Move ambient to top level in docs (#14933)

* move ambient to top level

* make snips

* update version and make snips

* format

* fix lint

* more lint

* more lint

* Update content/en/blog/2023/ambient-merged-istio-main/index.md

Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>

* Update content/en/docs/ambient/install/_index.md

Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>

* Update content/en/docs/ambient/upgrade/_index.md

Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>

* Update content/en/docs/ambient/upgrade/helm-upgrade/index.md

Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>

* Update content/en/docs/ambient/usage/ztunnel/index.md

Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>

* Update content/en/docs/setup/additional-setup/config-profiles/index.md

Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>

---------

Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>

content/en/blog/2022/get-started-ambient/index.md

@@ -7,7 +7,7 @@ keywords: [ambient,demo,guide]
 ---
 
 {{< warning >}}
-Refer to the latest [getting started with ambient mesh doc](/docs/ops/ambient/getting-started/) for updated instructions.
+Refer to the latest [getting started with ambient mesh doc](/docs/ambient/getting-started/) for updated instructions.
 {{< /warning >}}
 
 Ambient mesh is [a new data plane mode for Istio introduced today](/blog/2022/introducing-ambient-mesh/). Following this getting started guide, you can experience how ambient mesh can simplify your application onboarding, help with ongoing operations, and reduce service mesh infrastructure resource usage.

content/en/blog/2023/ambient-merged-istio-main/index.md

@@ -19,7 +19,7 @@ Ambient mesh is designed for simplified operations, broader application compatib
 
 ## Get involved
 
-Follow our [getting started guide](http://istio.io/latest/docs/ops/ambient/getting-started/) to try the ambient pre-alpha build today. We'd love to hear from you! To learn more about ambient:
+Follow our [getting started guide](/docs/ambient/getting-started/) to try the ambient pre-alpha build today. We'd love to hear from you! To learn more about ambient:
 
 * Join us in the #ambient and #ambient-dev channel in Istio’s [slack](https://slack.istio.io).
 * Attend the weekly ambient contributor [meeting](https://github.com/istio/community/blob/master/WORKING-GROUPS.md#working-group-meetings) on Wednesdays.

content/en/blog/2023/rust-based-ztunnel/index.md

@@ -195,4 +195,4 @@ If you install Prometheus and Kiali, you can view these metrics easily from Kial
 
 ## Wrapping up
 
-We are super excited that the new [Rust-based ztunnel](https://github.com/istio/ztunnel/) is drastically simplified, more lightweight and performant than the prior Envoy-based ztunnel. With the purposefully designed workload xDS for the Rust-based ztunnel, you’ll not only be able to understand the xDS configuration much more easily, but also have drastically reduced network traffic and cost between the Istiod control plane and ztunnels. With Istio ambient now merged to upstream master, you can try the new Rust-based ztunnel by following our [getting started guide](/docs/ops/ambient/getting-started/).
+We are super excited that the new [Rust-based ztunnel](https://github.com/istio/ztunnel/) is drastically simplified, more lightweight and performant than the prior Envoy-based ztunnel. With the purposefully designed workload xDS for the Rust-based ztunnel, you’ll not only be able to understand the xDS configuration much more easily, but also have drastically reduced network traffic and cost between the Istiod control plane and ztunnels. With Istio ambient now merged to upstream master, you can try the new Rust-based ztunnel by following our [getting started guide](/docs/ambient/getting-started/).

content/en/blog/2023/waypoint-proxy-made-simple/index.md

@@ -96,7 +96,7 @@ This is an area under active development in the community, where we design how t
 
 ## A deep-dive of waypoint configuration
 
-Assuming you have followed the [ambient get started guide](/docs/ops/ambient/getting-started/) up to and including the [control traffic section](/docs/ops/ambient/getting-started/#control), you have deployed a waypoint proxy for the bookinfo-reviews service account to direct 90% traffic to reviews v1 and 10% traffic to reviews v2.
+Assuming you have followed the [ambient get started guide](/docs/ambient/getting-started/) up to and including the [control traffic section](/docs/ambient/getting-started/#control), you have deployed a waypoint proxy for the bookinfo-reviews service account to direct 90% traffic to reviews v1 and 10% traffic to reviews v2.
 
 Use `istioctl` to retrieve the listeners for the `reviews` waypoint proxy:
 
@@ -218,4 +218,4 @@ Note that you don’t get any endpoints related to any services other than revie
 
 ## Wrapping up
 
-We are very excited about the waypoint simplification focusing on destination oriented waypoint proxies. This is another significant step towards simplifying Istio’s usability, scalability and debuggability which are top priorities on Istio’s roadmap. Follow our [getting started guide](/docs/ops/ambient/getting-started/) to try the ambient alpha build today and experience the simplified waypoint proxy!
+We are very excited about the waypoint simplification focusing on destination oriented waypoint proxies. This is another significant step towards simplifying Istio’s usability, scalability and debuggability which are top priorities on Istio’s roadmap. Follow our [getting started guide](/docs/ambient/getting-started/) to try the ambient alpha build today and experience the simplified waypoint proxy!

content/en/docs/ambient/_index.md

@@ -1,7 +1,9 @@
 ---
 title: Ambient Mode
 description: Information for setting up and operating Istio in ambient mode.
-weight: 60
+weight: 25
+aliases:
+  - /docs/ops/ambient
 keywords: [ambient]
 test: n/a
 ---

content/en/docs/ambient/architecture/index.md

@@ -1,7 +1,9 @@
 ---
-title: Ambient Mode Architecture
+title: Architecture
 description: A deep dive into the architecture of ambient mode.
 weight: 20
+aliases:
+  - /docs/ops/ambient/architecture
 owner: istio/wg-networking-maintainers
 test: n/a
 ---

content/en/docs/ambient/getting-started/gtwapi_test-disabled.sh

@@ -18,7 +18,7 @@
 # @setup profile=none
 GATEWAY_API="true"
 
-source "content/en/docs/ops/ambient/getting-started/test.sh"
+source "content/en/docs/ambient/getting-started/test.sh"
 
 # @cleanup
 GATEWAY_API="true"

content/en/docs/ambient/getting-started/index.md

@@ -1,7 +1,9 @@
 ---
-title: Getting Started with Ambient Mode
+title: Getting Started
 description: How to deploy and install Istio in ambient mode.
 weight: 1
+aliases:
+  - /docs/ops/ambient/getting-started
 owner: istio/wg-networking-maintainers
 test: yes
 ---

content/en/docs/ambient/getting-started/snips.sh

@@ -17,7 +17,7 @@
 
 ####################################################################################################
 # WARNING: THIS IS AN AUTO-GENERATED FILE, DO NOT EDIT. PLEASE MODIFY THE ORIGINAL MARKDOWN FILE:
-#          docs/ops/ambient/getting-started/index.md
+#          docs/ambient/getting-started/index.md
 ####################################################################################################
 
 snip_download_and_install_2() {

content/en/docs/ambient/install/_index.md

@@ -0,0 +1,9 @@
+---
+title: Installation Guide
+description: Installation guide for Istio ambient mode.
+weight: 5
+aliases:
+  - /docs/ops/ambient/install
+owner: istio/wg-environment-maintainers
+test: n/a
+---

content/en/docs/ambient/install/helm-installation/index.md

@@ -2,17 +2,19 @@
 title: Install with Helm
 description: Install Istio in Ambient mode with Helm.
 weight: 4
+aliases:
+  - /docs/ops/ambient/install/helm-installation
 owner: istio/wg-environments-maintainers
 test: yes
 ---
 
 This guide shows you how to install Istio in ambient mode with Helm.
-Aside from following the demo in [Getting Started with Ambient Mode](/docs/ops/ambient/getting-started/),
+Aside from following the demo in [Getting Started with Ambient Mode](/docs/ambient/getting-started/),
 we encourage the use of Helm to install Istio for use in ambient mode. Helm helps you manage components separately, and you can easily upgrade the components to the latest version.
 
 ## Prerequisites
 
-1. Check the [Platform-Specific Prerequisites](/docs/ops/ambient/install/platform-prerequisites).
+1. Check the [Platform-Specific Prerequisites](/docs/ambient/install/platform-prerequisites).
 
 1. [Install the Helm client](https://helm.sh/docs/intro/install/), version 3.6 or above.
 
@@ -106,8 +108,8 @@ ztunnel-c2z4s                    1/1     Running   0          10m
 
 ### Verify with the sample application
 
-After installing ambient mode with Helm, you can follow the [Deploy the sample application](/docs/ops/ambient/getting-started/#bookinfo) guide to deploy the sample application and ingress gateways, and then you can
-[add your application to the ambient mesh](/docs/ops/ambient/getting-started/#addtoambient).
+After installing ambient mode with Helm, you can follow the [Deploy the sample application](/docs/ambient/getting-started/#bookinfo) guide to deploy the sample application and ingress gateways, and then you can
+[add your application to the ambient mesh](/docs/ambient/getting-started/#addtoambient).
 
 ## Uninstall
 

content/en/docs/ambient/install/helm-installation/snips.sh

@@ -17,7 +17,7 @@
 
 ####################################################################################################
 # WARNING: THIS IS AN AUTO-GENERATED FILE, DO NOT EDIT. PLEASE MODIFY THE ORIGINAL MARKDOWN FILE:
-#          docs/ops/ambient/install/helm-installation/index.md
+#          docs/ambient/install/helm-installation/index.md
 ####################################################################################################
 
 snip_configure_helm() {

content/en/docs/ambient/install/platform-prerequisites/index.md

@@ -2,6 +2,8 @@
 title: Platform-Specific Prerequisites
 description: Platform-specific prerequisites for installing Istio in ambient mode.
 weight: 4
+aliases:
+  - /docs/ops/ambient/install/platform-prerequisites
 owner: istio/wg-environments-maintainers
 test: no
 ---

content/en/docs/ambient/upgrade/_index.md

@@ -1,7 +1,9 @@
 ---
 title: Upgrade Guide
-description: Upgrade guide for Istio Ambient mesh.
+description: Upgrade guide for Istio ambient mode.
 weight: 10
+aliases:
+  - /docs/ops/ambient/upgrade
 owner: istio/wg-environment-maintainers
 test: n/a
 ---

content/en/docs/ambient/upgrade/helm-upgrade/common.sh

@@ -12,7 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-source "content/en/docs/ops/ambient/install/helm-installation/snips.sh"
+source "content/en/docs/ambient/install/helm-installation/snips.sh"
 
 _install_istio_ambient_helm() {
     snip_configure_helm

content/en/docs/ambient/upgrade/helm-upgrade/index.md

@@ -2,13 +2,15 @@
 title: Upgrade with Helm
 description: Upgrading an ambient mode installation with Helm.
 weight: 5
+aliases:
+  - /docs/ops/ambient/upgrade/helm-upgrade
 owner: istio/wg-environments-maintainers
 test: yes
 status: Experimental
 ---
 
 Follow this guide to upgrade and configure an ambient mode installation using
-[Helm](https://helm.sh/docs/). This guide assumes you have already performed an [ambient mesh installation with Helm](/docs/ops/ambient/install/helm-installation/) with a previous minor or patch version of Istio.
+[Helm](https://helm.sh/docs/). This guide assumes you have already performed an [ambient mode installation with Helm](/docs/ambient/install/helm-installation/) with a previous minor or patch version of Istio.
 
 {{< boilerplate ambient-alpha-warning >}}
 
@@ -136,4 +138,4 @@ $ kubectl get pods -n istio-system
 
 ## Uninstall
 
-Please refer to the uninstall section in the [Helm installation guide](/docs/ops/ambient/install/helm-installation/#uninstall).
+Please refer to the uninstall section in the [Helm installation guide](/docs/ambient/install/helm-installation/#uninstall).

content/en/docs/ambient/upgrade/helm-upgrade/snips.sh

@@ -17,7 +17,7 @@
 
 ####################################################################################################
 # WARNING: THIS IS AN AUTO-GENERATED FILE, DO NOT EDIT. PLEASE MODIFY THE ORIGINAL MARKDOWN FILE:
-#          docs/ops/ambient/upgrade/helm-upgrade/index.md
+#          docs/ambient/upgrade/helm-upgrade/index.md
 ####################################################################################################
 
 snip_update_helm() {

content/en/docs/ambient/upgrade/helm-upgrade/test.sh

@@ -18,7 +18,7 @@ set -u
 
 set -o pipefail
 
-source "content/en/docs/ops/ambient/upgrade/helm-upgrade/common.sh"
+source "content/en/docs/ambient/upgrade/helm-upgrade/common.sh"
 
 # @setup profile=none
 _install_istio_ambient_helm

content/en/docs/ambient/usage/_index.md

@@ -1,7 +1,9 @@
 ---
-title: Ambient Mode User Guides
+title: User Guides
 description: How to configure a mesh in ambient mode.
 weight: 15
+aliases:
+  - /docs/ops/ambient/usage
 owner: istio/wg-networking-maintainers
 test: n/a
 ---

content/en/docs/ambient/usage/traffic-redirection/index.md

@@ -2,6 +2,8 @@
 title: Ztunnel traffic redirection
 description: Understand how traffic is redirected between pods and the ztunnel node proxy.
 weight: 2
+aliases:
+  - /docs/ops/ambient/usage/traffic-redirection
 owner: istio/wg-networking-maintainers
 test: no
 ---
@@ -53,7 +55,7 @@ Here’s a diagram to illustrate how encrypted traffic flows between pods in the
 
 ## Observing and debugging traffic redirection in ambient mode
 
-If traffic redirection is not working correctly in ambient mode, some quick checks can be made to help narrow down the problem. To demonstrate traffic redirection in action, first follow the steps described in the [ztunnel L4 networking guide](/docs/ops/ambient/usage/ztunnel), including deployment of Istio with ambient mode enabled in a Kubernetes cluster, and the deployment of `httpbin` and `sleep` in the namespace tagged for ambient mode. Once you have verified that the application is successfully running in the ambient mesh, you can use the following steps to observe the traffic redirection.
+If traffic redirection is not working correctly in ambient mode, some quick checks can be made to help narrow down the problem. To demonstrate traffic redirection in action, first follow the steps described in the [ztunnel L4 networking guide](/docs/ambient/usage/ztunnel), including deployment of Istio with ambient mode enabled in a Kubernetes cluster, and the deployment of `httpbin` and `sleep` in the namespace tagged for ambient mode. Once you have verified that the application is successfully running in the ambient mesh, you can use the following steps to observe the traffic redirection.
 
 ### Check the ztunnel proxy logs
 

content/en/docs/ambient/usage/waypoint/index.md

@@ -2,6 +2,8 @@
 title: Layer 7 Networking & Services with Waypoint Proxies
 description: Gain the full set of Istio feature with optional waypoint proxies.
 weight: 2
+aliases:
+  - /docs/ops/ambient/usage/waypoint
 owner: istio/wg-networking-maintainers
 test: no
 ---

content/en/docs/ambient/usage/ztunnel/index.md

@@ -2,6 +2,8 @@
 title: Layer 4 Networking & mTLS with Ztunnel
 description: Understand and manage Istio's "zero-trust tunnel" proxy.
 weight: 2
+aliases:
+  - /docs/ops/ambient/usage/ztunnel
 owner: istio/wg-networking-maintainers
 test: no
 ---
@@ -10,7 +12,7 @@ test: no
 
 ## Introduction {#introsection}
 
-This guide describes in-depth the functionality and usage of the ztunnel proxy and Layer 4 networking functions in Istio ambient mesh. To simply try out Istio ambient mesh, follow the [Ambient Quickstart](/docs/ops/ambient/getting-started/) instead. This guide follows a user journey and works through multiple examples to detail the design and architecture of Istio ambient. It is highly recommended to follow the topics linked below in sequence.
+This guide describes in-depth the functionality and usage of the ztunnel proxy and Layer 4 networking functions in Istio ambient mode. To simply try out Istio ambient mode, follow the [Ambient Quickstart](/docs/ambient/getting-started/) instead. This guide follows a user journey and works through multiple examples to detail the design and architecture of Istio ambient. It is highly recommended to follow the topics linked below in sequence.
 
 * [Introduction](#introsection)
 * [Current Caveats](#caveats)
@@ -57,7 +59,7 @@ The following is a list of feature restrictions or caveats in ambient mode alpha
 
 The examples in this guide used a deployment of Istio version `1.21.0` on a `kind` cluster of version `0.20.0` running Kubernetes version `1.27.3`.
 
-The examples below require a cluster with more than 1 worker node in order to explain how cross-node traffic operates. Refer to the [installation user guide](/docs/ops/ambient/install/) or [getting started guide](/docs/ops/ambient/getting-started/) for information on installing Istio in ambient mode on a Kubernetes cluster.
+The examples below require a cluster with more than 1 worker node in order to explain how cross-node traffic operates. Refer to the [installation user guide](/docs/ambient/install/) or [getting started guide](/docs/ambient/getting-started/) for information on installing Istio in ambient mode on a Kubernetes cluster.
 
 ## Functional Overview {#functionaloverview}
 
@@ -91,7 +93,7 @@ caption="Basic ztunnel L4-only datapath"
 
 The figure depicts ambient pod workloads running on two nodes W1 and W2 of a Kubernetes cluster. There is a single instance of the ztunnel proxy on each node. In this scenario, application client pods C1, C2 and C3 need to access a service provided by pod S1 and there is no requirement for advanced L7 features such as L7 traffic routing or L7 traffic management so no Waypoint proxy is needed.
 
-The figure shows that pods C1 and C2 running on node W1 connect with pod S1 running on node W2 and their TCP traffic is tunneled through HBONE tunnel instances that have been created by the ztunnel proxy pods of each node. Mutual TLS (mTLS) is used for encryption as well as mutual authentication of traffic being tunneled. SPIFFE identities are used to identify the workloads on each side of the connection. The term `HBONE` (for HTTP Based Overlay Network Encapsulation) is used in Istio ambient to refer to a technique for transparently and securely tunneling TCP packets encapsulated within HTTPS packets. For more details on the datapath, including HBONE and the traffic redirection details, refer to the [ztunnel traffic redirection](/docs/ops/ambient/usage/traffic-redirection) guide.
+The figure shows that pods C1 and C2 running on node W1 connect with pod S1 running on node W2 and their TCP traffic is tunneled through HBONE tunnel instances that have been created by the ztunnel proxy pods of each node. Mutual TLS (mTLS) is used for encryption as well as mutual authentication of traffic being tunneled. SPIFFE identities are used to identify the workloads on each side of the connection. The term `HBONE` (for HTTP Based Overlay Network Encapsulation) is used in Istio ambient to refer to a technique for transparently and securely tunneling TCP packets encapsulated within HTTPS packets. For more details on the datapath, including HBONE and the traffic redirection details, refer to the [ztunnel traffic redirection](/docs/ambient/usage/traffic-redirection) guide.
 
 {{< tip >}}
 Note: Although the figure shows the HBONE tunnels to be between the two ztunnel proxies, in the in-pod redirection implementation introduced in Istio 1.21.0 the tunnels are in fact between the source and destination pods. Traffic is HBONE encapsulated and encrypted in the network namespace of the source pod itself, and eventually decapsulated and decrypted in the network namespace of the destination pod on the destination worker node. The ztunnel proxy still logically handles both the control plane and data plane needed for HBONE transport, however it is able to do that from inside the network namespaces of the source and destination pods.

content/en/docs/ops/ambient/install/_index.md

@@ -1,7 +0,0 @@
----
-title: Installation Guide
-description: Installation guide for Istio Ambient mesh.
-weight: 5
-owner: istio/wg-environment-maintainers
-test: n/a
----

content/en/docs/setup/additional-setup/config-profiles/index.md

@@ -44,7 +44,7 @@ for your specific needs. The following built-in configuration profiles are curre
 1. **preview**: the preview profile contains features that are experimental. This is intended to explore new features
                 coming to Istio. Stability, security, and performance are not guaranteed - use at your own risk.
 
-1. **ambient**: the ambient profile is designed to help you get started with [ambient mesh](/docs/ops/ambient).
+1. **ambient**: the ambient profile is designed to help you get started with [ambient mode](/docs/ambient).
 
     {{< boilerplate ambient-alpha-warning >}}
 

content/en/events/banners/ambient-release.md

@@ -4,7 +4,7 @@ period_start: 2024-01-27
 period_end: 2024-02-21
 period_duration: 30
 max_impressions: 4
-link: https://istio.io/docs/ops/ambient/getting-started/
+link: https://istio.io/docs/ambient/getting-started/
 ---
 
 Ambient is part of Istio {{< istio_version >}} as alpha status, try it out!

content/en/news/releases/1.19.x/announcing-1.19/_index.md

@@ -32,7 +32,7 @@ In addition to mesh traffic, usage of the API for ingress traffic [is in beta](/
 
 ### Ambient Mesh
 
-During this release cycle, the team has been hard at work improving the [ambient mesh](/docs/ops/ambient/), a new Istio deployment model alternative to the previous sidecar model. If you haven't heard of ambient yet, check out the [introduction blog post](/blog/2022/introducing-ambient-mesh/).
+During this release cycle, the team has been hard at work improving the [ambient mesh](/docs/ambient/), a new Istio deployment model alternative to the previous sidecar model. If you haven't heard of ambient yet, check out the [introduction blog post](/blog/2022/introducing-ambient-mesh/).
 
 In this release, support for `ServiceEntry`, `WorkloadEntry`, `PeerAuthentication`, and DNS proxying has been added. In addition, a number of bug fixes and reliability improvements have been made.