Merge branch 'release/v2.1.2' into main

deploy-versions.json

@@ -1 +1 @@
-[{"text":"Latest","icon":"fas fa-home","key":"latest","tag":"v2.1.1"}]
+[{"text":"Latest","icon":"fas fa-home","key":"latest","tag":"v2.1.2"}]

package.json

@@ -1,7 +1,7 @@
 {
   "name": "zilla-docs",
   "type": "module",
-  "version": "2.1.1",
+  "version": "2.1.2",
   "description": "The official documentation for the aklivity/zilla open-source project",
   "keywords": [],
   "author": "aklivity.io",
@@ -24,10 +24,11 @@
   "devDependencies": {
     "@vuepress/bundler-vite": "2.0.0-rc.13",
     "@vuepress/plugin-catalog": "2.0.0-rc.36",
-    "@vuepress/plugin-docsearch": "2.0.0-rc.36",
+    "@vuepress/plugin-docsearch": "2.0.0-rc.28",
     "@vuepress/plugin-google-analytics": "2.0.0-rc.34",
-    "@vuepress/plugin-prismjs": "2.0.0-rc.36",
+    "@vuepress/plugin-redirect": "2.0.0-rc.36",
     "@vuepress/plugin-register-components": "2.0.0-rc.34",
+    "@vuepress/plugin-shiki": "2.0.0-rc.36",
     "link-checker": "^1.4.2",
     "markdownlint-cli2": "^0.8.1",
     "mathjax-full": "^3.2.2",

src/.vuepress/sidebar/en.ts

@@ -101,20 +101,16 @@ export const enSidebar = sidebar({
       icon: "aky-zilla-plus",
       children: [
         {
-          text: "Overview",
+          text: "Deployment Options",
           link: "concepts/kafka-proxies/secure-public-access.md",
           children: [],
         },
         {
           text: "Amazon MSK",
           collapsible: true,
           prefix: "how-tos/amazon-msk/secure-public-access/",
-          link: "how-tos/amazon-msk/secure-public-access/overview.md",
+          link: "how-tos/amazon-msk/secure-public-access/production.md",
           children: [
-            {
-              text: "Deployment Options",
-              link: "overview.md",
-            },
             {
               text: "Terraform",
               link: "https://github.com/aklivity/zilla-plus-aws-templates/tree/main/amazon-msk/cdktf/secure-public-access",
@@ -152,7 +148,7 @@ export const enSidebar = sidebar({
       icon: "aky-zilla-plus",
       children: [
         {
-          text: "Overview",
+          text: "Deployment Options",
           link: "concepts/kafka-proxies/iot-ingest-control.md",
           children: [],
         },
@@ -173,6 +169,26 @@ export const enSidebar = sidebar({
         },
       ],
     },
+    {
+      text: "Web Streaming",
+      icon: "aky-zilla-plus",
+      children: [
+        {
+          text: "Deployment Options",
+          link: "concepts/kafka-proxies/web-streaming.md",
+          children: [],
+        },
+        {
+          text: "Amazon MSK",
+          children: [
+            {
+              text: "Terraform",
+              link: "https://github.com/aklivity/zilla-plus-aws-templates/tree/main/amazon-msk/cdktf/web-streaming",
+            },
+          ],
+        },
+      ],
+    },
     {
       text: "Other Resources",
       children: [
@@ -344,6 +360,12 @@ export const enSidebar = sidebar({
           link: "solutions/concepts/kafka-proxies/iot-ingest-control.md",
           children: [],
         },
+        {
+          text: "Web Streaming on AWS",
+          icon: "aky-zilla-plus",
+          link: "solutions/concepts/kafka-proxies/web-streaming.md",
+          children: [],
+        },
       ],
     },
     {

src/.vuepress/styles/index.scss

@@ -128,7 +128,7 @@ h6 {
 }
 
 ::-webkit-scrollbar-thumb {
-    background: var(--code-highlight-bg-color);
+  background: var(--code-highlight-bg-color);
 }
 
 .vp-sidebar {
@@ -211,17 +211,17 @@ sup {
 
 // Style text output in a code block
 @layer {
-  pre.language-output {
+  div.language-output {
     border-radius: 0px !important;
-    background: transparent !important;
     border-inline-start: 0.2rem solid var(--code-border-color);
 
     code {
       padding: 0.25rem 0 0.25rem 1rem !important;
-      margin: 1rem 0;
-      color: #666 !important;
-      font-size: 1rem;
-      overflow-wrap: break-word;
+      span {
+        color: #666 !important;
+        font-size: 1rem;
+        overflow-wrap: break-word;
+      }
     }
 
     button.vp-copy-code-button {
@@ -232,18 +232,21 @@ sup {
 
 // Fix code tabs border radius, remove with https://github.com/vuepress-theme-hope/vuepress-theme-hope/issues/4235
 .vp-code-tabs {
-  div[class*=language-].line-numbers-mode::after {
+  div[class*="language-"].line-numbers-mode::after {
     border-radius: 0;
     border-bottom-left-radius: 6px;
   }
-  div[class*=language-] {
+  div[class*="language-"] {
     pre {
       border-radius: 0;
       border-bottom-left-radius: 6px;
       border-bottom-right-radius: 6px;
     }
   }
 }
+pre.shiki {
+  border-radius: 0 6px 6px 0 !important;
+}
 
 // === ICONS ===
 .aky-zilla-plus {

src/.vuepress/theme.ts

@@ -3,7 +3,6 @@ import { hopeTheme } from "vuepress-theme-hope";
 import { enSidebar } from "./sidebar/index.js";
 import { enNavbar } from "./navbar/index.js";
 import {
-  base,
   siteBase,
   versionKey,
   hostnameSEO,
@@ -67,13 +66,18 @@ export default hopeTheme({
       appId: "H6RNUBSB6E",
       indexName: "aklivity",
       apiKey: "bae72797404a23ba5466230146919cae",
-      indexBase: `/${base}/`,
       searchParameters: {
         facetFilters: [`version:${versionKey}`, `product:${siteBase}`],
       },
     },
-    shiki: false,
-    prismjs: true,
+    shiki: {
+      themes: {
+        light: "light-plus",
+        dark: "dark-plus",
+      },
+      lineNumbers: 3
+    },
+    redirect: true,
     mdEnhance: {
       align: true,
       attrs: true,

src/how-tos/connecting-to-kafka/amazon-msk.md

@@ -11,7 +11,7 @@ Unlike other hosted Kafka services, Amazon MSK is not readily reachable over the
 "Public Access" can be turned on for MSK clusters running Apache Kafka 2.6.0 or later. Follow the MSK [Public Access Guide](https://docs.aws.amazon.com/msk/latest/developerguide/public-access.html)to do so.
 
 ::: warning
-MSK's “Public Access” feature directly exposes your brokers to the internet, which may present additional security concerns. An alternative and more flexible solution is the [Secure Public Access](../../solutions/how-tos/amazon-msk/secure-public-access/overview.md) solution using [Zilla Plus for Amazon MSK](https://aws.amazon.com/marketplace/pp/prodview-jshnzslazfm44). The solution is deployed via a CloudFormation template, and acts as intermediary that securely routes connectivity between external clients and MSK brokers without having to modify the brokers.
+MSK's “Public Access” feature directly exposes your brokers to the internet, which may present additional security concerns. An alternative and more flexible solution is the [Secure Public Access](../../solutions/concepts/kafka-proxies/secure-public-access.md) solution using [Zilla Plus for Amazon MSK](https://aws.amazon.com/marketplace/pp/prodview-jshnzslazfm44). The solution acts as intermediary that securely routes connectivity between external clients and MSK brokers without having to modify the brokers.
 :::
 
 ## Set up mTLS Authentication between MSK and Zilla

src/reference/config/resolvers.md

@@ -20,21 +20,21 @@ Resolvers are a variable syntax for executing Zilla runtime functions that inser
 The `env` resolver will read the specified environment variable from the host.
 
 ```text:no-line-numbers
-${{ env.<Env_Var_Name> }}
+${{ env.(Env_Var_Name) }}
 ```
 
 ### AWS Secrets Manager
 
 The `aws.secrets` resolver can fetch an AWS Secrets Manager secret by its name (also called secretId) or its ARN.
 
 ```text:no-line-numbers
-${{ aws.secrets.<Secret_Name> }}
-${{ aws.secrets.<Secret_ARN> }}
+${{ aws.secrets.(Secret_Name) }}
+${{ aws.secrets.(Secret_ARN) }}
 ```
 
 If the secret is a key/value or JSON object this resolver can fetch individual properties by appending a `#` with the property name.
 
 ```text:no-line-numbers
-${{ aws.secrets.<Secret_Name>#<JSON_Property_Name> }}
-${{ aws.secrets.<Secret_ARN>#<JSON_Property_Name> }}
+${{ aws.secrets.(Secret_Name)#(JSON_Property_Name) }}
+${{ aws.secrets.(Secret_ARN)#(JSON_Property_Name) }}
 ```

src/solutions/concepts/kafka-proxies/iot-ingest-control.md

@@ -5,21 +5,35 @@ description: MQTT clients can directly publish and subscribe to topics through M
 
 # IoT Ingest and Control
 
+<!-- markdownlint-disable MD024 -->
+
 [Available in <ZillaPlus/>](https://www.aklivity.io/products/zilla-plus)
 {.zilla-plus-badge .hint-container .info}
 
 By automating the configuration of an internet-facing network load balancer and auto-scaling group of stateless Zilla Plus IoT Ingest and Control proxies to expose your Kafka cluster via the public internet, Kafka clients can connect, publish messages and subscribe to topics in your Kafka cluster from outside the host network.
 
 You will need to choose a wildcard DNS pattern to use for public internet access to the brokers in your Kafka cluster. These wildcard DNS names must resolve to the public IP address(es) where the <ZillaPlus/> proxy is deployed. The <ZillaPlus/> proxy must also be configured with a TLS server certificate representing the same wildcard DNS pattern.
 
+## Amazon MSK
+
+The [Zilla Plus for Amazon MSK](https://aws.amazon.com/marketplace/pp/prodview-jshnzslazfm44) IoT Ingest and Control Broker lets authorized Kafka clients connect, publish messages and subscribe to topics in your Confluent Cloud cluster via the internet.
+
+### Deploy with CloudFormation
+
+Follow the [Amazon MSK IoT Ingest and Control](../../how-tos/confluent-cloud/iot-ingest-control.md) guide to setup an MQTT broker using a globally trusted TLS server certificate with a wildcard DNS pattern `*.example.aklivity.io` to illustrate the steps.
+
 ## Confluent Cloud
 
 The [Zilla Plus for Confluent Cloud](https://aws.amazon.com/marketplace/pp/prodview-eblxkinsqbaks) IoT Ingest and Control Broker lets authorized Kafka clients connect, publish messages and subscribe to topics in your Confluent Cloud cluster via the internet.
 
-> [Follow the guide to get started](../../how-tos/confluent-cloud/iot-ingest-control.md)
+### Deploy with CloudFormation
+
+Follow the [Confluent Cloud IoT Ingest and Control](../../how-tos/confluent-cloud/iot-ingest-control.md) guide to setup an MQTT broker using a globally trusted TLS server certificate with a wildcard DNS pattern `*.example.aklivity.io` to illustrate the steps.
 
 ## Redpanda
 
 The [Zilla Plus for Redpanda](https://aws.amazon.com/marketplace/pp/prodview-sj4kquyndubiu) IoT Ingest and Control Broker lets authorized Kafka clients connect, publish messages and subscribe to topics in your Redpanda cluster via the internet.
 
-> [Follow the guide to get started](../../how-tos/redpanda/iot-ingest-control.md)
+### Deploy with CloudFormation
+
+Follow the [Redpanda IoT Ingest and Control](../../how-tos/redpanda/iot-ingest-control.md) guide to setup an MQTT broker using a globally trusted TLS server certificate with a wildcard DNS pattern `*.example.aklivity.io` to illustrate the steps.

src/solutions/concepts/kafka-proxies/secure-public-access.md

@@ -1,25 +1,50 @@
 ---
+redirectFrom: /solutions/how-tos/amazon-msk/secure-public-access/overview.html
 icon: aky-zilla-plus
 description: Securely access your Kafka cluster via the internet.
 ---
 
 # Secure Public Access
 
+<!-- markdownlint-disable MD024 -->
+
 [Available in <ZillaPlus/>](https://www.aklivity.io/products/zilla-plus)
 {.zilla-plus-badge .hint-container .info}
 
-By automating the configuration of an internet-facing network load balancer and auto-scaling group of stateless Zilla Plus Secure Public Access proxies to expose your Kafka cluster via the public internet, Kafka clients can connect, publish messages and subscribe to topics in your Kafka cluster from outside the host network.
+The [Zilla Plus for Amazon MSK](https://aws.amazon.com/marketplace/pp/prodview-jshnzslazfm44) Secure Public Access Proxy lets authorized Kafka clients connect, publish messages and subscribe to topics in your Amazon MSK cluster via the internet.
+
+By automating the configuration of an internet-facing network load balancer and auto-scaling group of stateless Secure Public Access proxies to expose your MSK cluster via the public internet, Kafka clients can connect, publish messages and subscribe to topics in your Amazon MSK cluster from outside AWS.
 
 You will need to choose a wildcard DNS pattern to use for public internet access to the brokers in your Kafka cluster. These wildcard DNS names must resolve to the public IP address(es) where the <ZillaPlus/> proxy is deployed. The <ZillaPlus/> proxy must also be configured with a TLS server certificate representing the same wildcard DNS pattern.
 
+The <ZillaPlus/> proxy can securely expose any Kafka cluster with these deployment options.
+
 ## Amazon MSK
 
 The [Zilla Plus for Amazon MSK](https://aws.amazon.com/marketplace/pp/prodview-jshnzslazfm44) Secure Public Access proxy lets authorized Kafka clients connect, publish messages and subscribe to topics in your Amazon MSK cluster via the internet.
 
-> [Follow the guide to get started](../../how-tos/amazon-msk/secure-public-access/overview.md)
+### Deploy with Terraform
+
+Follow the [Secure Public Access with Terraform](https://github.com/aklivity/zilla-plus-aws-templates/tree/main/amazon-msk/cdktf/secure-public-access) guide to generated or deploy a custom Terraform template using [CDKTF](https://developer.hashicorp.com/terraform/cdktf). This Terraform script can be configured to deploy `SASL/SCRAM authentication`, `Mutual TLS (mTLS) authentication` or `Unauthorized access` to setup connectivity to your MSK cluster with a wildcard DNS pattern.
+
+### Deploy with CloudFormation
+
+#### SASL/SCRAM authentication
+
+Follow the [Secure Public Access via SASL/SCRAM authentication](../../how-tos/amazon-msk/secure-public-access/production.md) guide to setup connectivity to your MSK cluster using a globally trusted TLS server certificate with a wildcard DNS pattern `*.example.aklivity.io` to illustrate the steps.
+
+#### Mutual TLS (mTLS) authentication
+
+Follow the [Secure Public Access via mTLS](../../how-tos/amazon-msk/secure-public-access/production-mutual-tls.md) guide to setup connectivity to your MSK cluster using a globally trusted TLS server certificate with a wildcard DNS pattern `*.example.aklivity.io` to illustrate the steps.
+
+#### Unauthorized access
+
+Follow the [Secure Public Access via Unauthorized access](../../how-tos/amazon-msk/secure-public-access/development.md) guide to setup connectivity to your MSK cluster using a locally trusted TLS server certificate with the example wildcard DNS pattern `*.aklivity.example.com`.
 
 ## Confluent Cloud
 
 The [Zilla Plus for Confluent Cloud](https://aws.amazon.com/marketplace/pp/prodview-eblxkinsqbaks) Secure Public Access proxy lets authorized Kafka clients connect, publish messages and subscribe to topics in your Confluent Cloud cluster via the internet.
 
-> [Follow the guide to get started](../../how-tos/confluent-cloud/secure-public-access.md)
+### Deploy with CloudFormation
+
+Follow the [Secure Public Access via SASL/SCRAM authentication](../../how-tos/confluent-cloud/secure-public-access.md) guide to setup connectivity to your MSK cluster using a globally trusted TLS server certificate with a wildcard DNS pattern `*.example.aklivity.io` to illustrate the steps.

src/solutions/concepts/kafka-proxies/web-streaming.md

@@ -0,0 +1,19 @@
+---
+icon: aky-zilla-plus
+description: Zilla Plus Web Streaming lets Web clients publish, update, and stream messages to a Kafka topic in your Amazon MSK cluster.
+---
+
+# Amazon MSK Web Streaming
+
+[Available in <ZillaPlus/>](https://www.aklivity.io/products/zilla-plus)
+{.zilla-plus-badge .hint-container .info}
+
+The [Zilla Plus for Amazon MSK](https://aws.amazon.com/marketplace/pp/prodview-jshnzslazfm44) Web Streaming proxy lets Web clients publish, update, and stream messages to a Kafka topic in your Amazon MSK cluster.
+
+By automating the configuration of a network load balancer and auto-scaling group of stateless Web Streaming proxies to expose a topic in your MSK cluster, Web clients can natively interact with messages on the topic. Event streaming backend systems can quickly integrate user-facing web clients using customizable REST and SSE APIs.
+
+You will need to choose a wildcard DNS pattern to use for public internet access to the Web Streaming proxies. These wildcard DNS names must resolve to the public IP address(es) where the <ZillaPlus/> proxy is deployed. The <ZillaPlus/> proxy must also be configured with a TLS server certificate representing the same wildcard DNS pattern.
+
+## Deployment with Terraform
+
+Follow the [Web Streaming with Terraform](https://github.com/aklivity/zilla-plus-aws-templates/tree/main/amazon-msk/cdktf/web-streaming) guide to generated or deploy a custom Terraform template using [CDKTF](https://developer.hashicorp.com/terraform/cdktf). This Terraform script can be configured to expose a custom REST path and uses `SASL/SCRAM` authentication.

src/solutions/how-tos/amazon-msk/index.md

@@ -17,4 +17,10 @@ The IoT Ingest and Control MQTT Broker that lets clients publish messages and su
 
 The Secure Public Access Proxy lets authorized Kafka clients connect, publish messages and subscribe to topics in your Amazon MSK cluster via the internet.
 
-> [Amazon MSK Secure Public Access Proxy Guide](./secure-public-access/overview.md)
+> [Amazon MSK Secure Public Access Proxy Guide](./secure-public-access/production.md)
+
+## Web Streaming
+
+The Web Streaming proxy lets Web clients publish, update, and stream messages to a Kafka topic in your Amazon MSK cluster.
+
+> [Amazon MSK Web Streaming Guide](./web-streaming.md)