Merge pull request #103503 from openshift-cherrypick-robot/cherry-pick-100208-to-enterprise-4.21

[enterprise-4.21] OSDOCS-16026 4 category restructure

_topic_maps/_topic_map.yml

@@ -1661,14 +1661,18 @@ Topics:
   Dir: ingress_load_balancing
   Distros: openshift-enterprise,openshift-origin
   Topics:
-  - Name: Configuring Routes
+  - Name: Routes
     Dir: routes
     Distros: openshift-enterprise,openshift-origin
     Topics:
-    - Name: Route configuration
-      File: route-configuration
-    - Name: Secured routes
-      File: secured-routes
+    - Name: Creating basic routes
+      File: creating-basic-routes
+    - Name: Securing routes
+      File: securing-routes
+    - Name: Configuring routes
+      File: nw-configuring-routes
+    - Name: Creating advanced routes
+      File: creating-advanced-routes
   - Name: Configuring ingress cluster traffic
     Dir: configuring_ingress_cluster_traffic
     Distros: openshift-enterprise,openshift-origin

_topic_maps/_topic_map_osd.yml

@@ -782,13 +782,17 @@ Topics:
   Dir: ingress_load_balancing
   Distros: openshift-dedicated
   Topics:
-    - Name: Configuring Routes
+    - Name: Routes
       Dir: routes
       Topics:
-      - Name: Route configuration
-        File: route-configuration
-      - Name: Secured routes
-        File: secured-routes
+      - Name: Creating basic routes
+        File: creating-basic-routes
+      - Name: Securing routes
+        File: securing-routes
+      - Name: Configuring Routes
+        File: nw-configuring-routes
+      - Name: Creating advanced Routes
+        File: creating-advanced-routes
 ---
 Name: Building applications
 Dir: applications

_topic_maps/_topic_map_rosa.yml

@@ -1010,14 +1010,18 @@ Topics:
   Dir: ingress_load_balancing
   Distros: openshift-rosa
   Topics:
-  - Name: Configuring Routes
+  - Name: Routes
     Dir: routes
     Distros: openshift-rosa
     Topics:
-    - Name: Route configuration
-      File: route-configuration
-    - Name: Secured routes
-      File: secured-routes
+      - Name: Creating basic routes
+        File: creating-basic-routes
+      - Name: Securing routes
+        File: securing-routes
+      - Name: Configuring Routes
+        File: nw-configuring-routes
+      - Name: Creating advanced Routes
+        File: creating-advanced-routes
 ---
 Name: Building applications
 Dir: applications

_topic_maps/_topic_map_rosa_hcp.yml

@@ -1059,14 +1059,18 @@ Topics:
   Dir: ingress_load_balancing
   Distros: openshift-rosa-hcp
   Topics:
-  - Name: Configuring Routes
+  - Name: Routes
     Dir: routes
     Distros: openshift-rosa-hcp
     Topics:
-    - Name: Route configuration
-      File: route-configuration
-    - Name: Secured routes
-      File: secured-routes
+      - Name: Creating basic routes
+        File: creating-basic-routes
+      - Name: Securing routes
+        File: securing-routes
+      - Name: Configuring Routes
+        File: nw-configuring-routes
+      - Name: Creating advanced Routes
+        File: creating-advanced-routes
 ---
 Name: Nodes
 Dir: nodes

applications/deployments/route-based-deployment-strategies.adoc

@@ -39,11 +39,9 @@ include::modules/deployments-ab-testing.adoc[leveloffset=+1]
 
 include::modules/deployments-ab-testing-lb.adoc[leveloffset=+2]
 
-ifndef::openshift-rosa-hcp[]
 // Remove conditionals when Networking content is in ROSA HCP
 [role="_additional-resources"]
 [id="additional-resources_{context}"]
 == Additional resources
 
-* xref:../../networking/ingress_load_balancing/routes/route-configuration.adoc#nw-route-specific-annotations_route-configuration[Route-specific annotations].
-endif::[]
+* xref:../../networking/ingress_load_balancing/routes/nw-configuring-routes.adoc#nw-route-specific-annotations[Route-specific annotations]

applications/odc-monitoring-project-and-application-metrics-using-developer-perspective.adoc

@@ -2,7 +2,7 @@
 [id="odc-monitoring-project-and-application-metrics-using-developer-perspective"]
 = Monitoring project and application metrics using the Developer perspective
 include::_attributes/common-attributes.adoc[]
-:context: monitoring-project-and-application-metrics-using-developer-perspective
+:context: odc-monitoring-project-and-application-metrics-using-developer-perspective
 
 toc::[]
 

cloud_experts_tutorials/cloud-experts-aws-load-balancer-operator.adoc

@@ -22,7 +22,7 @@ include::snippets/mobb-support-statement.adoc[leveloffset=+1]
 
 [TIP]
 ====
-Load Balancers created by the AWS Load Balancer Operator cannot be used for xref:../networking/ingress_load_balancing/routes/route-configuration.adoc#route-configuration[OpenShift Routes], and should only be used for individual services or ingress resources that do not need the full layer 7 capabilities of an OpenShift Route.
+Load Balancers created by the AWS Load Balancer Operator cannot be used for xref:../networking/ingress_load_balancing/routes/nw-configuring-routes.adoc#route-configuration[OpenShift Routes], and should only be used for individual services or ingress resources that do not need the full layer 7 capabilities of an OpenShift Route.
 ====
 
 The link:https://kubernetes-sigs.github.io/aws-load-balancer-controller/[AWS Load Balancer Controller] manages AWS Elastic Load Balancers for a {product-title} cluster. The controller provisions link:https://docs.aws.amazon.com/elasticloadbalancing/latest/application/introduction.html[AWS Application Load Balancers (ALB)] when you create Kubernetes Ingress resources and link:https://docs.aws.amazon.com/elasticloadbalancing/latest/network/introduction.html[AWS Network Load Balancers (NLB)] when implementing Kubernetes Service resources with a type of LoadBalancer.

cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-openshift-concepts.adoc

@@ -127,7 +127,7 @@ An individual route can override some defaults by providing specific configurati
 [role="_additional-resources"]
 .Additional resources
 
-* xref:../../networking/ingress_load_balancing/routes/route-configuration.adoc#nw-route-specific-annotations_route-configuration[Route-specific annotations]
+* xref:../../networking/ingress_load_balancing/routes/nw-configuring-routes.adoc#nw-route-specific-annotations[Route-specific annotations]
 
 [id="cloud-experts-getting-started-openshift-concepts-imagestreams"]
 == Image streams

modules/nw-creating-a-route.adoc

@@ -6,9 +6,11 @@
 [id="nw-creating-a-route_{context}"]
 = Creating an HTTP-based route
 
-Create a route to host your application at a public URL. The route can either be secure or unsecured, depending on the network security configuration of your application. An HTTP-based route is an unsecured route that uses the basic HTTP routing protocol and exposes a service on an unsecured application port.
+[role="_abstract"]
+You can use the following procedure to create a simple HTTP-based route to a web application, using the `hello-openshift` application as an example.
+
+You can create a route to host your application at a public URL. The route can either be secure or unsecured, depending on the network security configuration of your application. An HTTP-based route is an unsecured route that uses the basic HTTP routing protocol and exposes a service on an unsecured application port.
 
-The following procedure describes how to create a simple HTTP-based route to a web application, using the `hello-openshift` application as an example.
 //link:https://github.com/openshift/origin/tree/master/examples/hello-openshift[hello-openshift]
 
 .Prerequisites
@@ -53,11 +55,10 @@ $ oc expose svc hello-openshift
 +
 [source,terminal]
 ----
-$ oc get routes -o yaml <name of resource> <1>
+$ oc get routes -o yaml hello-openshift
 ----
-<1> In this example, the route is named `hello-openshift`.
-
-.Sample YAML definition of the created unsecured route
++
+.Example YAML definition of the created unsecured route
 [source,yaml]
 ----
 apiVersion: route.openshift.io/v1
@@ -65,16 +66,18 @@ kind: Route
 metadata:
   name: hello-openshift
 spec:
-  host: www.example.com <1>
+  host: www.example.com
   port:
-    targetPort: 8080 <2>
+    targetPort: 8080
   to:
     kind: Service
     name: hello-openshift
 ----
-<1> The `host` field is an alias DNS record that points to the service. This field can be any valid DNS name, such as `www.example.com`. The DNS name must follow DNS952 subdomain conventions. If not specified, a route name is automatically generated. 
-<2> The `targetPort` field is the target port on pods that is selected by the service that this route points to.
++
+where:
 
+`host`:: Specifies an alias DNS record that points to the service. This field can be any valid DNS name, such as `www.example.com`. The DNS name must follow DNS952 subdomain conventions. If not specified, a route name is automatically generated.
+`targetPort`:: Specifies the target port on pods that is selected by the service that this route points to.
 +
 [NOTE]
 ====

modules/odc-deleting-applications-using-developer-perspective.adoc

@@ -1,6 +1,6 @@
 // Module included in the following assemblies:
 //
-// * applications/odc-deleting-applications.adoc
+// odc-deleting-applications.adoc
 
 :_mod-docs-content-type: PROCEDURE
 [id="odc-deleting-applications-using-developer-perspective_{context}"]

networking/ingress_load_balancing/routes/creating-advanced-routes.adoc

@@ -0,0 +1,29 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="creating-advanced-routes"]
+= Creating advanced routes
+include::_attributes/common-attributes.adoc[]
+:context: creating-advanced-routes
+
+toc::[]
+
+[role="_abstract"]
+You can create secure routes with the ability to use several types of TLS termination to serve certificates to the client. The following sections describe how to create re-encrypt, edge, and passthrough routes with custom certificates.
+
+
+//Creating an edge route with a custom certificate
+include::modules/nw-ingress-creating-an-edge-route-with-a-custom-certificate.adoc[leveloffset=+1]
+
+//Creating a reencrypt route with a custom certificate
+include::modules/nw-ingress-creating-a-reencrypt-route-with-a-custom-certificate.adoc[leveloffset=+1]
+
+//Creating a passthrough route
+include::modules/nw-ingress-creating-a-passthrough-route.adoc[leveloffset=+1]
+
+//Creating a route using the destination CA certificate
+include::modules/nw-ingress-reencrypt-route-custom-cert.adoc[leveloffset=+1]
+
+//Creating a route with externally managed certificates
+include::modules/nw-ingress-route-secret-load-external-cert.adoc[leveloffset=+1]
+
+//Creating an edge route with the default certificate
+include::modules/nw-ingress-edge-route-default-certificate.adoc[leveloffset=+1]

networking/ingress_load_balancing/routes/creating-basic-routes.adoc

@@ -0,0 +1,23 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="creating-basic-routes"]
+= Creating basic routes
+include::_attributes/common-attributes.adoc[]
+:context: creating-basic-routes
+
+toc::[]
+
+[role="_abstract"]
+If you have unencrypted HTTP, you can create a basic route with a route object.
+
+include::modules/nw-creating-a-route.adoc[leveloffset=+1]
+
+include::modules/nw-path-based-routes.adoc[leveloffset=+1]
+
+ifndef::openshift-rosa,openshift-rosa-hcp,openshift-dedicated[]
+// Creating a route for router sharding
+include::modules/nw-ingress-sharding-route-configuration.adoc[leveloffset=+1]
+
+// Creating a route via an Ingress
+include::modules/nw-ingress-creating-a-route-via-an-ingress.adoc[leveloffset=+1]
+
+endif::openshift-rosa,openshift-rosa-hcp,openshift-dedicated[]

networking/ingress_load_balancing/routes/nw-configuring-routes.adoc

@@ -0,0 +1,40 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="nw-configuring-routes"]
+= Configuring routes
+include::_attributes/common-attributes.adoc[]
+:context: configuring-routes
+
+toc::[]
+
+[role="_abstract"]
+You can use annotations, headers, cookies, and more to customize your route configuration.
+
+//Configuring route timeouts
+include::modules/nw-configuring-route-timeouts.adoc[leveloffset=+1]
+
+//HTTP header configuration
+include::modules/nw-http-header-configuration.adoc[leveloffset=+1]
+
+//Setting or deleting http headers
+include::modules/nw-route-set-or-delete-http-headers.adoc[leveloffset=+1]
+
+//Using cookies to keep route statefulness
+include::modules/nw-using-cookies-keep-route-statefulness.adoc[leveloffset=+1]
+
+//Annotating a route with a cookie name
+include::modules/nw-annotating-a-route-with-a-cookie-name.adoc[leveloffset=+2]
+
+//Additional annotations (to be separated into modules with more detail at a later date)
+include::modules/nw-route-specific-annotations.adoc[leveloffset=+1]
+
+//Troubleshooting Throughput Issues
+include::modules/nw-throughput-troubleshoot.adoc[leveloffset=+1]
+
+ifndef::openshift-rosa,openshift-rosa-hcp,openshift-dedicated[]
+//Route admission policy
+include::modules/nw-route-admission-policy.adoc[leveloffset=+1]
+
+//Configuring dual stack
+include::modules/nw-router-configuring-dual-stack.adoc[leveloffset=+1]
+
+endif::openshift-rosa,openshift-rosa-hcp,openshift-dedicated[]

networking/ingress_load_balancing/routes/route-configuration.adoc

@@ -1,90 +0,0 @@
-:_mod-docs-content-type: ASSEMBLY
-// Assembly filename:route-configuration.adoc
-// Explains route configuration.
-[id="route-configuration"]
-= Route configuration
-include::_attributes/common-attributes.adoc[]
-include::_attributes/attributes-openshift-dedicated.adoc[]
-:context: route-configuration
-
-toc::[]
-
-//Creating an insecure route
-include::modules/nw-creating-a-route.adoc[leveloffset=+1]
-
-ifndef::openshift-rosa,openshift-rosa-hcp,openshift-dedicated[]
-// Creating a route for router sharding
-include::modules/nw-ingress-sharding-route-configuration.adoc[leveloffset=+1]
-
-endif::openshift-rosa,openshift-rosa-hcp,openshift-dedicated[]
-
-//Creating route timeouts
-include::modules/nw-configuring-route-timeouts.adoc[leveloffset=+1]
-
-//HTTP Strict Transport Security
-include::modules/nw-enabling-hsts.adoc[leveloffset=+1]
-
-//Enabling HTTP strict transport security per-route
-include::modules/nw-enabling-hsts-per-route.adoc[leveloffset=+2]
-
-ifndef::openshift-rosa,openshift-rosa-hcp,openshift-dedicated[]
-[role="_additional-resources"]
-.Additional resources
-
-xref:../../../networking/networking_operators/ingress-operator.adoc#nw-http2-haproxy_configuring-ingress[Enabling HTTP/2 Ingress connectivity]
-endif::openshift-rosa,openshift-rosa-hcp,openshift-dedicated[]
-
-//Disabling HTTP strict transport security per-route
-include::modules/nw-disabling-hsts.adoc[leveloffset=+2]
-
-ifndef::openshift-rosa,openshift-rosa-hcp,openshift-dedicated[]
-//Enforcing HTTP strict transport security per-domain
-include::modules/nw-enforcing-hsts-per-domain.adoc[leveloffset=+2]
-
-//Troubleshooting Throughput Issues
-include::modules/nw-throughput-troubleshoot.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-
-* xref:../../../nodes/edge/nodes-edge-remote-workers.adoc#nodes-edge-remote-workers-latency[Latency spikes or temporary reduction in throughput to remote workers]
-
-* xref:../../../networking/networking_operators/ingress-operator.adoc#nw-ingress-controller-configuration-parameters_configuring-ingress[Ingress Controller configuration
-parameters]
-endif::openshift-rosa,openshift-rosa-hcp,openshift-dedicated[]
-
-//Using cookies to keep route statefulness
-include::modules/nw-using-cookies-keep-route-statefulness.adoc[leveloffset=+1]
-
-include::modules/nw-annotating-a-route-with-a-cookie-name.adoc[leveloffset=+2]
-
-include::modules/nw-path-based-routes.adoc[leveloffset=+1]
-
-include::modules/nw-http-header-configuration.adoc[leveloffset=+1]
-
-include::modules/nw-route-set-or-delete-http-headers.adoc[leveloffset=+1]
-
-include::modules/nw-route-specific-annotations.adoc[leveloffset=+1]
-
-ifndef::openshift-rosa,openshift-rosa-hcp,openshift-dedicated[]
-include::modules/nw-route-admission-policy.adoc[leveloffset=+1]
-
-include::modules/nw-ingress-creating-a-route-via-an-ingress.adoc[leveloffset=+1]
-
-endif::[]
-
-include::modules/nw-ingress-edge-route-default-certificate.adoc[leveloffset=+1]
-
-include::modules/nw-ingress-reencrypt-route-custom-cert.adoc[leveloffset=+1]
-
-ifndef::openshift-rosa,openshift-rosa-hcp,openshift-dedicated[]
-include::modules/nw-router-configuring-dual-stack.adoc[leveloffset=+1]
-
-endif::openshift-rosa,openshift-rosa-hcp,openshift-dedicated[]
-
-ifdef::openshift-enterprise[]
-[role="_additional-resources"]
-.Additional resources
-
-* xref:../../../networking/networking_operators/ingress-operator.adoc#nw-ingress-configuring-application-domain_configuring-ingress[Specifying an alternative cluster domain using the appsDomain option]
-endif::openshift-enterprise[]

networking/ingress_load_balancing/routes/securing-routes.adoc

@@ -0,0 +1,22 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="securing-routes"]
+= Securing routes
+include::_attributes/common-attributes.adoc[]
+:context: securing-routes
+
+toc::[]
+
+[role="_abstract"]
+You can secure a route with HTTP strict transport security (HSTS).
+
+//HTTP Strict Transport Security
+include::modules/nw-enabling-hsts.adoc[leveloffset=+1]
+
+//Enabling HTTP strict transport security per-route
+include::modules/nw-enabling-hsts-per-route.adoc[leveloffset=+2]
+
+//Disabling HTTP strict transport security per-route
+include::modules/nw-disabling-hsts.adoc[leveloffset=+2]
+
+//Enforcing HTTP strict transport security per-domain
+include::modules/nw-enforcing-hsts-per-domain.adoc[leveloffset=+2]

networking/networking_operators/aws-load-balancer-operator.adoc

@@ -6,11 +6,12 @@ include::_attributes/attributes-openshift-dedicated.adoc[]
 
 toc::[]
 
+[role="_abstract"]
 The AWS Load Balancer Operator is an Operator supported by Red{nbsp}Hat that users can optionally install on SRE-managed {product-title} clusters.
 
 [IMPORTANT]
 ====
-Load Balancers created by the AWS Load Balancer Operator cannot be used for xref:../../networking/ingress_load_balancing/routes/route-configuration.adoc#route-configuration[OpenShift Routes], and should only be used for individual services or ingress resources that do not need the full layer 7 capabilities of an OpenShift Route.
+Load Balancers created by the AWS Load Balancer Operator cannot be used for xref:../../networking/ingress_load_balancing/routes/creating-basic-routes.adoc#creating-basic-routes[OpenShift Routes], and should only be used for individual services or ingress resources that do not need the full layer 7 capabilities of an OpenShift Route.
 ====
 
 The link:https://github.com/openshift/aws-load-balancer-operator[AWS Load Balancer Operator] is used to install, manage and configure the link:https://kubernetes-sigs.github.io/aws-load-balancer-controller/[AWS Load Balancer Controller] in a {product-title} cluster.

networking/networking_operators/aws_load_balancer_operator/aws-load-balancer-operator-release-notes.adoc

@@ -2,8 +2,9 @@
 :_mod-docs-content-type: ASSEMBLY
 [id="aws-load-balancer-operator-release-notes"]
 = AWS Load Balancer Operator release notes
-:context: aws-load-balancer-operator-release-notes
 include::_attributes/common-attributes.adoc[]
+:context: aws-load-balancer-operator-release-notes
+
 
 toc::[]
 

security/cert_manager_operator/cert-manager-securing-routes.adoc

@@ -6,7 +6,8 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-In the {product-title}, the route API is extended to provide a configurable option to reference TLS certificates via secrets. With xref:../../networking/ingress_load_balancing/routes/secured-routes.adoc#nw-ingress-route-secret-load-external-cert_secured-routes[externally managed certificates] enabled, you can minimize errors from manual intervention, streamline the certificate management process, and enable the {product-title} router to promptly serve the referenced certificate.
+[role="_abstract"]
+In the {product-title}, the route API is extended to provide a configurable option to reference TLS certificates via secrets. With xref:../../networking/ingress_load_balancing/routes/creating-advanced-routes.adoc#nw-ingress-route-secret-load-external-cert_secured-routes[externally managed certificates] enabled, you can minimize errors from manual intervention, streamline the certificate management process, and enable the {product-title} router to promptly serve the referenced certificate.
 
 include::modules/cert-manager-configuring-routes.adoc[leveloffset=+1]
 
@@ -14,6 +15,6 @@ include::modules/cert-manager-configuring-routes.adoc[leveloffset=+1]
 [id="additional-resources_{context}"]
 == Additional resources
 
-* xref:../../networking/ingress_load_balancing/routes/secured-routes.adoc#nw-ingress-route-secret-load-external-cert_secured-routes[Creating a route with externally managed certificate]
+* xref:../../networking/ingress_load_balancing/routes/nw-configuring-routes.adoc#nw-ingress-route-secret-load-external-cert_secured-routes[Creating a route with externally managed certificate]
 
 * xref:../../security/cert_manager_operator/cert-manager-operator-issuer-acme.adoc#cert-manager-operator-issuer-acme[Configuring an ACME issuer]

security/certificates/service-serving-certificate.adoc

@@ -6,13 +6,16 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
+[role="_abstract"]
+Service serving certificates provide automatic TLS encryption for service-to-service communication. Configure certificates for services, ConfigMaps, APIServices, CRDs, and webhooks to secure internal cluster traffic.
+
 include::modules/customize-certificates-understanding-service-serving.adoc[leveloffset=+1]
 
 include::modules/customize-certificates-add-service-serving.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
 .Additional resources
-* You can use a service certificate to configure a secure route using reencrypt TLS termination. For more information, see xref:../../networking/ingress_load_balancing/routes/secured-routes.adoc#nw-ingress-creating-a-reencrypt-route-with-a-custom-certificate_secured-routes[Creating a re-encrypt route with a custom certificate].
+* You can use a service certificate to configure a secure route using reencrypt TLS termination. For more information, see xref:../../networking/ingress_load_balancing/routes/creating-advanced-routes.adoc#nw-ingress-creating-a-reencrypt-route-with-a-custom-certificate_secured-routes[Creating a re-encrypt route with a custom certificate].
 
 include::modules/customize-certificates-add-service-serving-configmap.adoc[leveloffset=+1]
 

service_mesh/v2x/ossm-route-migration.adoc

@@ -14,5 +14,5 @@ include::modules/ossm-migrating-from-ior-to-explicitly-managed-routes.adoc[level
 [id="additional-resources_{context}"]
 == Additional resources
 
-* xref:../../networking/ingress_load_balancing/routes/route-configuration.adoc#nw-creating-a-route_route-configuration[Creating an HTTP-based Route]
+* xref:../../networking/ingress_load_balancing/routes/creating-basic-routes.adoc#nw-creating-a-route_route-configuration[Creating an HTTP-based Route]
 * xref:../../service_mesh/v2x/ossm-traffic-manage.adoc#ossm-auto-route_traffic-management[Understanding automatic routes]

service_mesh/v2x/ossm-traffic-manage.adoc

@@ -57,7 +57,7 @@ include::modules/ossm-auto-route-annotations.adoc[leveloffset=+2]
 
 ifdef::openshift-enterprise[]
 .Additional resources
-* xref:../../networking/ingress_load_balancing/routes/route-configuration.adoc#nw-route-specific-annotations_route-configuration[Route-specific annotations].
+* xref:../../networking/ingress_load_balancing/routes/nw-configuring-routes.adoc#nw-route-specific-annotations[Route-specific annotations].
 endif::[]
 
 include::modules/ossm-auto-route-enable.adoc[leveloffset=+2]