minor adjustments to BYOC pages

Blargian · Blargian · commit 0213e59c26cd · 2025-10-17T18:15:24.000+02:00
diff --git a/docs/cloud/features/04_infrastructure/deployment-options.md b/docs/cloud/features/04_infrastructure/deployment-options.md
@@ -24,7 +24,7 @@ Learn more about [ClickHouse Cloud](/getting-started/quick-start/cloud).
 
 ClickHouse Bring Your Own Cloud (BYOC) allows organizations to deploy and manage ClickHouse within their own cloud environment while leveraging a managed service layer. This option bridges the gap between the fully managed experience of ClickHouse Cloud and the complete control of self-managed deployments. With ClickHouse BYOC, users retain control over their data, infrastructure, and security policies, meeting specific compliance and regulatory requirements, while offloading operational tasks like patching, monitoring, and scaling to the ClickHouse. This model offers the flexibility of a private cloud deployment with the benefits of a managed service, making it suitable for large-scale deployments at enterprises with stringent security, governance, and data residency needs.
 
-Learn more about [Bring Your Own Cloud](/cloud/reference/byoc).
+Learn more about [Bring Your Own Cloud](/cloud/reference/byoc/overview).
 
 ## ClickHouse Private {#clickhouse-private}
 
diff --git a/docs/cloud/guides/index.md b/docs/cloud/guides/index.md
@@ -10,9 +10,12 @@ doc_type: 'landing-page'
 | Page | Description |
 |-----|-----|
 | [Accessing S3 data securely](/cloud/data-sources/secure-s3) | This article demonstrates how ClickHouse Cloud customers can leverage role-based access to authenticate with Amazon Simple Storage Service(S3) and access their data securely. |
+| [Architecture](/cloud/reference/byoc/architecture) | Deploy ClickHouse on your own cloud infrastructure |
 | [AWS PrivateLink](/manage/security/aws-privatelink) | This document describes how to connect to ClickHouse Cloud using AWS PrivateLink. |
 | [Azure Private Link](/cloud/security/azure-privatelink) | How to set up Azure Private Link |
-| [BYOC (Bring Your Own Cloud) for AWS](/cloud/reference/byoc) | Deploy ClickHouse on your own cloud infrastructure |
+| [BYOC on AWS FAQ](/cloud/reference/byoc/faq/aws) | Deploy ClickHouse on your own cloud infrastructure |
+| [BYOC on AWS Observability](/cloud/reference/byoc/observability) | Deploy ClickHouse on your own cloud infrastructure |
+| [BYOC Onboarding for AWS](/cloud/reference/byoc/onboarding/aws) | Deploy ClickHouse on your own cloud infrastructure |
 | [BYOC security playbook](/cloud/security/audit-logging/byoc-security-playbook) | This page illustrates methods customers can use to identify potential security events |
 | [ClickHouse Government](/cloud/infrastructure/clickhouse-government) | Overview of ClickHouse Government offering |
 | [ClickHouse Private](/cloud/infrastructure/clickhouse-private) | Overview of ClickHouse Private offering |
@@ -24,13 +27,14 @@ doc_type: 'landing-page'
 | [Data masking in ClickHouse](/cloud/guides/data-masking) | A guide to data masking in ClickHouse |
 | [Database audit log](/cloud/security/audit-logging/database-audit-log) | This page describes how users can review the database audit log |
 | [Gather your connection details](/cloud/guides/sql-console/gather-connection-details) | Gather your connection details |
-| [GCP Private Service Connect](/manage/security/gcp-private-service-connect) | This document describes how to connect to ClickHouse Cloud using Google Cloud Platform (GCP) Private Service Connect (PSC), and how to disable access to your ClickHouse Cloud services from addresses other than GCP PSC addresses using ClickHouse Cloud IP access lists. |
+| [GCP private service connect](/manage/security/gcp-private-service-connect) | This document describes how to connect to ClickHouse Cloud using Google Cloud Platform (GCP) Private Service Connect (PSC), and how to disable access to your ClickHouse Cloud services from addresses other than GCP PSC addresses using ClickHouse Cloud IP access lists. |
 | [HIPAA onboarding](/cloud/security/compliance/hipaa-onboarding) | Learn more about how to onboard to HIPAA compliant services |
 | [Manage cloud users](/cloud/security/manage-cloud-users) | This page describes how administrators can add users, manage assignments, and remove users |
 | [Manage database users](/cloud/security/manage-database-users) | This page describes how administrators can add database users, manage assignments, and remove database users |
 | [Manage my account](/cloud/security/manage-my-account) | This page describes how users can accept invitations, manage MFA settings, and reset passwords |
 | [Manage SQL console role assignments](/cloud/guides/sql-console/manage-sql-console-role-assignments) | Guide showing how to manage SQL console role assignments |
 | [Multi tenancy](/cloud/bestpractices/multi-tenancy) | Best practices to implement multi tenancy |
+| [Overview](/cloud/reference/byoc/overview) | Deploy ClickHouse on your own cloud infrastructure |
 | [PCI onboarding](/cloud/security/compliance/pci-onboarding) | Learn more about how to onboard to PCI compliant services |
 | [Query API Endpoints](/cloud/get-started/query-endpoints) | Easily spin up REST API endpoints from your saved queries |
 | [SAML SSO setup](/cloud/security/saml-setup) | How to set up SAML SSO with ClickHouse Cloud |
diff --git a/docs/cloud/guides/infrastructure/01_deployment_options/byoc/01_overview.md b/docs/cloud/guides/infrastructure/01_deployment_options/byoc/01_overview.md
@@ -11,7 +11,7 @@ doc_type: 'reference'
 
 BYOC (Bring Your Own Cloud) allows you to deploy ClickHouse Cloud on your own cloud infrastructure. This is useful if you have specific requirements or constraints that prevent you from using the ClickHouse Cloud managed service.
 
-**If you would like access, please [contact us](https://clickhouse.com/cloud/bring-your-own-cloud).** Refer to our [Terms of Service](https://clickhouse.com/legal/agreements/terms-of-service) for additional information.
+> **If you would like access, please [contact us](https://clickhouse.com/cloud/bring-your-own-cloud).** Refer to our [Terms of Service](https://clickhouse.com/legal/agreements/terms-of-service) for additional information.
 
 BYOC is currently only supported for AWS. You can join the wait list for GCP and Azure [here](https://clickhouse.com/cloud/bring-your-own-cloud).
 
diff --git a/docs/cloud/guides/infrastructure/01_deployment_options/byoc/04_faq/01_aws.md b/docs/cloud/guides/infrastructure/01_deployment_options/byoc/04_faq/01_aws.md
@@ -11,42 +11,66 @@ doc_type: 'reference'
 
 ### Compute {#compute}
 
-#### Can I create multiple services in this single EKS cluster? {#can-i-create-multiple-services-in-this-single-eks-cluster}
+<details>
+<summary>Can I create multiple services in this single EKS cluster?</summary>
 
 Yes. The infrastructure only needs to be provisioned once for every AWS account and region combination.
 
-### Which regions do you support for BYOC? {#which-regions-do-you-support-for-byoc}
+</details>
+
+<details>
+<summary>Which regions do you support for BYOC?</summary>
 
 BYOC supports the same set of [regions](/cloud/reference/supported-regions#aws-regions ) as ClickHouse Cloud.
 
-#### Will there be some resource overhead? What are the resources needed to run services other than ClickHouse instances? {#will-there-be-some-resource-overhead-what-are-the-resources-needed-to-run-services-other-than-clickhouse-instances}
+</details>
+
+<details>
+<summary>Will there be some resource overhead? What are the resources needed to run services other than ClickHouse instances?</summary>
 
 Besides Clickhouse instances (ClickHouse servers and ClickHouse Keeper), we run services such as `clickhouse-operator`, `aws-cluster-autoscaler`, Istio etc. and our monitoring stack.
 
-Currently we have 3 m5.xlarge nodes (one for each AZ) in a dedicated node group to run those workloads.
+Currently, we have three m5.xlarge nodes (one for each AZ) in a dedicated node group to run those workloads.
+
+</details>
 
 ### Network and security {#network-and-security}
 
-#### Can we revoke permissions set up during installation after setup is complete? {#can-we-revoke-permissions-set-up-during-installation-after-setup-is-complete}
+<details>
+<summary>Can we revoke permissions set up during installation after setup is complete?</summary>
 
 This is currently not possible.
 
-#### Have you considered some future security controls for ClickHouse engineers to access customer infra for troubleshooting? {#have-you-considered-some-future-security-controls-for-clickhouse-engineers-to-access-customer-infra-for-troubleshooting}
+</details>
+
+<details>
+<summary>Have you considered some future security controls for ClickHouse engineers to access customer infra for troubleshooting?</summary>
 
 Yes. Implementing a customer controlled mechanism where customers can approve engineers' access to the cluster is on our roadmap. At the moment, engineers must go through our internal escalation process to gain just-in-time access to the cluster. This is logged and audited by our security team.
 
-#### What is the size of the VPC IP range created? {#what-is-the-size-of-the-vpc-ip-range-created}
+</details>
 
-By default we use `10.0.0.0/16` for BYOC VPC. We recommend reserving at least /22 for potential future scaling,
+<details>
+<summary>What is the size of the VPC IP range created?</summary>
+
+By default, we use `10.0.0.0/16` for BYOC VPC. We recommend reserving at least /22 for potential future scaling,
 but if you prefer to limit the size, it is possible to use /23 if it is likely that you will be limited
 to 30 server pods.
 
-#### Can I decide maintenance frequency {#can-i-decide-maintenance-frequency}
+</details>
+
+<details>
+<summary>Can I decide maintenance frequency?</summary>
 
 Contact support to schedule maintenance windows. Please expect a minimum of a weekly update schedule.
 
+</details>
+
 ### Uptime SLAs {#uptime-sla}
 
-#### Does ClickHouse offer an uptime SLA for BYOC? {#uptime-sla-for-byoc}
+<details>
+<summary>Does ClickHouse offer an uptime SLA for BYOC?</summary>
 
 No, since the data plane is hosted in the customer's cloud environment, service availability depends on resources not in ClickHouse's control. Therefore, ClickHouse does not offer a formal uptime SLA for BYOC deployments. If you have additional questions, please contact support@clickhouse.com.
+
+</details>
diff --git a/docs/cloud/guides/infrastructure/01_deployment_options/byoc/05_observability/01_aws.md b/docs/cloud/guides/infrastructure/01_deployment_options/byoc/05_observability/01_aws.md
@@ -10,6 +10,7 @@ doc_type: 'reference'
 import Image from '@theme/IdealImage';
 import byoc4 from '@site/static/images/cloud/reference/byoc-4.png';
 import byoc3 from '@site/static/images/cloud/reference/byoc-3.png';
+import DeprecatedBadge from '@theme/badges/DeprecatedBadge';
 
 ## Observability {#observability}
 
@@ -48,7 +49,9 @@ https://prometheus-internal.<subdomain>.<region>.aws.clickhouse-byoc.com/query
 
 #### Prometheus Integration {#prometheus-integration}
 
-**DEPRECATED: ** Please use the Prometheus stack integration in the above section instead. Besides the ClickHouse Server metrics, it provides more metrics including the K8S metrics and metrics from other services.
+<DeprecatedBadge/>
+
+Please use the Prometheus stack integration in the above section instead. Besides the ClickHouse Server metrics, it provides more metrics including the K8S metrics and metrics from other services.
 
 ClickHouse Cloud provides a Prometheus endpoint that you can use to scrape metrics for monitoring. This allows for integration with tools like Grafana and Datadog for visualization.
 
diff --git a/docs/cloud/guides/security/05_audit_logging/03_byoc-security-playbook.md b/docs/cloud/guides/security/05_audit_logging/03_byoc-security-playbook.md
@@ -27,7 +27,7 @@ FROM clusterAllReplicas('default',system.crash_log)
 
 ClickHouse utilizes pre-created roles to enable system functions. This section assumes the customer is using AWS with CloudTrail and has access to the CloudTrail logs.
 
-If an incident may be the result of a compromised role, review activities in CloudTrail and CloudWatch related to the ClickHouse IAM roles and actions. Refer to the [CloudFormation](/cloud/reference/byoc#cloudformation-iam-roles) stack or Terraform module provided as part of setup for a list of IAM roles.
+If an incident may be the result of a compromised role, review activities in CloudTrail and CloudWatch related to the ClickHouse IAM roles and actions. Refer to the [CloudFormation](/cloud/reference/byoc/onboarding/aws#cloudformation-iam-roles) stack or Terraform module provided as part of setup for a list of IAM roles.
 
 ## Unauthorized access to EKS cluster {#unauthorized-access-eks-cluster}
 
diff --git a/docs/cloud/reference/01_changelog/01_changelog.md b/docs/cloud/reference/01_changelog/01_changelog.md
@@ -214,7 +214,7 @@ remains within the ClickHouse VPC. This setup is ideal for large workloads that
 need to comply with strict data residency requirements by ensuring all data stays
 within a secure customer environment.
 
-- For more details, you can refer to the [documentation](/cloud/reference/byoc) for BYOC
+- For more details, you can refer to the [documentation](/cloud/reference/byoc/overview) for BYOC
   or read our [announcement blog post](https://clickhouse.com/blog/announcing-general-availability-of-clickhouse-bring-your-own-cloud-on-aws).
 - [Contact us](https://clickhouse.com/cloud/bring-your-own-cloud) to request access.
 
diff --git a/docs/cloud/reference/index.md b/docs/cloud/reference/index.md
@@ -16,7 +16,7 @@ This section acts as a reference guide for some of the more technical details of
 | [Architecture](/cloud/reference/architecture)               | Discusses the architecture of ClickHouse Cloud, including storage, compute, administration, and security. |
 | [SharedMergeTree](/cloud/reference/shared-merge-tree)            | Explainer on SharedMergeTree, the cloud-native replacement for the ReplicatedMergeTree and analogues.     |
 | [Warehouses](/cloud/reference/warehouses)                 | Explainer on what Warehouses and compute-compute separation are in ClickHouse Cloud.                      |
-| [BYOC (Bring Your Own Cloud)](/cloud/reference/byoc)| Explainer on the Bring Your Own Cloud (BYOC) service available with ClickHouse Cloud.                     |
+| [BYOC (Bring Your Own Cloud)](/cloud/reference/byoc/overview)| Explainer on the Bring Your Own Cloud (BYOC) service available with ClickHouse Cloud.                     |
 | [Changelogs](/cloud/reference/changelogs)                 | Cloud Changelogs and Release Notes.                                                                       |
 | [Cloud Compatibility](/whats-new/cloud-compatibility)        | A guide to what to expect functionally and operationally in ClickHouse Cloud.                             |
 | [Supported Cloud Regions](/cloud/reference/supported-regions)    | A list of the supported cloud regions for AWS, Google and Azure.                                          |
diff --git a/docs/getting-started/index.md b/docs/getting-started/index.md
diff --git a/docs/use-cases/AI_ML/MCP/ai_agent_libraries/index.md b/docs/use-cases/AI_ML/MCP/ai_agent_libraries/index.md
diff --git a/src/theme/badges/DeprecatedBadge/styles.module.css b/src/theme/badges/DeprecatedBadge/styles.module.css
