Explore tutorials & documentation
- -
+}}" aria-label="Cloud Docs"
+data-hover='{{< static "images/logos/layer5-light.svg" >}}' data-default='{{< static "images/logos/5-light-no-trim.svg" >}}'
+onmouseover="changeImage('layer5', this.dataset.hover)" onmouseout="restoreImage('layer5', this.dataset.default)">
+ ![Layer5 Cloud Docs Logo]({{< static "images/logos/5-light-no-trim.svg" >}})
Cloud Docs
-
- 
+}}" aria-label="Kanvas Docs"
+data-hover='{{< static "images/logos/kanvas-light.svg" >}}' data-default='{{< static "images/logos/kanvas-icon-color.svg" >}}'
+onmouseover="changeImage('Kanvas', this.dataset.hover)" onmouseout="restoreImage('Kanvas', this.dataset.default)">
+ ![Layer5 Kanvas Docs Logo]({{< static "images/logos/kanvas-icon-color.svg" >}}){kind=icon}
Kanvas Docs
- 
+data-hover='{{< static "images/logos/meshery-light.svg" >}}' data-default='{{< static "images/logos/meshery-light-icon.svg" >}}'
+onmouseover="changeImage('meshery', this.dataset.hover)" onmouseout="restoreImage('meshery', this.dataset.default)">
+ ![Meshery Docs Logo]({{< static "images/logos/meshery-light-icon.svg" >}}){kind=icon}
Meshery Docs
- 
+data-hover='{{< static "images/logos/nighthawk-light.svg" >}}' data-default='{{< static "images/logos/nighthawk-logo.svg" >}}'
+onmouseover="changeImage('nighthawk', this.dataset.hover)" onmouseout="restoreImage('nighthawk', this.dataset.default)">
+ ![Layer5 Nighthawk Docs Logo]({{< static "images/logos/nighthawk-logo.svg" >}}){kind=logo}
Nighthawk Docs
@@ -48,7 +52,7 @@ onmouseover="changeImage('meshery', 'images/logos/meshery-light.svg')" onmouseou
-
+ }}">
@@ -223,4 +227,4 @@ function restoreImage(imgId, originalSrc) {
animate();
}
-
\ No newline at end of file
+
diff --git a/content/en/charts/_index.md b/content/en/charts/_index.md
index 3fb1a38bf77..86f95b75a50 100644
--- a/content/en/charts/_index.md
+++ b/content/en/charts/_index.md
@@ -12,19 +12,19 @@ cascade:
{{< alert type="info" title="Repository Only">}}
This page only contains a brief synopsis of the Helm repository.
-See the [Self-Hosted section](/cloud/guides/self-hosted/) of the Layer5 Cloud documentation for deployment prerequisites, considerations, and instructions.
+See the [Self-Hosted section]({{< ref "cloud/guides/self-hosted/_index.md" >}}) of the Layer5 Cloud documentation for deployment prerequisites, considerations, and instructions.
{{< /alert >}}
## Repository Contents
-Contained in the Layer5 Helm repository is the [Meshery Remote Provider](https://docs.meshery.io/extensibility/providers) charts (and it's subcharts) for Layer5 Cloud. See the repository's full index of Layer5 Helm charts.
+Contained in the Layer5 Helm repository is the [Meshery Remote Provider](https://docs.meshery.io/extensibility/providers) charts (and it's subcharts) for Layer5 Cloud. See the repository's [full index]({{< static "charts/index.yaml" >}}) of Layer5 Helm charts.
## Chart Source
@@ -121,7 +125,7 @@ onmouseover="changeImage('meshery', 'images/logos/meshery-light.svg')" onmouseou
Get help. Find your answer on the forum. Share your knowledge with others.
- 
+
+
The source for this chart is located in the layer5io/meshery-cloud repository under install/kubernetes/.
+ 
+
The Cloud Catalog is a web-based, public catalog to facilitate easy discovery of existing designs. Designs that are published into the catalog can be, but are not always curated for known best practices and patterns. Content is published at [cloud.layer5.io/catalog](https://cloud.layer5.io/catalog), and one-click import of catalog content into Meshery Server is seamlessly integrated.
-
+
### Content Visibility
diff --git a/content/en/cloud/concepts/catalog/images/card-view.png b/content/en/cloud/concepts/catalog/exploring-the-catalog/images/card-view.png
similarity index 100%
rename from content/en/cloud/concepts/catalog/images/card-view.png
rename to content/en/cloud/concepts/catalog/exploring-the-catalog/images/card-view.png
diff --git a/content/en/cloud/concepts/catalog/images/catalog-view.gif b/content/en/cloud/concepts/catalog/exploring-the-catalog/images/catalog-view.gif
similarity index 100%
rename from content/en/cloud/concepts/catalog/images/catalog-view.gif
rename to content/en/cloud/concepts/catalog/exploring-the-catalog/images/catalog-view.gif
diff --git a/content/en/cloud/concepts/catalog/images/design-edit.png b/content/en/cloud/concepts/catalog/exploring-the-catalog/images/design-edit.png
similarity index 100%
rename from content/en/cloud/concepts/catalog/images/design-edit.png
rename to content/en/cloud/concepts/catalog/exploring-the-catalog/images/design-edit.png
diff --git a/content/en/cloud/concepts/catalog/images/design-view.gif b/content/en/cloud/concepts/catalog/exploring-the-catalog/images/design-view.gif
similarity index 100%
rename from content/en/cloud/concepts/catalog/images/design-view.gif
rename to content/en/cloud/concepts/catalog/exploring-the-catalog/images/design-view.gif
diff --git a/content/en/cloud/concepts/catalog/exploring-the-catalog.md b/content/en/cloud/concepts/catalog/exploring-the-catalog/index.md
similarity index 91%
rename from content/en/cloud/concepts/catalog/exploring-the-catalog.md
rename to content/en/cloud/concepts/catalog/exploring-the-catalog/index.md
index 36d6a02edd6..a6eb1e8a17c 100644
--- a/content/en/cloud/concepts/catalog/exploring-the-catalog.md
+++ b/content/en/cloud/concepts/catalog/exploring-the-catalog/index.md
@@ -11,7 +11,7 @@ aliases:
The [Cloud Catalog](https://cloud.layer5.io/catalog) is the central hub for well-architected cloud and cloud native patterns and best practices templates. Here, you can discover and share designs with the wider community.
-
+
## Viewing Catalog Items
@@ -19,13 +19,13 @@ Meshery Catalog displays all published designs in an organized, searchable forma
### Top Performers
-At the top of the page, you can find the **Top Performers** section. This provides a snapshot of the **Leaderboard**, highlighting the most popular designs based on various [metrics](/cloud/concepts/catalog/metrics/).
+At the top of the page, you can find the **Top Performers** section. This provides a snapshot of the **Leaderboard**, highlighting the most popular designs based on various [metrics]({{< ref "cloud/concepts/catalog/metrics/index.md" >}}).
- To see the complete rankings, click the **Open Leaderboard** button.
- You can toggle the visibility of this section using the **Hide Performers** / **Show Performers** button.
{{< alert type="info" title="Learn More About Leaderboard" >}}
-To learn more about Leaderboard, see the [Leaderboard documentation](/cloud/concepts/catalog/leaderboard/).
+To learn more about Leaderboard, see the [Leaderboard documentation]({{< ref "cloud/concepts/catalog/leaderboard/index.md" >}}).
{{< /alert >}}
### Grid View
@@ -39,10 +39,10 @@ Each card provides key information at a glance:
- **Metrics:** A row of icons at the bottom displays key usage statistics (Opens, Downloads, Deploys, Clones, Shares)
- **Detailed Information (on hover):** When you hover over a card, it flips to reveal more details, including the author, design version, technologies used, and the last updated time
-
+
{{< alert type="info" title="Understanding Design Metrics" >}}
-To better understand what these Metrics represent, you can learn more about [design metrics](/cloud/concepts/catalog/metrics/).
+To better understand what these Metrics represent, you can learn more about [design metrics]({{< ref "cloud/concepts/catalog/metrics/index.md" >}}).
{{< /alert >}}
### Table View
@@ -51,7 +51,7 @@ Table view provides a dense, list-based format that's ideal for sorting and comp
To customize the information displayed in this view, click the **View Columns icon** and select the attributes you want to see, such as Author, Created At, or Downloads.
-
+
## Filtering and Sorting Catalog Items
@@ -84,7 +84,7 @@ These filters correspond to the metadata authors provide when they publish desig
When you click on any design, you'll see its detail page. This page provides a complete overview of the design's purpose, technical details, and how you can use it.
-
+
### Key Information
@@ -117,7 +117,7 @@ When you clone a design:
The **Download** button allows you to save the design as a `Design (YAML)` file. This is useful for offline backups or sharing the file directly.
-> For more advanced use cases, Meshery also supports exporting designs into other formats. To learn more, see the guide on [Exporting Designs](/kanvas/designer/export-designs/).
+> For more advanced use cases, Meshery also supports exporting designs into other formats. To learn more, see the guide on [Exporting Designs]({{< ref "kanvas/designer/export-designs/index.md" >}}).
{{< alert type="warning" title="Metadata Not Included in Download" >}}
Design downloads include only the core YAML definition, excluding associated catalog metadata such as descriptions, technology, or class.
@@ -127,7 +127,7 @@ Design downloads include only the core YAML definition, excluding associated cat
After you've published a design, you might need to update its metadata or description. Clicking the **Edit** button opens a dialog where you can make your changes.
-
+
You can modify the following fields:
@@ -148,5 +148,5 @@ Some properties of a published design are immutable and cannot be changed:
If you no longer want a design to be published in the catalog, you can use the **Unpublish** button. This action will remove the design from Meshery Catalog but does **not delete** it. The design will remain as a private design in your account.
{{< alert type="info" title="Permissions Required" >}}
-Editing/Unpublish published designs requires specific user roles and permissions. Learn more: [Default Permissions documentation](/cloud/reference/default-permissions/).
+Editing/Unpublish published designs requires specific user roles and permissions. Learn more: [Default Permissions documentation]({{< ref "cloud/reference/default-permissions.md" >}}).
{{< /alert >}}
diff --git a/content/en/cloud/concepts/catalog/images/leaderboard-action.png b/content/en/cloud/concepts/catalog/leaderboard/images/leaderboard-action.png
similarity index 100%
rename from content/en/cloud/concepts/catalog/images/leaderboard-action.png
rename to content/en/cloud/concepts/catalog/leaderboard/images/leaderboard-action.png
diff --git a/content/en/cloud/concepts/catalog/images/leaderboard-page.gif b/content/en/cloud/concepts/catalog/leaderboard/images/leaderboard-page.gif
similarity index 100%
rename from content/en/cloud/concepts/catalog/images/leaderboard-page.gif
rename to content/en/cloud/concepts/catalog/leaderboard/images/leaderboard-page.gif
diff --git a/content/en/cloud/concepts/catalog/images/leaderboard_button.png b/content/en/cloud/concepts/catalog/leaderboard/images/leaderboard_button.png
similarity index 100%
rename from content/en/cloud/concepts/catalog/images/leaderboard_button.png
rename to content/en/cloud/concepts/catalog/leaderboard/images/leaderboard_button.png
diff --git a/content/en/cloud/concepts/catalog/leaderboard.md b/content/en/cloud/concepts/catalog/leaderboard/index.md
similarity index 82%
rename from content/en/cloud/concepts/catalog/leaderboard.md
rename to content/en/cloud/concepts/catalog/leaderboard/index.md
index 1c216d61c4a..a183c0b3968 100644
--- a/content/en/cloud/concepts/catalog/leaderboard.md
+++ b/content/en/cloud/concepts/catalog/leaderboard/index.md
@@ -12,10 +12,10 @@ aliases:
Leaderboard provides a clear and engaging way to view and compare the performance of different Designs, highlighting the most popular and actively used ones within the Cloud.
-
+
{{< alert type="info" title="Understanding Metrics" >}}
-Metrics are quantifiable measures used to track and assess the status, progress, and performance of various activities and user interactions with Designs. Learn more about [Metrics](/cloud/concepts/catalog/metrics/)
+Metrics are quantifiable measures used to track and assess the status, progress, and performance of various activities and user interactions with Designs. Learn more about [Metrics]({{< ref "cloud/concepts/catalog/metrics/index.md" >}})
{{< /alert >}}
### How to Access the Leaderboard
@@ -25,7 +25,7 @@ You can reach the Leaderboard page in two ways:
1. **Global Navigation Bar:** Click the Leaderboard icon in the main navigation bar for quick access.
2. **From the Catalog Page:** While Browse the Catalog, you can click the 'Open Leaderboard' button in the **Top Performers** section
-
+
### Using the Leaderboard Page
@@ -36,4 +36,4 @@ The Leaderboard page offers several ways to explore and interact with:
- **Customize Your View:** Click the **View Columns** icon to show or hide specific metric columns.
- **Take Actions:** Click the **Actions** icon to download, share, or perform other actions.
-
+
diff --git a/content/en/cloud/concepts/catalog/images/cards.png b/content/en/cloud/concepts/catalog/metrics/images/cards.png
similarity index 100%
rename from content/en/cloud/concepts/catalog/images/cards.png
rename to content/en/cloud/concepts/catalog/metrics/images/cards.png
diff --git a/content/en/cloud/concepts/catalog/metrics.md b/content/en/cloud/concepts/catalog/metrics/index.md
similarity index 89%
rename from content/en/cloud/concepts/catalog/metrics.md
rename to content/en/cloud/concepts/catalog/metrics/index.md
index c6cf83d9bd0..405d92afa1a 100644
--- a/content/en/cloud/concepts/catalog/metrics.md
+++ b/content/en/cloud/concepts/catalog/metrics/index.md
@@ -16,16 +16,16 @@ The design catalog can be accessed from the _Layer5 Cloud_ catalog page at [Laye
{{< alert type="info" title="Design Capabilities" >}}
-Designs can be imported, exported, versioned, forked, merged, snapshotted, published, shared, embedded, templatized, and more. Learn more about [Designs](/kanvas/getting-started/)
+Designs can be imported, exported, versioned, forked, merged, snapshotted, published, shared, embedded, templatized, and more. Learn more about [Designs]({{< ref "kanvas/getting-started/_index.md" >}})
{{< /alert >}}
You can view the metrics of a Design in two ways:
1. Below each Design's catalog card, you can see its metrics.
-
+
2. By clicking on the catalog card, a modal will pop up displaying all the information about the Design, including its metrics.
-
+
Here’s a detailed explanation of each metric we track:
diff --git a/content/en/cloud/concepts/identity-and-security/_index.md b/content/en/cloud/concepts/identity-and-security/_index.md
index cf408989bfe..45b1cc480f6 100755
--- a/content/en/cloud/concepts/identity-and-security/_index.md
+++ b/content/en/cloud/concepts/identity-and-security/_index.md
@@ -55,8 +55,8 @@ Access is granted through Role-Based Access Control (RBAC). Roles are assigned a
It is tempting to assume that organization membership alone decides what a user can see and do. It does not. Identity, access, and authorization in Layer5 Cloud are decided by a *combination* of three independent mechanisms that compose on top of the organization:
-* **Authentication — the organization's connected identity provider (IdP).** Each organization is connected to an identity provider that establishes *who* a user is. More than one organization can — and commonly does — share the same identity provider. An organization may instead **bring its own** identity provider (BYOC), in which case it authenticates against its own dedicated provider. See [Identity Services](/cloud/guides/self-hosted/planning/identity-services/).
-* **Generic authorization — keys → keychains → roles.** Permission [keys](/cloud/concepts/identity-and-security/keys/) roll up into [keychains](/cloud/concepts/identity-and-security/keychains/), which are assigned to [roles](/cloud/concepts/identity-and-security/roles/), which are assigned to users. This decides *what operations* a user may perform — and it is evaluated per organization. The same person can hold different roles, and therefore a different effective set of capabilities, in each organization they belong to.
+* **Authentication — the organization's connected identity provider (IdP).** Each organization is connected to an identity provider that establishes *who* a user is. More than one organization can — and commonly does — share the same identity provider. An organization may instead **bring its own** identity provider (BYOC), in which case it authenticates against its own dedicated provider. See [Identity Services]({{< ref "cloud/guides/self-hosted/planning/identity-services/index.md" >}}).
+* **Generic authorization — keys → keychains → roles.** Permission [keys]({{< ref "cloud/concepts/identity-and-security/keys.md" >}}) roll up into [keychains]({{< ref "cloud/concepts/identity-and-security/keychains.md" >}}), which are assigned to [roles]({{< ref "cloud/concepts/identity-and-security/roles/_index.md" >}}), which are assigned to users. This decides *what operations* a user may perform — and it is evaluated per organization. The same person can hold different roles, and therefore a different effective set of capabilities, in each organization they belong to.
* **Granular access — resource-access mappings.** A specific resource (for example, a single design) can be shared with an individual user. These mappings grant access to that one resource and **deliberately cross organizational boundaries**: a user does not need to be a member of an organization to open a resource in it when a mapping grants that access. This is by design — it is what makes cross-organization collaboration possible.
The practical consequence is that the same human can be a member of several organizations and have a *different* set of capabilities in each, while also being able to reach individual shared resources in organizations they do not belong to at all.
@@ -73,7 +73,7 @@ Because identity and authorization are layered, "where is the boundary?" has two
> **Same identity provider source means the same security boundary.**
-Organizations that share an identity provider — typical for the canonical host and for custom subdomains that use the shared, central provider — sit within the *same* authentication boundary. An organization that brings its own identity provider (BYOC) is a *distinct* authentication boundary, regardless of how its host is named. The DNS shape of the host is not the boundary; the identity provider behind it is. See [Identity Services](/cloud/guides/self-hosted/planning/identity-services/) and [Social sign-in on a custom domain](/cloud/guides/self-hosted/white-labeling/#social-sign-in-on-a-custom-domain) for how this plays out across host types.
+Organizations that share an identity provider — typical for the canonical host and for custom subdomains that use the shared, central provider — sit within the *same* authentication boundary. An organization that brings its own identity provider (BYOC) is a *distinct* authentication boundary, regardless of how its host is named. The DNS shape of the host is not the boundary; the identity provider behind it is. See [Identity Services]({{< ref "cloud/guides/self-hosted/planning/identity-services/index.md" >}}) and [Social sign-in on a custom domain]({{< ref "cloud/guides/self-hosted/white-labeling/_index.md#social-sign-in-on-a-custom-domain" >}}) for how this plays out across host types.
## Key Management and Tokens
@@ -96,4 +96,4 @@ Tokens provide temporary, secure access to the platform.
### Need more detail?
-Check out the [Roles Reference](/cloud/concepts/identity-and-security/roles/) for a complete matrix of permissions for each role.
+Check out the [Roles Reference]({{< ref "cloud/concepts/identity-and-security/roles/_index.md" >}}) for a complete matrix of permissions for each role.
diff --git a/content/en/cloud/concepts/identity-and-security/keychains.md b/content/en/cloud/concepts/identity-and-security/keychains.md
index d5998790286..fbe71e8bdb0 100644
--- a/content/en/cloud/concepts/identity-and-security/keychains.md
+++ b/content/en/cloud/concepts/identity-and-security/keychains.md
@@ -9,7 +9,7 @@ aliases:
---
-In Layer5 Cloud, a collection of permissions is represented as a keychain. One or more keychains can are grouped together and assigned to a [role](/cloud/concepts/identity-and-security/roles). Later, a role can be assigned to a user. This is the general flow of how keychains are assigned to a user.
+In Layer5 Cloud, a collection of permissions is represented as a keychain. One or more keychains can are grouped together and assigned to a [role]({{< ref "cloud/concepts/identity-and-security/roles/_index.md" >}}). Later, a role can be assigned to a user. This is the general flow of how keychains are assigned to a user.
For instance, consider a system shipped default keychain `Team Management`, which is a collection of eight keys: `View All Teams`, `Add User to Team`, `Invite User to Team`, `Remove User from Team`, `Create Team`, `Delete Team`, `Remove User Role from Team`, and `Assign User Role in a Team`. This implies that you can perform all these operations only if your user account possesses a role to which `Team Management` keychain is assigned in a given organization.
@@ -67,9 +67,9 @@ If you don't have permission to view keychains for your selected organization, y
1. Select the organization for which you wish to assign keychains to users. You can do this by selecting the organization from the organization context switcher in the top navigation bar.
2. Navigate to the [Roles](https://cloud.layer5.io/security/roles) page.
-3. Choose from the existing set of roles or create a new role to which you want to assign the keychain. For more information, see [Roles](/cloud/concepts/identity-and-security/roles).
+3. Choose from the existing set of roles or create a new role to which you want to assign the keychain. For more information, see [Roles]({{< ref "cloud/concepts/identity-and-security/roles/_index.md" >}}).
4. Navigate to [Users](https://cloud.layer5.io/identity/users) page.
-5. Select the user to whom you want to assign the role with a new set of permissions. Alternatively, you can invite a new user and assign the role with the new set of permissions separately. For more information, see [Users](/cloud/concepts/identity-and-security/users).
+5. Select the user to whom you want to assign the role with a new set of permissions. Alternatively, you can invite a new user and assign the role with the new set of permissions separately. For more information, see [Users]({{< ref "cloud/concepts/identity-and-security/users/_index.md" >}}).
{{< alert title="Note" >}}
diff --git a/content/en/cloud/concepts/identity-and-security/keys.md b/content/en/cloud/concepts/identity-and-security/keys.md
index ea26d890a5d..e50aacf4537 100644
--- a/content/en/cloud/concepts/identity-and-security/keys.md
+++ b/content/en/cloud/concepts/identity-and-security/keys.md
@@ -9,7 +9,7 @@ aliases:
---
-In Layer5 Cloud, permissions are represented as keys, each serving as a unique identifier for a specific permission. One or more keys can be grouped together and assigned to a [keychain](/cloud/concepts/identity-and-security/keychains). Then this keychain can be assigned to a [role](/cloud/concepts/identity-and-security/roles) and that role can be assigned to a user. This is the general flow of how keys are assigned to a user.
+In Layer5 Cloud, permissions are represented as keys, each serving as a unique identifier for a specific permission. One or more keys can be grouped together and assigned to a [keychain]({{< ref "cloud/concepts/identity-and-security/keychains.md" >}}). Then this keychain can be assigned to a [role]({{< ref "cloud/concepts/identity-and-security/roles/_index.md" >}}) and that role can be assigned to a user. This is the general flow of how keys are assigned to a user.
For instance, consider a system shipped default key `Create Organization`, which corresponds to the permission to create an organization in the Cloud. This implies that to create an organization, you need to have `Create Organization` key assigned to a keychain, which, in turn, is assigned to a role that's associated with your user account for a given organization.
@@ -21,7 +21,7 @@ For instance, consider a system shipped default key `Create Organization`, which
{{< /alert >}}
-Because every key is evaluated in the context of an organization, a user's *effective* set of keys can — and will — differ from one organization to another. The same person holds whatever capabilities their role(s) grant them **within each specific organization**, so being able to perform an action in one organization implies nothing about the same action in another. This is why an organization context is itself an authorization boundary. For how this fits with authentication and cross-organization resource sharing, see [Identity and Security → Security Boundaries](/cloud/concepts/identity-and-security/#security-boundaries).
+Because every key is evaluated in the context of an organization, a user's *effective* set of keys can — and will — differ from one organization to another. The same person holds whatever capabilities their role(s) grant them **within each specific organization**, so being able to perform an action in one organization implies nothing about the same action in another. This is why an organization context is itself an authorization boundary. For how this fits with authentication and cross-organization resource sharing, see [Identity and Security → Security Boundaries]({{< ref "cloud/concepts/identity-and-security/_index.md#security-boundaries" >}}).
### Keys Types
@@ -32,13 +32,13 @@ Generally, there are four types of keys:
3. **Update** - Update keys permit you to update resources. For instance, `Update Organization` key allows you to update an organization details.
4. **Delete** - Delete keys permit you to delete resources. For instance, `Delete Organization` key allows you to delete an organization.
-There are also some special types of keys which don't fall into the standard CRUD (CREATE, READ, UPDATE, DELETE) category. For example, the `Approve Catalog Request` key allows you to approve a catalog request to publish a cloud native design to [Cloud Catalog](/cloud/concepts/catalog) or `Connect Github Account to Workspace` key enables you to connect your GitHub Account to your [workspace](/cloud/concepts/spaces/workspaces) in context of any organization.
+There are also some special types of keys which don't fall into the standard CRUD (CREATE, READ, UPDATE, DELETE) category. For example, the `Approve Catalog Request` key allows you to approve a catalog request to publish a cloud native design to [Cloud Catalog]({{< ref "cloud/concepts/catalog/_index.md" >}}) or `Connect Github Account to Workspace` key enables you to connect your GitHub Account to your [workspace]({{< ref "cloud/concepts/spaces/workspaces.md" >}}) in context of any organization.
### Keys Enforcement
The primary purpose of key enforcement is to ensure that you can only perform actions for which you have the necessary permissions within the context of your selected/available organization. This is achieved by disabling or hiding the UI elements associated with actions for which you lack the required permissions. This approach not only provides clarity regarding what actions you are authorized to perform but also prevents you from attempting actions that you do not have authorization to execute.
-For more information on managing permissions within an organization and use of organization context switcher, see [Organizations](/cloud/concepts/identity-and-security/organizations).
+For more information on managing permissions within an organization and use of organization context switcher, see [Organizations]({{< ref "cloud/concepts/identity-and-security/organizations/_index.md" >}}).
Each key is enforced at specific UI elements. For instance, the `Create Organization` key is enforced at the **Create Organization** button in the **Organizations** page. This implies that the button is disabled if you don't have the `Create Organization` assigned to a keychain, which, in turn, is assigned to a role that's associated with your user account for a given organization.
@@ -59,12 +59,12 @@ If you don't have permission to view keys for your selected organization, you wi
1. Select the organization for which you wish to assign keys to users. You can do this by selecting the organization from the organization context switcher in the top navigation bar.
2. Navigate to [Keychains](https://cloud.layer5.io/security/keychains) page.
-3. Choose from the existing set of keychains or create a new keychain to which you want to assign keys. For more information, see [Keychains](/cloud/concepts/identity-and-security/keychains).
+3. Choose from the existing set of keychains or create a new keychain to which you want to assign keys. For more information, see [Keychains]({{< ref "cloud/concepts/identity-and-security/keychains.md" >}}).
4. Choose one more of your desired keys from the list of available keys.
5. Navigate to the [Roles](https://cloud.layer5.io/security/roles) page.
-6. Choose from the existing set of roles or create a new role to which you want to assign the keychain. For more information, see [Roles](/cloud/concepts/identity-and-security/roles).
+6. Choose from the existing set of roles or create a new role to which you want to assign the keychain. For more information, see [Roles]({{< ref "cloud/concepts/identity-and-security/roles/_index.md" >}}).
7. Navigate to [Users](https://cloud.layer5.io/identity/users) page.
-8. Select the user to whom you want to assign the role with a new set of permissions. Alternatively, you can invite a new user and assign the role with the new set of permissions separately. For more information, see [Users](/cloud/concepts/identity-and-security/users).
+8. Select the user to whom you want to assign the role with a new set of permissions. Alternatively, you can invite a new user and assign the role with the new set of permissions separately. For more information, see [Users]({{< ref "cloud/concepts/identity-and-security/users/_index.md" >}}).
{{< alert title="Note" >}}
diff --git a/content/en/cloud/concepts/identity-and-security/organizations/_index.md b/content/en/cloud/concepts/identity-and-security/organizations/_index.md
index 8c5b2f28dfa..116757c2273 100755
--- a/content/en/cloud/concepts/identity-and-security/organizations/_index.md
+++ b/content/en/cloud/concepts/identity-and-security/organizations/_index.md
@@ -14,11 +14,11 @@ Organizations are the basic unit of multi-tenancy — and the core security boun
Outside of grouping users together, teams offer control access to workspaces and to workspace resources such as environments and managed and unmanaged connections
-
+
## Example: The Orbital Labs Ecosystem
-The following organizations illustrate how multi-tenancy works across provider, startup, and enterprise tiers. Follow along in the rest of the docs using [Five and the cast at Orbital Labs](/cloud/getting-started/meet-five).
+The following organizations illustrate how multi-tenancy works across provider, startup, and enterprise tiers. Follow along in the rest of the docs using [Five and the cast at Orbital Labs]({{< ref "cloud/getting-started/meet-five/_index.md" >}}).
{{< cardpane >}}
{{% card header="**Constellation Cloud** — Provider" %}}
@@ -57,9 +57,9 @@ Users of one organization may be granted access to resources (workspaces, design
Cross-organization access works through **resource-access mappings** — a grant attached to an individual resource (such as a single design) that names the user it is shared with. These mappings **deliberately cross the organization boundary**: a user does *not* need to be a member of an organization to open a resource that has been shared with them there. For example, when Maya at Orbital Labs shares the `stellar-saas-platform` design with Marcus at Stellar Dynamics, Marcus can open that one design even though he is not a member of Orbital Labs. This is intentional — it is the mechanism that makes cross-org collaboration possible — and it is distinct from organization membership and from the org-scoped roles described below. Sharing a single resource grants access to *that resource only*; it does not make the recipient a member of the organization or grant them any of its other resources.
{{< alert type="info" >}}
-Identity and authorization are decided by a combination of mechanisms, not by organization membership alone. For how the connected identity provider, org-scoped roles, and resource-access mappings fit together — and what counts as a security boundary — see [Identity and Security → Security Boundaries](/cloud/concepts/identity-and-security/#security-boundaries).
+Identity and authorization are decided by a combination of mechanisms, not by organization membership alone. For how the connected identity provider, org-scoped roles, and resource-access mappings fit together — and what counts as a security boundary — see [Identity and Security → Security Boundaries]({{< ref "cloud/concepts/identity-and-security/_index.md#security-boundaries" >}}).
{{< /alert >}}
{{< alert type="info" >}}
-See [Meet Five and the Cast](/cloud/getting-started/meet-five) for the full narrative reference, including team structure and workspace inventory.
+See [Meet Five and the Cast]({{< ref "cloud/getting-started/meet-five/_index.md" >}}) for the full narrative reference, including team structure and workspace inventory.
{{< /alert >}}
diff --git a/content/en/cloud/concepts/identity-and-security/images/organization_units.svg b/content/en/cloud/concepts/identity-and-security/organizations/images/organization_units.svg
similarity index 100%
rename from content/en/cloud/concepts/identity-and-security/images/organization_units.svg
rename to content/en/cloud/concepts/identity-and-security/organizations/images/organization_units.svg
diff --git a/content/en/cloud/concepts/identity-and-security/roles/_index.md b/content/en/cloud/concepts/identity-and-security/roles/_index.md
index 0a2ccdee45b..e225cfe5be2 100644
--- a/content/en/cloud/concepts/identity-and-security/roles/_index.md
+++ b/content/en/cloud/concepts/identity-and-security/roles/_index.md
@@ -12,13 +12,13 @@ aliases:
Roles map permissions to users. Roles contain any number of keychains, which contain any number of keys (permissions). Assign roles to users to grant permissions.
-
+
## Provider Admin Role
{{< cardpane >}}
{{% card header="
+
{{< cardpane >}}
{{% card header="**Dr. Aiko Sato** — Provider Admin" %}}
diff --git a/content/en/cloud/concepts/identity-and-security/images/academy-admin.svg b/content/en/cloud/concepts/identity-and-security/roles/academy-roles/images/academy-admin.svg
similarity index 100%
rename from content/en/cloud/concepts/identity-and-security/images/academy-admin.svg
rename to content/en/cloud/concepts/identity-and-security/roles/academy-roles/images/academy-admin.svg
diff --git a/content/en/cloud/concepts/identity-and-security/images/learner.svg b/content/en/cloud/concepts/identity-and-security/roles/academy-roles/images/learner.svg
similarity index 100%
rename from content/en/cloud/concepts/identity-and-security/images/learner.svg
rename to content/en/cloud/concepts/identity-and-security/roles/academy-roles/images/learner.svg
diff --git a/content/en/cloud/concepts/identity-and-security/roles/academy-roles.md b/content/en/cloud/concepts/identity-and-security/roles/academy-roles/index.md
similarity index 81%
rename from content/en/cloud/concepts/identity-and-security/roles/academy-roles.md
rename to content/en/cloud/concepts/identity-and-security/roles/academy-roles/index.md
index af1ed9e3ea4..51917879d7f 100644
--- a/content/en/cloud/concepts/identity-and-security/roles/academy-roles.md
+++ b/content/en/cloud/concepts/identity-and-security/roles/academy-roles/index.md
@@ -12,7 +12,7 @@ aliases:
{{< cardpane >}}
{{% card header="Academy Administrator" %}}
-
+
{{% /card %}}
{{< /cardpane >}}
@@ -42,15 +42,15 @@ aliases:
**What permissions does this role have?**
-- Check [Permissions Reference](/cloud/reference/default-permissions/)
+- Check [Permissions Reference]({{< ref "cloud/reference/default-permissions.md" >}})
{{% /card %}}
{{< /cardpane >}}
{{< cardpane >}}
{{% card header="Learner" %}}
-Learner = A [User](../roles/user-role.md) who has registered for academy content.
-
+Learner = A [User]({{< ref "cloud/concepts/identity-and-security/roles/user-role/index.md" >}}) who has registered for academy content.
+
{{% /card %}}
{{< /cardpane >}}
@@ -86,7 +86,7 @@ While the maximum number of instances is unlimited, the available seats for Lear
**What permissions does this role have?**
-- Check [Permissions Reference](/cloud/reference/default-permissions/)
+- Check [Permissions Reference]({{< ref "cloud/reference/default-permissions.md" >}})
**Status as a Learner**
diff --git a/content/en/cloud/concepts/identity-and-security/images/organization-roles.svg b/content/en/cloud/concepts/identity-and-security/roles/images/organization-roles.svg
similarity index 100%
rename from content/en/cloud/concepts/identity-and-security/images/organization-roles.svg
rename to content/en/cloud/concepts/identity-and-security/roles/images/organization-roles.svg
diff --git a/content/en/cloud/concepts/identity-and-security/images/role-provider-admin.svg b/content/en/cloud/concepts/identity-and-security/roles/images/role-provider-admin.svg
similarity index 100%
rename from content/en/cloud/concepts/identity-and-security/images/role-provider-admin.svg
rename to content/en/cloud/concepts/identity-and-security/roles/images/role-provider-admin.svg
diff --git a/content/en/cloud/concepts/identity-and-security/images/roles-overview.svg b/content/en/cloud/concepts/identity-and-security/roles/images/roles-overview.svg
similarity index 100%
rename from content/en/cloud/concepts/identity-and-security/images/roles-overview.svg
rename to content/en/cloud/concepts/identity-and-security/roles/images/roles-overview.svg
diff --git a/content/en/cloud/concepts/identity-and-security/images/team-roles.svg b/content/en/cloud/concepts/identity-and-security/roles/images/team-roles.svg
similarity index 100%
rename from content/en/cloud/concepts/identity-and-security/images/team-roles.svg
rename to content/en/cloud/concepts/identity-and-security/roles/images/team-roles.svg
diff --git a/content/en/cloud/concepts/identity-and-security/images/workspace-roles.svg b/content/en/cloud/concepts/identity-and-security/roles/images/workspace-roles.svg
similarity index 100%
rename from content/en/cloud/concepts/identity-and-security/images/workspace-roles.svg
rename to content/en/cloud/concepts/identity-and-security/roles/images/workspace-roles.svg
diff --git a/content/en/cloud/concepts/identity-and-security/roles/organization-roles.md b/content/en/cloud/concepts/identity-and-security/roles/organization-roles.md
index 13f9a2d028a..94e4ff4f2e7 100644
--- a/content/en/cloud/concepts/identity-and-security/roles/organization-roles.md
+++ b/content/en/cloud/concepts/identity-and-security/roles/organization-roles.md
@@ -12,7 +12,7 @@ aliases:
{{< cardpane >}}
{{% card header="Default Organization Roles" %}}
-
+
{{% /card %}}
{{< /cardpane >}}
@@ -43,7 +43,7 @@ aliases:
**What permissions does this role have?**
-- Check [Permissions Reference](/cloud/reference/default-permissions/)
+- Check [Permissions Reference]({{< ref "cloud/reference/default-permissions.md" >}})
{{% /card %}}
{{< /cardpane >}}
@@ -73,7 +73,7 @@ aliases:
**What permissions does this role have?**
-- Check [Permissions Reference](/cloud/reference/default-permissions/)
+- Check [Permissions Reference]({{< ref "cloud/reference/default-permissions.md" >}})
{{% /card %}}
{{< /cardpane >}}
diff --git a/content/en/cloud/concepts/identity-and-security/roles/provider-admin-roles.md b/content/en/cloud/concepts/identity-and-security/roles/provider-admin-roles.md
index 3fa0126d02e..56ad2de2407 100644
--- a/content/en/cloud/concepts/identity-and-security/roles/provider-admin-roles.md
+++ b/content/en/cloud/concepts/identity-and-security/roles/provider-admin-roles.md
@@ -13,7 +13,7 @@ aliases:
{{< cardpane >}}
{{% card %}}
-
+
{{% /card %}}
{{% card header="## Provider Administrator" %}}
diff --git a/content/en/cloud/concepts/identity-and-security/roles/team-roles.md b/content/en/cloud/concepts/identity-and-security/roles/team-roles.md
index 51ded8f84dc..30312f6b9d6 100644
--- a/content/en/cloud/concepts/identity-and-security/roles/team-roles.md
+++ b/content/en/cloud/concepts/identity-and-security/roles/team-roles.md
@@ -12,7 +12,7 @@ aliases:
{{< cardpane >}}
{{% card header="Default Team Roles" %}}
-
+
{{% /card %}}
{{< /cardpane >}}
@@ -42,7 +42,7 @@ aliases:
**What permissions does this role have?**
-- Check [Permissions Reference](/cloud/reference/default-permissions/)
+- Check [Permissions Reference]({{< ref "cloud/reference/default-permissions.md" >}})
{{% /card %}}
{{< /cardpane >}}
diff --git a/content/en/cloud/concepts/identity-and-security/images/user-role.svg b/content/en/cloud/concepts/identity-and-security/roles/user-role/images/user-role.svg
similarity index 100%
rename from content/en/cloud/concepts/identity-and-security/images/user-role.svg
rename to content/en/cloud/concepts/identity-and-security/roles/user-role/images/user-role.svg
diff --git a/content/en/cloud/concepts/identity-and-security/roles/user-role.md b/content/en/cloud/concepts/identity-and-security/roles/user-role/index.md
similarity index 82%
rename from content/en/cloud/concepts/identity-and-security/roles/user-role.md
rename to content/en/cloud/concepts/identity-and-security/roles/user-role/index.md
index b13c9fe4897..f81d362605d 100644
--- a/content/en/cloud/concepts/identity-and-security/roles/user-role.md
+++ b/content/en/cloud/concepts/identity-and-security/roles/user-role/index.md
@@ -12,7 +12,7 @@ aliases:
{{< cardpane >}}
{{% card header="Default User Role" %}}
-
+
{{% /card %}}
{{< /cardpane >}}
@@ -41,7 +41,7 @@ aliases:
**What permissions does this role have?**
-- Check [Permissions Reference](/cloud/reference/default-permissions/)
+- Check [Permissions Reference]({{< ref "cloud/reference/default-permissions.md" >}})
{{% /card %}}
{{< /cardpane >}}
diff --git a/content/en/cloud/concepts/identity-and-security/roles/workspace-roles.md b/content/en/cloud/concepts/identity-and-security/roles/workspace-roles.md
index b3cf3b64381..78feac53851 100644
--- a/content/en/cloud/concepts/identity-and-security/roles/workspace-roles.md
+++ b/content/en/cloud/concepts/identity-and-security/roles/workspace-roles.md
@@ -12,7 +12,7 @@ aliases:
{{< cardpane >}}
{{% card %}}
-
+
{{% /card %}}
{{< /cardpane >}}
@@ -43,7 +43,7 @@ aliases:
**What permissions does this role have?**
-- Check [Permissions Reference](/cloud/reference/default-permissions/)
+- Check [Permissions Reference]({{< ref "cloud/reference/default-permissions.md" >}})
{{% /card %}}
{{< /cardpane >}}
diff --git a/content/en/cloud/concepts/identity-and-security/teams/_index.md b/content/en/cloud/concepts/identity-and-security/teams/_index.md
index 3b63e77a2ea..852672e88c7 100755
--- a/content/en/cloud/concepts/identity-and-security/teams/_index.md
+++ b/content/en/cloud/concepts/identity-and-security/teams/_index.md
@@ -16,9 +16,9 @@ Outside of grouping users together, teams offer control access to workspaces and
## Example: Orbital Labs Teams
-The following teams illustrate how organizations use teams to segment access and responsibilities. Follow the full story at [Meet Five and the Cast](/cloud/getting-started/meet-five).
+The following teams illustrate how organizations use teams to segment access and responsibilities. Follow the full story at [Meet Five and the Cast]({{< ref "cloud/getting-started/meet-five/_index.md" >}}).
-
+
{{< cardpane >}}
{{% card header="**Infrastructure Team**" %}}
@@ -38,7 +38,7 @@ Controls access to the development workspace (`orbital-dev`). Rex deploys often;
{{< /cardpane >}}
{{< alert type="info" >}}
-An Org Admin may also serve as a Team Admin — Maya Chen holds both roles at Orbital Labs. See [Roles](/cloud/concepts/identity-and-security/roles/) for more on how role assignments stack.
+An Org Admin may also serve as a Team Admin — Maya Chen holds both roles at Orbital Labs. See [Roles]({{< ref "cloud/concepts/identity-and-security/roles/_index.md" >}}) for more on how role assignments stack.
{{< /alert >}}
## Add a Team
@@ -49,7 +49,7 @@ A team is simply a group that an administrator can create in the Google Admin co
Below the top-level organization, you can add as many teams as you want - at the same level. Hierarchal teams are not currently supported. When you change a setting at the higher level organization, the settings for all child teams that inherit that setting also change. Custom settings at the team level, however, remain unchanged.
->Learn more about the [organizational structure](/cloud/concepts/identity-and-security).
+>Learn more about the [organizational structure]({{< ref "cloud/concepts/identity-and-security/_index.md" >}}).
{{< alert type="info" title="Team Ownership">}}
If you are the current team owner, you can’t remove yourself from the team until you transfer ownership to another team administrator.
@@ -59,7 +59,7 @@ If you are the current team owner, you can’t remove yourself from the team unt
The "Open Team Invite" feature allows administrators to use shareable "Team Invite Links" for users to join a particular team. This link-based invitation method functions much like an [Open Org Invite Link](https://docs.layer5.io/cloud/guides/organizations/org-management/), but is tailored for team-specific invitations and provides a direct alternative to adding members manually.
-
+
### When to Use
diff --git a/content/en/cloud/concepts/identity-and-security/teams/open_team_invite.gif b/content/en/cloud/concepts/identity-and-security/teams/images/open_team_invite.gif
similarity index 100%
rename from content/en/cloud/concepts/identity-and-security/teams/open_team_invite.gif
rename to content/en/cloud/concepts/identity-and-security/teams/images/open_team_invite.gif
diff --git a/static/images/five/team-of-fives.svg b/content/en/cloud/concepts/identity-and-security/teams/images/team-of-fives.svg
similarity index 100%
rename from static/images/five/team-of-fives.svg
rename to content/en/cloud/concepts/identity-and-security/teams/images/team-of-fives.svg
diff --git a/content/en/cloud/concepts/identity-and-security/tokens.md b/content/en/cloud/concepts/identity-and-security/tokens.md
index 12df225221f..4e39d0c946f 100644
--- a/content/en/cloud/concepts/identity-and-security/tokens.md
+++ b/content/en/cloud/concepts/identity-and-security/tokens.md
@@ -19,7 +19,7 @@ Layer5 Cloud REST API uses [OAuth 2.0](https://oauth.net/2/) for authentication
Access tokens are opaque tokens that conform to the OAuth 2.0 framework. They contain authorization information, but not identity information. They are used to authenticate and provide authorization information to Layer5 APIs. Access tokens are associated with a user account. They have an unlimited lifetime and can be revoked at any time.
{{< alert type="info" title="API Tokens are User-Scoped, Not Organization-Scoped" >}}
-Layer5 Cloud API tokens are scoped to your user account, not to a specific organization. This means a single API token provides access to all organizations you are a member of, similar to how [GitHub Personal Access Tokens](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens) work. For users who belong to multiple organizations, see [Specifying Organization Context](/cloud/reference/api-reference/#specifying-organization-context) in the REST API documentation to learn how to control which organization your API requests operate on.
+Layer5 Cloud API tokens are scoped to your user account, not to a specific organization. This means a single API token provides access to all organizations you are a member of, similar to how [GitHub Personal Access Tokens](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens) work. For users who belong to multiple organizations, see [Specifying Organization Context]({{< ref "cloud/reference/api-reference/_index.md#specifying-organization-context" >}}) in the REST API documentation to learn how to control which organization your API requests operate on.
{{< /alert >}}
## Creating tokens
diff --git a/content/en/cloud/concepts/identity-and-security/users/_index.md b/content/en/cloud/concepts/identity-and-security/users/_index.md
index 32fcde02625..1fed3950147 100755
--- a/content/en/cloud/concepts/identity-and-security/users/_index.md
+++ b/content/en/cloud/concepts/identity-and-security/users/_index.md
@@ -16,7 +16,7 @@ Anyone who uses Layer5 Cloud signs into a user account. Your user account is you
{{< cardpane >}}
{{% card header="**Five** — Platform Engineer" %}}
-
+
**Organization:** Orbital Labs
**Role:** User (Platform Engineer)
@@ -24,10 +24,10 @@ Anyone who uses Layer5 Cloud signs into a user account. Your user account is you
Curious, enthusiastic, and reliably the first to discover that a feature works differently than the docs say it does.
-[See full cast →](/cloud/getting-started/meet-five)
+[See full cast →]({{< ref "cloud/getting-started/meet-five/_index.md" >}})
{{% /card %}}
{{% card header="**Maya Chen** — Org Admin" %}}
-
+
**Organization:** Orbital Labs
**Role:** Org Admin + Development Team Admin
@@ -35,7 +35,7 @@ Curious, enthusiastic, and reliably the first to discover that a feature works d
Voice of reason. Has a calendar block called "Preventing Five from touching prod" that recurs every Friday at 4:45 PM.
-[See full cast →](/cloud/getting-started/meet-five)
+[See full cast →]({{< ref "cloud/getting-started/meet-five/_index.md" >}})
{{% /card %}}
{{< /cardpane >}}
@@ -52,7 +52,7 @@ For more information, see [Layer5 subscription plans](https://layer5.io/pricing)
Teams allow you to organize users into groups and conveniently assign access to workspaces or to assign roles with associated keychains and keys to control permissions.
{{< alert type="info" >}}
-You need to have the default `Team Admin` role to assign permissions to users in your team. For more information, see [Teams](/cloud/concepts/identity-and-security/teams).
+You need to have the default `Team Admin` role to assign permissions to users in your team. For more information, see [Teams]({{< ref "cloud/concepts/identity-and-security/teams/_index.md" >}}).
{{< /alert >}}
Organizations may have any number of teams and teams may have any number of users. User accounts are treated as sovereign entities that are owned by individual individuals, not by corporations.
@@ -62,7 +62,7 @@ Organization and teams may have any number of users accounts. User accounts are
Users and their tokens may be authorized to access resources. Users can be created and managed by the Provider Admins, Organization Admins, or Team Admins. Users of one organization may be granted access to resources (e.g. Workspaces and Designs) of another organization. User entitlement, roles and permissions are org-scoped, meaning that the entitlements and permissions that a given user has in one organization does not necessarily reflect the same level of access that their membership in another oganziation does.
{{< alert type="info" >}}
-Only Provider Admins and Organization Admin can create users. For more information, see [Roles](/cloud/concepts/identity-and-security/roles/).
+Only Provider Admins and Organization Admin can create users. For more information, see [Roles]({{< ref "cloud/concepts/identity-and-security/roles/_index.md" >}}).
{{< /alert >}}
## Account Linking
diff --git a/content/en/cloud/concepts/identity-and-security/users/default-permissions.md b/content/en/cloud/concepts/identity-and-security/users/default-permissions.md
index 67b69955110..1c7651f9e9e 100644
--- a/content/en/cloud/concepts/identity-and-security/users/default-permissions.md
+++ b/content/en/cloud/concepts/identity-and-security/users/default-permissions.md
@@ -32,4 +32,4 @@ aliases:
{{< alert title="*Organization Owner" type="warning" >}}
_Permissions marked with * apply only if you are the owner of the organization._{{< /alert >}}
-{{< alert title="Customizable Permissions" type="info" >}}Default permissions can be easily customized by simply creating your own [keychains](/cloud/concepts/identity-and-security/keychains/) and [roles](/cloud/concepts/identity-and-security/roles).{{< /alert >}}
+{{< alert title="Customizable Permissions" type="info" >}}Default permissions can be easily customized by simply creating your own [keychains]({{< ref "cloud/concepts/identity-and-security/keychains.md" >}}) and [roles]({{< ref "cloud/concepts/identity-and-security/roles/_index.md" >}}).{{< /alert >}}
diff --git a/content/en/cloud/concepts/identity-and-security/users/Slide41.svg b/content/en/cloud/concepts/identity-and-security/users/images/Slide41.svg
similarity index 100%
rename from content/en/cloud/concepts/identity-and-security/users/Slide41.svg
rename to content/en/cloud/concepts/identity-and-security/users/images/Slide41.svg
diff --git a/content/en/cloud/concepts/identity-and-security/users/notification-preferences.gif b/content/en/cloud/concepts/identity-and-security/users/notification-preferences/images/notification-preferences.gif
similarity index 100%
rename from content/en/cloud/concepts/identity-and-security/users/notification-preferences.gif
rename to content/en/cloud/concepts/identity-and-security/users/notification-preferences/images/notification-preferences.gif
diff --git a/content/en/cloud/concepts/identity-and-security/users/notification-preferences.md b/content/en/cloud/concepts/identity-and-security/users/notification-preferences/index.md
similarity index 94%
rename from content/en/cloud/concepts/identity-and-security/users/notification-preferences.md
rename to content/en/cloud/concepts/identity-and-security/users/notification-preferences/index.md
index 8e1d45a53be..929d8ab2565 100644
--- a/content/en/cloud/concepts/identity-and-security/users/notification-preferences.md
+++ b/content/en/cloud/concepts/identity-and-security/users/notification-preferences/index.md
@@ -11,7 +11,7 @@ aliases:
Layer5 Cloud offers a range of user-configurable preferences that allows you to control the types of email notifications you receive.
-
+
## To change the notification preferences
diff --git a/content/en/cloud/concepts/identity-and-security/users/user-invitations/index.md b/content/en/cloud/concepts/identity-and-security/users/user-invitations/index.md
index eb35d9c2eb2..d78594a0103 100644
--- a/content/en/cloud/concepts/identity-and-security/users/user-invitations/index.md
+++ b/content/en/cloud/concepts/identity-and-security/users/user-invitations/index.md
@@ -102,7 +102,7 @@ From the table you can perform the following management actions on each invitati
The **Quota** column in the invitations table always shows the number of users who have accepted an invitation alongside the configured limit — for example, `2 / 5` if a quota is set, or `2 / Unlimited` if no quota is configured. This lets you monitor uptake at a glance.
-To see the individual users who are now members of the organization, navigate to the [User Management](/cloud/concepts/identity-and-security/users/user-management/) page. Members who joined via invitation appear there alongside their assigned roles.
+To see the individual users who are now members of the organization, navigate to the [User Management]({{< ref "cloud/concepts/identity-and-security/users/user-management/index.md" >}}) page. Members who joined via invitation appear there alongside their assigned roles.
### What happens when a user accepts an invitation
diff --git a/content/en/cloud/concepts/identity-and-security/users/add-user.gif b/content/en/cloud/concepts/identity-and-security/users/user-management/images/add-user.gif
similarity index 100%
rename from content/en/cloud/concepts/identity-and-security/users/add-user.gif
rename to content/en/cloud/concepts/identity-and-security/users/user-management/images/add-user.gif
diff --git a/content/en/cloud/concepts/identity-and-security/users/create-user.gif b/content/en/cloud/concepts/identity-and-security/users/user-management/images/create-user.gif
similarity index 100%
rename from content/en/cloud/concepts/identity-and-security/users/create-user.gif
rename to content/en/cloud/concepts/identity-and-security/users/user-management/images/create-user.gif
diff --git a/content/en/cloud/concepts/identity-and-security/users/org_invite.png b/content/en/cloud/concepts/identity-and-security/users/user-management/images/org_invite.png
similarity index 100%
rename from content/en/cloud/concepts/identity-and-security/users/org_invite.png
rename to content/en/cloud/concepts/identity-and-security/users/user-management/images/org_invite.png
diff --git a/content/en/cloud/concepts/identity-and-security/users/remove_user.png b/content/en/cloud/concepts/identity-and-security/users/user-management/images/remove_user.png
similarity index 100%
rename from content/en/cloud/concepts/identity-and-security/users/remove_user.png
rename to content/en/cloud/concepts/identity-and-security/users/user-management/images/remove_user.png
diff --git a/content/en/cloud/concepts/identity-and-security/users/user-management.md b/content/en/cloud/concepts/identity-and-security/users/user-management/index.md
similarity index 83%
rename from content/en/cloud/concepts/identity-and-security/users/user-management.md
rename to content/en/cloud/concepts/identity-and-security/users/user-management/index.md
index 18ec8c03169..662742525c3 100644
--- a/content/en/cloud/concepts/identity-and-security/users/user-management.md
+++ b/content/en/cloud/concepts/identity-and-security/users/user-management/index.md
@@ -12,23 +12,23 @@ aliases:
This guide outlines methods for creating user accounts, adding users to organizations, inviting new members, and managing user access within Layer5 Cloud to maintain a secure and organized environment.
-
+
## Create User Account
Seamlessly initiate new user accounts, ensuring a smooth onboarding process. Specify user details, such as email, and tailor their access by adding them to one or more organizations. Optionally assign roles, defining their scope within the platform. Complete the process by sending a personalized account setup email, streamlining the user's introduction to Layer5 Cloud.
-
+
{{< alert type="info" title="Permission Required for User Creation" >}}
-Only Provider Admins and Organization Admins can create users. For more information, see [Roles](/cloud/concepts/identity-and-security/roles).
+Only Provider Admins and Organization Admins can create users. For more information, see [Roles]({{< ref "cloud/concepts/identity-and-security/roles/_index.md" >}}).
{{< /alert >}}
## Add / Remove Existing User
This section explains how to add existing Layer5 Cloud users to one of your organizations or remove them.
-{{< meshery-design-embed src="/export-designs/embedded-design-page-open-source.js" id="embedded-design-066b0ef3-7956-4c3b-a5cc-1d276ac13ec6" >}}
+{{< meshery-design-embed src="export-designs/embedded-design-page-open-source.js" id="embedded-design-066b0ef3-7956-4c3b-a5cc-1d276ac13ec6" >}}
### Adding a User to an Organization
@@ -40,7 +40,7 @@ If someone already has a Layer5 Cloud account but isn't part of your organizatio
4. Select the user from the list of available users.
5. Assign appropriate roles within the organization.
-
+
### Removing Users from an Organization
@@ -56,7 +56,7 @@ You can remove users from an organization one by one or several at once. This ac
* **Use Bulk Action:** Click the "Delete" button.
* **Confirm:** When prompted, confirm that you want to remove all the selected users from the organization.
-
+
## Invite User via Email
@@ -70,5 +70,5 @@ You can invite new or existing users to join one of your organizations by sendin
* **What the User Does:** The person you invited will click a link in the email to accept. If they're new to Layer5 Cloud, they'll need to create an account first before they can join your organization.
{{< alert type="info" title="Permissions for Role Assignment" >}}
-An Organization Admin can assign organization roles to users, but provider roles can only be assigned by Provider Admins. For more information, see [Roles](/cloud/concepts/identity-and-security/roles).
+An Organization Admin can assign organization roles to users, but provider roles can only be assigned by Provider Admins. For more information, see [Roles]({{< ref "cloud/concepts/identity-and-security/roles/_index.md" >}}).
{{< /alert >}}
diff --git a/content/en/cloud/concepts/spaces/environments.md b/content/en/cloud/concepts/spaces/environments.md
index d6480565c48..255d71f2659 100644
--- a/content/en/cloud/concepts/spaces/environments.md
+++ b/content/en/cloud/concepts/spaces/environments.md
@@ -12,7 +12,7 @@ Environments allow you to logically group related [Connections](#connections) an
### Assigning Resources to Environments
-Assign any number of Connections to an environment whether that Connection is managed or unmanaged (see [MeshSync](https://docs.meshery.io/concepts/architecture/meshsync) to learn more about managed and unmanaged Connections). In-turn, assign any number of Environments to one or more [Workspaces](../workspaces). Connections (and any associated Credentials) that are assigned to an Environment become immediately available for use in any associated Workspace.
+Assign any number of Connections to an environment whether that Connection is managed or unmanaged (see [MeshSync](https://docs.meshery.io/concepts/architecture/meshsync) to learn more about managed and unmanaged Connections). In-turn, assign any number of Environments to one or more [Workspaces]({{< ref "cloud/concepts/spaces/workspaces.md" >}}). Connections (and any associated Credentials) that are assigned to an Environment become immediately available for use in any associated Workspace.
### Sharing Resources between Environments
@@ -30,7 +30,7 @@ Environments represent a collection of resources in the form of Connections - bo
- **Logical Grouping** Environments allow you to logically group related connections and their associated credentials. This makes it easier to manage, share, and work with a subset of resources instead of dealing with all your connections individually.
-- **Resource Sharing** Environments can be seamlessly assigned to [Workspaces](../workspaces), another essential concept in Meshery. When you assign an Environment to a Workspace, you enable resource sharing among team members. This collaborative approach simplifies the sharing of connections and resources, making it easier to work together in cloud native environments.
+- **Resource Sharing** Environments can be seamlessly assigned to [Workspaces]({{< ref "cloud/concepts/spaces/workspaces.md" >}}), another essential concept in Meshery. When you assign an Environment to a Workspace, you enable resource sharing among team members. This collaborative approach simplifies the sharing of connections and resources, making it easier to work together in cloud native environments.
## Key Components
@@ -48,7 +48,7 @@ Credentials in an Environment are the keys to securely authenticate and access m
## Example: Orbital Labs Environment Setup
-The following illustrates how Five and Zara set up multi-cloud environments at Orbital Labs, spanning AWS, GCP, and Azure. See [Meet Five and the Cast](/cloud/getting-started/meet-five) for the full seed inventory.
+The following illustrates how Five and Zara set up multi-cloud environments at Orbital Labs, spanning AWS, GCP, and Azure. See [Meet Five and the Cast]({{< ref "cloud/getting-started/meet-five/_index.md" >}}) for the full seed inventory.
### Environment Inventory
diff --git a/content/en/cloud/concepts/spaces/workspaces.md b/content/en/cloud/concepts/spaces/workspaces.md
index 4fd62210d3b..6c6c63de292 100644
--- a/content/en/cloud/concepts/spaces/workspaces.md
+++ b/content/en/cloud/concepts/spaces/workspaces.md
@@ -41,7 +41,7 @@ Like a shared drive (or shared collection of files), Workspaces are your Google
- Same environment can be assigned to multiple workspaces.
{{< alert type="info" title="Assigning Environments to Workspaces" >}}
-Assign any number of Environments to one or more Workspaces. See [Environments](/cloud/concepts/spaces/environments) section for more information.
+Assign any number of Environments to one or more Workspaces. See [Environments]({{< ref "cloud/concepts/spaces/environments.md" >}}) section for more information.
{{< /alert >}}
### Designs
@@ -61,7 +61,7 @@ Designs belong to only one Workspace at any given time. See [Designs](https://do
- Same team can be assigned to multiple workspaces.
{{< alert type="info" title="Team Access Control in Workspaces" >}}
-Teams offer control access to workspaces and to workspace resources such as environments and managed and unmanaged connections. See [Teams](/cloud/concepts/identity-and-security/teams).
+Teams offer control access to workspaces and to workspace resources such as environments and managed and unmanaged connections. See [Teams]({{< ref "cloud/concepts/identity-and-security/teams/_index.md" >}}).
{{< /alert >}}
### Connections
@@ -85,12 +85,12 @@ To make the most of Workspaces, here are some best practices:
Workspaces enhance collaboration within your teams, providing a structured environment for sharing and managing resources. By following best practices and understanding the core components of Workspaces, you can maximize the benefits of this feature.
{{< alert type="info" title="Looking for Practical Workspace Management?" >}}
-For a step-by-step guide on how to create, edit, and manage your workspaces, see the [Managing Workspaces](/cloud/guides/workspaces/managing-workspaces/) documentation.
+For a step-by-step guide on how to create, edit, and manage your workspaces, see the [Managing Workspaces]({{< ref "cloud/guides/workspaces/managing-workspaces/index.md" >}}) documentation.
{{< /alert >}}
## Example: Orbital Labs Workspace Setup
-The following illustrates how Five and Maya set up workspaces at Orbital Labs to segment access across infrastructure and development workflows. See [Meet Five and the Cast](/cloud/getting-started/meet-five) for the full seed inventory.
+The following illustrates how Five and Maya set up workspaces at Orbital Labs to segment access across infrastructure and development workflows. See [Meet Five and the Cast]({{< ref "cloud/getting-started/meet-five/_index.md" >}}) for the full seed inventory.
### Workspace Inventory
diff --git a/content/en/cloud/getting-started/_index.md b/content/en/cloud/getting-started/_index.md
index 6e06c229c69..cec3e131bb7 100644
--- a/content/en/cloud/getting-started/_index.md
+++ b/content/en/cloud/getting-started/_index.md
@@ -41,8 +41,8 @@ To verify your setup, try deploying a sample design:
---
### Need Help?
-If you run into issues during setup, join our [Slack Community](http://slack.layer5.io) or check the [Troubleshooting Guide](/docs/troubleshooting).
+If you run into issues during setup, join our [Slack Community](http://slack.layer5.io)
{{< alert type="info" title="Follow Along with Five" >}}
-Throughout these docs you'll follow Five — a Platform Engineer at Orbital Labs — and his colleagues as they set up organizations, configure workspaces, deploy designs, and navigate the occasional Friday-afternoon incident. [Meet Five and the full cast →]({{< relref "/cloud/getting-started/meet-five/_index.md" >}})
+Throughout these docs you'll follow Five — a Platform Engineer at Orbital Labs — and his colleagues as they set up organizations, configure workspaces, deploy designs, and navigate the occasional Friday-afternoon incident. [Meet Five and the full cast →]({{< relref "cloud/getting-started/meet-five/_index.md" >}})
{{< /alert >}}
diff --git a/content/en/cloud/getting-started/getting-started-with-layer5-account.md b/content/en/cloud/getting-started/getting-started-with-layer5-account.md
index 31140efbb26..a7cea0a3251 100644
--- a/content/en/cloud/getting-started/getting-started-with-layer5-account.md
+++ b/content/en/cloud/getting-started/getting-started-with-layer5-account.md
@@ -17,7 +17,7 @@ The first steps in starting with Layer5 are to create an account, verify your em
To sign up for an account on Layer5 Cloud, navigate to 
**Organization:** Constellation Cloud
**Role:** Provider Admin
@@ -64,7 +64,7 @@ Has seen every misconfigured RBAC policy known to humankind. Responds to Slack m
{{< cardpane >}}
{{% card header="**Five** — Platform Engineer" %}}
-
**Organization:** Orbital Labs
**Role:** User (Platform Engineer)
@@ -73,7 +73,7 @@ Has seen every misconfigured RBAC policy known to humankind. Responds to Slack m
The protagonist — curious, enthusiastic, and reliably the first to discover that a feature works differently than the docs say it does.
{{% /card %}}
{{% card header="**Maya Chen** — Org Admin & Development Team Admin" %}}
-
**Organization:** Orbital Labs
**Role:** Org Admin + Development Team Admin
@@ -85,7 +85,7 @@ Voice of reason. Has a calendar block called "Preventing Five from touching prod
{{< cardpane >}}
{{% card header="**Zara Osei** — Infrastructure Team Admin" %}}
-
+
**Organization:** Orbital Labs
**Role:** Team Admin, Infrastructure Team
@@ -94,7 +94,7 @@ Voice of reason. Has a calendar block called "Preventing Five from touching prod
Sole keeper of the keychain permission matrix. Responds to access requests with a 48-hour SLA and a knowing look.
{{% /card %}}
{{% card header="**Rex Park** — Developer" %}}
-
+
**Organization:** Orbital Labs
**Role:** User, Developer Team
@@ -103,7 +103,7 @@ Sole keeper of the keychain permission matrix. Responds to access requests with
Opens design review requests and immediately asks Five if they have been approved yet. Deploys with confidence; reads error logs with less.
{{% /card %}}
{{% card header="**Jordan Reyes** — Developer & Designer" %}}
-
+
**Organization:** Orbital Labs
**Role:** User, Developer Team
@@ -117,7 +117,7 @@ Crafts Kanvas designs of alarming elegance. Considers a 47-component architectur
{{< cardpane >}}
{{% card header="**Marcus Webb** — Org Admin" %}}
-
+
{{< alert type="info" title="Unable to Create More Organizations?" >}}
If the "Add Organization" button is disabled, it means your current role does not permit creating additional Organizations. Only users with roles like Organization Administrator or Provider Administrator can create new Organizations.
@@ -51,7 +51,7 @@ You can update your Organization's name, location, associated teams, branding, a
- Logos: Upload specific logo versions for various display contexts by clicking the respective **"Upload"** buttons.
- Invitations: Access a shareable link to invite users to your Organization.
-
+
## Using the Open Organization Invitation Link
@@ -62,7 +62,7 @@ To invite multiple users to your organization at once, or to allow open sign-ups
* Public Sign-ups: To let people sign up openly, for instance, by posting the link on a community page or another public resource.
* Cross-Organizational Collaboration: To make it easy for collaborators from other organizations or external partners to join.
-
+
{{< alert title="Inviting Users to Specific Teams" type="info" >}}
If you want to invite users directly to a specific team within your organization, please refer to the documentation on [Open Team Invites](https://docs.layer5.io/cloud/concepts/identity-and-security/teams/)
@@ -115,6 +115,6 @@ Avoid deleting an Organization if:
2. A confirmation modal will appear, requiring you to verify this action.
3. Click the "Delete" button to permanently remove the Organization. To abort the deletion, click "Cancel".
-
+
[^1]: Existing users who click this invitation link might encounter a "Page not found" error. This is a temporary bug and is being addressed.
diff --git a/content/en/cloud/guides/organizations/org-management/create_org.png b/content/en/cloud/guides/organizations/org-management/images/create_org.png
similarity index 100%
rename from content/en/cloud/guides/organizations/org-management/create_org.png
rename to content/en/cloud/guides/organizations/org-management/images/create_org.png
diff --git a/content/en/cloud/guides/organizations/org-management/delete_org.png b/content/en/cloud/guides/organizations/org-management/images/delete_org.png
similarity index 100%
rename from content/en/cloud/guides/organizations/org-management/delete_org.png
rename to content/en/cloud/guides/organizations/org-management/images/delete_org.png
diff --git a/content/en/cloud/guides/organizations/org-management/edit_org.png b/content/en/cloud/guides/organizations/org-management/images/edit_org.png
similarity index 100%
rename from content/en/cloud/guides/organizations/org-management/edit_org.png
rename to content/en/cloud/guides/organizations/org-management/images/edit_org.png
diff --git a/content/en/cloud/guides/organizations/org-management/org_open_invite.gif b/content/en/cloud/guides/organizations/org-management/images/org_open_invite.gif
similarity index 100%
rename from content/en/cloud/guides/organizations/org-management/org_open_invite.gif
rename to content/en/cloud/guides/organizations/org-management/images/org_open_invite.gif
diff --git a/content/en/cloud/guides/organizations/org-management/org_overview.png b/content/en/cloud/guides/organizations/org-management/images/org_overview.png
similarity index 100%
rename from content/en/cloud/guides/organizations/org-management/org_overview.png
rename to content/en/cloud/guides/organizations/org-management/images/org_overview.png
diff --git a/content/en/cloud/guides/organizations/org-management/navigating-organizations/index.md b/content/en/cloud/guides/organizations/org-management/navigating-organizations.md
similarity index 98%
rename from content/en/cloud/guides/organizations/org-management/navigating-organizations/index.md
rename to content/en/cloud/guides/organizations/org-management/navigating-organizations.md
index 33c15660b45..0234964d545 100644
--- a/content/en/cloud/guides/organizations/org-management/navigating-organizations/index.md
+++ b/content/en/cloud/guides/organizations/org-management/navigating-organizations.md
@@ -90,4 +90,4 @@ Your roles and permissions are organization-scoped. This means:
- Administrative capabilities in one organization do not automatically grant administrative access in another.
- Team memberships and their associated permissions are specific to each organization.
-For more details about roles and permissions, see the [Roles documentation](/cloud/concepts/identity-and-security/roles/).
+For more details about roles and permissions, see the [Roles documentation]({{< ref "cloud/concepts/identity-and-security/roles/_index.md" >}}).
diff --git a/content/en/cloud/guides/self-hosted/planning/_index.md b/content/en/cloud/guides/self-hosted/planning/_index.md
index d0045f41e19..3b8643473e5 100644
--- a/content/en/cloud/guides/self-hosted/planning/_index.md
+++ b/content/en/cloud/guides/self-hosted/planning/_index.md
@@ -148,4 +148,4 @@ Layer5 acknowledges the importance of air-gapped deployments and ensures content
Plan for comprehensive observability across your Layer5 Cloud deployment, including metrics, logs, tracing, dashboards, and alerting. Establish SLOs for latency, availability, and saturation; size telemetry storage appropriately; and ensure privacy and access controls for operational data.
-See: [Monitoring](/cloud/guides/self-hosted/planning/monitoring/)
+See: [Monitoring]({{< ref "cloud/guides/self-hosted/planning/monitoring.md" >}})
diff --git a/content/en/cloud/guides/self-hosted/planning/images/self-hosted-deployment.svg b/content/en/cloud/guides/self-hosted/planning/identity-services/images/self-hosted-deployment.svg
similarity index 100%
rename from content/en/cloud/guides/self-hosted/planning/images/self-hosted-deployment.svg
rename to content/en/cloud/guides/self-hosted/planning/identity-services/images/self-hosted-deployment.svg
diff --git a/content/en/cloud/guides/self-hosted/planning/identity-services.md b/content/en/cloud/guides/self-hosted/planning/identity-services/index.md
similarity index 79%
rename from content/en/cloud/guides/self-hosted/planning/identity-services.md
rename to content/en/cloud/guides/self-hosted/planning/identity-services/index.md
index d85ac0ce602..47b8822117f 100644
--- a/content/en/cloud/guides/self-hosted/planning/identity-services.md
+++ b/content/en/cloud/guides/self-hosted/planning/identity-services/index.md
@@ -9,19 +9,19 @@ aliases:
---
-Layer5 Cloud offers a built-in identity provider (IDP), supporting OIDC for normal users and token-based authentication (access, ID, refresh tokens) for API clients with JSON Web Signature (JWS) for token signing. Layer5 Cloud users can sign-up via email and password in addition to social identity providers (Google and GitHub) via OAuth2. See [Getting Started with a Layer5 Account](/cloud/getting-started/getting-started-with-layer5-account/) for details.
+Layer5 Cloud offers a built-in identity provider (IDP), supporting OIDC for normal users and token-based authentication (access, ID, refresh tokens) for API clients with JSON Web Signature (JWS) for token signing. Layer5 Cloud users can sign-up via email and password in addition to social identity providers (Google and GitHub) via OAuth2. See [Getting Started with a Layer5 Account]({{< ref "cloud/getting-started/getting-started-with-layer5-account.md" >}}) for details.
Layer5 Cloud identity services include features such as account recovery, email verification, automatica social sign-in account linking, and multi-factor authentication (coming soon).
{{< alert type="info" >}}
-For more information, see [User Account Linking](/cloud/concepts/identity-and-security/users).
+For more information, see [User Account Linking]({{< ref "cloud/concepts/identity-and-security/users/_index.md" >}}).
{{< /alert >}}
Layer5 Cloud is also working toward being the IDP for Layer5 by supporting OIDC. It will leverage social authentication with Google, GitHub, Twitter, and LinkedIn based on OIDC to authenticate normal users. After authentication, Layer5 Cloud will be able to generate the access token, ID token, and refresh token for normal users. Applications, on the other hand, will use client credential OAUTH2 to get an access token.
The following diagram illustrates the architecture of Layer5 Cloud.
-
+
## Identity providers and custom domains
@@ -29,11 +29,11 @@ By default, every organization signs users in through your deployment's **shared
### Bring Your Own Credentials (BYOC)
-An organization can optionally **bring its own credentials (BYOC)**: its own Google OAuth client and GitHub OAuth App. With BYOC, the upstream consent screen, the registered redirect URL, and the entire OAuth round trip carry the organization's own branding and stay on the organization's own domain. BYOC is enabled per organization by a [Provider Administrator](/cloud/concepts/identity-and-security/roles/#provider-admin-role); an organization owner then registers the OAuth client ID and secret.
+An organization can optionally **bring its own credentials (BYOC)**: its own Google OAuth client and GitHub OAuth App. With BYOC, the upstream consent screen, the registered redirect URL, and the entire OAuth round trip carry the organization's own branding and stay on the organization's own domain. BYOC is enabled per organization by a [Provider Administrator]({{< ref "cloud/concepts/identity-and-security/roles/_index.md#provider-admin-role" >}}); an organization owner then registers the OAuth client ID and secret.
### When BYOC is optional vs. required
-Whether BYOC is *optional* or *required* depends on your organization's [custom domain](/cloud/guides/self-hosted/white-labeling/#social-sign-in-on-a-custom-domain) and how it relates to the **base domain** (the registrable domain, or eTLD+1) of your deployment:
+Whether BYOC is *optional* or *required* depends on your organization's [custom domain]({{< ref "cloud/guides/self-hosted/white-labeling/_index.md#social-sign-in-on-a-custom-domain" >}}) and how it relates to the **base domain** (the registrable domain, or eTLD+1) of your deployment:
| Organization's domain | Default identity providers | BYOC |
| --- | --- | --- |
@@ -59,8 +59,8 @@ Organizations that share an identity provider sit within the same authentication
The canonical host and on-eTLD custom hosts typically draw on the shared, central identity provider, so organizations reached through them are within one shared authentication boundary. An organization with its own (BYOC) identity provider is its own boundary, no matter how its host is named. The DNS shape of the host is not the boundary — the identity provider behind it is.
-This is the authentication (host-class) view of the boundary. It composes with the **authorization** view — where each organization context independently scopes what a user is permitted to do via [keys](/cloud/concepts/identity-and-security/keys/), [keychains](/cloud/concepts/identity-and-security/keychains/), and [roles](/cloud/concepts/identity-and-security/roles/) — and with **granular** resource-access sharing that can cross organizations. For the complete picture of how these layers fit together, see [Identity and Security → Security Boundaries](/cloud/concepts/identity-and-security/#security-boundaries).
+This is the authentication (host-class) view of the boundary. It composes with the **authorization** view — where each organization context independently scopes what a user is permitted to do via [keys]({{< ref "cloud/concepts/identity-and-security/keys.md" >}}), [keychains]({{< ref "cloud/concepts/identity-and-security/keychains.md" >}}), and [roles]({{< ref "cloud/concepts/identity-and-security/roles/_index.md" >}}) — and with **granular** resource-access sharing that can cross organizations. For the complete picture of how these layers fit together, see [Identity and Security → Security Boundaries]({{< ref "cloud/concepts/identity-and-security/_index.md#security-boundaries" >}}).
{{< alert type="info" >}}
-For the custom-domain setup walkthrough and the on-eTLD vs. off-eTLD distinction, see [White-labeling → Social sign-in on a custom domain](/cloud/guides/self-hosted/white-labeling/#social-sign-in-on-a-custom-domain).
+For the custom-domain setup walkthrough and the on-eTLD vs. off-eTLD distinction, see [White-labeling → Social sign-in on a custom domain]({{< ref "cloud/guides/self-hosted/white-labeling/_index.md#social-sign-in-on-a-custom-domain" >}}).
{{< /alert >}}
diff --git a/content/en/cloud/guides/self-hosted/planning/images/kanvas-collaboration-networking.svg b/content/en/cloud/guides/self-hosted/planning/peer-to-peer-communication/images/kanvas-collaboration-networking.svg
similarity index 100%
rename from content/en/cloud/guides/self-hosted/planning/images/kanvas-collaboration-networking.svg
rename to content/en/cloud/guides/self-hosted/planning/peer-to-peer-communication/images/kanvas-collaboration-networking.svg
diff --git a/content/en/cloud/guides/self-hosted/planning/peer-to-peer-communication.md b/content/en/cloud/guides/self-hosted/planning/peer-to-peer-communication/index.md
similarity index 94%
rename from content/en/cloud/guides/self-hosted/planning/peer-to-peer-communication.md
rename to content/en/cloud/guides/self-hosted/planning/peer-to-peer-communication/index.md
index 7a51d9ca368..442983689e0 100644
--- a/content/en/cloud/guides/self-hosted/planning/peer-to-peer-communication.md
+++ b/content/en/cloud/guides/self-hosted/planning/peer-to-peer-communication/index.md
@@ -20,7 +20,7 @@ Characteristics of the peer-to-peer communication include:
- Very little server load
- Not suited for a large amount of collaborators on a single document (each peer is connected to each other)
-
+
### Default Configuration
diff --git a/content/en/cloud/guides/self-hosted/white-labeling/_index.md b/content/en/cloud/guides/self-hosted/white-labeling/_index.md
index 42e33b126b4..aca35b2e36c 100644
--- a/content/en/cloud/guides/self-hosted/white-labeling/_index.md
+++ b/content/en/cloud/guides/self-hosted/white-labeling/_index.md
@@ -38,7 +38,7 @@ This example includes a custom branding with colors and full-sized logo.
Layer5 Cloud supports customizing themes on a per organization basis. This includes the ability to upload your own logo and define your own color scheme. Your logo will be displayed in the top left corner of the dashboard. Both a full-sized logo and a logo mark are supported.
-As an [Organization Administrator](/cloud/concepts/identity-and-security/roles/organization-roles/), you can add your organization's logo to the global navigation bar, which supports a large, horizontal logo for desktop users and a small, square logo for mobile users. The logo appears at the top of each user's window for all Layer5 Cloud pages within your organization.
+As an [Organization Administrator]({{< ref "cloud/concepts/identity-and-security/roles/organization-roles.md" >}}), you can add your organization's logo to the global navigation bar, which supports a large, horizontal logo for desktop users and a small, square logo for mobile users. The logo appears at the top of each user's window for all Layer5 Cloud pages within your organization.
{{% card header="Preference Example" footer="Example: Selection of theme" %}}
This example shows how to customize through different themes
@@ -141,7 +141,7 @@ To set up a www or custom subdomain, such as `www.example.com` or `meshery.examp
In Layer5 Cloud, navigate to your Provider Organization.
-Under your Organization name, click Edit. If you cannot click the "Edit" action, verify that you are a [Provider Administrator](/cloud/concepts/identity-and-security/roles).
+Under your Organization name, click Edit. If you cannot click the "Edit" action, verify that you are a [Provider Administrator]({{< ref "cloud/concepts/identity-and-security/roles/_index.md" >}}).
Under "Custom domain", type your custom domain, then click Save. This will create a server configuration that will require a reboot in order to take effect.
@@ -191,10 +191,10 @@ Whether social sign-in (Google and GitHub) works on a custom domain depends on h
- **Different base domain (fully-custom).** If the custom domain sits on a different base domain — for example you CNAME `meshery.yourcompany.com` to the hosted `cloud.layer5.io`, where `yourcompany.com` and `layer5.io` are different base domains — the secure social sign-in handshake cannot hand off between the two unrelated domains using the shared default identity providers. **Social sign-in on a fully-custom domain therefore requires your organization to bring its own identity provider credentials (BYOC)**: your own Google OAuth client and GitHub OAuth App, registered against your domain.
{{< alert title="Social buttons are hidden until your own identity providers are configured" color="info" >}}
-On a fully-custom domain **without** its own identity providers, the Google and GitHub buttons are **hidden** on the login and sign-up screens — they would otherwise lead to a sign-in that cannot complete. **Email-and-password sign-in and sign-up both remain fully available** — the **Log In / Sign Up** toggle stays visible, so new users can still register and existing users can still sign in. Only the social buttons are hidden. They reappear automatically once your organization configures its own identity providers. See [Identity Services](/cloud/guides/self-hosted/planning/identity-services/) for what BYOC is and when it is required.
+On a fully-custom domain **without** its own identity providers, the Google and GitHub buttons are **hidden** on the login and sign-up screens — they would otherwise lead to a sign-in that cannot complete. **Email-and-password sign-in and sign-up both remain fully available** — the **Log In / Sign Up** toggle stays visible, so new users can still register and existing users can still sign in. Only the social buttons are hidden. They reappear automatically once your organization configures its own identity providers. See [Identity Services]({{< ref "cloud/guides/self-hosted/planning/identity-services/index.md" >}}) for what BYOC is and when it is required.
{{< /alert >}}
-The same base domain / different base domain split above is not only about whether social buttons appear — it also marks an **authentication boundary**. Organizations that share an identity provider (the canonical host and on-eTLD custom subdomains that use the shared, central provider) sit within the same authentication boundary, while an organization that brings its own (BYOC) provider is a distinct authentication boundary: **same identity provider source means the same security boundary**, regardless of how the host is named. See [Identity Services → The identity provider is the security boundary](/cloud/guides/self-hosted/planning/identity-services/#the-identity-provider-is-the-security-boundary) and [Identity and Security → Security Boundaries](/cloud/concepts/identity-and-security/#security-boundaries).
+The same base domain / different base domain split above is not only about whether social buttons appear — it also marks an **authentication boundary**. Organizations that share an identity provider (the canonical host and on-eTLD custom subdomains that use the shared, central provider) sit within the same authentication boundary, while an organization that brings its own (BYOC) provider is a distinct authentication boundary: **same identity provider source means the same security boundary**, regardless of how the host is named. See [Identity Services → The identity provider is the security boundary]({{< ref "cloud/guides/self-hosted/planning/identity-services/index.md#the-identity-provider-is-the-security-boundary" >}}) and [Identity and Security → Security Boundaries]({{< ref "cloud/concepts/identity-and-security/_index.md#security-boundaries" >}}).
## Frequently asked questions about white labeling
diff --git a/content/en/cloud/guides/tutorials/images/embedding-badges-modal.svg b/content/en/cloud/guides/tutorials/assigning-user-badges/images/embedding-badges-modal.svg
similarity index 100%
rename from content/en/cloud/guides/tutorials/images/embedding-badges-modal.svg
rename to content/en/cloud/guides/tutorials/assigning-user-badges/images/embedding-badges-modal.svg
diff --git a/content/en/cloud/guides/tutorials/assigning-user-badges.md b/content/en/cloud/guides/tutorials/assigning-user-badges/index.md
similarity index 97%
rename from content/en/cloud/guides/tutorials/assigning-user-badges.md
rename to content/en/cloud/guides/tutorials/assigning-user-badges/index.md
index f8d642677cc..956cccdbd0d 100755
--- a/content/en/cloud/guides/tutorials/assigning-user-badges.md
+++ b/content/en/cloud/guides/tutorials/assigning-user-badges/index.md
@@ -44,7 +44,7 @@ To share your badges on other social profiles, utilize the provided embedded cod
3. Copy the html or the markdown code by clicking the Embed Code icon
4. Paste the code in your site
-{{< figure src="/cloud/guides/tutorials/images/embedding-badges-modal.svg" alt="Embedding-badges-modal">}}
+{{< figure src="images/embedding-badges-modal.svg" alt="Embedding-badges-modal">}}
### FAQ
- **Is there a limit to the number of badges that I can earn?**
diff --git a/content/en/cloud/guides/tutorials/promoting-a-design.md b/content/en/cloud/guides/tutorials/promoting-a-design.md
index e1cafe370cf..6d919d089b1 100644
--- a/content/en/cloud/guides/tutorials/promoting-a-design.md
+++ b/content/en/cloud/guides/tutorials/promoting-a-design.md
@@ -13,7 +13,7 @@ aliases:
This guide walks through how Five promotes the `prod-deployment-v2` design from the `orbital-staging` workspace to `orbital-production`, with Zara Osei (Infrastructure Team Admin) approving the environment assignment.
-See [Meet Five and the Cast](/cloud/getting-started/meet-five) for the full Orbital Labs narrative reference.
+See [Meet Five and the Cast]({{< ref "cloud/getting-started/meet-five/_index.md" >}}) for the full Orbital Labs narrative reference.
## Overview
@@ -69,7 +69,7 @@ If your organization requires Team Admin approval before production deployments,
3. She clicks **Approve** — the deployment proceeds to `prod-aws`.
{{< alert type="info" title="Why does Zara need to approve?" >}}
-The Infrastructure team's keychain grants `orbital-production` workspace access and `prod-aws` environment deployment rights only to members who have been explicitly granted those keys. Zara, as Team Admin, holds the approval authority for production environment assignments. See [Keychains](/cloud/concepts/identity-and-security/keychains/) for how this is configured.
+The Infrastructure team's keychain grants `orbital-production` workspace access and `prod-aws` environment deployment rights only to members who have been explicitly granted those keys. Zara, as Team Admin, holds the approval authority for production environment assignments. See [Keychains]({{< ref "cloud/concepts/identity-and-security/keychains.md" >}}) for how this is configured.
{{< /alert >}}
### Step 5 — Verify the deployment
@@ -82,6 +82,6 @@ After approval:
## What's Next
-- To give the Development team visibility into the production design (read-only), Five can share the design individually with Rex and Jordan. See [Sharing a Workspace](/cloud/guides/tutorials/sharing-a-workspace/).
+- To give the Development team visibility into the production design (read-only), Five can share the design individually with Rex and Jordan. See [Sharing a Workspace]({{< ref "cloud/guides/tutorials/sharing-a-workspace.md" >}}).
- To set up a parallel deployment to `prod-gcp`, Five repeats Steps 3–5 selecting `prod-gcp` as the environment.
- To roll back, Five transfers `prod-deployment-v2` back to `orbital-staging` and deploys the previous version from there.
diff --git a/content/en/cloud/guides/tutorials/sharing-a-workspace.md b/content/en/cloud/guides/tutorials/sharing-a-workspace.md
index 1eebdc90b91..b0503f90f18 100644
--- a/content/en/cloud/guides/tutorials/sharing-a-workspace.md
+++ b/content/en/cloud/guides/tutorials/sharing-a-workspace.md
@@ -25,7 +25,7 @@ In your browser, go to [Layer5 Cloud](https://cloud.layer5.io).
4. Set the permission level — Five gives Rex **edit** access so he can deploy and modify the design.
5. Click **Send**.
-
+
Rex receives an invitation and can now open `microservices-baseline` in the `orbital-dev` workspace.
@@ -92,5 +92,5 @@ Someone you don't know might be viewing your design because:
- Someone who can edit your design shared it further.
{{< alert type="info" >}}
-See [Meet Five and the Cast](/cloud/getting-started/meet-five) for the full Orbital Labs workspace and character reference.
+See [Meet Five and the Cast]({{< ref "cloud/getting-started/meet-five/_index.md" >}}) for the full Orbital Labs workspace and character reference.
{{< /alert >}}
diff --git a/content/en/cloud/guides/workspaces/images/assign-designs-views.gif b/content/en/cloud/guides/workspaces/managing-workspaces/images/assign-designs-views.gif
similarity index 100%
rename from content/en/cloud/guides/workspaces/images/assign-designs-views.gif
rename to content/en/cloud/guides/workspaces/managing-workspaces/images/assign-designs-views.gif
diff --git a/content/en/cloud/guides/workspaces/images/assign-teams.gif b/content/en/cloud/guides/workspaces/managing-workspaces/images/assign-teams.gif
similarity index 100%
rename from content/en/cloud/guides/workspaces/images/assign-teams.gif
rename to content/en/cloud/guides/workspaces/managing-workspaces/images/assign-teams.gif
diff --git a/content/en/cloud/guides/workspaces/images/assign_environment.png b/content/en/cloud/guides/workspaces/managing-workspaces/images/assign_environment.png
similarity index 100%
rename from content/en/cloud/guides/workspaces/images/assign_environment.png
rename to content/en/cloud/guides/workspaces/managing-workspaces/images/assign_environment.png
diff --git a/content/en/cloud/guides/workspaces/images/create-workspace.gif b/content/en/cloud/guides/workspaces/managing-workspaces/images/create-workspace.gif
similarity index 100%
rename from content/en/cloud/guides/workspaces/images/create-workspace.gif
rename to content/en/cloud/guides/workspaces/managing-workspaces/images/create-workspace.gif
diff --git a/content/en/cloud/guides/workspaces/images/delete-workspace.gif b/content/en/cloud/guides/workspaces/managing-workspaces/images/delete-workspace.gif
similarity index 100%
rename from content/en/cloud/guides/workspaces/images/delete-workspace.gif
rename to content/en/cloud/guides/workspaces/managing-workspaces/images/delete-workspace.gif
diff --git a/content/en/cloud/guides/workspaces/images/edit-workspace.gif b/content/en/cloud/guides/workspaces/managing-workspaces/images/edit-workspace.gif
similarity index 100%
rename from content/en/cloud/guides/workspaces/images/edit-workspace.gif
rename to content/en/cloud/guides/workspaces/managing-workspaces/images/edit-workspace.gif
diff --git a/content/en/cloud/guides/workspaces/images/grid-view.png b/content/en/cloud/guides/workspaces/managing-workspaces/images/grid-view.png
similarity index 100%
rename from content/en/cloud/guides/workspaces/images/grid-view.png
rename to content/en/cloud/guides/workspaces/managing-workspaces/images/grid-view.png
diff --git a/content/en/cloud/guides/workspaces/images/security-audit.png b/content/en/cloud/guides/workspaces/managing-workspaces/images/security-audit.png
similarity index 100%
rename from content/en/cloud/guides/workspaces/images/security-audit.png
rename to content/en/cloud/guides/workspaces/managing-workspaces/images/security-audit.png
diff --git a/content/en/cloud/guides/workspaces/images/table-view.png b/content/en/cloud/guides/workspaces/managing-workspaces/images/table-view.png
similarity index 100%
rename from content/en/cloud/guides/workspaces/images/table-view.png
rename to content/en/cloud/guides/workspaces/managing-workspaces/images/table-view.png
diff --git a/content/en/cloud/guides/workspaces/managing-workspaces.md b/content/en/cloud/guides/workspaces/managing-workspaces/index.md
similarity index 83%
rename from content/en/cloud/guides/workspaces/managing-workspaces.md
rename to content/en/cloud/guides/workspaces/managing-workspaces/index.md
index 1c4f9623194..06a18632f79 100644
--- a/content/en/cloud/guides/workspaces/managing-workspaces.md
+++ b/content/en/cloud/guides/workspaces/managing-workspaces/index.md
@@ -11,10 +11,10 @@ aliases:
This guide walks you through the practical steps of managing your Workspaces. Here, you'll learn how to create, edit, and delete Workspaces, as well as how to manage access by assigning teams and resources like Environments, Designs, and Views to them.
-If you're new to the concept of Workspaces, we recommend starting with the [Workspaces Overview](/cloud/concepts/spaces/workspaces/) to understand what a Workspace is and how it relates to key components like Environments, Designs, and Teams.
+If you're new to the concept of Workspaces, we recommend starting with the [Workspaces Overview]({{< ref "cloud/concepts/spaces/workspaces.md" >}}) to understand what a Workspace is and how it relates to key components like Environments, Designs, and Teams.
{{< alert type="info" title="A Note on Permissions" >}}
-Every action described in this guide is governed by roles and permissions. To see a detailed breakdown of what your assigned role allows you to do, please refer to the [Default Permissions](/cloud/reference/default-permissions/) documentation.
+Every action described in this guide is governed by roles and permissions. To see a detailed breakdown of what your assigned role allows you to do, please refer to the [Default Permissions]({{< ref "cloud/reference/default-permissions.md" >}}) documentation.
{{< /alert >}}
### View Workspaces
@@ -25,14 +25,14 @@ The [Workspaces page](https://cloud.layer5.io/spaces/workspaces) is where you ca
#### Grid View
The grid view offers a card-based layout, perfect for quickly identifying workspaces at a glance. Each card displays essential information, and you can flip it to reveal management options like editing or deleting and get audit history.
-
+
#### Table View
The table view provides a dense, list-based format that is ideal for managing a large number of workspaces. This view allows for sorting and gives you more control over the specific details you see.
To customize the information displayed, click the **View Columns** icon and select the attributes you want to see, such as Owner ID or Created Date.
-
+
{{< alert type="info" title="Consistent Actions Across Views" >}}
Both the grid and table views provide the same set of management capabilities. You can choose the layout that best fits your needs without losing any functionality.
@@ -53,7 +53,7 @@ To create a workspace:
3. Enter a descriptive **Name** and an optional **Description**, then click **Save**.
4. Your new workspace will now appear on the page.
-
+
### Edit a Workspace
@@ -62,7 +62,7 @@ You can modify a workspace's name and description at any time after it has been
- **From the Grid View:** Flip the workspace card, then click the **pencil icon**.
- **From the Table View:** Click the **pencil icon** in the row of the workspace you wish to modify.
-
+
### Delete a Workspace
@@ -78,7 +78,7 @@ You can delete a single workspace or multiple workspaces at once.
1. Select the checkboxes on the cards of the workspaces you want to delete.
2. Click the **Delete** button that appears at the top of the page.
-
+
{{< alert type="info" title="Deletion Restrictions" >}}
Meshery requires at least one workspace to exist within an organization at all times, so you cannot delete the last remaining workspace.
@@ -100,7 +100,7 @@ When a Workspace is deleted:
### Assign Teams to a Workspace
Assigning teams is the way you grant users access to a workspace. Once a team is assigned, its members can access all of the Designs, Views, and Environments linked to that workspace.
-
+
You can open the team management Dialog from either the grid or table view.
@@ -118,14 +118,14 @@ Inside the assignment Dialog, you will see two lists: **Available Teams** on the
3. Click **Save** to apply your changes.
{{< alert type="info" title="Team and Workspace Relationships" >}}
-You can assign multiple teams to a single workspace, and a single team can also be a member of multiple workspaces. This provides flexible access control across your projects. For more restrictions, see [Workspaces documentation](/cloud/concepts/spaces/workspaces/).
+You can assign multiple teams to a single workspace, and a single team can also be a member of multiple workspaces. This provides flexible access control across your projects. For more restrictions, see [Workspaces documentation]({{< ref "cloud/concepts/spaces/workspaces.md" >}}).
{{< /alert >}}
### Link Environments to a Workspace
-When you link an [Environment](/cloud/concepts/spaces/environments/) to a Workspace, you make all the connections (like those to Kubernetes clusters or databases) grouped within that Environment available. This means any team members with access to that Workspace can then deploy their applications or configurations to the resources.
+When you link an [Environment]({{< ref "cloud/concepts/spaces/environments.md" >}}) to a Workspace, you make all the connections (like those to Kubernetes clusters or databases) grouped within that Environment available. This means any team members with access to that Workspace can then deploy their applications or configurations to the resources.
The process of linking environments is almost the same as assigning teams.
-
+
{{< alert type="info" title="Many-to-Many Relationship" >}}
An Environment can be linked to multiple Workspaces, and a Workspace can have multiple Environments. This allows you to share common environments across different projects.
@@ -144,17 +144,17 @@ When you create a new Design, it is automatically added to your current Workspac
3. Use the arrow buttons to move the selected Design(s) or View(s) to the target workspace.
4. Click **Save**.
-
+
{{< alert type="info" title="Exclusive Ownership" >}}
-A Design or View can only exist in one Workspace at a time. Moving it to a new Workspace will automatically remove it from its original location. For more detailed information, see [Workspaces documentation](/cloud/concepts/spaces/workspaces/).
+A Design or View can only exist in one Workspace at a time. Moving it to a new Workspace will automatically remove it from its original location. For more detailed information, see [Workspaces documentation]({{< ref "cloud/concepts/spaces/workspaces.md" >}}).
{{< /alert >}}
### View Recent Activity
Meshery keeps a detailed audit log for each workspace, allowing you to track all significant events. This is useful for maintaining security and troubleshooting issues.
-
+
The activity log captures a variety of events, including:
- The creation or deletion of the workspace.
@@ -184,7 +184,7 @@ Think of a private workspace as your personal Google "My Drive." You can use it
**3. Template Library**
Create a separate, access-controlled Workspace to serve as your organization's internal, private template library. This is for storing non-public, organization-specific, or sensitive patterns.
-> This practice complements the [public Catalog](/cloud/concepts/catalog/exploring-the-catalog/), which is used for sharing generic, non-sensitive designs with the community. A dedicated Organization Catalog feature is also planned for the future.
+> This practice complements the [public Catalog]({{< ref "cloud/concepts/catalog/exploring-the-catalog/index.md" >}}), which is used for sharing generic, non-sensitive designs with the community. A dedicated Organization Catalog feature is also planned for the future.
**4. The Team Space**
@@ -202,7 +202,7 @@ For teams requiring strict separation between environments, this pattern is esse
- **Access**: Access to the Design is determined by the Teams assigned to its new Workspace.
- **Cross-Organization Transfers**: You can move a Design you own into a Workspace in a different Organization, provided you have the necessary permissions in the target Organization.
-> A key restriction is that a user, even with a [Workspace Admin](/cloud/concepts/identity-and-security/roles/workspace-roles/) role, cannot manage a Design they **do not own**. This action requires [Organization Admin](/cloud/concepts/identity-and-security/roles/organization-roles/) or Organization Owner permissions.
+> A key restriction is that a user, even with a [Workspace Admin]({{< ref "cloud/concepts/identity-and-security/roles/workspace-roles.md" >}}) role, cannot manage a Design they **do not own**. This action requires [Organization Admin]({{< ref "cloud/concepts/identity-and-security/roles/organization-roles.md" >}}) or Organization Owner permissions.
#### 2. What can other users of a Workspace do with my design? Can they delete my design?
@@ -220,7 +220,7 @@ Currently, it is **not possible** to receive direct notifications or see a colla
No. A user with whom you share a private Design cannot re-share it with others.
-> [learn more about sharing designs](/kanvas/designer/sharing/).
+> [learn more about sharing designs]({{< ref "kanvas/designer/sharing/index.md" >}}).
#### 6. Does a workspace have space limitations or file count limitations?
@@ -228,7 +228,7 @@ Currently, there are no specific space or file count limitations for Workspaces.
#### 7. How can I make my design publicly available, but read-only to other users?
-To make a Design available to everyone but in a read-only state, you should **[Publish](/kanvas/designer/publishing-designs/)** it. A **Published** design can be viewed and cloned by any user, but the original cannot be edited by others.
+To make a Design available to everyone but in a read-only state, you should **[Publish]({{< ref "kanvas/designer/publishing-designs/index.md" >}})** it. A **Published** design can be viewed and cloned by any user, but the original cannot be edited by others.
#### 8. How do I share a private design with a specific team for collaboration?
diff --git a/content/en/cloud/concepts/catalog/images/Slide51.svg b/content/en/cloud/images/Slide51.svg
similarity index 100%
rename from content/en/cloud/concepts/catalog/images/Slide51.svg
rename to content/en/cloud/images/Slide51.svg
diff --git a/static/images/five/1.svg b/content/en/cloud/images/five/1.svg
similarity index 100%
rename from static/images/five/1.svg
rename to content/en/cloud/images/five/1.svg
diff --git a/static/images/five/2.svg b/content/en/cloud/images/five/2.svg
similarity index 100%
rename from static/images/five/2.svg
rename to content/en/cloud/images/five/2.svg
diff --git a/static/images/five/layer5-five-mascot-means-business.svg b/content/en/cloud/images/five/layer5-five-mascot-means-business.svg
similarity index 100%
rename from static/images/five/layer5-five-mascot-means-business.svg
rename to content/en/cloud/images/five/layer5-five-mascot-means-business.svg
diff --git a/content/en/cloud/reference/api-reference/_index.md b/content/en/cloud/reference/api-reference/_index.md
index 9810e1ca31c..bce8373ca5c 100644
--- a/content/en/cloud/reference/api-reference/_index.md
+++ b/content/en/cloud/reference/api-reference/_index.md
@@ -10,7 +10,7 @@ To create integrations, retrieve data, and automate your cloud native infrastruc
## Authenticating with the API
-In order to authenticate to Layer5 Cloud's REST API, you need to generate and use a [security token](/cloud/concepts/identity-and-security/tokens/). Visit your [user account's security tokens](https://cloud.layer5.io/security/tokens) and generate a long-lived token. Security tokens remain valid until you revoke them, and you can issue as many as you need.
+In order to authenticate to Layer5 Cloud's REST API, you need to generate and use a [security token]({{< ref "cloud/concepts/identity-and-security/tokens.md" >}}). Visit your [user account's security tokens](https://cloud.layer5.io/security/tokens) and generate a long-lived token. Security tokens remain valid until you revoke them, and you can issue as many as you need.
To authenticate with the API, pass the token as a bearer token in the `Authorization` header. For example, in cURL:
@@ -153,7 +153,7 @@ The following example demonstrate how to retrieve information from the Academy R
### Get the total number of registered learners in Academy
-Use the Layer5 Cloud API to retrieve the *total* number of registered learners. Pass your [Security Token](https://docs.layer5.io/cloud/concepts/identity-and-security/tokens/) as a Bearer token in the `Authorization` header (as shown in [Authenticating with API](/cloud/reference/api-reference/#authenticating-with-the-api)). The response JSON includes an array of user objects.
+Use the Layer5 Cloud API to retrieve the *total* number of registered learners. Pass your [Security Token](https://docs.layer5.io/cloud/concepts/identity-and-security/tokens/) as a Bearer token in the `Authorization` header (as shown in [Authenticating with API]({{< ref "cloud/reference/api-reference/_index.md#authenticating-with-the-api" >}})). The response JSON includes an array of user objects.
{{< tabpane >}}
diff --git a/content/en/cloud/reference/default-permissions.md b/content/en/cloud/reference/default-permissions.md
index 2ca694b6101..26463c9edba 100644
--- a/content/en/cloud/reference/default-permissions.md
+++ b/content/en/cloud/reference/default-permissions.md
@@ -6,7 +6,7 @@ categories: [Identity]
tags: [perms]
---
-{{< alert title="Customizable Permissions" type="info" >}}Default permissions can be easily customized by simply creating your own [keychains](/cloud/concepts/identity-and-security/keychains/#keychains-management) and [roles](/cloud/concepts/identity-and-security/roles).{{< /alert >}}
+{{< alert title="Customizable Permissions" type="info" >}}Default permissions can be easily customized by simply creating your own [keychains]({{< ref "cloud/concepts/identity-and-security/keychains.md#keychains-management" >}}) and [roles]({{< ref "cloud/concepts/identity-and-security/roles/_index.md" >}}).{{< /alert >}}
**Legend:**
diff --git a/content/en/contributing/contributing-to-docs.md b/content/en/contributing/contributing-to-docs.md
index a6358edaaa7..83ea22ca220 100644
--- a/content/en/contributing/contributing-to-docs.md
+++ b/content/en/contributing/contributing-to-docs.md
@@ -167,13 +167,36 @@ You can override the default styles and add new ones:
### Image styling
-By default, Markdown images are written like this:
+### Link and asset paths
+
+Use Hugo `ref` when linking from one documentation page to another documentation page:
+
+```markdown
+[About]({{}})
+```
+
+For images and other assets that live next to `index.md` or `_index.md`, or inside that page bundle, use a normal relative path:
```markdown
-
+
```
-These are rendered with:
+If you need HTML for custom sizing, keep the same relative path:
+
+```html
+
+```
+
+For global shared assets that physically live under `static/`, use the `static` shortcode:
+
+```markdown
+
+```
+
+Do not use the `static` shortcode for assets under `content/`.
+
+By default, Markdown images are rendered with:
+
* `max-width: 70%` of the viewport
* `max-height: 80vh` of the viewport height
* centered block layout
@@ -181,14 +204,14 @@ These are rendered with:
This default styling works well for most landscape (horizontal) images. However, if an image is very tall, narrow, or otherwise looks awkward, you can override the default by embedding raw HTML and specifying a custom size:
```html
-
+
+ 
+ 
+ 
+ 
+ 
{{ else }}
-