docs(tproxy): restructure and expand transparent proxy documentation

.github/styles/config/vocabularies/Base/accept.txt

@@ -149,7 +149,7 @@ subcommand
 subgraph
 subproject
 sudo
-Syslog
+[sS]yslog
 target[Rr]ef
 tbl
 tcpdump
@@ -173,8 +173,14 @@ Vuejs
 websockets?
 wireframes?
 workspace
-yaml
+yaml|YAML
 yml
 [xX]DS|xds
 Zipkin
 zsh
+xtables
+netfilter
+UIDs?
+use_original_dst
+orin
+ConfigMap

.vale.ini

@@ -5,12 +5,13 @@ Vocab = Base
 
 Packages = Google
 SkippedScopes = code
-IgnoredClasses=code
+IgnoredClasses = code
 
 [*.md]
 BasedOnStyles = Vale, Google
 BlockIgnores = (\((http.*://|\.\/|\/).*?\)), \
-{\:.*?}
+{\:.*?}, \
+(?s) *({% ?cpinstall.*?%}.*?{% ?endcpinstall ?%})
 TokenIgnores = {%.*?%}, \
 {{.*?}}, \
 (?:)(/[(A-Za-z0-9)(\055/)(_)]*/), \

app/_assets/entrypoints/application.js

@@ -39,5 +39,5 @@ document.addEventListener('DOMContentLoaded', (event) => {
     placement: 'left',
     icon: '#'
   });
-  anchors.add('.doc h1, .doc h2, .doc h3, .doc h4, .doc h5, .doc h6');
+  anchors.add('.doc h1:not(.no-anchor), .doc h2:not(.no-anchor), .doc h3:not(.no-anchor), .doc h4:not(.no-anchor), .doc h5:not(.no-anchor), .doc h6:not(.no-anchor)');
 });

app/_assets/styles/vuepress-core/index.scss

@@ -164,6 +164,10 @@ h3 {
   font-size: 1.35rem;
 }
 
+h4 {
+  font-size: 1.15rem;
+}
+
 a.header-anchor {
   font-size: 0.85em;
   float: left;

app/_assets/styles/vuepress-core/sidebar-group.scss

@@ -18,17 +18,15 @@
     }
     & > .sidebar-group-items {
       padding-left: 1rem;
-      & > li > .sidebar-link {
-        font-size: 0.95em;
-        border-left: none;
+
+      & > li {
+        & > .sidebar-link, .sidebar-group .sidebar-heading {
+          font-size: 0.95em;
+          border-left: none;
+        }
       }
     }
   }
-  &.depth-2 {
-    & > .sidebar-heading {
-      border-left: none;
-    }
-  }
 }
 
 .sidebar-heading {

app/_data/docs_nav_kuma_2.10.x.yml

@@ -103,10 +103,11 @@ items:
             url: /production/dp-config/dpp-on-universal/
           - text: Configure the Kuma CNI
             url: /production/dp-config/cni/
-          - text: Configure transparent proxying
-            url: /production/dp-config/transparent-proxying/
           - text: IPv6 support
             url: /production/dp-config/ipv6/
+          - text: Transparent Proxy
+            url: /networking/transparent-proxy/introduction
+            generate: false
       - title: Secure your deployment
         group: true
         items:
@@ -274,8 +275,39 @@ items:
                 url: "/networking/meshexternalservice/#configuration"
               - text: Examples
                 url: "/networking/meshexternalservice/#examples"
-          - text: Transparent Proxying
-            url: /networking/transparent-proxying/
+          - title: Transparent Proxy
+            group: true
+            items:
+              - text: Introduction
+                url: /networking/transparent-proxy/introduction/
+              - text: Technical Overview
+                url: /networking/transparent-proxy/technical-overview/
+              - text: Kubernetes
+                url: /networking/transparent-proxy/kubernetes/
+                items:
+                  - text: Configuration
+                    url: /networking/transparent-proxy/kubernetes/#configuration
+                  - text: Control Plane Runtime Configuration
+                    url: /networking/transparent-proxy/kubernetes/#control-plane-runtime-configuration
+                  - text: Configuration in ConfigMap
+                    url: /networking/transparent-proxy/kubernetes/#configuration-in-configmap-experimental
+                  - text: Annotations
+                    url: /networking/transparent-proxy/kubernetes/#annotations
+              - text: Universal
+                url: /networking/transparent-proxy/universal/
+                items:
+                  - text: Installation
+                    url: /networking/transparent-proxy/universal/#installation
+                  - text: Upgrading
+                    url: /networking/transparent-proxy/universal/#upgrading
+                  - text: Configuration
+                    url: /networking/transparent-proxy/universal/#configuration
+                  - text: firewalld support
+                    url: /networking/transparent-proxy/universal/#firewalld-support
+              - text: Reachable Services
+                url: /networking/transparent-proxy/reachable-services/
+              - text: Reachable Backends
+                url: /networking/transparent-proxy/reachable-backends/
   - title: Policies
     group: true
     items:
@@ -500,10 +532,12 @@ items:
         url: /guides/otel-metrics/
       - text: Migration to the new policies
         url: /guides/migration-to-the-new-policies/
-      - text: Progressively rolling in strict MTLS
+      - text: Progressively rolling in strict mTLS
         url: /guides/progressively-rolling-in-strict-mtls/
       - text: Producer and consumer policies
         url: /guides/consumer-producer-policies
+      - text: Excluding Traffic From Transparent Proxy
+        url: /guides/excluding-traffic-from-transparent-proxy-redirection/
   - title: Reference
     group: true
     items:
@@ -517,6 +551,23 @@ items:
         url: /reference/kuma-cp
       - text: Envoy proxy template
         url: /reference/proxy-template/
+      - text: Transparent Proxy Configuration
+        url: /reference/transparent-proxy-configuration/
+        items:
+          - text: Schema
+            url: /reference/transparent-proxy-configuration/#schema
+          - text: Environment Variables
+            url: /reference/transparent-proxy-configuration/#environment-variables
+          - text: CLI Flags
+            url: /reference/transparent-proxy-configuration/#cli-flags
+          - text: Default Values
+            url: /reference/transparent-proxy-configuration/#default-values
+          - text: Control Plane Runtime Configuration
+            url: /reference/transparent-proxy-configuration/#control-plane-runtime-configuration
+          - text: Annotations
+            url: /reference/transparent-proxy-configuration/#annotations
+          - text: Full Reference
+            url: /reference/transparent-proxy-configuration/#full-reference
   - title: Community
     group: true
     items:

app/_data/docs_nav_kuma_2.9.x.yml

@@ -103,10 +103,11 @@ items:
             url: /production/dp-config/dpp-on-universal/
           - text: Configure the Kuma CNI
             url: /production/dp-config/cni/
-          - text: Configure transparent proxying
-            url: /production/dp-config/transparent-proxying/
           - text: IPv6 support
             url: /production/dp-config/ipv6/
+          - text: Transparent Proxy
+            url: /networking/transparent-proxy/introduction
+            generate: false
       - title: Secure your deployment
         group: true
         items:
@@ -274,8 +275,39 @@ items:
                 url: "/networking/meshexternalservice/#configuration"
               - text: Examples
                 url: "/networking/meshexternalservice/#examples"
-          - text: Transparent Proxying
-            url: /networking/transparent-proxying/
+          - title: Transparent Proxy
+            group: true
+            items:
+              - text: Introduction
+                url: /networking/transparent-proxy/introduction/
+              - text: Technical Overview
+                url: /networking/transparent-proxy/technical-overview/
+              - text: Kubernetes
+                url: /networking/transparent-proxy/kubernetes/
+                items:
+                  - text: Configuration
+                    url: /networking/transparent-proxy/kubernetes/#configuration
+                  - text: Control Plane Runtime Configuration
+                    url: /networking/transparent-proxy/kubernetes/#control-plane-runtime-configuration
+                  - text: Configuration in ConfigMap
+                    url: /networking/transparent-proxy/kubernetes/#configuration-in-configmap-experimental
+                  - text: Annotations
+                    url: /networking/transparent-proxy/kubernetes/#annotations
+              - text: Universal
+                url: /networking/transparent-proxy/universal/
+                items:
+                  - text: Installation
+                    url: /networking/transparent-proxy/universal/#installation
+                  - text: Upgrading
+                    url: /networking/transparent-proxy/universal/#upgrading
+                  - text: Configuration
+                    url: /networking/transparent-proxy/universal/#configuration
+                  - text: firewalld support
+                    url: /networking/transparent-proxy/universal/#firewalld-support
+              - text: Reachable Services
+                url: /networking/transparent-proxy/reachable-services/
+              - text: Reachable Backends
+                url: /networking/transparent-proxy/reachable-backends/
   - title: Policies
     group: true
     items:
@@ -500,10 +532,12 @@ items:
         url: /guides/otel-metrics/
       - text: Migration to the new policies
         url: /guides/migration-to-the-new-policies/
-      - text: Progressively rolling in strict MTLS
+      - text: Progressively rolling in strict mTLS
         url: /guides/progressively-rolling-in-strict-mtls/
       - text: Producer and consumer policies
         url: /guides/consumer-producer-policies
+      - text: Excluding Traffic From Transparent Proxy
+        url: /guides/excluding-traffic-from-transparent-proxy-redirection/
   - title: Reference
     group: true
     items:
@@ -517,6 +551,23 @@ items:
         url: /reference/kuma-cp
       - text: Envoy proxy template
         url: /reference/proxy-template/
+      - text: Transparent Proxy Configuration
+        url: /reference/transparent-proxy-configuration/
+        items:
+          - text: Schema
+            url: /reference/transparent-proxy-configuration/#schema
+          - text: Environment Variables
+            url: /reference/transparent-proxy-configuration/#environment-variables
+          - text: CLI Flags
+            url: /reference/transparent-proxy-configuration/#cli-flags
+          - text: Default Values
+            url: /reference/transparent-proxy-configuration/#default-values
+          - text: Control Plane Runtime Configuration
+            url: /reference/transparent-proxy-configuration/#control-plane-runtime-configuration
+          - text: Annotations
+            url: /reference/transparent-proxy-configuration/#annotations
+          - text: Full Reference
+            url: /reference/transparent-proxy-configuration/#full-reference
   - title: Community
     group: true
     items:

app/_data/tproxy.yaml

@@ -0,0 +1,57 @@
+config:
+  redirect:
+    inbound:
+      excludePorts: &excludePortsInbound
+        path: redirect.inbound.excludePorts
+        flag: --exclude-inbound-ports
+        env: KUMA_TRANSPARENT_PROXY_REDIRECT_INBOUND_EXCLUDE_PORTS
+        runtime:
+          path: runtime.kubernetes.injector.sidecarTraffic.excludeInboundPorts
+          env: KUMA_RUNTIME_KUBERNETES_SIDECAR_TRAFFIC_EXCLUDE_INBOUND_PORTS
+      excludePortsForIPs: &excludePortsForIPsInbound
+        path: redirect.inbound.excludePortsForIPs
+        flag: --exclude-inbound-ips
+        env: KUMA_TRANSPARENT_PROXY_REDIRECT_INBOUND_EXCLUDE_PORTS_FOR_IPS
+        runtime:
+          path: runtime.kubernetes.injector.sidecarTraffic.excludeInboundIPs
+          env: KUMA_RUNTIME_KUBERNETES_SIDECAR_TRAFFIC_EXCLUDE_INBOUND_IPS
+    outbound:
+      excludePorts: &excludePortsOutbound
+        path: redirect.outbound.excludePorts
+        flag: --exclude-outbound-ports
+        env: KUMA_TRANSPARENT_PROXY_REDIRECT_OUTBOUND_EXCLUDE_PORTS
+        runtime:
+          path: runtime.kubernetes.injector.sidecarTraffic.excludeOutboundPorts
+          env: KUMA_RUNTIME_KUBERNETES_SIDECAR_TRAFFIC_EXCLUDE_OUTBOUND_PORTS
+      excludePortsForIPs: &excludePortsForIPsOutbound
+        path: redirect.outbound.excludePortsForIPs
+        flag: --exclude-outbound-ips
+        env: KUMA_TRANSPARENT_PROXY_REDIRECT_OUTBOUND_EXCLUDE_PORTS_FOR_IPS
+        runtime:
+          path: runtime.kubernetes.injector.sidecarTraffic.excludeOutboundIPs
+          env: KUMA_RUNTIME_KUBERNETES_SIDECAR_TRAFFIC_EXCLUDE_OUTBOUND_IPS
+
+defaults:
+  redirect:
+    inbound:
+      port: 15006
+    outbound:
+      port: 15001
+    dns:
+      port: 15053
+  kuma-dp:
+    username: kuma-dp
+    uid: 5678
+  resolv:
+    conf:
+      path: /etc/resolv.conf
+
+data:
+  guides:
+    exclude-traffic:
+      excludePorts:
+        - *excludePortsInbound
+        - *excludePortsOutbound
+      excludeIPs:
+        - *excludePortsForIPsInbound
+        - *excludePortsForIPsOutbound