Merge branch 'main' into update-alert-migration-steps

Author: rishabh-f5

content/includes/use-cases/monitoring/n1c-dashboard-overview.md

@@ -10,7 +10,7 @@ Navigating the dashboard:
 - **Refine metric timeframe**: Metrics show the last hour's data by default. To view data from a different period, select the time interval you want from the drop-down menu.
 
 <span style="display: inline-block; margin-top: 20px; margin-bottom: 50px;">
-{{< img src="nginx-one/images/nginx-one-dashboard.png">}}
+{{< img src="nginx-one-console/images/nginx-one-dashboard.png">}}
 </span>
 
 {{<bootstrap-table "table table-striped table-bordered">}}

content/ngf/reference/cli-help.md

@@ -59,6 +59,8 @@ This command runs the NGINX Gateway Fabric control plane.
 | _nginx-one-tls-skip-verify_         | _bool_   | Skip TLS verification for NGINX One Console connections. |
 | _gateway-api-inference-extension_   | _bool_   | Enable Gateway API Inference Extension support. Allows for configuring InferencePools to route traffic to AI workloads. (Default: `false`) |
 | _agent-tls-secret_                  | _string_ | The name of the base Secret containing TLS CA, certificate, and key for the NGINX Agent to securely communicate with the NGINX Gateway Fabric control plane. Must exist in the same namespace that the NGINX Gateway Fabric control plane is running in (default namespace: nginx-gateway). (Default `agent-tls`) |
+| _endpoint-picker-disable-tls_       | _bool_   | Disables TLS when connecting to the EndpointPicker. Set to true only for development/testing or when using a service mesh for encryption. (Default: `false`) | 
+| _endpoint-picker-tls-skip-verify_   | _bool_   | Disables server certificate verification when connecting to the EndpointPicker, if TLS is enabled. REQUIRED: Must be true until Gateway API Inference Extension EndpointPicker supports mounting certificates. (Default `true`) |
 
 ## Sleep
 

content/nginx-one-console/api/api-reference-guide.md

@@ -9,5 +9,5 @@ tags:
 title: API reference guide
 toc: false
 weight: null
-nd-api-reference: "./nginx-one/api/one.json"
+nd-api-reference: "./nginx-one-console/api/one.json"
 ---

content/nginx-one-console/workshops/lab3/explore-nginx-one-console-features.md

@@ -48,7 +48,7 @@ Make sure you have:
 Open NGINX One Console and select **Overview**. Here are the key metrics and what they mean:
 
 <span style="display: inline-block;">
-{{< img src="nginx-one/images/nginx-one-dashboard.png"
+{{< img src="nginx-one-console/images/nginx-one-dashboard.png"
     alt="Overview dashboard showing panels for instance availability, NGINX versions, operating systems, certificates status, configuration recommendations, CVE severity, CPU and memory utilization, disk space usage, unsuccessful response codes, and network usage." >}}
 </span>
 
@@ -147,7 +147,7 @@ The **Configuration Recommendations** panel provides suggestions:
 8. Select **Next** to preview your changes, then select **Save and Publish** to apply them.  
 
 <span style="display: inline-block;">
-{{< img src="nginx-one/images/config-recommendation.png"
+{{< img src="nginx-one-console/images/config-recommendation.png"
     alt="Configuration recommendation panel showing a Best Practice warning: 'log should not be set to off on line 34', with a pencil icon to edit." >}}
 </span>
 
@@ -170,7 +170,7 @@ Try it on:
 - `$upstream_response_time`  
 
 <span style="display: inline-block;">
-{{< img src="nginx-one/images/ai-assistant.png"
+{{< img src="nginx-one-console/images/ai-assistant.png"
     alt="AI Assistant panel showing a highlighted $upstream_response_time snippet alongside the assistant's response with Purpose and Guidance headings." >}}
 </span>
 

content/nginx-one-console/workshops/lab4/config-sync-groups.md

@@ -139,7 +139,7 @@ Instead of registering containers manually, you can set the sync group in your C
 6. Instances automatically sync the existing NGINX config. When sync finishes, the **Config Sync Status** shows `In Sync`.  
 
 <span style="display: inline-block;">
-{{< img src="nginx-one/images/config-sync-status.png"
+{{< img src="nginx-one-console/images/config-sync-status.png"
     alt="Table showing hostnames, NGINX versions, operating systems, availability status, and green In Sync indicators for each instance in the config sync group." >}}
 </span>
 
@@ -163,7 +163,7 @@ Modify the shared configuration and apply the changes to all group members.
    ```
 
    <span style="display: inline-block;">
-   {{< img src="nginx-one/images/config-sync-edits.png" alt="Editor showing modifications to default.conf with validator status 'NGINX Config OK'." >}}
+   {{< img src="nginx-one-console/images/config-sync-edits.png" alt="Editor showing modifications to default.conf with validator status 'NGINX Config OK'." >}}
    </span>
 
    The file is marked **modified** and the validator shows **NGINX Config OK**.  

content/nginx-one-console/workshops/lab5/upgrade-nginx-plus-to-latest-version.md

@@ -115,7 +115,7 @@ When you recreate containers, old entries remain in NGINX One Console. Clean the
 5. Remove the filter by selecting the **X** next to the filter tag.  
 
 <span style="display: inline-block;">
-{{< img src="nginx-one/images/unavailable-instances.png"
+{{< img src="nginx-one-console/images/unavailable-instances.png"
     alt="Table of three NGINX One Console instances filtered to 'Availability = Unavailable.' Shows hostnames, NGINX versions, grey Unavailable icons, and the Delete selected button." >}}
 </span>
 

content/nginxaas-google/getting-started/create-deployment/deploy-console.md

@@ -18,13 +18,15 @@ Before you can deploy NGINXaaS, follow the steps in the [Prerequisites]({{< ref
 
 ### Create a network attachment
 
-NGINXaaS requires a [network attachment](https://cloud.google.com/vpc/docs/about-network-attachments) to connect your consumer Virtual Private Cloud (VPC) network and your NGINXaaS deployment's VPC network.
+NGINXaaS requires a [network attachment](https://cloud.google.com/vpc/docs/about-network-attachments) to connect your NGINXaaS deployment to your VPC network.
 
 1. Access the [Google Cloud Console](https://console.cloud.google.com/).
 1. Create a consumer VPC network and subnetwork. See [Google's documentation on creating a VPC and subnet](https://cloud.google.com/vpc/docs/create-modify-vpc-networks#console_1) for a step-by-step guide.
-   - The region you choose in this step must match the region where your NGINXaaS deployment will be created.
-1. Create a network attachment in your new subnet that automatically accepts connections. See [Google's documentation on creating a network attachment](https://cloud.google.com/vpc/docs/create-manage-network-attachments#console_1) for a step-by-step guide.
-1. Make a note of the network attachment ID. You will need it in the next steps to create your NGINXaaS deployment.
+   - The region you select for the network attachment determines the region where your NGINXaaS deployment will be created. You do not manually select a region when creating an NGINXaaS deployment; it will automatically be created in the same region as the network attachment.
+1. Create a network attachment in your new subnet. See [Google's documentation on creating a network attachment](https://cloud.google.com/vpc/docs/create-manage-network-attachments#create-network-attachments) for a step-by-step guide.
+   - For **production use cases**, we recommend setting the **Connection preference** on the Network Attachment resource to **Accept connections from selected projects**. This lets you manually approve trusted connections, as this setting cannot be changed later. To start, you can leave the list of accepted projects empty and add the NGINXaaS deployment project after it is created.
+   - For **development use cases**, you can set the **Connection preference** to **Automatically accept connections from all projects**, which allows connections without manual approval. If you choose this option, you don't need to explicitly allow the NGINXaaS deployment project.
+2. Make a note of the network attachment ID. You will need it in the next steps to create your NGINXaaS deployment.
 
    {{< call-out "caution" >}}NGINXaaS for Google Cloud currently supports the following regions:
 
@@ -68,6 +70,8 @@ Next, create a new NGINXaaS deployment using the NGINXaaS Console:
 
 Your new deployment will appear in the list of deployments. The status of the deployment will be "Pending" while the deployment is being created. Once the deployment is complete, the status will change to "Ready".
 
+{{< call-out "important" >}}If the **Connection preference** on the Network Attachment resource is set to **Accept connections from selected projects**, you will need to add the **NGINXaaS deployment project** to the list of **Accepted projects** for the deployment to provision successfully. The NGINXaaS deployment `Project ID` can be found under the `Cloud Info` section for your deployment. Failing to do so will leave the deployment in a `Pending` state, with details provided on the necessary actions required to proceed.{{< /call-out >}}
+
 ## Configure your deployment
 
 In the NGINXaaS Console,
@@ -107,4 +111,4 @@ To set up connectivity to your NGINXaaS deployment, you will need to configure a
 
 ## What's next
 
-[Manage your NGINXaaS users]({{< ref "/nginxaas-google/getting-started/manage-users-accounts.md" >}})
+[Manage your NGINXaaS users]({{< ref "/nginxaas-google/getting-started/manage-users-organizations.md" >}})

content/nginxaas-google/getting-started/manage-users-accounts.md

@@ -0,0 +1,71 @@
+---
+title: Manage users and organizations
+weight: 300
+toc: true
+nd-docs: DOCS-000
+url: /nginxaas/google/getting-started/manage-users-organizations/
+type:
+- how-to
+---
+
+## Overview
+
+This document explains how to manage users and organizations in F5 NGINXaaS for Google Cloud using the NGINXaaS console.
+
+Before you start, ensure you understand the following concepts:
+
+- **NGINXaaS Organization**: An NGINXaaS Organization is created when you subscribe to *F5 NGINXaaS for Google Cloud* via the Google Cloud Marketplace, as described in [prerequisites]({{< ref "/nginxaas-google/getting-started/prerequisites.md" >}}). You may create multiple NGINXaaS Organizations by signing up with different GCP billing accounts.
+- **User**: NGINXaaS Users are granted access to all resources in the NGINXaaS Organization. User authentication is performed securely via Google Cloud, requiring a matching identity. Individuals can be added as users to multiple NGINXaaS Organizations, and can switch between them using the steps documented below.
+- **Authorized Domains**: The list of domains allowed to authenticate into the NGINXaaS Organization using Google authentication.
+   - This can be used to restrict access to Google identities within your Google Cloud Organization or Google Workspace, or other known, trusted Workspaces. For example, your Google Cloud Organization may have users created under the `example.com` domain. By setting the Authorized Domains in your NGINXaaS Organization to only allow `example.com`, users attempting to log in with the same email associated with `alternative.net` Google Workspace would not be authenticated.
+   - By default, an NGINXaaS Organization has an empty authorized domains list, which accepts matching users from any Google Workspace.
+
+## Add or edit a user
+
+An existing NGINXaaS Organization user can add additional users following these steps:
+
+1. Access the [NGINXaaS Console](https://console.nginxaas.net/).
+1. Log in to the console with your Google credentials.
+1. Navigate to **Users** page on the left menu, then select **Add User**.
+1. Enter the **Email** address for the user to be added. The email must match the individual's Google User to be able to authenticate successfully.
+1. Select **Create User** to save the changes.
+
+The new user will appear in the list of users on the **Users** page. Their **Google Identity Domain** will remain empty until they log in for the first time.
+
+## Modify organization settings
+
+As an authenticated user, you may modify the authorized domains and name of an NGINXaaS Organization.
+
+
+### Modify Authorized Domains
+
+1. Select **Organization Details** under the **Settings** section on the left menu.
+1. Select **Edit** in the **Authorized Domains** section.
+1. To add a new authorized domain, select **Add Domain** and enter the new domain.
+1. To remove an existing authorized domain, select the Recycle Bin button next to it.
+1. Select **Update** to save changes.
+
+{{< call-out "note" >}}You cannot remove an authorized domain from the list if it matches an existing user's Google Identity Domain. To remove access from that domain you must first delete every NGINXaaS user that is associated with the domain.{{< /call-out >}}
+
+### Modify the name of an organization
+
+1. Select **Organization Details** under the **Settings** section on the left menu.
+1. Select **Edit** in the **Organization Info** section.
+1. Enter new name in **Organization Name** field, then select **Update** to save changes.
+
+## Switch organizations
+
+To switch to a different NGINXaaS Organization, select the profile symbol in the top right corner and choose **Switch Organization**. This opens a page showing the list of all the NGINXaaS Organizations that your Google Identity is linked to; select the organization you want to switch to.
+
+## Delete a user
+
+An authenticated user can delete other users (other than their own user account). Deletion is irreversible; the deleted user will no longer be able to access the NGINXaaS Organization.
+
+To delete a user in an NGINXaaS Organization:
+
+1. Select **Organization Details** under the **Settings** section on the left menu.
+1. Select the ellipsis (three dots) menu next to the user you want to delete.
+1. Select **Delete** in the menu. The deleted user will no longer appear in the **Users** page.
+
+## What's next
+[Add certificates using the NGINXaaS Console]({{< ref "/nginxaas-google/getting-started/ssl-tls-certificates/ssl-tls-certificates-console.md" >}})

content/nginxaas-google/getting-started/manage-users-organizations.md

@@ -18,9 +18,7 @@ This document provides definitions for terms and acronyms commonly used in F5 NG
 | GC (Geographical Controller)| Geographical Controller (GC) is a control plane that serves users in a given geographical boundary while taking into account concerns relating to data residency and localization. Example: A US geographical controller serves US customers. We currently have presence in two Geographies: **US** and **EU**. |
 | NGINXaas Account            | Represents a Google Cloud procurement with an active Marketplace NGINXaaS subscription, linked to a billing account. To create an account, see the signup documentation in [prerequisites]({{< ref "/nginxaas-google/getting-started/prerequisites.md" >}}). |
 | NGINXaaS User | NGINXaaS Users are granted access to all resources in the NGINXaaS Account. User authentication is performed securely via Google Cloud, requiring a matching identity. Individuals can be added as users to multiple NGINXaaS Accounts, and can switch between them using the steps documented below. |
-| Network attachment          | A Google Cloud resource that enables a VM instance to connect to a VPC network. [More information](https://cloud.google.com/vpc/docs/about-network-attachments).   |
 | VPC network                 | A Virtual Private Cloud (VPC) network is a virtual version of a physical network, implemented within Google Cloud. It provides networking functionality for your Google Cloud resources. [More information](https://cloud.google.com/vpc/docs/vpc). |
+| Network attachment          | A Google Cloud resource that connects your NGINXaaS deployment to upstream applications in your VPC network. [More information](https://cloud.google.com/vpc/docs/about-network-attachments).   |
 
-
-
-{{</table>}}
+{{</table>}}