diff --git a/api/v1alpha1/upgradeinsights_types.go b/api/v1alpha1/upgradeinsights_types.go
index 31e1d017..0dd693cc 100644
--- a/api/v1alpha1/upgradeinsights_types.go
+++ b/api/v1alpha1/upgradeinsights_types.go
@@ -103,15 +103,34 @@ type ProviderCredentials struct {
 }
 
 type AWSProviderCredentials struct {
-	// Region ...
+	// Region is the name of the AWS region cluster lives in.
 	// +kubebuilder:validation:Required
 	Region string `json:"region"`
 
-	// AccessKeyID ...
+	// AccessKeyID is your access key ID used to authenticate against AWS API.
 	// +kubebuilder:validation:Required
 	AccessKeyID string `json:"accessKeyID"`
 
-	// SecretAccessKeyRef ...
+	// SecretAccessKeyRef is a reference to the secret that contains secret access key.
+	// Since UpgradeInsights is a cluster-scoped resource we can't use local reference.
+	//
+	// SecretAccessKey must be stored in a key named "secretAccessKey".
+	//
+	// An example secret can look like this:
+	//	apiVersion: v1
+	//	kind: Secret
+	//	metadata:
+	//		name: eks-credentials
+	//		namespace: upgrade-insights-test
+	//	stringData:
+	//		secretAccessKey: "changeme"
+	// 
+	// Then it can be referenced like this:
+	// 		...
+	//		secretAccessKeyRef:
+	//			name: eks-credentials
+	//			namespace: upgrade-insights-test
+	//
 	// +kubebuilder:validation:Required
 	SecretAccessKeyRef corev1.SecretReference `json:"secretAccessKeyRef"`
 }
diff --git a/config/crd/bases/deployments.plural.sh_upgradeinsights.yaml b/config/crd/bases/deployments.plural.sh_upgradeinsights.yaml
index f39be55b..4bf07d33 100644
--- a/config/crd/bases/deployments.plural.sh_upgradeinsights.yaml
+++ b/config/crd/bases/deployments.plural.sh_upgradeinsights.yaml
@@ -59,13 +59,23 @@ spec:
                       API.
                     properties:
                       accessKeyID:
-                        description: AccessKeyID ...
+                        description: AccessKeyID is your access key ID used to authenticate
+                          against AWS API.
                         type: string
                       region:
-                        description: Region ...
+                        description: Region is the name of the AWS region cluster
+                          lives in.
                         type: string
                       secretAccessKeyRef:
-                        description: SecretAccessKeyRef ...
+                        description: "SecretAccessKeyRef is a reference to the secret
+                          that contains secret access key.\nSince UpgradeInsights
+                          is a cluster-scoped resource we can't use local reference.\n\n\nSecretAccessKey
+                          must be stored in a key named \"secretAccessKey\".\n\n\nAn
+                          example secret can look like this:\n\tapiVersion: v1\n\tkind:
+                          Secret\n\tmetadata:\n\t\tname: eks-credentials\n\t\tnamespace:
+                          upgrade-insights-test\n\tstringData:\n\t\tsecretAccessKey:
+                          \"changeme\"\n\n\nThen it can be referenced like this:\n\t\t...\n\t\tsecretAccessKeyRef:\n\t\t\tname:
+                          eks-credentials\n\t\t\tnamespace: upgrade-insights-test"
                         properties:
                           name:
                             description: name is unique within a namespace to reference
diff --git a/docs/api.md b/docs/api.md
index 780f091d..fa0f7248 100644
--- a/docs/api.md
+++ b/docs/api.md
@@ -11,9 +11,107 @@ Package v1alpha1 contains API Schema definitions for the deployments v1alpha1 AP
 ### Resource Types
 - [CustomHealth](#customhealth)
 - [PipelineGate](#pipelinegate)
+- [UpgradeInsights](#upgradeinsights)
+- [VirtualCluster](#virtualcluster)
 
 
 
+#### AWSProviderCredentials
+
+
+
+
+
+
+
+_Appears in:_
+- [ProviderCredentials](#providercredentials)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `region` _string_ | Region is the name of the AWS region cluster lives in. |  | Required: {} <br /> |
+| `accessKeyID` _string_ | AccessKeyID is your access key ID used to authenticate against AWS API. |  | Required: {} <br /> |
+| `secretAccessKeyRef` _[SecretReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#secretreference-v1-core)_ | SecretAccessKeyRef is a reference to the secret that contains secret access key.<br />Since UpgradeInsights is a cluster-scoped resource we can't use local reference.<br />SecretAccessKey must be stored in a key named "secretAccessKey".<br />An example secret can look like this:<br />	apiVersion: v1<br />	kind: Secret<br />	metadata:<br />		name: eks-credentials<br />		namespace: upgrade-insights-test<br />	stringData:<br />		secretAccessKey: "changeme"<br />Then it can be referenced like this:<br />		...<br />		secretAccessKeyRef:<br />			name: eks-credentials<br />			namespace: upgrade-insights-test |  | Required: {} <br /> |
+
+
+#### AgentHelmConfiguration
+
+
+
+
+
+
+
+_Appears in:_
+- [HelmSpec](#helmspec)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `chartName` _string_ | ChartName is a helm chart name. |  |  |
+| `repoUrl` _string_ | RepoUrl is a url that points to this helm chart. |  | Optional: {} <br />Type: string <br /> |
+| `values` _[RawExtension](https://pkg.go.dev/k8s.io/apimachinery/pkg/runtime#RawExtension)_ | Values allows defining arbitrary YAML values to pass to the helm as values.yaml file.<br />Use only one of:<br />	- Values<br />	- ValuesSecretRef<br />	- ValuesConfigMapRef |  | Optional: {} <br /> |
+| `valuesSecretRef` _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#secretkeyselector-v1-core)_ | ValuesSecretRef fetches helm values from a secret in this cluster.<br />Use only one of:<br />	- Values<br />	- ValuesSecretRef<br />	- ValuesConfigMapRef |  | Optional: {} <br /> |
+| `valuesConfigMapRef` _[ConfigMapKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#configmapkeyselector-v1-core)_ | ValuesConfigMapRef fetches helm values from a config map in this cluster.<br />Use only one of:<br />	- Values<br />	- ValuesSecretRef<br />	- ValuesConfigMapRef |  | Optional: {} <br /> |
+
+
+#### Binding
+
+
+
+Binding ...
+
+
+
+_Appears in:_
+- [Bindings](#bindings)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `id` _string_ |  |  | Optional: {} <br /> |
+| `UserID` _string_ |  |  | Optional: {} <br /> |
+| `userEmail` _string_ |  |  | Optional: {} <br /> |
+| `groupID` _string_ |  |  | Optional: {} <br /> |
+| `groupName` _string_ |  |  | Optional: {} <br /> |
+
+
+#### Bindings
+
+
+
+Bindings represents a policy bindings that
+can be used to define read/write permissions
+to this resource for users/groups in the system.
+
+
+
+_Appears in:_
+- [ClusterSpec](#clusterspec)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `read` _[Binding](#binding) array_ | Read bindings. |  | Optional: {} <br /> |
+| `write` _[Binding](#binding) array_ | Write bindings. |  | Optional: {} <br /> |
+
+
+#### ClusterSpec
+
+
+
+
+
+
+
+_Appears in:_
+- [VirtualClusterSpec](#virtualclusterspec)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `handle` _string_ | Handle is a short, unique human-readable name used to identify this cluster.<br />Does not necessarily map to the cloud resource name. |  | Optional: {} <br /> |
+| `tags` _object (keys:string, values:string)_ | Tags used to filter clusters. |  | Optional: {} <br /> |
+| `metadata` _[RawExtension](https://pkg.go.dev/k8s.io/apimachinery/pkg/runtime#RawExtension)_ | Refer to Kubernetes API documentation for fields of `metadata`. |  | Optional: {} <br /> |
+| `bindings` _[Bindings](#bindings)_ | Bindings contain read and write policies of this cluster |  | Optional: {} <br /> |
+
+
 
 
 
@@ -100,6 +198,46 @@ _Appears in:_
 
 
 
+
+
+#### HelmConfiguration
+
+
+
+
+
+
+
+_Appears in:_
+- [AgentHelmConfiguration](#agenthelmconfiguration)
+- [VClusterHelmConfiguration](#vclusterhelmconfiguration)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `chartName` _string_ | ChartName is a helm chart name. |  |  |
+| `repoUrl` _string_ | RepoUrl is a url that points to this helm chart. |  | Optional: {} <br />Type: string <br /> |
+| `values` _[RawExtension](https://pkg.go.dev/k8s.io/apimachinery/pkg/runtime#RawExtension)_ | Values allows defining arbitrary YAML values to pass to the helm as values.yaml file.<br />Use only one of:<br />	- Values<br />	- ValuesSecretRef<br />	- ValuesConfigMapRef |  | Optional: {} <br /> |
+| `valuesSecretRef` _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#secretkeyselector-v1-core)_ | ValuesSecretRef fetches helm values from a secret in this cluster.<br />Use only one of:<br />	- Values<br />	- ValuesSecretRef<br />	- ValuesConfigMapRef |  | Optional: {} <br /> |
+| `valuesConfigMapRef` _[ConfigMapKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#configmapkeyselector-v1-core)_ | ValuesConfigMapRef fetches helm values from a config map in this cluster.<br />Use only one of:<br />	- Values<br />	- ValuesSecretRef<br />	- ValuesConfigMapRef |  | Optional: {} <br /> |
+
+
+#### HelmSpec
+
+
+
+
+
+
+
+_Appears in:_
+- [VirtualClusterSpec](#virtualclusterspec)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `agent` _[AgentHelmConfiguration](#agenthelmconfiguration)_ | Agent allows configuring agent specific helm chart options. |  | Optional: {} <br /> |
+| `vcluster` _[VClusterHelmConfiguration](#vclusterhelmconfiguration)_ | VCluster allows configuring vcluster specific helm chart options. |  | Optional: {} <br /> |
+
+
 #### PipelineGate
 
 
@@ -139,3 +277,136 @@ _Appears in:_
 
 
 
+#### ProviderCredentials
+
+
+
+
+
+
+
+_Appears in:_
+- [UpgradeInsightsSpec](#upgradeinsightsspec)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `aws` _[AWSProviderCredentials](#awsprovidercredentials)_ | AWS defines attributes required to auth with AWS API. |  | Optional: {} <br /> |
+
+
+#### Status
+
+
+
+
+
+
+
+_Appears in:_
+- [VirtualClusterStatus](#virtualclusterstatus)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `id` _string_ | ID of the resource in the Console API. |  | Optional: {} <br />Type: string <br /> |
+| `sha` _string_ | SHA of last applied configuration. |  | Optional: {} <br />Type: string <br /> |
+| `conditions` _[Condition](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#condition-v1-meta) array_ | Represents the observations of a PrAutomation's current state. |  |  |
+
+
+#### UpgradeInsights
+
+
+
+UpgradeInsights is the Schema for the UpgradeInsights API
+
+
+
+
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `apiVersion` _string_ | `deployments.plural.sh/v1alpha1` | | |
+| `kind` _string_ | `UpgradeInsights` | | |
+| `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. |  |  |
+| `spec` _[UpgradeInsightsSpec](#upgradeinsightsspec)_ |  |  |  |
+
+
+
+
+#### UpgradeInsightsSpec
+
+
+
+
+
+
+
+_Appears in:_
+- [UpgradeInsights](#upgradeinsights)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `distro` _[ClusterDistro](#clusterdistro)_ | Distro defines which provider API should be used to fetch latest upgrade insights.<br />If not provided, we get the distro from the Plural API cluster tied to this operator deploy token. |  | Enum: [EKS] <br />Optional: {} <br /> |
+| `clusterName` _string_ | ClusterName is your cloud provider cluster identifier (usually name) that is used<br />to fetch latest upgrade insights information from the cloud provider API.<br />If not provided, we get the cluster name from the Plural API cluster tied to this<br />operator deploy token and assume that it is the same as the cluster name in your cloud provider. |  | Optional: {} <br /> |
+| `interval` _string_ | Interval defines how often should the upgrade insights information be fetched. | 10m | Optional: {} <br /> |
+| `credentials` _[ProviderCredentials](#providercredentials)_ | Credentials allow overriding default provider credentials bound to the operator. |  | Optional: {} <br /> |
+
+
+#### VClusterHelmConfiguration
+
+
+
+
+
+
+
+_Appears in:_
+- [HelmSpec](#helmspec)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `chartName` _string_ | ChartName is a helm chart name. |  |  |
+| `repoUrl` _string_ | RepoUrl is a url that points to this helm chart. |  | Optional: {} <br />Type: string <br /> |
+| `values` _[RawExtension](https://pkg.go.dev/k8s.io/apimachinery/pkg/runtime#RawExtension)_ | Values allows defining arbitrary YAML values to pass to the helm as values.yaml file.<br />Use only one of:<br />	- Values<br />	- ValuesSecretRef<br />	- ValuesConfigMapRef |  | Optional: {} <br /> |
+| `valuesSecretRef` _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#secretkeyselector-v1-core)_ | ValuesSecretRef fetches helm values from a secret in this cluster.<br />Use only one of:<br />	- Values<br />	- ValuesSecretRef<br />	- ValuesConfigMapRef |  | Optional: {} <br /> |
+| `valuesConfigMapRef` _[ConfigMapKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#configmapkeyselector-v1-core)_ | ValuesConfigMapRef fetches helm values from a config map in this cluster.<br />Use only one of:<br />	- Values<br />	- ValuesSecretRef<br />	- ValuesConfigMapRef |  | Optional: {} <br /> |
+
+
+#### VirtualCluster
+
+
+
+VirtualCluster is the Schema for the virtual cluster API
+
+
+
+
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `apiVersion` _string_ | `deployments.plural.sh/v1alpha1` | | |
+| `kind` _string_ | `VirtualCluster` | | |
+| `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. |  |  |
+| `spec` _[VirtualClusterSpec](#virtualclusterspec)_ | Spec ... |  | Required: {} <br /> |
+
+
+#### VirtualClusterSpec
+
+
+
+
+
+
+
+_Appears in:_
+- [VirtualCluster](#virtualcluster)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `kubeconfigRef` _[LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#localobjectreference-v1-core)_ | KubeconfigRef is a reference to the secret created by the<br />vcluster helm chart. It contains kubeconfig with information<br />on how to access created virtual cluster. |  | Required: {} <br /> |
+| `credentialsRef` _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#secretkeyselector-v1-core)_ | CredentialsRef is a reference to the secret pointing to the<br />key that holds Console API access token. It allows to communicate<br />with the standard Console API. |  | Required: {} <br /> |
+| `cluster` _[ClusterSpec](#clusterspec)_ | Cluster is a simplified representation of the Console API cluster<br />object. See [ClusterSpec] for more information. |  | Optional: {} <br /> |
+| `external` _boolean_ | External marks this virtual cluster as external one, meaning<br />that the vcluster deployment will not be automatically created.<br />User has to pre-provision vcluster and provide a valid KubeconfigRef<br />pointing to an existing vcluster installation. |  | Optional: {} <br /> |
+| `helm` _[HelmSpec](#helmspec)_ | Helm allows configuring helm chart options of both agent and vcluster.<br />It is then deployed by the [VirtualCluster] CRD controller. |  | Optional: {} <br /> |
+
+
+
+