diff --git a/documentation/staging/content/_index.md b/documentation/staging/content/_index.md
index e490aaea800..1ec21a632ed 100644
--- a/documentation/staging/content/_index.md
+++ b/documentation/staging/content/_index.md
@@ -62,5 +62,5 @@ See [Get help]({{< relref "userguide/introduction/get-help.md" >}}).
 * [WebLogic Image Tool](https://oracle.github.io/weblogic-image-tool/)
 * [WebLogic Monitoring Exporter](https://github.com/oracle/weblogic-monitoring-exporter)
 * [WebLogic Logging Exporter](https://github.com/oracle/weblogic-logging-exporter)
-* [WebLogic Remote Console](https://github.com/oracle/weblogic-remote-console)
+* [WebLogic Remote Console](https://oracle.github.io/weblogic-remote-console/)
 * [WebLogic Kubernetes Toolkit UI](https://oracle.github.io/weblogic-toolkit-ui/)
diff --git a/documentation/staging/content/release-notes.md b/documentation/staging/content/release-notes.md
index 3fe2216dd56..3c5327ec0e1 100644
--- a/documentation/staging/content/release-notes.md
+++ b/documentation/staging/content/release-notes.md
@@ -146,9 +146,9 @@ Updated several dependencies, including the Oracle Linux base for the container
 ##### Features
 
 * The operator's container image is based on Oracle Linux 8.
-* WebLogic Server container images based on Oracle Linux 8 are supported.
+* WebLogic Server container images based on Oracle Linux 8 are supported.  
 * [Online updates]({{<relref "/userguide/managing-domains/model-in-image/runtime-updates/_index.md#online-updates">}}) of dynamic configuration changes for Model in Image.
-* Automatic injection of the [WebLogic Monitoring Exporter](https://github.com/oracle/weblogic-monitoring-exporter) as a sidecar container.
+* Automatic injection of the [WebLogic Monitoring Exporter](https://github.com/oracle/weblogic-monitoring-exporter) as a sidecar container.  
 * [Events]({{< relref "/userguide/managing-domains/domain-events.md" >}}) are generated at important moments in the life cycle of the operator or a domain.
 * [PodDisruptionBudgets]({{<relref "/userguide/managing-domains/domain-lifecycle/startup.md#draining-a-node-and-poddisruptionbudget">}}) are generated for clusters improving the ability to maintain cluster availability during planned node shutdowns and Kubernetes upgrade.
 * Additional scripts to assist with common tasks, such as the `scaleCluster.sh` script.
diff --git a/documentation/staging/content/samples/azure-kubernetes-service/domain-on-pv.md b/documentation/staging/content/samples/azure-kubernetes-service/domain-on-pv.md
index 327ce3a0f3f..a7c4f738bff 100644
--- a/documentation/staging/content/samples/azure-kubernetes-service/domain-on-pv.md
+++ b/documentation/staging/content/samples/azure-kubernetes-service/domain-on-pv.md
@@ -15,7 +15,7 @@ This sample demonstrates how to use the [WebLogic Kubernetes Operator](/weblogic
  - [Create WebLogic domain](#create-weblogic-domain)
  - [Automation](#automation)
  - [Deploy sample application](#deploy-sample-application)
- - [Access WebLogic Server logs](#access-weblogic-server-logs)
+ - [Validate NFS volume](#validate-nfs-volume)
  - [Clean up resources](#clean-up-resources)
  - [Troubleshooting](#troubleshooting)
  - [Useful links](#useful-links)
@@ -26,7 +26,7 @@ This sample demonstrates how to use the [WebLogic Kubernetes Operator](/weblogic
 
 ##### Clone WebLogic Kubernetes Operator repository
 
-Clone the [WebLogic Kubernetes Operator repository](https://github.com/oracle/weblogic-kubernetes-operator) to your machine. We will use several scripts in this repository to create a WebLogic domain. This sample was tested with v3.1.1, but should work with the latest release.
+Clone the [WebLogic Kubernetes Operator repository](https://github.com/oracle/weblogic-kubernetes-operator) to your machine. You will use several scripts in this repository to create a WebLogic domain. This sample was tested with v3.3.7, but should work with the latest release.
 
 ```shell
 $ git clone --branch v{{< latestVersion >}} https://github.com/oracle/weblogic-kubernetes-operator.git
@@ -52,17 +52,15 @@ Kubernetes Operators use [Helm](https://helm.sh/) to manage Kubernetes applicati
 $ helm repo add weblogic-operator https://oracle.github.io/weblogic-kubernetes-operator/charts --force-update
 ```
 ```shell
-$ helm install weblogic-operator weblogic-operator/weblogic-operator --version "3.1.1"
+$ helm install weblogic-operator weblogic-operator/weblogic-operator --version "3.3.7"
 ```
 
 The output will show something similar to the following:
 
 ```shell
-$ helm install weblogic-operator weblogic-operator/weblogic-operator --version "3.1.1"
-```
-```
+$ helm install weblogic-operator weblogic-operator/weblogic-operator --version "3.3.7"
 NAME: weblogic-operator
-LAST DEPLOYED: Wed Jul  1 23:47:44 2020
+LAST DEPLOYED: Tue Jan 18 17:07:56 2022
 NAMESPACE: default
 STATUS: deployed
 REVISION: 1
@@ -87,11 +85,11 @@ weblogic-operator-56654bcdb7-qww7f                1/1     Running     0
   - [Create secrets](#create-secrets)
   - [Create WebLogic Domain](#create-weblogic-domain-1)
 
-Now that we have created the AKS cluster, installed the operator, and verified that the operator is ready to go, we can have the operator create a WLS domain.
+Now that You have created the AKS cluster, installed the operator, and verified that the operator is ready to go, you can have the operator create a WLS domain.
 
 ##### Create secrets
 
-We will use the `kubernetes/samples/scripts/create-weblogic-domain-credentials/create-weblogic-credentials.sh` script to create the domain credentials as a Kubernetes secret. Please run:
+You will use the `kubernetes/samples/scripts/create-weblogic-domain-credentials/create-weblogic-credentials.sh` script to create the domain credentials as a Kubernetes secret. Please run:
 
 ```
 # cd kubernetes/samples/scripts/create-weblogic-domain-credentials
@@ -104,8 +102,7 @@ secret/domain1-weblogic-credentials created
 secret/domain1-weblogic-credentials labeled
 The secret domain1-weblogic-credentials has been successfully created in the default namespace.
 ```
-
-We will use the `kubernetes/samples/scripts/create-kubernetes-secrets/create-docker-credentials-secret.sh` script to create the Docker credentials as a Kubernetes secret. Please run:
+You will use the `kubernetes/samples/scripts/create-kubernetes-secrets/create-docker-credentials-secret.sh` script to create the Docker credentials as a Kubernetes secret. Please run:
 
 ```shell
 # Please change imagePullSecretNameSuffix if you change pre-defined value "regcred" before generating the configuration files.
@@ -116,7 +113,7 @@ $ export SECRET_NAME_DOCKER="${NAME_PREFIX}regcred"
 ```
 # cd kubernetes/samples/scripts/create-kubernetes-secrets
 ```
-```sehll
+```shell
 $ ./create-docker-credentials-secret.sh -s ${SECRET_NAME_DOCKER} -e oracleSsoEmail@bar.com -p oracleSsoPassword -u oracleSsoEmail@bar.com
 ```
 ```
@@ -131,7 +128,6 @@ $ kubectl get secret
 ```
 ```
 NAME                                      TYPE                                  DATA   AGE
-wlsazure-secret                           Opaque                                2      17m
 regcred                                   kubernetes.io/dockerconfigjson        1      2m25s
 default-token-csdvd                       kubernetes.io/service-account-token   3      25m
 domain1-weblogic-credentials              Opaque                                2      3m42s
@@ -142,12 +138,12 @@ weblogic-operator-secrets                 Opaque
 **Note**: If the `NAME` column in your output is missing any of the values shown above, please reexamine your execution of the preceding steps in this sample to ensure that you correctly followed all of them.  The `default-token-mwdj8` shown above will have a different ending in your output.
 
 ##### Create WebLogic Domain
-We will use the `kubernetes/samples/scripts/create-weblogic-domain/domain-home-on-pv/create-domain.sh` script to create the WLS domain in the persistent volume we created previously.
+You will use the `kubernetes/samples/scripts/create-weblogic-domain/domain-home-on-pv/create-domain.sh` script to create the WLS domain in the persistent volume you created previously.
 
 {{% notice note %}} The `create-domain.sh` script and its inputs file are for demonstration purposes _only_; its contents and the domain resource file that it generates for you might change without notice. In production, we strongly recommend that you use the WebLogic Image Tool and WebLogic Deploy Tooling (when applicable), and directly work with domain resource files instead.
 {{% /notice%}}
 
-We need to set up the domain configuration for the WebLogic domain.
+You need to set up the domain configuration for the WebLogic domain.
 
 1. Check if resources are ready.
 
@@ -166,10 +162,8 @@ We need to set up the domain configuration for the WebLogic domain.
     --file-share ${AKS_PERS_SHARE_NAME} \
     --storage-account ${AKS_PERS_STORAGE_ACCOUNT_NAME} \
     --domain-uid domain1 \
-    --pv-name ${NAME_PREFIX}-azurefile-${TIMESTAMP} \
     --pvc-name ${NAME_PREFIX}-azurefile-${TIMESTAMP} \
-    --secret-docker ${SECRET_NAME_DOCKER} \
-    --secret-storage ${SECRET_NAME_AZURE_FILE}
+    --secret-docker ${SECRET_NAME_DOCKER}
    ```
 
    You will see output with `PASS` if all the resources are ready. The following is an example of output:
@@ -181,10 +175,8 @@ We need to set up the domain configuration for the WebLogic domain.
      Azure Kubenetes Service instacne: wlsaks1612795811
      Azure storage account: wlsstorage1612795811
      Azure file share: wls-weblogic-1612795811
-     Kubenetes secret for Azure storage: wlsazure-secret
      Kubenetes secret for Docker Account: regcred
      Kubenetes secret for Weblogic domain: domain1-weblogic-credentials
-     Persistent Volume: wls-azurefile-1612795811
      Persistent Volume Claim: wls-azurefile-1612795811
    ```
 
@@ -301,7 +293,7 @@ We need to set up the domain configuration for the WebLogic domain.
    troubleshoot the reason and resolve it before proceeding to the next
    step.
 
-    {{% notice note %}} This sample creates WebLogic Server pods with reasonable values for memory, CPU, and JVM heap size (as a percentage of memory). You can supply different values. Edit `~/azure/weblogic-on-aks/domain1.yaml` and set the desired values for `serverPodMemoryRequest`, `serverPodMemoryLimit`, `serverPodCpuRequest`, `serverPodCpuLimit` and `javaOptions` before running `./create-domain.sh -i ~/azure/weblogic-on-aks/domain1.yaml -o ~/azure -e -v`.
+    {{% notice note %}} This sample creates WebLogic Server pods with reasonable values for memory, CPU, and JVM heap size (as a percentage of memory). These settings were determined by running a skeleton WebLogic domain with minimal or no deployed services and applications on potentially limited or heavily shared container environments. For advice about tuning CPU and memory requests and limits for broader use cases or in a production environment, see the [Pod memory and CPU resources](https://oracle.github.io/weblogic-kubernetes-operator/faq/resource-settings/) FAQ. You can supply different values. Edit `~/azure/weblogic-on-aks/domain1.yaml` and set the desired values for `serverPodMemoryRequest`, `serverPodMemoryLimit`, `serverPodCpuRequest`, `serverPodCpuLimit` and `javaOptions` before running `./create-domain.sh -i ~/azure/weblogic-on-aks/domain1.yaml -o ~/azure -e -v`.
     {{% /notice%}}
 
     Here is an excerpt showing reasonable values:
@@ -344,7 +336,7 @@ We need to set up the domain configuration for the WebLogic domain.
      type: LoadBalancer
    ```
 
-   Use the sample configuration file `kubernetes/samples/scripts/create-weblogic-domain-on-azure-kubernetes-service/domain-on-pv/cluster-lb.yaml` to create a load balancer service for the Managed Servers. If you are choosing not to use the predefined YAML file and instead created new one with customized values, then substitute the following content with you domain values.
+   Use the sample configuration file `kubernetes/samples/scripts/create-weblogic-domain-on-azure-kubernetes-service/domain-on-pv/cluster-lb.yaml` to create a load balancer service for the Managed Servers. If you are choosing not to use the predefined YAML file and instead created new one with customized values, then substitute the following content with your domain values.
 
    ```yaml
    apiVersion: v1
@@ -510,7 +502,7 @@ For input values, you can edit `kubernetes/samples/scripts/create-weblogic-domai
 | `dockerEmail` | `yourDockerEmail` | Oracle Single Sign-On (SSO) account email, used to pull the WebLogic Server Docker image. |
 | `dockerPassword` | `yourDockerPassword`| Password for Oracle SSO account, used to pull the WebLogic Server Docker image, in clear text. |
 | `dockerUserName` | `yourDockerId` | The same value as `dockerEmail`.  |
-| `namePrefix` | `0730` | Alphanumeric value used as a disambiguation prefix for several Kubernetes resources. |
+| `namePrefix` | `wls` | Alphanumeric value used as a disambiguation prefix for several Kubernetes resources. |
 
 If you don't want to change the other parameters, you can use the default values.  Please make sure no extra whitespaces are added!
 
@@ -528,7 +520,7 @@ $ ./create-domain-on-aks.sh -i my-create-domain-on-aks-inputs.yaml -o ~/azure -e
 
 The script will print the Administration Server address after a successful deployment.  The default user name for the Administration Console is `weblogic` and the default password is `welcome1`.  Please change this for production deployments.  To interact with the cluster using `kubectl`, use `az aks get-credentials` as shown in the script output.
 
-{{% notice info %}} You now have created an AKS cluster with `PersistentVolumeClaim` and `PersistentVolume` to contain the WLS domain configuration files.  Using those artifacts, you have used the operator to create a WLS domain.
+{{% notice info %}} You now have created an AKS cluster with Azure Files NFS share to contain the WLS domain configuration files.  Using those artifacts, you have used the operator to create a WLS domain.
 {{% /notice %}}
 
 #### Deploy sample application
@@ -574,22 +566,27 @@ In the example, the application address is: `http://52.224.248.40:8001/testwebap
 
 The test application will list the server host and server IP on the page.
 
-#### Access WebLogic Server logs
+#### Validate NFS volume
 
-The logs are stored in the Azure file share. Follow these steps to access the log:
+There are several approaches to validate the NFS volume:
 
-1. Go to the [Azure Portal](https://ms.portal.azure.com).
-2. Go to your resource group.
-3. Open the storage account.
-4. In the "File service" section of the left panel, select File shares.
-5. Select the file share name (e.g. weblogic in this example).
-6. Select logs.
-7. Select domain1.
-8. WebLogic Server logs are listed in the folder.
+- Use Azure Storage browser. Make sure you have permission to access the NFS server, see [Azure Storage firewalls and virtual networks document](https://docs.microsoft.com/en-us/azure/storage/common/storage-network-security?tabs=azure-portal)
+- Mount the same NFS share in an existing virtual machine from Azure. Access files from the mounted path, see [Mount Azure NFS file share to Linux](https://docs.microsoft.com/en-us/azure/storage/files/storage-files-how-to-mount-nfs-shares).
 
-{{%expand "Click here to view the WebLogic Server logs screenshot." %}}
-![WebLogic Server Logs](../screenshot-logs.png)
-{{% /expand %}}
+Use `kubectl exec` to enter the admin server pod to check file system status:
+
+```shell
+kubectl exec -it domain1-admin-server -- df -h
+```
+
+You will find output like the following, with filesystem `${AKS_PERS_STORAGE_ACCOUNT_NAME}.file.core.windows.net:/${AKS_PERS_STORAGE_ACCOUNT_NAME}/${AKS_PERS_SHARE_NAME}`, size `100G`, and mounted on `/shared`:
+
+```text
+Filesystem                                                                                Size  Used Avail Use% Mounted on
+...
+wlsstorage1612795811.file.core.windows.net:/wlsstorage1612795811/wls-weblogic-1612795811  100G   76M  100G   1% /shared
+...
+```
 
 #### Clean up resources
 
diff --git a/documentation/staging/content/samples/azure-kubernetes-service/includes/aks-value-prop.txt b/documentation/staging/content/samples/azure-kubernetes-service/includes/aks-value-prop.txt
index e8b33d19f08..475a090ce48 100644
--- a/documentation/staging/content/samples/azure-kubernetes-service/includes/aks-value-prop.txt
+++ b/documentation/staging/content/samples/azure-kubernetes-service/includes/aks-value-prop.txt
@@ -1,3 +1,3 @@
-Azure Kubernetes Service makes it simple to deploy a managed Kubernetes cluster in Azure. AKS reduces the complexity and operational overhead of managing Kubernetes by offloading much of that responsibility to Azure. As a hosted Kubernetes service, Azure handles critical tasks like health monitoring and maintenance for you. The Kubernetes masters are managed by Azure. You manage and maintain only the agent nodes. As a managed Kubernetes service, AKS is free - you pay for only the agent nodes within your clusters, not for the masters.
+Azure Kubernetes Service (AKS) makes it simple to deploy a managed Kubernetes cluster in Azure. AKS reduces the complexity and operational overhead of managing Kubernetes by offloading much of that responsibility to Azure. As a hosted Kubernetes service, Azure handles critical tasks like health monitoring and maintenance for you. The Kubernetes masters are managed by Azure. You manage and maintain only the agent nodes. As a managed Kubernetes service, AKS is free - you pay for only the agent nodes within your clusters, not for the masters.
 
-To learn more, see [What is Azure Kubernetes Service?](https://docs.microsoft.com/en-us/azure/aks/intro-kubernetes)
+To learn more, see [What is Azure Kubernetes Service?](https://docs.microsoft.com/azure/aks/intro-kubernetes)
diff --git a/documentation/staging/content/samples/azure-kubernetes-service/includes/create-aks-cluster-storage.txt b/documentation/staging/content/samples/azure-kubernetes-service/includes/create-aks-cluster-storage.txt
index 6aa2f3d350d..afcf83d9fd5 100644
--- a/documentation/staging/content/samples/azure-kubernetes-service/includes/create-aks-cluster-storage.txt
+++ b/documentation/staging/content/samples/azure-kubernetes-service/includes/create-aks-cluster-storage.txt
@@ -1,86 +1,147 @@
-#### Create storage and set up file share
+#### Create storage
 
 Our usage pattern for the operator involves creating Kubernetes "persistent volumes" to allow the WebLogic Server to persist its configuration and data separately from the Kubernetes Pods that run WebLogic Server workloads.
 
-We will create an external data volume to access and persist data. There are several options for data sharing as described in [Storage options for applications in Azure Kubernetes Service (AKS)](https://docs.microsoft.com/azure/aks/concepts-storage).
+You will create an external data volume to access and persist data. There are several options for data sharing as described in [Storage options for applications in Azure Kubernetes Service (AKS)](https://docs.microsoft.com/azure/aks/concepts-storage).
 
-We will use Azure Files as a Kubernetes volume. For details about this full featured cloud storage solution, see the [Azure Files Documentation](https://docs.microsoft.com/azure/aks/azure-files-volume).
+You will dynamically create and use a persistent volume with Azure Files NFS share.  For details about this full featured cloud storage solution, see the [Azure Files Documentation](https://docs.microsoft.com/azure/aks/azure-files-dynamic-pv).
 
-##### Create an Azure Storage account
+##### Create an Azure Storage account and NFS share
 
-Create a storage account using the Azure CLI. Note that the storage account name can contain only lowercase letters and numbers, and must be between 3 and 24 characters in length:
+1. Create an Azure Storage Account.
 
-```shell
-# Change the value as needed for your own environment
-$ export AKS_PERS_STORAGE_ACCOUNT_NAME="${NAME_PREFIX}storage${TIMESTAMP}"
-
-$ az storage account create \
-   -n $AKS_PERS_STORAGE_ACCOUNT_NAME \
-   -g $AKS_PERS_RESOURCE_GROUP \
-   -l $AKS_PERS_LOCATION \
-   --sku Standard_LRS
-```
+    Create a storage account using the Azure CLI. Make sure the following values are specified:
 
-Successful output will be a JSON object with the entry `"type": "Microsoft.Storage/storageAccounts"`.
+    | Option name | Value | Notes |
+    |-------------------|---------------|-------|
+    | `name` | `$AKS_PERS_STORAGE_ACCOUNT_NAME` | The storage account name can contain only lowercase letters and numbers, and must be between 3 and 24 characters in length. |
+    | `sku`  | `Premium_LRS` | Only `Premium_LRS` and `Premium_ZRS` work for NFS share, see the [Azure Files NFS Share Documentation](https://docs.microsoft.com/azure/storage/files/storage-files-how-to-create-nfs-shares?tabs=azure-portal#applies-to)|
+    | `https-only` | `false` | You can't mount an NFS file share unless you disable secure transfer. |
+    | `default-action` | `Deny` | For security, we suggest that you deny access by default and choose to allow access from the AKS cluster network. |
 
-Now we need to create a file share. To create the file share, you need a storage connection string. Run the `show-connection-string` command to get connection string, then create the share with `az storage share create`, as shown here.
+    ```shell
+    # Change the value as needed for your own environment
+    $ export AKS_PERS_STORAGE_ACCOUNT_NAME="${NAME_PREFIX}storage${TIMESTAMP}"
 
-```shell
-# Change value as needed for your own environment
-$ export AKS_PERS_SHARE_NAME="${NAME_PREFIX}-weblogic-${TIMESTAMP}"
-# Get connection string
-$ export AZURE_STORAGE_CONNECTION_STRING=$(az storage account show-connection-string -n $AKS_PERS_STORAGE_ACCOUNT_NAME -g $AKS_PERS_RESOURCE_GROUP -o tsv)
-# Create file share
-$ az storage share create -n $AKS_PERS_SHARE_NAME --connection-string $AZURE_STORAGE_CONNECTION_STRING
-```
+    $ az storage account create \
+        --resource-group $AKS_PERS_RESOURCE_GROUP \
+        --name $AKS_PERS_STORAGE_ACCOUNT_NAME \
+        --location $AKS_PERS_LOCATION \
+        --sku Premium_LRS \
+        --kind FileStorage \
+        --https-only false \
+        --default-action Deny
+    ```
 
-Successful output will be exactly the following:
+    Successful output will be a JSON object with the entry `"type": "Microsoft.Storage/storageAccounts"`.
 
-```shell
-{
-  "created": true
-}
-```
+2. Create an NFS share.
 
-The operator uses Kubernetes Secrets.  We need a storage key for the secret. These commands query the storage account to obtain the key, and then stores the storage account key as a Kubernetes secret.
+    To create the file share, you must use `NoRootSquash` to allow the operator to change the ownership of the directory in the NFS share.
 
-```shell
-$ export STORAGE_KEY=$(az storage account keys list --resource-group $AKS_PERS_RESOURCE_GROUP --account-name $AKS_PERS_STORAGE_ACCOUNT_NAME --query "[0].value" -o tsv)
-```
+    Otherwise, you will get an error like `chown: changing ownership of '/shared': Operation not permitted`.
 
-Verify the successful output by examining the `STORAGE_KEY` environment variable.  It must not be empty.  It must be a long ASCII string.
+    The following command creates an NFS share with 100GiB:
 
-We will use the `kubernetes/samples/scripts/create-kubernetes-secrets/create-azure-storage-credentials-secret.sh` script to create the storage account key as a Kubernetes secret, naming the secret with value `${NAME_PREFIX}azure-secret`. Please run:
+    ```shell
+    # Change value as needed for your own environment
+    $ export AKS_PERS_SHARE_NAME="${NAME_PREFIX}-weblogic-${TIMESTAMP}"
+    # Create NFS file share
+    $ az storage share-rm create \
+        --resource-group $AKS_PERS_RESOURCE_GROUP \
+        --storage-account $AKS_PERS_STORAGE_ACCOUNT_NAME \
+        --name ${AKS_PERS_SHARE_NAME} \
+        --enabled-protocol NFS \
+        --root-squash NoRootSquash \
+        --quota 100
+    ```
 
-```shell
-# Please change persistentVolumeClaimNameSuffix if you changed pre-defined value "regcred" before generating the configuration files.
-$ export SECRET_NAME_AZURE_FILE="${NAME_PREFIX}azure-secret"
+    The command provisions an NFS file share with NFS 4.1 or above.
 
-#cd kubernetes/samples/scripts/create-kubernetes-secrets
-$ ./create-azure-storage-credentials-secret.sh -s $SECRET_NAME_AZURE_FILE -a $AKS_PERS_STORAGE_ACCOUNT_NAME -k $STORAGE_KEY
-```
+3. Configure network security.
 
-You will see the following output:
+    You must configure the network security allowing access from AKS cluster to the storage account.
 
-```text
-secret/wlsazure-secret created
-The secret wlsazure-secret has been successfully created in the default namespace.
-```
+    First, you must get the virtual network name and the subnet name of the AKS cluster. 
+
+    Run the following commands to get network information:
+
+    ```shell
+    # get the resource group name of the AKS managed resources
+    $ aksMCRGName=$(az aks show --name $AKS_CLUSTER_NAME --resource-group $AKS_PERS_RESOURCE_GROUP -o tsv --query "nodeResourceGroup")
+    $ echo ${aksMCRGName}
+
+    # get network name of AKS cluster
+    $ aksNetworkName=$(az resource list --resource-group ${aksMCRGName} --resource-type Microsoft.Network/virtualNetworks -o tsv --query '[*].name')
+    $ echo ${aksNetworkName}
+
+    # get subnet name of AKS agent pool
+    $ aksSubnetName=$(az network vnet subnet list --resource-group ${aksMCRGName} --vnet-name ${aksNetworkName} -o tsv --query "[*].name")
+    $ echo ${aksSubnetName}
 
-##### Create PV and PVC
+    # get subnet id of the AKS agent pool
+    $ aksSubnetId=$(az network vnet subnet list --resource-group ${aksMCRGName} --vnet-name ${aksNetworkName} -o tsv --query "[*].id")
+    $ echo ${aksSubnetId}
+    ```
 
-This sample uses Kubernetes Persistent Volume Claims (PVC) as storage resource.  These features are passed to Kubernetes using YAML files.  The script `kubernetes/samples/scripts/create-weblogic-domain-on-azure-kubernetes-service/create-domain-on-aks.sh` generates the required configuration files automatically, given an input file containing the parameters.  A parameters file is provided at `kubernetes/samples/scripts/create-weblogic-domain-on-azure-kubernetes-service/create-domain-on-aks-inputs.yaml`.  Copy and customize this file for your needs.
+    You must enable the service endpoint `Microsoft.Storage` for the subnet using the following command:
 
-To generate YAML files to create PV and PVC in the AKS cluster, the following values must be substituted in your copy of the input file.
+    ```shell
+    $ az network vnet subnet update \
+        --resource-group $aksMCRGName \
+        --name ${aksSubnetName} \
+        --vnet-name ${aksNetworkName} \
+        --service-endpoints Microsoft.Storage
+    ```
+
+    It takes several minutes to enable the service endpoint; successful output will be a JSON object with string like:
+
+    ```text
+    "serviceEndpoints": [
+    {
+      "locations": [
+        "eastus",
+        "westus"
+      ],
+      "provisioningState": "Succeeded",
+      "service": "Microsoft.Storage"
+    }
+    ```
+
+    Now you must create a network rule to allow access from AKS cluster.
+    The following command enables access from AKS subnet to the storage account: 
+
+    ```shell
+    $ az storage account network-rule add \
+      --resource-group $AKS_PERS_RESOURCE_GROUP \
+      --account-name $AKS_PERS_STORAGE_ACCOUNT_NAME \
+      --subnet ${aksSubnetId}
+    ```
+
+    Successful output will be a JSON object with virtual network rule like:
+
+    ```text
+    "virtualNetworkRules": [
+      {
+        "action": "Allow",
+        "state": "Succeeded",
+        "virtualNetworkResourceId": "${aksSubnetId}"
+      }
+    ]
+    ```
+
+##### Create Storage Class and PVC
+
+This sample will dynamically create and use a persistent volume with Azure Files in AKS.  These features are passed to Kubernetes using YAML files.  
+
+The script `kubernetes/samples/scripts/create-weblogic-domain-on-azure-kubernetes-service/create-domain-on-aks.sh` generates the required configuration files automatically, given an input file containing the parameters.  
+
+A parameters file is provided at `kubernetes/samples/scripts/create-weblogic-domain-on-azure-kubernetes-service/create-domain-on-aks-inputs.yaml`.  Copy and customize this file for your needs.
+
+To generate YAML files to create Storage Class and PVC in the AKS cluster, the following values must be substituted in your copy of the input file.
 
 | Name in YAML file | Example value | Notes |
 |-------------------|---------------|-------|
-| `azureServicePrincipalAppId` | `nr086o75-pn59-4782-no5n-nq2op0rsr1q6` | Application ID of your service principal. |
-| `azureServicePrincipalClientSecret` | `8693089o-q190-45ps-9319-or36252s3s90` | A client secret of your service principal. |
-| `azureServicePrincipalTenantId` | `72s988os-86s1-cafe-babe-2q7pq011qo47` | Tenant (Directory ) ID of your service principal.|
-| `dockerEmail` | `yourDockerEmail` | Oracle Single Sign-On (SSO) account email, used to pull the WebLogic Server Docker image. |
-| `dockerPassword` | `yourDockerPassword`| Password for Oracle SSO account, used to pull the WebLogic Server Docker image, in clear text. |
-| `dockerUserName` | `yourDockerId` | The same value as `dockerEmail`.  |
 | `namePrefix` | `wls` | Alphanumeric value used as a disambiguation prefix for several Kubernetes resources. Make sure the value matches the value of `${NAME_PREFIX}` to keep names in step-by-step commands the same with those in configuration files. |
 
 Use the following command to generate configuration files, assuming the output directory is `~/azure`.  The script will overwrite any files generated by a previous invocation.
@@ -95,115 +156,67 @@ After running the command, all needed configuration files are generated and outp
 
 ```shell
 The following files were generated:
-  /home/username/azure/weblogic-on-aks/pv.yaml
+  /home/username/azure/weblogic-on-aks/azure-csi-nfs.yaml
   /home/username/azure/weblogic-on-aks/pvc.yaml
   /home/username/azure/weblogic-on-aks/admin-lb.yaml
   /home/username/azure/weblogic-on-aks/cluster-lb.yaml
   /home/username/azure/weblogic-on-aks/domain1.yaml
-  /home/username/azure/weblogic-on-aks/cluster-admin-role.yaml
 
 Completed
 ```
 
-**Note:** Beyond the required and default configurations generated by the command, you can modify the generated YAML files to further customize your deployment. For further information about customizing your deployment, consult the operator documentation, [AKS documentation](https://docs.microsoft.com/en-us/azure/aks/), and Kubernetes references.
+**Note:** Beyond the required and default configurations generated by the command, you can modify the generated YAML files to further customize your deployment. For further information about customizing your deployment, consult the operator documentation, [AKS documentation](https://docs.microsoft.com/azure/aks/), and Kubernetes references.
 
 ##### Apply generated configuration files
 
-In order to mount the file share as a persistent volume, we have provided a configuration file `pv.yaml`. You can find it in your output directory. The following content is an example that uses the value `wls-weblogic` as "shareName", `wlsazure-secret` as "secretName", and the persistent volume name is `wls-azurefile`.
+In order to define how an Azure file NFS share is created, we have provided a configuration file `azure-csi-nfs.yaml`. You can find it in your output directory. 
 
-We will use the storage class `azurefile`. If you want to create a new class, follow this document [Create a storage class](https://docs.microsoft.com/en-us/azure/aks/azure-files-dynamic-pv#create-a-storage-class). For more information, see the page [Storage options for applications in Azure Kubernetes Service (AKS)](https://docs.microsoft.com/en-us/azure/aks/concepts-storage#storage-classes).
+The following command displays the YAML content of your current settings. This should be the same with content in `azure-csi-nfs.yaml`; use value `${AKS_PERS_RESOURCE_GROUP}` as "resourceGroup", `${AKS_PERS_STORAGE_ACCOUNT_NAME}` as "storageAccount", 
+`${AKS_PERS_SHARE_NAME}` as "shareName", and the Storage Class name is `azurefile-csi-nfs`. 
 
-```yaml
-apiVersion: v1
-kind: PersistentVolume
+This sample uses Azure Files Container Storage Interface (CSI) drivers to manage the NFS file share, provisioner is `file.csi.azure.com`, see the [Azure Files CSI drivers documentation](https://docs.microsoft.com/azure/aks/azure-files-csi).
+
+```shell
+cat <<EOF
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
 metadata:
-  name: wls-azurefile
-spec:
-  capacity:
-    storage: 5Gi
-  accessModes:
-    - ReadWriteMany
-  storageClassName: azurefile
-  azureFile:
-    secretName: wlsazure-secret
-    shareName: wls-weblogic-1597391432
-    readOnly: false
-  mountOptions:
-  - dir_mode=0777
-  - file_mode=0777
-  - uid=1000
-  - gid=1000
-  - mfsymlinks
-  - nobrl
+  name: azurefile-csi-nfs
+provisioner: file.csi.azure.com
+parameters:
+  protocol: nfs
+  resourceGroup: ${AKS_PERS_RESOURCE_GROUP}
+  storageAccount: ${AKS_PERS_STORAGE_ACCOUNT_NAME}
+  shareName: ${AKS_PERS_SHARE_NAME}
+reclaimPolicy: Delete
+volumeBindingMode: Immediate
+allowVolumeExpansion: true
+EOF
 ```
 
-**Note:** This sample includes `nobrl` in the `mountOptions` to disable byte range file locking on the `azurefile` storage class.  Currently, this is necessary because the `azurefile` storage class does not support advisory byte range locking.  This approach is documented in the [Azure Kubernetes Service FAQ](https://docs.microsoft.com/en-us/azure/aks/troubleshooting#what-are-the-default-mountoptions-when-using-azure-files).
-
---------
-
-##### Additional important file locking information
-
-Some action must be taken to deal with the presence or absence of advisory byte range locking when running WebLogic on Kubernetes.  Failure to address this issue will cause WebLogic file store locking issues during domain lifecycle management.  When this happens, WebLogic will not be able to start.
-
-If it is not possible to use a different file system that fully supports advisory byte range locking, such as [NFS file shares in Azure Files](https://docs.microsoft.com/en-us/azure/storage/files/files-nfs-protocol#regional-availability), be aware that disabling locking risks data corruption and additional steps are required to mitigate this risk, as shown in the next section.
-
-Here are several different approaches to disable file locking.
-
-- When using the `azurefile` storage class, you can universally disable locking on the entire file system by enabling the `nobrl` mount option, as shown previously.
-
-   - Note that this affects all software using the same file system. Steps to reduce the consequent corruption risk will vary based on software, and will differ from the steps used for WebLogic.
-
-- You can disable file locking in the WebLogic configuration for each default file store, custom file store, and JMS paging store by following the steps outlined in [Handling NFS Locking Errors](https://docs.oracle.com/en/middleware/fusion-middleware/weblogic-server/12.2.1.4/perfm/storetune.html#GUID-A1126893-C60F-4C39-BFCF-0D0F2436478D).
-
-   - When using the operator, you can provide this configuration without needing to modify your original configuration using [configuration overrides](https://oracle.github.io/weblogic-kubernetes-operator/userguide/managing-domains/configoverrides/) for Domain on PV or Domain in Image, or [runtime updates](https://oracle.github.io/weblogic-kubernetes-operator/userguide/managing-domains/model-in-image/runtime-updates/) for Model in Image
-   - Note that this can be a substantial amount of work and error prone as it requires configuration updates for each individual default store, custom file store, and JMS paging store.
-
-- You can disable all file store locks on a particular WebLogic server JVM by _both_ applying patch `32471832` and setting `-Dweblogic.store.file.LockEnabled=false`. When using the operator, you can set command-line  values using the `JAVA_OPTIONS` env var in `spec.serverPod.env` domain resource attribute. This will work for any operator domain home source type.
-
-##### Mitigating corruption risk when locking is disabled
+We have provided another configuration file `pvc.yaml` for the `PersistentVolumeClaim`.  The `pvc.yaml` file has exactly the same Storage Class name as created previously. This is required. 
+The following command displays the YAML content of `pvc.yaml`.
 
-It is important to mitigate the risk of WebLogic data corruption when locking is disabled.
-
-- Do not configure [service migration](https://docs.oracle.com/en/middleware/fusion-middleware/weblogic-server/12.2.1.4/clust/service_migration.html#GUID-AEECC92D-88DA-4E07-8C42-A24DBC1C7076) for WebLogic JTA default file stores or custom file stores.
-
-   - File store service migration is not supported when file locking is disabled because it relies on file locks for safe behavior.
-
-   - Service migration is a WebLogic high availability option that is typically configured to enable data recovery on surviving WebLogic Servers in a cluster upon an unexpected WebLogic server failure. It is also used to enable JMS and JTA data recovery from WebLogic Servers that are shutdown due to a cluster shrink.
-
-- If at all possible, do not store important data in WebLogic default or custom file stores.
-
-- Configure WebLogic JMS, JTA, and EJB Timers to use database storage instead of file storage.
-
-   - For example, use the 'TLOG-in-DB' feature for JTA and custom database stores instead of file stores for JMS.
-
-   - This will require a change to your original WebLogic configuration. It is not practical to use operator configuration overrides or runtime updates for this purpose because the changes are too extensive.
-
-- Note that it is fine to configure service migration for database stores even when file locking is disabled.
-
-- Take additional steps in your CI/CD processes to guard against the user errors that file locks normally help prevent.  In particular, ensure you have procedures in place to prevent administrators or testers from mistakenly starting a duplicate WebLogic domain in the same shared file system.
-
---------
-
-We have provided another configuration file `pvc.yaml` for the `PersistentVolumeClaim`.  Both `pv.yaml` and `pvc.yaml` have exactly the same content for `storageClassName` attributes. This is required. We set the same value to the `metadata` property in both files. The following content is an example that uses the persistent volume claim name `wls-azurefile`.
-
-```yaml
+```shell
+cat <<EOF
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: wls-azurefile
+  name: wls-azurefile-${TIMESTAMP}
 spec:
   accessModes:
     - ReadWriteMany
-  storageClassName: azurefile
+  storageClassName: azurefile-csi-nfs
   resources:
     requests:
-      storage: 5Gi
+      storage: 100Gi
+EOF
 ```
 
-Use the `kubectl` command to create the persistent volume and persistent volume claim to the `default` namespace.
+Use the `kubectl` command to create the Storage Class and persistent volume claim to the `default` namespace.
 
 ```shell
-$ kubectl apply -f ~/azure/weblogic-on-aks/pv.yaml
+$ kubectl apply -f ~/azure/weblogic-on-aks/azure-csi-nfs.yaml
 persistentvolume/wls-azurefile created
 $ kubectl apply -f ~/azure/weblogic-on-aks/pvc.yaml
 persistentvolumeclaim/wls-azurefile created
@@ -212,18 +225,15 @@ persistentvolumeclaim/wls-azurefile created
 Use the following command to verify:
 
 ```shell
-$ kubectl get pv,pvc
+$ kubectl get pvc
 ```
 
 Example output:
 
 ```shell
-$ kubectl get pv,pvc
-NAME                                          CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS   CLAIM                                STORAGECLASS   REASON   AGE
-persistentvolume/wls-azurefile   5Gi        RWX            Retain           Bound    default/wls-azurefile   azurefile               16m
-
-NAME                                               STATUS   VOLUME                       CAPACITY   ACCESS MODES   STORAGECLASS   AGE
-persistentvolumeclaim/wls-azurefile   Bound    wls-azurefile   5Gi        RWX            azurefile      16m
+$ kubectl get pvc
+NAME                       STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS        AGE
+wls-azurefile-1612795811   Bound    pvc-b9c0dfbb-0cee-4362-809e-1621894c5794   100Gi      RWX            azurefile-csi-nfs   17s
 ```
 
 **Note**: Carefully inspect the output and verify it matches the above. `ACCESS MODES`, `CLAIM`, and `STORAGECLASS` are vital.
diff --git a/documentation/staging/content/samples/azure-kubernetes-service/screenshot-logs.png b/documentation/staging/content/samples/azure-kubernetes-service/screenshot-logs.png
deleted file mode 100644
index f328360091e..00000000000
Binary files a/documentation/staging/content/samples/azure-kubernetes-service/screenshot-logs.png and /dev/null differ
diff --git a/documentation/staging/content/userguide/aks/_index.md b/documentation/staging/content/userguide/aks/_index.md
index 43e464792e4..cb451829c72 100644
--- a/documentation/staging/content/userguide/aks/_index.md
+++ b/documentation/staging/content/userguide/aks/_index.md
@@ -34,8 +34,8 @@ Use the **Basics** blade to provide the basic configuration details for deployin
 
 | Field | Description |
 |-------|-------------|
-| Subscription | Select a subscription to use for the charges accrued by this offer. You must have a valid active subscription associated with the Azure account that is currently logged in. If you don’t have it already, follow the steps described in [Associate or add an Azure subscription to your Azure Active Directory tenant](https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-how-subscriptions-associated-directory).| 
-| Resource group | A resource group is a container that holds related resources for an Azure solution. The resource group includes those resources that you want to manage as a group. You decide which resources belong in a resource group based on what makes the most sense for your organization. If you have an existing resource group into which you want to deploy this solution, you can enter its name here; however, the resource group must have no pre-existing resources in it. Alternatively, you can click the **Create new**, and enter the name so that Azure creates a new resource group before provisioning the resources.  For more information about resource groups, see the [Azure documentation](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-overview#resource-groups). |
+| Subscription | Select a subscription to use for the charges accrued by this offer. You must have a valid active subscription associated with the Azure account that is currently logged in. If you don’t have it already, follow the steps described in [Associate or add an Azure subscription to your Azure Active Directory tenant](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-how-subscriptions-associated-directory).|
+| Resource group | A resource group is a container that holds related resources for an Azure solution. The resource group includes those resources that you want to manage as a group. You decide which resources belong in a resource group based on what makes the most sense for your organization. If you have an existing resource group into which you want to deploy this solution, you can enter its name here; however, the resource group must have no pre-existing resources in it. Alternatively, you can click the **Create new**, and enter the name so that Azure creates a new resource group before provisioning the resources.  For more information about resource groups, see the [Azure documentation](https://docs.microsoft.com/azure/azure-resource-manager/resource-group-overview#resource-groups). |
 
 ##### Instance details
 
@@ -50,9 +50,9 @@ Use the **Basics** blade to provide the basic configuration details for deployin
 | Username for WebLogic Administrator | Enter a user name to access the WebLogic Server Administration Console which is started automatically after the provisioning. For more information about the WebLogic Server Administration Console, see [Overview of Administration Consoles](https://docs.oracle.com/pls/topic/lookup?ctx=en/middleware/standalone/weblogic-server/wlazu&id=INTRO-GUID-CC01963A-6073-4ABD-BC5F-5C509CA1EA90) in _Understanding Oracle WebLogic Server_. |
 | Password for WebLogic Administrator | Enter a password to access the WebLogic Server Administration Console. |
 | Confirm password | Re-enter the value of the preceding field. |
-| Password for WebLogic Deploy Tooling runtime encrytion | The deployment uses Weblogic Deploy Tooling, including the capability to encrypt the model. This password is used for that encrption. For more information, see [Encrypt Model Tool](https://oracle.github.io/weblogic-deploy-tooling/userguide/tools/encrypt/) and the [WebLogic Deploy Tooling documentation](https://oracle.github.io/weblogic-deploy-tooling/userguide/tools/encrypt/).|
+| Password for WebLogic Deploy Tooling runtime encryption | The deployment uses the WebLogic Kubernetes Operator encryption feature, including the capability to encrypt the domain. This password is used for that encryption. For more information, see [Encryption]({{< relref "/security/encryption.md" >}}).|
 | Confirm password | Re-enter the value of the preceding field. |
-| User assigned managed identity | The deployment requires a user-assigned managed identity with the **Contributor** or **Owner** role in the subscription referenced previously.  For more information, please see [Create, list, delete, or assign a role to a user-assigned managed identity using the Azure portal](https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-portal). |
+| User assigned managed identity | The deployment requires a user-assigned managed identity with the **Contributor** or **Owner** role in the subscription referenced previously.  For more information, please see [Create, list, delete, or assign a role to a user-assigned managed identity using the Azure portal](https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-portal). |
 
 ##### Optional Basic Configuration
 
@@ -63,8 +63,6 @@ Use the **Basics** blade to provide the basic configuration details for deployin
 | WebLogic Domain Name | Enter the name of the domain that will be created by the offer. |
 | Maximum dynamic cluster size | The maximum size of the dynamic WebLogic cluster created. |
 |Custom Java Options to start WebLogic Server | Java VM arguments passed to the invocation of WebLogic Server. For more information, see the [FAQ]({{< relref "/faq/resource-settings/_index.md" >}}). |
-|Enable T3 tunneling for Administration Server| If selected, configure the necessary settings to enable T3 tunneling to the Administration Server.  For more details, see [External network access security]({{< relref "/security/domain-security/weblogic-channels.md" >}}).|
-|Enable T3 tunneling for WebLogic cluster| If selected, configure the necessary settings to enable T3 tunneling to the WebLogic Server cluster.  For more details, see [External network access security]({{< relref "/security/domain-security/weblogic-channels.md" >}}).|
 
 When you are satisfied with your selections, select **Next : Configure AKS cluster**.
 
@@ -80,9 +78,9 @@ In this section, you can configure some options about the AKS which will run Web
 |-------|-------------|
 |Create a new AKS cluster| If set to **Yes**, the deployment will create a new AKS cluster resource in the specified resource group. If set to **No**, you have the opportunity to select an existing AKS cluster, into which the deployment is configured. Note: the offer assumes the existing AKS cluster has no WebLogic related deployments. |
 | Node count | The initial number of nodes in the AKS cluster. This value can be changed after deployment. For information, see [Scaling]({{< relref "/userguide/managing-domains/domain-lifecycle/scaling.md" >}}). |
-| Node size | The default VM size is 2x Standard DSv2, 2 vcpus, 7 GB memory. If you want to select a different VM size, select **Change Size**, select the size from the list (for example, A3) on the Select a VM size page, and select **Select**. For more information about sizing the virtual machine, see the [Azure documentation on Sizes](https://docs.microsoft.com/en-us/azure/cloud-services/cloud-services-sizes-specs).|
-|Enable Container insights| If selected, configure the necessary settings to integrate with Container insights. For more information, see [Container insights overview](https://aka.ms/wls-aks-container-insights).|
-|Create Persistent Volume using Azure File share service|If selected, configure the necessary settings to mount a persistent volume to the nodes of the AKS cluster. For more information, see [Persistent storage]({{< relref "/userguide/managing-domains/persistent-storage/_index.md" >}}).|
+| Node size | The default VM size is 2x Standard DSv2, 2 vcpus, 7 GB memory. If you want to select a different VM size, select **Change Size**, select the size from the list (for example, A3) on the Select a VM size page, and select **Select**. For more information about sizing the virtual machine, see the [Azure documentation on Sizes](https://docs.microsoft.com/azure/cloud-services/cloud-services-sizes-specs).|
+|Enable Container insights| If selected, configure the necessary settings to integrate with Container insights. Container insights gives you performance visibility by collecting memory and processor metrics from controllers, nodes, and containers that are available in Kubernetes through the Metrics API. Container logs are also collected. Metrics are written to the metrics store and log data is written to the logs store associated with your Log Analytics workspace. For more information, see [Container insights overview](https://aka.ms/wls-aks-container-insights).|
+|Create Persistent Volume using Azure File share service|If selected, an Azure Storage Account and an Azure Files share will be provisioned; static persistent volume with the Azure Files share will be mounted to the nodes of the AKS cluster. For more information, see [Oracle WebLogic Server persistent storage]({{< relref "/userguide/managing-domains/persistent-storage/_index.md" >}}) and [persistent volume with Azure Files share on AKS](https://docs.microsoft.com/azure/aks/azure-files-volume).|
 
 ##### Image selection
 
@@ -90,13 +88,14 @@ In this section, you can configure the image that is deployed using the model-in
 
 | Field | Description |
 |-------|-------------|
-| Use a pre-existing WebLogic Server Docker image from Oracle Container Registry? | If set to **Yes**, the subsequent options are constrained to allow only selecting from a set of pre-existing WebLogic Server Docker images stored in the Oracle Container Registry. Note: the images in the Oracle Container Registry are unpatched. If set to **No**, the user may refer to a pre-existing Azure Container Registry, and must specify the Docker tag of the WebLogic Server image within that registry that will be used to create the domain. The specified image is assumed to be compatible with the WebLogic Kubernetes Operator. This allows the use of custom images, such as with a specific set patches (PSUs). For more about WebLogic Server images see [WebLogic Server images]({{< relref "/userguide/base-images/_index.md" >}}).|
-|Create a new Azure Container Registry to store application images?|If set to **Yes**, the offer will create a new Azure Container Registry (ACR) to hold the Docker images for use in the deployment.  If set to **No**, you must specify an existing ACR. In this case, you must be sure the selected ACR has the admin account enabled. For details, please see [Admin account](https://docs.microsoft.com/en-us/azure/container-registry/container-registry-authentication?WT.mc_id=Portal-Microsoft_Azure_CreateUIDef&tabs=azure-cli#admin-account). |
+| Use a pre-existing WebLogic Server Docker image from Oracle Container Registry (OCR)? | If set to **Yes**, the subsequent options are constrained to allow only selecting from a set of pre-existing WebLogic Server Docker images stored in the Oracle Container Registry. If set to **No**, the user may refer to a pre-existing Azure Container Registry, and must specify the Docker tag of the WebLogic Server image within that registry that will be used to create the domain. The specified image is assumed to be compatible with the WebLogic Kubernetes Operator. This allows the use of custom images, such as with a specific set patches (PSUs). For more about WebLogic Server images see [WebLogic Server images]({{< relref "/userguide/base-images/_index.md" >}}).|
+|Create a new Azure Container Registry to store application images?|If set to **Yes**, the offer will create a new Azure Container Registry (ACR) to hold the Docker images for use in the deployment.  If set to **No**, you must specify an existing ACR. In this case, you must be sure the selected ACR has the admin account enabled. For details, please see [Admin account](https://docs.microsoft.com/azure/container-registry/container-registry-authentication?tabs=azure-cli#admin-account). |
 | Select existing ACR instance | This option is shown only if **Use a pre-existing WebLogic Server Docker image from Oracle Container Registry?** is set to **No**. If visible, select an existing Acure Container Registry instance. |
 | Please provide the image path | This option is shown only if **Use a pre-existing WebLogic Server Docker image from Oracle Container Registry?** is set to **No**. If visible, the value must be a fully qualified Docker tag of an image within the specified ACR. |
 | Username for Oracle Single Sign-On authentication | The Oracle Single Sign-on account user name for which the Terms and Restrictions for the selected WebLogic Server image have been accepted. |
-| Password for Oracle Single Sign-On authentication | The password for that account. | 
-| Confirm password | Re-enter the value of the preceding field. |
+| Password for Oracle Single Sign-On authentication | The password for that account. |
+| Confirm password | Re-enter the value of the preceding field. | If 'Yes' is selected; the deployment process will pull from the CPU WebLogic Server image repository in the OCR. If 'No' is selected the deployment process will pull from the WebLogic Server image repository in OCR. |
+| Is the specified SSO account associated with an active Oracle support contract? | If set to **Yes**, you must accept the license agreement in the `middleware/weblogic_cpu` repository. If set to **No**, you must accept the license agreement in the `middleware/weblogic`. Steps to accept the license agreement: log in to the [Oracle Container Registry](https://container-registry.oracle.com/); navigate to the `middleware/weblogic_cpu` and `middleware/weblogic` repository; accept license agreement. See this [document](https://aka.ms/wls-aks-ocr-doc) for more information. |
 | Select WebLogic Server Docker tag | Select one of the supported images. |
 
 ##### Java EE Application
@@ -105,8 +104,8 @@ In this section you can deploy a Java EE Application along with the WebLogic Ser
 
 | Field | Description |
 |-------|-------------|
-| Deploy your application package? | If set to **Yes**, you must specify a Java EE WAR, EAR, or JAR file suitable for deployment with the selected version of WebLogic Server. If set to **No**, no application is deployed.| 
-| Application package (.war,.ear,.jar) | With the **Browse** button, you can select a file from a pre-existing Azure Storage Account and Storage Container within that account.  To learn how to create a Storage Account and Container, see [Create a storage account](https://docs.microsoft.com/en-us/azure/storage/common/storage-account-create?tabs=azure-portal). |
+| Deploy your application package? | If set to **Yes**, you must specify a Java EE WAR, EAR, or JAR file suitable for deployment with the selected version of WebLogic Server. If set to **No**, no application is deployed.|
+| Application package (.war,.ear,.jar) | With the **Browse** button, you can select a file from a pre-existing Azure Storage Account and Storage Container within that account.  To learn how to create a Storage Account and Container, see [Create a storage account](https://docs.microsoft.com/azure/storage/common/storage-account-create?tabs=azure-portal) and [Create a Storage Container and upload application files](https://docs.microsoft.com/azure/storage/blobs/storage-quickstart-blobs-portal). |
 | Fail deployment if application does not become ACTIVE. | If selected, the deployment will wait for the deployed application to reach the **ACTIVE** state and fail the deployment if it does not. For more details, see the [Oracle documentation](https://aka.ms/wls-aks-deployment-state). |
 | Number of WebLogic Managed Server replicas | The initial value of the `replicas` field of the Domain. For information, see [Scaling]({{< relref "/userguide/managing-domains/domain-lifecycle/scaling.md" >}}). |
 
@@ -114,9 +113,9 @@ When you are satisfied with your selections, select **Next : TLS/SSL configurati
 
 #### TLS/SSL configuration
 
-With the **TLS/SSL configuration** blade, you can configure Oracle WebLogic Server Administration Console on a secure HTTPS port, with your own SSL certificate provided by a Certifying Authority (CA).
+With the **TLS/SSL configuration** blade, you can configure Oracle WebLogic Server Administration Console on a secure HTTPS port, with your own SSL certificate provided by a Certifying Authority (CA). See [Oracle WebLogic Server Keystores configuration](https://aka.ms/arm-oraclelinux-wls-ssl-configuration) for more information.
 
-Select **Yes** or **No** for the option **Configure WebLogic Server Administration Console, Remote Console, cluster and custom T3 channel to use HTTPS (Secure) ports, with your own TLS/SSL certificate.** based on your preference. If you select **No**, you don't have to provide any details, and can proceed by selecting **Next : Networking** >. If you select **Yes**, you can choose to provide the required configuration details by either uploading existing keystores or by using keystores stored in Azure Key Vault.
+Select **Yes** or **No** for the option **Configure WebLogic Server Administration Console, Remote Console, and cluster to use HTTPS (Secure) ports, with your own TLS/SSL certificate.** based on your preference. If you select **No**, you don't have to provide any details, and can proceed by selecting **Next : Networking**. If you select **Yes**, you can choose to provide the required configuration details by either uploading existing keystores or by using keystores stored in Azure Key Vault.
 
 If you want to upload existing keystores, select **Upload existing KeyStores** for the option **How would you like to provide required configuration**, and enter the values for the fields listed in the following table.
 
@@ -144,7 +143,7 @@ Use this blade to configure options for load balancing and ingress controller.
 
 ##### Standard Load Balancer service
 
-Selecting **Yes** here will cause the offer to provision the Azure Load Balancer as a Kubernetes load balancer service. Note, you must select **Yes** and provide further configuration when T3 tunneling is enabled on the Basics blade. For more information on the Standard Load Balancer see [Use a public Standard Load Balancer in Azure Kubernetes Service (AKS)](https://aka.ms/wls-aks-standard-load-balancer).  You can still deploy an Azure Application Gateway even if you select **No** here.
+Selecting **Yes** here will cause the offer to provision the Azure Load Balancer as a Kubernetes load balancer service. For more information on the Standard Load Balancer see [Use a public Standard Load Balancer in Azure Kubernetes Service (AKS)](https://aka.ms/wls-aks-standard-load-balancer).  You can still deploy an Azure Application Gateway even if you select **No** here.
 
 If you select **Yes**, you have the option of configuring the Load Balancer as an internal Load Balancer.  For more information on Azure internal load balancers see [Use an internal load balancer with Azure Kubernetes Service (AKS)](https://aka.ms/wls-aks-internal-load-balancer).
 
@@ -156,12 +155,7 @@ You can fill in any valid value in this column.
 
 **Target** and **Port** column:
 
-The current offer has some restrictions on the T3 ports.
-
-* For a **Target** value of **admin-server-t3**, you must use port 7005.
-* For a **Target** value of **cluster-1-t3**, you must use port 8011.
-
-For the non-T3 ports, the recommended values are the usual 7001 for the **admin-server** and 8001 for the **cluster-1**.
+For the ports, the recommended values are the usual 7001 for the **admin-server** and 8001 for the **cluster-1**.
 
 ##### Application Gateway Ingress Controller
 
@@ -179,11 +173,11 @@ You must select one of the following three options, each described in turn.
 
 | Field | Description |
 |-------|-------------|
-| Frontend TLS/SSL certificate(.pfx) | For information on how to create a certificate in PFX format, see [Overview of TLS termination and end to end TLS with Application Gateway](https://docs.microsoft.com/en-us/azure/application-gateway/ssl-overview). |
+| Frontend TLS/SSL certificate(.pfx) | For information on how to create a certificate in PFX format, see [Overview of TLS termination and end to end TLS with Application Gateway](https://docs.microsoft.com/azure/application-gateway/ssl-overview). |
 | Password | The password for the certificate |
 | Confirm password | Re-enter the value of the preceding field. |
 | Trusted root certificate(.cer, .cert) | A trusted root certificate is required to allow back-end instances in the application gateway. The root certificate is a Base-64 encoded X.509(.CER) format root certificate. |
-| Service Principal | A Base64 encoded JSON string of a service principal for the selected subscription. You can generate one with command `az ad sp create-for-rbac --sdk-auth | base64 -w0`. For more information, see [Create a service principal](https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli#create-a-service-principal). |
+| Service Principal | A Base64 encoded JSON string of a service principal for the selected subscription. You can generate one with command `az ad sp create-for-rbac --role Contributor --sdk-auth | base64 -w0`. On macOS omit the `-w0`. For more information, see [Create a service principal](https://docs.microsoft.com/cli/azure/create-an-azure-service-principal-azure-cli#create-a-service-principal). |
 
 **Identify an Azure Key Vault**
 
@@ -193,20 +187,20 @@ You must select one of the following three options, each described in turn.
 | Name of the Azure KeyVault containing secrets for the Certificate for SSL Termination | Enter the name of the Azure Key Vault that stores the application gateway SSL certificate and the data required for SSL termination. |
 | The name of the secret in the specified KeyVault whose value is the SSL Certificate Data | Enter the name of the Azure Key Vault secret that holds the value of the SSL certificate data. |
 | The name of the secret in the specified KeyVault whose value is the password for the SSL Certificate | Enter the name of the Azure Key Vault secret that holds the value of the SSL certificate password. |
-| Service Principal | A Base64 encoded JSON string of a service principal for the selected subscription. You can generate one with command `az ad sp create-for-rbac --sdk-auth | base64 -w0`. For more information, see [Create a service principal](https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli#create-a-service-principal). |
+| Service Principal | A Base64 encoded JSON string of a service principal for the selected subscription. You can generate one with command `az ad sp create-for-rbac --role Contributor --sdk-auth | base64 -w0`. On macOS omit the `-w0`. For more information, see [Create a service principal](https://docs.microsoft.com/cli/azure/create-an-azure-service-principal-azure-cli#create-a-service-principal). |
 
 **Generate a self-signed frontend certificate**
 
 | Field | Description |
 |-------|-------------|
 | Trusted root certificate(.cer, .cert) | A trusted root certificate is required to allow back-end instances in the application gateway. The root certificate is a Base-64 encoded X.509(.CER) format root certificate. |
-| Service Principal | A Base64 encoded JSON string of a service principal for the selected subscription. You can generate one with command `az ad sp create-for-rbac --sdk-auth | base64 -w0`. For more information, see [Create a service principal](https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli#create-a-service-principal). |
+| Service Principal | A Base64 encoded JSON string of a service principal for the selected subscription. You can generate one with command `az ad sp create-for-rbac --role Contributor --sdk-auth | base64 -w0`. On macOS omit the `-w0`. For more information, see [Create a service principal](https://docs.microsoft.com/cli/azure/create-an-azure-service-principal-azure-cli#create-a-service-principal). |
 
 Regardless of how you provide the certificates, there are several other options when configuring the Application Gateway, as described next.
 
 | Field | Description |
 |-------|-------------|
-|Enable cookie based affinity | Select this box to enable cookie based affinity (sometimes called "sticky sessions"). For more information, see [Enable Cookie based affinity with an Application Gateway](https://docs.microsoft.com/en-us/azure/application-gateway/ingress-controller-cookie-affinity). |
+|Enable cookie based affinity | Select this box to enable cookie based affinity (sometimes called "sticky sessions"). For more information, see [Enable Cookie based affinity with an Application Gateway](https://docs.microsoft.com/azure/application-gateway/ingress-controller-cookie-affinity). |
 | Create ingress for Administration Console. | Select **Yes** to create an ingress for the Administration Console with the path `/console`. |
 | Create ingress for WebLogic Remote Console. | Select **Yes** to create an ingress for the Remote Console with the path `/remoteconsole`. |
 
@@ -219,7 +213,7 @@ With the **DNS Configuration** blade, you can provision the Oracle WebLogic Serv
 Select **Yes** or **No** for the option **Configure Custom DNS Alias?** based on your preference. If you select **No**, you don't have to provide any details, and can proceed by selecting **Next : Database >**. If you select **Yes**, you must choose either to configure a custom DNS alias based on an existing Azure DNS zone, or create an Azure DNS zone and a custom DNS alias. This can be done by selecting **Yes** or **No** for the option **Use an existing Azure DNS Zone**.
 
 {{% notice note %}}
-For more information about the DNS zones, see [Overview of DNS zones and records](https://docs.microsoft.com/en-us/azure/dns/dns-zones-records).
+For more information about the DNS zones, see [Overview of DNS zones and records](https://docs.microsoft.com/azure/dns/dns-zones-records).
 {{% /notice %}}
 
 If you choose to configure a custom DNS alias based on an existing Azure DNS zone, by selecting **Yes** for the option **Use an existing Azure DNS Zone**, you must specify the DNS configuration details by entering the values for the fields listed in the following table.
@@ -240,7 +234,7 @@ If you choose to create an Azure DNS zone and a custom DNS alias, by selecting *
 See the preceding table for the description of these fields.
 
 {{% notice note %}}
-In the case of creating an Azure DNS zone and a custom DNS alias, you must perform the DNS domain delegation at your DNS registry post deployment. See [Delegation of DNS zones with Azure DNS](https://docs.microsoft.com/en-us/azure/dns/dns-domain-delegation).
+In the case of creating an Azure DNS zone and a custom DNS alias, you must perform the DNS domain delegation at your DNS registry post deployment. See [Delegation of DNS zones with Azure DNS](https://docs.microsoft.com/azure/dns/dns-domain-delegation).
 {{% /notice %}}
 
 When you are satisfied with your selections, select **Next : Database**.
@@ -263,7 +257,7 @@ If you select **Other** as the database type, there are some additional values y
 
 | Field | Description |
 |-------|-------------|
-| DataSource driver (.jar) | Use the **Browse** button to upload the JAR file for the JDBC driver to a storage container. To learn how to create a Storage Account and Container, see [Create a storage account](https://docs.microsoft.com/en-us/azure/storage/common/storage-account-create?tabs=azure-portal). |
+| DataSource driver (.jar) | Use the **Browse** button to upload the JAR file for the JDBC driver to a storage container. To learn how to create a Storage Account and Container, see [Create a storage account](https://docs.microsoft.com/azure/storage/common/storage-account-create?tabs=azure-portal). |
 | DataSource driver name | The fully qualified Java class name of the JDBC driver. |
 | Test table name | The name of the database table to use when testing physical database connections. This value depends on the specified database. Some suggested values include the following. {{< line_break >}}{{< line_break >}} • For Oracle, use `SQL ISVALID`. {{< line_break >}} • For PostgreSQL, SQL Server and MariaDB use `SQL SELECT 1`. {{< line_break >}} • For Informix use `SYSTABLES`.|
 
@@ -276,4 +270,3 @@ In the **Review + create blade**, review the details you provided for deploying
 If you want to use this template to automate the deployment, download it by selecting **Download a template for automation**.
 
 Click **Create** to create this offer. This process may take 30 to 60 minutes.
-
diff --git a/documentation/staging/content/userguide/managing-domains/_index.md b/documentation/staging/content/userguide/managing-domains/_index.md
index 8c3ab2d78b6..5d3c703c83b 100644
--- a/documentation/staging/content/userguide/managing-domains/_index.md
+++ b/documentation/staging/content/userguide/managing-domains/_index.md
@@ -15,6 +15,7 @@ description: "Important considerations for WebLogic domains in Kubernetes."
 * [Managing lifecycle operations](#managing-lifecycle-operations)
 * [Scaling clusters](#scaling-clusters)
 * [About domain events](#about-domain-events)
+* [Monitoring a domain](#monitoring-a-domain)
 * [Log files](#log-files)
 
 #### Important considerations for WebLogic domains in Kubernetes
@@ -153,6 +154,10 @@ The operator lets you initiate scaling of clusters in various ways:
 The operator generates Kubernetes events at key points during domain processing.
 For more information, see [Domain events]({{< relref "/userguide/managing-domains/domain-events.md" >}}).
 
+### Monitoring a domain
+
+The operator can export Prometheus-compatible metrics by embedding a WebLogic Monitoring Exporter configuration in its domain specification. For more details, see the WebLogic Monitoring Exporter document, [Use the Monitoring Exporter with WebLogic Kubernetes Operator](https://github.com/oracle/weblogic-monitoring-exporter#use-the-monitoring-exporter-with-weblogic-kubernetes-operator).
+
 ### Log files
 
 The operator can automatically override WebLogic Server, domain, and introspector `.log` and `.out` locations.
diff --git a/documentation/staging/content/userguide/managing-domains/accessing-the-domain/admin-console.md b/documentation/staging/content/userguide/managing-domains/accessing-the-domain/admin-console.md
index a37190cf585..d6d5695b56d 100644
--- a/documentation/staging/content/userguide/managing-domains/accessing-the-domain/admin-console.md
+++ b/documentation/staging/content/userguide/managing-domains/accessing-the-domain/admin-console.md
@@ -9,7 +9,7 @@ description: "Use the WebLogic Remote Console to manage a domain running in Kube
 The WebLogic Remote Console is a lightweight, open source console that does not need to be collocated with a WebLogic Server domain.
 It is an _alternative_ to the WebLogic Server Administration Console.
 You can install and run the Remote Console anywhere. For an introduction, read the blog, ["The NEW WebLogic Remote Console"](https://blogs.oracle.com/weblogicserver/new-weblogic-server-remote-console).
-For detailed documentation, see the [WebLogic Remote Console](https://github.com/oracle/weblogic-remote-console) GitHub project.
+For detailed documentation, see the [WebLogic Remote Console](https://oracle.github.io/weblogic-remote-console/).
 
 A major benefit of using the Remote Console is that it runs in your browser or a desktop application, and can be used to connect to different WebLogic Server instances.
 You can use the Remote Console with WebLogic Server _slim_ installers, available on the [OTN](https://www.oracle.com/middleware/technologies/weblogic-server-installers-downloads.html)
@@ -35,7 +35,7 @@ For more information, see [External network access security]({{<relref "/securit
 
 To set up access to WebLogic Server domains running in Kubernetes using the Remote Console:
 
-1. Install, configure, and start the Remote Console according to these [instructions](https://github.com/oracle/weblogic-remote-console/blob/master/site/install_config.md).
+1. Install, configure, and start the Remote Console according to these [instructions](https://oracle.github.io/weblogic-remote-console/setup/).
 
    **NOTE**: These instructions assume that you are installing and running the Remote Console Java program externally to your Kubernetes cluster.
 
@@ -47,7 +47,7 @@ To set up access to WebLogic Server domains running in Kubernetes using the Remo
    * [Use a `kubectl port-forward` connection](#use-a-kubectl-port-forward-connection).
 
    **Note**: If you want to customize the Remote Console listen address,
-     then see [Specify a Listen Address for the Remote Console Host](https://github.com/oracle/weblogic-remote-console/blob/master/site/install_config.md#remote). This is useful if you want to run the Remote Console
+     then see [Specify a Listen Address for the Remote Console Host](https://oracle.github.io/weblogic-remote-console/userguide/advanced-settings/#listen_address). This is useful if you want to run the Remote Console
      on a different machine than your browser, or if you want the Remote Console to use SSL.
 
 
diff --git a/documentation/staging/content/userguide/managing-domains/accessing-the-domain/port-forward.md b/documentation/staging/content/userguide/managing-domains/accessing-the-domain/port-forward.md
index 0a16be919ce..e1dc3619fb3 100644
--- a/documentation/staging/content/userguide/managing-domains/accessing-the-domain/port-forward.md
+++ b/documentation/staging/content/userguide/managing-domains/accessing-the-domain/port-forward.md
@@ -62,51 +62,12 @@ This behavior depends on your version and domain resource configuration:
   command or see the domain resource
   [schema](https://github.com/oracle/weblogic-kubernetes-operator/blob/main/documentation/domains/Domain.md).
 
-* If WLST access is required for Istio-enabled domains running Istio versions prior to 1.10,
-  you must add an additional network channel to the WebLogic Administration Server 
-  configured with the following attributes:
-  * Protocol defined as `t3`.
-  * Listen address defined with `localhost`. (Note: Setting the address to localhost is solely 
-  for self-documenting purposes. The address can be set to any value, and the operator will override 
-  it to the required value.)
-  * Listen port. Note: Choose a port value that does not conflict with any ports defined 
-  in any of the additional network channels created for use with Istio versions prior to v1.10.
+* For Istio-enabled domains running Istio versions prior to 1.10,
+  the operator already adds a
+  network channel with a `localhost` listen address for each
+  existing port. This means that no additional configuration is required
+  to enable port forwarding when Istio is enabled.
   For more details, see [Added network channels for Istio versions prior to v1.10]({{< relref "/userguide/istio/istio#added-network-channels-for-istio-versions-prior-to-v110" >}}).
-  * Enable `HTTP` protocol for this network channel.
-  * Do _NOT_ set an `external listen address` or `external listen port`.
-  
-{{% notice note %}}
-For Istio-enabled domains running Istio versions prior to 1.10, if console only access is required, 
-then it is not necessary to add an additional network channel to the WebLogic Administration Server.
-{{% /notice %}}
-  
-For example, here is a snippet of a WebLogic domain `config.xml` file for channel `PortForward` for the Administration Server.
-```xml
-<server>
-  <name>admin-server</name>
-  <network-access-point>
-    <name>PortForward</name>
-    <protocol>t3</protocol>
-    <listen-address>localhost</listen-address>
-    <listen-port>7890</listen-port>
-    <http-enabled-for-this-protocol>true</http-enabled-for-this-protocol>
-  </network-access-point>
-</server>
-```
-For Model in Image (MII) and Domain in Image (DII), here is a snippet model configuration for channel `PortForward` for the Administration Server.
-```yaml
-topology:
-    ...
-    Server:
-        'admin-server':
-            ListenPort: 7001
-            NetworkAccessPoint:
-                PortForward:
-                    Protocol: 't3'
-                    ListenAddress: 'localhost'
-                    ListenPort: '7890'
-                    HttpEnabledForThisProtocol: true
-```
 
 {{% notice note %}}
 If your domain is already running, and you have made configuration changes,
@@ -114,8 +75,7 @@ then you will need to rerun its introspector job and ensure that the admin pod
 restarts for the configuration changes to take effect.
 {{% /notice %}}
 
-If Istio is _not_ enabled on the domain or for Istio enabled domains running
-Istio 1.10 and later, when administration channel port forwarding is enabled,
+When administration channel port forwarding is enabled,
 the operator automatically adds the following network channels
 (also known as Network Access Points) to the WebLogic Administration Server Pod:
 
diff --git a/documentation/staging/content/userguide/managing-domains/model-in-image/auxiliary-images.md b/documentation/staging/content/userguide/managing-domains/model-in-image/auxiliary-images.md
index 730f2d5da2f..1d1da7bf5d1 100644
--- a/documentation/staging/content/userguide/managing-domains/model-in-image/auxiliary-images.md
+++ b/documentation/staging/content/userguide/managing-domains/model-in-image/auxiliary-images.md
@@ -221,7 +221,7 @@ spec:
     - image: domain-image-B:v1
       volume: aivolume
       # the following command replaces 'mydir' instead of merging it:
-      command: 'rm -fr $TARGET_MOUNT_PATH/mydir; cp -R $COMMON_MOUNT_PATH/* $TARGET_MOUNT_PATH'
+      command: 'rm -fr $AUXILIARY_IMAGE_TARGET_PATH/mydir; cp -R $AUXILIARY_IMAGE_PATH/* $AUXILIARY_IMAGE_TARGET_PATH'
 ```
 
 #### Merge ordering example
diff --git a/documentation/staging/content/userguide/platforms/environments.md b/documentation/staging/content/userguide/platforms/environments.md
index 17b2339a7d8..274966d6509 100644
--- a/documentation/staging/content/userguide/platforms/environments.md
+++ b/documentation/staging/content/userguide/platforms/environments.md
@@ -2,7 +2,7 @@
 title: "Supported platforms"
 date: 2019-02-23T16:40:54-05:00
 description: "See the operator supported environments."
-weight: 4
+weight: 3
 ---
 
 ### Contents
@@ -21,6 +21,7 @@ weight: 4
   - [Microsoft Azure](#microsoft-azure)
   - [VMware Tanzu Kubernetes Grid (TKG)](#vmware-tanzu-kubernetes-grid-tkg)
   - [OpenShift](#openshift)
+  - [WebLogic Server running in Kubernetes connecting to an Oracle Database also running in Kubernetes](#weblogic-server-running-in-kubernetes-connecting-to-an-oracle-database-also-running-in-kubernetes)
   - [Development-focused Kubernetes distributions](#development-focused-kubernetes-distributions)
 
 ### Supported environments
@@ -40,10 +41,10 @@ WebLogic Server and the operator are certified on offerings, such as:
 - VMWare Tanzu
 - VMware Tanzu Kubernetes Grid (TKG)
 
-WebLogic Server and the operator are also supported on service offerings which 
+WebLogic Server and the operator are also supported on service offerings which
 deploy the WebLogic Server and the operator for you. These include:
-- Oracle WebLogic Server for OKE (WLS for OKE)
-- Oracle WebLogic Server on AKS from the Azure Marketplace (WLS on AKS Marketplace)
+- [Oracle WebLogic Server for OKE (WLS for OKE)](https://docs.oracle.com/en/cloud/paas/weblogic-container/)
+- [Oracle WebLogic Server on AKS from the Azure Marketplace (WLS on AKS Marketplace)](#oracle-weblogic-server-on-aks-from-the-azure-marketplace-wls-on-aks-marketplace)
 
 [Development-focused Kubernetes distributions](#development-focused-kubernetes-distributions) are also supported.
 
@@ -57,14 +58,14 @@ to the operator, or are subject to limitations and restrictions: see
 
 ### Kubernetes, WebLogic Server, and operating system prerequisites
 
-The operator is subject to Kubernetes, WebLogic Server, and operating system versioning prerequisites:
+The operator is subject to Kubernetes, WebLogic Server, and operating system versioning prerequisites,
 see [Operator prerequisites]({{< relref "/userguide/prerequisites/introduction.md" >}}).
 
 ### Pricing and licensing
 
 The WebLogic Kubernetes Operator and Oracle Linux are open source and free;
 WebLogic Server requires licenses unless used in a single developer desktop development environment.
-In detail:
+See the following sections for more detailed information.
 
 #### WebLogic Kubernetes Operator
 
@@ -101,7 +102,7 @@ patched images are rebuilt every CPU cycle, which is quarterly.
 Customer support for WebLogic Server images is handled by Oracle support.
 
 Using the [WebLogic Image Tool](https://github.com/oracle/weblogic-image-tool)
-customers can also build their own WebLogic Server images with 
+customers can also build their own WebLogic Server images with
 the latest Oracle Linux images, Java updates, and WebLogic Server patches.
 
 #### Reference
@@ -212,16 +213,30 @@ See also the [Tanzu Kubernetes Grid sample]({{<relref "/samples/tanzu-kubernetes
 
 #### OpenShift
 
-OpenShift can be a cloud platform or can be deployed on premise.
+OpenShift can be a cloud platform or can be deployed on premises.
 
 Operator 2.0.1+ is certified for use on OpenShift Container Platform 3.11.43+, with Kubernetes 1.11.5+.
 
 Operator 2.5.0+ is certified for use on OpenShift Container Platform 4.3.0+ with Kubernetes 1.16.2+.
 
 To accommodate OpenShift security requirements:
-- For security requirements to run WebLogic Server in OpenShift, see the [OpenShift chapter]({{<relref "/security/openshift.md">}}) in the Security section.
+- For security requirements to run WebLogic Server in OpenShift, see the [OpenShift]({{<relref "/security/openshift.md">}}) documentation.
 - Beginning with operator version 3.3.2, specify the `kubernetesPlatorm` Helm chart property with value `OpenShift`. For more information, see [Operator Helm configuration values]({{<relref "/userguide/managing-operators/using-helm#operator-helm-configuration-values">}}).
 
+#### WebLogic Server running in Kubernetes connecting to an Oracle Database also running in Kubernetes
+
+We have certified support for WebLogic Server domains, managed by the WebLogic Kubernetes Operator (operator), connecting to an Oracle Database, managed by the Oracle Database Operator for Kubernetes (OraOperator).  For details on the supported WLS and database versions, see the following:
+* [Operator prerequisites]({{< relref "/userguide/prerequisites/introduction.md" >}})
+* [Oracle Database Operator for Kubernetes prerequisites](https://github.com/oracle/oracle-database-operator/blob/main/PREREQUISITES.md)
+
+The certification includes support for both application data access and all WLS database-dependent features supported in Kubernetes. For more information, see WebLogic Server Certifications on Kubernetes in My Oracle Support [Doc ID 2349228.1](https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=208317433106215&id=2349228.1&_afrWindowMode=0&_adf.ctrl-state=c2nhai8p3_4).
+
+Included in the certification is support for the following topologies:
+* WebLogic Server, operator, Oracle Database, and OraOperator all running in the same Kubernetes cluster.
+* WebLogic Server, operator, Oracle Database, and OraOperator all running in the same Kubernetes cluster and WebLogic Server running on an Istio mesh.
+* WebLogic Server and operator running in a Kubernetes cluster and the Oracle Database and OraOperator in a different Kubernetes cluster.
+
+
 #### Development-focused Kubernetes distributions
 
 There are a number of development-focused distributions of Kubernetes, like kind, Minikube, Minishift, and so on.
diff --git a/documentation/staging/content/userguide/prerequisites/introduction.md b/documentation/staging/content/userguide/prerequisites/introduction.md
index 42355735d80..33fdae3828e 100644
--- a/documentation/staging/content/userguide/prerequisites/introduction.md
+++ b/documentation/staging/content/userguide/prerequisites/introduction.md
@@ -7,8 +7,8 @@ weight: 2
 
 For the current production release {{< latestVersion >}}:
 
-* Kubernetes 1.16.15+, 1.17.13+, 1.18.10+, 1.19.7+, and 1.20.6+  (check with `kubectl version`).
-* Flannel networking v0.9.1-amd64 or later (check with `docker images | grep flannel`), Calico networking v3.16.1 or later,
+* Kubernetes 1.19.15+, 1.20.6+, and 1.20.11+  (check with `kubectl version`).
+* Flannel networking v0.13.0-amd64 or later (check with `docker images | grep flannel`), Calico networking v3.16.1 or later,
  *or* OpenShift SDN on OpenShift 4.3 systems.
 * Docker 18.9.1 or 19.03.1+ (check with `docker version`) *or* CRI-O 1.20.2+ (check with `crictl version | grep RuntimeVersion`).
 * Helm 3.3.4+ (check with `helm version --client --short`).
diff --git a/documentation/staging/static/images/domain-architecture2.png b/documentation/staging/static/images/domain-architecture2.png
index 2fdcdb77e25..d0421cc59fb 100644
Binary files a/documentation/staging/static/images/domain-architecture2.png and b/documentation/staging/static/images/domain-architecture2.png differ
diff --git a/documentation/staging/static/images/flowchart.png b/documentation/staging/static/images/flowchart.png
index 41dba69c96f..de4fe0cd6a0 100644
Binary files a/documentation/staging/static/images/flowchart.png and b/documentation/staging/static/images/flowchart.png differ
diff --git a/documentation/staging/static/images/high-level-architecture.png b/documentation/staging/static/images/high-level-architecture.png
index 50f8f49a6c9..fae54b5f6e6 100644
Binary files a/documentation/staging/static/images/high-level-architecture.png and b/documentation/staging/static/images/high-level-architecture.png differ
diff --git a/documentation/staging/static/images/image-pull.png b/documentation/staging/static/images/image-pull.png
index fb1748ad8a2..7547c2e01a6 100644
Binary files a/documentation/staging/static/images/image-pull.png and b/documentation/staging/static/images/image-pull.png differ
diff --git a/documentation/staging/static/images/inside-a-container.png b/documentation/staging/static/images/inside-a-container.png
index 379415722e7..ba756fa3d5d 100644
Binary files a/documentation/staging/static/images/inside-a-container.png and b/documentation/staging/static/images/inside-a-container.png differ
diff --git a/documentation/staging/static/images/layers.png b/documentation/staging/static/images/layers.png
index 6627071882a..fc9d55a8222 100644
Binary files a/documentation/staging/static/images/layers.png and b/documentation/staging/static/images/layers.png differ
diff --git a/documentation/staging/static/images/more-layers.png b/documentation/staging/static/images/more-layers.png
index ff3bb384abb..cfdf985dd22 100644
Binary files a/documentation/staging/static/images/more-layers.png and b/documentation/staging/static/images/more-layers.png differ
diff --git a/documentation/staging/static/images/n-1.png b/documentation/staging/static/images/n-1.png
index 25e27294a53..a3df97ed2e1 100644
Binary files a/documentation/staging/static/images/n-1.png and b/documentation/staging/static/images/n-1.png differ
diff --git a/documentation/staging/static/images/no-layers.png b/documentation/staging/static/images/no-layers.png
index f27fc6936b0..a8638b7a737 100644
Binary files a/documentation/staging/static/images/no-layers.png and b/documentation/staging/static/images/no-layers.png differ
diff --git a/documentation/staging/static/images/primordial.png b/documentation/staging/static/images/primordial.png
index 7259c9ffbc7..74cb4d3f3bf 100644
Binary files a/documentation/staging/static/images/primordial.png and b/documentation/staging/static/images/primordial.png differ
diff --git a/documentation/staging/static/images/rebuild.png b/documentation/staging/static/images/rebuild.png
index 0b468d3440f..37993e68336 100644
Binary files a/documentation/staging/static/images/rebuild.png and b/documentation/staging/static/images/rebuild.png differ
diff --git a/documentation/staging/static/images/updates.png b/documentation/staging/static/images/updates.png
index e204e948e35..e0cf1b6b75f 100644
Binary files a/documentation/staging/static/images/updates.png and b/documentation/staging/static/images/updates.png differ