers
 NAME                              INSTALLED   HEALTHY   PACKAGE                                                   AGE
-crossplane-contrib-provider-aws   True        True      xpkg.upbound.io/crossplane-contrib/provider-aws:v0.39.0   88s
+crossplane-contrib-provider-aws   True        True      xpkg.crossplane.io/crossplane-contrib/provider-aws:v0.39.0   88s
 ```
 {{<hint "important" >}}
@ -653,7 +689,7 @@ kind: Provider
 metadata:
  name: provider-gcp-iam
 spec:
-  package: xpkg.upbound.io/upbound/provider-gcp-iam:v1
+  package: xpkg.crossplane.io/crossplane-contrib/provider-gcp-iam:v1.12.1
  runtimeConfigRef:
    name: enable-ess
 ---
--- a/content/master/getting-started/install-crossplane-include.md
+++ b/content/master/getting-started/install-crossplane-include.md
@ -71,7 +71,7 @@ function:
 hostNetwork: false
 image:
  pullPolicy: IfNotPresent
-  repository: xpkg.upbound.io/crossplane/crossplane
+  repository: xpkg.crossplane.io/crossplane/crossplane
  tag: ""
 imagePullSecrets: {}
 leaderElection: true
@ -840,7 +840,7 @@ spec:
      serviceAccountName: crossplane
      hostNetwork: false
      initContainers:
-        - image: "xpkg.upbound.io/crossplane/crossplane:v1.15.0"
+        - image: "xpkg.crossplane.io/crossplane/crossplane:v1.15.0"
          args:
          - core
          - init
@ -894,7 +894,7 @@ spec:
          - name: "TLS_CLIENT_SECRET_NAME"
            value: crossplane-tls-client
      containers:
-      - image: "xpkg.upbound.io/crossplane/crossplane:v1.15.0"
+      - image: "xpkg.crossplane.io/crossplane/crossplane:v1.15.0"
        args:
        - core
        - start
@ -1011,7 +1011,7 @@ spec:
    spec:
      serviceAccountName: rbac-manager
      initContainers:
-      - image: "xpkg.upbound.io/crossplane/crossplane:v1.15.0"
+      - image: "xpkg.crossplane.io/crossplane/crossplane:v1.15.0"
        args:
        - rbac
        - init
@ -1041,7 +1041,7 @@ spec:
                containerName: crossplane-init
                resource: limits.memory
      containers:
-      - image: "xpkg.upbound.io/crossplane/crossplane:v1.15.0"
+      - image: "xpkg.crossplane.io/crossplane/crossplane:v1.15.0"
        args:
        - rbac
        - start
--- a/content/master/getting-started/introduction.md
+++ b/content/master/getting-started/introduction.md
@ -86,9 +86,9 @@ The following sections describe the functions of some of these CRDs.
 A Crossplane _Provider_ creates a second set of CRDs that define how Crossplane
 connects to a non-Kubernetes service. Each external service relies on its own
 Provider. For example, 
-[AWS](https://marketplace.upbound.io/providers/upbound/provider-aws), 
+[AWS](https://github.com/crossplane-contrib/provider-upjet-aws), 
-[Azure](https://marketplace.upbound.io/providers/upbound/provider-azure) 
+[Azure](https://github.com/crossplane-contrib/provider-upjet-azure) 
-and [GCP](https://marketplace.upbound.io/providers/upbound/provider-gcp)
+and [GCP](https://github.com/crossplane-contrib/provider-upjet-gcp)
 are different providers for each cloud service.
 {{< hint "tip" >}}
@ -100,19 +100,16 @@ For example, an AWS Provider defines Kubernetes CRDs for AWS resources like EC2
 compute instances or S3 storage buckets.
 The Provider defines the Kubernetes API definition for the external resource.
-For example, the 
+For example,  
-[Upbound Provider AWS](https://marketplace.upbound.io/providers/upbound/provider-aws/)
+[provider-upjet-aws](https://github.com/crossplane-contrib/provider-upjet-aws)
 defines a 
-[`bucket`](https://marketplace.upbound.io/providers/upbound/provider-aws/v0.25.0/resources/s3.aws.upbound.io/Bucket/v1beta1) 
+[`bucket`](https://github.com/crossplane-contrib/provider-upjet-aws/blob/release-1.20/package/crds/s3.aws.upbound.io_buckets.yaml) 
 resource for creating and managing AWS S3 storage buckets. 
 In the `bucket` CRD is a
-[`spec.forProvider.region`](https://marketplace.upbound.io/providers/upbound/provider-aws/v0.25.0/resources/s3.aws.upbound.io/Bucket/v1beta1#doc:spec-forProvider-region)
+[`spec.forProvider.region`](https://github.com/crossplane-contrib/provider-upjet-aws/blob/release-1.20/package/crds/s3.aws.upbound.io_buckets.yaml#L91)
 value that defines which AWS region to deploy the bucket in.
 Crossplane's [public package registries](https://www.crossplane.io/registries) contain a large 
 collection of Crossplane Providers.
 More providers are available in the [Crossplane Contrib repository](https://github.com/crossplane-contrib/).
 Providers are cluster scoped and available to all cluster namespaces.
--- a/content/master/getting-started/provider-aws-part-2.md
+++ b/content/master/getting-started/provider-aws-part-2.md
@ -44,7 +44,7 @@ kind: Provider
 metadata:
  name: provider-aws-s3
 spec:
-  package: xpkg.upbound.io/upbound/provider-aws-s3:v1
+  package: xpkg.crossplane.io/crossplane-contrib/provider-aws-s3:v1.21.1
 EOF
 ```
@ -96,7 +96,7 @@ kind: Provider
 metadata:
  name: provider-aws-dynamodb
 spec:
-  package: xpkg.upbound.io/upbound/provider-aws-dynamodb:v1
+  package: xpkg.crossplane.io/crossplane-contrib/provider-aws-dynamodb:v1.21.1
 EOF
 ```
@ -106,9 +106,9 @@ View the new DynamoDB provider with `kubectl get providers`.
 ```shell {copy-lines="1"}
 kubectl get providers
 NAME                                     INSTALLED   HEALTHY   PACKAGE                                                               AGE
-provider-aws-dynamodb         True        True      xpkg.upbound.io/upbound/provider-aws-dynamodb:v1.0.0     3m55s
+crossplane-contrib-provider-family-aws   True        True      xpkg.crossplane.io/crossplane-contrib/provider-family-aws:v1.21.1     15m
-provider-aws-s3               True        True      xpkg.upbound.io/upbound/provider-aws-s3:v1.0.0           13m
+provider-aws-dynamodb                    True        True      xpkg.crossplane.io/crossplane-contrib/provider-aws-dynamodb:v1.21.1   22s
-upbound-provider-family-aws   True        True      xpkg.upbound.io/upbound/provider-family-aws:v1.0.0       13m
+provider-aws-s3                          True        True      xpkg.crossplane.io/crossplane-contrib/provider-aws-s3:v1.21.1         15m
 ```
 ## Create a custom API
@ -358,8 +358,6 @@ spec:
          base:
            apiVersion: s3.aws.upbound.io/v1beta1
            kind: Bucket
            metadata:
              name: crossplane-quickstart-bucket
            spec:
              forProvider:
                region: us-east-2
@ -378,8 +376,6 @@ spec:
          base:
            apiVersion: dynamodb.aws.upbound.io/v1beta1
            kind: Table
            metadata:
              name: crossplane-quickstart-database
            spec:
              forProvider:
                region: "us-east-2"
@ -421,7 +417,7 @@ kind: Function
 metadata:
  name: function-patch-and-transform
 spec:
-  package: xpkg.upbound.io/crossplane-contrib/function-patch-and-transform:v0.1.4
+  package: xpkg.crossplane.io/crossplane-contrib/function-patch-and-transform:v0.8.2
 EOF
 ```
@ -596,7 +592,7 @@ No resources found
 ## Next steps
 * Explore AWS resources that Crossplane can configure in the
-  [Provider CRD reference](https://marketplace.upbound.io/providers/upbound/provider-family-aws/).
+  [provider CRD reference](https://github.com/crossplane-contrib/provider-upjet-aws/blob/main/package/crds).
 * Join the [Crossplane Slack](https://slack.crossplane.io/) and connect with
  Crossplane users and contributors.
 * Read more about the [Crossplane concepts]({{<ref "../concepts">}}) to find out what else you can do
--- a/content/master/getting-started/provider-aws.md
+++ b/content/master/getting-started/provider-aws.md
@ -4,8 +4,8 @@ weight: 100
 ---
 Connect Crossplane to AWS to create and manage cloud resources from Kubernetes 
-with the 
+with  
-[Upbound AWS Provider](https://marketplace.upbound.io/providers/upbound/provider-family-aws).
+[provider-upjet-aws](https://github.com/crossplane-contrib/provider-upjet-aws).
 This guide is in two parts:
 * Part 1 walks through installing Crossplane, configuring the provider to
@ -37,7 +37,7 @@ kind: Provider
 metadata:
  name: provider-aws-s3
 spec:
-  package: xpkg.upbound.io/upbound/provider-aws-s3:v1
+  package: xpkg.crossplane.io/crossplane-contrib/provider-aws-s3:v1.21.1
 EOF
 ```
@ -52,12 +52,12 @@ Verify the provider installed with `kubectl get providers`.
 ```shell {copy-lines="1",label="getProvider"}
 kubectl get providers
 NAME                                     INSTALLED   HEALTHY   PACKAGE                                                             AGE
-provider-aws-s3               True        True      xpkg.upbound.io/upbound/provider-aws-s3:1.0.0         97s
+crossplane-contrib-provider-family-aws   True        True      xpkg.crossplane.io/crossplane-contrib/provider-family-aws:v1.21.1   30s
-upbound-provider-family-aws   True        True      xpkg.upbound.io/upbound/provider-family-aws:1.0.0     88s
+provider-aws-s3                          True        True      xpkg.crossplane.io/crossplane-contrib/provider-aws-s3:v1.21.1       34s
 ```
 The S3 Provider installs a second Provider, the
-{{<hover label="getProvider" line="4">}}upbound-provider-family-aws{{</hover >}}.   
+{{<hover label="getProvider" line="4">}}crossplane-contrib-provider-family-aws{{</hover >}}.   
 The family provider manages authentication to AWS across all AWS family
 Providers. 
@ -67,7 +67,7 @@ Every CRD maps to a unique AWS service Crossplane can provision and manage.
 {{< hint type="tip" >}}
 See details about all the supported CRDs in the 
-[Upbound Marketplace](https://marketplace.upbound.io/providers/upbound/provider-aws-s3/v1.1.0).
+[provider examples](https://github.com/crossplane-contrib/provider-upjet-aws/tree/main/examples).
 {{< /hint >}}
 ## Create a Kubernetes secret for AWS
@ -197,16 +197,16 @@ spec:
 EOF
 ```
-The {{< hover label="xr" line="3">}}apiVersion{{< /hover >}} and 
+The {{< hover label="xr" line="2">}}apiVersion{{< /hover >}} and 
-{{< hover label="xr" line="4">}}kind{{</hover >}} are from the provider's CRDs.
+{{< hover label="xr" line="3">}}kind{{</hover >}} are from the provider's CRDs.
-The {{< hover label="xr" line="6">}}metadata.name{{< /hover >}} value is the 
+The {{< hover label="xr" line="5">}}metadata.generateName{{< /hover >}} value is the 
 name of the created S3 bucket in AWS.  
 This example uses the generated name `crossplane-bucket-<hash>` in the 
-{{< hover label="xr" line="6">}}$bucket{{</hover >}} variable.
+{{< hover label="xr" line="5">}}$bucket{{</hover >}} variable.
-The {{< hover label="xr" line="9">}}spec.forProvider.region{{< /hover >}} tells 
+The {{< hover label="xr" line="8">}}spec.forProvider.region{{< /hover >}} tells 
 AWS which AWS region to use when deploying resources.  
 The region can be any 
@ -239,6 +239,6 @@ bucket.s3.aws.upbound.io "crossplane-bucket-hhdzh" deleted
 * [**Continue to part 2**]({{< ref "provider-aws-part-2">}}) to create and use a 
  custom API with Crossplane.
 * Explore AWS resources that Crossplane can configure in the 
-  [Provider CRD reference](https://marketplace.upbound.io/providers/upbound/provider-family-aws/).
+  [provider CRD reference](https://github.com/crossplane-contrib/provider-upjet-aws/blob/main/package/crds).
 * Join the [Crossplane Slack](https://slack.crossplane.io/) and connect with 
  Crossplane users and contributors.
--- a/content/master/getting-started/provider-azure-part-2.md
+++ b/content/master/getting-started/provider-azure-part-2.md
@ -45,7 +45,7 @@ kind: Provider
 metadata:
  name: provider-azure-network
 spec:
-  package: xpkg.upbound.io/upbound/provider-azure-network:v1
+  package: xpkg.crossplane.io/crossplane-contrib/provider-azure-network:v1.11.2
 EOF
 ```
@ -460,7 +460,7 @@ kind: Function
 metadata:
  name: function-patch-and-transform
 spec:
-  package: xpkg.upbound.io/crossplane-contrib/function-patch-and-transform:v0.1.4
+  package: xpkg.crossplane.io/crossplane-contrib/function-patch-and-transform:v0.8.2
 EOF
 ```
@ -496,7 +496,7 @@ kind: Provider
 metadata:
  name: provider-azure-compute
 spec:
-  package: xpkg.upbound.io/upbound/provider-azure-compute:v1
+  package: xpkg.crossplane.io/crossplane-contrib/provider-azure-compute:v1.11.2
 EOF
 ```
@ -506,9 +506,9 @@ View the new Compute provider with `kubectl get providers`.
 ```shell {copy-lines="1"}
 kubectl get providers
 NAME                                       INSTALLED   HEALTHY   PACKAGE                                                                AGE
-provider-azure-compute          True        True      xpkg.upbound.io/upbound/provider-azure-compute:v1.0.0    25s
+crossplane-contrib-provider-family-azure   True        True      xpkg.crossplane.io/crossplane-contrib/provider-family-azure:v1.11.2    23m
-provider-azure-network          True        True      xpkg.upbound.io/upbound/provider-azure-network:v1.0.0    3h
+provider-azure-compute                     True        True      xpkg.crossplane.io/crossplane-contrib/provider-azure-compute:v1.11.2   2m54s
-upbound-provider-family-azure   True        True      xpkg.upbound.io/upbound/provider-family-azure:v1.0.0     3h
+provider-azure-network                     True        True      xpkg.crossplane.io/crossplane-contrib/provider-azure-network:v1.11.2   23m
 ```
 ## Access the custom API
@ -694,7 +694,7 @@ No resources found
 ## Next steps
 * Explore Azure resources that Crossplane can configure in the
-  [Provider CRD reference](https://marketplace.upbound.io/providers/upbound/provider-family-azure/).
+  [Provider CRD reference](https://github.com/crossplane-contrib/provider-upjet-azure/tree/main/package/crds).
 * Join the [Crossplane Slack](https://slack.crossplane.io/) and connect with
  Crossplane users and contributors.
 * Read more about the [Crossplane concepts]({{<ref "../concepts">}}) to find out
--- a/content/master/getting-started/provider-azure.md
+++ b/content/master/getting-started/provider-azure.md
@ -4,8 +4,8 @@ weight: 110
 ---
 Connect Crossplane to Azure to create and manage cloud resources from Kubernetes 
-with the 
+with  
-[Upbound Azure Provider](https://marketplace.upbound.io/providers/upbound/provider-family-azure/).
+[provider-upjet-azure](https://github.com/crossplane-contrib/provider-upjet-azure).
 This guide is in two parts:
 * Part 1 walks through installing Crossplane, configuring the provider to
@ -39,7 +39,7 @@ kind: Provider
 metadata:
  name: provider-azure-network
 spec:
-  package: xpkg.upbound.io/upbound/provider-azure-network:v1
+  package: xpkg.crossplane.io/crossplane-contrib/provider-azure-network:v1.11.2
 EOF
 ```
@ -54,12 +54,12 @@ Verify the provider installed with `kubectl get providers`.
 ```shell {copy-lines="1",label="getProvider"}
 kubectl get providers
 NAME                                       INSTALLED   HEALTHY   PACKAGE                                                                AGE
-provider-azure-network          True        True      xpkg.upbound.io/upbound/provider-azure-network:v1.0.0   38s
+crossplane-contrib-provider-family-azure   True        True      xpkg.crossplane.io/crossplane-contrib/provider-family-azure:v1.11.2    2m18s
-upbound-provider-family-azure   True        True      xpkg.upbound.io/upbound/provider-family-azure:v1.0.0    26s
+provider-azure-network                     True        True      xpkg.crossplane.io/crossplane-contrib/provider-azure-network:v1.11.2   2m23s
 ```
 The Network Provider installs a second Provider, the
-{{<hover label="getProvider" line="4">}}upbound-provider-family-azure{{</hover>}} 
+{{<hover label="getProvider" line="4">}}crossplane-contrib-provider-family-azure{{</hover>}} 
 provider.   
 The family provider manages authentication to Azure across all Azure family
 Providers. 
@ -69,7 +69,7 @@ Every CRD maps to a unique Azure service Crossplane can provision and manage.
 {{< hint type="tip" >}}
 See details about all the supported CRDs in the 
-[Upbound Marketplace](https://marketplace.upbound.io/providers/upbound/provider-family-azure/v0.42.1).
+[provider examples](https://github.com/crossplane-contrib/provider-upjet-azure/tree/main/examples).
 {{< /hint >}}
@ -234,6 +234,6 @@ virtualnetwork.network.azure.upbound.io "crossplane-quickstart-network" deleted
 * [**Continue to part 2**]({{< ref "provider-azure-part-2">}}) to create and use
  a custom API with Crossplane.
 * Explore Azure resources that Crossplane can configure in the 
-  [Provider CRD reference](https://marketplace.upbound.io/providers/upbound/provider-family-azure/).
+  [Provider CRD reference](https://github.com/crossplane-contrib/provider-upjet-azure/tree/main/package/crds).
 * Join the [Crossplane Slack](https://slack.crossplane.io/) and connect with 
  Crossplane users and contributors.
--- a/content/master/getting-started/provider-gcp-part-2.md
+++ b/content/master/getting-started/provider-gcp-part-2.md
@ -47,7 +47,7 @@ kind: Provider
 metadata:
  name: provider-gcp-storage
 spec:
-  package: xpkg.upbound.io/upbound/provider-gcp-storage:v1
+  package: xpkg.crossplane.io/crossplane-contrib/provider-gcp-storage:v1.12.1
 EOF
 ```
@ -114,7 +114,7 @@ kind: Provider
 metadata:
  name: provider-gcp-pubsub
 spec:
-  package: xpkg.upbound.io/upbound/provider-gcp-pubsub:v1
+  package: xpkg.crossplane.io/crossplane-contrib/provider-gcp-pubsub:v1.12.1
 EOF
 ```
@ -123,9 +123,9 @@ View the new PubSub provider with `kubectl get providers`.
 ```shell {copy-lines="1"}
 kubectl get providers
 NAME                                     INSTALLED   HEALTHY   PACKAGE                                                              AGE
-provider-gcp-pubsub           True        True      xpkg.upbound.io/upbound/provider-gcp-pubsub:v1.0.0     39s
+crossplane-contrib-provider-family-gcp   True        True      xpkg.crossplane.io/crossplane-contrib/provider-family-gcp:v1.12.1    48m
-provider-gcp-storage          True        True      xpkg.upbound.io/upbound/provider-gcp-storage:v1.0.0    13m
+provider-gcp-pubsub                      True        True      xpkg.crossplane.io/crossplane-contrib/provider-gcp-pubsub:v1.12.1    14s
-upbound-provider-family-gcp   True        True      xpkg.upbound.io/upbound/provider-family-gcp:v1.0.0     12m
+provider-gcp-storage                     True        True      xpkg.crossplane.io/crossplane-contrib/provider-gcp-storage:v1.12.1   48m
 ```
@ -428,7 +428,7 @@ kind: Function
 metadata:
  name: function-patch-and-transform
 spec:
-  package: xpkg.upbound.io/crossplane-contrib/function-patch-and-transform:v0.1.4
+  package: xpkg.crossplane.io/crossplane-contrib/function-patch-and-transform:v0.8.2
 EOF
 ```
@ -601,7 +601,7 @@ No resources found
 ## Next steps
 * Explore AWS resources that Crossplane can configure in the
-  [Provider CRD reference](https://marketplace.upbound.io/providers/upbound/provider-family-aws/).
+  [provider CRD reference](https://github.com/crossplane-contrib/provider-upjet-aws/blob/main/package/crds).
 * Join the [Crossplane Slack](https://slack.crossplane.io/) and connect with
  Crossplane users and contributors.
 * Read more about the [Crossplane concepts]({{<ref "../concepts">}}) to find out what else you can do
--- a/content/master/getting-started/provider-gcp.md
+++ b/content/master/getting-started/provider-gcp.md
@ -4,8 +4,8 @@ weight: 140
 ---
 Connect Crossplane to GCP to create and manage cloud resources from Kubernetes 
-with the 
+with  
-[Upbound GCP Provider](https://marketplace.upbound.io/providers/upbound/provider-family-gcp/).
+[provider-upjet-gcp](https://github.com/crossplane-contrib/provider-upjet-gcp).
 This guide is in two parts:
 * Part 1 walks through installing Crossplane, configuring the provider to
@ -36,7 +36,7 @@ kind: Provider
 metadata:
  name: provider-gcp-storage
 spec:
-  package: xpkg.upbound.io/upbound/provider-gcp-storage:v1
+  package: xpkg.crossplane.io/crossplane-contrib/provider-gcp-storage:v1.12.1
 EOF
 ```
@ -51,12 +51,12 @@ Verify the provider installed with `kubectl get providers`.
 ```shell {copy-lines="1",label="getProvider"}
 kubectl get providers
 NAME                                     INSTALLED   HEALTHY   PACKAGE                                                              AGE
-provider-gcp-storage          True        True      xpkg.upbound.io/upbound/provider-gcp-storage:v1.0.0   36s
+crossplane-contrib-provider-family-gcp   True        True      xpkg.crossplane.io/crossplane-contrib/provider-family-gcp:v1.12.1    33s
-upbound-provider-family-gcp   True        True      xpkg.upbound.io/upbound/provider-family-gcp:v1.0.0    29s
+provider-gcp-storage                     True        True      xpkg.crossplane.io/crossplane-contrib/provider-gcp-storage:v1.12.1   37s
 ```
 The Storage Provider installs a second Provider, the
-{{<hover label="getProvider" line="4">}}upbound-provider-family-gcp{{</hover>}} 
+{{<hover label="getProvider" line="4">}}crossplane-contrib-provider-family-gcp{{</hover>}} 
 provider.   
 The family provider manages authentication to GCP across all GCP family
 Providers. 
@ -66,7 +66,7 @@ Every CRD maps to a unique GCP service Crossplane can provision and manage.
 {{< hint "tip" >}}
 See details about all the supported CRDs in the 
-[Upbound Marketplace](https://marketplace.upbound.io/providers/upbound/provider-family-gcp/).
+[provider examples](https://github.com/crossplane-contrib/provider-upjet-gcp/tree/main/examples).
 {{< /hint >}}
@ -246,6 +246,6 @@ bucket.storage.gcp.upbound.io "crossplane-bucket-8b7gw" deleted
 * [**Continue to part 2**]({{< ref "provider-gcp-part-2">}}) to create a 
 Crossplane _Composite Resource_ and _Claim_.
 * Explore GCP resources that can Crossplane can configure in the 
-[Provider CRD reference](https://marketplace.upbound.io/providers/upbound/provider-family-gcp/).
+[Provider CRD reference](https://github.com/crossplane-contrib/provider-upjet-gcp/tree/main/package/crds).
 * Join the [Crossplane Slack](https://slack.crossplane.io/) and connect with 
 Crossplane users and contributors.
--- a/content/master/guides/change-logs.md
+++ b/content/master/guides/change-logs.md
@ -0,0 +1,271 @@
 ---
 title: Change Logs
 weight: 210
 description: "Change logs help you audit all changes made to your resources"
 state: alpha
 alphaVersion: "1.17"
 ---
 The "change logs" feature is designed to help users of Crossplane Providers to
 understand what changes a provider is making to the resources it's managing.
 Whenever a provider creates, updates, or deletes a managed resource, an entry
 explaining the details of the change is recorded in the provider's change log.
 Change logs are important for awareness of the changes that a provider is
 making to its managed resources. Due to the nature of Crossplane's active
 reconciliation, it's possible for a provider to make changes to managed
 resources without any user interaction. Consider the scenario when someone
 updates a resource outside of Crossplane, for example via the AWS console or
 `gcloud` CLI. When Crossplane detects this configuration drift it will
 enforce its source of truth to eventually correct this unexpected change
 without any user interaction.
 With Crossplane acting continuously and autonomously to update critical
 infrastructure, it's vital for users to have insight into the operations being
 performed, so they can build and maintain a strong sense of confidence and trust
 in their control planes. Change logs provide details about all changes the
 provider makes, so users can remain aware of any changes, even when they aren't
 explicitly expecting any.
 {{<hint "tip">}} Change logs help you understand all the changes a provider is
 making to your resources, even when changes weren't explicitly requested, for
 example as a result of Crossplane's automatic correction of configuration drift.
 {{</hint>}}
 ## Enabling Change Logs
 {{<hint "important" >}} Change logs are an alpha feature and must be explicitly
 enabled for each provider through the use of a `DeploymentRuntimeConfig`.
 {{</hint >}}
 To enable change logs for a provider, use a `DeploymentRuntimeConfig` to
 configure each provider pod that should start producing change logs. The
 `DeploymentRuntimeConfig` has a few important configuration details:
 1. A command line argument to the provider container that enables the change
   logs feature, for example `--enable-changelogs`.
 1. A [side car container](https://github.com/crossplane/changelogs-sidecar) that
   collects change events and produces change log entries to the provider's pod
   logs.
 1. A shared volume mounted to both the provider and sidecar containers that
   enables communication of change events between the two containers.
 ### Prerequisites
 This guide assumes you have a control plane with [Crossplane installed]({{<ref "../software/install">}}).
 It also assumes you have the [`jq` tool installed](https://jqlang.org/download/),
 to perform lightweight querying and filtering of the content in the change logs.
 The only other prerequisite for enabling change logs is that the provider must
 have added support for the change logs feature. This is optional and not all
 providers in the Crossplane ecosystem have added this support yet.
 {{<hint "tip">}} Not all providers support the change logs feature. Check with
 your provider of choice to confirm it has added support for change logs.
 {{</hint>}}
 This guide walks through a full example of generating change logs with
 [`provider-kubernetes`](https://github.com/crossplane-contrib/provider-kubernetes).
 ### Create a `DeploymentRuntimeConfig`
 Create a `DeploymentRuntimeConfig` that will enable change logs for
 the provider when it's installed by performing the necessary configuration
 steps:
 1. The {{<hover label="drc" line="15">}}--enable-changelogs{{</hover>}} flag is
   set on the provider.
 1. The {{<hover label="drc" line="19">}}sidecar container{{</hover>}} is added
   to the provider pod.
 1. A {{<hover label="drc" line="24">}}shared volume{{</hover>}} is declared and
   then mounted in the {{<hover label="drc" line="16">}}provider
   container{{</hover>}} and the {{<hover label="drc" line="21">}}sidecar
   container{{</hover>}}.
 ```yaml {label="drc",copy-lines="all"}
 cat <<EOF | kubectl apply -f -
 apiVersion: pkg.crossplane.io/v1beta1
 kind: DeploymentRuntimeConfig
 metadata:
  name: enable-changelogs
 spec:
  deploymentTemplate:
    spec:
      selector: {}
      template:
        spec:
          containers:
          - name: package-runtime
            args:
            - --enable-changelogs
            volumeMounts:
            - name: changelogs-vol
              mountPath: /var/run/changelogs
          - name: changelogs-sidecar
            image: xpkg.crossplane.io/crossplane/changelogs-sidecar:v0.0.1
            volumeMounts:
            - name: changelogs-vol
              mountPath: /var/run/changelogs
          volumes:
          - name: changelogs-vol
            emptyDir: {}
  serviceAccountTemplate:
    metadata:
      name: provider-kubernetes
 EOF
 ```
 ### Install the provider
 Install the {{<hover label="provider" line="7">}}provider{{</hover>}} and
 instruct it to use the {{<hover label="provider" line="8">}}DeploymentRuntimeConfig{{</hover>}}
 that was just created.
 ```yaml {label="provider",copy-lines="all"}
 cat <<EOF | kubectl apply -f -
 apiVersion: pkg.crossplane.io/v1
 kind: Provider
 metadata:
  name: provider-kubernetes
 spec:
  package: xpkg.crossplane.io/crossplane-contrib/provider-kubernetes:v0.18.0
  runtimeConfigRef:
    apiVersion: pkg.crossplane.io/v1beta1
    kind: DeploymentRuntimeConfig
    name: enable-changelogs
 EOF
 ```
 ### Configure permissions
 In order for the provider to create Kubernetes resources within the control
 plane, it must be granted the appropriate permissions. This guide only creates a
 `ConfigMap`, so only permissions for that resource type are needed.
 {{<hint "important">}} This guide grants specific permissions to the provider
 for example purposes. This approach isn't intended to be representative of a
 production environment. More examples on configuring `provider-kubernetes` can
 be found in its [examples directory](https://github.com/crossplane-contrib/provider-kubernetes/tree/main/examples/provider).
 {{</hint>}}
 ```yaml {label="rbac",copy-lines="all"}
 cat <<EOF | kubectl apply -f -
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: configmap-edit
 rules:
  - apiGroups:
      - ""
    resources:
      - configmaps
    verbs:
      - "*"
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: provider-kubernetes-configmap-edit
 subjects:
  - kind: ServiceAccount
    name: provider-kubernetes
    namespace: crossplane-system
 roleRef:
  kind: ClusterRole
  name: configmap-edit
  apiGroup: rbac.authorization.k8s.io
 ---
 apiVersion: kubernetes.crossplane.io/v1alpha1
 kind: ProviderConfig
 metadata:
  name: default
 spec:
  credentials:
    source: InjectedIdentity
 EOF
 ```
 ### Create a resource
 Now that the provider is installed and configured with change logs enabled,
 create a resource that will generate change logs entries reflecting the actions
 the control plane is taking.
 ```yaml {label="provider",copy-lines="all"}
 cat <<EOF | kubectl apply -f -
 apiVersion: kubernetes.crossplane.io/v1alpha2
 kind: Object
 metadata:
  name: configmap-for-changelogs
 spec:
  forProvider:
    manifest:
      apiVersion: v1
      kind: ConfigMap
      metadata:
        namespace: default
        name: configmap-for-changelogs
      data:
        key-1: cool-value-1
 EOF
 ```
 ### Examine the change logs
 Check to see that the resource creation operation was recorded in the change
 logs. Examine the pod logs for `provider-kubernetes`, specifically at the
 `changelogs-sidecar` container:
 ```shell {label="changelogs-output-full",copy-lines="1"}
 kubectl -n crossplane-system logs -l pkg.crossplane.io/provider=provider-kubernetes -c changelogs-sidecar | jq
 {
  "timestamp": "2025-04-25T08:23:34Z",
  "provider": "provider-kubernetes:v0.18.0",
  "apiVersion": "kubernetes.crossplane.io/v1alpha2",
  "kind": "Object",
  "name": "configmap-for-changelogs",
  "externalName": "configmap-for-changelogs",
  "operation": "OPERATION_TYPE_CREATE",
  "snapshot": {
  ...(omitted for brevity)...
 ```
 Each change log entry contains rich information about the state of the resource
 when the change operation occurred. Since each entry is a structured `JSON`
 object, they can be filtered and queried to find any subset of information you
 are interested in:
 ```shell {label="changelogs-output-scoped",copy-lines="1-2"}
 kubectl -n crossplane-system logs -l pkg.crossplane.io/provider=provider-kubernetes -c changelogs-sidecar \
  | jq '.timestamp + " " + .provider + " " + .kind + " " + .name + " " + .operation'
 "2025-04-25T08:23:34Z provider-kubernetes:v0.18.0 Object configmap-for-changelogs OPERATION_TYPE_CREATE"
 ```
 ### Full lifecycle operations
 In addition to change log entries that record the creation of resources, update
 and delete operations will also generate corresponding change log entries.
 Update the resource by patching its data field `key-1` with a new value
 `cooler-value-2`:
 ```shell {label="object-patch",copy-lines="1-2"}
 kubectl patch object configmap-for-changelogs --type=json \
  -p='[{"op": "replace", "path": "/spec/forProvider/manifest/data/key-1", "value": "cooler-value-2"}]'
 object.kubernetes.crossplane.io/configmap-for-changelogs patched
 ```
 Then, delete the object entirely:
 ```shell {label="object-delete",copy-lines="1"}
 kubectl delete object configmap-for-changelogs
 object.kubernetes.crossplane.io "configmap-for-changelogs" deleted
 ```
 Check the change logs again to verify that both the update and delete operations
 were recorded, and the full lifecycle of the object has been captured in the
 change logs:
 ```shell {label="changelogs-output-final",copy-lines="1-2"}
 kubectl -n crossplane-system logs -l pkg.crossplane.io/provider=provider-kubernetes -c changelogs-sidecar \
  | jq '.timestamp + " " + .provider + " " + .kind + " " + .name + " " + .operation'
 "2025-04-25T08:23:34Z provider-kubernetes:v0.18.0 Object configmap-for-changelogs OPERATION_TYPE_CREATE"
 "2025-04-25T08:24:21Z provider-kubernetes:v0.18.0 Object configmap-for-changelogs OPERATION_TYPE_UPDATE"
 "2025-04-25T08:24:25Z provider-kubernetes:v0.18.0 Object configmap-for-changelogs OPERATION_TYPE_DELETE"
 ```
--- a/content/master/guides/extensions-release-process.md
+++ b/content/master/guides/extensions-release-process.md
@ -0,0 +1,305 @@
 ---
 title: Releasing Crossplane Extensions
 weight: 80
 description: "Configuring build pipelines for Crossplane extensions with GitHub
 Actions"
 ---
 ## Distributing Crossplane extensions
 Crossplane provides a packaging specification for extending a Crossplane
 instance with APIs and business logic for composing resources.
 Building a Crossplane extension involves creating OCI images in the [xpkg]
 format. Authors and maintainers of Crossplane extensions must push their
 packages to an OCI registry before users can reference and use them.
 The release process for Crossplane extensions grew organically in the community
 and developed its own conventions and common configurations. Authors of these
 extensions should follow this guide to enable automation for building
 and pushing their packages as part of their git workflow.
 This guide provides step-by-step instructions for configuring automated
 CI pipelines in GitHub Actions for pushing your Crossplane extensions to
 `xpkg.crossplane.io`, the main registry that the Crossplane community
 uses today.
 {{< hint "tip" >}}
 For more information about Crossplane packages, review the
 [xpkg concepts]({{<ref "../concepts/packages" >}}).
 {{< /hint >}}
 ## Typical workflow
 A typical GitHub workflow definition to build and release an extension
 contains the following steps:
 1. Fetching the source repository
 2. Authenticating to a remote registry
 3. Building and packaging artifacts
 4. Pushing (publishing) the artifact
 {{< hint "warning" >}}
 The supplied credentials for the remote registry require read and write access
 as upload requests to the registry specify `push` authorization scope.
 {{< /hint >}}
 ## Quickstart: Releasing a Provider to `xpkg.crossplane.io`
 ### Prerequisites
 - A GitHub repository, for example created from the
 [Upjet template](https://github.com/crossplane/upjet-provider-template)
 ### Steps
 1. Create a new YAML file under `.github/workflows`. By convention, name this
 file `publish-provider-package.yaml`.
 2. Copy the following workflow definition into the file, replacing
 `<REPOSITORY NAME>` with the desired name of the repository in the registry.
    ```yaml
    name: Publish Provider Package
    on:
      workflow_dispatch:
        inputs:
          version:
            description: "Version string to use while publishing the package (e.g. v1.0.0-alpha.1)"
            default: ''
            required: false
          go-version:
            description: 'Go version to use if building needs to be done'
            default: '1.23'
            required: false
    jobs:
      publish-provider-package:
        uses: crossplane-contrib/provider-workflows/.github/workflows/publish-provider-non-family.yml@main
        with:
          repository: <REPOSITORY NAME>
          version: ${{ github.event.inputs.version }}
          go-version: ${{ github.event.inputs.go-version }}
          cleanup-disk: true
        secrets:
          GHCR_PAT: ${{ secrets.GITHUB_TOKEN }}
    ```
 3. Commit the workflow file to the default branch of the GitHub repository.
 4. The workflow should now be available to trigger via the GitHub UI in the
 `Actions` tab.
 5. Create a release branch with the `release-` prefix in the name in the GitHub UI. For example, `release-0.1`.
 6. Tag the desired commit on release branch with a valid semver release tag.
 For example, `v0.1.0`. By default, this is the inferred reference pushed to the registry.
 7. Manually run the workflow in the GitHub UI, targeting the release branch from step 5.
 See [branching conventions](#branching-conventions) for more details on tagging
 practices and optionally overriding the inferred git tag version.
 ## Quickstart: Releasing a Function to `xpkg.crossplane.io`
 The template repository for [functions] provides a functional GitHub Action
 YAML file that pushes to `xpkg.crossplane.io` without extra configuration.
 To build and push a new release to the registry:
 1. Cut a release branch with the `release-` prefix in the name in the GitHub UI. For example, `release-0.1`.
 2. Tag the desired commit on release branch with a valid semver release tag for a corresponding
 GitHub Release. For example, `v0.1.0`.
 3. Manually run the workflow in the GitHub UI, targeting the release branch from step 1.
 The workflow generates a default version string if user input isn't provided.
 See [branching conventions](#branching-conventions) for more details on tagging
 practices and optionally overriding the inferred git tag version.
 ## Common Configuration
 While the reusable workflows referenced in the quickstart guides are for
 convenience, users may choose to write their own custom GitHub Actions.
 This and following sections provide more detailed information
 about common configuration options and conventions to implement the release
 process.
 All workflows require references to credentials for a remote registry.
 Typically, users configure them as [GitHub Actions Secrets], and the workflow
 performs authentication via the`docker/login-action`
 [action](http://github.com/docker/login-action).
 For example, adding the following step to a pipeline authenticates
 the job to `ghcr.io` using the workflow's ephemeral GitHub OIDC token.
 ```yaml
      - name: Login to GHCR
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
 ```
 {{< hint "important" >}}
 By default, the job's OIDC token doesn't have permission to write packages
 to `ghcr.io`. Permissions are configurable in the GitHub repository's settings
 or declared
 [explicitly](https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/controlling-permissions-for-github_token)
 in the workflow definition YAML file.
 Writing packages requires a `permissions` block with `packages: write` if it
 isn't configured elsewhere for the repository.
 {{< /hint >}}
 For other registries, it's still best practice to reference credentials as
 custom Secret variables. For example:
 ```yaml
      - name: Login to Another Registry
        uses: docker/login-action@v3
        with:
          registry: my-registry.io
          username: ${{ env.REGISTRY_USER }}
          password: ${{ secrets.REGISTRY_PASSWORD }}
 ```
 ## Branching conventions
 Repositories for Crossplane extensions follow similar branching conventions
 to upstream Crossplane, where the release process assumes the workflow
 executing in branches with the `release-*` prefix. `main` is often included,
 though a conventional release process would not build and push off of tags on
 `main`.
 ```yaml
 on:
  push:
    branches:
      - main
      - release-*
 ```
 For example, when releasing `v0.1.0` of an extension, the conventional
 process is to cut a release branch `release-0.1` at the git commit
 where it builds from, and tag it as `v0.1.0`.
 {{< hint "note" >}}
 Some custom workflows may accept an explicit input for the remote reference instead of
 inferring it from a git ref. The [`ci.yml`](https://github.com/crossplane-contrib/function-python/blob/main/.github/workflows/ci.yml)
 file for `crossplane-contrib/function-python` is a good example.
 {{< /hint >}}
 ## Configuring workflows for function packages
 Function workflow definitions differ based on the base language the
 function implementation uses. For example, a Python function requires
 a Python environment in the GitHub Action runner:
 ```yaml
      - name: Setup Python
        uses: actions/setup-python@v5
        with:
          python-version: ${{ env.PYTHON_VERSION }}
      - name: Setup Hatch
        run: pipx install hatch==1.7.0
      - name: Lint
        run: hatch run lint:check
 ```
 While the template repository provides a working pipeline definition, users may
 choose to customize their environment with different tooling.
 Functions also require a runtime image of the core business logic to
 build and embed into the Function package. The default workflow definition
 builds for two platforms: `linux/amd64` and `linux/arm64`.
 ```yaml
      - name: Build Runtime
        id: image
        uses: docker/build-push-action@v6
        with:
          context: .
          platforms: linux/${{ matrix.arch }}
          cache-from: type=gha
          cache-to: type=gha,mode=max
          target: image
          build-args:
            PYTHON_VERSION=${{ env.PYTHON_VERSION }}
          outputs: type=docker,dest=runtime-${{ matrix.arch }}.tar
 ```
 ## Configuring workflows for provider packages
 Providers, unlike Functions, use custom `make` targets in the [build submodule]
 for building and pushing Crossplane Provider packages.
 Configuring the workflow for a specific registry involves two steps:
 1. Updating the registry variables in the top-level `Makefile`.
 2. Referencing GitHub Actions Secrets for authorized credentials to the
 registry.
 ### Configure target registry
 The provider template repository includes a top-level [`Makefile`](https://github.com/crossplane/upjet-provider-template/blob/main/Makefile).
 Edit the following variables to define the target registry:
 1. `XPKG_REG_ORGS` - a space-delimited list of target repositories.
 2. `XPKG_REG_ORGS_NO_PROMOTE` - for registries that don't use or infer
 channel tags.
 For example, the following dual-pushes to `xpkg.crossplane.io` as well as
 `index.docker.io`:
 ```make
 XPKG_REG_ORGS ?= xpkg.crossplane.io/crossplane-contrib index.docker.io/crossplanecontrib
 XPKG_REG_ORGS_NO_PROMOTE ?= xpkg.crossplane.io/crossplane-contrib
 ```
 ## Reusable workflows
 The [crossplane-contrib/provider-workflows] repository provide reusable
 workflow definitions that are callable from a custom CI pipeline.
 For example, the following snippet references the callable workflow to
 build and push the `provider-kubernetes` package to `xpkg.crossplane.io`:
 ```yaml
 jobs:
  publish-provider-package:
    uses: crossplane-contrib/provider-workflows/.github/workflows/publish-provider-non-family.yml@main
    with:
      repository: provider-kubernetes
      version: ${{ github.event.inputs.version }}
      go-version: ${{ github.event.inputs.go-version }}
      cleanup-disk: true
    secrets:
      GHCR_PAT: ${{ secrets.GITHUB_TOKEN }}
 ```
 {{< hint "tip" >}}
 The reusable workflows referenced here publish to `ghcr.io` by default.
 Ensure that the default GitHub Actions OIDC token inherits the
 `packages: write` permission.
 {{< /hint >}}
 ## Troubleshooting
 {{< expand "Why is my workflow is failing with a 404 error code?" >}}
 Ensure the target repository exists in the registry. You need to create
 it if it doesn't already exist.
 {{</expand >}}
 {{< expand "Why is my workflow failing with a 401 error code?" >}}
 Ensure the credentials used during the registry login step has authorization to
 pull and push, and that the `{{ secrets.* }}` variable substitutions match
 what's configured in GitHub.
 {{</expand >}}
 <!-- Named Links -->
 [xpkg]: https://github.com/crossplane/crossplane/blob/main/contributing/specifications/xpkg.md
 [functions]: https://github.com/crossplane/function-template-go/blob/main/.github/workflows/ci.yml
 [GitHub Actions Secrets]: https://docs.github.com/en/actions/security-for-github-actions/security-guides/using-secrets-in-github-actions
 [build submodule]: https://github.com/crossplane/build
 [crossplane-contrib/provider-workflows]: https://github.com/crossplane-contrib/provider-workflows/blob/main/.github/workflows
--- a/content/master/guides/function-patch-and-transform.md
+++ b/content/master/guides/function-patch-and-transform.md
@ -92,7 +92,7 @@ kind: Function
 metadata:
  name: function-patch-and-transform
 spec:
-  package: xpkg.upbound.io/crossplane-contrib/function-patch-and-transform:v0.1.4
+  package: xpkg.crossplane.io/crossplane-contrib/function-patch-and-transform:v0.8.2
 ```
 {{<hint "tip" >}}
@ -122,7 +122,7 @@ The contents of the `base` are identical to creating a standalone
 [managed resource]({{<ref "../concepts/managed-resources">}}).
 This example uses
-[Upbound's Provider AWS](https://marketplace.upbound.io/providers/upbound/provider-family-aws/v1.17.0)
+[provider-upjet-aws](https://github.com/crossplane-contrib/provider-upjet-aws)
 to define a S3 storage `Bucket` and EC2 compute `Instance`.
 After defining the `apiVersion` and `kind`, define the `spec.forProvider` fields
@ -507,8 +507,8 @@ All the following examples use the same set of Compositions,
 CompositeResourceDefinitions, Claims and EnvironmentConfigs.
 Only the applied patches change between examples.
-All examples rely on Upbound
+All examples rely on
-[provider-aws-s3](https://marketplace.upbound.io/providers/upbound/provider-aws-s3/)
+[provider-aws-s3](https://github.com/crossplane-contrib/provider-upjet-aws)
 to create resources.
 {{< expand "Reference Composition" >}}
--- a/content/master/guides/import-existing-resources.md
+++ b/content/master/guides/import-existing-resources.md
@ -5,7 +5,7 @@ weight: 200
 If you have resources that are already provisioned in a Provider,
 you can import them as managed resources and let Crossplane manage them.
-A managed resource's [`managementPolicies`]({{<ref "/v1.16/concepts/managed-resources#managementpolicies">}})
+A managed resource's [`managementPolicies`]({{<ref "../concepts/managed-resources#managementpolicies">}})
 field enables importing external resources into Crossplane.
 Crossplane can import resources either [manually]({{<ref "#import-resources-manually">}})
@ -84,7 +84,7 @@ managed resource `spec` changes the external resource.
 ## Import resources automatically
-Automatically import external resources with an `Observe` [management policy]({{<ref "/v1.16/concepts/managed-resources#managementpolicies">}}).
+Automatically import external resources with an `Observe` [management policy]({{<ref "../concepts/managed-resources#managementpolicies">}}).
 Crossplane imports observe only resources but never changes or deletes the
 resources.
--- a/content/master/guides/multi-tenant.md
+++ b/content/master/guides/multi-tenant.md
@ -315,9 +315,9 @@ dedicated control planes to many tenants within a single organization.
 [Multiple Source Field patching]: https://github.com/crossplane/crossplane/pull/2093
 [Configuration packages]: {{<ref "../../master/concepts/packages" >}}
 [OCI images]: https://github.com/opencontainers/image-spec
-[EKS Cluster]: https://marketplace.upbound.io/providers/crossplane-contrib/provider-aws/latest/resources/eks.aws.crossplane.io/Cluster/v1beta1
+[EKS Cluster]: https://github.com/crossplane-contrib/provider-upjet-aws/blob/main/examples/eks/v1beta2/cluster.yaml
-[provider-aws]: https://marketplace.upbound.io/providers/crossplane-contrib/provider-aws
+[provider-aws]: https://github.com/crossplane-contrib/provider-upjet-aws
-[provider-helm]: https://marketplace.upbound.io/providers/crossplane-contrib/provider-helm/
+[provider-helm]: https://github.com/crossplane-contrib/provider-helm
 [Open Service Broker API]: https://github.com/openservicebrokerapi/servicebroker
 [Crossplane Service Broker]: https://github.com/vshn/crossplane-service-broker
 [Cloudfoundry]: https://www.cloudfoundry.org/
--- a/content/master/guides/troubleshoot-crossplane.md
+++ b/content/master/guides/troubleshoot-crossplane.md
@ -5,8 +5,8 @@ weight: 306
 ## Requested Resource Not Found
 If you use the Crossplane CLI to install a `Provider` or
-`Configuration` (for example, `crossplane install provider
+`Configuration` (for example, `crossplane xpkg install provider
-xpkg.upbound.io/crossplane-contrib/provider-aws:v0.33.0`) and get `the server
+xpkg.crossplane.io/crossplane-contrib/provider-aws-s3:v1.21.1`) and get `the server
 could not find the requested resource` error, more often than not, that's an
 indicator that the Crossplane CLI you're using is outdated. In other words
 some Crossplane API has been graduated from alpha to beta or stable and the old
@ -103,7 +103,7 @@ kind: Provider
 metadata:
  name: provider-aws
 spec:
-  package: xpkg.upbound.io/crossplane-contrib/provider-aws:v0.33.0
+  package: xpkg.crossplane.io/crossplane-contrib/provider-aws:v0.33.0
  runtimeConfigRef:
    apiVersion: pkg.crossplane.io/v1beta1
    kind: DeploymentRuntimeConfig
@ -365,7 +365,7 @@ kind: Provider
 metadata:
  name: provider-aws
 spec:
-  package: xpkg.upbound.io/crossplane-contrib/provider-aws:v0.33.0
+  package: xpkg.crossplane.io/crossplane-contrib/provider-aws:v0.33.0
  runtimeConfigRef:
    apiVersion: pkg.crossplane.io/v1beta1
    kind: DeploymentRuntimeConfig
--- a/content/master/guides/vault-as-secret-store.md
+++ b/content/master/guides/vault-as-secret-store.md
@ -217,7 +217,7 @@ Next, install the Crossplane ESS Plugin pod to the `crossplane-system` namespace
 and apply the Vault annotations.
 ```shell
-helm upgrade --install ess-plugin-vault oci://xpkg.upbound.io/crossplane-contrib/ess-plugin-vault --namespace crossplane-system -f values.yaml
+helm upgrade --install ess-plugin-vault oci://xpkg.crossplane.io/crossplane-contrib/ess-plugin-vault --namespace crossplane-system -f values.yaml
 ```
 ## Configure Crossplane
@ -255,7 +255,7 @@ kind: Provider
 metadata:
  name: provider-gcp
 spec:
-  package: xpkg.upbound.io/crossplane-contrib/provider-gcp:v0.23.0-rc.0.19.ge9b75ee5
+  package: xpkg.crossplane.io/crossplane-contrib/provider-gcp:v0.23.0-rc.0.19.ge9b75ee5
  controllerConfigRef:
    name: vault-config" | kubectl apply -f -
 ```
@ -341,7 +341,7 @@ Check that Crossplane installed the Provider and the Provider is healthy.
 ```shell {copy-lines="1"}
 kubectl get providers
 NAME           INSTALLED   HEALTHY   PACKAGE                                                                     AGE
-provider-gcp   True        True      xpkg.upbound.io/crossplane-contrib/provider-gcp:v0.23.0-rc.0.19.ge9b75ee5   10m
+provider-gcp   True        True      xpkg.crossplane.io/crossplane-contrib/provider-gcp:v0.23.0-rc.0.19.ge9b75ee5   10m
 ```
 ### Create a CompositeResourceDefinition
--- a/content/master/guides/vault-injection.md
+++ b/content/master/guides/vault-injection.md
@ -310,7 +310,7 @@ kind: Provider
 metadata:
  name: provider-gcp
 spec:
-  package: xpkg.upbound.io/crossplane-contrib/provider-gcp:v0.22.0
+  package: xpkg.crossplane.io/crossplane-contrib/provider-gcp:v0.22.0
  controllerConfigRef:
    name: vault-config" | kubectl apply -f -
 ```
@ -418,7 +418,7 @@ kind: Provider
 metadata:
  name: provider-aws
 spec:
-  package: xpkg.upbound.io/crossplane-contrib/provider-aws:v0.33.0
+  package: xpkg.crossplane.io/crossplane-contrib/provider-aws:v0.33.0
  controllerConfigRef:
    name: aws-vault-config" | kubectl apply -f -
 ```
@ -491,8 +491,8 @@ kubectl get bucket -w
 [Vault Kubernetes Sidecar]: https://learn.hashicorp.com/tutorials/vault/kubernetes-sidecar
 [Vault]: https://www.vaultproject.io/
 [Vault Kubernetes Sidecar]: https://www.vaultproject.io/docs/platform/k8s/injector
-[provider-gcp]: https://marketplace.upbound.io/providers/crossplane-contrib/provider-gcp
+[provider-gcp]: https://github.com/crossplane-contrib/provider-upjet-gcp
-[provider-aws]: https://marketplace.upbound.io/providers/crossplane-contrib/provider-aws
+[provider-aws]: https://github.com/crossplane-contrib/provider-upjet-aws
 [AWS]: https://www.vaultproject.io/docs/secrets/aws
 [Azure]: https://www.vaultproject.io/docs/secrets/azure
 [GCP]: https://www.vaultproject.io/docs/secrets/gcp 
--- a/content/master/guides/write-a-composition-function-in-go.md
+++ b/content/master/guides/write-a-composition-function-in-go.md
@ -425,7 +425,7 @@ This code:
 1. Adds one desired S3 bucket for each bucket name.
 1. Returns the desired S3 buckets in a `RunFunctionResponse`.
-The code uses the `v1beta1.Bucket` type from [Upbound's AWS S3 provider](https://github.com/crossplane-contrib/provider-upjet-aws).
+The code uses the `v1beta1.Bucket` type from the [AWS S3 provider](https://github.com/crossplane-contrib/provider-upjet-aws).
 One advantage of writing a function in Go is that you can compose resources
 using the same strongly typed structs Crossplane uses in its providers.
@ -671,7 +671,7 @@ metadata:
 spec:
  # The CLI ignores this package when using the Development runtime.
  # You can set it to any value.
-  package: xpkg.upbound.io/negz/function-xbuckets:v0.1.0
+  package: xpkg.crossplane.io/negz/function-xbuckets:v0.1.0
 ```
 {{</expand>}}
@ -783,7 +783,7 @@ Read the composition functions documentation to learn more about
 You build a function in two stages. First you build the function's runtime. This
 is the Open Container Initiative (OCI) image Crossplane uses to run your
 function. You then embed that runtime in a package, and push it to a package
-registry. The Crossplane CLI uses `xpkg.upbound.io` as its default package
+registry. The Crossplane CLI uses `xpkg.crossplane.io` as its default package
 registry.
 A function supports a single platform, like `linux/amd64`, by default. You can
@ -863,11 +863,4 @@ up continuous integration (CI) using
 [GitHub Actions](https://github.com/features/actions). The CI workflow will
 lint, test, and build your function. You can see how the template configures CI
 by reading `.github/workflows/ci.yaml`.
 The CI workflow can automatically push packages to `xpkg.upbound.io`. For this
 to work you must create a repository at https://marketplace.upbound.io. Give the
 CI workflow access to push to the Marketplace by creating an API token and
 [adding it to your repository](https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository).
 Save your API token access ID as a secret named `XPKG_ACCESS_ID` and your API
 token as a secret named `XPKG_TOKEN`.
 {{</hint>}}
--- a/content/master/guides/write-a-composition-function-in-python.md
+++ b/content/master/guides/write-a-composition-function-in-python.md
@ -533,7 +533,7 @@ metadata:
 spec:
  # The CLI ignores this package when using the Development runtime.
  # You can set it to any value.
-  package: xpkg.upbound.io/negz/function-xbuckets:v0.1.0
+  package: xpkg.crossplane.io/negz/function-xbuckets:v0.1.0
 ```
 {{</expand>}}
@ -644,7 +644,7 @@ Read the composition functions documentation to learn more about
 You build a function in two stages. First you build the function's runtime. This
 is the Open Container Initiative (OCI) image Crossplane uses to run your
 function. You then embed that runtime in a package, and push it to a package
-registry. The Crossplane CLI uses `xpkg.upbound.io` as its default package
+registry. The Crossplane CLI uses `xpkg.crossplane.io` as its default package
 registry.
 A function supports a single platform, like `linux/amd64`, by default. You can
@ -732,11 +732,4 @@ up continuous integration (CI) using
 [GitHub Actions](https://github.com/features/actions). The CI workflow will
 lint, test, and build your function. You can see how the template configures CI
 by reading `.github/workflows/ci.yaml`.
 The CI workflow can automatically push packages to `xpkg.upbound.io`. For this
 to work you must create a repository at https://marketplace.upbound.io. Give the
 CI workflow access to push to the Marketplace by creating an API token and
 [adding it to your repository](https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository).
 Save your API token access ID as a secret named `XPKG_ACCESS_ID` and your API
 token as a secret named `XPKG_TOKEN`.
 {{</hint>}}
--- a/content/master/learn/_index.md
+++ b/content/master/learn/_index.md
@ -28,7 +28,7 @@ If you have any questions, please drop us a note on [Crossplane Slack][join-cros
 - Subscribe to our [YouTube Channel](https://www.youtube.com/channel/UC19FgzMBMqBro361HbE46Fw)
 <!-- vale Crossplane.Spelling = NO -->
 - Drop us a note on Twitter: [@crossplane_io](https://twitter.com/crossplane_io)
- Email us: [info@crossplane.io](mailto:info@crossplane.io)
+- Email us: [crossplane-info@lists.cncf.io](mailto:crossplane-info@lists.cncf.io)
 <!-- vale Crossplane.Spelling = YES -->
 <!-- Named links -->
--- a/content/master/learn/release-cycle.md
+++ b/content/master/learn/release-cycle.md
@ -97,4 +97,4 @@ reviews, testing, and bug fixing to ensure a quality release.
 [Feature Freeze]: #feature-freeze
 [Code Freeze]: #code-freeze
 [CONTRIBUTING.md]: https://github.com/crossplane/crossplane/blob/main/CONTRIBUTING.md
-[community calendar]: https://calendar.google.com/calendar/embed?src=c_2cdn0hs9e2m05rrv1233cjoj1k%40group.calendar.google.com
+[community calendar]: https://zoom-lfx.platform.linuxfoundation.org/meetings/crossplane
--- a/content/master/software/install.md
+++ b/content/master/software/install.md
@ -125,19 +125,24 @@ Apply customizations with the command line or with a Helm _values_ file.
 | `customAnnotations` | Add custom `annotations` to the Crossplane pod deployment. | `{}` |
 | `customLabels` | Add custom `labels` to the Crossplane pod deployment. | `{}` |
 | `deploymentStrategy` | The deployment strategy for the Crossplane and RBAC Manager pods. | `"RollingUpdate"` |
 | `dnsPolicy` | Specify the `dnsPolicy` to be used by the Crossplane pod. | `""` |
 | `extraEnvVarsCrossplane` | Add custom environmental variables to the Crossplane pod deployment. Replaces any `.` in a variable name with `_`. For example, `SAMPLE.KEY=value1` becomes `SAMPLE_KEY=value1`. | `{}` |
 | `extraEnvVarsRBACManager` | Add custom environmental variables to the RBAC Manager pod deployment. Replaces any `.` in a variable name with `_`. For example, `SAMPLE.KEY=value1` becomes `SAMPLE_KEY=value1`. | `{}` |
 | `extraObjects` | To add arbitrary Kubernetes Objects during a Helm Install | `[]` |
 | `extraVolumeMountsCrossplane` | Add custom `volumeMounts` to the Crossplane pod. | `{}` |
 | `extraVolumesCrossplane` | Add custom `volumes` to the Crossplane pod. | `{}` |
-| `function.packages` | A list of Function packages to install. | `[]` |
+| `function.packages` | A list of Function packages to install | `[]` |
-| `hostNetwork` | Enable `hostNetwork` for the Crossplane deployment. Caution: enabling `hostNetwork` grants the Crossplane Pod access to the host network namespace. | `false` |
+| `functionCache.medium` | Set to `Memory` to hold the function cache in a RAM backed file system. Useful for Crossplane development. | `""` |
 | `functionCache.pvc` | The name of a PersistentVolumeClaim to use as the function cache. Disables the default function cache `emptyDir` Volume. | `""` |
 | `functionCache.sizeLimit` | The size limit for the function cache. If medium is `Memory` the `sizeLimit` can't exceed Node memory. | `"512Mi"` |
 | `hostNetwork` | Enable `hostNetwork` for the Crossplane deployment. Caution: enabling `hostNetwork` grants the Crossplane Pod access to the host network namespace. Consider setting `dnsPolicy` to `ClusterFirstWithHostNet`. | `false` |
 | `image.pullPolicy` | The image pull policy used for Crossplane and RBAC Manager pods. | `"IfNotPresent"` |
-| `image.repository` | Repository for the Crossplane pod image. | `"xpkg.upbound.io/crossplane/crossplane"` |
+| `image.repository` | Repository for the Crossplane pod image. | `"xpkg.crossplane.io/crossplane/crossplane"` |
 | `image.tag` | The Crossplane image tag. Defaults to the value of `appVersion` in `Chart.yaml`. | `""` |
-| `imagePullSecrets` | The imagePullSecret names to add to the Crossplane ServiceAccount. | `{}` |
+| `imagePullSecrets` | The imagePullSecret names to add to the Crossplane ServiceAccount. | `[]` |
 | `leaderElection` | Enable [leader election](https://docs.crossplane.io/latest/concepts/pods/#leader-election) for the Crossplane pod. | `true` |
 | `metrics.enabled` | Enable Prometheus path, port and scrape annotations and expose port 8080 for both the Crossplane and RBAC Manager pods. | `false` |
 | `metrics.port` | The port the metrics server listens on. | `""` |
 | `nodeSelector` | Add `nodeSelectors` to the Crossplane pod deployment. | `{}` |
 | `packageCache.configMap` | The name of a ConfigMap to use as the package cache. Disables the default package cache `emptyDir` Volume. | `""` |
 | `packageCache.medium` | Set to `Memory` to hold the package cache in a RAM backed file system. Useful for Crossplane development. | `""` |
@ -153,20 +158,24 @@ Apply customizations with the command line or with a Helm _values_ file.
 | `rbacManager.leaderElection` | Enable [leader election](https://docs.crossplane.io/latest/concepts/pods/#leader-election) for the RBAC Manager pod. | `true` |
 | `rbacManager.nodeSelector` | Add `nodeSelectors` to the RBAC Manager pod deployment. | `{}` |
 | `rbacManager.replicas` | The number of RBAC Manager pod `replicas` to deploy. | `1` |
 | `rbacManager.revisionHistoryLimit` | The number of RBAC Manager ReplicaSets to retain. | `nil` |
 | `rbacManager.skipAggregatedClusterRoles` | Don't install aggregated Crossplane ClusterRoles. | `false` |
 | `rbacManager.tolerations` | Add `tolerations` to the RBAC Manager pod deployment. | `[]` |
 | `rbacManager.topologySpreadConstraints` | Add `topologySpreadConstraints` to the RBAC Manager pod deployment. | `[]` |
 | `readiness.port` | The port the readyz server listens on. | `""` |
 | `registryCaBundleConfig.key` | The ConfigMap key containing a custom CA bundle to enable fetching packages from registries with unknown or untrusted certificates. | `""` |
 | `registryCaBundleConfig.name` | The ConfigMap name containing a custom CA bundle to enable fetching packages from registries with unknown or untrusted certificates. | `""` |
 | `replicas` | The number of Crossplane pod `replicas` to deploy. | `1` |
-| `resourcesCrossplane.limits.cpu` | CPU resource limits for the Crossplane pod. | `"100m"` |
+| `resourcesCrossplane.limits.cpu` | CPU resource limits for the Crossplane pod. | `"500m"` |
-| `resourcesCrossplane.limits.memory` | Memory resource limits for the Crossplane pod. | `"512Mi"` |
+| `resourcesCrossplane.limits.memory` | Memory resource limits for the Crossplane pod. | `"1024Mi"` |
 | `resourcesCrossplane.requests.cpu` | CPU resource requests for the Crossplane pod. | `"100m"` |
 | `resourcesCrossplane.requests.memory` | Memory resource requests for the Crossplane pod. | `"256Mi"` |
 | `resourcesRBACManager.limits.cpu` | CPU resource limits for the RBAC Manager pod. | `"100m"` |
 | `resourcesRBACManager.limits.memory` | Memory resource limits for the RBAC Manager pod. | `"512Mi"` |
 | `resourcesRBACManager.requests.cpu` | CPU resource requests for the RBAC Manager pod. | `"100m"` |
 | `resourcesRBACManager.requests.memory` | Memory resource requests for the RBAC Manager pod. | `"256Mi"` |
 | `revisionHistoryLimit` | The number of Crossplane ReplicaSets to retain. | `nil` |
 | `runtimeClassName` | The runtimeClassName name to apply to the Crossplane and RBAC Manager pods. | `""` |
 | `securityContextCrossplane.allowPrivilegeEscalation` | Enable `allowPrivilegeEscalation` for the Crossplane pod. | `false` |
 | `securityContextCrossplane.readOnlyRootFilesystem` | Set the Crossplane pod root file system as read-only. | `true` |
 | `securityContextCrossplane.runAsGroup` | The group ID used by the Crossplane pod. | `65532` |
@ -175,10 +184,14 @@ Apply customizations with the command line or with a Helm _values_ file.
 | `securityContextRBACManager.readOnlyRootFilesystem` | Set the RBAC Manager pod root file system as read-only. | `true` |
 | `securityContextRBACManager.runAsGroup` | The group ID used by the RBAC Manager pod. | `65532` |
 | `securityContextRBACManager.runAsUser` | The user ID used by the RBAC Manager pod. | `65532` |
 | `service.customAnnotations` | Configure annotations on the service object. Only enabled when webhooks.enabled = true | `{}` |
 | `serviceAccount.create` | Specifies whether Crossplane ServiceAccount should be created | `true` |
 | `serviceAccount.customAnnotations` | Add custom `annotations` to the Crossplane ServiceAccount. | `{}` |
 | `serviceAccount.name` | Provide the name of an already created Crossplane ServiceAccount. Required when `serviceAccount.create` is `false` | `""` |
 | `tolerations` | Add `tolerations` to the Crossplane pod deployment. | `[]` |
 | `topologySpreadConstraints` | Add `topologySpreadConstraints` to the Crossplane pod deployment. | `[]` |
 | `webhooks.enabled` | Enable webhooks for Crossplane and installed Provider packages. | `true` |
 | `webhooks.port` | The port the webhook server listens on. | `""` |
 {{< /table >}}
 {{< /expand >}}
 <!-- vale gitlab.Substitutions = YES -->
@ -254,10 +267,12 @@ at the table below.
 | Beta | `--enable-deployment-runtime-configs` | Enable support for DeploymentRuntimeConfigs. |
 | Beta | `--enable-usages` | Enable support for Usages. |
 | Beta | `--enable-ssa-claims` | Enable support for using server-side apply to sync claims with XRs. |
 | Beta | `--enable-realtime-compositions` | Enable support for real time compositions. |
 | Alpha | `--enable-external-secret-stores` | Enable support for External Secret Stores. |
 | Alpha | `--enable-realtime-compositions` | Enable support for real time compositions. |
 | Alpha | `--enable-dependency-version-upgrades` | Enable automatic version upgrades of dependencies when updating packages. |
 | Alpha | `--enable-dependency-version-downgrades` | Enable automatic version downgrades of dependencies when updating packages. |
 | Alpha | `--enable-signature-verification` | Enable support for package signature verification via ImageConfig API. |
 | Alpha | `--enable-function-response-cache` | Enable support for caching composition function responses. |
 {{< /table >}}
 {{< /expand >}}
@ -267,9 +282,8 @@ args='{"--enable-composition-functions","--enable-composition-webhook-schema-val
 #### Change the default package registry
-Beginning with Crossplane version 1.15.0 Crossplane downloads packages from the
+Beginning with Crossplane version 1.20.0 Crossplane uses the [crossplane-contrib](https://github.com/orgs/crossplane-contrib/packages) GitHub Container Registry at `xpkg.crossplane.io` by default for downloading and
-[Upbound Marketplace](https://marketplace.upbound.io) at `xpkg.upbound.io`
+installing packages.
 instead of DockerHub.
 Change the default registry location during the Crossplane install with
 `--set args='{"--registry=index.docker.io"}'`.
@ -326,15 +340,3 @@ Community Crossplane distribution.
 The CNCF certified third-party distributions as
 "[conformant](https://github.com/cncf/crossplane-conformance)" with the
 Community Crossplane distribution.
 ### Vendors
 Below are vendors providing conformant Crossplane distributions.
 #### Upbound
 Upbound, the founders of Crossplane, maintains a free and open source
 distribution of Crossplane called
 [Universal Crossplane](https://www.upbound.io/product/universal-crossplane)
 (`UXP`).
 Find information on UXP in the
 [Upbound UXP documentation](https://docs.upbound.io/uxp/install/).
--- a/content/master/software/uninstall.md
+++ b/content/master/software/uninstall.md
@ -135,13 +135,13 @@ List the installed _providers_ with `kubectl get providers`.
 ```shell {copy-lines="1"}
 kubectl get providers
 NAME                   INSTALLED   HEALTHY   PACKAGE                                        AGE
-upbound-provider-aws   True        True      xpkg.upbound.io/upbound/provider-aws:v1.0.0    8h
+crossplane-contrib-provider-aws   True        True      xpkg.crossplane.io/crossplane-contrib/provider-aws:v1.21.1     8h
 ```
 Remove the installed _providers_ with `kubectl delete provider`.
 ```shell
-kubectl delete provider upbound-provider-aws
+kubectl delete provider crossplane-contrib-provider-aws
 ```
 ## Uninstall the Crossplane deployment 
--- a/content/master/software/upgrade.md
+++ b/content/master/software/upgrade.md
@ -46,9 +46,9 @@ Crossplane.
 Crossplane uses any new default behaviors unless they're changed in the `helm
 upgrade` command.
-For example, in v1.15.0 Crossplane changed the default image registry from 
+For example, in v1.20.0 Crossplane changed the default image registry from 
-`index.docker.io` to `xpkg.upbound.io`. Upgrading Crossplane from a version
+`index.docker.io` to `xpkg.crossplane.io`. Upgrading Crossplane from a version
-before v1.15.0 updates the default package registry. 
+before v1.20.0 updates the default package registry. 
 Override new defaults by 
 [customizing the Helm chart]({{<ref "install#customize-the-crossplane-helm-chart" >}}) 
@ -56,5 +56,5 @@ with the upgrade command.
 For example, to maintain the original image registry use 
 ```shell 
-helm upgrade crossplane --namespace crossplane-system crossplane-stable/crossplane `--set 'args={"--registry=index.docker.io"}'
+helm upgrade crossplane --namespace crossplane-system crossplane-stable/crossplane --set 'args={"--registry=index.docker.io"}'
 ```
--- a/content/v1.16/api/crds/pkg.crossplane.io_locks.yaml
+++ b/content/v1.16/api/crds/pkg.crossplane.io_locks.yaml
@ -1,99 +0,0 @@
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.14.0
  name: locks.pkg.crossplane.io
 spec:
  group: pkg.crossplane.io
  names:
    kind: Lock
    listKind: LockList
    plural: locks
    singular: lock
  scope: Cluster
  versions:
  - additionalPrinterColumns:
    - jsonPath: .metadata.creationTimestamp
      name: AGE
      type: date
    name: v1beta1
    schema:
      openAPIV3Schema:
        description: Lock is the CRD type that tracks package dependencies.
        properties:
          apiVersion:
            description: |-
              APIVersion defines the versioned schema of this representation of an object.
              Servers should convert recognized schemas to the latest internal value, and
              may reject unrecognized values.
              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
            type: string
          kind:
            description: |-
              Kind is a string value representing the REST resource this object represents.
              Servers may infer this from the endpoint the client submits requests to.
              Cannot be updated.
              In CamelCase.
              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
            type: string
          metadata:
            type: object
          packages:
            items:
              description: LockPackage is a package that is in the lock.
              properties:
                dependencies:
                  description: |-
                    Dependencies are the list of dependencies of this package. The order of
                    the dependencies will dictate the order in which they are resolved.
                  items:
                    description: A Dependency is a dependency of a package in the
                      lock.
                    properties:
                      constraints:
                        description: |-
                          Constraints is a valid semver range, which will be used to select a valid
                          dependency version.
                        type: string
                      package:
                        description: Package is the OCI image name without a tag or
                          digest.
                        type: string
                      type:
                        description: Type is the type of package. Can be either Configuration
                          or Provider.
                        type: string
                    required:
                    - constraints
                    - package
                    - type
                    type: object
                  type: array
                name:
                  description: Name corresponds to the name of the package revision
                    for this package.
                  type: string
                source:
                  description: Source is the OCI image name without a tag or digest.
                  type: string
                type:
                  description: Type is the type of package. Can be either Configuration
                    or Provider.
                  type: string
                version:
                  description: Version is the tag or digest of the OCI image.
                  type: string
              required:
              - dependencies
              - name
              - source
              - type
              - version
              type: object
            type: array
        type: object
    served: true
    storage: true
    subresources:
      status: {}
--- a/content/v1.16/concepts/compositions.md
+++ b/content/v1.16/concepts/compositions.md
--- a/content/v1.16/concepts/environment-configs.md
+++ b/content/v1.16/concepts/environment-configs.md
@ -1,483 +0,0 @@
 ---
 title: Environment Configurations
 weight: 75
 state: alpha
 alphaVersion: "1.11"
 description: "Environment Configurations or EnvironmentConfigs are an in-memory datastore used in patching Compositions"
 ---
 <!--
 TODO: Add Policies
 -->
 A Crossplane EnvironmentConfig is a cluster scoped 
 [ConfigMap](https://kubernetes.io/docs/concepts/configuration/configmap/)-like 
 resource used
 by Compositions. Compositions can use the environment to store information from
 individual resources or to apply [patches]({{<ref "patch-and-transform">}}).
 Crossplane supports multiple EnvironmentConfigs, each acting as a unique
 data store. 
 When Crossplane creates a composite resource, Crossplane merges all the 
 EnvironmentConfigs referenced in the associated Composition and creates a unique
 in-memory environment for that composite resource.
 The composite resource can read and write data to their unique 
 in-memory environment.
 {{<hint "important" >}}
 The in-memory environment is unique to each composite resource.  
 A composite resource can't read data in another composite resource's
 environment. 
 {{< /hint >}}
 ## Enable EnvironmentConfigs
 EnvironmentConfigs are an alpha feature. Alpha features aren't enabled by
 default.
 Enable EnvironmentConfig support by 
 [changing the Crossplane pod setting]({{<ref "./pods#change-pod-settings">}})
 and enabling  
 {{<hover label="deployment" line="12">}}--enable-environment-configs{{</hover>}}
 argument.
 ```yaml {label="deployment",copy-lines="12"}
 $ kubectl edit deployment crossplane --namespace crossplane-system
 apiVersion: apps/v1
 kind: Deployment
 spec:
 # Removed for brevity
  template:
    spec:
      containers:
      - args:
        - core
        - start
        - --enable-environment-configs
 ```
 {{<hint "tip" >}}
 The [Crossplane install guide]({{<ref "../software/install#feature-flags">}}) 
 describes enabling feature flags like 
 {{<hover label="deployment" line="12">}}--enable-environment-configs{{</hover>}}
 with Helm.
 {{< /hint >}}
 <!-- vale Google.Headings = NO -->
 ## Create an EnvironmentConfig
 <!-- vale Google.Headings = YES -->
 An {{<hover label="env1" line="2">}}EnvironmentConfig{{</hover>}} has a single
 object field,
 {{<hover label="env1" line="5">}}data{{</hover>}}.
 An EnvironmentConfig supports any data inside the 
 {{<hover label="env1" line="5">}}data{{</hover>}} field.
 Here an example 
 {{<hover label="env1" line="2">}}EnvironmentConfig{{</hover>}}.
 ```yaml {label="env1"}
 apiVersion: apiextensions.crossplane.io/v1alpha1
 kind: EnvironmentConfig
 metadata:
  name: example-environment
 data:
  locations:
    us: us-east-2
    eu: eu-north-1
  key1: value1
  key2: value2
  key3:
    - item1
    - item2
 ```
 <!-- vale Google.Headings = NO -->
 ## Select an EnvironmentConfig
 <!-- vale Google.Headings = YES -->
 Select the EnvironmentConfigs to use
 inside a Composition's 
 {{<hover label="comp" line="6">}}environment{{</hover>}} field.
 The {{<hover label="comp" line="7">}}environmentConfigs{{</hover>}} field is a
 list of environments this Composition can use. 
 Select an environment by 
 {{<hover label="comp" line="8">}}Reference{{</hover>}} or 
 by 
 {{<hover label="comp" line="11">}}Selector{{</hover>}}.
 A 
 {{<hover label="comp" line="8">}}Reference{{</hover>}}
 selects an environment by 
 {{<hover label="comp" line="10">}}name{{</hover>}}.  
 The 
 {{<hover label="comp" line="11">}}Selector{{</hover>}} selects an environment
 based on the 
 {{<hover label="comp" line="13">}}Labels{{</hover>}} applied to the environment. 
 ```yaml {label="comp",copy-lines="none"}
 apiVersion: apiextensions.crossplane.io/v1
 kind: Composition
 metadata:
  name: example-composition
 spec:
  environment:
    environmentConfigs:
    - type: Reference
      ref:
        name: example-environment
    - type: Selector
      selector:
        matchLabels:
      # Removed for brevity
 ```
 If a Composition uses multiple 
 {{<hover label="comp" line="7">}}environmentConfigs{{</hover>}}
 Crossplane merges them together in the order they're listed. 
 {{<hint "note" >}}
 If multiple 
 {{<hover label="comp" line="7">}}environmentConfigs{{</hover>}}
 use the same key, the Composition uses the value of the last environment listed.
 {{</hint >}}
 ### Select by name
 Select an environment by name with
 {{<hover label="byName" line="8">}}type: Reference{{</hover>}}. 
 Define the
 {{<hover label="byName" line="9">}}ref{{</hover>}} object and the 
 {{<hover label="byName" line="10">}}name{{</hover>}} matching the exact name of
 the environment.
 For example, select the 
 {{<hover label="byName" line="7">}}environmentConfig{{</hover>}}
 named
 {{<hover label="byName" line="10">}}example-environment{{</hover>}}
 ```yaml {label="byName",copy-lines="all"}
 apiVersion: apiextensions.crossplane.io/v1
 kind: Composition
 metadata:
  name: example-composition
 spec:
  environment:
    environmentConfigs:
    - type: Reference
      ref:
        name: example-environment
 ```
 ### Select by label
 Select an environment by labels with a
 {{<hover label="byLabel" line="8">}}type: Selector{{</hover>}}.  
 Define the {{<hover label="byLabel" line="9">}}selector{{</hover>}} object.  
 The
 {{<hover label="byLabel" line="10">}}matchLabels{{</hover>}} object contains a
 list of labels to match on. 
 Selecting a label requires matching both the label 
 {{<hover label="byLabel" line="11">}}key{{</hover>}} 
 and the value of key. 
 When matching the label's value, provide an exact value with a 
 {{<hover label="byLabel" line="12">}}type: Value{{</hover>}} and provide the value
 to match in the 
 {{<hover label="byLabel" line="13">}}value{{</hover>}} field.
 Crossplane can also match a label's value based on an input in the composite
 resource. Use 
 {{<hover label="byLabel" line="15">}}type: FromCompositeFieldPath{{</hover>}} 
 and provide the field to match in the 
 {{<hover label="byLabel" line="16">}}valueFromFieldPath{{</hover>}} field.
 ```yaml {label="byLabel",copy-lines="all"}
 apiVersion: apiextensions.crossplane.io/v1
 kind: Composition
 metadata:
  name: example-composition
 spec:
  environment:
    environmentConfigs:
    - type: Selector
      selector: 
        matchLabels:
          - key: my-label-key
            type: Value
            value: my-label-value
          - key: my-label-key
            type: FromCompositeFieldPath
            valueFromFieldPath: spec.parameters.deploy
  resources:
  # Removed for brevity
 ```
 #### Manage selector results
 Selecting environments by labels may return more than one environment.  
 The Composition sorts all the results by the name of the environments and
 only uses the first environment in the sorted list. 
 Set the {{<hover label="selectResults" line="10">}}mode{{</hover>}} as 
 {{<hover label="selectResults" line="10">}}mode: Multiple{{</hover>}} to return
 all matched environments. Use 
 {{<hover label="selectResults" line="19">}}mode: Single{{</hover>}} to 
 return a single environment.
 {{<hint "note" >}}
 Sorting and the selection 
 {{<hover label="selectResults" line="10">}}mode{{</hover>}}
 only applies to a single 
 {{<hover label="selectResults" line="8">}}type: Selector{{</hover>}}. 
 This doesn't change how Compositions merge multiple
 {{<hover label="selectResults" line="7">}}environmentConfigs{{</hover>}}.
 {{< /hint >}}
 ```yaml {label="selectResults"}
 apiVersion: apiextensions.crossplane.io/v1
 kind: Composition
 metadata:
  name: example-composition
 spec:
  environment:
    environmentConfigs:
    - type: Selector
      selector:
        mode: Multiple
        matchLabels:
          - key: my-label-key
            type: Value
            value: my-label-value
          - key: my-label-key
            type: FromCompositeFieldPath
            valueFromFieldPath: spec.parameters.deploy
    - type: Selector
      selector:
        mode: Single
        matchLabels:
          - key: my-other-label-key
            type: Value
            value: my-other-label-value
          - key: my-other-label-key
            type: FromCompositeFieldPath
            valueFromFieldPath: spec.parameters.deploy
 ```
 When using 
 {{<hover label="maxMatch" line="10">}}mode: Multiple{{</hover>}} limit the
 number of returned environments with
 {{<hover label="maxMatch" line="11">}}maxMatch{{</hover>}} and define the
 maximum number of environments returned. 
 Use `minMatch` and define the minimum 
 number of environments returned.
 The Composition sorts the returned environments alphabetically by name. Sort the
 environments on a different field with 
 {{<hover label="maxMatch" line="12">}}sortByFieldPath{{</hover>}} and define
 the field to sort by. 
 ```yaml {label="maxMatch"}
 apiVersion: apiextensions.crossplane.io/v1
 kind: Composition
 metadata:
  name: example-composition
 spec:
  environment:
    environmentConfigs:
    - type: Selector
      selector:
        mode: Multiple
        maxMatch: 4
        sortByFieldPath: metadata.annotations[sort.by/weight]
        matchLabels:
          - key: my-label-key
            type: Value
            value: my-label-value
          - key: my-label-key
            type: FromCompositeFieldPath
            valueFromFieldPath: spec.parameters.deploy
 ```
 The environments selected by
 {{<hover label="maxMatch" line="18">}}matchLabels{{</hover>}} are then merged
 into any other environments listed in the 
 {{<hover label="maxMatch" line="7">}}environmentConfigs{{</hover>}}.
 #### Optional selector labels
 By default, Crossplane issues an error if a
 {{<hover label="byLabelOptional" line="16">}}valueFromFieldPath{{</hover>}}
 field doesn't exist in the composite resource.  
 Add
 {{<hover label="byLabelOptional" line="17">}}fromFieldPathPolicy{{</hover>}}
 as {{<hover label="byLabelOptional" line="17">}}Optional{{</hover>}} 
 to ignore a field if it doesn't exist.
 ```yaml {label="byLabelOptional",copy-lines="all"}
 apiVersion: apiextensions.crossplane.io/v1
 kind: Composition
 metadata:
  name: example-composition
 spec:
  environment:
    environmentConfigs:
      - type: Selector
        selector:
          matchLabels:
            - key: my-first-label-key
              type: Value
              value: my-first-label-value
            - key: my-second-label-key
              type: FromCompositeFieldPath
              valueFromFieldPath: spec.parameters.deploy
              fromFieldPathPolicy: Optional
  resources:
  # Removed for brevity
 ```
 Set a default value for an optional label by setting the default
 {{<hover label="byLabelOptionalDefault" line="15">}}value{{</hover>}} for the
 {{<hover label="byLabelOptionalDefault" line="14">}}key{{</hover>}} first, then
 define the
 {{<hover label="byLabelOptionalDefault" line="20">}}Optional{{</hover>}} label.
 For example, this Composition defines
 {{<hover label="byLabelOptionalDefault" line="16">}}value: my-default-value{{</hover>}}
 for the key {{<hover label="byLabelOptionalDefault" line="14">}}my-second-label-key{{</hover>}}.
 If the label
 {{<hover label="byLabelOptionalDefault" line="17">}}my-second-label-key{{</hover>}}
 exists, Crossplane uses the value from the label instead.
 ```yaml {label="byLabelOptionalDefault",copy-lines="all"}
 apiVersion: apiextensions.crossplane.io/v1
 kind: Composition
 metadata:
  name: example-composition
 spec:
  environment:
    environmentConfigs:
      - type: Selector
        selector:
          matchLabels:
            - key: my-first-label-key
              type: Value
              value: my-label-value
            - key: my-second-label-key
              type: Value
              value: my-default-value
            - key: my-second-label-key
              type: FromCompositeFieldPath
              valueFromFieldPath: spec.parameters.deploy
              fromFieldPathPolicy: Optional
  resources:
  # Removed for brevity
 ```
 {{<hint "warning" >}}
 Crossplane applies values in order. The value of the last key defined always takes precedence.
 Defining the default value _after_ the label always overwrites the label
 value.
 {{< /hint >}}
 ## Patching with EnvironmentConfigs
 When Crossplane creates or updates a composite resource, Crossplane 
 merges all the specified EnvironmentConfigs into an in-memory environment.
 The composite resource can read or write data between the EnvironmentConfig and
 composite resource or between the EnvironmentConfig and individual resources
 defined inside the composite resource. 
 {{<hint "tip" >}}
 Read about EnvironmentConfig patch types in the 
 [Patch and Transform]({{<ref "./patch-and-transform">}}) documentation.
 {{< /hint >}}
 <!-- these two sections are duplicated in the compositions doc with different header depths --> 
 ### Patch a composite resource
 To patch the composite resource use
 {{< hover label="xrpatch" line="7">}}patches{{</hover>}} inside of the 
 {{< hover label="xrpatch" line="5">}}environment{{</hover>}}.
 Use the 
 {{< hover label="xrpatch" line="5">}}ToCompositeFieldPath{{</hover>}} to copy
 data from the in-memory environment to the composite resource.  
 Use the 
 {{< hover label="xrpatch" line="5">}}FromCompositeFieldPath{{</hover>}} to copy
 data from the composite resource to the in-memory environment.
 ```yaml {label="xrpatch",copy-lines="none"}
 apiVersion: apiextensions.crossplane.io/v1
 kind: Composition
 # Removed for Brevity
 spec:
  environment:
  # Removed for Brevity
      patches:
      - type: ToCompositeFieldPath
        fromFieldPath: tags
        toFieldPath: metadata.labels[envTag]
      - type: FromCompositeFieldPath
        fromFieldPath: metadata.name
        toFieldPath: newEnvironmentKey
 ```
 Individual resources can use any data written to the in-memory environment.
 ### Patch an individual resource
 To patch an individual resource, inside the 
 {{<hover label="envpatch" line="16">}}patches{{</hover>}} of the 
 resource, use 
 {{<hover label="envpatch" line="17">}}ToEnvironmentFieldPath{{</hover>}} to copy
 data from the resource to the in-memory environment.  
 Use {{<hover label="envpatch" line="20">}}FromEnvironmentFieldPath{{</hover>}}
 to copy data to the resource from the in-memory environment.
 ```yaml {label="envpatch",copy-lines="none"}
 apiVersion: apiextensions.crossplane.io/v1
 kind: Composition
 # Removed for Brevity
 spec:
  environment:
  # Removed for Brevity
  resources:
  # Removed for Brevity
    - name: vpc
      base:
        apiVersion: ec2.aws.upbound.io/v1beta1
        kind: VPC
        spec:
          forProvider:
            cidrBlock: 172.16.0.0/16
      patches:
        - type: ToEnvironmentFieldPath
          fromFieldPath: status.atProvider.id
          toFieldPath: vpcId
        - type: FromEnvironmentFieldPath
          fromFieldPath: tags
          toFieldPath: spec.forProvider.tags
 ```
 The [Patch and Transform]({{<ref "./patch-and-transform">}}) documentation has
 more information on patching individual resources.
 <!-- End duplicated content -->
--- a/content/v1.16/concepts/image-configs.md
+++ b/content/v1.16/concepts/image-configs.md
@ -1,86 +0,0 @@
 ---
 title: Image Configs
 weight: 400
 description: "Image Configs is an API for centralized control of the configuration of Crossplane package images."
 ---
 <!-- vale write-good.Passive = NO -->
 `ImageConfig` is an API for centralized control over the configuration of
 Crossplane package images. It allows you to configure package manager behavior
 for images globally, without needing to be referenced by other objects.
 ## Configuring a pull secret
 You can use `ImageConfig` to inject a pull secret into the Crossplane package
 manager registry client whenever it interacts with the registry, such as for
 dependency resolution or image pulls.
 In the following example, the `ImageConfig` resource named `acme-packages` is
 configured to inject the pull secret named `acme-registry-credentials` whenever
 it needs to interact with the registry for images with the prefix
 `registry1.com/acme-co/`.
 ```yaml
 apiVersion: pkg.crossplane.io/v1beta1
 kind: ImageConfig
 metadata:
  name: acme-packages
 spec:
  matchImages:
    - type: Prefix
      prefix: registry1.com/acme-co/
  registry:
    authentication:
      pullSecretRef:
        name: acme-registry-credentials
 ```
 `spec.registry.authentication.pullSecretRef` is a reference to the pull secret
 that should be injected into the registry client. The secret must be of type
 `kubernetes.io/dockerconfigjson` and must be in the Crossplane installation
 namespace, typically `crossplane-system`. One can create the secret using the
 following command:
 ```shell
 kubectl -n crossplane-system create secret docker-registry acme-registry-credentials --docker-server=registry1.com --docker-username=<user> --docker-password=<password>
 ```
 ### Matching image references
 `spec.matchImages` is a list of image references that the `ImageConfig` applies
 to. Each item in the list specifies the type and configuration of the image
 reference to match. The only supported type is `Prefix`, which matches the
 prefix of the image reference. No wildcards are supported. The `type` defaults
 to `Prefix` and can be omitted.
 When there are multiple `ImageConfigs`  matching an image reference, the one
 with the longest matching prefix is selected. If there are multiple
 `ImageConfigs` with the same longest matching prefix, one of them is selected
 arbitrarily. Please note that this situation occurs only if there are
 overlapping prefixes in the `matchImages` lists of different `ImageConfig`
 resources, which should be avoided.
 ### Debugging
 When the package manager selects an `ImageConfig` for a package, it throws an
 event with the reason `ImageConfigSelection` and the name of the selected
 `ImageConfig` and injected pull secret. You can find these events both on the
 package and package revision resources.
 For example, the following event indicates that the `ImageConfig` named
 `acme-packages` was selected for the configuration named `acme-configuration-foo`:
 ```shell
 $ kubectl describe configuration acme-configuration-foo
 ...
 Events:
  Type     Reason                Age                From                                              Message
  ----     ------                ----               ----                                              -------
  Normal   ImageConfigSelection  45s                packages/configuration.pkg.crossplane.io          Selected pullSecret "acme-registry-credentials" from ImageConfig "acme-packages" for registry authentication
 ```
 If you can't find the expected event, ensure the prefix of the image reference
 matches the `matchImages` list of any `ImageConfig` resources in the cluster.
 <!-- vale write-good.Passive = YES -->
--- a/content/v1.16/concepts/patch-and-transform.md
+++ b/content/v1.16/concepts/patch-and-transform.md
--- a/content/v1.17/api/crds/pkg.crossplane.io_locks.yaml
+++ b/content/v1.17/api/crds/pkg.crossplane.io_locks.yaml
@ -1,100 +0,0 @@
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.14.0
  name: locks.pkg.crossplane.io
 spec:
  group: pkg.crossplane.io
  names:
    kind: Lock
    listKind: LockList
    plural: locks
    singular: lock
  scope: Cluster
  versions:
  - additionalPrinterColumns:
    - jsonPath: .metadata.creationTimestamp
      name: AGE
      type: date
    name: v1beta1
    schema:
      openAPIV3Schema:
        description: Lock is the CRD type that tracks package dependencies.
        properties:
          apiVersion:
            description: |-
              APIVersion defines the versioned schema of this representation of an object.
              Servers should convert recognized schemas to the latest internal value, and
              may reject unrecognized values.
              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
            type: string
          kind:
            description: |-
              Kind is a string value representing the REST resource this object represents.
              Servers may infer this from the endpoint the client submits requests to.
              Cannot be updated.
              In CamelCase.
              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
            type: string
          metadata:
            type: object
          packages:
            items:
              description: LockPackage is a package that is in the lock.
              properties:
                dependencies:
                  description: |-
                    Dependencies are the list of dependencies of this package. The order of
                    the dependencies will dictate the order in which they are resolved.
                  items:
                    description: A Dependency is a dependency of a package in the
                      lock.
                    properties:
                      constraints:
                        description: |-
                          Constraints is a valid semver range, which will be used to select a valid
                          dependency version.
                        type: string
                      package:
                        description: Package is the OCI image name without a tag or
                          digest.
                        type: string
                      type:
                        description: Type is the type of package. Can be either Configuration
                          or Provider.
                        type: string
                    required:
                    - constraints
                    - package
                    - type
                    type: object
                  type: array
                name:
                  description: Name corresponds to the name of the package revision
                    for this package.
                  type: string
                source:
                  description: Source is the OCI image name without a tag or digest.
                  type: string
                type:
                  description: Type is the type of package. Can be either Configuration
                    or Provider.
                  type: string
                version:
                  description: Version is the tag or digest of the OCI image.
                  type: string
              required:
              - dependencies
              - name
              - source
              - type
              - version
              type: object
            type: array
        type: object
    served: true
    storage: true
    subresources:
      status: {}
--- a/content/v1.17/concepts/environment-configs.md
+++ b/content/v1.17/concepts/environment-configs.md
@ -1,414 +0,0 @@
 ---
 title: Environment Configurations
 weight: 75
 state: alpha
 alphaVersion: "1.11"
 description: "Environment Configurations or EnvironmentConfigs are an in-memory datastore used in Compositions"
 ---
 <!--
 TODO: Add Policies
 -->
 A Crossplane EnvironmentConfig is a cluster scoped 
 [ConfigMap](https://kubernetes.io/docs/concepts/configuration/configmap/)-like 
 resource used by Compositions. Compositions can use the environment to store
 information from individual resources or to apply patches.
 Crossplane supports multiple EnvironmentConfigs, each acting as a unique
 data store. 
 When Crossplane creates a composite resource, Crossplane merges all the 
 EnvironmentConfigs referenced in the associated Composition and creates a unique
 in-memory environment for that composite resource.
 The composite resource can read and write data to their unique 
 in-memory environment.
 {{<hint "important" >}}
 The in-memory environment is unique to each composite resource.  
 A composite resource can't read data in another composite resource's
 environment. 
 {{< /hint >}}
 ## Enable EnvironmentConfigs
 EnvironmentConfigs are an alpha feature. Alpha features aren't enabled by
 default.
 Enable EnvironmentConfig support by 
 [changing the Crossplane pod setting]({{<ref "./pods#change-pod-settings">}})
 and enabling  
 {{<hover label="deployment" line="12">}}--enable-environment-configs{{</hover>}}
 argument.
 ```yaml {label="deployment",copy-lines="12"}
 $ kubectl edit deployment crossplane --namespace crossplane-system
 apiVersion: apps/v1
 kind: Deployment
 spec:
 # Removed for brevity
  template:
    spec:
      containers:
      - args:
        - core
        - start
        - --enable-environment-configs
 ```
 {{<hint "tip" >}}
 The [Crossplane install guide]({{<ref "../software/install#feature-flags">}}) 
 describes enabling feature flags like 
 {{<hover label="deployment" line="12">}}--enable-environment-configs{{</hover>}}
 with Helm.
 {{< /hint >}}
 <!-- vale Google.Headings = NO -->
 ## Create an EnvironmentConfig
 <!-- vale Google.Headings = YES -->
 An {{<hover label="env1" line="2">}}EnvironmentConfig{{</hover>}} has a single
 object field,
 {{<hover label="env1" line="5">}}data{{</hover>}}.
 An EnvironmentConfig supports any data inside the 
 {{<hover label="env1" line="5">}}data{{</hover>}} field.
 Here an example 
 {{<hover label="env1" line="2">}}EnvironmentConfig{{</hover>}}.
 ```yaml {label="env1"}
 apiVersion: apiextensions.crossplane.io/v1alpha1
 kind: EnvironmentConfig
 metadata:
  name: example-environment
 data:
  locations:
    us: us-east-2
    eu: eu-north-1
  key1: value1
  key2: value2
  key3:
    - item1
    - item2
 ```
 <!-- vale Google.Headings = NO -->
 ## Select an EnvironmentConfig
 <!-- vale Google.Headings = YES -->
 Select the EnvironmentConfigs to use
 inside a Composition's 
 {{<hover label="comp" line="6">}}environment{{</hover>}} field.
 The {{<hover label="comp" line="7">}}environmentConfigs{{</hover>}} field is a
 list of environments this Composition can use. 
 Select an environment by 
 {{<hover label="comp" line="8">}}Reference{{</hover>}} or 
 by 
 {{<hover label="comp" line="11">}}Selector{{</hover>}}.
 A 
 {{<hover label="comp" line="8">}}Reference{{</hover>}}
 selects an environment by 
 {{<hover label="comp" line="10">}}name{{</hover>}}.  
 The 
 {{<hover label="comp" line="11">}}Selector{{</hover>}} selects an environment
 based on the 
 {{<hover label="comp" line="13">}}Labels{{</hover>}} applied to the environment. 
 ```yaml {label="comp",copy-lines="none"}
 apiVersion: apiextensions.crossplane.io/v1
 kind: Composition
 metadata:
  name: example-composition
 spec:
  environment:
    environmentConfigs:
    - type: Reference
      ref:
        name: example-environment
    - type: Selector
      selector:
        matchLabels:
      # Removed for brevity
 ```
 If a Composition uses multiple 
 {{<hover label="comp" line="7">}}environmentConfigs{{</hover>}}
 Crossplane merges them together in the order they're listed. 
 {{<hint "note" >}}
 If multiple 
 {{<hover label="comp" line="7">}}environmentConfigs{{</hover>}}
 use the same key, the Composition uses the value of the last environment listed.
 {{</hint >}}
 ### Select by name
 Select an environment by name with
 {{<hover label="byName" line="8">}}type: Reference{{</hover>}}. 
 Define the
 {{<hover label="byName" line="9">}}ref{{</hover>}} object and the 
 {{<hover label="byName" line="10">}}name{{</hover>}} matching the exact name of
 the environment.
 For example, select the 
 {{<hover label="byName" line="7">}}environmentConfig{{</hover>}}
 named
 {{<hover label="byName" line="10">}}example-environment{{</hover>}}
 ```yaml {label="byName",copy-lines="all"}
 apiVersion: apiextensions.crossplane.io/v1
 kind: Composition
 metadata:
  name: example-composition
 spec:
  environment:
    environmentConfigs:
    - type: Reference
      ref:
        name: example-environment
 ```
 ### Select by label
 Select an environment by labels with a
 {{<hover label="byLabel" line="8">}}type: Selector{{</hover>}}.  
 Define the {{<hover label="byLabel" line="9">}}selector{{</hover>}} object.  
 The
 {{<hover label="byLabel" line="10">}}matchLabels{{</hover>}} object contains a
 list of labels to match on. 
 Selecting a label requires matching both the label 
 {{<hover label="byLabel" line="11">}}key{{</hover>}} 
 and the value of key. 
 When matching the label's value, provide an exact value with a 
 {{<hover label="byLabel" line="12">}}type: Value{{</hover>}} and provide the value
 to match in the 
 {{<hover label="byLabel" line="13">}}value{{</hover>}} field.
 Crossplane can also match a label's value based on an input in the composite
 resource. Use 
 {{<hover label="byLabel" line="15">}}type: FromCompositeFieldPath{{</hover>}} 
 and provide the field to match in the 
 {{<hover label="byLabel" line="16">}}valueFromFieldPath{{</hover>}} field.
 ```yaml {label="byLabel",copy-lines="all"}
 apiVersion: apiextensions.crossplane.io/v1
 kind: Composition
 metadata:
  name: example-composition
 spec:
  environment:
    environmentConfigs:
    - type: Selector
      selector: 
        matchLabels:
          - key: my-label-key
            type: Value
            value: my-label-value
          - key: my-label-key
            type: FromCompositeFieldPath
            valueFromFieldPath: spec.parameters.deploy
  # Removed for brevity
 ```
 #### Manage selector results
 Selecting environments by labels may return more than one environment.  
 The Composition sorts all the results by the name of the environments and
 only uses the first environment in the sorted list. 
 Set the {{<hover label="selectResults" line="10">}}mode{{</hover>}} as 
 {{<hover label="selectResults" line="10">}}mode: Multiple{{</hover>}} to return
 all matched environments. Use 
 {{<hover label="selectResults" line="19">}}mode: Single{{</hover>}} to 
 return a single environment.
 {{<hint "note" >}}
 Sorting and the selection 
 {{<hover label="selectResults" line="10">}}mode{{</hover>}}
 only applies to a single 
 {{<hover label="selectResults" line="8">}}type: Selector{{</hover>}}. 
 This doesn't change how Compositions merge multiple
 {{<hover label="selectResults" line="7">}}environmentConfigs{{</hover>}}.
 {{< /hint >}}
 ```yaml {label="selectResults"}
 apiVersion: apiextensions.crossplane.io/v1
 kind: Composition
 metadata:
  name: example-composition
 spec:
  environment:
    environmentConfigs:
    - type: Selector
      selector:
        mode: Multiple
        matchLabels:
          - key: my-label-key
            type: Value
            value: my-label-value
          - key: my-label-key
            type: FromCompositeFieldPath
            valueFromFieldPath: spec.parameters.deploy
    - type: Selector
      selector:
        mode: Single
        matchLabels:
          - key: my-other-label-key
            type: Value
            value: my-other-label-value
          - key: my-other-label-key
            type: FromCompositeFieldPath
            valueFromFieldPath: spec.parameters.deploy
 ```
 When using 
 {{<hover label="maxMatch" line="10">}}mode: Multiple{{</hover>}} limit the
 number of returned environments with
 {{<hover label="maxMatch" line="11">}}maxMatch{{</hover>}} and define the
 maximum number of environments returned. 
 Use `minMatch` and define the minimum 
 number of environments returned.
 The Composition sorts the returned environments alphabetically by name. Sort the
 environments on a different field with 
 {{<hover label="maxMatch" line="12">}}sortByFieldPath{{</hover>}} and define
 the field to sort by. 
 ```yaml {label="maxMatch"}
 apiVersion: apiextensions.crossplane.io/v1
 kind: Composition
 metadata:
  name: example-composition
 spec:
  environment:
    environmentConfigs:
    - type: Selector
      selector:
        mode: Multiple
        maxMatch: 4
        sortByFieldPath: metadata.annotations[sort.by/weight]
        matchLabels:
          - key: my-label-key
            type: Value
            value: my-label-value
          - key: my-label-key
            type: FromCompositeFieldPath
            valueFromFieldPath: spec.parameters.deploy
 ```
 The environments selected by
 {{<hover label="maxMatch" line="18">}}matchLabels{{</hover>}} are then merged
 into any other environments listed in the 
 {{<hover label="maxMatch" line="7">}}environmentConfigs{{</hover>}}.
 #### Optional selector labels
 By default, Crossplane issues an error if a
 {{<hover label="byLabelOptional" line="16">}}valueFromFieldPath{{</hover>}}
 field doesn't exist in the composite resource.  
 Add
 {{<hover label="byLabelOptional" line="17">}}fromFieldPathPolicy{{</hover>}}
 as {{<hover label="byLabelOptional" line="17">}}Optional{{</hover>}} 
 to ignore a field if it doesn't exist.
 ```yaml {label="byLabelOptional",copy-lines="all"}
 apiVersion: apiextensions.crossplane.io/v1
 kind: Composition
 metadata:
  name: example-composition
 spec:
  environment:
    environmentConfigs:
      - type: Selector
        selector:
          matchLabels:
            - key: my-first-label-key
              type: Value
              value: my-first-label-value
            - key: my-second-label-key
              type: FromCompositeFieldPath
              valueFromFieldPath: spec.parameters.deploy
              fromFieldPathPolicy: Optional
  # Removed for brevity
 ```
 Set a default value for an optional label by setting the default
 {{<hover label="byLabelOptionalDefault" line="15">}}value{{</hover>}} for the
 {{<hover label="byLabelOptionalDefault" line="14">}}key{{</hover>}} first, then
 define the
 {{<hover label="byLabelOptionalDefault" line="20">}}Optional{{</hover>}} label.
 For example, this Composition defines
 {{<hover label="byLabelOptionalDefault" line="16">}}value: my-default-value{{</hover>}}
 for the key {{<hover label="byLabelOptionalDefault" line="14">}}my-second-label-key{{</hover>}}.
 If the label
 {{<hover label="byLabelOptionalDefault" line="17">}}my-second-label-key{{</hover>}}
 exists, Crossplane uses the value from the label instead.
 ```yaml {label="byLabelOptionalDefault",copy-lines="all"}
 apiVersion: apiextensions.crossplane.io/v1
 kind: Composition
 metadata:
  name: example-composition
 spec:
  environment:
    environmentConfigs:
      - type: Selector
        selector:
          matchLabels:
            - key: my-first-label-key
              type: Value
              value: my-label-value
            - key: my-second-label-key
              type: Value
              value: my-default-value
            - key: my-second-label-key
              type: FromCompositeFieldPath
              valueFromFieldPath: spec.parameters.deploy
              fromFieldPathPolicy: Optional
  # Removed for brevity
 ```
 {{<hint "warning" >}}
 Crossplane applies values in order. The value of the last key defined always takes precedence.
 Defining the default value _after_ the label always overwrites the label
 value.
 {{< /hint >}}
 ## Use EnvironmentConfigs in a Composition
 When Crossplane creates or updates a composite resource, it merges all the
 specified EnvironmentConfigs into an in-memory environment.
 Crossplane sends the merged, in-memory environment to the composition function
 pipeline using the
 [pipeline context]({{<ref "./compositions#function-pipeline-context">}}).
 It writes the environment to the `apiextensions.crossplane.io/environment`
 context key.
 Some composition functions can read the environment from the pipeline context
 and use it to compose resources.
 {{<hint "tip" >}}
 The Patch and Transform function can use the environment to patch composed
 resources. Read about EnvironmentConfig patch types in the
 [Patch and Transform function documentation]({{<ref "../guides/function-patch-and-transform">}}).
 {{< /hint >}}
--- a/content/v1.17/concepts/image-configs.md
+++ b/content/v1.17/concepts/image-configs.md
@ -1,86 +0,0 @@
 ---
 title: Image Configs
 weight: 400
 description: "Image Configs is an API for centralized control of the configuration of Crossplane package images."
 ---
 <!-- vale write-good.Passive = NO -->
 `ImageConfig` is an API for centralized control over the configuration of
 Crossplane package images. It allows you to configure package manager behavior
 for images globally, without needing to be referenced by other objects.
 ## Configuring a pull secret
 You can use `ImageConfig` to inject a pull secret into the Crossplane package
 manager registry client whenever it interacts with the registry, such as for
 dependency resolution or image pulls.
 In the following example, the `ImageConfig` resource named `acme-packages` is
 configured to inject the pull secret named `acme-registry-credentials` whenever
 it needs to interact with the registry for images with the prefix
 `registry1.com/acme-co/`.
 ```yaml
 apiVersion: pkg.crossplane.io/v1beta1
 kind: ImageConfig
 metadata:
  name: acme-packages
 spec:
  matchImages:
    - type: Prefix
      prefix: registry1.com/acme-co/
  registry:
    authentication:
      pullSecretRef:
        name: acme-registry-credentials
 ```
 `spec.registry.authentication.pullSecretRef` is a reference to the pull secret
 that should be injected into the registry client. The secret must be of type
 `kubernetes.io/dockerconfigjson` and must be in the Crossplane installation
 namespace, typically `crossplane-system`. One can create the secret using the
 following command:
 ```shell
 kubectl -n crossplane-system create secret docker-registry acme-registry-credentials --docker-server=registry1.com --docker-username=<user> --docker-password=<password>
 ```
 ### Matching image references
 `spec.matchImages` is a list of image references that the `ImageConfig` applies
 to. Each item in the list specifies the type and configuration of the image
 reference to match. The only supported type is `Prefix`, which matches the
 prefix of the image reference. No wildcards are supported. The `type` defaults
 to `Prefix` and can be omitted.
 When there are multiple `ImageConfigs`  matching an image reference, the one
 with the longest matching prefix is selected. If there are multiple
 `ImageConfigs` with the same longest matching prefix, one of them is selected
 arbitrarily. Please note that this situation occurs only if there are
 overlapping prefixes in the `matchImages` lists of different `ImageConfig`
 resources, which should be avoided.
 ### Debugging
 When the package manager selects an `ImageConfig` for a package, it throws an
 event with the reason `ImageConfigSelection` and the name of the selected
 `ImageConfig` and injected pull secret. You can find these events both on the
 package and package revision resources.
 For example, the following event indicates that the `ImageConfig` named
 `acme-packages` was selected for the configuration named `acme-configuration-foo`:
 ```shell
 $ kubectl describe configuration acme-configuration-foo
 ...
 Events:
  Type     Reason                Age                From                                              Message
  ----     ------                ----               ----                                              -------
  Normal   ImageConfigSelection  45s                packages/configuration.pkg.crossplane.io          Selected pullSecret "acme-registry-credentials" from ImageConfig "acme-packages" for registry authentication
 ```
 If you can't find the expected event, ensure the prefix of the image reference
 matches the `matchImages` list of any `ImageConfig` resources in the cluster.
 <!-- vale write-good.Passive = YES -->
--- a/content/v1.18/cli/command-reference.md
+++ b/content/v1.18/cli/command-reference.md
@ -240,9 +240,6 @@ For example,
 Include YAML files demonstrating how to use the package with `--examples-root`. 
 [Upbound Marketplace](https://marketplace.upbound.io/) uses files included with 
 `--examples-root` as documentation for published packages.
 #### Include a runtime image
 Functions and Providers require YAML files describing their dependencies and 
@ -326,9 +323,9 @@ inside Crossplane.
 The `<package-kind>` is either a `configuration`, `function` or `provider`.
 For example, to install to the latest version of the
-[AWS S3 provider](https://marketplace.upbound.io/providers/upbound/provider-aws-s3/):
+[AWS S3 provider](https://github.com/crossplane-contrib/provider-upjet-aws):
-`crossplane xpkg install provider xpkg.upbound.io/upbound/provider-aws-s3:v1`
+`crossplane xpkg install provider xpkg.crossplane.io/crossplane-contrib/provider-aws-s3:v1.21.1`
 #### Flags
 {{< table "table table-sm table-striped">}}
@ -380,11 +377,7 @@ in the package documentation.
 ### xpkg login
-Use `xpkg login` to authenticate to `xpkg.upbound.io`, the 
+Use `xpkg login` to authenticate to registries that host Crossplane packages.
 [Upbound Marketplace](https://marketplace.upbound.io/) container registry.
 [Register with the Upbound Marketplace](https://accounts.upbound.io/register) 
 to push packages and create private repositories. 
 #### Flags
@ -451,10 +444,6 @@ Using `crossplane xpkg logout` removes the `session` from the
 Push a Crossplane package file to a package registry. 
 The Crossplane CLI pushes images to the 
 [Upbound Marketplace](https://marketplace.upbound.io/) at `xpkg.upbound.io` by 
 default.
 {{< hint "note" >}}
 Pushing a package may require authentication with 
 [`crossplane xpkg login`](#xpkg-login)
@ -504,13 +493,10 @@ already installed in Crossplane.
 `crossplane xpkg update <package-kind> <registry package name and tag> [<optional-name>]`
 The package file must be an organization, image and tag on the `xpkg.upbound.io`
 registry on [Upbound Marketplace](https://marketplace.upbound.io/).
 For example, to update to the latest version of the
-[AWS S3 provider](https://marketplace.upbound.io/providers/upbound/provider-aws-s3/):
+[AWS S3 provider](https://github.com/crossplane-contrib/provider-upjet-aws):
-`crossplane xpkg update provider xpkg.upbound.io/upbound/provider-aws-s3:v1`
+`crossplane xpkg update provider xpkg.crossplane.io/crossplane-contrib/provider-aws-s3:v1.21.1`
 ## beta
@ -573,7 +559,7 @@ TYPE         NAMESPACE   NAME
 crossplane   default     crossplane-f98f9ddfd-tnm46                                            4m           32Mi
 crossplane   default     crossplane-rbac-manager-74ff459b88-94p8p                              4m           14Mi
 provider     default     provider-aws-s3-1f1a3fb08cbc-5c49d84447-sggrq                         3m           108Mi
-provider     default     upbound-provider-family-aws-48b3b5ccf964-76c9686b6-bgg65   2m           89Mi
+provider     default     crossplane-contrib-provider-family-aws-48b3b5ccf964-76c9686b6-bgg65   2m           89Mi
 ```
 {{<hint "important" >}}
@ -942,7 +928,7 @@ To clear the cache and download the CRD files again use the `--clean-cache` flag
 To validate a managed resource against a provider,
 first, create a provider manifest file. For example, to validate an IAM role
 from Provider AWS, use the 
-[Provider AWS IAM](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.0.0) 
+[Provider AWS IAM](https://github.com/crossplane-contrib/provider-upjet-aws) 
 manifest.
 {{<hint "tip" >}}
@ -957,7 +943,7 @@ kind: Provider
 metadata:
  name: provider-aws-iam
 spec:
-  package: xpkg.upbound.io/upbound/provider-aws-iam:v1
+  package: xpkg.crossplane.io/crossplane-contrib/provider-aws-iam:v1.21.1
 ```
 Now include the XR or managed resource to validate.
--- a/content/v1.18/concepts/compositions.md
+++ b/content/v1.18/concepts/compositions.md
@ -134,7 +134,7 @@ kind: Function
 metadata:
  name: function-patch-and-transform
 spec:
-  package: xpkg.upbound.io/crossplane-contrib/function-patch-and-transform:v0.1.4
+  package: xpkg.crossplane.io/crossplane-contrib/function-patch-and-transform:v0.8.2
 ```
 {{< hint "tip" >}}
@ -155,7 +155,7 @@ During the install a Function reports `INSTALLED` as `True` and `HEALTHY` as
 ```shell {copy-lines="1"}
 kubectl get functions
 NAME                              INSTALLED   HEALTHY   PACKAGE                                                                  AGE
-function-patch-and-transform      True        Unknown   xpkg.upbound.io/crossplane-contrib/function-patch-and-transform:v0.1.4   10s
+function-patch-and-transform      True        Unknown   xpkg.crossplane.io/crossplane-contrib/function-patch-and-transform:v0.8.2   10s
 ```
 After the Function install completes and it's ready for use the `HEALTHY` status
@ -545,7 +545,7 @@ kind: Function
 metadata:
  name: function-patch-and-transform
 spec:
-  package: xpkg.upbound.io/crossplane-contrib/function-patch-and-transform:v0.1.4
+  package: xpkg.crossplane.io/crossplane-contrib/function-patch-and-transform:v0.8.2
 ```
 {{</expand>}}
@ -576,7 +576,7 @@ metadata:
  annotations:
    render.crossplane.io/runtime: Development
 spec:
-  package: xpkg.upbound.io/crossplane-contrib/function-patch-and-transform:v0.1.4
+  package: xpkg.crossplane.io/crossplane-contrib/function-patch-and-transform:v0.8.2
 ```
 {{<hint "tip">}}
--- a/content/v1.18/concepts/connection-details.md
+++ b/content/v1.18/concepts/connection-details.md
@ -49,7 +49,7 @@ All the following examples use the same set of Compositions,
 CompositeResourceDefinitions and Claims.
 All examples rely on 
-[Upbound provider-aws-iam](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/)
+[provider-aws-iam](https://github.com/crossplane-contrib/provider-upjet-aws)
 to create resources.
 {{<expand "Reference Composition" >}}
@ -534,11 +534,10 @@ the secret key names to create. Crossplane only adds the keys listed to the
 combined secret.
 {{<hint "warning">}}
-You can't change the 
+When changing the {{<hover label="xrd" line="4">}}connectionSecretKeys{{</hover>}} of an XRD the change isn't immediately reflected.
-{{<hover label="xrd" line="4">}}connectionSecretKeys{{</hover>}} of an XRD. 
+You have two options to change the keys in the combined secret object.
-You must delete and
+- Delete and recreate the XRD. This only makes sense if the XRD isn't used as it leads to the deletion of XRs.
-recreate the XRD to change the 
+- Restart the XR reconciler, which can be done by restarting the Crossplane pod.
 {{<hover label="xrd" line="4">}}connectionSecretKeys{{</hover>}}.
 {{</hint >}}
 For example, an XRD may restrict the secrets to only the 
--- a/content/v1.18/concepts/managed-resources.md
+++ b/content/v1.18/concepts/managed-resources.md
@ -15,9 +15,9 @@ external object inside the Provider an _external resource_.
 {{< /hint >}}
 Examples of managed resources include:
-* Amazon AWS EC2 [`Instance`](https://marketplace.upbound.io/providers/upbound/provider-aws/latest/resources/ec2.aws.upbound.io/Instance/v1beta1)
+* Amazon AWS EC2 `Instance` defined in [provider-upjet-aws](https://github.com/crossplane-contrib/provider-upjet-aws).
-* Google Cloud GKE [`Cluster`](https://marketplace.upbound.io/providers/upbound/provider-gcp/latest/resources/container.gcp.upbound.io/Cluster/v1beta1)
+* Google Cloud GKE `Cluster` defined in [provider-upjet-gcp](https://github.com/crossplane-contrib/provider-upjet-gcp).
-* Microsoft Azure PostgreSQL [`Database`](https://marketplace.upbound.io/providers/upbound/provider-azure/latest/resources/dbforpostgresql.azure.upbound.io/Database/v1beta1)
+* Microsoft Azure PostgreSQL `Database` defined in [provider-upjet-azure](https://github.com/crossplane-contrib/provider-upjet-azure).
 {{< hint "tip" >}}
@ -35,7 +35,7 @@ Provider also define the available settings of a managed resource.
 Each managed resource is a unique API endpoint with their own
 group, kind and version. 
-For example the [Upbound AWS Provider](https://marketplace.upbound.io/providers/upbound/provider-aws/latest/)
+For example [provider-upjet-aws](https://github.com/crossplane-contrib/provider-upjet-aws)
 defines the {{<hover label="gkv" line="2">}}Instance{{</hover>}} kind from the
 group {{<hover label="gkv" line="1">}}ec2.aws.upbound.io{{</hover>}}
@ -529,7 +529,7 @@ Crossplane stores these details in a Kubernetes Secret object specified by the
 `writeConnectionSecretToRef` values. 
 For example, when creating an AWS RDS database instance with the Crossplane 
-[community AWS provider](https://marketplace.upbound.io/providers/crossplane-contrib/provider-aws/v0.40.0) 
+[community AWS provider](https://github.com/crossplane-contrib/provider-aws) 
 generates an endpoint, password, port and username data. The Provider saves
 these variables in the Kubernetes secret 
 {{<hover label="secretname" line="9" >}}rds-secret{{</hover>}}, referenced by
--- a/content/v1.18/concepts/packages.md
+++ b/content/v1.18/concepts/packages.md
@ -34,8 +34,7 @@ the {{<hover line="6" label="install">}}spec.package{{</hover>}} value to the
 location of the configuration package.
 {{< hint "important" >}}
-Beginning with Crossplane version 1.15.0 Crossplane uses the Upbound Marketplace
+Beginning with Crossplane version 1.20.0 Crossplane uses the [crossplane-contrib](https://github.com/orgs/crossplane-contrib/packages) GitHub Container Registry at `xpkg.crossplane.io` by default for downloading and
 Crossplane package registry at `xpkg.upbound.io` by default for downloading and
 installing packages. 
 Specify the full domain name with the `package` or change the default Crossplane
@ -43,15 +42,15 @@ registry with the `--registry` flag on the [Crossplane pod]({{<ref "./pods">}})
 {{< /hint >}}
 For example to install the 
-[Upbound AWS reference platform](https://marketplace.upbound.io/configurations/upbound/platform-ref-aws/v0.6.0).
+[Getting Started Configuration](https://github.com/crossplane-contrib/configuration-quickstart), 
 ```yaml {label="install"}
 apiVersion: pkg.crossplane.io/v1
 kind: Configuration
 metadata:
-  name: platform-ref-aws
+  name: configuration-quickstart
 spec:
-  package: xpkg.upbound.io/upbound/platform-ref-aws:v0.6.0
+  package: xpkg.crossplane.io/crossplane-contrib/configuration-quickstart:v0.1.0
 ```
 {{<hint "tip" >}}
@ -62,9 +61,9 @@ and repeatable installations.
 apiVersion: pkg.crossplane.io/v1
 kind: Configuration
 metadata:
-  name: platform-ref-aws
+  name: configuration-quickstart
 spec:
-  package: xpkg.upbound.io/upbound/platform-ref-aws@sha256:a30ad655c7699218d9234285d838d85582f015d02f7f061f8486b28248fd7db7
+  package: xpkg.crossplane.io/crossplane-contrib/configuration-quickstart@sha256:ef9795d146190637351a5c5848e0bab5e0c190fec7780f6c426fbffa0cb68358
 ```
 {{< /hint >}}
@ -80,14 +79,14 @@ Use the
 {{<hover label="helm" line="5" >}}--set configuration.packages{{</hover >}}
 argument with `helm install`.
-For example, to install the Upbound AWS reference platform,
+For example, to install the Getting Started Configuration,
 ```shell {label="helm"}
 helm install crossplane \
 crossplane-stable/crossplane \
 --namespace crossplane-system \
 --create-namespace \
--set configuration.packages='{xpkg.upbound.io/upbound/platform-ref-aws:v0.6.0}'
+--set configuration.packages='{xpkg.crossplane.io/crossplane-contrib/configuration-quickstart:v0.1.0}'
 ```
 ### Install offline
@ -116,8 +115,8 @@ View the configuration revisions with
 ```shell {label="rev",copy-lines="1"}
 kubectl get configurationrevisions
 NAME                            HEALTHY   REVISION   IMAGE                                             STATE      DEP-FOUND   DEP-INSTALLED   AGE
-platform-ref-aws-1735d56cd88d   True      2          xpkg.upbound.io/upbound/platform-ref-aws:v0.5.0   Active     2           2               46s
+platform-ref-aws-1735d56cd88d   True      2          xpkg.crossplane.io/crossplane-contrib/platform-ref-aws:v0.5.0   Active     2           2               46s
-platform-ref-aws-3ac761211893   True      1          xpkg.upbound.io/upbound/platform-ref-aws:v0.4.1   Inactive                               5m13s
+platform-ref-aws-3ac761211893   True      1          xpkg.crossplane.io/crossplane-contrib/platform-ref-aws:v0.4.1   Inactive                               5m13s
 ```
 Only a single revision is active at a time. The active revision determines the
@ -309,7 +308,7 @@ A working configuration reports `Installed` and `Healthy` as `True`.
 ```shell {label="verify",copy-lines="1"}
 kubectl get configuration
 NAME               INSTALLED   HEALTHY   PACKAGE                                           AGE
-platform-ref-aws   True        True      xpkg.upbound.io/upbound/platform-ref-aws:v0.6.0   54s
+platform-ref-aws   True        True      xpkg.crossplane.io/crossplane-contrib/configuration-quickstart:v0.1.0   54s
 ```
 ### Manage dependencies
@ -320,13 +319,13 @@ Functions, Providers or other Configurations.
 If Crossplane can't meet the dependencies of a Configuration the Configuration
 reports `HEALTHY` as `False`. 
-For example, this installation of the Upbound AWS reference platform is
+For example, this installation of the Getting Started Configuration is
 `HEALTHY: False`.
 ```shell {copy-lines="1"}
 kubectl get configuration
 NAME               INSTALLED   HEALTHY   PACKAGE                                           AGE
-platform-ref-aws   True        False     xpkg.upbound.io/upbound/platform-ref-aws:v0.6.0   71s
+platform-ref-aws   True        False     xpkg.crossplane.io/crossplane-contrib/configuration-quickstart:v0.1.0   71s
 ```
 To see more information on why the Configuration isn't `HEALTHY` use 
@ -340,7 +339,7 @@ Kind:         ConfigurationRevision
 # Removed for brevity
 Spec:
  Desired State:                  Active
-  Image:                          xpkg.upbound.io/upbound/platform-ref-aws:v0.6.0
+  Image:                          xpkg.crossplane.io/crossplane-contrib/configuration-quickstart:v0.1.0
  Revision:                       1
 Status:
  Conditions:
@ -424,7 +423,7 @@ metadata:
  name: test-configuration
 spec:
  dependsOn:
-    - provider: xpkg.upbound.io/crossplane-contrib/provider-aws
+    - provider: xpkg.crossplane.io/crossplane-contrib/provider-aws
      version: ">=v0.36.0"
  crossplane:
    version: ">=v1.12.1-0"
--- a/content/v1.18/concepts/pods.md
+++ b/content/v1.18/concepts/pods.md
@ -350,7 +350,7 @@ the Helm `values.yml` file or after installation by editing the `Deployment`.
 The full list of 
 [configuration options]({{<ref "../software/install#customize-the-crossplane-helm-chart">}}) 
 and 
-[feature flags]({{<ref "../software/install#customize-the-crossplane-helm-chart">}}) 
+[feature flags]({{<ref "../software/install#feature-flags">}})
 are available in the 
 [Crossplane Install]({{<ref "../software/install">}}) 
 section. 
--- a/content/v1.18/concepts/providers.md
+++ b/content/v1.18/concepts/providers.md
@ -21,10 +21,6 @@ Examples of providers include:
 * [Provider GCP](https://github.com/upbound/provider-gcp)
 * [Provider Kubernetes](https://github.com/crossplane-contrib/provider-kubernetes)
 {{< hint "tip" >}}
 Find more providers in Crossplane's [public package registries](https://www.crossplane.io/registries).
 {{< /hint >}}
 <!-- vale write-good.Passive = NO -->
 <!-- "are Managed" isn't passive in this context -->
 Providers define every external resource they can create in Kubernetes as a
@ -48,8 +44,7 @@ Install a Provider with a Crossplane
 location of the provider package.
 {{< hint "important" >}}
-Beginning with Crossplane version 1.15.0 Crossplane uses the Upbound Marketplace
+Beginning with Crossplane version 1.20.0 Crossplane uses the [crossplane-contrib](https://github.com/orgs/crossplane-contrib/packages) GitHub Container Registry at `xpkg.crossplane.io` by default for downloading and
 Crossplane package registry at `xpkg.upbound.io` by default for downloading and
 installing packages. 
 Specify the full domain name with the `package` or change the default Crossplane
@ -65,7 +60,7 @@ kind: Provider
 metadata:
  name: provider-aws
 spec:
-  package: xpkg.upbound.io/crossplane-contrib/provider-aws:v0.39.0
+  package: xpkg.crossplane.io/crossplane-contrib/provider-aws:v0.39.0
 ```
 By default, the Provider pod installs in the same namespace as Crossplane
@ -113,7 +108,7 @@ helm install crossplane \
 crossplane-stable/crossplane \
 --namespace crossplane-system \
 --create-namespace \
--set provider.packages='{xpkg.upbound.io/crossplane-contrib/provider-aws:v0.39.0}'
+--set provider.packages='{xpkg.crossplane.io/crossplane-contrib/provider-aws:v0.39.0}'
 ```
 ### Install offline
@ -140,7 +135,7 @@ kind: Provider
 metadata:
  name: provider-aws
 spec:
-  package: xpkg.upbound.io/crossplane-contrib/provider-aws@sha256:ee6bece46dbb54cc3f0233961f5baac317fa4e4a81b41198bdc72fc472d113d0
+  package: xpkg.crossplane.io/crossplane-contrib/provider-aws@sha256:ee6bece46dbb54cc3f0233961f5baac317fa4e4a81b41198bdc72fc472d113d0
 ```
 {{< /hint >}}
@ -333,13 +328,13 @@ Configurations or other Providers.
 If Crossplane can't meet the dependencies of a Provider package the Provider
 reports `HEALTHY` as `False`. 
-For example, this installation of the Upbound AWS reference platform is
+For example, this installation of the Getting Started Configuration is
 `HEALTHY: False`.
 ```shell {copy-lines="1"}
 kubectl get providers
 NAME              INSTALLED   HEALTHY   PACKAGE                                           AGE
-provider-aws-s3   True        False     xpkg.upbound.io/upbound/provider-aws-s3:v1.0.0   12s
+provider-aws-s3   True        False     xpkg.crossplane.io/crossplane-contrib/provider-aws-s3:v1.21.1   12s
 ```
 To see more information on why the Provider isn't `HEALTHY` use
@ -352,7 +347,7 @@ API Version:  pkg.crossplane.io/v1
 Kind:         ProviderRevision
 Spec:
  Desired State:                  Active
-  Image:                          xpkg.upbound.io/upbound/provider-aws-s3:v1.0.0
+  Image:                          xpkg.crossplane.io/crossplane-contrib/provider-aws-s3:v1.21.1
  Revision:                       1
 Status:
  Conditions:
@ -390,10 +385,10 @@ View the `ProviderRevisions` with
 ```shell {label="getPR",copy-lines="1"}
 kubectl get providerrevisions
 NAME                                       HEALTHY   REVISION   IMAGE                                                    STATE      DEP-FOUND   DEP-INSTALLED   AGE
-provider-aws-s3-dbc7f981d81f               True      1          xpkg.upbound.io/upbound/provider-aws-s3:v1.0.0           Active     1           1               10d
+provider-aws-s3-dbc7f981d81f               True      1          xpkg.crossplane.io/crossplane-contrib/provider-aws-s3:v1.21.1           Active     1           1               10d
-provider-nop-552a394a8acc                  True      2          xpkg.upbound.io/crossplane-contrib/provider-nop:v0.3.0   Active                                 11d
+provider-nop-552a394a8acc                  True      2          xpkg.crossplane.io/crossplane-contrib/provider-nop:v0.3.0   Active                                 11d
-provider-nop-7e62d2a1a709                  True      1          xpkg.upbound.io/crossplane-contrib/provider-nop:v0.2.0   Inactive                               13d
+provider-nop-7e62d2a1a709                  True      1          xpkg.crossplane.io/crossplane-contrib/provider-nop:v0.2.0   Inactive                               13d
-upbound-provider-family-aws-710d8cfe9f53   True      1          xpkg.upbound.io/upbound/provider-family-aws:v1.0.0       Active                                 10d
+crossplane-contrib-provider-family-aws-710d8cfe9f53   True      1          xpkg.crossplane.io/crossplane-contrib/provider-family-aws:v1.21.1        Active                                 10d
 ```
 By default Crossplane keeps a single
@ -436,7 +431,7 @@ During the install a Provider report `INSTALLED` as `True` and `HEALTHY` as
 ```shell {copy-lines="1"}
 kubectl get providers
 NAME                              INSTALLED   HEALTHY   PACKAGE                                                   AGE
-crossplane-contrib-provider-aws   True        Unknown   xpkg.upbound.io/crossplane-contrib/provider-aws:v0.39.0   63s
+crossplane-contrib-provider-aws   True        Unknown   xpkg.crossplane.io/crossplane-contrib/provider-aws:v0.39.0   63s
 ```
 After the Provider install completes and it's ready for use the `HEALTHY` status
@ -445,7 +440,7 @@ reports `True`.
 ```shell {copy-lines="1"}
 kubectl get providers
 NAME                              INSTALLED   HEALTHY   PACKAGE                                                   AGE
-crossplane-contrib-provider-aws   True        True      xpkg.upbound.io/crossplane-contrib/provider-aws:v0.39.0   88s
+crossplane-contrib-provider-aws   True        True      xpkg.crossplane.io/crossplane-contrib/provider-aws:v0.39.0   88s
 ```
 {{<hint "important" >}}
@ -654,7 +649,7 @@ kind: Provider
 metadata:
  name: provider-gcp-iam
 spec:
-  package: xpkg.upbound.io/upbound/provider-gcp-iam:v1
+  package: xpkg.crossplane.io/crossplane-contrib/provider-gcp-iam:v1
  runtimeConfigRef:
    name: enable-ess
 ---
--- a/content/v1.18/getting-started/install-crossplane-include.md
+++ b/content/v1.18/getting-started/install-crossplane-include.md
@ -71,7 +71,7 @@ function:
 hostNetwork: false
 image:
  pullPolicy: IfNotPresent
-  repository: xpkg.upbound.io/crossplane/crossplane
+  repository: xpkg.crossplane.io/crossplane/crossplane
  tag: ""
 imagePullSecrets: {}
 leaderElection: true
@ -840,7 +840,7 @@ spec:
      serviceAccountName: crossplane
      hostNetwork: false
      initContainers:
-        - image: "xpkg.upbound.io/crossplane/crossplane:v1.15.0"
+        - image: "xpkg.crossplane.io/crossplane/crossplane:v1.15.0"
          args:
          - core
          - init
@ -894,7 +894,7 @@ spec:
          - name: "TLS_CLIENT_SECRET_NAME"
            value: crossplane-tls-client
      containers:
-      - image: "xpkg.upbound.io/crossplane/crossplane:v1.15.0"
+      - image: "xpkg.crossplane.io/crossplane/crossplane:v1.15.0"
        args:
        - core
        - start
@ -1011,7 +1011,7 @@ spec:
    spec:
      serviceAccountName: rbac-manager
      initContainers:
-      - image: "xpkg.upbound.io/crossplane/crossplane:v1.15.0"
+      - image: "xpkg.crossplane.io/crossplane/crossplane:v1.15.0"
        args:
        - rbac
        - init
@ -1041,7 +1041,7 @@ spec:
                containerName: crossplane-init
                resource: limits.memory
      containers:
-      - image: "xpkg.upbound.io/crossplane/crossplane:v1.15.0"
+      - image: "xpkg.crossplane.io/crossplane/crossplane:v1.15.0"
        args:
        - rbac
        - start
--- a/content/v1.18/getting-started/introduction.md
+++ b/content/v1.18/getting-started/introduction.md
@ -86,9 +86,9 @@ The following sections describe the functions of some of these CRDs.
 A Crossplane _Provider_ creates a second set of CRDs that define how Crossplane
 connects to a non-Kubernetes service. Each external service relies on its own
 Provider. For example, 
-[AWS](https://marketplace.upbound.io/providers/upbound/provider-aws), 
+[AWS](https://github.com/crossplane-contrib/provider-upjet-aws), 
-[Azure](https://marketplace.upbound.io/providers/upbound/provider-azure) 
+[Azure](https://github.com/crossplane-contrib/provider-upjet-azure) 
-and [GCP](https://marketplace.upbound.io/providers/upbound/provider-gcp)
+and [GCP](https://github.com/crossplane-contrib/provider-upjet-gcp)
 are different providers for each cloud service.
 {{< hint "tip" >}}
@ -100,19 +100,16 @@ For example, an AWS Provider defines Kubernetes CRDs for AWS resources like EC2
 compute instances or S3 storage buckets.
 The Provider defines the Kubernetes API definition for the external resource.
-For example, the 
+For example,  
-[Upbound Provider AWS](https://marketplace.upbound.io/providers/upbound/provider-aws/)
+[provider-upjet-aws](https://github.com/crossplane-contrib/provider-upjet-aws)
 defines a 
-[`bucket`](https://marketplace.upbound.io/providers/upbound/provider-aws/v0.25.0/resources/s3.aws.upbound.io/Bucket/v1beta1) 
+[`bucket`](https://github.com/crossplane-contrib/provider-upjet-aws/blob/release-1.20/package/crds/s3.aws.upbound.io_buckets.yaml) 
 resource for creating and managing AWS S3 storage buckets. 
 In the `bucket` CRD is a
-[`spec.forProvider.region`](https://marketplace.upbound.io/providers/upbound/provider-aws/v0.25.0/resources/s3.aws.upbound.io/Bucket/v1beta1#doc:spec-forProvider-region)
+[`spec.forProvider.region`](https://github.com/crossplane-contrib/provider-upjet-aws/blob/release-1.20/package/crds/s3.aws.upbound.io_buckets.yaml#L91)
 value that defines which AWS region to deploy the bucket in.
 Crossplane's [public package registries](https://www.crossplane.io/registries) contain a large 
 collection of Crossplane Providers.
 More providers are available in the [Crossplane Contrib repository](https://github.com/crossplane-contrib/).
 Providers are cluster scoped and available to all cluster namespaces.
--- a/content/v1.18/getting-started/provider-aws-part-2.md
+++ b/content/v1.18/getting-started/provider-aws-part-2.md
@ -44,7 +44,7 @@ kind: Provider
 metadata:
  name: provider-aws-s3
 spec:
-  package: xpkg.upbound.io/upbound/provider-aws-s3:v1
+  package: xpkg.crossplane.io/crossplane-contrib/provider-aws-s3:v1.21.1
 EOF
 ```
@ -96,7 +96,7 @@ kind: Provider
 metadata:
  name: provider-aws-dynamodb
 spec:
-  package: xpkg.upbound.io/upbound/provider-aws-dynamodb:v1
+  package: xpkg.crossplane.io/crossplane-contrib/provider-aws-dynamodb:v1.21.1
 EOF
 ```
@ -106,9 +106,9 @@ View the new DynamoDB provider with `kubectl get providers`.
 ```shell {copy-lines="1"}
 kubectl get providers
 NAME                                     INSTALLED   HEALTHY   PACKAGE                                                               AGE
-provider-aws-dynamodb         True        True      xpkg.upbound.io/upbound/provider-aws-dynamodb:v1.0.0     3m55s
+crossplane-contrib-provider-family-aws   True        True      xpkg.crossplane.io/crossplane-contrib/provider-family-aws:v1.21.1     15m
-provider-aws-s3               True        True      xpkg.upbound.io/upbound/provider-aws-s3:v1.0.0           13m
+provider-aws-dynamodb                    True        True      xpkg.crossplane.io/crossplane-contrib/provider-aws-dynamodb:v1.21.1   22s
-upbound-provider-family-aws   True        True      xpkg.upbound.io/upbound/provider-family-aws:v1.0.0       13m
+provider-aws-s3                          True        True      xpkg.crossplane.io/crossplane-contrib/provider-aws-s3:v1.21.1         15m
 ```
 ## Create a custom API
@ -358,8 +358,6 @@ spec:
          base:
            apiVersion: s3.aws.upbound.io/v1beta1
            kind: Bucket
            metadata:
              name: crossplane-quickstart-bucket
            spec:
              forProvider:
                region: us-east-2
@ -378,8 +376,6 @@ spec:
          base:
            apiVersion: dynamodb.aws.upbound.io/v1beta1
            kind: Table
            metadata:
              name: crossplane-quickstart-database
            spec:
              forProvider:
                region: "us-east-2"
@ -421,7 +417,7 @@ kind: Function
 metadata:
  name: function-patch-and-transform
 spec:
-  package: xpkg.upbound.io/crossplane-contrib/function-patch-and-transform:v0.1.4
+  package: xpkg.crossplane.io/crossplane-contrib/function-patch-and-transform:v0.8.2
 EOF
 ```
@ -596,7 +592,7 @@ No resources found
 ## Next steps
 * Explore AWS resources that Crossplane can configure in the
-  [Provider CRD reference](https://marketplace.upbound.io/providers/upbound/provider-family-aws/).
+  [provider CRD reference](https://github.com/crossplane-contrib/provider-upjet-aws/blob/main/package/crds).
 * Join the [Crossplane Slack](https://slack.crossplane.io/) and connect with
  Crossplane users and contributors.
 * Read more about the [Crossplane concepts]({{<ref "../concepts">}}) to find out what else you can do
--- a/content/v1.18/getting-started/provider-aws.md
+++ b/content/v1.18/getting-started/provider-aws.md
@ -4,8 +4,8 @@ weight: 100
 ---
 Connect Crossplane to AWS to create and manage cloud resources from Kubernetes 
-with the 
+with  
-[Upbound AWS Provider](https://marketplace.upbound.io/providers/upbound/provider-family-aws).
+[provider-upjet-aws](https://github.com/crossplane-contrib/provider-upjet-aws).
 This guide is in two parts:
 * Part 1 walks through installing Crossplane, configuring the provider to
@ -37,7 +37,7 @@ kind: Provider
 metadata:
  name: provider-aws-s3
 spec:
-  package: xpkg.upbound.io/upbound/provider-aws-s3:v1
+  package: xpkg.crossplane.io/crossplane-contrib/provider-aws-s3:v1.21.1
 EOF
 ```
@ -52,12 +52,12 @@ Verify the provider installed with `kubectl get providers`.
 ```shell {copy-lines="1",label="getProvider"}
 kubectl get providers
 NAME                                     INSTALLED   HEALTHY   PACKAGE                                                             AGE
-provider-aws-s3               True        True      xpkg.upbound.io/upbound/provider-aws-s3:1.0.0         97s
+crossplane-contrib-provider-family-aws   True        True      xpkg.crossplane.io/crossplane-contrib/provider-family-aws:v1.21.1   30s
-upbound-provider-family-aws   True        True      xpkg.upbound.io/upbound/provider-family-aws:1.0.0     88s
+provider-aws-s3                          True        True      xpkg.crossplane.io/crossplane-contrib/provider-aws-s3:v1.21.1       34s
 ```
 The S3 Provider installs a second Provider, the
-{{<hover label="getProvider" line="4">}}upbound-provider-family-aws{{</hover >}}.   
+{{<hover label="getProvider" line="4">}}crossplane-contrib-provider-family-aws{{</hover >}}.   
 The family provider manages authentication to AWS across all AWS family
 Providers. 
@ -67,7 +67,7 @@ Every CRD maps to a unique AWS service Crossplane can provision and manage.
 {{< hint type="tip" >}}
 See details about all the supported CRDs in the 
-[Upbound Marketplace](https://marketplace.upbound.io/providers/upbound/provider-aws-s3/v1.1.0).
+[provider examples](https://github.com/crossplane-contrib/provider-upjet-aws/tree/main/examples).
 {{< /hint >}}
 ## Create a Kubernetes secret for AWS
@ -197,16 +197,16 @@ spec:
 EOF
 ```
-The {{< hover label="xr" line="3">}}apiVersion{{< /hover >}} and 
+The {{< hover label="xr" line="2">}}apiVersion{{< /hover >}} and 
-{{< hover label="xr" line="4">}}kind{{</hover >}} are from the provider's CRDs.
+{{< hover label="xr" line="3">}}kind{{</hover >}} are from the provider's CRDs.
-The {{< hover label="xr" line="6">}}metadata.name{{< /hover >}} value is the 
+The {{< hover label="xr" line="5">}}metadata.generateName{{< /hover >}} value is the 
 name of the created S3 bucket in AWS.  
 This example uses the generated name `crossplane-bucket-<hash>` in the 
-{{< hover label="xr" line="6">}}$bucket{{</hover >}} variable.
+{{< hover label="xr" line="5">}}$bucket{{</hover >}} variable.
-The {{< hover label="xr" line="9">}}spec.forProvider.region{{< /hover >}} tells 
+The {{< hover label="xr" line="8">}}spec.forProvider.region{{< /hover >}} tells 
 AWS which AWS region to use when deploying resources.  
 The region can be any 
@ -239,6 +239,6 @@ bucket.s3.aws.upbound.io "crossplane-bucket-hhdzh" deleted
 * [**Continue to part 2**]({{< ref "provider-aws-part-2">}}) to create and use a 
  custom API with Crossplane.
 * Explore AWS resources that Crossplane can configure in the 
-  [Provider CRD reference](https://marketplace.upbound.io/providers/upbound/provider-family-aws/).
+  [provider CRD reference](https://github.com/crossplane-contrib/provider-upjet-aws/blob/main/package/crds).
 * Join the [Crossplane Slack](https://slack.crossplane.io/) and connect with 
  Crossplane users and contributors.
--- a/content/v1.18/getting-started/provider-azure-part-2.md
+++ b/content/v1.18/getting-started/provider-azure-part-2.md
@ -45,7 +45,7 @@ kind: Provider
 metadata:
  name: provider-azure-network
 spec:
-  package: xpkg.upbound.io/upbound/provider-azure-network:v1
+  package: xpkg.crossplane.io/crossplane-contrib/provider-azure-network:v1.11.2
 EOF
 ```
@ -460,7 +460,7 @@ kind: Function
 metadata:
  name: function-patch-and-transform
 spec:
-  package: xpkg.upbound.io/crossplane-contrib/function-patch-and-transform:v0.1.4
+  package: xpkg.crossplane.io/crossplane-contrib/function-patch-and-transform:v0.8.2
 EOF
 ```
@ -496,7 +496,7 @@ kind: Provider
 metadata:
  name: provider-azure-compute
 spec:
-  package: xpkg.upbound.io/upbound/provider-azure-compute:v1
+  package: xpkg.crossplane.io/crossplane-contrib/provider-azure-compute:v1.11.2
 EOF
 ```
@ -506,9 +506,9 @@ View the new Compute provider with `kubectl get providers`.
 ```shell {copy-lines="1"}
 kubectl get providers
 NAME                                       INSTALLED   HEALTHY   PACKAGE                                                                AGE
-provider-azure-compute          True        True      xpkg.upbound.io/upbound/provider-azure-compute:v1.0.0   25s
+crossplane-contrib-provider-family-azure   True        True      xpkg.crossplane.io/crossplane-contrib/provider-family-azure:v1.11.2    23m
-provider-azure-network          True        True      xpkg.upbound.io/upbound/provider-azure-network:v1.0.0   3h
+provider-azure-compute                     True        True      xpkg.crossplane.io/crossplane-contrib/provider-azure-compute:v1.11.2   2m54s
-upbound-provider-family-azure   True        True      xpkg.upbound.io/upbound/provider-family-azure:v1.0.0    3h
+provider-azure-network                     True        True      xpkg.crossplane.io/crossplane-contrib/provider-azure-network:v1.11.2   23m
 ```
 ## Access the custom API
@ -694,7 +694,7 @@ No resources found
 ## Next steps
 * Explore Azure resources that Crossplane can configure in the
-  [Provider CRD reference](https://marketplace.upbound.io/providers/upbound/provider-family-azure/).
+  [Provider CRD reference](https://github.com/crossplane-contrib/provider-upjet-azure/tree/main/package/crds).
 * Join the [Crossplane Slack](https://slack.crossplane.io/) and connect with
  Crossplane users and contributors.
 * Read more about the [Crossplane concepts]({{<ref "../concepts">}}) to find out
--- a/content/v1.18/getting-started/provider-azure.md
+++ b/content/v1.18/getting-started/provider-azure.md
@ -4,8 +4,8 @@ weight: 110
 ---
 Connect Crossplane to Azure to create and manage cloud resources from Kubernetes 
-with the 
+with  
-[Upbound Azure Provider](https://marketplace.upbound.io/providers/upbound/provider-family-azure/).
+[provider-upjet-azure](https://github.com/crossplane-contrib/provider-upjet-azure).
 This guide is in two parts:
 * Part 1 walks through installing Crossplane, configuring the provider to
@ -39,7 +39,7 @@ kind: Provider
 metadata:
  name: provider-azure-network
 spec:
-  package: xpkg.upbound.io/upbound/provider-azure-network:v1
+  package: xpkg.crossplane.io/crossplane-contrib/provider-azure-network:v1.11.2
 EOF
 ```
@ -54,12 +54,12 @@ Verify the provider installed with `kubectl get providers`.
 ```shell {copy-lines="1",label="getProvider"}
 kubectl get providers
 NAME                                       INSTALLED   HEALTHY   PACKAGE                                                                AGE
-provider-azure-network          True        True      xpkg.upbound.io/upbound/provider-azure-network:v1.0.0   38s
+crossplane-contrib-provider-family-azure   True        True      xpkg.crossplane.io/crossplane-contrib/provider-family-azure:v1.11.2    2m18s
-upbound-provider-family-azure   True        True      xpkg.upbound.io/upbound/provider-family-azure:v1.0.0    26s
+provider-azure-network                     True        True      xpkg.crossplane.io/crossplane-contrib/provider-azure-network:v1.11.2   2m23s
 ```
 The Network Provider installs a second Provider, the
-{{<hover label="getProvider" line="4">}}upbound-provider-family-azure{{</hover>}} 
+{{<hover label="getProvider" line="4">}}crossplane-contrib-provider-family-azure{{</hover>}} 
 provider.   
 The family provider manages authentication to Azure across all Azure family
 Providers. 
@ -69,7 +69,7 @@ Every CRD maps to a unique Azure service Crossplane can provision and manage.
 {{< hint type="tip" >}}
 See details about all the supported CRDs in the 
-[Upbound Marketplace](https://marketplace.upbound.io/providers/upbound/provider-family-azure/v0.42.1).
+[provider examples](https://github.com/crossplane-contrib/provider-upjet-azure/tree/main/examples).
 {{< /hint >}}
@ -234,6 +234,6 @@ virtualnetwork.network.azure.upbound.io "crossplane-quickstart-network" deleted
 * [**Continue to part 2**]({{< ref "provider-azure-part-2">}}) to create and use
  a custom API with Crossplane.
 * Explore Azure resources that Crossplane can configure in the 
-  [Provider CRD reference](https://marketplace.upbound.io/providers/upbound/provider-family-azure/).
+  [Provider CRD reference](https://github.com/crossplane-contrib/provider-upjet-azure/tree/main/package/crds).
 * Join the [Crossplane Slack](https://slack.crossplane.io/) and connect with 
  Crossplane users and contributors.
--- a/content/v1.18/getting-started/provider-gcp-part-2.md
+++ b/content/v1.18/getting-started/provider-gcp-part-2.md
@ -47,7 +47,7 @@ kind: Provider
 metadata:
  name: provider-gcp-storage
 spec:
-  package: xpkg.upbound.io/upbound/provider-gcp-storage:v1
+  package: xpkg.crossplane.io/crossplane-contrib/provider-gcp-storage:v1.12.1
 EOF
 ```
@ -114,7 +114,7 @@ kind: Provider
 metadata:
  name: provider-gcp-pubsub
 spec:
-  package: xpkg.upbound.io/upbound/provider-gcp-pubsub:v1
+  package: xpkg.crossplane.io/crossplane-contrib/provider-gcp-pubsub:v1.12.1
 EOF
 ```
@ -123,9 +123,9 @@ View the new PubSub provider with `kubectl get providers`.
 ```shell {copy-lines="1"}
 kubectl get providers
 NAME                                     INSTALLED   HEALTHY   PACKAGE                                                              AGE
-provider-gcp-pubsub           True        True      xpkg.upbound.io/upbound/provider-gcp-pubsub:v1.0.0    39s
+crossplane-contrib-provider-family-gcp   True        True      xpkg.crossplane.io/crossplane-contrib/provider-family-gcp:v1.12.1    48m
-provider-gcp-storage          True        True      xpkg.upbound.io/upbound/provider-gcp-storage:v1.0.0   13m
+provider-gcp-pubsub                      True        True      xpkg.crossplane.io/crossplane-contrib/provider-gcp-pubsub:v1.12.1    14s
-upbound-provider-family-gcp   True        True      xpkg.upbound.io/upbound/provider-family-gcp:v1.0.0    12m
+provider-gcp-storage                     True        True      xpkg.crossplane.io/crossplane-contrib/provider-gcp-storage:v1.12.1   48m
 ```
@ -428,7 +428,7 @@ kind: Function
 metadata:
  name: function-patch-and-transform
 spec:
-  package: xpkg.upbound.io/crossplane-contrib/function-patch-and-transform:v0.1.4
+  package: xpkg.crossplane.io/crossplane-contrib/function-patch-and-transform:v0.8.2
 EOF
 ```
@ -601,7 +601,7 @@ No resources found
 ## Next steps
 * Explore AWS resources that Crossplane can configure in the
-  [Provider CRD reference](https://marketplace.upbound.io/providers/upbound/provider-family-aws/).
+  [provider CRD reference](https://github.com/crossplane-contrib/provider-upjet-aws/blob/main/package/crds).
 * Join the [Crossplane Slack](https://slack.crossplane.io/) and connect with
  Crossplane users and contributors.
 * Read more about the [Crossplane concepts]({{<ref "../concepts">}}) to find out what else you can do
--- a/content/v1.18/getting-started/provider-gcp.md
+++ b/content/v1.18/getting-started/provider-gcp.md
@ -4,8 +4,8 @@ weight: 140
 ---
 Connect Crossplane to GCP to create and manage cloud resources from Kubernetes 
-with the 
+with  
-[Upbound GCP Provider](https://marketplace.upbound.io/providers/upbound/provider-family-gcp/).
+[provider-upjet-gcp](https://github.com/crossplane-contrib/provider-upjet-gcp).
 This guide is in two parts:
 * Part 1 walks through installing Crossplane, configuring the provider to
@ -36,7 +36,7 @@ kind: Provider
 metadata:
  name: provider-gcp-storage
 spec:
-  package: xpkg.upbound.io/upbound/provider-gcp-storage:v1
+  package: xpkg.crossplane.io/crossplane-contrib/provider-gcp-storage:v1.12.1
 EOF
 ```
@ -51,12 +51,12 @@ Verify the provider installed with `kubectl get providers`.
 ```shell {copy-lines="1",label="getProvider"}
 kubectl get providers
 NAME                                     INSTALLED   HEALTHY   PACKAGE                                                              AGE
-provider-gcp-storage          True        True      xpkg.upbound.io/upbound/provider-gcp-storage:v1.0.0   36s
+crossplane-contrib-provider-family-gcp   True        True      xpkg.crossplane.io/crossplane-contrib/provider-family-gcp:v1.12.1    33s
-upbound-provider-family-gcp   True        True      xpkg.upbound.io/upbound/provider-family-gcp:v1.0.0    29s
+provider-gcp-storage                     True        True      xpkg.crossplane.io/crossplane-contrib/provider-gcp-storage:v1.12.1   37s
 ```
 The Storage Provider installs a second Provider, the
-{{<hover label="getProvider" line="4">}}upbound-provider-family-gcp{{</hover>}} 
+{{<hover label="getProvider" line="4">}}crossplane-contrib-provider-family-gcp{{</hover>}} 
 provider.   
 The family provider manages authentication to GCP across all GCP family
 Providers. 
@ -66,7 +66,7 @@ Every CRD maps to a unique GCP service Crossplane can provision and manage.
 {{< hint "tip" >}}
 See details about all the supported CRDs in the 
-[Upbound Marketplace](https://marketplace.upbound.io/providers/upbound/provider-family-gcp/).
+[provider examples](https://github.com/crossplane-contrib/provider-upjet-gcp/tree/main/examples).
 {{< /hint >}}
@ -246,6 +246,6 @@ bucket.storage.gcp.upbound.io "crossplane-bucket-8b7gw" deleted
 * [**Continue to part 2**]({{< ref "provider-gcp-part-2">}}) to create a 
 Crossplane _Composite Resource_ and _Claim_.
 * Explore GCP resources that can Crossplane can configure in the 
-[Provider CRD reference](https://marketplace.upbound.io/providers/upbound/provider-family-gcp/).
+[Provider CRD reference](https://github.com/crossplane-contrib/provider-upjet-gcp/tree/main/package/crds).
 * Join the [Crossplane Slack](https://slack.crossplane.io/) and connect with 
 Crossplane users and contributors.
--- a/content/v1.18/guides/crossplane-with-argo-cd.md
+++ b/content/v1.18/guides/crossplane-with-argo-cd.md
@ -132,8 +132,9 @@ data:
        local has_no_status = {
          "Composition",
          "CompositionRevision",
          "DeploymentRuntimeConfig",
          "ControllerConfig",
          "DeploymentRuntimeConfig",
          "ImageConfig",
          "ProviderConfig",
          "ProviderConfigUsage"
        }
--- a/content/v1.18/guides/extensions-release-process.md
+++ b/content/v1.18/guides/extensions-release-process.md
@ -0,0 +1,305 @@
 ---
 title: Releasing Crossplane Extensions
 weight: 80
 description: "Configuring build pipelines for Crossplane extensions with GitHub
 Actions"
 ---
 ## Distributing Crossplane extensions
 Crossplane provides a packaging specification for extending a Crossplane
 instance with APIs and business logic for composing resources.
 Building a Crossplane extension involves creating OCI images in the [xpkg]
 format. Authors and maintainers of Crossplane extensions must push their
 packages to an OCI registry before users can reference and use them.
 The release process for Crossplane extensions grew organically in the community
 and developed its own conventions and common configurations. Authors of these
 extensions should follow this guide to enable automation for building
 and pushing their packages as part of their git workflow.
 This guide provides step-by-step instructions for configuring automated
 CI pipelines in GitHub Actions for pushing your Crossplane extensions to
 `xpkg.crossplane.io`, the main registry that the Crossplane community
 uses today.
 {{< hint "tip" >}}
 For more information about Crossplane packages, review the
 [xpkg concepts]({{<ref "../concepts/packages" >}}).
 {{< /hint >}}
 ## Typical workflow
 A typical GitHub workflow definition to build and release an extension
 contains the following steps:
 1. Fetching the source repository
 2. Authenticating to a remote registry
 3. Building and packaging artifacts
 4. Pushing (publishing) the artifact
 {{< hint "warning" >}}
 The supplied credentials for the remote registry require read and write access
 as upload requests to the registry specify `push` authorization scope.
 {{< /hint >}}
 ## Quickstart: Releasing a Provider to `xpkg.crossplane.io`
 ### Prerequisites
 - A GitHub repository, for example created from the
 [Upjet template](https://github.com/crossplane/upjet-provider-template)
 ### Steps
 1. Create a new YAML file under `.github/workflows`. By convention, name this
 file `publish-provider-package.yaml`.
 2. Copy the following workflow definition into the file, replacing
 `<REPOSITORY NAME>` with the desired name of the repository in the registry.
    ```yaml
    name: Publish Provider Package
    on:
      workflow_dispatch:
        inputs:
          version:
            description: "Version string to use while publishing the package (e.g. v1.0.0-alpha.1)"
            default: ''
            required: false
          go-version:
            description: 'Go version to use if building needs to be done'
            default: '1.23'
            required: false
    jobs:
      publish-provider-package:
        uses: crossplane-contrib/provider-workflows/.github/workflows/publish-provider-non-family.yml@main
        with:
          repository: <REPOSITORY NAME>
          version: ${{ github.event.inputs.version }}
          go-version: ${{ github.event.inputs.go-version }}
          cleanup-disk: true
        secrets:
          GHCR_PAT: ${{ secrets.GITHUB_TOKEN }}
    ```
 3. Commit the workflow file to the default branch of the GitHub repository.
 4. The workflow should now be available to trigger via the GitHub UI in the
 `Actions` tab.
 5. Create a release branch with the `release-` prefix in the name in the GitHub UI. For example, `release-0.1`.
 6. Tag the desired commit on release branch with a valid semver release tag.
 For example, `v0.1.0`. By default, this is the inferred reference pushed to the registry.
 7. Manually run the workflow in the GitHub UI, targeting the release branch from step 5.
 See [branching conventions](#branching-conventions) for more details on tagging
 practices and optionally overriding the inferred git tag version.
 ## Quickstart: Releasing a Function to `xpkg.crossplane.io`
 The template repository for [functions] provides a functional GitHub Action
 YAML file that pushes to `xpkg.crossplane.io` without extra configuration.
 To build and push a new release to the registry:
 1. Cut a release branch with the `release-` prefix in the name in the GitHub UI. For example, `release-0.1`.
 2. Tag the desired commit on release branch with a valid semver release tag for a corresponding
 GitHub Release. For example, `v0.1.0`.
 3. Manually run the workflow in the GitHub UI, targeting the release branch from step 1.
 The workflow generates a default version string if user input isn't provided.
 See [branching conventions](#branching-conventions) for more details on tagging
 practices and optionally overriding the inferred git tag version.
 ## Common Configuration
 While the reusable workflows referenced in the quickstart guides are for
 convenience, users may choose to write their own custom GitHub Actions.
 This and following sections provide more detailed information
 about common configuration options and conventions to implement the release
 process.
 All workflows require references to credentials for a remote registry.
 Typically, users configure them as [GitHub Actions Secrets], and the workflow
 performs authentication via the`docker/login-action`
 [action](http://github.com/docker/login-action).
 For example, adding the following step to a pipeline authenticates
 the job to `ghcr.io` using the workflow's ephemeral GitHub OIDC token.
 ```yaml
      - name: Login to GHCR
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
 ```
 {{< hint "important" >}}
 By default, the job's OIDC token doesn't have permission to write packages
 to `ghcr.io`. Permissions are configurable in the GitHub repository's settings
 or declared
 [explicitly](https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/controlling-permissions-for-github_token)
 in the workflow definition YAML file.
 Writing packages requires a `permissions` block with `packages: write` if it
 isn't configured elsewhere for the repository.
 {{< /hint >}}
 For other registries, it's still best practice to reference credentials as
 custom Secret variables. For example:
 ```yaml
      - name: Login to Another Registry
        uses: docker/login-action@v3
        with:
          registry: my-registry.io
          username: ${{ env.REGISTRY_USER }}
          password: ${{ secrets.REGISTRY_PASSWORD }}
 ```
 ## Branching conventions
 Repositories for Crossplane extensions follow similar branching conventions
 to upstream Crossplane, where the release process assumes the workflow
 executing in branches with the `release-*` prefix. `main` is often included,
 though a conventional release process would not build and push off of tags on
 `main`.
 ```yaml
 on:
  push:
    branches:
      - main
      - release-*
 ```
 For example, when releasing `v0.1.0` of an extension, the conventional
 process is to cut a release branch `release-0.1` at the git commit
 where it builds from, and tag it as `v0.1.0`.
 {{< hint "note" >}}
 Some custom workflows may accept an explicit input for the remote reference instead of
 inferring it from a git ref. The [`ci.yml`](https://github.com/crossplane-contrib/function-python/blob/main/.github/workflows/ci.yml)
 file for `crossplane-contrib/function-python` is a good example.
 {{< /hint >}}
 ## Configuring workflows for function packages
 Function workflow definitions differ based on the base language the
 function implementation uses. For example, a Python function requires
 a Python environment in the GitHub Action runner:
 ```yaml
      - name: Setup Python
        uses: actions/setup-python@v5
        with:
          python-version: ${{ env.PYTHON_VERSION }}
      - name: Setup Hatch
        run: pipx install hatch==1.7.0
      - name: Lint
        run: hatch run lint:check
 ```
 While the template repository provides a working pipeline definition, users may
 choose to customize their environment with different tooling.
 Functions also require a runtime image of the core business logic to
 build and embed into the Function package. The default workflow definition
 builds for two platforms: `linux/amd64` and `linux/arm64`.
 ```yaml
      - name: Build Runtime
        id: image
        uses: docker/build-push-action@v6
        with:
          context: .
          platforms: linux/${{ matrix.arch }}
          cache-from: type=gha
          cache-to: type=gha,mode=max
          target: image
          build-args:
            PYTHON_VERSION=${{ env.PYTHON_VERSION }}
          outputs: type=docker,dest=runtime-${{ matrix.arch }}.tar
 ```
 ## Configuring workflows for provider packages
 Providers, unlike Functions, use custom `make` targets in the [build submodule]
 for building and pushing Crossplane Provider packages.
 Configuring the workflow for a specific registry involves two steps:
 1. Updating the registry variables in the top-level `Makefile`.
 2. Referencing GitHub Actions Secrets for authorized credentials to the
 registry.
 ### Configure target registry
 The provider template repository includes a top-level [`Makefile`](https://github.com/crossplane/upjet-provider-template/blob/main/Makefile).
 Edit the following variables to define the target registry:
 1. `XPKG_REG_ORGS` - a space-delimited list of target repositories.
 2. `XPKG_REG_ORGS_NO_PROMOTE` - for registries that don't use or infer
 channel tags.
 For example, the following dual-pushes to `xpkg.crossplane.io` as well as
 `index.docker.io`:
 ```make
 XPKG_REG_ORGS ?= xpkg.crossplane.io/crossplane-contrib index.docker.io/crossplanecontrib
 XPKG_REG_ORGS_NO_PROMOTE ?= xpkg.crossplane.io/crossplane-contrib
 ```
 ## Reusable workflows
 The [crossplane-contrib/provider-workflows] repository provide reusable
 workflow definitions that are callable from a custom CI pipeline.
 For example, the following snippet references the callable workflow to
 build and push the `provider-kubernetes` package to `xpkg.crossplane.io`:
 ```yaml
 jobs:
  publish-provider-package:
    uses: crossplane-contrib/provider-workflows/.github/workflows/publish-provider-non-family.yml@main
    with:
      repository: provider-kubernetes
      version: ${{ github.event.inputs.version }}
      go-version: ${{ github.event.inputs.go-version }}
      cleanup-disk: true
    secrets:
      GHCR_PAT: ${{ secrets.GITHUB_TOKEN }}
 ```
 {{< hint "tip" >}}
 The reusable workflows referenced here publish to `ghcr.io` by default.
 Ensure that the default GitHub Actions OIDC token inherits the
 `packages: write` permission.
 {{< /hint >}}
 ## Troubleshooting
 {{< expand "Why is my workflow is failing with a 404 error code?" >}}
 Ensure the target repository exists in the registry. You need to create
 it if it doesn't already exist.
 {{</expand >}}
 {{< expand "Why is my workflow failing with a 401 error code?" >}}
 Ensure the credentials used during the registry login step has authorization to
 pull and push, and that the `{{ secrets.* }}` variable substitutions match
 what's configured in GitHub.
 {{</expand >}}
 <!-- Named Links -->
 [xpkg]: https://github.com/crossplane/crossplane/blob/main/contributing/specifications/xpkg.md
 [functions]: https://github.com/crossplane/function-template-go/blob/main/.github/workflows/ci.yml
 [GitHub Actions Secrets]: https://docs.github.com/en/actions/security-for-github-actions/security-guides/using-secrets-in-github-actions
 [build submodule]: https://github.com/crossplane/build
 [crossplane-contrib/provider-workflows]: https://github.com/crossplane-contrib/provider-workflows/blob/main/.github/workflows
--- a/content/v1.18/guides/function-patch-and-transform.md
+++ b/content/v1.18/guides/function-patch-and-transform.md
@ -92,7 +92,7 @@ kind: Function
 metadata:
  name: function-patch-and-transform
 spec:
-  package: xpkg.upbound.io/crossplane-contrib/function-patch-and-transform:v0.1.4
+  package: xpkg.crossplane.io/crossplane-contrib/function-patch-and-transform:v0.8.2
 ```
 {{<hint "tip" >}}
@ -122,7 +122,7 @@ The contents of the `base` are identical to creating a standalone
 [managed resource]({{<ref "../concepts/managed-resources">}}).
 This example uses
-[Upbound's Provider AWS](https://marketplace.upbound.io/providers/upbound/provider-family-aws/v1.17.0)
+[provider-upjet-aws](https://github.com/crossplane-contrib/provider-upjet-aws)
 to define a S3 storage `Bucket` and EC2 compute `Instance`.
 After defining the `apiVersion` and `kind`, define the `spec.forProvider` fields
@ -507,8 +507,8 @@ All the following examples use the same set of Compositions,
 CompositeResourceDefinitions, Claims and EnvironmentConfigs.
 Only the applied patches change between examples.
-All examples rely on Upbound
+All examples rely on 
-[provider-aws-s3](https://marketplace.upbound.io/providers/upbound/provider-aws-s3/)
+[provider-aws-s3](https://github.com/crossplane-contrib/provider-upjet-aws)
 to create resources.
 {{< expand "Reference Composition" >}}
--- a/content/v1.18/guides/import-existing-resources.md
+++ b/content/v1.18/guides/import-existing-resources.md
@ -5,7 +5,7 @@ weight: 200
 If you have resources that are already provisioned in a Provider,
 you can import them as managed resources and let Crossplane manage them.
-A managed resource's [`managementPolicies`]({{<ref "/v1.16/concepts/managed-resources#managementpolicies">}})
+A managed resource's [`managementPolicies`]({{<ref "../concepts/managed-resources#managementpolicies">}})
 field enables importing external resources into Crossplane.
 Crossplane can import resources either [manually]({{<ref "#import-resources-manually">}})
@ -84,7 +84,7 @@ managed resource `spec` changes the external resource.
 ## Import resources automatically
-Automatically import external resources with an `Observe` [management policy]({{<ref "/v1.16/concepts/managed-resources#managementpolicies">}}).
+Automatically import external resources with an `Observe` [management policy]({{<ref "../concepts/managed-resources#managementpolicies">}}).
 Crossplane imports observe only resources but never changes or deletes the
 resources.
--- a/content/v1.18/guides/multi-tenant.md
+++ b/content/v1.18/guides/multi-tenant.md
@ -315,9 +315,9 @@ dedicated control planes to many tenants within a single organization.
 [Multiple Source Field patching]: https://github.com/crossplane/crossplane/pull/2093
 [Configuration packages]: {{<ref "../../master/concepts/packages" >}}
 [OCI images]: https://github.com/opencontainers/image-spec
-[EKS Cluster]: https://marketplace.upbound.io/providers/crossplane-contrib/provider-aws/latest/resources/eks.aws.crossplane.io/Cluster/v1beta1
+[EKS Cluster]: https://github.com/crossplane-contrib/provider-upjet-aws/blob/main/examples/eks/v1beta2/cluster.yaml
-[provider-aws]: https://marketplace.upbound.io/providers/crossplane-contrib/provider-aws
+[provider-aws]: https://github.com/crossplane-contrib/provider-upjet-aws
-[provider-helm]: https://marketplace.upbound.io/providers/crossplane-contrib/provider-helm/
+[provider-helm]: https://github.com/crossplane-contrib/provider-helm
 [Open Service Broker API]: https://github.com/openservicebrokerapi/servicebroker
 [Crossplane Service Broker]: https://github.com/vshn/crossplane-service-broker
 [Cloudfoundry]: https://www.cloudfoundry.org/
--- a/content/v1.18/guides/troubleshoot-crossplane.md
+++ b/content/v1.18/guides/troubleshoot-crossplane.md
@ -5,14 +5,15 @@ weight: 306
 ## Requested Resource Not Found
 If you use the Crossplane CLI to install a `Provider` or
-`Configuration` (for example, `crossplane install provider
+`Configuration` (for example, `crossplane xpkg install provider
-xpkg.upbound.io/crossplane-contrib/provider-aws:v0.33.0`) and get `the server
+xpkg.crossplane.io/crossplane-contrib/provider-aws-s3:v1.21.1`) and get `the server
 could not find the requested resource` error, more often than not, that's an
 indicator that the Crossplane CLI you're using is outdated. In other words
 some Crossplane API has been graduated from alpha to beta or stable and the old
 plugin isn't aware of this change.
 ## Resource Status and Conditions
 Most Crossplane resources have a `status` section that can represent the current
@ -103,7 +104,7 @@ kind: Provider
 metadata:
  name: provider-aws
 spec:
-  package: xpkg.upbound.io/crossplane-contrib/provider-aws:v0.33.0
+  package: xpkg.crossplane.io/crossplane-contrib/provider-aws:v0.33.0
  runtimeConfigRef:
    apiVersion: pkg.crossplane.io/v1beta1
    kind: DeploymentRuntimeConfig
@ -365,7 +366,7 @@ kind: Provider
 metadata:
  name: provider-aws
 spec:
-  package: xpkg.upbound.io/crossplane-contrib/provider-aws:v0.33.0
+  package: xpkg.crossplane.io/crossplane-contrib/provider-aws:v0.33.0
  runtimeConfigRef:
    apiVersion: pkg.crossplane.io/v1beta1
    kind: DeploymentRuntimeConfig
--- a/content/v1.18/guides/vault-as-secret-store.md
+++ b/content/v1.18/guides/vault-as-secret-store.md
@ -217,7 +217,7 @@ Next, install the Crossplane ESS Plugin pod to the `crossplane-system` namespace
 and apply the Vault annotations.
 ```shell
-helm upgrade --install ess-plugin-vault oci://xpkg.upbound.io/crossplane-contrib/ess-plugin-vault --namespace crossplane-system -f values.yaml
+helm upgrade --install ess-plugin-vault oci://xpkg.crossplane.io/crossplane-contrib/ess-plugin-vault --namespace crossplane-system -f values.yaml
 ```
 ## Configure Crossplane
@ -255,7 +255,7 @@ kind: Provider
 metadata:
  name: provider-gcp
 spec:
-  package: xpkg.upbound.io/crossplane-contrib/provider-gcp:v0.23.0-rc.0.19.ge9b75ee5
+  package: xpkg.crossplane.io/crossplane-contrib/provider-gcp:v0.23.0-rc.0.19.ge9b75ee5
  controllerConfigRef:
    name: vault-config" | kubectl apply -f -
 ```
@ -341,7 +341,7 @@ Check that Crossplane installed the Provider and the Provider is healthy.
 ```shell {copy-lines="1"}
 kubectl get providers
 NAME           INSTALLED   HEALTHY   PACKAGE                                                                     AGE
-provider-gcp   True        True      xpkg.upbound.io/crossplane-contrib/provider-gcp:v0.23.0-rc.0.19.ge9b75ee5   10m
+provider-gcp   True        True      xpkg.crossplane.io/crossplane-contrib/provider-gcp:v0.23.0-rc.0.19.ge9b75ee5   10m
 ```
 ### Create a CompositeResourceDefinition
--- a/content/v1.18/guides/vault-injection.md
+++ b/content/v1.18/guides/vault-injection.md
@ -310,7 +310,7 @@ kind: Provider
 metadata:
  name: provider-gcp
 spec:
-  package: xpkg.upbound.io/crossplane-contrib/provider-gcp:v0.22.0
+  package: xpkg.crossplane.io/crossplane-contrib/provider-gcp:v0.22.0
  controllerConfigRef:
    name: vault-config" | kubectl apply -f -
 ```
@ -418,7 +418,7 @@ kind: Provider
 metadata:
  name: provider-aws
 spec:
-  package: xpkg.upbound.io/crossplane-contrib/provider-aws:v0.33.0
+  package: xpkg.crossplane.io/crossplane-contrib/provider-aws:v0.33.0
  controllerConfigRef:
    name: aws-vault-config" | kubectl apply -f -
 ```
@ -491,8 +491,8 @@ kubectl get bucket -w
 [Vault Kubernetes Sidecar]: https://learn.hashicorp.com/tutorials/vault/kubernetes-sidecar
 [Vault]: https://www.vaultproject.io/
 [Vault Kubernetes Sidecar]: https://www.vaultproject.io/docs/platform/k8s/injector
-[provider-gcp]: https://marketplace.upbound.io/providers/crossplane-contrib/provider-gcp
+[provider-gcp]: https://github.com/crossplane-contrib/provider-upjet-gcp
-[provider-aws]: https://marketplace.upbound.io/providers/crossplane-contrib/provider-aws
+[provider-aws]: https://github.com/crossplane-contrib/provider-upjet-aws
 [AWS]: https://www.vaultproject.io/docs/secrets/aws
 [Azure]: https://www.vaultproject.io/docs/secrets/azure
 [GCP]: https://www.vaultproject.io/docs/secrets/gcp 
--- a/content/v1.18/guides/write-a-composition-function-in-go.md
+++ b/content/v1.18/guides/write-a-composition-function-in-go.md
@ -425,7 +425,7 @@ This code:
 1. Adds one desired S3 bucket for each bucket name.
 1. Returns the desired S3 buckets in a `RunFunctionResponse`.
-The code uses the `v1beta1.Bucket` type from [Upbound's AWS S3 provider](https://github.com/crossplane-contrib/provider-upjet-aws).
+The code uses the `v1beta1.Bucket` type from the [AWS S3 provider](https://github.com/crossplane-contrib/provider-upjet-aws).
 One advantage of writing a function in Go is that you can compose resources
 using the same strongly typed structs Crossplane uses in its providers.
@ -671,7 +671,7 @@ metadata:
 spec:
  # The CLI ignores this package when using the Development runtime.
  # You can set it to any value.
-  package: xpkg.upbound.io/negz/function-xbuckets:v0.1.0
+  package: xpkg.crossplane.io/negz/function-xbuckets:v0.1.0
 ```
 {{</expand>}}
@ -783,7 +783,7 @@ Read the composition functions documentation to learn more about
 You build a function in two stages. First you build the function's runtime. This
 is the Open Container Initiative (OCI) image Crossplane uses to run your
 function. You then embed that runtime in a package, and push it to a package
-registry. The Crossplane CLI uses `xpkg.upbound.io` as its default package
+registry. The Crossplane CLI uses `xpkg.crossplane.io` as its default package
 registry.
 A function supports a single platform, like `linux/amd64`, by default. You can
@ -863,11 +863,4 @@ up continuous integration (CI) using
 [GitHub Actions](https://github.com/features/actions). The CI workflow will
 lint, test, and build your function. You can see how the template configures CI
 by reading `.github/workflows/ci.yaml`.
 The CI workflow can automatically push packages to `xpkg.upbound.io`. For this
 to work you must create a repository at https://marketplace.upbound.io. Give the
 CI workflow access to push to the Marketplace by creating an API token and
 [adding it to your repository](https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository).
 Save your API token access ID as a secret named `XPKG_ACCESS_ID` and your API
 token as a secret named `XPKG_TOKEN`.
 {{</hint>}}
--- a/content/v1.18/guides/write-a-composition-function-in-python.md
+++ b/content/v1.18/guides/write-a-composition-function-in-python.md
@ -533,7 +533,7 @@ metadata:
 spec:
  # The CLI ignores this package when using the Development runtime.
  # You can set it to any value.
-  package: xpkg.upbound.io/negz/function-xbuckets:v0.1.0
+  package: xpkg.crossplane.io/negz/function-xbuckets:v0.1.0
 ```
 {{</expand>}}
@ -644,7 +644,7 @@ Read the composition functions documentation to learn more about
 You build a function in two stages. First you build the function's runtime. This
 is the Open Container Initiative (OCI) image Crossplane uses to run your
 function. You then embed that runtime in a package, and push it to a package
-registry. The Crossplane CLI uses `xpkg.upbound.io` as its default package
+registry. The Crossplane CLI uses `xpkg.crossplane.io` as its default package
 registry.
 A function supports a single platform, like `linux/amd64`, by default. You can
@ -732,11 +732,4 @@ up continuous integration (CI) using
 [GitHub Actions](https://github.com/features/actions). The CI workflow will
 lint, test, and build your function. You can see how the template configures CI
 by reading `.github/workflows/ci.yaml`.
 The CI workflow can automatically push packages to `xpkg.upbound.io`. For this
 to work you must create a repository at https://marketplace.upbound.io. Give the
 CI workflow access to push to the Marketplace by creating an API token and
 [adding it to your repository](https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository).
 Save your API token access ID as a secret named `XPKG_ACCESS_ID` and your API
 token as a secret named `XPKG_TOKEN`.
 {{</hint>}}
--- a/content/v1.18/learn/_index.md
+++ b/content/v1.18/learn/_index.md
@ -28,7 +28,7 @@ If you have any questions, please drop us a note on [Crossplane Slack][join-cros
 - Subscribe to our [YouTube Channel](https://www.youtube.com/channel/UC19FgzMBMqBro361HbE46Fw)
 <!-- vale Crossplane.Spelling = NO -->
 - Drop us a note on Twitter: [@crossplane_io](https://twitter.com/crossplane_io)
- Email us: [info@crossplane.io](mailto:info@crossplane.io)
+- Email us: [crossplane-info@lists.cncf.io](mailto:crossplane-info@lists.cncf.io)
 <!-- vale Crossplane.Spelling = YES -->
 <!-- Named links -->
--- a/content/v1.18/learn/release-cycle.md
+++ b/content/v1.18/learn/release-cycle.md
@ -97,4 +97,4 @@ reviews, testing, and bug fixing to ensure a quality release.
 [Feature Freeze]: #feature-freeze
 [Code Freeze]: #code-freeze
 [CONTRIBUTING.md]: https://github.com/crossplane/crossplane/blob/main/CONTRIBUTING.md
-[community calendar]: https://calendar.google.com/calendar/embed?src=c_2cdn0hs9e2m05rrv1233cjoj1k%40group.calendar.google.com
+[community calendar]: https://zoom-lfx.platform.linuxfoundation.org/meetings/crossplane
--- a/content/v1.18/software/install.md
+++ b/content/v1.18/software/install.md
@ -125,17 +125,18 @@ Apply customizations with the command line or with a Helm _values_ file.
 | `customAnnotations` | Add custom `annotations` to the Crossplane pod deployment. | `{}` |
 | `customLabels` | Add custom `labels` to the Crossplane pod deployment. | `{}` |
 | `deploymentStrategy` | The deployment strategy for the Crossplane and RBAC Manager pods. | `"RollingUpdate"` |
 | `dnsPolicy` | Specify the `dnsPolicy` to be used by the Crossplane pod. | `""` |
 | `extraEnvVarsCrossplane` | Add custom environmental variables to the Crossplane pod deployment. Replaces any `.` in a variable name with `_`. For example, `SAMPLE.KEY=value1` becomes `SAMPLE_KEY=value1`. | `{}` |
 | `extraEnvVarsRBACManager` | Add custom environmental variables to the RBAC Manager pod deployment. Replaces any `.` in a variable name with `_`. For example, `SAMPLE.KEY=value1` becomes `SAMPLE_KEY=value1`. | `{}` |
 | `extraObjects` | To add arbitrary Kubernetes Objects during a Helm Install | `[]` |
 | `extraVolumeMountsCrossplane` | Add custom `volumeMounts` to the Crossplane pod. | `{}` |
 | `extraVolumesCrossplane` | Add custom `volumes` to the Crossplane pod. | `{}` |
-| `function.packages` | A list of Function packages to install. | `[]` |
+| `function.packages` | A list of Function packages to install | `[]` |
-| `hostNetwork` | Enable `hostNetwork` for the Crossplane deployment. Caution: enabling `hostNetwork` grants the Crossplane Pod access to the host network namespace. | `false` |
+| `hostNetwork` | Enable `hostNetwork` for the Crossplane deployment. Caution: enabling `hostNetwork` grants the Crossplane Pod access to the host network namespace. Consider setting `dnsPolicy` to `ClusterFirstWithHostNet`. | `false` |
 | `image.pullPolicy` | The image pull policy used for Crossplane and RBAC Manager pods. | `"IfNotPresent"` |
-| `image.repository` | Repository for the Crossplane pod image. | `"xpkg.upbound.io/crossplane/crossplane"` |
+| `image.repository` | Repository for the Crossplane pod image. | `"xpkg.crossplane.io/crossplane/crossplane"` |
 | `image.tag` | The Crossplane image tag. Defaults to the value of `appVersion` in `Chart.yaml`. | `""` |
-| `imagePullSecrets` | The imagePullSecret names to add to the Crossplane ServiceAccount. | `{}` |
+| `imagePullSecrets` | The imagePullSecret names to add to the Crossplane ServiceAccount. | `[]` |
 | `leaderElection` | Enable [leader election](https://docs.crossplane.io/latest/concepts/pods/#leader-election) for the Crossplane pod. | `true` |
 | `metrics.enabled` | Enable Prometheus path, port and scrape annotations and expose port 8080 for both the Crossplane and RBAC Manager pods. | `false` |
 | `nodeSelector` | Add `nodeSelectors` to the Crossplane pod deployment. | `{}` |
@ -153,20 +154,22 @@ Apply customizations with the command line or with a Helm _values_ file.
 | `rbacManager.leaderElection` | Enable [leader election](https://docs.crossplane.io/latest/concepts/pods/#leader-election) for the RBAC Manager pod. | `true` |
 | `rbacManager.nodeSelector` | Add `nodeSelectors` to the RBAC Manager pod deployment. | `{}` |
 | `rbacManager.replicas` | The number of RBAC Manager pod `replicas` to deploy. | `1` |
 | `rbacManager.revisionHistoryLimit` | The number of RBAC Manager ReplicaSets to retain. | `nil` |
 | `rbacManager.skipAggregatedClusterRoles` | Don't install aggregated Crossplane ClusterRoles. | `false` |
 | `rbacManager.tolerations` | Add `tolerations` to the RBAC Manager pod deployment. | `[]` |
 | `rbacManager.topologySpreadConstraints` | Add `topologySpreadConstraints` to the RBAC Manager pod deployment. | `[]` |
 | `registryCaBundleConfig.key` | The ConfigMap key containing a custom CA bundle to enable fetching packages from registries with unknown or untrusted certificates. | `""` |
 | `registryCaBundleConfig.name` | The ConfigMap name containing a custom CA bundle to enable fetching packages from registries with unknown or untrusted certificates. | `""` |
 | `replicas` | The number of Crossplane pod `replicas` to deploy. | `1` |
-| `resourcesCrossplane.limits.cpu` | CPU resource limits for the Crossplane pod. | `"100m"` |
+| `resourcesCrossplane.limits.cpu` | CPU resource limits for the Crossplane pod. | `"500m"` |
-| `resourcesCrossplane.limits.memory` | Memory resource limits for the Crossplane pod. | `"512Mi"` |
+| `resourcesCrossplane.limits.memory` | Memory resource limits for the Crossplane pod. | `"1024Mi"` |
 | `resourcesCrossplane.requests.cpu` | CPU resource requests for the Crossplane pod. | `"100m"` |
 | `resourcesCrossplane.requests.memory` | Memory resource requests for the Crossplane pod. | `"256Mi"` |
 | `resourcesRBACManager.limits.cpu` | CPU resource limits for the RBAC Manager pod. | `"100m"` |
 | `resourcesRBACManager.limits.memory` | Memory resource limits for the RBAC Manager pod. | `"512Mi"` |
 | `resourcesRBACManager.requests.cpu` | CPU resource requests for the RBAC Manager pod. | `"100m"` |
 | `resourcesRBACManager.requests.memory` | Memory resource requests for the RBAC Manager pod. | `"256Mi"` |
 | `revisionHistoryLimit` | The number of Crossplane ReplicaSets to retain. | `nil` |
 | `securityContextCrossplane.allowPrivilegeEscalation` | Enable `allowPrivilegeEscalation` for the Crossplane pod. | `false` |
 | `securityContextCrossplane.readOnlyRootFilesystem` | Set the Crossplane pod root file system as read-only. | `true` |
 | `securityContextCrossplane.runAsGroup` | The group ID used by the Crossplane pod. | `65532` |
@ -175,6 +178,7 @@ Apply customizations with the command line or with a Helm _values_ file.
 | `securityContextRBACManager.readOnlyRootFilesystem` | Set the RBAC Manager pod root file system as read-only. | `true` |
 | `securityContextRBACManager.runAsGroup` | The group ID used by the RBAC Manager pod. | `65532` |
 | `securityContextRBACManager.runAsUser` | The user ID used by the RBAC Manager pod. | `65532` |
 | `service.customAnnotations` | Configure annotations on the service object. Only enabled when webhooks.enabled = true | `{}` |
 | `serviceAccount.customAnnotations` | Add custom `annotations` to the Crossplane ServiceAccount. | `{}` |
 | `tolerations` | Add `tolerations` to the Crossplane pod deployment. | `[]` |
 | `topologySpreadConstraints` | Add `topologySpreadConstraints` to the Crossplane pod deployment. | `[]` |
@ -267,9 +271,10 @@ args='{"--enable-composition-functions","--enable-composition-webhook-schema-val
 #### Change the default package registry
-Beginning with Crossplane version 1.15.0 Crossplane downloads packages from the
+Beginning with Crossplane version 1.20.0 Crossplane uses the
-[Upbound Marketplace](https://marketplace.upbound.io) at `xpkg.upbound.io` 
+[crossplane-contrib](https://github.com/orgs/crossplane-contrib/packages) GitHub
-instead of DockerHub. 
+Container Registry at `xpkg.crossplane.io` by default for downloading and
 installing packages.
 Change the default registry location during the Crossplane install with
 `--set args='{"--registry=index.docker.io"}'`.
@ -326,15 +331,3 @@ Community Crossplane distribution.
 The CNCF certified third-party distributions as
 "[conformant](https://github.com/cncf/crossplane-conformance)" with the
 Community Crossplane distribution.
 ### Vendors
 Below are vendors providing conformant Crossplane distributions. 
 #### Upbound
 Upbound, the founders of Crossplane, maintains a free and open source 
 distribution of Crossplane called 
 [Universal Crossplane](https://www.upbound.io/product/universal-crossplane)
 (`UXP`). 
 Find information on UXP in the 
 [Upbound UXP documentation](https://docs.upbound.io/uxp/install/).
--- a/content/v1.18/software/uninstall.md
+++ b/content/v1.18/software/uninstall.md
@ -135,13 +135,13 @@ List the installed _providers_ with `kubectl get providers`.
 ```shell {copy-lines="1"}
 kubectl get providers
 NAME                   INSTALLED   HEALTHY   PACKAGE                                        AGE
-upbound-provider-aws   True        True      xpkg.upbound.io/upbound/provider-aws:v1.0.0   8h
+crossplane-contrib-provider-aws   True        True      xpkg.crossplane.io/crossplane-contrib/provider-aws:v1.21.1    8h
 ```
 Remove the installed _providers_ with `kubectl delete provider`.
 ```shell
-kubectl delete provider upbound-provider-aws
+kubectl delete provider crossplane-contrib-provider-aws
 ```
 ## Uninstall the Crossplane deployment 
--- a/content/v1.18/software/upgrade.md
+++ b/content/v1.18/software/upgrade.md
@ -46,9 +46,9 @@ Crossplane.
 Crossplane uses any new default behaviors unless they're changed in the `helm
 upgrade` command.
-For example, in v1.15.0 Crossplane changed the default image registry from 
+For example, in v1.20.0 Crossplane changed the default image registry from 
-`index.docker.io` to `xpkg.upbound.io`. Upgrading Crossplane from a version
+`index.docker.io` to `xpkg.crossplane.io`. Upgrading Crossplane from a version
-before v1.15.0 updates the default package registry. 
+before v1.20.0 updates the default package registry. 
 Override new defaults by 
 [customizing the Helm chart]({{<ref "install#customize-the-crossplane-helm-chart" >}}) 
@ -56,5 +56,5 @@ with the upgrade command.
 For example, to maintain the original image registry use 
 ```shell 
-helm upgrade crossplane --namespace crossplane-system crossplane-stable/crossplane `--set 'args={"--registry=index.docker.io"}'
+helm upgrade crossplane --namespace crossplane-system crossplane-stable/crossplane --set 'args={"--registry=index.docker.io"}'
 ```
--- a/content/v1.19/_index.md
+++ b/content/v1.19/_index.md
@ -2,7 +2,7 @@
 title: "Overview"
 weight: -1
 cascade:
-    version: "1.16"
+    version: "1.19"
 ---
 {{< img src="/media/banner.png" alt="Crossplane Popsicle Truck" size="large" >}}
--- a/content/v1.19/api/_index.md
+++ b/content/v1.19/api/_index.md
--- a/content/v1.19/api/crds/apiextensions.crossplane.io_compositeresourcedefinitions.yaml
+++ b/content/v1.19/api/crds/apiextensions.crossplane.io_compositeresourcedefinitions.yaml
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.16.5
  name: compositeresourcedefinitions.apiextensions.crossplane.io
 spec:
  group: apiextensions.crossplane.io
@ -36,7 +36,6 @@ spec:
          A CompositeResourceDefinition defines the schema for a new custom Kubernetes
          API.
          Read the Crossplane documentation for
          [more information about CustomResourceDefinitions](https://docs.crossplane.io/latest/concepts/composite-resource-definitions).
        properties:
@ -155,7 +154,6 @@ spec:
                              service is a reference to the service for this webhook. Either
                              service or url must be specified.
                              If the webhook is running within the cluster, then you should use `service`.
                            properties:
                              name:
@ -189,29 +187,24 @@ spec:
                              (`scheme://host:port/path`). Exactly one of `url` or `service`
                              must be specified.
                              The `host` should not refer to a service running in the cluster; use
                              the `service` field instead. The host might be resolved via external
                              DNS in some apiservers (e.g., `kube-apiserver` cannot resolve
                              in-cluster DNS as that would be a layering violation). `host` may
                              also be an IP address.
                              Please note that using `localhost` or `127.0.0.1` as a `host` is
                              risky unless you take great care to run this webhook on all hosts
                              which run an apiserver which might need to make calls to this
                              webhook. Such installs are likely to be non-portable, i.e., not easy
                              to turn up in a new cluster.
                              The scheme must be "https"; the URL must begin with "https://".
                              A path is optional, and if present may be any string permissible in
                              a URL. You may use the path to pass an arbitrary string to the
                              webhook, for example, a cluster identifier.
                              Attempting to use a user or basic auth e.g. "user:password@" is not
                              allowed. Fragments ("#...") and query parameters ("?...") are not
                              allowed, either.
--- a/content/v1.19/api/crds/apiextensions.crossplane.io_compositionrevisions.yaml
+++ b/content/v1.19/api/crds/apiextensions.crossplane.io_compositionrevisions.yaml
--- a/content/v1.19/api/crds/apiextensions.crossplane.io_compositions.yaml
+++ b/content/v1.19/api/crds/apiextensions.crossplane.io_compositions.yaml
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.16.5
  name: compositions.apiextensions.crossplane.io
 spec:
  group: apiextensions.crossplane.io
@ -35,7 +35,6 @@ spec:
          A Composition defines a collection of managed resources or functions that
          Crossplane uses to create and manage new composite resources.
          Read the Crossplane documentation for
          [more information about Compositions](https://docs.crossplane.io/latest/concepts/compositions).
        properties:
@ -77,143 +76,54 @@ spec:
                x-kubernetes-validations:
                - message: Value is immutable
                  rule: self == oldSelf
-              environment:
+              mode:
                default: Resources
                description: |-
-                  Environment configures the environment in which resources are rendered.
+                  Mode controls what type or "mode" of Composition will be used.
                  "Pipeline" indicates that a Composition specifies a pipeline of
                  Composition Functions, each of which is responsible for producing
                  composed resources that Crossplane should create or update.
-                  THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored
+                  "Resources" indicates that a Composition uses what is commonly referred
-                  unless the relevant Crossplane feature flag is enabled, and may be
+                  to as "Patch & Transform" or P&T composition. This mode of Composition
-                  changed or removed without notice.
+                  uses an array of resources, each a template for a composed resource.
-                properties:
+
-                  defaultData:
+                  All Compositions should use Pipeline mode. Resources mode is deprecated.
-                    additionalProperties:
+                  Resources mode won't be removed in Crossplane 1.x, and will remain the
-                      x-kubernetes-preserve-unknown-fields: true
+                  default to avoid breaking legacy Compositions. However, it's no longer
                  accepting new features, and only accepting security related bug fixes.
                enum:
                - Resources
                - Pipeline
                type: string
              patchSets:
                description: |-
-                      DefaultData statically defines the initial state of the environment.
+                  PatchSets define a named set of patches that may be included by any
-                      It has the same schema-less structure as the data field in
+                  resource in this Composition. PatchSets cannot themselves refer to other
-                      environment configs.
+                  PatchSets.
                      It is overwritten by the selected environment configs.
                    type: object
                  environmentConfigs:
                    description: |-
                      EnvironmentConfigs selects a list of `EnvironmentConfig`s. The resolved
                      resources are stored in the composite resource at
                      `spec.environmentConfigRefs` and is only updated if it is null.
                  PatchSets are only used by the "Resources" mode of Composition. They
                  are ignored by other modes.
-                      The list of references is used to compute an in-memory environment at
+                  Deprecated: Use Composition Functions instead.
                      compose time. The data of all object is merged in the order they are
                      listed, meaning the values of EnvironmentConfigs with a larger index take
                      priority over ones with smaller indices.
                      The computed environment can be accessed in a composition using
                      `FromEnvironmentFieldPath` and `CombineFromEnvironment` patches.
                items:
                      description: EnvironmentSource selects a EnvironmentConfig resource.
                      properties:
                        ref:
                  description: |-
-                            Ref is a named reference to a single EnvironmentConfig.
+                    A PatchSet is a set of patches that can be reused from all resources within
-                            Either Ref or Selector is required.
+                    a Composition.
                  properties:
                    name:
-                              description: The name of the object.
+                      description: Name of this PatchSet.
                      type: string
                          required:
                          - name
                          type: object
                        selector:
                          description: Selector selects EnvironmentConfig(s) via labels.
                          properties:
                            matchLabels:
                              description: MatchLabels ensures an object with matching
                                labels is selected.
                              items:
                                description: |-
                                  An EnvironmentSourceSelectorLabelMatcher acts like a k8s label selector but
                                  can draw the label value from a different path.
                                properties:
                                  fromFieldPathPolicy:
                                    default: Required
                                    description: |-
                                      FromFieldPathPolicy specifies the policy for the valueFromFieldPath.
                                      The default is Required, meaning that an error will be returned if the
                                      field is not found in the composite resource.
                                      Optional means that if the field is not found in the composite resource,
                                      that label pair will just be skipped. N.B. other specified label
                                      matchers will still be used to retrieve the desired
                                      environment config, if any.
                                    enum:
                                    - Optional
                                    - Required
                                    type: string
                                  key:
                                    description: Key of the label to match.
                                    type: string
                                  type:
                                    default: FromCompositeFieldPath
                                    description: Type specifies where the value for
                                      a label comes from.
                                    enum:
                                    - FromCompositeFieldPath
                                    - Value
                                    type: string
                                  value:
                                    description: Value specifies a literal label value.
                                    type: string
                                  valueFromFieldPath:
                                    description: ValueFromFieldPath specifies the
                                      field path to look for the label value.
                                    type: string
                                required:
                                - key
                                type: object
                              type: array
                            maxMatch:
                              description: MaxMatch specifies the number of extracted
                                EnvironmentConfigs in Multiple mode, extracts all
                                if nil.
                              format: int64
                              type: integer
                            minMatch:
                              description: MinMatch specifies the required minimum
                                of extracted EnvironmentConfigs in Multiple mode.
                              format: int64
                              type: integer
                            mode:
                              default: Single
                              description: 'Mode specifies retrieval strategy: "Single"
                                or "Multiple".'
                              enum:
                              - Single
                              - Multiple
                              type: string
                            sortByFieldPath:
                              default: metadata.name
                              description: SortByFieldPath is the path to the field
                                based on which list of EnvironmentConfigs is alphabetically
                                sorted.
                              type: string
                          type: object
                        type:
                          default: Reference
                          description: |-
                            Type specifies the way the EnvironmentConfig is selected.
                            Default is `Reference`
                          enum:
                          - Reference
                          - Selector
                          type: string
                      type: object
                    type: array
                    patches:
-                    description: |-
+                      description: Patches will be applied as an overlay to the base
-                      Patches is a list of environment patches that are executed before a
+                        resource.
                      composition's resources are composed.
                      items:
-                      description: EnvironmentPatch is a patch for a Composition environment.
+                        description: |-
                          Patch objects are applied between composite and composed resources. Their
                          behaviour depends on the Type selected. The default Type,
                          FromCompositeFieldPath, copies a value from the composite resource to
                          the composed resource, applying any defined transformers.
                        properties:
                          combine:
                            description: |-
@ -270,422 +180,6 @@ spec:
                              to be used as input. Required when type is FromCompositeFieldPath or
                              ToCompositeFieldPath.
                            type: string
                        policy:
                          description: Policy configures the specifics of patching
                            behaviour.
                          properties:
                            fromFieldPath:
                              description: |-
                                FromFieldPath specifies how to patch from a field path. The default is
                                'Optional', which means the patch will be a no-op if the specified
                                fromFieldPath does not exist. Use 'Required' if the patch should fail if
                                the specified path does not exist.
                              enum:
                              - Optional
                              - Required
                              type: string
                            mergeOptions:
                              description: MergeOptions Specifies merge options on
                                a field path.
                              properties:
                                appendSlice:
                                  description: Specifies that already existing elements
                                    in a merged slice should be preserved
                                  type: boolean
                                keepMapValues:
                                  description: Specifies that already existing values
                                    in a merged map should be preserved
                                  type: boolean
                              type: object
                          type: object
                        toFieldPath:
                          description: |-
                            ToFieldPath is the path of the field on the resource whose value will
                            be changed with the result of transforms. Leave empty if you'd like to
                            propagate to the same path as fromFieldPath.
                          type: string
                        transforms:
                          description: |-
                            Transforms are the list of functions that are used as a FIFO pipe for the
                            input to be transformed.
                          items:
                            description: |-
                              Transform is a unit of process whose input is transformed into an output with
                              the supplied configuration.
                            properties:
                              convert:
                                description: Convert is used to cast the input into
                                  the given output type.
                                properties:
                                  format:
                                    description: |-
                                      The expected input format.
                                      * `quantity` - parses the input as a K8s [`resource.Quantity`](https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity).
                                      Only used during `string -> float64` conversions.
                                      * `json` - parses the input as a JSON string.
                                      Only used during `string -> object` or `string -> list` conversions.
                                      If this property is null, the default conversion is applied.
                                    enum:
                                    - none
                                    - quantity
                                    - json
                                    type: string
                                  toType:
                                    description: ToType is the type of the output
                                      of this transform.
                                    enum:
                                    - string
                                    - int
                                    - int64
                                    - bool
                                    - float64
                                    - object
                                    - array
                                    type: string
                                required:
                                - toType
                                type: object
                              map:
                                additionalProperties:
                                  x-kubernetes-preserve-unknown-fields: true
                                description: Map uses the input as a key in the given
                                  map and returns the value.
                                type: object
                              match:
                                description: Match is a more complex version of Map
                                  that matches a list of patterns.
                                properties:
                                  fallbackTo:
                                    default: Value
                                    description: Determines to what value the transform
                                      should fallback if no pattern matches.
                                    enum:
                                    - Value
                                    - Input
                                    type: string
                                  fallbackValue:
                                    description: |-
                                      The fallback value that should be returned by the transform if now pattern
                                      matches.
                                    x-kubernetes-preserve-unknown-fields: true
                                  patterns:
                                    description: |-
                                      The patterns that should be tested against the input string.
                                      Patterns are tested in order. The value of the first match is used as
                                      result of this transform.
                                    items:
                                      description: |-
                                        MatchTransformPattern is a transform that returns the value that matches a
                                        pattern.
                                      properties:
                                        literal:
                                          description: |-
                                            Literal exactly matches the input string (case sensitive).
                                            Is required if `type` is `literal`.
                                          type: string
                                        regexp:
                                          description: |-
                                            Regexp to match against the input string.
                                            Is required if `type` is `regexp`.
                                          type: string
                                        result:
                                          description: The value that is used as result
                                            of the transform if the pattern matches.
                                          x-kubernetes-preserve-unknown-fields: true
                                        type:
                                          default: literal
                                          description: |-
                                            Type specifies how the pattern matches the input.
                                            * `literal` - the pattern value has to exactly match (case sensitive) the
                                            input string. This is the default.
                                            * `regexp` - the pattern treated as a regular expression against
                                            which the input string is tested. Crossplane will throw an error if the
                                            key is not a valid regexp.
                                          enum:
                                          - literal
                                          - regexp
                                          type: string
                                      required:
                                      - result
                                      - type
                                      type: object
                                    type: array
                                type: object
                              math:
                                description: |-
                                  Math is used to transform the input via mathematical operations such as
                                  multiplication.
                                properties:
                                  clampMax:
                                    description: ClampMax makes sure that the value
                                      is not bigger than the given value.
                                    format: int64
                                    type: integer
                                  clampMin:
                                    description: ClampMin makes sure that the value
                                      is not smaller than the given value.
                                    format: int64
                                    type: integer
                                  multiply:
                                    description: Multiply the value.
                                    format: int64
                                    type: integer
                                  type:
                                    default: Multiply
                                    description: Type of the math transform to be
                                      run.
                                    enum:
                                    - Multiply
                                    - ClampMin
                                    - ClampMax
                                    type: string
                                type: object
                              string:
                                description: |-
                                  String is used to transform the input into a string or a different kind
                                  of string. Note that the input does not necessarily need to be a string.
                                properties:
                                  convert:
                                    description: |-
                                      Optional conversion method to be specified.
                                      `ToUpper` and `ToLower` change the letter case of the input string.
                                      `ToBase64` and `FromBase64` perform a base64 conversion based on the input string.
                                      `ToJson` converts any input value into its raw JSON representation.
                                      `ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input
                                      converted to JSON.
                                      `ToAdler32` generate a addler32 hash based on the input string.
                                    enum:
                                    - ToUpper
                                    - ToLower
                                    - ToBase64
                                    - FromBase64
                                    - ToJson
                                    - ToSha1
                                    - ToSha256
                                    - ToSha512
                                    - ToAdler32
                                    type: string
                                  fmt:
                                    description: |-
                                      Format the input using a Go format string. See
                                      https://golang.org/pkg/fmt/ for details.
                                    type: string
                                  join:
                                    description: Join defines parameters to join a
                                      slice of values to a string.
                                    properties:
                                      separator:
                                        description: |-
                                          Separator defines the character that should separate the values from each
                                          other in the joined string.
                                        type: string
                                    required:
                                    - separator
                                    type: object
                                  regexp:
                                    description: Extract a match from the input using
                                      a regular expression.
                                    properties:
                                      group:
                                        description: Group number to match. 0 (the
                                          default) matches the entire expression.
                                        type: integer
                                      match:
                                        description: |-
                                          Match string. May optionally include submatches, aka capture groups.
                                          See https://pkg.go.dev/regexp/ for details.
                                        type: string
                                    required:
                                    - match
                                    type: object
                                  trim:
                                    description: Trim the prefix or suffix from the
                                      input
                                    type: string
                                  type:
                                    default: Format
                                    description: Type of the string transform to be
                                      run.
                                    enum:
                                    - Format
                                    - Convert
                                    - TrimPrefix
                                    - TrimSuffix
                                    - Regexp
                                    - Join
                                    type: string
                                type: object
                              type:
                                description: Type of the transform to be run.
                                enum:
                                - map
                                - match
                                - math
                                - string
                                - convert
                                type: string
                            required:
                            - type
                            type: object
                          type: array
                        type:
                          default: FromCompositeFieldPath
                          description: |-
                            Type sets the patching behaviour to be used. Each patch type may require
                            its own fields to be set on the Patch object.
                          enum:
                          - FromCompositeFieldPath
                          - ToCompositeFieldPath
                          - CombineFromComposite
                          - CombineToComposite
                          type: string
                      type: object
                    type: array
                  policy:
                    description: |-
                      Policy represents the Resolve and Resolution policies which apply to
                      all EnvironmentSourceReferences in EnvironmentConfigs list.
                    properties:
                      resolution:
                        default: Required
                        description: |-
                          Resolution specifies whether resolution of this reference is required.
                          The default is 'Required', which means the reconcile will fail if the
                          reference cannot be resolved. 'Optional' means this reference will be
                          a no-op if it cannot be resolved.
                        enum:
                        - Required
                        - Optional
                        type: string
                      resolve:
                        description: |-
                          Resolve specifies when this reference should be resolved. The default
                          is 'IfNotPresent', which will attempt to resolve the reference only when
                          the corresponding field is not present. Use 'Always' to resolve the
                          reference on every reconcile.
                        enum:
                        - Always
                        - IfNotPresent
                        type: string
                    type: object
                type: object
              mode:
                default: Resources
                description: |-
                  Mode controls what type or "mode" of Composition will be used.
                  "Pipeline" indicates that a Composition specifies a pipeline of
                  Composition Functions, each of which is responsible for producing
                  composed resources that Crossplane should create or update.
                  "Resources" indicates that a Composition uses what is commonly referred
                  to as "Patch & Transform" or P&T composition. This mode of Composition
                  uses an array of resources, each a template for a composed resource.
                  All Compositions should use Pipeline mode. Resources mode is deprecated.
                  Resources mode won't be removed in Crossplane 1.x, and will remain the
                  default to avoid breaking legacy Compositions. However, it's no longer
                  accepting new features, and only accepting security related bug fixes.
                enum:
                - Resources
                - Pipeline
                type: string
              patchSets:
                description: |-
                  PatchSets define a named set of patches that may be included by any
                  resource in this Composition. PatchSets cannot themselves refer to other
                  PatchSets.
                  PatchSets are only used by the "Resources" mode of Composition. They
                  are ignored by other modes.
                  Deprecated: Use Composition Functions instead.
                items:
                  description: |-
                    A PatchSet is a set of patches that can be reused from all resources within
                    a Composition.
                  properties:
                    name:
                      description: Name of this PatchSet.
                      type: string
                    patches:
                      description: Patches will be applied as an overlay to the base
                        resource.
                      items:
                        description: |-
                          Patch objects are applied between composite and composed resources. Their
                          behaviour depends on the Type selected. The default Type,
                          FromCompositeFieldPath, copies a value from the composite resource to
                          the composed resource, applying any defined transformers.
                        properties:
                          combine:
                            description: |-
                              Combine is the patch configuration for a CombineFromComposite,
                              CombineFromEnvironment, CombineToComposite or CombineToEnvironment patch.
                            properties:
                              strategy:
                                description: |-
                                  Strategy defines the strategy to use to combine the input variable values.
                                  Currently only string is supported.
                                enum:
                                - string
                                type: string
                              string:
                                description: |-
                                  String declares that input variables should be combined into a single
                                  string, using the relevant settings for formatting purposes.
                                properties:
                                  fmt:
                                    description: |-
                                      Format the input using a Go format string. See
                                      https://golang.org/pkg/fmt/ for details.
                                    type: string
                                required:
                                - fmt
                                type: object
                              variables:
                                description: |-
                                  Variables are the list of variables whose values will be retrieved and
                                  combined.
                                items:
                                  description: |-
                                    A CombineVariable defines the source of a value that is combined with
                                    others to form and patch an output value. Currently, this only supports
                                    retrieving values from a field path.
                                  properties:
                                    fromFieldPath:
                                      description: |-
                                        FromFieldPath is the path of the field on the source whose value is
                                        to be used as input.
                                      type: string
                                  required:
                                  - fromFieldPath
                                  type: object
                                minItems: 1
                                type: array
                            required:
                            - strategy
                            - variables
                            type: object
                          fromFieldPath:
                            description: |-
                              FromFieldPath is the path of the field on the resource whose value is
                              to be used as input. Required when type is FromCompositeFieldPath,
                              FromEnvironmentFieldPath, ToCompositeFieldPath, ToEnvironmentFieldPath.
                            type: string
                          patchSetName:
                            description: PatchSetName to include patches from. Required
                              when type is PatchSet.
@ -741,13 +235,11 @@ spec:
                                      description: |-
                                        The expected input format.
                                        * `quantity` - parses the input as a K8s [`resource.Quantity`](https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity).
                                        Only used during `string -> float64` conversions.
                                        * `json` - parses the input as a JSON string.
                                        Only used during `string -> object` or `string -> list` conversions.
                                        If this property is null, the default conversion is applied.
                                      enum:
                                      - none
@ -822,11 +314,9 @@ spec:
                                            description: |-
                                              Type specifies how the pattern matches the input.
                                              * `literal` - the pattern value has to exactly match (case sensitive) the
                                              input string. This is the default.
                                              * `regexp` - the pattern treated as a regular expression against
                                              which the input string is tested. Crossplane will throw an error if the
                                              key is not a valid regexp.
@ -964,14 +454,10 @@ spec:
                              its own fields to be set on the Patch object.
                            enum:
                            - FromCompositeFieldPath
                            - FromEnvironmentFieldPath
                            - PatchSet
                            - ToCompositeFieldPath
                            - ToEnvironmentFieldPath
                            - CombineFromEnvironment
                            - CombineFromComposite
                            - CombineToComposite
                            - CombineToEnvironment
                            type: string
                        type: object
                      type: array
@ -986,7 +472,6 @@ spec:
                  composite resource referring to this composition is created. One of
                  resources and pipeline must be specified - you cannot specify both.
                  The Pipeline is only used by the "Pipeline" mode of Composition. It is
                  ignored by other modes.
                items:
@ -1070,7 +555,6 @@ spec:
                  with which the connection details of composite resources dynamically
                  provisioned using this composition will be published.
                  THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored
                  unless the relevant Crossplane feature flag is enabled, and may be
                  changed or removed without notice.
@ -1086,11 +570,9 @@ spec:
                  Resources is a list of resource templates that will be used when a
                  composite resource referring to this composition is created.
                  Resources are only used by the "Resources" mode of Composition. They are
                  ignored by other modes.
                  Deprecated: Use Composition Functions instead.
                items:
                  description: |-
@ -1173,8 +655,8 @@ spec:
                        properties:
                          combine:
                            description: |-
-                              Combine is the patch configuration for a CombineFromComposite,
+                              Combine is the patch configuration for a CombineFromComposite or
-                              CombineFromEnvironment, CombineToComposite or CombineToEnvironment patch.
+                              CombineToComposite patch.
                            properties:
                              strategy:
                                description: |-
@ -1223,8 +705,8 @@ spec:
                          fromFieldPath:
                            description: |-
                              FromFieldPath is the path of the field on the resource whose value is
-                              to be used as input. Required when type is FromCompositeFieldPath,
+                              to be used as input. Required when type is FromCompositeFieldPath or
-                              FromEnvironmentFieldPath, ToCompositeFieldPath, ToEnvironmentFieldPath.
+                              ToCompositeFieldPath.
                            type: string
                          patchSetName:
                            description: PatchSetName to include patches from. Required
@ -1281,13 +763,11 @@ spec:
                                      description: |-
                                        The expected input format.
                                        * `quantity` - parses the input as a K8s [`resource.Quantity`](https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity).
                                        Only used during `string -> float64` conversions.
                                        * `json` - parses the input as a JSON string.
                                        Only used during `string -> object` or `string -> list` conversions.
                                        If this property is null, the default conversion is applied.
                                      enum:
                                      - none
@ -1362,11 +842,9 @@ spec:
                                            description: |-
                                              Type specifies how the pattern matches the input.
                                              * `literal` - the pattern value has to exactly match (case sensitive) the
                                              input string. This is the default.
                                              * `regexp` - the pattern treated as a regular expression against
                                              which the input string is tested. Crossplane will throw an error if the
                                              key is not a valid regexp.
@ -1504,14 +982,10 @@ spec:
                              its own fields to be set on the Patch object.
                            enum:
                            - FromCompositeFieldPath
                            - FromEnvironmentFieldPath
                            - PatchSet
                            - ToCompositeFieldPath
                            - ToEnvironmentFieldPath
                            - CombineFromEnvironment
                            - CombineFromComposite
                            - CombineToComposite
                            - CombineToEnvironment
                            type: string
                        type: object
                      type: array
--- a/content/v1.19/api/crds/apiextensions.crossplane.io_environmentconfigs.yaml
+++ b/content/v1.19/api/crds/apiextensions.crossplane.io_environmentconfigs.yaml
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.16.5
  name: environmentconfigs.apiextensions.crossplane.io
 spec:
  group: apiextensions.crossplane.io
@ -29,7 +29,6 @@ spec:
          An EnvironmentConfig contains user-defined unstructured values for
          use in a Composition.
          Read the Crossplane documentation for
          [more information about EnvironmentConfigs](https://docs.crossplane.io/latest/concepts/environment-configs).
        properties:
@ -61,3 +60,45 @@ spec:
    served: true
    storage: true
    subresources: {}
  - additionalPrinterColumns:
    - jsonPath: .metadata.creationTimestamp
      name: AGE
      type: date
    name: v1beta1
    schema:
      openAPIV3Schema:
        description: |-
          An EnvironmentConfig contains user-defined unstructured values for
          use in a Composition.
          Read the Crossplane documentation for
          [more information about EnvironmentConfigs](https://docs.crossplane.io/latest/concepts/environment-configs).
        properties:
          apiVersion:
            description: |-
              APIVersion defines the versioned schema of this representation of an object.
              Servers should convert recognized schemas to the latest internal value, and
              may reject unrecognized values.
              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
            type: string
          data:
            additionalProperties:
              x-kubernetes-preserve-unknown-fields: true
            description: |-
              The data of this EnvironmentConfig.
              This may contain any kind of structure that can be serialized into JSON.
            type: object
          kind:
            description: |-
              Kind is a string value representing the REST resource this object represents.
              Servers may infer this from the endpoint the client submits requests to.
              Cannot be updated.
              In CamelCase.
              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
            type: string
          metadata:
            type: object
        type: object
    served: true
    storage: false
    subresources: {}
--- a/content/v1.19/api/crds/apiextensions.crossplane.io_usages.yaml
+++ b/content/v1.19/api/crds/apiextensions.crossplane.io_usages.yaml
@ -0,0 +1,412 @@
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.16.5
  name: usages.apiextensions.crossplane.io
 spec:
  group: apiextensions.crossplane.io
  names:
    categories:
    - crossplane
    kind: Usage
    listKind: UsageList
    plural: usages
    singular: usage
  scope: Cluster
  versions:
  - additionalPrinterColumns:
    - jsonPath: .metadata.annotations.crossplane\.io/usage-details
      name: DETAILS
      type: string
    - jsonPath: .status.conditions[?(@.type=='Ready')].status
      name: READY
      type: string
    - jsonPath: .metadata.creationTimestamp
      name: AGE
      type: date
    name: v1alpha1
    schema:
      openAPIV3Schema:
        description: |-
          A Usage defines a deletion blocking relationship between two resources.
          Usages prevent accidental deletion of a single resource or deletion of
          resources with dependent resources.
          Read the Crossplane documentation for
          [more information about Compositions](https://docs.crossplane.io/latest/concepts/usages).
        properties:
          apiVersion:
            description: |-
              APIVersion defines the versioned schema of this representation of an object.
              Servers should convert recognized schemas to the latest internal value, and
              may reject unrecognized values.
              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
            type: string
          kind:
            description: |-
              Kind is a string value representing the REST resource this object represents.
              Servers may infer this from the endpoint the client submits requests to.
              Cannot be updated.
              In CamelCase.
              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
            type: string
          metadata:
            type: object
          spec:
            description: UsageSpec defines the desired state of Usage.
            properties:
              by:
                description: By is the resource that is "using the other resource".
                properties:
                  apiVersion:
                    description: API version of the referent.
                    type: string
                  kind:
                    description: |-
                      Kind of the referent.
                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
                    type: string
                  resourceRef:
                    description: Reference to the resource.
                    properties:
                      name:
                        description: Name of the referent.
                        type: string
                    required:
                    - name
                    type: object
                  resourceSelector:
                    description: |-
                      Selector to the resource.
                      This field will be ignored if ResourceRef is set.
                    properties:
                      matchControllerRef:
                        description: |-
                          MatchControllerRef ensures an object with the same controller reference
                          as the selecting object is selected.
                        type: boolean
                      matchLabels:
                        additionalProperties:
                          type: string
                        description: MatchLabels ensures an object with matching labels
                          is selected.
                        type: object
                    type: object
                type: object
                x-kubernetes-validations:
                - message: either a resource reference or a resource selector should
                    be set.
                  rule: has(self.resourceRef) || has(self.resourceSelector)
              of:
                description: Of is the resource that is "being used".
                properties:
                  apiVersion:
                    description: API version of the referent.
                    type: string
                  kind:
                    description: |-
                      Kind of the referent.
                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
                    type: string
                  resourceRef:
                    description: Reference to the resource.
                    properties:
                      name:
                        description: Name of the referent.
                        type: string
                    required:
                    - name
                    type: object
                  resourceSelector:
                    description: |-
                      Selector to the resource.
                      This field will be ignored if ResourceRef is set.
                    properties:
                      matchControllerRef:
                        description: |-
                          MatchControllerRef ensures an object with the same controller reference
                          as the selecting object is selected.
                        type: boolean
                      matchLabels:
                        additionalProperties:
                          type: string
                        description: MatchLabels ensures an object with matching labels
                          is selected.
                        type: object
                    type: object
                type: object
                x-kubernetes-validations:
                - message: either a resource reference or a resource selector should
                    be set.
                  rule: has(self.resourceRef) || has(self.resourceSelector)
              reason:
                description: Reason is the reason for blocking deletion of the resource.
                type: string
              replayDeletion:
                description: ReplayDeletion will trigger a deletion on the used resource
                  during the deletion of the usage itself, if it was attempted to
                  be deleted at least once.
                type: boolean
            required:
            - of
            type: object
            x-kubernetes-validations:
            - message: either "spec.by" or "spec.reason" must be specified.
              rule: has(self.by) || has(self.reason)
          status:
            description: UsageStatus defines the observed state of Usage.
            properties:
              conditions:
                description: Conditions of the resource.
                items:
                  description: A Condition that may apply to a resource.
                  properties:
                    lastTransitionTime:
                      description: |-
                        LastTransitionTime is the last time this condition transitioned from one
                        status to another.
                      format: date-time
                      type: string
                    message:
                      description: |-
                        A Message containing details about this condition's last transition from
                        one status to another, if any.
                      type: string
                    observedGeneration:
                      description: |-
                        ObservedGeneration represents the .metadata.generation that the condition was set based upon.
                        For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
                        with respect to the current state of the instance.
                      format: int64
                      type: integer
                    reason:
                      description: A Reason for this condition's last transition from
                        one status to another.
                      type: string
                    status:
                      description: Status of this condition; is it currently True,
                        False, or Unknown?
                      type: string
                    type:
                      description: |-
                        Type of this condition. At most one of each condition type may apply to
                        a resource at any point in time.
                      type: string
                  required:
                  - lastTransitionTime
                  - reason
                  - status
                  - type
                  type: object
                type: array
                x-kubernetes-list-map-keys:
                - type
                x-kubernetes-list-type: map
            type: object
        required:
        - spec
        type: object
    served: true
    storage: true
    subresources:
      status: {}
  - additionalPrinterColumns:
    - jsonPath: .metadata.annotations.crossplane\.io/usage-details
      name: DETAILS
      type: string
    - jsonPath: .status.conditions[?(@.type=='Ready')].status
      name: READY
      type: string
    - jsonPath: .metadata.creationTimestamp
      name: AGE
      type: date
    name: v1beta1
    schema:
      openAPIV3Schema:
        description: |-
          A Usage defines a deletion blocking relationship between two resources.
          Usages prevent accidental deletion of a single resource or deletion of
          resources with dependent resources.
          Read the Crossplane documentation for
          [more information about Compositions](https://docs.crossplane.io/latest/concepts/usages).
        properties:
          apiVersion:
            description: |-
              APIVersion defines the versioned schema of this representation of an object.
              Servers should convert recognized schemas to the latest internal value, and
              may reject unrecognized values.
              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
            type: string
          kind:
            description: |-
              Kind is a string value representing the REST resource this object represents.
              Servers may infer this from the endpoint the client submits requests to.
              Cannot be updated.
              In CamelCase.
              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
            type: string
          metadata:
            type: object
          spec:
            description: UsageSpec defines the desired state of Usage.
            properties:
              by:
                description: By is the resource that is "using the other resource".
                properties:
                  apiVersion:
                    description: API version of the referent.
                    type: string
                  kind:
                    description: |-
                      Kind of the referent.
                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
                    type: string
                  resourceRef:
                    description: Reference to the resource.
                    properties:
                      name:
                        description: Name of the referent.
                        type: string
                    required:
                    - name
                    type: object
                  resourceSelector:
                    description: |-
                      Selector to the resource.
                      This field will be ignored if ResourceRef is set.
                    properties:
                      matchControllerRef:
                        description: |-
                          MatchControllerRef ensures an object with the same controller reference
                          as the selecting object is selected.
                        type: boolean
                      matchLabels:
                        additionalProperties:
                          type: string
                        description: MatchLabels ensures an object with matching labels
                          is selected.
                        type: object
                    type: object
                type: object
                x-kubernetes-validations:
                - message: either a resource reference or a resource selector should
                    be set.
                  rule: has(self.resourceRef) || has(self.resourceSelector)
              of:
                description: Of is the resource that is "being used".
                properties:
                  apiVersion:
                    description: API version of the referent.
                    type: string
                  kind:
                    description: |-
                      Kind of the referent.
                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
                    type: string
                  resourceRef:
                    description: Reference to the resource.
                    properties:
                      name:
                        description: Name of the referent.
                        type: string
                    required:
                    - name
                    type: object
                  resourceSelector:
                    description: |-
                      Selector to the resource.
                      This field will be ignored if ResourceRef is set.
                    properties:
                      matchControllerRef:
                        description: |-
                          MatchControllerRef ensures an object with the same controller reference
                          as the selecting object is selected.
                        type: boolean
                      matchLabels:
                        additionalProperties:
                          type: string
                        description: MatchLabels ensures an object with matching labels
                          is selected.
                        type: object
                    type: object
                type: object
                x-kubernetes-validations:
                - message: either a resource reference or a resource selector should
                    be set.
                  rule: has(self.resourceRef) || has(self.resourceSelector)
              reason:
                description: Reason is the reason for blocking deletion of the resource.
                type: string
              replayDeletion:
                description: ReplayDeletion will trigger a deletion on the used resource
                  during the deletion of the usage itself, if it was attempted to
                  be deleted at least once.
                type: boolean
            required:
            - of
            type: object
            x-kubernetes-validations:
            - message: either "spec.by" or "spec.reason" must be specified.
              rule: has(self.by) || has(self.reason)
          status:
            description: UsageStatus defines the observed state of Usage.
            properties:
              conditions:
                description: Conditions of the resource.
                items:
                  description: A Condition that may apply to a resource.
                  properties:
                    lastTransitionTime:
                      description: |-
                        LastTransitionTime is the last time this condition transitioned from one
                        status to another.
                      format: date-time
                      type: string
                    message:
                      description: |-
                        A Message containing details about this condition's last transition from
                        one status to another, if any.
                      type: string
                    observedGeneration:
                      description: |-
                        ObservedGeneration represents the .metadata.generation that the condition was set based upon.
                        For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
                        with respect to the current state of the instance.
                      format: int64
                      type: integer
                    reason:
                      description: A Reason for this condition's last transition from
                        one status to another.
                      type: string
                    status:
                      description: Status of this condition; is it currently True,
                        False, or Unknown?
                      type: string
                    type:
                      description: |-
                        Type of this condition. At most one of each condition type may apply to
                        a resource at any point in time.
                      type: string
                  required:
                  - lastTransitionTime
                  - reason
                  - status
                  - type
                  type: object
                type: array
                x-kubernetes-list-map-keys:
                - type
                x-kubernetes-list-type: map
            type: object
        required:
        - spec
        type: object
    served: true
    storage: false
    subresources:
      status: {}
--- a/content/v1.19/api/crds/pkg.crossplane.io_configurationrevisions.yaml
+++ b/content/v1.19/api/crds/pkg.crossplane.io_configurationrevisions.yaml
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.16.5
  name: configurationrevisions.pkg.crossplane.io
 spec:
  group: pkg.crossplane.io
@ -46,7 +46,6 @@ spec:
          A ConfigurationRevision represents a revision of a Configuration. Crossplane
          creates new revisions when there are changes to a Configuration.
          Crossplane creates and manages ConfigurationRevision. Don't directly edit
          ConfigurationRevisions.
        properties:
@ -113,10 +112,13 @@ spec:
                    referenced object inside the same namespace.
                  properties:
                    name:
                      default: ""
                      description: |-
                        Name of the referent.
                        This field is effectively required, but due to backwards compatibility is
                        allowed to be empty. Instances of this type with an empty value here are
                        almost certainly wrong.
                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                        TODO: Add other useful fields. apiVersion, kind, uid?
                      type: string
                  type: object
                  x-kubernetes-map-type: atomic
--- a/content/v1.19/api/crds/pkg.crossplane.io_configurations.yaml
+++ b/content/v1.19/api/crds/pkg.crossplane.io_configurations.yaml
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.16.5
  name: configurations.pkg.crossplane.io
 spec:
  group: pkg.crossplane.io
@ -38,7 +38,6 @@ spec:
          Crossplane with support for new kinds of CompositeResourceDefinitions and
          Compositions.
          Read the Crossplane documentation for
          [more information about Configuration packages](https://docs.crossplane.io/latest/concepts/packages).
        properties:
@ -99,10 +98,13 @@ spec:
                    referenced object inside the same namespace.
                  properties:
                    name:
                      default: ""
                      description: |-
                        Name of the referent.
                        This field is effectively required, but due to backwards compatibility is
                        allowed to be empty. Instances of this type with an empty value here are
                        almost certainly wrong.
                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                        TODO: Add other useful fields. apiVersion, kind, uid?
                      type: string
                  type: object
                  x-kubernetes-map-type: atomic
--- a/content/v1.19/api/crds/pkg.crossplane.io_controllerconfigs.yaml
+++ b/content/v1.19/api/crds/pkg.crossplane.io_controllerconfigs.yaml
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.16.5
  name: controllerconfigs.pkg.crossplane.io
 spec:
  group: pkg.crossplane.io
@ -30,7 +30,6 @@ spec:
          [DeploymentRuntimeConfig](https://docs.crossplane.io/latest/concepts/providers#runtime-configuration)
          instead.
          Read the
          [Package Runtime Configuration](https://github.com/crossplane/crossplane/blob/11bbe13ea3604928cc4e24e8d0d18f3f5f7e847c/design/one-pager-package-runtime-config.md)
          design document for more details.
@ -342,7 +341,7 @@ spec:
                                    pod labels will be ignored. The default value is empty.
                                    The same key is forbidden to exist in both matchLabelKeys and labelSelector.
                                    Also, matchLabelKeys cannot be set when labelSelector isn't set.
-                                    This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+                                    This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
                                  items:
                                    type: string
                                  type: array
@ -357,7 +356,7 @@ spec:
                                    pod labels will be ignored. The default value is empty.
                                    The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
                                    Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
-                                    This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+                                    This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
                                  items:
                                    type: string
                                  type: array
@ -523,7 +522,7 @@ spec:
                                pod labels will be ignored. The default value is empty.
                                The same key is forbidden to exist in both matchLabelKeys and labelSelector.
                                Also, matchLabelKeys cannot be set when labelSelector isn't set.
-                                This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+                                This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
                              items:
                                type: string
                              type: array
@ -538,7 +537,7 @@ spec:
                                pod labels will be ignored. The default value is empty.
                                The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
                                Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
-                                This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+                                This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
                              items:
                                type: string
                              type: array
@ -701,7 +700,7 @@ spec:
                                    pod labels will be ignored. The default value is empty.
                                    The same key is forbidden to exist in both matchLabelKeys and labelSelector.
                                    Also, matchLabelKeys cannot be set when labelSelector isn't set.
-                                    This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+                                    This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
                                  items:
                                    type: string
                                  type: array
@ -716,7 +715,7 @@ spec:
                                    pod labels will be ignored. The default value is empty.
                                    The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
                                    Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
-                                    This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+                                    This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
                                  items:
                                    type: string
                                  type: array
@ -882,7 +881,7 @@ spec:
                                pod labels will be ignored. The default value is empty.
                                The same key is forbidden to exist in both matchLabelKeys and labelSelector.
                                Also, matchLabelKeys cannot be set when labelSelector isn't set.
-                                This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+                                This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
                              items:
                                type: string
                              type: array
@ -897,7 +896,7 @@ spec:
                                pod labels will be ignored. The default value is empty.
                                The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
                                Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
-                                This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+                                This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
                              items:
                                type: string
                              type: array
@ -1025,10 +1024,13 @@ spec:
                              description: The key to select.
                              type: string
                            name:
                              default: ""
                              description: |-
                                Name of the referent.
                                This field is effectively required, but due to backwards compatibility is
                                allowed to be empty. Instances of this type with an empty value here are
                                almost certainly wrong.
                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                TODO: Add other useful fields. apiVersion, kind, uid?
                              type: string
                            optional:
                              description: Specify whether the ConfigMap or its key
@ -1087,10 +1089,13 @@ spec:
                                be a valid secret key.
                              type: string
                            name:
                              default: ""
                              description: |-
                                Name of the referent.
                                This field is effectively required, but due to backwards compatibility is
                                allowed to be empty. Instances of this type with an empty value here are
                                almost certainly wrong.
                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                TODO: Add other useful fields. apiVersion, kind, uid?
                              type: string
                            optional:
                              description: Specify whether the Secret or its key must
@ -1120,10 +1125,13 @@ spec:
                      description: The ConfigMap to select from
                      properties:
                        name:
                          default: ""
                          description: |-
                            Name of the referent.
                            This field is effectively required, but due to backwards compatibility is
                            allowed to be empty. Instances of this type with an empty value here are
                            almost certainly wrong.
                            More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                            TODO: Add other useful fields. apiVersion, kind, uid?
                          type: string
                        optional:
                          description: Specify whether the ConfigMap must be defined
@ -1138,10 +1146,13 @@ spec:
                      description: The Secret to select from
                      properties:
                        name:
                          default: ""
                          description: |-
                            Name of the referent.
                            This field is effectively required, but due to backwards compatibility is
                            allowed to be empty. Instances of this type with an empty value here are
                            almost certainly wrong.
                            More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                            TODO: Add other useful fields. apiVersion, kind, uid?
                          type: string
                        optional:
                          description: Specify whether the Secret must be defined
@ -1179,10 +1190,13 @@ spec:
                    referenced object inside the same namespace.
                  properties:
                    name:
                      default: ""
                      description: |-
                        Name of the referent.
                        This field is effectively required, but due to backwards compatibility is
                        allowed to be empty. Instances of this type with an empty value here are
                        almost certainly wrong.
                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                        TODO: Add other useful fields. apiVersion, kind, uid?
                      type: string
                  type: object
                  x-kubernetes-map-type: atomic
@ -1259,12 +1273,10 @@ spec:
                      Some volume types allow the Kubelet to change the ownership of that volume
                      to be owned by the pod:
                      1. The owning GID will be the FSGroup
                      2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
                      3. The permission bits are OR'd with rw-rw----
                      If unset, the Kubelet will not modify the ownership and permissions of any volume.
                      Note that this field cannot be set when spec.os.name is windows.
                    format: int64
@ -1351,7 +1363,6 @@ spec:
                          type indicates which kind of seccomp profile will be applied.
                          Valid options are:
                          Localhost - a profile defined in a file on the node should be used.
                          RuntimeDefault - the container runtime default profile should be used.
                          Unconfined - no profile should be applied.
@ -1361,18 +1372,28 @@ spec:
                    type: object
                  supplementalGroups:
                    description: |-
-                      A list of groups applied to the first process run in each container, in addition
+                      A list of groups applied to the first process run in each container, in
-                      to the container's primary GID, the fsGroup (if specified), and group memberships
+                      addition to the container's primary GID and fsGroup (if specified).  If
-                      defined in the container image for the uid of the container process. If unspecified,
+                      the SupplementalGroupsPolicy feature is enabled, the
-                      no additional groups are added to any container. Note that group memberships
+                      supplementalGroupsPolicy field determines whether these are in addition
-                      defined in the container image for the uid of the container process are still effective,
+                      to or instead of any group memberships defined in the container image.
-                      even if they are not included in this list.
+                      If unspecified, no additional groups are added, though group memberships
                      defined in the container image may still be used, depending on the
                      supplementalGroupsPolicy field.
                      Note that this field cannot be set when spec.os.name is windows.
                    items:
                      format: int64
                      type: integer
                    type: array
                    x-kubernetes-list-type: atomic
                  supplementalGroupsPolicy:
                    description: |-
                      Defines how supplemental groups of the first container processes are calculated.
                      Valid values are "Merge" and "Strict". If not specified, "Merge" is used.
                      (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled
                      and the container runtime must implement support for this feature.
                      Note that this field cannot be set when spec.os.name is windows.
                    type: string
                  sysctls:
                    description: |-
                      Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
@ -1494,11 +1515,9 @@ spec:
                      Claims lists the names of resources, defined in spec.resourceClaims,
                      that are used by this container.
                      This is an alpha field and requires enabling the
                      DynamicResourceAllocation feature gate.
                      This field is immutable. It can only be set for containers.
                    items:
                      description: ResourceClaim references one entry in PodSpec.ResourceClaims.
@ -1509,6 +1528,12 @@ spec:
                            the Pod where this field is used. It makes that resource available
                            inside a container.
                          type: string
                        request:
                          description: |-
                            Request is the name chosen for a request in the referenced claim.
                            If empty, everything from the claim is made available, otherwise
                            only the result of this request.
                          type: string
                      required:
                      - name
                      type: object
@ -1620,7 +1645,7 @@ spec:
                  procMount:
                    description: |-
                      procMount denotes the type of proc mount to use for the containers.
-                      The default is DefaultProcMount which uses the container runtime defaults for
+                      The default value is Default which uses the container runtime defaults for
                      readonly paths and masked paths.
                      This requires the ProcMountType feature flag to be enabled.
                      Note that this field cannot be set when spec.os.name is windows.
@ -1702,7 +1727,6 @@ spec:
                          type indicates which kind of seccomp profile will be applied.
                          Valid options are:
                          Localhost - a profile defined in a file on the node should be used.
                          RuntimeDefault - the container runtime default profile should be used.
                          Unconfined - no profile should be applied.
@ -1832,10 +1856,8 @@ spec:
                        RecursiveReadOnly specifies whether read-only mounts should be handled
                        recursively.
                        If ReadOnly is false, this field has no meaning and must be unspecified.
                        If ReadOnly is true, and this field is set to Disabled, the mount is not made
                        recursively read-only.  If this field is set to IfPossible, the mount is made
                        recursively read-only, if it is supported by the container runtime.  If this
@ -1843,11 +1865,9 @@ spec:
                        supported by the container runtime, otherwise the pod will not be started and
                        an error will be generated to indicate the reason.
                        If this field is set to IfPossible or Enabled, MountPropagation must be set to
                        None (or be unspecified, which defaults to None).
                        If this field is not specified, it is treated as an equivalent of Disabled.
                      type: string
                    subPath:
@ -1887,7 +1907,6 @@ spec:
                            Tip: Ensure that the filesystem type is supported by the host operating system.
                            Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
                            More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
                            TODO: how do we prevent errors in the filesystem from compromising the machine
                          type: string
                        partition:
                          description: |-
@ -1927,6 +1946,7 @@ spec:
                            storage
                          type: string
                        fsType:
                          default: ext4
                          description: |-
                            fsType is Filesystem type to mount.
                            Must be a filesystem type supported by the host operating system.
@ -1939,6 +1959,7 @@ spec:
                            disk (only in managed availability set). defaults to shared'
                          type: string
                        readOnly:
                          default: false
                          description: |-
                            readOnly Defaults to false (read/write). ReadOnly here will force
                            the ReadOnly setting in VolumeMounts.
@ -2000,10 +2021,13 @@ spec:
                            More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
                          properties:
                            name:
                              default: ""
                              description: |-
                                Name of the referent.
                                This field is effectively required, but due to backwards compatibility is
                                allowed to be empty. Instances of this type with an empty value here are
                                almost certainly wrong.
                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                TODO: Add other useful fields. apiVersion, kind, uid?
                              type: string
                          type: object
                          x-kubernetes-map-type: atomic
@ -2039,10 +2063,13 @@ spec:
                            to OpenStack.
                          properties:
                            name:
                              default: ""
                              description: |-
                                Name of the referent.
                                This field is effectively required, but due to backwards compatibility is
                                allowed to be empty. Instances of this type with an empty value here are
                                almost certainly wrong.
                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                TODO: Add other useful fields. apiVersion, kind, uid?
                              type: string
                          type: object
                          x-kubernetes-map-type: atomic
@ -2108,10 +2135,13 @@ spec:
                          type: array
                          x-kubernetes-list-type: atomic
                        name:
                          default: ""
                          description: |-
                            Name of the referent.
                            This field is effectively required, but due to backwards compatibility is
                            allowed to be empty. Instances of this type with an empty value here are
                            almost certainly wrong.
                            More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                            TODO: Add other useful fields. apiVersion, kind, uid?
                          type: string
                        optional:
                          description: optional specify whether the ConfigMap or its
@ -2144,10 +2174,13 @@ spec:
                            secret object contains more than one secret, all secret references are passed.
                          properties:
                            name:
                              default: ""
                              description: |-
                                Name of the referent.
                                This field is effectively required, but due to backwards compatibility is
                                allowed to be empty. Instances of this type with an empty value here are
                                almost certainly wrong.
                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                TODO: Add other useful fields. apiVersion, kind, uid?
                              type: string
                          type: object
                          x-kubernetes-map-type: atomic
@ -2284,7 +2317,6 @@ spec:
                        The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,
                        and deleted when the pod is removed.
                        Use this if:
                        a) the volume is only needed while the pod runs,
                        b) features of normal volumes like restoring from snapshot or capacity
@ -2295,17 +2327,14 @@ spec:
                           information on the connection between this volume type
                           and PersistentVolumeClaim).
                        Use PersistentVolumeClaim or one of the vendor-specific
                        APIs for volumes that persist for longer than the lifecycle
                        of an individual pod.
                        Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to
                        be used that way - see the documentation of the driver for
                        more information.
                        A pod can use both types of ephemeral volumes and
                        persistent volumes at the same time.
                      properties:
@ -2319,7 +2348,6 @@ spec:
                            entry. Pod validation will reject the pod if the concatenated name
                            is not valid for a PVC (for example, too long).
                            An existing PVC with that name that is not owned by the pod
                            will *not* be used for the pod to avoid using an unrelated
                            volume by mistake. Starting the pod is then blocked until
@ -2329,11 +2357,9 @@ spec:
                            this should not be necessary, but it may be useful when
                            manually reconstructing a broken cluster.
                            This field is read-only and no changes will be made by Kubernetes
                            to the PVC after it has been created.
                            Required, must not be nil.
                          properties:
                            metadata:
@ -2553,7 +2579,7 @@ spec:
                                    set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource
                                    exists.
                                    More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/
-                                    (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
+                                    (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
                                  type: string
                                volumeMode:
                                  description: |-
@ -2579,7 +2605,6 @@ spec:
                            fsType is the filesystem type to mount.
                            Must be a filesystem type supported by the host operating system.
                            Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
                            TODO: how do we prevent errors in the filesystem from compromising the machine
                          type: string
                        lun:
                          description: 'lun is Optional: FC target lun number'
@ -2641,10 +2666,13 @@ spec:
                            scripts.
                          properties:
                            name:
                              default: ""
                              description: |-
                                Name of the referent.
                                This field is effectively required, but due to backwards compatibility is
                                allowed to be empty. Instances of this type with an empty value here are
                                almost certainly wrong.
                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                TODO: Add other useful fields. apiVersion, kind, uid?
                              type: string
                          type: object
                          x-kubernetes-map-type: atomic
@ -2678,7 +2706,6 @@ spec:
                            Tip: Ensure that the filesystem type is supported by the host operating system.
                            Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
                            More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
                            TODO: how do we prevent errors in the filesystem from compromising the machine
                          type: string
                        partition:
                          description: |-
@ -2759,9 +2786,6 @@ spec:
                        used for system agents or other privileged things that are allowed
                        to see the host machine. Most containers will NOT need this.
                        More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
                        ---
                        TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not
                        mount host directories as read/write.
                      properties:
                        path:
                          description: |-
@ -2778,6 +2802,41 @@ spec:
                      required:
                      - path
                      type: object
                    image:
                      description: |-
                        image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.
                        The volume is resolved at pod startup depending on which PullPolicy value is provided:
                        - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.
                        - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.
                        - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.
                        The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.
                        A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.
                        The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.
                        The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.
                        The volume will be mounted read-only (ro) and non-executable files (noexec).
                        Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).
                        The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.
                      properties:
                        pullPolicy:
                          description: |-
                            Policy for pulling OCI objects. Possible values are:
                            Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.
                            Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.
                            IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.
                            Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
                          type: string
                        reference:
                          description: |-
                            Required: Image or artifact reference to be used.
                            Behaves in the same way as pod.spec.containers[*].image.
                            Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.
                            More info: https://kubernetes.io/docs/concepts/containers/images
                            This field is optional to allow higher level config management to default or override
                            container images in workload controllers like Deployments and StatefulSets.
                          type: string
                      type: object
                    iscsi:
                      description: |-
                        iscsi represents an ISCSI Disk resource that is attached to a
@ -2798,7 +2857,6 @@ spec:
                            Tip: Ensure that the filesystem type is supported by the host operating system.
                            Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
                            More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
                            TODO: how do we prevent errors in the filesystem from compromising the machine
                          type: string
                        initiatorName:
                          description: |-
@ -2810,6 +2868,7 @@ spec:
                          description: iqn is the target iSCSI Qualified Name.
                          type: string
                        iscsiInterface:
                          default: default
                          description: |-
                            iscsiInterface is the interface Name that uses an iSCSI transport.
                            Defaults to 'default' (tcp).
@ -2836,10 +2895,13 @@ spec:
                            and initiator authentication
                          properties:
                            name:
                              default: ""
                              description: |-
                                Name of the referent.
                                This field is effectively required, but due to backwards compatibility is
                                allowed to be empty. Instances of this type with an empty value here are
                                almost certainly wrong.
                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                TODO: Add other useful fields. apiVersion, kind, uid?
                              type: string
                          type: object
                          x-kubernetes-map-type: atomic
@ -2956,24 +3018,24 @@ spec:
                          format: int32
                          type: integer
                        sources:
-                          description: sources is the list of volume projections
+                          description: |-
                            sources is the list of volume projections. Each entry in this list
                            handles one source.
                          items:
-                            description: Projection that may be projected along with
+                            description: |-
-                              other supported volume types
+                              Projection that may be projected along with other supported volume types.
                              Exactly one of these fields must be set.
                            properties:
                              clusterTrustBundle:
                                description: |-
                                  ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field
                                  of ClusterTrustBundle objects in an auto-updating file.
                                  Alpha, gated by the ClusterTrustBundleProjection feature gate.
                                  ClusterTrustBundle objects can either be selected by name, or by the
                                  combination of signer name and a label selector.
                                  Kubelet performs aggressive normalization of the PEM contents written
                                  into the pod filesystem.  Esoteric PEM features such as inter-block
                                  comments and block headers are stripped.  Certificates are deduplicated.
@ -3101,10 +3163,13 @@ spec:
                                    type: array
                                    x-kubernetes-list-type: atomic
                                  name:
                                    default: ""
                                    description: |-
                                      Name of the referent.
                                      This field is effectively required, but due to backwards compatibility is
                                      allowed to be empty. Instances of this type with an empty value here are
                                      almost certainly wrong.
                                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                      TODO: Add other useful fields. apiVersion, kind, uid?
                                    type: string
                                  optional:
                                    description: optional specify whether the ConfigMap
@ -3236,10 +3301,13 @@ spec:
                                    type: array
                                    x-kubernetes-list-type: atomic
                                  name:
                                    default: ""
                                    description: |-
                                      Name of the referent.
                                      This field is effectively required, but due to backwards compatibility is
                                      allowed to be empty. Instances of this type with an empty value here are
                                      almost certainly wrong.
                                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                      TODO: Add other useful fields. apiVersion, kind, uid?
                                    type: string
                                  optional:
                                    description: optional field specify whether the
@ -3329,7 +3397,6 @@ spec:
                            Tip: Ensure that the filesystem type is supported by the host operating system.
                            Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
                            More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
                            TODO: how do we prevent errors in the filesystem from compromising the machine
                          type: string
                        image:
                          description: |-
@ -3337,6 +3404,7 @@ spec:
                            More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
                          type: string
                        keyring:
                          default: /etc/ceph/keyring
                          description: |-
                            keyring is the path to key ring for RBDUser.
                            Default is /etc/ceph/keyring.
@ -3351,6 +3419,7 @@ spec:
                          type: array
                          x-kubernetes-list-type: atomic
                        pool:
                          default: rbd
                          description: |-
                            pool is the rados pool name.
                            Default is rbd.
@ -3370,14 +3439,18 @@ spec:
                            More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
                          properties:
                            name:
                              default: ""
                              description: |-
                                Name of the referent.
                                This field is effectively required, but due to backwards compatibility is
                                allowed to be empty. Instances of this type with an empty value here are
                                almost certainly wrong.
                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                TODO: Add other useful fields. apiVersion, kind, uid?
                              type: string
                          type: object
                          x-kubernetes-map-type: atomic
                        user:
                          default: admin
                          description: |-
                            user is the rados user name.
                            Default is admin.
@ -3392,6 +3465,7 @@ spec:
                        attached and mounted on Kubernetes nodes.
                      properties:
                        fsType:
                          default: xfs
                          description: |-
                            fsType is the filesystem type to mount.
                            Must be a filesystem type supported by the host operating system.
@ -3417,10 +3491,13 @@ spec:
                            sensitive information. If this is not provided, Login operation will fail.
                          properties:
                            name:
                              default: ""
                              description: |-
                                Name of the referent.
                                This field is effectively required, but due to backwards compatibility is
                                allowed to be empty. Instances of this type with an empty value here are
                                almost certainly wrong.
                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                TODO: Add other useful fields. apiVersion, kind, uid?
                              type: string
                          type: object
                          x-kubernetes-map-type: atomic
@ -3429,6 +3506,7 @@ spec:
                            with Gateway, default false
                          type: boolean
                        storageMode:
                          default: ThinProvisioned
                          description: |-
                            storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.
                            Default is ThinProvisioned.
@ -3536,10 +3614,13 @@ spec:
                            credentials.  If not specified, default values will be attempted.
                          properties:
                            name:
                              default: ""
                              description: |-
                                Name of the referent.
                                This field is effectively required, but due to backwards compatibility is
                                allowed to be empty. Instances of this type with an empty value here are
                                almost certainly wrong.
                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                TODO: Add other useful fields. apiVersion, kind, uid?
                              type: string
                          type: object
                          x-kubernetes-map-type: atomic
--- a/content/v1.19/api/crds/pkg.crossplane.io_deploymentruntimeconfigs.yaml
+++ b/content/v1.19/api/crds/pkg.crossplane.io_deploymentruntimeconfigs.yaml
--- a/content/v1.19/api/crds/pkg.crossplane.io_functionrevisions.yaml
+++ b/content/v1.19/api/crds/pkg.crossplane.io_functionrevisions.yaml
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.16.5
  name: functionrevisions.pkg.crossplane.io
 spec:
  group: pkg.crossplane.io
@ -46,7 +46,6 @@ spec:
          A FunctionRevision represents a revision of a Function. Crossplane
          creates new revisions when there are changes to the Function.
          Crossplane creates and manages FunctionRevisions. Don't directly edit
          FunctionRevisions.
        properties:
@ -125,10 +124,13 @@ spec:
                    referenced object inside the same namespace.
                  properties:
                    name:
                      default: ""
                      description: |-
                        Name of the referent.
                        This field is effectively required, but due to backwards compatibility is
                        allowed to be empty. Instances of this type with an empty value here are
                        almost certainly wrong.
                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                        TODO: Add other useful fields. apiVersion, kind, uid?
                      type: string
                  type: object
                  x-kubernetes-map-type: atomic
@ -362,7 +364,6 @@ spec:
          A FunctionRevision represents a revision of a Function. Crossplane
          creates new revisions when there are changes to the Function.
          Crossplane creates and manages FunctionRevisions. Don't directly edit
          FunctionRevisions.
        properties:
@ -441,10 +442,13 @@ spec:
                    referenced object inside the same namespace.
                  properties:
                    name:
                      default: ""
                      description: |-
                        Name of the referent.
                        This field is effectively required, but due to backwards compatibility is
                        allowed to be empty. Instances of this type with an empty value here are
                        almost certainly wrong.
                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                        TODO: Add other useful fields. apiVersion, kind, uid?
                      type: string
                  type: object
                  x-kubernetes-map-type: atomic
--- a/content/v1.19/api/crds/pkg.crossplane.io_functions.yaml
+++ b/content/v1.19/api/crds/pkg.crossplane.io_functions.yaml
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.16.5
  name: functions.pkg.crossplane.io
 spec:
  group: pkg.crossplane.io
@ -37,7 +37,6 @@ spec:
          A Function installs an OCI compatible Crossplane package, extending
          Crossplane with support for a new kind of composition function.
          Read the Crossplane documentation for
          [more information about Functions](https://docs.crossplane.io/latest/concepts/composition-functions).
        properties:
@ -108,10 +107,13 @@ spec:
                    referenced object inside the same namespace.
                  properties:
                    name:
                      default: ""
                      description: |-
                        Name of the referent.
                        This field is effectively required, but due to backwards compatibility is
                        allowed to be empty. Instances of this type with an empty value here are
                        almost certainly wrong.
                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                        TODO: Add other useful fields. apiVersion, kind, uid?
                      type: string
                  type: object
                  x-kubernetes-map-type: atomic
@ -253,7 +255,6 @@ spec:
          A Function installs an OCI compatible Crossplane package, extending
          Crossplane with support for a new kind of composition function.
          Read the Crossplane documentation for
          [more information about Functions](https://docs.crossplane.io/latest/concepts/composition-functions).
        properties:
@ -324,10 +325,13 @@ spec:
                    referenced object inside the same namespace.
                  properties:
                    name:
                      default: ""
                      description: |-
                        Name of the referent.
                        This field is effectively required, but due to backwards compatibility is
                        allowed to be empty. Instances of this type with an empty value here are
                        almost certainly wrong.
                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                        TODO: Add other useful fields. apiVersion, kind, uid?
                      type: string
                  type: object
                  x-kubernetes-map-type: atomic
--- a/content/v1.19/api/crds/pkg.crossplane.io_imageconfigs.yaml
+++ b/content/v1.19/api/crds/pkg.crossplane.io_imageconfigs.yaml
@ -0,0 +1,230 @@
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.16.5
  name: imageconfigs.pkg.crossplane.io
 spec:
  group: pkg.crossplane.io
  names:
    categories:
    - crossplane
    kind: ImageConfig
    listKind: ImageConfigList
    plural: imageconfigs
    singular: imageconfig
  scope: Cluster
  versions:
  - additionalPrinterColumns:
    - jsonPath: .metadata.creationTimestamp
      name: AGE
      type: date
    name: v1beta1
    schema:
      openAPIV3Schema:
        description: The ImageConfig resource is used to configure settings for package
          images.
        properties:
          apiVersion:
            description: |-
              APIVersion defines the versioned schema of this representation of an object.
              Servers should convert recognized schemas to the latest internal value, and
              may reject unrecognized values.
              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
            type: string
          kind:
            description: |-
              Kind is a string value representing the REST resource this object represents.
              Servers may infer this from the endpoint the client submits requests to.
              Cannot be updated.
              In CamelCase.
              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
            type: string
          metadata:
            type: object
          spec:
            description: ImageConfigSpec contains the configuration for matching images.
            properties:
              matchImages:
                description: MatchImages is a list of image matching rules that should
                  be satisfied.
                items:
                  description: ImageMatch defines a rule for matching image.
                  properties:
                    prefix:
                      description: Prefix is the prefix that should be matched.
                      type: string
                    type:
                      default: Prefix
                      description: Type is the type of match.
                      enum:
                      - Prefix
                      type: string
                  required:
                  - prefix
                  type: object
                type: array
                x-kubernetes-validations:
                - message: matchImages should have at least one element.
                  rule: size(self) > 0
              registry:
                description: Registry is the configuration for the registry.
                properties:
                  authentication:
                    description: Authentication is the authentication information
                      for the registry.
                    properties:
                      pullSecretRef:
                        description: |-
                          PullSecretRef is a reference to a secret that contains the credentials for
                          the registry.
                        properties:
                          name:
                            default: ""
                            description: |-
                              Name of the referent.
                              This field is effectively required, but due to backwards compatibility is
                              allowed to be empty. Instances of this type with an empty value here are
                              almost certainly wrong.
                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                            type: string
                        type: object
                        x-kubernetes-map-type: atomic
                    required:
                    - pullSecretRef
                    type: object
                type: object
              verification:
                description: Verification contains the configuration for verifying
                  the image.
                properties:
                  cosign:
                    description: Cosign is the configuration for verifying the image
                      using cosign.
                    properties:
                      authorities:
                        description: Authorities defines the rules for discovering
                          and validating signatures.
                        items:
                          description: CosignAuthority defines the rules for discovering
                            and validating signatures.
                          properties:
                            attestations:
                              description: |-
                                Attestations is a list of individual attestations for this authority,
                                once the signature for this authority has been verified.
                              items:
                                description: |-
                                  Attestation defines the type of attestation to validate and optionally
                                  apply a policy decision to it. Authority block is used to verify the
                                  specified attestation types, and if Policy is specified, then it's applied
                                  only after the validation of the Attestation signature has been verified.
                                properties:
                                  name:
                                    description: Name of the attestation.
                                    type: string
                                  predicateType:
                                    description: |-
                                      PredicateType defines which predicate type to verify. Matches cosign
                                      verify-attestation options.
                                    type: string
                                required:
                                - name
                                - predicateType
                                type: object
                              type: array
                            key:
                              description: Key defines the type of key to validate
                                the image.
                              properties:
                                hashAlgorithm:
                                  default: sha256
                                  description: HashAlgorithm always defaults to sha256
                                    if the algorithm hasn't been explicitly set
                                  type: string
                                secretRef:
                                  description: SecretRef sets a reference to a secret
                                    with the key.
                                  properties:
                                    key:
                                      description: The key to select.
                                      type: string
                                    name:
                                      description: Name of the secret.
                                      type: string
                                  required:
                                  - key
                                  - name
                                  type: object
                              required:
                              - hashAlgorithm
                              - secretRef
                              type: object
                            keyless:
                              description: |-
                                Keyless sets the configuration to verify the authority against a Fulcio
                                instance.
                              properties:
                                identities:
                                  description: Identities sets a list of identities.
                                  items:
                                    description: |-
                                      Identity may contain the issuer and/or the subject found in the transparency
                                      log.
                                      Issuer/Subject uses a strict match, while IssuerRegExp and SubjectRegExp
                                      apply a regexp for matching.
                                    properties:
                                      issuer:
                                        description: Issuer defines the issuer for
                                          this identity.
                                        type: string
                                      issuerRegExp:
                                        description: |-
                                          IssuerRegExp specifies a regular expression to match the issuer for this identity.
                                          This has precedence over the Issuer field.
                                        type: string
                                      subject:
                                        description: Subject defines the subject for
                                          this identity.
                                        type: string
                                      subjectRegExp:
                                        description: |-
                                          SubjectRegExp specifies a regular expression to match the subject for this identity.
                                          This has precedence over the Subject field.
                                        type: string
                                    type: object
                                  type: array
                                insecureIgnoreSCT:
                                  description: InsecureIgnoreSCT omits verifying if
                                    a certificate contains an embedded SCT
                                  type: boolean
                              required:
                              - identities
                              type: object
                            name:
                              description: Name is the name for this authority.
                              type: string
                          required:
                          - name
                          type: object
                        type: array
                    required:
                    - authorities
                    type: object
                  provider:
                    description: Provider is the provider that should be used to verify
                      the image.
                    enum:
                    - Cosign
                    type: string
                required:
                - provider
                type: object
            required:
            - matchImages
            type: object
        type: object
    served: true
    storage: true
    subresources: {}
--- a/content/v1.19/api/crds/pkg.crossplane.io_locks.yaml
+++ b/content/v1.19/api/crds/pkg.crossplane.io_locks.yaml
@ -0,0 +1,171 @@
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.16.5
  name: locks.pkg.crossplane.io
 spec:
  group: pkg.crossplane.io
  names:
    kind: Lock
    listKind: LockList
    plural: locks
    singular: lock
  scope: Cluster
  versions:
  - additionalPrinterColumns:
    - jsonPath: .metadata.creationTimestamp
      name: AGE
      type: date
    name: v1beta1
    schema:
      openAPIV3Schema:
        description: Lock is the CRD type that tracks package dependencies.
        properties:
          apiVersion:
            description: |-
              APIVersion defines the versioned schema of this representation of an object.
              Servers should convert recognized schemas to the latest internal value, and
              may reject unrecognized values.
              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
            type: string
          kind:
            description: |-
              Kind is a string value representing the REST resource this object represents.
              Servers may infer this from the endpoint the client submits requests to.
              Cannot be updated.
              In CamelCase.
              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
            type: string
          metadata:
            type: object
          packages:
            items:
              description: LockPackage is a package that is in the lock.
              properties:
                apiVersion:
                  description: APIVersion of the package.
                  type: string
                dependencies:
                  description: |-
                    Dependencies are the list of dependencies of this package. The order of
                    the dependencies will dictate the order in which they are resolved.
                  items:
                    description: A Dependency is a dependency of a package in the
                      lock.
                    properties:
                      apiVersion:
                        description: APIVersion of the package.
                        type: string
                      constraints:
                        description: |-
                          Constraints is a valid semver range or a digest, which will be used to select a valid
                          dependency version.
                        type: string
                      kind:
                        description: Kind of the package (not the kind of the package
                          revision).
                        type: string
                      package:
                        description: Package is the OCI image name without a tag or
                          digest.
                        type: string
                      type:
                        description: |-
                          Type is the type of package. Can be either Configuration or Provider.
                          Deprecated: Specify an apiVersion and kind instead.
                        enum:
                        - Configuration
                        - Provider
                        - Function
                        type: string
                    required:
                    - constraints
                    - package
                    type: object
                  type: array
                kind:
                  description: Kind of the package (not the kind of the package revision).
                  type: string
                name:
                  description: Name corresponds to the name of the package revision
                    for this package.
                  type: string
                source:
                  description: Source is the OCI image name without a tag or digest.
                  type: string
                type:
                  description: |-
                    Type is the type of package.
                    Deprecated: Specify an apiVersion and kind instead.
                  enum:
                  - Configuration
                  - Provider
                  - Function
                  type: string
                version:
                  description: Version is the tag or digest of the OCI image.
                  type: string
              required:
              - dependencies
              - name
              - source
              - version
              type: object
            type: array
          status:
            description: Status of the Lock.
            properties:
              conditions:
                description: Conditions of the resource.
                items:
                  description: A Condition that may apply to a resource.
                  properties:
                    lastTransitionTime:
                      description: |-
                        LastTransitionTime is the last time this condition transitioned from one
                        status to another.
                      format: date-time
                      type: string
                    message:
                      description: |-
                        A Message containing details about this condition's last transition from
                        one status to another, if any.
                      type: string
                    observedGeneration:
                      description: |-
                        ObservedGeneration represents the .metadata.generation that the condition was set based upon.
                        For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
                        with respect to the current state of the instance.
                      format: int64
                      type: integer
                    reason:
                      description: A Reason for this condition's last transition from
                        one status to another.
                      type: string
                    status:
                      description: Status of this condition; is it currently True,
                        False, or Unknown?
                      type: string
                    type:
                      description: |-
                        Type of this condition. At most one of each condition type may apply to
                        a resource at any point in time.
                      type: string
                  required:
                  - lastTransitionTime
                  - reason
                  - status
                  - type
                  type: object
                type: array
                x-kubernetes-list-map-keys:
                - type
                x-kubernetes-list-type: map
            type: object
        type: object
    served: true
    storage: true
    subresources:
      status: {}
--- a/Show More
+++ b/Show More