diff --git a/docs/02.deploying/02.kubernetes/02.kubernetes.md b/docs/02.deploying/02.kubernetes/02.kubernetes.md
index 56ae51e8..6e10b5df 100644
--- a/docs/02.deploying/02.kubernetes/02.kubernetes.md
+++ b/docs/02.deploying/02.kubernetes/02.kubernetes.md
@@ -78,6 +78,9 @@ kubectl label namespace neuvector "pod-security.kubernetes.io/enforce=privilege
Create the custom resources (CRD) for NeuVector security rules. For Kubernetes 1.19+:
+[!NOTE]
+If you are upgrading to version `5.4.6` using YAML, you must deploy the `responserules-crd-k8s.yaml` file. If you are using Helm charts, this step is handled automatically and no action is required.
+
```shell
kubectl apply -f https://raw.githubusercontent.com/neuvector/manifests/main/kubernetes/5.4.0/crd-k8s-1.19.yaml
kubectl apply -f https://raw.githubusercontent.com/neuvector/manifests/main/kubernetes/5.4.0/waf-crd-k8s-1.19.yaml
@@ -85,7 +88,9 @@ kubectl apply -f https://raw.githubusercontent.com/neuvector/manifests/main/kube
kubectl apply -f https://raw.githubusercontent.com/neuvector/manifests/main/kubernetes/5.4.0/com-crd-k8s-1.19.yaml
kubectl apply -f https://raw.githubusercontent.com/neuvector/manifests/main/kubernetes/5.4.0/vul-crd-k8s-1.19.yaml
kubectl apply -f https://raw.githubusercontent.com/neuvector/manifests/main/kubernetes/5.4.0/admission-crd-k8s-1.19.yaml
-kubectl apply -f https://raw.githubusercontent.com/neuvector/manifests/main/kubernetes/5.4.0/5.4.3_group-definition-k8s.yaml
+kubectl apply -f https://raw.githubusercontent.com/neuvector/manifests/main/kubernetes/5.4.0/5.4.3_group-definition-k8s
+kubectl apply -f https://raw.githubusercontent.com/neuvector/manifests/main/kubernetes/5.4.0/responserules-crd-k8s.yaml
+yaml
```
@@ -150,6 +155,9 @@ kubectl create clusterrole neuvector-binding-nvgroupdefinitions --verb=list,get,
kubectl create clusterrolebinding neuvector-binding-nvgroupdefinitions --clusterrole=neuvector-binding-nvgroupdefinitions --serviceaccount=neuvector:controller
kubectl create role neuvector-binding-secret-controller --verb=create,patch,update --resource=secrets -n neuvector
kubectl create rolebinding neuvector-binding-secret-controller --role=neuvector-binding-secret-controller --serviceaccount=neuvector:controller --serviceaccount=neuvector:default -n neuvector
+kubectl create clusterrole neuvector-binding-nvresponserulesecurityrules --verb=get,list,delete --resource=nvresponserulesecurityrules
+kubectl create clusterrolebinding neuvector-binding-nvresponserulesecurityrules --clusterrole=neuvector-binding-nvresponserulesecurityrules --serviceaccount=neuvector:controller
+
```
@@ -157,23 +165,23 @@ kubectl create rolebinding neuvector-binding-secret-controller --role=neuvector-
Run the following commands to check if the neuvector/controller and neuvector/updater service accounts are added successfully.
```shell
-kubectl get ClusterRoleBinding neuvector-binding-app neuvector-binding-rbac neuvector-binding-admission neuvector-binding-customresourcedefinition neuvector-binding-nvsecurityrules neuvector-binding-view neuvector-binding-nvwafsecurityrules neuvector-binding-nvadmissioncontrolsecurityrules neuvector-binding-nvdlpsecurityrules neuvector-binding-nvgroupdefinitions -o wide
+kubectl get ClusterRoleBinding neuvector-binding-app neuvector-binding-rbac neuvector-binding-admission neuvector-binding-customresourcedefinition neuvector-binding-nvsecurityrules neuvector-binding-view neuvector-binding-nvwafsecurityrules neuvector-binding-nvadmissioncontrolsecurityrules neuvector-binding-nvdlpsecurityrules neuvector-binding-nvgroupdefinitions neuvector-binding-nvresponserulesecurityrules -o wide
```
Sample output:
```shell
NAME ROLE AGE USERS GROUPS SERVICEACCOUNTS
-neuvector-binding-app ClusterRole/neuvector-binding-app 45s neuvector/controller
-neuvector-binding-rbac ClusterRole/neuvector-binding-rbac 45s neuvector/controller
-neuvector-binding-admission ClusterRole/neuvector-binding-admission 44s neuvector/controller
-neuvector-binding-customresourcedefinition ClusterRole/neuvector-binding-customresourcedefinition 44s neuvector/controller
-neuvector-binding-nvsecurityrules ClusterRole/neuvector-binding-nvsecurityrules 43s neuvector/controller
-neuvector-binding-view ClusterRole/view 43s neuvector/controller
-neuvector-binding-nvwafsecurityrules ClusterRole/neuvector-binding-nvwafsecurityrules 43s neuvector/controller
-neuvector-binding-nvadmissioncontrolsecurityrules ClusterRole/neuvector-binding-nvadmissioncontrolsecurityrules 43s neuvector/controller
-neuvector-binding-nvdlpsecurityrules ClusterRole/neuvector-binding-nvdlpsecurityrules 43s neuvector/controller
-neuvector-binding-nvgroupdefinitions ClusterRole/neuvector-binding-nvgroupdefinitions 40s neuvector/controller
+neuvector-binding-app ClusterRole/neuvector-binding-app 66d neuvector/controller
+neuvector-binding-rbac ClusterRole/neuvector-binding-rbac 66d neuvector/controller
+neuvector-binding-admission ClusterRole/neuvector-binding-admission 66d neuvector/controller
+neuvector-binding-customresourcedefinition ClusterRole/neuvector-binding-customresourcedefinition 66d neuvector/controller
+neuvector-binding-nvsecurityrules ClusterRole/neuvector-binding-nvsecurityrules 66d neuvector/controller
+neuvector-binding-view ClusterRole/view 66d neuvector/controller
+neuvector-binding-nvwafsecurityrules ClusterRole/neuvector-binding-nvwafsecurityrules 66d neuvector/controller
+neuvector-binding-nvadmissioncontrolsecurityrules ClusterRole/neuvector-binding-nvadmissioncontrolsecurityrules 66d neuvector/controller
+neuvector-binding-nvdlpsecurityrules ClusterRole/neuvector-binding-nvdlpsecurityrules 66d neuvector/controller
+neuvector-binding-nvgroupdefinitions ClusterRole/neuvector-binding-nvgroupdefinitions 66d neuvector/controller
```
And this command:
diff --git a/versioned_docs/version-5.4/02.deploying/02.kubernetes/02.kubernetes.md b/versioned_docs/version-5.4/02.deploying/02.kubernetes/02.kubernetes.md
index 56ae51e8..48cd608f 100644
--- a/versioned_docs/version-5.4/02.deploying/02.kubernetes/02.kubernetes.md
+++ b/versioned_docs/version-5.4/02.deploying/02.kubernetes/02.kubernetes.md
@@ -78,6 +78,9 @@ kubectl label namespace neuvector "pod-security.kubernetes.io/enforce=privilege
Create the custom resources (CRD) for NeuVector security rules. For Kubernetes 1.19+:
+[!NOTE]
+If you are upgrading to version `5.4.6` using YAML, you must deploy the `responserules-crd-k8s.yaml` file. If you are using Helm charts, this step is handled automatically and no action is required.
+
```shell
kubectl apply -f https://raw.githubusercontent.com/neuvector/manifests/main/kubernetes/5.4.0/crd-k8s-1.19.yaml
kubectl apply -f https://raw.githubusercontent.com/neuvector/manifests/main/kubernetes/5.4.0/waf-crd-k8s-1.19.yaml
@@ -86,6 +89,8 @@ kubectl apply -f https://raw.githubusercontent.com/neuvector/manifests/main/kube
kubectl apply -f https://raw.githubusercontent.com/neuvector/manifests/main/kubernetes/5.4.0/vul-crd-k8s-1.19.yaml
kubectl apply -f https://raw.githubusercontent.com/neuvector/manifests/main/kubernetes/5.4.0/admission-crd-k8s-1.19.yaml
kubectl apply -f https://raw.githubusercontent.com/neuvector/manifests/main/kubernetes/5.4.0/5.4.3_group-definition-k8s.yaml
+kubectl apply -f https://raw.githubusercontent.com/neuvector/manifests/main/kubernetes/5.4.0/5.4.3_group-definition-k8s
+kubectl apply -f https://raw.githubusercontent.com/neuvector/manifests/main/kubernetes/5.4.0/responserules-crd-k8s.yaml
```
@@ -148,8 +153,8 @@ kubectl create rolebinding neuvector-binding-job-creation --role=neuvector-bindi
kubectl create rolebinding neuvector-binding-lease --role=neuvector-binding-lease --serviceaccount=neuvector:controller --serviceaccount=neuvector:cert-upgrader -n neuvector
kubectl create clusterrole neuvector-binding-nvgroupdefinitions --verb=list,get,delete --resource=nvgroupdefinitions
kubectl create clusterrolebinding neuvector-binding-nvgroupdefinitions --clusterrole=neuvector-binding-nvgroupdefinitions --serviceaccount=neuvector:controller
-kubectl create role neuvector-binding-secret-controller --verb=create,patch,update --resource=secrets -n neuvector
-kubectl create rolebinding neuvector-binding-secret-controller --role=neuvector-binding-secret-controller --serviceaccount=neuvector:controller --serviceaccount=neuvector:default -n neuvector
+kubectl create clusterrole neuvector-binding-nvresponserulesecurityrules --verb=get,list,delete --resource=nvresponserulesecurityrules
+kubectl create clusterrolebinding neuvector-binding-nvresponserulesecurityrules --clusterrole=neuvector-binding-nvresponserulesecurityrules --serviceaccount=neuvector:controller
```
@@ -157,23 +162,23 @@ kubectl create rolebinding neuvector-binding-secret-controller --role=neuvector-
Run the following commands to check if the neuvector/controller and neuvector/updater service accounts are added successfully.
```shell
-kubectl get ClusterRoleBinding neuvector-binding-app neuvector-binding-rbac neuvector-binding-admission neuvector-binding-customresourcedefinition neuvector-binding-nvsecurityrules neuvector-binding-view neuvector-binding-nvwafsecurityrules neuvector-binding-nvadmissioncontrolsecurityrules neuvector-binding-nvdlpsecurityrules neuvector-binding-nvgroupdefinitions -o wide
+kubectl get ClusterRoleBinding neuvector-binding-app neuvector-binding-rbac neuvector-binding-admission neuvector-binding-customresourcedefinition neuvector-binding-nvsecurityrules neuvector-binding-view neuvector-binding-nvwafsecurityrules neuvector-binding-nvadmissioncontrolsecurityrules neuvector-binding-nvdlpsecurityrules neuvector-binding-nvgroupdefinitions neuvector-binding-nvresponserulesecurityrules -o wide
```
Sample output:
```shell
NAME ROLE AGE USERS GROUPS SERVICEACCOUNTS
-neuvector-binding-app ClusterRole/neuvector-binding-app 45s neuvector/controller
-neuvector-binding-rbac ClusterRole/neuvector-binding-rbac 45s neuvector/controller
-neuvector-binding-admission ClusterRole/neuvector-binding-admission 44s neuvector/controller
-neuvector-binding-customresourcedefinition ClusterRole/neuvector-binding-customresourcedefinition 44s neuvector/controller
-neuvector-binding-nvsecurityrules ClusterRole/neuvector-binding-nvsecurityrules 43s neuvector/controller
-neuvector-binding-view ClusterRole/view 43s neuvector/controller
-neuvector-binding-nvwafsecurityrules ClusterRole/neuvector-binding-nvwafsecurityrules 43s neuvector/controller
-neuvector-binding-nvadmissioncontrolsecurityrules ClusterRole/neuvector-binding-nvadmissioncontrolsecurityrules 43s neuvector/controller
-neuvector-binding-nvdlpsecurityrules ClusterRole/neuvector-binding-nvdlpsecurityrules 43s neuvector/controller
-neuvector-binding-nvgroupdefinitions ClusterRole/neuvector-binding-nvgroupdefinitions 40s neuvector/controller
+neuvector-binding-app ClusterRole/neuvector-binding-app 66d neuvector/controller
+neuvector-binding-rbac ClusterRole/neuvector-binding-rbac 66d neuvector/controller
+neuvector-binding-admission ClusterRole/neuvector-binding-admission 66d neuvector/controller
+neuvector-binding-customresourcedefinition ClusterRole/neuvector-binding-customresourcedefinition 66d neuvector/controller
+neuvector-binding-nvsecurityrules ClusterRole/neuvector-binding-nvsecurityrules 66d neuvector/controller
+neuvector-binding-view ClusterRole/view 66d neuvector/controller
+neuvector-binding-nvwafsecurityrules ClusterRole/neuvector-binding-nvwafsecurityrules 66d neuvector/controller
+neuvector-binding-nvadmissioncontrolsecurityrules ClusterRole/neuvector-binding-nvadmissioncontrolsecurityrules 66d neuvector/controller
+neuvector-binding-nvdlpsecurityrules ClusterRole/neuvector-binding-nvdlpsecurityrules 66d neuvector/controller
+neuvector-binding-nvgroupdefinitions ClusterRole/neuvector-binding-nvgroupdefinitions 66d neuvector/controller
```
And this command: