Adds new Zero IA (#1439)

* moves cluster status

* changes to sidebar

* fixes breaking links

* removes releases, adds versioning partial to changelogs

* moves k8s, adds redirects

* removes production-deployment page

* moves clients, adds redirects

* creates upstream services guides directory

* removes Client from sidebar labels

* updates text

* Revert "creates upstream services guides directory"

This reverts commit f61e4bd.

* creates guides subsections

* removes securing tcp guide, adds to capabilities examples

* removes js-sdk guide, redirects to capabilities page

* removes local oidc, redirects to idp oidc guide

* updates sidebar to move guide locations

* removes idp and integrations sidebar slices

* splits up certificates concepts page & creates new mTLS guide

* adds integrations to capabilities section

* adds zero install page

* runs yarn format

* fixes breaking links

* fixes cspell errors

* runs prettier

Author: ZPain8464

.pre-commit-config.yaml

@@ -6,7 +6,7 @@ repos:
         additional_dependencies:
           - 'prettier@2.7.1'
         files: ^content\/.*$
-        exclude: content/docs/deploy/k8s/reference.md
+        exclude: content/docs/k8s/reference.md
   - repo: https://github.com/streetsidesoftware/cspell-cli
     rev: v6.2.0
     hooks:

content/docs/admonitions/_semantic-versioning.mdx

@@ -0,0 +1,9 @@
+### Versioning
+
+Pomerium uses [Semantic Versioning](https://semver.org/). In practice, this means for a given version number **vMAJOR**.**MINOR**.**PATCH** (for example, `v0.1.0`):
+
+- **MAJOR** indicates an incompatible API change
+- **MINOR** indicates a new, backwards-compatible functionality
+- **PATCH** indicates a backwards-compatible bug fix
+
+As Pomerium is still pre-`v1.0.0`, you should expect breaking changes between releases.

content/docs/admonitions/_upgrade-versions.mdx

@@ -1 +1 @@
-**Before you upgrade:** Set your Core and Enterprise instances to the same **MINOR** version number. For example, if your Core instance is on **v0.22.1**, Enterprise should be set to **v0.22.0**. See [Versioning](/docs/deploy/releases#versioning) for more information.
+**Before you upgrade:** Set your Core and Enterprise instances to the same **MINOR** version number. For example, if your Core instance is on **v0.22.1**, Enterprise should be set to **v0.22.0**.

content/docs/capabilities/authentication.mdx

@@ -56,7 +56,7 @@ By configuring your applications to route requests to Pomerium’s Proxy service
 
 :::enterprise
 
-[Enterprise customers](https://www.pomerium.com/enterprise-sales/) can enforce context-aware access with Pomerium’s [external data sources](/docs/integrations) feature (directory sync).
+[Enterprise customers](https://www.pomerium.com/enterprise-sales/) can enforce context-aware access with Pomerium’s [external data sources](/docs/capabilities/integrations) feature (directory sync).
 
 :::
 

content/docs/capabilities/authorization.mdx

@@ -108,7 +108,7 @@ In this example, Pomerium will grant a user access if their email address ends i
 
 :::enterprise
 
-The Enterprise Console provides a policy builder GUI so you can build policies and reapply them to multiple routes and namespaces. See our [**Enterprise**](/docs/deploy/enterprise) page to learn more.
+The Enterprise Console provides a policy builder GUI so you can build policies and reapply them to multiple routes and namespaces. See our [**Enterprise**](/docs/enterprise) page to learn more.
 
 :::
 
@@ -274,7 +274,7 @@ This example pulls session data from the Databroker service using `type.googleap
 
 ::::enterprise
 
-In the [**Enterprise Console**](/docs/deploy/enterprise), you can write policies in Rego with the PPL builder:
+In the [**Enterprise Console**](/docs/enterprise), you can write policies in Rego with the PPL builder:
 
 ![Apply Rego in Console editor](./img/authorization/ppl-rego-policy.png)
 
@@ -311,7 +311,7 @@ For routes with policies that allow public, unauthenticated access, Pomerium _wi
 
 :::enterprise
 
-[Device identity](/docs/capabilities/device-identity) is an Enterprise feature. Check out our [Enterprise](/docs/deploy/enterprise) page to learn more.
+[Device identity](/docs/capabilities/device-identity) is an Enterprise feature. Check out our [Enterprise](/docs/enterprise) page to learn more.
 
 :::
 

content/docs/capabilities/branding.md

@@ -7,7 +7,7 @@ description: Add custom colors, logos, and error messages.
 
 :::enterprise
 
-This article describes a use case available to [Pomerium Enterprise](/docs/deploy/enterprise/install) customers.
+This article describes a use case available to [Pomerium Enterprise](/docs/enterprise/install) customers.
 
 :::
 

content/docs/capabilities/device-identity.mdx

@@ -32,7 +32,7 @@ Device identity is the unique ID associated with a device. In the context of zer
 
 ## Device identity with Pomerium
 
-Pomerium versions [0.16.0](/docs/deploy/core/upgrading#policy-for-device-identity) and up support the use of device identity as a criteria in authorization policies. Pomerium uses the [Web Authentication](https://www.w3.org/TR/webauthn-2/#registration-extension) (WebAuthn) API to bring authentication and authorization based on device identity into your security framework. With Pomerium’s device identity support, users can register devices and administrators can limit access to devices they trust.
+Pomerium versions [0.16.0](/docs/core/upgrading#policy-for-device-identity) and up support the use of device identity as a criteria in authorization policies. Pomerium uses the [Web Authentication](https://www.w3.org/TR/webauthn-2/#registration-extension) (WebAuthn) API to bring authentication and authorization based on device identity into your security framework. With Pomerium’s device identity support, users can register devices and administrators can limit access to devices they trust.
 
 ## Device identity features
 
@@ -102,7 +102,7 @@ Give the link to the user.
 
 If a Pomerium route [requires device authentication](/docs/capabilities/ppl#device-matcher), the user must register a [trusted execution environment](/docs/concepts/device-identity#authenticated-device-types) (**TEE**) device before accessing the route. Registration differs depending on the device.
 
-The steps below cover enrollment of a device by a user. This is available for both Pomerium Core and [Pomerium Enterprise](/docs/deploy/enterprise/install) installations. However, Enterprise users may also receive registration links [generated by their administrators](/docs/capabilities/device-identity), which will mark the newly enrolled device as approved in the Enterprise Console.
+The steps below cover enrollment of a device by a user. This is available for both Pomerium Core and [Pomerium Enterprise](/docs/enterprise/install) installations. However, Enterprise users may also receive registration links [generated by their administrators](/docs/capabilities/device-identity), which will mark the newly enrolled device as approved in the Enterprise Console.
 
 1. Users are prompted to register a new device when accessing a route that requires device authentication:
 

content/docs/capabilities/enterprise-api.mdx

@@ -17,7 +17,7 @@ The Pomerium Enterprise Console supports programmatic interaction through a gRPC
 
 This doc assumes:
 
-- You've installed [Pomerium Core](/docs/deploy/core) and [Pomerium Enterprise](/docs/deploy/enterprise/install)
+- You've installed [Pomerium Core](/docs/core) and [Pomerium Enterprise](/docs/enterprise/install)
 - The connection to the Enterprise Console service is encrypted
 
 ## Configure a new route

content/docs/capabilities/getting-users-identity.md

@@ -118,8 +118,6 @@ A single-page javascript application can verify the JWT using the [JavaScript SD
 
 <ReactApp />
 
-See the [JavaScript SDK guide](/docs/guides/js-sdk) for more information.
-
 ### Manual verification
 
 Though you will likely verify signed headers programmatically in your application's middleware with a third-party JWT library, if you are new to JWT it may be helpful to show what manual verification looks like.

content/docs/capabilities/high-availability.mdx

@@ -40,7 +40,7 @@ Pomerium's individual components can be divided into two categories; the data pl
 
 :::tip
 
-Our [Kubernetes](/docs/deploy/k8s/quickstart) supports [Horizontal Pod Autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/).
+Our [Kubernetes](/docs/k8s/quickstart) supports [Horizontal Pod Autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/).
 
 :::
 
@@ -92,7 +92,7 @@ In any production deployment, running multiple replicas of each Pomerium service
 
 You should deploy Layer 4 load balancing between end users and Pomerium Proxy services to provide high availability and horizontal scaling. Do not use L7 load balancers, since the Proxy service handles redirects, sticky sessions, etc.
 
-Note that deployments on Kubernetes can utilize The [Pomerium Ingress Controller](/docs/deploy/k8s/ingress) to simplify configuration.
+Note that deployments on Kubernetes can utilize The [Pomerium Ingress Controller](/docs/k8s/ingress) to simplify configuration.
 
 ### Authenticate