Docs/igw docs day refactor (#17259)

* reformatted IGW conf ref

* set up nav structure for IGW docs

* added main usage IGW usage doc

* added usage for serving custom tls certs

* updated internal links

* Update website/content/docs/connect/config-entries/ingress-gateway.mdx

* Apply suggestions from code review

Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>

* changed filenames for IGW usage pages

* Apply suggestions from code review

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>

---------

Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>

website/content/api-docs/agent/service.mdx

@@ -630,12 +630,12 @@ The `/agent/service/register` endpoint supports camel case and _snake case_ for
 
 - `Port` `(int: 0)` - Specifies the port of the service.
 
-- `Kind` `(string: "")` - The kind of service. Defaults to "" which is a
-  typical Consul service. This value may also be "connect-proxy" for
-  [service mesh](/consul/docs/connect) proxies representing another service,
-  "mesh-gateway" for instances of a [mesh gateway](/consul/docs/connect/gateways/mesh-gateway#service-mesh-proxy-configuration),
-  "terminating-gateway" for instances of a [terminating gateway](/consul/docs/connect/gateways/terminating-gateway),
-  or "ingress-gateway" for instances of a [ingress gateway](/consul/docs/connect/gateways/ingress-gateway).
+- `Kind` `(string: "")` - The kind of service. Defaults to `""`, which is a
+  typical Consul service. You can specify the following values: 
+  - `"connect-proxy"` for [service mesh](/consul/docs/connect) proxies representing another service
+  - `"mesh-gateway"` for instances of a [mesh gateway](/consul/docs/connect/gateways/mesh-gateway#service-mesh-proxy-configuration)
+  - `"terminating-gateway"` for instances of a [terminating gateway](/consul/docs/connect/gateways/terminating-gateway)
+  - `"ingress-gateway"` for instances of an [ingress gateway](/consul/docs/connect/gateways/ingress-gateway)
 
 - `Proxy` `(Proxy: nil)` - From 1.2.3 on, specifies the configuration for a
   service mesh proxy instance. This is only valid if `Kind` defines a proxy or gateway.

website/content/commands/connect/envoy.mdx

@@ -165,11 +165,9 @@ compatibility with Envoy and prevent potential issues. Default is `false`.
   If Envoy is configured as a terminating or mesh gateway, traffic from services
   within the mesh will be received at the specified IP and port.
 
-  If Envoy is configured as an ingress gateway, a `/ready` HTTP endpoint will be
-  instantiated at the specified IP and port. Consul uses `/ready` HTTP endpoints
-  to check gateway health. The specified IP will also be used by the ingress
-  gateway when instantiating user-defined listeners configured in the
-  [ingress gateway](/consul/docs/connect/gateways/ingress-gateway) configuration entry.
+  If Envoy is configured as an ingress gateway, Consul instantiates a `/ready` HTTP endpoint at the specified IP and port. Consul uses `/ready` HTTP endpoints
+  to check gateway health. Ingress gateways also use the specified IP when instantiating user-defined listeners configured in the
+  [ingress gateway configuration entry](/consul/docs/connect/config-entries/ingress-gateway).
 
   ~> **Note**: Ensure that user-defined ingress gateway listeners use a
      different port than the port specified in `-address` so that they do not

website/content/docs/connect/gateways/ingress-gateway/index.mdx

@@ -0,0 +1,26 @@
+---
+layout: docs
+page_title: Ingress gateway overview
+description: >-
+   Ingress gateways enable you to connect external services to services in your mesh. Ingress gateways are a type of proxy that listens for requests from external network locations and route authorized traffic to destinations in the service mesh. 
+---
+
+# Ingress gateways overview
+
+An ingress gateway is a type of proxy that enables network connectivity from external services to services inside the mesh. The following diagram describes the ingress gateway workflow:
+
+![Ingress Gateway Architecture](/img/ingress-gateways.png)
+
+## Workflow
+
+The following stages describe how to add an ingress gateway to your service mesh: 
+
+1. Configure ingress gateway listeners: Create an ingress gateway configuration entry and specify which services to expose to external requests. The configuration entry allows you to define what services should be exposed, on what port, and by what hostname. You can expose services registered with Consul or expose virtual services defined in other configuration entries. Refer to [Ingress gateway configuration entry reference](/consul/docs/connect/config-entries/ingress-gateway) for details on the configuration parameters you can specify.
+
+1. Define an ingress gateway proxy service: Ingress gateways are a special-purpose proxy service that you can define and register in a similar manner to other services. When you register the ingress gateway service, Consul applies the configurations defined in the ingress gateway configuration reference. Refer to [Implement an ingress gateway](/consul/docs/connect/gateways/ingress-gateway/usage) for additional information.
+
+1. Start the network proxy: The ingress gateway proxy service accepts configurations from the configuration entry and directs requests to the exposed services. When the external traffic passes through the ingress gateway, your sidecar proxy handles the inbound and outbound connections between the exposed services and the gateway. Refer to [Service mesh proxy overview](/consul/docs/connect/proxies) to learn more about the proxies Consul supports.
+
+## Integrations with custom TLS management solutions
+
+You can configure the ingress gateway to retrieve and serve custom TLS certificates from external systems. This functionality is designed to help you integrate with custom TLS management software. Refer to [Serve custom TLS certificates from an external service](/consul/docs/connect/gateways/ingress-gateway/tls-external-service) for additional information.