diff --git a/README.md b/README.md
index f501bae1..8f43b3fc 100644
--- a/README.md
+++ b/README.md
@@ -26,12 +26,12 @@ with IDPs, and distribution-specific integration strategies.
 The Pinniped Supervisor component offers identity federation to enable a user to
 access multiple clusters with a single daily login to their external IDP. The
 Pinniped Supervisor supports various external [IDP
-types](https://github.com/vmware-tanzu/pinniped/tree/main/generated/1.19#k8s-api-idp-supervisor-pinniped-dev-v1alpha1).
+types](https://github.com/vmware-tanzu/pinniped/tree/main/generated/1.20#k8s-api-idp-supervisor-pinniped-dev-v1alpha1).
 
 The Pinniped Concierge component offers credential exchange to enable a user to
 exchange an external credential for a short-lived, cluster-specific
 credential. Pinniped supports various [authentication
-methods](https://github.com/vmware-tanzu/pinniped/tree/main/generated/1.19#authenticationconciergepinnipeddevv1alpha1)
+methods](https://github.com/vmware-tanzu/pinniped/tree/main/generated/1.20#authenticationconciergepinnipeddevv1alpha1)
 and implements different integration strategies for various Kubernetes
 distributions to make authentication possible.
 
diff --git a/site/content/docs/architecture.md b/site/content/docs/architecture.md
index 2c9f3fc6..77a94278 100644
--- a/site/content/docs/architecture.md
+++ b/site/content/docs/architecture.md
@@ -46,7 +46,7 @@ Pinniped supports the following IDPs.
    [Okta](https://www.okta.com/)).
 
 The
-[`idp.supervisor.pinniped.dev`](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.19/README.adoc#k8s-api-idp-supervisor-pinniped-dev-v1alpha1)
+[`idp.supervisor.pinniped.dev`](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.20/README.adoc#k8s-api-idp-supervisor-pinniped-dev-v1alpha1)
 API group contains the Kubernetes custom resources that configure the Pinniped
 Supervisor's upstream IDPs.
 
@@ -81,7 +81,7 @@ Pinniped supports the following authenticator types.
    set on the `kube-apiserver` process.
 
 The
-[`authentication.concierge.pinniped.dev`](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.19/README.adoc#k8s-api-authentication-concierge-pinniped-dev-v1alpha1)
+[`authentication.concierge.pinniped.dev`](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.20/README.adoc#k8s-api-authentication-concierge-pinniped-dev-v1alpha1)
 API group contains the Kubernetes custom resources that configure the Pinniped
 Concierge's authenticators.
 
@@ -112,7 +112,7 @@ Users may use the Pinniped CLI as the credential plugin, or they may use any pro
 built with the [Pinniped Go client library](https://github.com/vmware-tanzu/pinniped/tree/main/generated).
 
 
-## Pinniped Deployment Strategies 
+## Pinniped Deployment Strategies
 Pinniped can be configured to authenticate users in a variety of scenarios.
 Depending on the use case, administrators can deploy the Supervisor, the Concierge,
 both, or neither.
@@ -121,7 +121,7 @@ both, or neither.
 
 Users can authenticate with the help of the Supervisor, which will issue tokens that
 can be exchanged at the Concierge for a credential that is understood by the host Kubernetes
-cluster. 
+cluster.
 The Supervisor enables users to log in to their external identity provider
 once per day and access each cluster in a domain with a distinct scoped-down token.
 
@@ -143,7 +143,7 @@ Users can authenticate directly with their OIDC compliant external identity prov
 can be exchanged at the Concierge for a credential that is understood by the host Kubernetes
 cluster.
 
-The diagram below shows the components involved in the login flow when the Concierge is 
+The diagram below shows the components involved in the login flow when the Concierge is
 configured.
 
 ![concierge-with-webhook-architecture-diagram](/docs/img/pinniped_architecture_concierge_webhook.svg)
@@ -156,7 +156,7 @@ that obtains an external credential to be sent to a webhook authenticator via th
 ### Static Cluster Integration-- Supervisor and CLI
 
 Users can authenticate with the help of the Supervisor, which will issue tokens that
-can be given directly to a Kubernetes API Server that has been configured with 
+can be given directly to a Kubernetes API Server that has been configured with
 [OIDC Authentication.](https://kubernetes.io/docs/reference/access-authn-authz/authentication/#openid-connect-tokens)
 The Supervisor enables users to log in to their external identity provider
 once per day and access each cluster in a domain with a distinct scoped-down token.
@@ -166,4 +166,3 @@ once per day and access each cluster in a domain with a distinct scoped-down tok
 Users can authenticate directly with their OIDC compliant external identity provider to get credentials
 that can be given directly to a Kubernetes API Server that has been configured with
 [OIDC Authentication.](https://kubernetes.io/docs/reference/access-authn-authz/authentication/#openid-connect-tokens)
-
diff --git a/site/content/docs/concierge-and-supervisor-demo.md b/site/content/docs/concierge-and-supervisor-demo.md
index 72d18d7e..052738a0 100644
--- a/site/content/docs/concierge-and-supervisor-demo.md
+++ b/site/content/docs/concierge-and-supervisor-demo.md
@@ -26,14 +26,14 @@ for a more specific example, including the commands to use for that case.
 
 1. Install the Pinniped Supervisor. See [deploy/supervisor/README.md](https://github.com/vmware-tanzu/pinniped/blob/main/deploy/supervisor/README.md).
 1. Create a
-   [`FederationDomain`](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.19/README.adoc#k8s-api-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-federationdomain)
+   [`FederationDomain`](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.20/README.adoc#k8s-api-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-federationdomain)
    via the installed Pinniped Supervisor.
 1. Create an
-   [`OIDCIdentityProvider`](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.19/README.adoc#k8s-api-go-pinniped-dev-generated-1-19-apis-supervisor-idp-v1alpha1-oidcidentityprovider)
+   [`OIDCIdentityProvider`](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.20/README.adoc#k8s-api-go-pinniped-dev-generated-1-19-apis-supervisor-idp-v1alpha1-oidcidentityprovider)
    via the installed Pinniped Supervisor.
 1. Install the Pinniped Concierge. See [deploy/concierge/README.md](https://github.com/vmware-tanzu/pinniped/blob/main/deploy/concierge/README.md).
 1. Create a
-   [`JWTAuthenticator`](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.19/README.adoc#k8s-api-go-pinniped-dev-generated-1-19-apis-concierge-authentication-v1alpha1-jwtauthenticator)
+   [`JWTAuthenticator`](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.20/README.adoc#k8s-api-go-pinniped-dev-generated-1-19-apis-concierge-authentication-v1alpha1-jwtauthenticator)
    via the installed Pinniped Concierge.
 1. Download the Pinniped CLI from [Pinniped's github Releases page](https://github.com/vmware-tanzu/pinniped/releases/latest).
 1. Generate a kubeconfig using the Pinniped CLI. Run `pinniped get kubeconfig --help` for more information.
@@ -48,7 +48,7 @@ non-production clusters.
 The following steps will deploy the latest release of Pinniped on kind. It will deploy the Pinniped
 Supervisor on one cluster, and the Pinniped Concierge on another cluster. A multi-cluster deployment
 strategy is typical for Pinniped. The Pinniped Concierge will use a
-[`JWTAuthenticator`](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.19/README.adoc#k8s-api-go-pinniped-dev-generated-1-19-apis-concierge-authentication-v1alpha1-jwtauthenticator)
+[`JWTAuthenticator`](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.20/README.adoc#k8s-api-go-pinniped-dev-generated-1-19-apis-concierge-authentication-v1alpha1-jwtauthenticator)
 to authenticate federated identities from the Supervisor.
 
 1. Install the tools required for the following steps.
@@ -77,7 +77,7 @@ to authenticate federated identities from the Supervisor.
 
    This demo uses a `Secret` named `my-federation-domain-tls` to provide the serving certificate for
    the
-   [`FederationDomain`](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.19/README.adoc#k8s-api-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-federationdomain). The
+   [`FederationDomain`](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.20/README.adoc#k8s-api-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-federationdomain). The
    serving certificate `Secret` must be of type `kubernetes.io/tls`.
 
    The CA bundle for this serving
@@ -85,7 +85,7 @@ to authenticate federated identities from the Supervisor.
    `/tmp/pinniped-supervisor-ca-bundle-base64-encoded.pem`.
 
 1. Create a
-   [`FederationDomain`](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.19/README.adoc#k8s-api-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-federationdomain)
+   [`FederationDomain`](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.20/README.adoc#k8s-api-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-federationdomain)
    object to configure the Pinniped Supervisor to issue federated identities.
 
    ```bash
@@ -114,7 +114,7 @@ to authenticate federated identities from the Supervisor.
    ```
 
 1. Create an
-   [`OIDCIdentityProvider`](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.19/README.adoc#k8s-api-go-pinniped-dev-generated-1-19-apis-supervisor-idp-v1alpha1-oidcidentityprovider)
+   [`OIDCIdentityProvider`](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.20/README.adoc#k8s-api-go-pinniped-dev-generated-1-19-apis-supervisor-idp-v1alpha1-oidcidentityprovider)
    object to configure the Pinniped Supervisor to federate identities from an upstream OIDC identity
    provider.
 
@@ -172,7 +172,7 @@ to authenticate federated identities from the Supervisor.
    ```
 
 1. Create a
-   [`JWTAuthenticator`](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.19/README.adoc#k8s-api-go-pinniped-dev-generated-1-19-apis-concierge-authentication-v1alpha1-jwtauthenticator)
+   [`JWTAuthenticator`](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.20/README.adoc#k8s-api-go-pinniped-dev-generated-1-19-apis-concierge-authentication-v1alpha1-jwtauthenticator)
    object to configure the Pinniped Concierge to authenticate using the Pinniped Supervisor.
 
     ```bash
@@ -217,7 +217,7 @@ to authenticate federated identities from the Supervisor.
    ```
 
    Because this user has no RBAC permissions on this cluster, the previous command results in an
-   error that is similar to 
+   error that is similar to
    `Error from server (Forbidden): pods is forbidden: User "pinny" cannot list resource "pods"
    in API group "" in the namespace "pinniped"`, where `pinny` is the username that was used to login
    to the upstream OIDC identity provider. However, this does prove that you are authenticated and