Restructure BYOC documentation

Author: ERICCYS

docs/cloud/guides/infrastructure/01_deployment_options/byoc/01_overview.md

@@ -0,0 +1,54 @@
+---
+title: 'Overview'
+slug: /cloud/reference/byoc/overview
+sidebar_label: 'Overview'
+keywords: ['BYOC', 'cloud', 'bring your own cloud']
+description: 'Deploy ClickHouse on your own cloud infrastructure'
+doc_type: 'reference'
+---
+
+## Overview {#overview}
+
+BYOC (Bring Your Own Cloud) allows you to deploy ClickHouse Cloud on your own cloud infrastructure. This is useful if you have specific requirements or constraints that prevent you from using the ClickHouse Cloud managed service.
+
+**If you would like access, please [contact us](https://clickhouse.com/cloud/bring-your-own-cloud).** Refer to our [Terms of Service](https://clickhouse.com/legal/agreements/terms-of-service) for additional information.
+
+BYOC is currently only supported for AWS. You can join the wait list for GCP and Azure [here](https://clickhouse.com/cloud/bring-your-own-cloud).
+
+:::note 
+BYOC is designed specifically for large-scale deployments, and requires customers to sign a committed contract.
+:::
+
+## Glossary {#glossary}
+
+- **ClickHouse VPC:**  The VPC owned by ClickHouse Cloud.
+- **Customer BYOC VPC:** The VPC, owned by the customer's cloud account, is provisioned and managed by ClickHouse Cloud and dedicated to a ClickHouse Cloud BYOC deployment.
+- **Customer VPC** Other VPCs owned by the customer cloud account used for applications that need to connect to the Customer BYOC VPC.
+
+## Features {#features}
+
+### Supported features {#supported-features}
+
+- **SharedMergeTree**: ClickHouse Cloud and BYOC use the same binary and configuration. Therefore all features from ClickHouse core are supported in BYOC such as SharedMergeTree.
+- **Console access for managing service state**:
+  - Supports operations such as start, stop, and terminate.
+  - View services and status.
+- **Backup and restore.**
+- **Manual vertical and horizontal scaling.**
+- **Idling.**
+- **Warehouses**: Compute-Compute Separation
+- **Zero Trust Network via Tailscale.**
+- **Monitoring**:
+  - The Cloud console includes built-in health dashboards for monitoring service health.
+  - Prometheus scraping for centralized monitoring with Prometheus, Grafana, and Datadog. See the [Prometheus documentation](/integrations/prometheus) for setup instructions.
+- **VPC Peering.**
+- **Integrations**: See the full list on [this page](/integrations).
+- **Secure S3.**
+- **[AWS PrivateLink](https://aws.amazon.com/privatelink/).**
+
+### Planned features (currently unsupported) {#planned-features-currently-unsupported}
+
+- [AWS KMS](https://aws.amazon.com/kms/) aka CMEK (customer-managed encryption keys)
+- ClickPipes for ingest
+- Autoscaling
+- MySQL interface

docs/cloud/guides/infrastructure/01_deployment_options/byoc/02_architecture.md

@@ -0,0 +1,21 @@
+---
+title: 'Architecture'
+slug: /cloud/reference/byoc/architecture
+sidebar_label: 'Architecture'
+keywords: ['BYOC', 'cloud', 'bring your own cloud']
+description: 'Deploy ClickHouse on your own cloud infrastructure'
+doc_type: 'reference'
+---
+
+import Image from '@theme/IdealImage';
+import byoc1 from '@site/static/images/cloud/reference/byoc-1.png';
+
+## Architecture {#architecture}
+
+Metrics and logs are stored within the customer's BYOC VPC. Logs are currently stored in locally in EBS. In a future update, logs will be stored in LogHouse, which is a ClickHouse service in the customer's BYOC VPC. Metrics are implemented via a Prometheus and Thanos stack stored locally in the customer's BYOC VPC.
+
+<br />
+
+<Image img={byoc1} size="lg" alt="BYOC Architecture" background='black'/>
+
+<br />

docs/cloud/guides/infrastructure/01_deployment_options/01_byoc.md renamed to docs/cloud/guides/infrastructure/01_deployment_options/byoc/03_onboarding/01_aws.md

@@ -1,55 +1,21 @@
 ---
-title: 'BYOC (Bring Your Own Cloud) for AWS'
-slug: /cloud/reference/byoc
-sidebar_label: 'BYOC (Bring Your Own Cloud)'
-keywords: ['BYOC', 'cloud', 'bring your own cloud']
+title: 'BYOC Onboarding for AWS'
+slug: /cloud/reference/byoc/onboarding/aws
+sidebar_label: 'AWS'
+keywords: ['BYOC', 'cloud', 'bring your own cloud', 'AWS']
 description: 'Deploy ClickHouse on your own cloud infrastructure'
 doc_type: 'reference'
 ---
 
 import Image from '@theme/IdealImage';
-import byoc1 from '@site/static/images/cloud/reference/byoc-1.png';
-import byoc4 from '@site/static/images/cloud/reference/byoc-4.png';
-import byoc3 from '@site/static/images/cloud/reference/byoc-3.png';
 import byoc_vpcpeering from '@site/static/images/cloud/reference/byoc-vpcpeering-1.png';
 import byoc_vpcpeering2 from '@site/static/images/cloud/reference/byoc-vpcpeering-2.png';
 import byoc_vpcpeering3 from '@site/static/images/cloud/reference/byoc-vpcpeering-3.png';
 import byoc_vpcpeering4 from '@site/static/images/cloud/reference/byoc-vpcpeering-4.png';
-import byoc_plb from '@site/static/images/cloud/reference/byoc-plb.png';
-import byoc_security from '@site/static/images/cloud/reference/byoc-securitygroup.png';
-import byoc_inbound from '@site/static/images/cloud/reference/byoc-inbound-rule.png';
 import byoc_subnet_1 from '@site/static/images/cloud/reference/byoc-subnet-1.png';
 import byoc_subnet_2 from '@site/static/images/cloud/reference/byoc-subnet-2.png';
 import byoc_s3_endpoint from '@site/static/images/cloud/reference/byoc-s3-endpoint.png'
 
-## Overview {#overview}
-
-BYOC (Bring Your Own Cloud) allows you to deploy ClickHouse Cloud on your own cloud infrastructure. This is useful if you have specific requirements or constraints that prevent you from using the ClickHouse Cloud managed service.
-
-**If you would like access, please [contact us](https://clickhouse.com/cloud/bring-your-own-cloud).** Refer to our [Terms of Service](https://clickhouse.com/legal/agreements/terms-of-service) for additional information.
-
-BYOC is currently only supported for AWS. You can join the wait list for GCP and Azure [here](https://clickhouse.com/cloud/bring-your-own-cloud).
-
-:::note 
-BYOC is designed specifically for large-scale deployments, and requires customers to sign a committed contract.
-:::
-
-## Glossary {#glossary}
-
-- **ClickHouse VPC:**  The VPC owned by ClickHouse Cloud.
-- **Customer BYOC VPC:** The VPC, owned by the customer's cloud account, is provisioned and managed by ClickHouse Cloud and dedicated to a ClickHouse Cloud BYOC deployment.
-- **Customer VPC** Other VPCs owned by the customer cloud account used for applications that need to connect to the Customer BYOC VPC.
-
-## Architecture {#architecture}
-
-Metrics and logs are stored within the customer's BYOC VPC. Logs are currently stored in locally in EBS. In a future update, logs will be stored in LogHouse, which is a ClickHouse service in the customer's BYOC VPC. Metrics are implemented via a Prometheus and Thanos stack stored locally in the customer's BYOC VPC.
-
-<br />
-
-<Image img={byoc1} size="lg" alt="BYOC Architecture" background='black'/>
-
-<br />
-
 ## Onboarding process {#onboarding-process}
 
 Customers can initiate the onboarding process by reaching out to [us](https://clickhouse.com/cloud/bring-your-own-cloud). Customers need to have a dedicated AWS account and know the region they will use. At this time, we are allowing users to launch BYOC services only in the regions that we support for ClickHouse Cloud.
@@ -287,196 +253,3 @@ Metrics and logs are stored within the customer's BYOC VPC. Logs are currently s
 *Outbound*
 
 State Exporter sends ClickHouse service state information to an SQS owned by ClickHouse Cloud.
-
-## Features {#features}
-
-### Supported features {#supported-features}
-
-- **SharedMergeTree**: ClickHouse Cloud and BYOC use the same binary and configuration. Therefore all features from ClickHouse core are supported in BYOC such as SharedMergeTree.
-- **Console access for managing service state**:
-  - Supports operations such as start, stop, and terminate.
-  - View services and status.
-- **Backup and restore.**
-- **Manual vertical and horizontal scaling.**
-- **Idling.**
-- **Warehouses**: Compute-Compute Separation
-- **Zero Trust Network via Tailscale.**
-- **Monitoring**:
-  - The Cloud console includes built-in health dashboards for monitoring service health.
-  - Prometheus scraping for centralized monitoring with Prometheus, Grafana, and Datadog. See the [Prometheus documentation](/integrations/prometheus) for setup instructions.
-- **VPC Peering.**
-- **Integrations**: See the full list on [this page](/integrations).
-- **Secure S3.**
-- **[AWS PrivateLink](https://aws.amazon.com/privatelink/).**
-
-### Planned features (currently unsupported) {#planned-features-currently-unsupported}
-
-- [AWS KMS](https://aws.amazon.com/kms/) aka CMEK (customer-managed encryption keys)
-- ClickPipes for ingest
-- Autoscaling
-- MySQL interface
-
-## FAQ {#faq}
-
-### Compute {#compute}
-
-#### Can I create multiple services in this single EKS cluster? {#can-i-create-multiple-services-in-this-single-eks-cluster}
-
-Yes. The infrastructure only needs to be provisioned once for every AWS account and region combination.
-
-### Which regions do you support for BYOC? {#which-regions-do-you-support-for-byoc}
-
-BYOC supports the same set of [regions](/cloud/reference/supported-regions#aws-regions ) as ClickHouse Cloud.
-
-#### Will there be some resource overhead? What are the resources needed to run services other than ClickHouse instances? {#will-there-be-some-resource-overhead-what-are-the-resources-needed-to-run-services-other-than-clickhouse-instances}
-
-Besides Clickhouse instances (ClickHouse servers and ClickHouse Keeper), we run services such as `clickhouse-operator`, `aws-cluster-autoscaler`, Istio etc. and our monitoring stack.
-
-Currently we have 3 m5.xlarge nodes (one for each AZ) in a dedicated node group to run those workloads.
-
-### Network and security {#network-and-security}
-
-#### Can we revoke permissions set up during installation after setup is complete? {#can-we-revoke-permissions-set-up-during-installation-after-setup-is-complete}
-
-This is currently not possible.
-
-#### Have you considered some future security controls for ClickHouse engineers to access customer infra for troubleshooting? {#have-you-considered-some-future-security-controls-for-clickhouse-engineers-to-access-customer-infra-for-troubleshooting}
-
-Yes. Implementing a customer controlled mechanism where customers can approve engineers' access to the cluster is on our roadmap. At the moment, engineers must go through our internal escalation process to gain just-in-time access to the cluster. This is logged and audited by our security team.
-
-#### What is the size of the VPC IP range created? {#what-is-the-size-of-the-vpc-ip-range-created}
-
-By default we use `10.0.0.0/16` for BYOC VPC. We recommend reserving at least /22 for potential future scaling,
-but if you prefer to limit the size, it is possible to use /23 if it is likely that you will be limited
-to 30 server pods.
-
-#### Can I decide maintenance frequency {#can-i-decide-maintenance-frequency}
-
-Contact support to schedule maintenance windows. Please expect a minimum of a weekly update schedule.
-
-## Observability {#observability}
-
-### Built-in monitoring tools {#built-in-monitoring-tools}
-ClickHouse BYOC provides several approaches for various use cases.
-
-#### Observability dashboard {#observability-dashboard}
-
-ClickHouse Cloud includes an advanced observability dashboard that displays metrics such as memory usage, query rates, and I/O. This can be accessed in the **Monitoring** section of ClickHouse Cloud web console interface.
-
-<br />
-
-<Image img={byoc3} size="lg" alt="Observability dashboard" border />
-
-<br />
-
-#### Advanced dashboard {#advanced-dashboard}
-
-You can customize a dashboard using metrics from system tables like `system.metrics`, `system.events`, and `system.asynchronous_metrics` and more to monitor server performance and resource utilization in detail.
-
-<br />
-
-<Image img={byoc4} size="lg" alt="Advanced dashboard" border />
-
-<br />
-
-#### Access the BYOC Prometheus stack {#prometheus-access}
-ClickHouse BYOC deploys a Prometheus stack on your Kubernetes cluster. You may access and scrape the metrics from there and integrate them with your own monitoring stack.
-
-Contact ClickHouse support to enable the Private Load balancer and ask for the URL. Please note that this URL is only accessible via private network and does not support authentication
-
-**Sample URL**
-```bash
-https://prometheus-internal.<subdomain>.<region>.aws.clickhouse-byoc.com/query
-```
-
-#### Prometheus Integration {#prometheus-integration}
-
-**DEPRECATED: ** Please use the Prometheus stack integration in the above section instead. Besides the ClickHouse Server metrics, it provides more metrics including the K8S metrics and metrics from other services.
-
-ClickHouse Cloud provides a Prometheus endpoint that you can use to scrape metrics for monitoring. This allows for integration with tools like Grafana and Datadog for visualization.
-
-**Sample request via https endpoint /metrics_all**
-
-```bash
-curl --user <username>:<password> https://i6ro4qarho.mhp0y4dmph.us-west-2.aws.byoc.clickhouse.cloud:8443/metrics_all
-```
-
-**Sample Response**
-
-```bash
-# HELP ClickHouse_CustomMetric_StorageSystemTablesS3DiskBytes The amount of bytes stored on disk `s3disk` in system database
-# TYPE ClickHouse_CustomMetric_StorageSystemTablesS3DiskBytes gauge
-ClickHouse_CustomMetric_StorageSystemTablesS3DiskBytes{hostname="c-jet-ax-16-server-43d5baj-0"} 62660929
-# HELP ClickHouse_CustomMetric_NumberOfBrokenDetachedParts The number of broken detached parts
-# TYPE ClickHouse_CustomMetric_NumberOfBrokenDetachedParts gauge
-ClickHouse_CustomMetric_NumberOfBrokenDetachedParts{hostname="c-jet-ax-16-server-43d5baj-0"} 0
-# HELP ClickHouse_CustomMetric_LostPartCount The age of the oldest mutation (in seconds)
-# TYPE ClickHouse_CustomMetric_LostPartCount gauge
-ClickHouse_CustomMetric_LostPartCount{hostname="c-jet-ax-16-server-43d5baj-0"} 0
-# HELP ClickHouse_CustomMetric_NumberOfWarnings The number of warnings issued by the server. It usually indicates about possible misconfiguration
-# TYPE ClickHouse_CustomMetric_NumberOfWarnings gauge
-ClickHouse_CustomMetric_NumberOfWarnings{hostname="c-jet-ax-16-server-43d5baj-0"} 2
-# HELP ClickHouseErrorMetric_FILE_DOESNT_EXIST FILE_DOESNT_EXIST
-# TYPE ClickHouseErrorMetric_FILE_DOESNT_EXIST counter
-ClickHouseErrorMetric_FILE_DOESNT_EXIST{hostname="c-jet-ax-16-server-43d5baj-0",table="system.errors"} 1
-# HELP ClickHouseErrorMetric_UNKNOWN_ACCESS_TYPE UNKNOWN_ACCESS_TYPE
-# TYPE ClickHouseErrorMetric_UNKNOWN_ACCESS_TYPE counter
-ClickHouseErrorMetric_UNKNOWN_ACCESS_TYPE{hostname="c-jet-ax-16-server-43d5baj-0",table="system.errors"} 8
-# HELP ClickHouse_CustomMetric_TotalNumberOfErrors The total number of errors on server since the last restart
-# TYPE ClickHouse_CustomMetric_TotalNumberOfErrors gauge
-ClickHouse_CustomMetric_TotalNumberOfErrors{hostname="c-jet-ax-16-server-43d5baj-0"} 9
-```
-
-**Authentication**
-
-A ClickHouse username and password pair can be used for authentication. We recommend creating a dedicated user with minimal permissions for scraping metrics. At minimum, a `READ` permission is required on the `system.custom_metrics` table across replicas. For example:
-
-```sql
-GRANT REMOTE ON *.* TO scrapping_user;
-GRANT SELECT ON system._custom_metrics_dictionary_custom_metrics_tables TO scrapping_user;
-GRANT SELECT ON system._custom_metrics_dictionary_database_replicated_recovery_time TO scrapping_user;
-GRANT SELECT ON system._custom_metrics_dictionary_failed_mutations TO scrapping_user;
-GRANT SELECT ON system._custom_metrics_dictionary_group TO scrapping_user;
-GRANT SELECT ON system._custom_metrics_dictionary_shared_catalog_recovery_time TO scrapping_user;
-GRANT SELECT ON system._custom_metrics_dictionary_table_read_only_duration_seconds TO scrapping_user;
-GRANT SELECT ON system._custom_metrics_view_error_metrics TO scrapping_user;
-GRANT SELECT ON system._custom_metrics_view_histograms TO scrapping_user;
-GRANT SELECT ON system._custom_metrics_view_metrics_and_events TO scrapping_user;
-GRANT SELECT(description, metric, value) ON system.asynchronous_metrics TO scrapping_user;
-GRANT SELECT ON system.custom_metrics TO scrapping_user;
-GRANT SELECT(name, value) ON system.errors TO scrapping_user;
-GRANT SELECT(description, event, value) ON system.events TO scrapping_user;
-GRANT SELECT(description, labels, metric, value) ON system.histogram_metrics TO scrapping_user;
-GRANT SELECT(description, metric, value) ON system.metrics TO scrapping_user;
-```
-
-**Configuring Prometheus**
-
-An example configuration is shown below. The `targets` endpoint is the same one used for accessing the ClickHouse service.
-
-```bash
-global:
- scrape_interval: 15s
-
-scrape_configs:
- - job_name: "prometheus"
-   static_configs:
-   - targets: ["localhost:9090"]
- - job_name: "clickhouse"
-   static_configs:
-     - targets: ["<subdomain1>.<subdomain2>.aws.byoc.clickhouse.cloud:8443"]
-   scheme: https
-   metrics_path: "/metrics_all"
-   basic_auth:
-     username: <KEY_ID>
-     password: <KEY_SECRET>
-   honor_labels: true
-```
-
-Please also see [this blog post](https://clickhouse.com/blog/clickhouse-cloud-now-supports-prometheus-monitoring) and the [Prometheus setup docs for ClickHouse](/integrations/prometheus).
-
-### Uptime SLAs {#uptime-sla}
-
-#### Does ClickHouse offer an uptime SLA for BYOC? {#uptime-sla-for-byoc}
-
-No, since the data plane is hosted in the customer's cloud environment, service availability depends on resources not in ClickHouse's control. Therefore, ClickHouse does not offer a formal uptime SLA for BYOC deployments. If you have additional questions, please contact support@clickhouse.com.

docs/cloud/guides/infrastructure/01_deployment_options/byoc/03_onboarding/_category_.json

@@ -0,0 +1,5 @@
+{
+  "label": "Onboarding",
+  "collapsible": true,
+  "collapsed": true
+}