From edd0d4be5ac13f00e7b071e6542266b6e54a45eb Mon Sep 17 00:00:00 2001
From: "R.B. Boyer" <rb@hashicorp.com>
Date: Mon, 8 Jul 2019 21:11:19 -0500
Subject: [PATCH] Initial L7 Documentation (#6056)

---
 website/raw-assets/l7-traffic-stages.fig      | Bin 0 -> 12890 bytes
 .../assets/images/l7-traffic-stages.svg       |  49 ++++
 .../config-entries/proxy-defaults.html.md     |  60 +++++
 .../config-entries/service-defaults.html.md   |  46 ++++
 .../config-entries/service-resolver.html.md   | 185 ++++++++++++++
 .../config-entries/service-router.html.md     | 233 ++++++++++++++++++
 .../config-entries/service-splitter.html.md   | 108 ++++++++
 .../source/docs/agent/config_entries.html.md  |  56 +----
 .../connect/l7-traffic-management.html.md     | 118 +++++++++
 .../source/docs/connect/observability.html.md |   4 +-
 website/source/docs/connect/proxies/envoy.md  |  14 +-
 website/source/layouts/docs.erb               |  33 ++-
 12 files changed, 847 insertions(+), 59 deletions(-)
 create mode 100644 website/raw-assets/l7-traffic-stages.fig
 create mode 100644 website/source/assets/images/l7-traffic-stages.svg
 create mode 100644 website/source/docs/agent/config-entries/proxy-defaults.html.md
 create mode 100644 website/source/docs/agent/config-entries/service-defaults.html.md
 create mode 100644 website/source/docs/agent/config-entries/service-resolver.html.md
 create mode 100644 website/source/docs/agent/config-entries/service-router.html.md
 create mode 100644 website/source/docs/agent/config-entries/service-splitter.html.md
 create mode 100644 website/source/docs/connect/l7-traffic-management.html.md

diff --git a/website/raw-assets/l7-traffic-stages.fig b/website/raw-assets/l7-traffic-stages.fig
new file mode 100644
index 0000000000000000000000000000000000000000..7907af8e2bb680471c2f66f6df94a84a73a74b62
GIT binary patch
literal 12890
zcmV-gGNsLCX=g2KX?JM>0001y6953UTI+)&SyjKcl1{(oxw|YYA|fIpD$cHmfQVEl
zm852pRJN+pJ+rPGs*_5mc9K-As`N~+h=}+?L_|bHMMOkIMMOkJd@G{zNBKMVQIGCk
z<qPv+Qs;5cz4zR6&OPVcp7p~t4NgM;Y#lOo^|oUV#-4AwKEuC()3V0Rt~uyf9zZ_w
zEVl$3g4-Ij@Llul&cN*9tM2*tdKNym#K+jPNLHheJofI`!?A1i9Fs<F4;<fa-y3^f
zXVhzrN5hV5wrKp0`W&~M0l~W(cCEH+d0n9Pyrwm<#y}6d<EKZKdk@I{GSan%JwjeF
zA4Vybe3$k`2yRX$*g8<IWwyr7K(H|Z9J#hnGx9+^4Ttj}g=&l@NWRsQOnv82eDb4c
zHH}s$?q)$e184Az<vPUUv|3t%)a}iI+y-ko%~9VPkXCrp92}ZLmmSv`4M~x0*X$Et
z{lIa0mN^(ZL(4UN+Zm8f53Q!}xTH|hC8@7x3$Z&^uV)WEp(qzjI3#fjd#=?P^-Om>
zbb9wXLdZU*8nmp|xXgFOx9-xCu6jMYNr-FSz5aniCwko;V6uV0-Z)r<t7#v*V(ihO
z>3L(n3vr#Uv=_H8Y=E~+_l`w#8U0bux8)hsXsKAq!N?_2z3KFv9NOyHovts&G(6~9
zd~K@{EvMBHo0LN|xQkP8d*(f12~OJ|3mLS-uIaXN=t|3Ow=LI_JGg4yZT3c<)aSMC
zh;Y|E(;wwZz9DA8$IafTZx0;L_GyYohC#H-<Y8`mPR|y$KqhJ9G{<tOwD}xGzd|2I
zj)J=BG)Nmc4orPVcv0Q%n__2Mu&~=U>B3&ZJH1J;2&K~DUasXgg}&RiFrv2I6O;J1
zILVqdn}rj#(7HVsz-hg%*>aAA^|{Wl0D0SieF%FPAM{4FF5|##-l?K$e)uqJ3OA@b
zuHCVvr?b%zrb$wI&XM@Q5`4J^8qo?TaS~)vyaGa7KUtouY?fm$_8qIRAY-su9*4<j
z6=m?unrn(B5AC~FPXr)L*OZ=PG~-p8C8ZO=Nf9&A<)Zo~IlEEltL8OLvATL25?f<A
zVoL#nyWwR?d_Oc7(FrX&7slWMwunmH8Tsndkj%|s4JmqmLUCemPmfGju$ivw90~iN
zP1Gc4Jw38}2q>-!nnKj=IHGC$wwm?8I<$m8X{p9R952FP<*Y-k+4^W8%@%9KFb_U0
zrXL;nt|`8ayH0+JVrShriC&0TS+KzHp4IlNigT6U7`I0rLbEL*T`~GFOtNS~V{5)M
ztPVYJeBbE{zmGR**xV#(oZxU;R@+1%5X`RQ!TxN)Z{4%VAf*`@xLL$hLlav;U})YE
zcSn6Fg25Jknl`DUaR~d4lYW#WBt5q+9m}}*fUhA2Sc8r)Osf^7bLm1x6Ooem3)A4j
z&6LXw2OXl`9$Fot$wT@vhOM@6u7~S5$<A9}t?57oShO}VrV&SWOU%zTqHAgO_JXr`
zlXa44s)SrH;bMU$=3$U!VX~5@Z4ZS}Aq<Id#KkFXve*sN=!LMP8?g?dl6(QYSc;dO
zEkZ9;yMd-%&rwe9TV`LZAI2b$7Pl|%+Cfvqbl>U^9oG~$Z(WOlda^Lr&4pMg6s{s2
zrVb|e<-z2O?IOxN1AWQM1VP@nn=+6J?q<A!{6u+a{TuOo8g_e=X3^~I{~9qgo7Nak
zC$oVX_OXJg!OxUp^a6#eK|y0mkwj|b_H^tN1AC6Rit9ElG$@JKbp~VDpI~EV8)C-3
z-M0``#5x@0SYun>oZ?#&Y8cg}+m2*P0s^@33JHnap#iQTQX@~MRWdK|lVFub#R8s?
zx4Az?ctB87cOGlm9?t1dY^H6h_=a<{#%<T>k5!bYl~6iN)Jr%S5VlH~JR&rPBd=Q#
zwq0PftepZSMeP=dT+$w8UlmFF1x8D{QlO-ys|6yLbWJW4ItG&#cD;hs@@`bHQsm7F
zE|>a<n5ioC(K1fUe5{O=B41KQ<q{u<v)Iis(Ez>F3R2{p%Da$OH%A9{QzV@jrvZ-4
zr34z@B#9S`R+LDC#<~6f-i8H8_Yq^stI3wbDcmWeKx*9`nv_ZEfJYaO%!@lCxI8yf
zq}Z4Y-`k8YV%!?y6SwyQk(<{Ow#)bl{xgp8UoF6Ybs5|-_#qL`i0A?Z?gH_ExaY(z
zBzal9#(;^CI%IquON%Ggevl>6L&h7+TeoQZ^461tUfz0&WGtT~WPSN0A-9%K60$K2
z5=1Y1H4QP&IN3x~HYf?**Lezvr@>+qlGu&NS)M?2gq8-uGGx3q3zpI14E#K$z(@lj
zBughrw9Ww4i1#o^q5wlS%P@&1?dW8a$WW+qX@<nX7B>=idM#aC85f6o>tF)2sEi%r
za&=ttae27Dd7#qIO9Zr4psGkfa@x_O5jSupx6X}5{*#J$qlb9-75w-aYrq&<zO1Th
zgw7#KUz(-}mRpoP%B?m^@`qaQ<z*qgky(yP9nN3NIGT+7;}+xkhzzpHez0DXlDIKT
z;w2qx7UO^8U=bfP&X3QsFl99^^8semQ2fmaUeSr-{H8$`2;Oa+UbH}P7Y1lfpU36G
z_)bQ1!yM9iFpVFiH0?Y(nd7FKX9U%zVHQLSvbhjTPU)~=c&E6@LR{-)eOb5^*_|Y9
zpGL=s;1l}Z5fzA>R@Lpy*!$*AIT22u(hR%D3CUbh*}Tj4#A29nQ|S2`<J$X-m<%x^
zKdqfcX><(B=d6C57miohRtkqr*&%OabUV%BWXbNb?MNtn&343xKZld8Xyt3R8?1ms
z<gpdY4T*qRz-n<c+w5jkt(0!Cy(G>86$bWGBH-i7?82!f?CQEuEX&xna2Y=zHL3VV
zLJlQv^Xp`geJHX81AtxJ56{?hjL(4WMXRtIl4eNtglR=5A>`J$EQ7>|y~#Wf!81uI
zAmorpnd}zLVTdT<oQ4UqywDFwaevEsZ6Q)WkMcPedPE(zz?3O_C*L|*oUP|6dlzp^
z^I|Jy@8*144nnR@@fYgZnUy#2knhfd#o`!Q5p67G&+)wjC72o8d8l(4e-KSGinIpN
z?$Mzx${Vf|WTul)7~%FTO46*UH-~w*aO!2a(V-<XqcMq>%V0H4l{fLyoKg|url`@f
z#nv&^Md88pR2gccRBajtU2-Y&IWHs`@?KHrcPfBEm_3M-`+5m0*kQ21WK*T=7dsJ(
zBuK-t4NkX1$_AW!XUpSwp~R;Gz`O`B@>>f@Nq~Xdf{b2RYdaA49Tcm@>L6tp>gJ)T
z-pg@^WA9j;5a@=p5Z4qoZ|uUR!#kn8X^NSRQ+fJbieb2IXsIRfDf=bP>pJ3XEy(GU
zGg^Zmdz)jrrH;WSZt?}E^IFF%9J8Egd$XD?s1jL$rz~+NN=KR$PT~2xa@9>ezK>`U
z>T@_Jm9IC)izuC|d1<wN?1#a!SFDaEG0sn-njWw#5sn@yhojjn4Kti(EeWR4hGJK}
zh)Y}LxYQ_;WqUP?aR5SEoAK!;(V@f`BCf<lXoaWIL|2VEo1z5V@~ah-z#+j>$#zW+
zbai+VjYC;AHjl<{z9m{6)k&C97fbmN#}O;zTqhwmW>2BLXcoaCaK?Ga`!GT-*&O14
zzCh(dcZ#M4Qcj(pa{A6G20=PYt;sZ0bJi7@GjAz`=5O@P!ARWF+iC#^2s0-MineK~
z94hacs->|mjK)QWg<lXL_mGbirR7-n>n^gJ>vb5&yUZ|-t5SX!sw_}VZ7zcVH)Bxf
zt2QtX?T#su6;?DHxp!m^i_8N>Zzepz*hx3D84^wybCfp~UeA!6=DEr9td^dhkO#;_
zk<|erHz6bZ6igD3v&ks1()|H?V<HRc)L9{)<ZK%p?Kqi)vTX#9x}O5Qqt<fRQNoyE
zx5op^QYpIGJ2LNyMq1HLK=crX^%Ua)wa5*GjodkEtIg7r^+L+FSY5divWHY+Rb+0Q
zY^W!ppl$7XJ8RXdcmvz*Aox&1r6%FID4k!|WI#0@lsf7=<i?e2LUt-t%THT@YJgI^
z#JMA~W7W*AS!n!<9#|cviX&b%wp6R6p@J#NE5%Y7@>Mjd22i6kq7uZ)L(uOkGFFT!
zLbIx(4#GJsjQUmv`rJ-WbT*l6LLPN3I6>FOJBZUBOEMDTv3?WaW-`g=3=*<9b9Ex}
z8XgL@Y0!w!xky|c@M^=w<|JCFv1<W93;Q}d#zODQMbd)>uGkf&mS5+(_Mu-tIKct@
z&|18QG!TC1Ln7a}E>%p=uv!U}3_mPvY>$Z`CQ)xvDfJfpO4OSR%WJ4lNq7rN$NM7A
zZ_6)<{*fZn+)<yB@YZrr-^~F@{Lu-ukMOZ4J|yyODyZ($uSES=IXAtM1CsdmDQrS_
z;&%Df5-1tWKy=|&(!sA4kR%@zk;ht5UO}6?egP?&n@c!2=r`zBqFSLYc*=3%=0&Vz
zw`ioDs;C0aM=A)()GnrXa>YJ+0V$a~$hOKB_E;H~EZtJ>_7eRqNj5AbI7x!_oQy=I
zj*p*1NyghbR+qQC?4{>%lJyR`giU7esa*ewDn_#PmJv>=7vTpi-%>!5+)qVFJ<|E@
z%gV518Dxmc$P^~`<$Aug3`-Vgp10UbHR;RP%P+&rA;Yxv^zd@_Z6#1LJe}sx4X<FY
z$N@=o)8YZ)mF(LKNRqwmlHUKT*()zW%K?6Nq22!)_8k|Hl6jQr_o2twtMs=d9cI;s
zpvT#FRxy(8==l7*#;e$?&*LQP-BUGpMX}#?5i8m6ApkE#shYA={+a@k<Y%O&a)$3N
z!;<C4OZCpP?6n0X$<NMo!{<5nJ^EXcej?N5-wW(@`dgBo3q`(~vJY_nz3N+1#t6Ps
zTrlEsgAD9-?EB84B;z~6YUc4t&cDBkl6*l{eG_;idwmrn*^U=^PLQ%sbN&M*SaM8G
ziwf#JoZTuwNuL(Q)|2W}62gmV)>G$Dl5s}I(+T5cm?dZIvz-5686kO2<O!9z-cUtJ
zzImEIEWDLPIUtG83%Cd=_sg(kSqRiHm`)|jvJ6X>m9D6$IEytPY3sD82Y-RHpDaL0
zPiEA&pv<imrTPL$FCZmzmdJyO+YzOMn-VA)PUXQDiEl~hgY?3i$=le&wEQCSc6OFt
zT3Wu3vlpUNVu!Lc3*-g;Q{@5W`tO}n^b$`sMeH9H?@yQ6bys4ay=zwLBO=p_S3OF;
zX@i*KXDZYcS?wlRlsVqbODx#)Bnc@}pi(Sz{cM@53tNB}O{#+4Q)Y1zoG~IEXFpd)
zdkb9h;q;j>i9vdAnN;oGzJvYzB}8p)$FPUli#K1V>=(;q(OsQEv9n7$qI34kA~nMn
zKEwI@c$Sy1l*WlBz_0MNt|UE58FRw>3&Oz#_xx2Jk+nbxDzo?ik7WY`SF=~N7=BIl
z8(N`kYRgmoAgBIIK&hx7uY2JPr&mc9e!arrQZPNo@u7m_AkMOQd5M(YIL~vLpbr;J
z1tp>sV;#!WgR|c}&*S6fsj_^8v_&pPrBHsy2><#mp1x><<Ncg{v~((>sqjJ0e!GP8
zWryKoB~+_uHvA3`i^rZWYS#4JGtO=H`&_18-ZGA}xeQjH!1>K#R@Bp6s1_rR>*E?N
z>&AlcNll=Fvq1l`MytXyCwwL+h^wn0{D~&ey-}b)d&zp*^ln4T0R8WHl;$Mp^!EUl
z)(FfW$X1@v!=G{XhZ3yX-9PacYf62JFG5kFDj$57{gKk7qq{?&*3}*a{i!<A^QGSB
zIp$6;s~bPZ*`H(0)fo9XF2k~TluuEXt8)G?Xm{}pSrAsGL;?MIpa=14w8kSts6_mw
zTITt;w;uZfpA<M*y!;hM;{k>^j}}ubs}-FhG*DaUizVY4Qr9Rs4P`ZoDgK%Sm7lo}
z*q2HudfDD*e^W#Y)sXrKM_f;<CG8hD`?8E2r6=ze`}?xFN6Qdt1#I*yWzIe&T-u}l
zp-d?`!#{FFI%GBiM)4xMJs9xMrAAJk%KgjbHdh2Y*xkSKKvmRV<m})0g{!Mq>7sA3
zf5$^mr9Jcs&i+G$#`Ar)k8<`^O>jdPB?J$P7WaQ@+U32mk8$?3iyWnH*2g*fFL@>8
zM*H8KF31rMw|B1h|37?Pl>cAi{OkNM3LlVVqOCXyR;NKqj)5qONzgV&8y0r7fTf&*
z5BfC(+zROo#k-Ci)REnRy7*fk5+(oK=e6kC6heD=_0@g-65509i@hGi4>998iOoec
zLB&h`Z}BuhNxrM!uyZwXV@2s5_1LSvZ1{MoI)Q6Wa~r8CZK@ggJkHW}oGH*q9|UXl
zT_Y9h7Rc4g3%2qKVWfuYU(|HBt1jAo(p|PrwSvElUdB@B=PT5=)4Rrt!A^Wkj!5BX
zo9|AAR}G}hJw$h0Bti=*%%1P3m7S-sc#f7tb(1N~nP2rVGVD-w{PZS7eoP%L*(w?+
zW#L{!%8FiE(d$X+WoRn8L;M(>HU#5vF;)7+#`D)k`Pzq0R9P<uEL6VMtO|*g_0>1I
zDpU9l-x9LfiZ@cEp}|6JcRP@Oi(6+qsrm~dMcGZuf0*<pwwGS=7e;Sk`)i8PSi%;&
zB0h6VxGKPQ-h{g*Cmsf8i#V79aXqc*E5bs*%K44eC93%v8Z7?{9t;2g#a9b(ROJ;u
z|J~g@c)#SK2n%Qsfk;Fh(Cpo7uvFBFJf?Q6(*`jh9Y|71kkJw@Laem52E<2|3M#gs
z=%7`rki@G}K~zd>P_$N2sUjj`TVJDN`hEZZ-`%_6Av1MkC!2Hbcg{WkIsbpo`Ohll
zNKE1#m53v8l{lwrYVE9w${NX21@lFuP&$y{qe&O(CZa^YBm*SwBrcjVy&_q12=&g2
zFLWn=>U;}^Us1||8Py$TIwU4mOs$zxIelgYEai)})&4pWuU=$Zj?s?ViyqQv0UnMe
z)Hi;->L>l>#CVZX;?%8dSzFh#@%*~I`?gXX<3GfvWH80nP8J=i;0hk*5fxgE^It;c
zDH$fi^*b^BPQH?n#>8nPN|q>Ds^lgm%aq)#<Q65jDp{!*TwDh?5PO@LSXEmyqjLJe
zLfae-&DYU&QYOA*7DA<`^oj&}97A;&YElhQ17%Pc@&PdomXlz;!5K2Xx}q{UX-eg6
znOHHscIK2Tg$RM+A#kz^9gK%wC6rnu4L_}y!kAMp)ydc*kxSzXW%Hl%;nhV6$;-zd
z4lvY04$)l*>clS<6@z5%(@}|n#5-NEFZFU;*Qmsy<V;ZsNE*wcl33n6@n?w2gCw4_
zP8<>(ipqz?n;n%TthEA2E?*Uu<k7d@Qczf^)PdU~&U{&UX{^VD(bL{8-!P|3%Qb_B
z{Nt`=Jw}x*b_ID*ET_qQ<tw#7$+b!rDp{nYUdeSzeyQYoC5ywuzZVCxMalC>Dg_6T
z2Hn2>9PgcYvToqOr|TxqDLQ&NUZ8{1IX<a+=8T#n%JTU~E6cMk=H~ee7uh^N?UV!a
zybyn?&<VAoc`kiKwS#2&>b7|vj26`%27i*s&2y8p%;wwsw9Ru$SOG5&Z=2_=0809u
zmz(F=+L$&iH_x-Rarf0xNq(d@p1nURDL5LnQONY^`t8@o>koFX>(TY0y5)1b9KG6T
zr-L*7zhZXPOmx_)$|H&HX!QTAgJEfGLuo9OAH9bpVIEDsfu(VIPHD8mAFhB<tL+ug
z0j06*hf#^X0{V;U2+7QKQ3*@K-)*jqman3cn7uYwPR|xcCE*po3&j}|l_Vk;N>NQz
zk{2nO%7&;U-&$iIxNlWdQeZvcHso!ON(#+7-)+%!U^1#AiRUHGzVgbdtCFYYBo$BH
z3}NH&g}EK$#y>WX&sd-#w{|dZ_<hCJjuaiDJch{#)ydIzV@|(ViIRTt5~z(dMbOzg
z`IOH3j@rAy5$}pia{c?d^~S7!NVdM`eYvpu|Mjm6{o8p^|GMV**H!yB@Dho4PK>FV
zRb5qShTTI|C7yQa^{|r{(6_$uWVWi6tK=G0S90bE*ySp1r(5G5dI%TorWYMFK4;N3
z=a#!H_9A(>WlN4^+3tGT0d1BYd6;F9cRdfc?5W?pY+kowCH8|uNREjxyUQFS$T0Zq
zccS|I_)j|g7hy6Y{%nXC9S~)-b~4Ijwe^Bz_LN!e43iP<E)x}TkLzZbJ)y&UvLS@p
zemYz?9d#fRiP52U|Ipq3;kpB&Oh%OT``vK4cXJ%bL}GNPjTNlBX=^F7aoI?;j(mh4
zaN>_f6S~cH45Rg)OJ$kh3<Trf;*yC;@Tz7c_`;Q)LjXuem^wbKX)<Pkpve_~n=9Tb
znBCdO`VmOz(3<Fqx4G5{zY&n!su|eXs2LHg=xrsi56n(iQ*qJ;NcKpJzXP-{0Ph(v
zCt#6fni~5VhQ=O4-xRMyTD--uNXGAgfIfxAYg4ee9Za%O{NHIB!wq495uh7Oq45#6
zW+uK5;rkh1nFglR)l?hR%nJa%NQwV306&ej+hfT)G{qja7{JG}!T!*XEpF%-x1+Ob
ztda4DxMrvRh4uWYU@Bqyc1=yt1U&45?4rhpVED?1p$#xTPJ|lREAvY5A86gKDKsv#
zz-YbSW?8S<4gHW^OcW`Cw2-L{#`hR2kuTxQIiOE)H>`KE)OsgP1_+Q1vK>IM3-9)E
zHI-{|;F_V;WPUor=sejQCgi(dZc0J<9nHY*D`4V?IshGog9+A{lL~GKkM4APbTQDL
zd}S5<x-X@vpJJ*J2;%`G`*b-h!o$zFk2h*Y0w%*8Z9u09jDRkNH=0>_7B=)AFu{5e
zl!>g{0M*52ahYemk;aq(K>g#nIGEsLGIL9_%uXk5M92>?3j1^tnUV-&TwWbv%<Cl)
zMh5V7$h-+#=ei6WK)H#?hRBN$r#dv;<aMbCqiqj$BaG=qcc&y-%;E#%osNTQhP_b)
zUQ5Z&vj8|QDS)1u5&s0&YK%lR@)gqJ5EyJURt~bScu8Xe)ELzORxuh}AFo(HOk(=)
z*$~Kh4>5ni1b;Uv@4dslc+O<FzuKm}Tw_yy62R99AV%*muBO3_u5-AJ@sA5PhIO`=
z%EL8-mB+eLjz;I#Ao>KG(h^(k57_dTHw_@4!$>P%DL~o7Vbb7Xw#9;UHXeT7Ng&E(
zURWPsg3qY;sy=d9U|W3O)pZiQM&JW5XhNj2Ap}^Is6)S&z$0M3=jvPl1yF4O`7!7?
zTiiav($x_QtNm3TH|R6Wr}M!)h&`FBDI8j>nV4?cl%Tzdj0I30hx1;kp_NSr@Ow6k
z$MPTBi~@d=W!5bIY)xUKzyNXwR=AMB@>2NFZ0PzX3k++56dK!Dc7Fu3zf}B=oU7@_
z#{eec+k)>B0*|NIsSMp00>?mo2Lc<)C_e{KhS2)~yqLglNUp%c!(oTN8qA%pp-+SW
zTh#l|{F-}tvN_`5I(z2c@@x`h&X6q!6}5@pFd8s^0m3VUZhyq<7lS#YS*H>xfCnwG
z308V>&v@?pn+&aQvcNjDnU_Etup>I7&n*>ig{F=^UNA5=&`5;+@rp*Xz7#cu4zaGf
zpd{8a9x(pzUDIQJOJD*Xd_2@^3gBr2Xu81y0W-W_Qvl;FFhb|5G3p^t>?*P<#=DuN
zQ^q@r!@@@F$UpfC+wuCgE%j5|QYV8pGBh$T@l5faJb-U6sNPE80x%0w+CxwnyUzl=
zKAs}Ln;-3#)IZZTfRBC|ya+m%4m}Izdbs+Ct|VyOjaRrSzhHZHZTI5Df@Jfyhk3Ej
zCW<b7Fy(A#U!hkH1Au!-%0~mZNmBsN8NmAt^b~fOJ?JAGZUR^?FG}mH6*Q*3BLH_L
z*`GiUsP;;0D(x-ctF%69%s4SU#so0P<3rDYLnt=?Wq_DXye*6pVF!;IE#$a42d1$-
z82OqLlz+cHgP_44N-bz_&PU_G>@79T^EbRBPt=U*ukwhMtZKCVbxyNws~IM@zYY%j
z>rmTY*>iMESkcepo;KLhx<Bl%Z(E?%cE^>S@PKAWstZ^H?REDx=^$^}S;54`2=5K=
ziL30zF(JGshGp*wf2noN^aTdg->Bl^ikZI1S?v$uG_=KzM{j`c;qdlvSC=_yphr?L
zdS-e<UtZ=Fy}ofsPC4Y2?U&h`I>YeuIL|9s5!TFDdtR+9hH!jsXU10?vjvcZ@(Eih
zfl_;2-E8;Q-)#4n9q$wR>|kHfa7d9zj%NG?yr4L}E})Tau4y<PzHhPKDs5TZr73_H
z4WL`ZCXRY!Uf^W+Hm|L-ME<IWEU0d<quz?lX<^{^{>ycyYevu9!5hr@-T)Ae-__-m
zhJD$gnV4ocbo;1l?@a=a+INjH(~pAJ0UQG<8Chxv&add!JvL{`!@Yga_M=Nu{H@>^
z=J}Kz{_eq-Id=nt9c2fx%j~QfEHQu{B=01EE+d;$n);nw129tp<`VB~;aGYpz$q?=
znV7!Cf?u0k$h(EW8Z3F2o>h5u#B8T@H4U~}z~dGD3IN608EDVe4}YtywWp7H+vjlV
zZ4M`@6=s__NSVF&EWmUAfIu7$v9dt@zgd9WEl7)?nWu9s9{vn)B(E(3Y}9LXEijdA
z*Z&nXo(HWC&jDKYV32EOE<NC5ekE@%JBTPpf07EdIMA0(Z)o>a$eitD4A?gUR@MV$
zQ6~IhpJmeD<kbEnaH_R+lX0rGb&YY#GG{xXDB@IW>)Ns?b1<hmtZvzQbEi({&Aqs0
z%#5jHW=*cWd{)JX3%@_&=M@uvaQ-Zj{{fQ{004<lPDc$28VUda01Zh<L{b0%0gwOy
z07wW10002krK36k000SaNLh0L01FcU01FcV0GgZ_00001b5ch_0Itp)=>Px#1ZP1_
zK>z@;j|==^1pojNC`m*?RCodHoqKRp)g8xwc?b!RfI$Bc;#;RCsqI(<QPF}tl#X-=
zq41A9rx?b9#1^Yy4TQFWQ!FszgD^vQ=u|8aW?BU?X=w#S3Nwy1fj(eBk}wuXU?~X%
zVtT$OIhUKuy}KL8y=V9A?=!QryZ8P0{m%FNe!sJKlUf8MnElMNR9*QsF~LxCvYMXx
z#SEG{bt;(*%&WM#nD%_Sg)%eKiSeIMsF5Cea2zdMxR6Yzw6v67dv__Nv26v$z^sAv
z=888dDJh9k;ox}nNY9{G3g#0N4Ew6~(B<ZO`sSN&C^<QqOa-=ub1W*#r>v|##Q0Bj
zbsc@Q{Sq}dH&aSV3YiM*3a^K!452#*-9bz+)UG>WwOg{~x^(FhUA}yom|$sYYLZTF
zGB`ij7ZWV-XVYy9jTqZj@Zg#&+e$_c(LR9*4qS6MfvLc@(2#NGBzRz3c(rAyjRfb%
zwiP^Rv(Whk$!Y=<Jh<*AJ2+4&QYKgu#kRQZ3Ld*{nVWo%159^t6xmoj^q_<r_rO%x
zw)BGQ&jO+ulbwJaTtBAX1JlJZ)=?c4DIk0!^nmMb`n6}<(u2D0eEk_efL&Rmuoyig
zLVbXv5WSds{aG0GBO?&L5&AGa0!f4ji(wKGl|oGBTq5Ha9DV46{hIL;H9$tDu-MV{
zVR{6@=)v?6a4e8|QP-XYL?i0D^GGbFv*G$0<0tC(H_4o*)`#jPntJ`&!S%uQHO5cW
z^ZSzdm%{o;gzL^uu7^ZO@o>APAC5pYk_f#-c5*%NwP*aq8ihrSHcYR9a08|fu75B=
zkjy<5eVASYVf4Y71;$UTVZ8h_ONKFzM0l7YqYvw8yxdb^7&GDQ0^>KyY+(9GgvYrv
zdPoHEVEfV!|Bz54>;R0Pn4Dc;-_Z|`!qN<nlwthF<a@yNTYXqH5cP{fMi2ZfEQaYg
zJU~D%&<$%87T*XxB*FvlxPzhxeijzvC)TsDh|xwOI60>o^uW);VuFB&@oFRyoSb18
zbCD4U_Y(ENLoFFU;Pe&aC)U$=iP1{D*FnylIpaBxpY+UJFGr6ab)C+c6TMh95FX8-
z4-*>K&p-d1ZomC@TDx}bRrBJ($@lL4H&s<t%g>=uL)7bG*^VsFbR3AsuwlboZ7ZHT
zC$$G_sj{Mqu7wNdE>J9>H3BL7>qhIfuWAqZ!G`Ut>Cmw+DV8ziVTy3{Y15`rUS3|i
z9%IlBzGlr%dSu8#@me6?H*NYX;yQK#S+r;i?bz{!{0woZu0GvvS^IZvd&Tl?6w8=o
zTj-?h+_|&eyw0|-PuB0E<zrXSs>vm^WcaJ}{=7d>eN8=eHnoRNP-S^#RLk1;f8yW?
zdVA6;iUry|&OK;Hf2pL9YEK=PuMHoS(75>{>3XTyzrCGc^yrpJ8QpqPEMr>qw{`1Q
z>F98HB_u)F7KEU5&0pw)4_}~9b`^`)LK-#dyB*rb(xp#X>+IO^54lYRgvBmM)29!k
zIfXx@SjUtUqKZcBw$<4~#4m&{Q0|CaDp>zCy;$)ArDvwou64Uf7mXs?fQTt>%D#za
zZYZEwKt+J5q=}#A&$T{}n?FJ}{`cJa9r+zmNzKXQ)c;#I)1aJ(tmQD>{{7I=FU2yq
z$j|FV#4&up6BIfhlFJOreuy&L1Vk-&Q0xQS#e8hrzFoCHfOq?RzX*jwbnMtM>e8i4
z+zQFrvuCfGhLi((i$z66G-1L73W}_(K9nh(UZFn!YSCuO&dCx2vr}C2MjAZ$E_%5r
zzumHGxd#T{EvKvKV$-I5LM(=gd0XW7y?g&7&MRL=Bh}S)avma|B)SsKWM+1wRV6=>
z$AjgbpZhMM8OJi%|41QHg@vQZPtKh?Cv7V|Jw0x1%dP$a+rn$Xf(0~l=1lUF+~GO&
z@yc@RJ3b?F!1c@#^G41ZA*cUw@t^4MXNP5a>5f5n(1gW5meY5Mh-Uwm1J?8(%^yQ)
z8ENhIfv5*OGI@x6KeF!#?Jqk(W5lxW&wF2{yATl#$QwX+if!N++_ryX{~P6Wyd!FX
z@YU7UQGIp2oR4G0HaZ(AAi50<k;1u#ko^3{=GSQ7!QGVi=tSE3$wsO;u$|^jS|sO9
z{Y^eqy?er1Z}B?|XjcBuDJ0fKG;`>yO0k`@QXt;gyp-~OFp&ldA;EH)-7|$i<;s0Q
zu-5%@vlJ}s59<sR>umUFwGg1QZTs_IK+wSAWg>9?>C>mv!i5V(gFRSG$ss?<5dwk6
z`T4o;Q2zJ_#6It~=A9MO(YPZz0gHrCAX;%o5LgbWD?}j=2$6x%j2}N(&Qocw!nSqr
zUDZJFzF9;kAAI<t6rbhGKNPQRGNOUFj2v~Zj974dNU!-V9$@wA)$(O3#l^)`T3RaZ
z)hJ4S)SpZ|>J(`B0UC8Q%!OO$$nR*>4~xbgQA@q(NT}(mMuFuqUrjF;4gbflmkVKd
zvfVzgz7y;xT?h?C1@jRRsp%@Er9=YThbTdK5Ur?XAufobl%T8-skzP+5TzN~1O)XD
z@XxQ13v7`MJ)(fJzip)Q75n78u|h<q{5oF<${ra}c!9`c{kGLYbSB8{xbfJ4(Q-bh
z75mv&^{Et)iUZr|_2)`u#Bt9pxwLpgkrfH~&4Uj<NO#?J7p0`6P`m=6aOS2Jx88ay
zz4g{xR8dhueuIV^0)aFW8t@w7)W3i4Ss4WYdpc{p5EuweXQrSaS}LM}c&!k}03aG_
zx-;VOlib`~y6?XGC^c1ElHt0+2tTAn-RRY;7tNkMTSo7d6kR<b8V-ntAB{13{`cqI
zZ$%lH-tV4%QWz8`L@fi2a`_wOaylXeG}xf3yh^NprNMr9$`E?>u_adt$hCs~Vc#mE
zfza6n<__Dj;62SJ+tX%Uh!_xcd?wOIWs6(G#MU%YR=ef0Mbv->pR(z?$g*uWL)1qQ
zb+mr&Dbi<^Qb7JJqMgj{!PQMBPMk;u1qIZ#YuC6<GeA6?0s`lrGiQ!WGc-0f1|lE|
zhyz}TGEfvRDVae!QR%OPRW(-1D+nHc{Bd#qi>Q0|?i8<}bK(>bWm|Z4>n2i#t2(!+
zj7Axvfrz2uTw}X=H)i!}w_Lw_ZjzD0<du`8=%`ea5*>S^jpZ6Uc?4B@fE^MiYJ{Z}
z5FI}xR5cJp7>FJwkDehLZ`3e?WZtA=n)SQsB3<^Lj6CK&wTObmwBJd<v5~fdqXS*%
zhloQ(0l+?js!BBG{o5iFzd_WImDQW3O&=<2BSA$Wa)eCV1Mf^3s4;ZtP?@&6?Y7(G
zc{MdPkzXKUK-wpFc&;t7NNN{VC@>Ggks}K5OGK3Mh*-CuD0o9u?rckeVFcApLU5d<
zX9{7lrLpR4qps33yln;h#5NU(JQ_u`t5Q}$U<rs$1AC=lxvWW`=7A{Se~lrlpnXn=
z32Gpdo@nhwB63jk@NOS<)xU4nHHi;KZ$Z2!KM{OSRXMo{4i4u=#DRB3km7+F$HzOq
zki~MOjhr=(&7v5N1{^?GRz-+RkcL9h9qZsTUWg=6Ysty!PaOgE5>=G%FT@1(kRXJ_
zlqXC;Fd!Uu+X8;t7a|4}rBSrLQ`8j@Rji-2K_uH-WW$cedqCdz<+6wWenh6XY7f=Q
zr~qjt2nv>0X{6ojchjiZSC2NudZ=CW%kC!y;D9Yf)+?)343MtsEw-b!1u$9+QBs-^
zAgsH;Y(EW|GK7KxwuP7W1S!M-jrYneOJ(u;_2<^m{8fc=9z+6-yBZONsAcxD=~75q
zi{e*m6~hOPrX`|&fzenHrD#Favu<075Rz?je`w6tzO*@zQCM&Q+=O`UCBnJO%F1Z$
z*s-J&)H*PNN{xd0ttepI3+XQxjgu)PhzsUH2*9XO-?JKX6wDDVw0?d-zN>YxEkqI6
zKGwzeQ0U4w>|p*hArb&1u<%)J7sG)eU>F7FC#FQU%a$#p!oord0*tz{gF3<x6tde!
zIU!Y5Sy3q)_1qCT)LYzBT;<+1XJoX2XhIdu)$*9$C{kf#<~?Z@<PnwhZW9Aco3e5;
zeJQq!^&wjLod|%4p(w5d1Sv5k5}1b~IRppw8Wh~s_U+3l#>^W-ory|eB{erUx12wJ
zo)*k2rWp^-rC0&cM}`oI&Yb52!*?M#D}PpMO@j#a>wB{lE<eG(&wT5+tbwGZrICrC
z5o>5@kdevQybP<L9W--A!F;@9WL6MBd<vc}k)yK|DDoc^BIKulV82_-Lb3)D&%=1b
z0o%HG@uH}4l~Co4l~$^V@t?zQAEBj-mQs%%J@iK)UW5~YYn^u$!mm)sS7|Y%#E>#W
z6ciNd2RSA>d7?ie2T=#2qJpPa%g=~pFjTn6=jelBC;+tnkT4d&(BPU!kBgL9YuE`9
zLHaAGVZ5djD`^y+4L0^2YWsajkVSOU;pg}1MRj^p)t5vC#e2MTVe(T&W98g*H`>_0
zj$<(W-!2(_D8J@El+ujJe{0K+bJvIJA+m2Xej)#|nw?x9aBlujdd3e-?wA1fnb?5;
zP)akM{Y24Nf_uRFF*&+r^uq$88U9OK#t+!8m>^&Qi2+RRC7SYU=y=7{hL$4`{aAk}
z#cHkx<pg~F8NV>Kp=F=Zi>k3{`A0(L3Y=<Sn2y73mR?k5fg=!&B*JxPN7sY0E%t53
z57a|oIRep)$qvqqmwwo{89z|<&16#^C(gtkrat2<9!Lb?VB6A*j6l@m#2J0?^=JIT
z<VKeLMlVu8_{U!Q;Kxlcexd%X%v9KC^uv!b(To}j$Jd|n1CxJ)!#<-I>tTw-XvOq8
z0XsV57aWD?Lv?&vKs3UIPR1{kZJGQ-LVn7DUaVofj2=vHTv<FAzu*ymdQsP(1w<p9
zzGD1@i|CABw0o2Z-wZwQb!Yq{5&mn2{YM{MM2`Wu2EzD-=`|3*5w1SkJqwG`i^-0_
zg-*r~SUmKD6e$acMpPb=d+AJPlL!MeSVZ(;)j;@0=!M0D@e8&s#&6^=(M=w$!RUn>
zF@2ccG30hjAL@sMsraJu)HNrM6B7*Q8bg#wR9Dv#6AZ1_`UWx?yExX@)XNtWJW@c=
zOZ@h|chkoGCDh#9d{xgST$)SuFx}>NW_rxIAGe-uq<z_s$Ln*rb=5wu<-DBrjxJrg
zP=0nknGVi*(4aw7US3X@FCUBgntRQUbRRl$pWJNM%`U<ni+z4a&dIrKq<wT`dTMGa
zjTrH8LPUSr+1XUJxr)C2*MH;2|F3l$Ufb;GzTMW1_8O$5q|m^D1FeU3CJDi4X=rGm
zlP6EonKNhT;>C;Y#*ljzdA+9Fr`gA$hjVtX<-Bg1^C5)xeR@r^e|KI`=Z$qcPjyXj
z(XOT8b8f3!w{Fz8Z(r)&ySEe*6P+FB+t}Dh_4W01>eMOu8Ms{|xBKRt?={bPAKh%o
zY0uHxliTq{<9u%0isZ;{b_tv|=hhHe<MPF_X=!QFuJB4vPd8RbE?l@kb#--g`t)gO
zTlT-Eh-Lo|H_xm6yO#ZhTV9ne?C0-1MmKxy+O?~+t3G}D$Tloh^;j}8GUNi6E?sJO
zQf|hJY3gEH<AK}qkzUSV7p0`6=+xh99k-M02;mIIxs2N}srmM4ZjF(f(W=jIayT~>
z-Bbq$uq~Wt&z?Qydo&%AXnR9$_rS}x+#J-4Xpd3(fSTuZZ1(k)&qO*FXCvYzQtA)k
z?42-lNN}xj?M(*0)4h9l5!qgr{uFIHpxghQ)57h`?VO_Nz(m?kIB{~e`}Xy3xZwsV
z9C(+uCk(FzGZA?x@$l;5c!@)}19sl1NYmB9tIuvC7R`ln_CTETJ3>-~9%D4i+Qk;Y
z_;C}|jW89Qb5m23v@N&agmgxOZ(rBVo-oaR{oVEx$<D(0gIyHt`}VT=NMaeTfpBYV
zoZE$MK|~-RrrQ?81NMc~dp!BS*M98B>$P34^%P$A=Z2fm*{3_##d)C3f^FfI)Y7(u
z-9ViO(bCef9+^EVu^)h!ka(S#eH(TMcRH8zgx%i5?bF_a^J+-EZi-W>ondZEn4U<Y
zj3QC@ERr4BMZ@0M+u!Z?$v)ky;fQ2kPW!Rr*5HRbM>kQ3B!qU`i?m(0&u;c@x2s6U
z9nYw9w>Ql3<p0iX+wtnmc%7G*ct%>+c|4Kq%5Kl#|5Hc|EXMAs0000007*qoM6N<$
Ef<f3BApigX

literal 0
HcmV?d00001

diff --git a/website/source/assets/images/l7-traffic-stages.svg b/website/source/assets/images/l7-traffic-stages.svg
new file mode 100644
index 0000000000..5f90fbf17c
--- /dev/null
+++ b/website/source/assets/images/l7-traffic-stages.svg
@@ -0,0 +1,49 @@
+<svg width="688" height="124" viewBox="0 0 688 124" fill="none" xmlns="http://www.w3.org/2000/svg">
+<rect width="688" height="124" fill="white"/>
+<g filter="url(#filter0_d)">
+<rect x="4" width="160" height="116" fill="#D6A5E7"/>
+<rect x="4.5" y="0.5" width="159" height="115" stroke="black"/>
+</g>
+<path d="M51.5684 61.0625V67H49.9082V52.7227H53.8242C55.5755 52.7227 56.8678 53.0579 57.7012 53.7285C58.541 54.3991 58.9609 55.4082 58.9609 56.7559C58.9609 58.6439 58.0039 59.9199 56.0898 60.584L59.9668 67H58.0039L54.5469 61.0625H51.5684ZM51.5684 59.6367H53.8438C55.0156 59.6367 55.875 59.4056 56.4219 58.9434C56.9688 58.4746 57.2422 57.7747 57.2422 56.8438C57.2422 55.8997 56.9622 55.2194 56.4023 54.8027C55.849 54.3861 54.957 54.1777 53.7266 54.1777H51.5684V59.6367ZM71.2656 61.6387C71.2656 63.3835 70.8262 64.7474 69.9473 65.7305C69.0684 66.707 67.8542 67.1953 66.3047 67.1953C65.3477 67.1953 64.498 66.9707 63.7559 66.5215C63.0137 66.0723 62.4408 65.4277 62.0371 64.5879C61.6335 63.748 61.4316 62.765 61.4316 61.6387C61.4316 59.8939 61.8678 58.5365 62.7402 57.5664C63.6126 56.5898 64.8236 56.1016 66.373 56.1016C67.8704 56.1016 69.0586 56.5996 69.9375 57.5957C70.8229 58.5918 71.2656 59.9395 71.2656 61.6387ZM63.1113 61.6387C63.1113 63.0059 63.3848 64.0475 63.9316 64.7637C64.4785 65.4798 65.2826 65.8379 66.3438 65.8379C67.4049 65.8379 68.209 65.4831 68.7559 64.7734C69.3092 64.0573 69.5859 63.0124 69.5859 61.6387C69.5859 60.278 69.3092 59.2461 68.7559 58.543C68.209 57.8333 67.3984 57.4785 66.3242 57.4785C65.263 57.4785 64.4622 57.8268 63.9219 58.5234C63.3815 59.2201 63.1113 60.2585 63.1113 61.6387ZM75.6406 56.2969V63.2402C75.6406 64.1126 75.8392 64.7637 76.2363 65.1934C76.6335 65.623 77.2552 65.8379 78.1016 65.8379C79.2214 65.8379 80.0384 65.5319 80.5527 64.9199C81.0736 64.3079 81.334 63.3086 81.334 61.9219V56.2969H82.9551V67H81.6172L81.3828 65.5645H81.2949C80.9629 66.0918 80.5007 66.4954 79.9082 66.7754C79.3223 67.0553 78.6517 67.1953 77.8965 67.1953C76.5944 67.1953 75.6178 66.8861 74.9668 66.2676C74.3223 65.6491 74 64.6595 74 63.2988V56.2969H75.6406ZM89.8594 65.8574C90.1458 65.8574 90.4225 65.8379 90.6895 65.7988C90.9564 65.7533 91.168 65.7077 91.3242 65.6621V66.9023C91.1484 66.987 90.888 67.0553 90.543 67.1074C90.2044 67.166 89.8984 67.1953 89.625 67.1953C87.5547 67.1953 86.5195 66.1048 86.5195 63.9238V57.5566H84.9863V56.7754L86.5195 56.1016L87.2031 53.8164H88.1406V56.2969H91.2461V57.5566H88.1406V63.8555C88.1406 64.5 88.2936 64.9948 88.5996 65.3398C88.9056 65.6849 89.3255 65.8574 89.8594 65.8574ZM95.0938 67H93.4727V56.2969H95.0938V67ZM93.3359 53.3965C93.3359 53.0254 93.4271 52.7552 93.6094 52.5859C93.7917 52.4102 94.0195 52.3223 94.293 52.3223C94.5534 52.3223 94.778 52.4102 94.9668 52.5859C95.1556 52.7617 95.25 53.0319 95.25 53.3965C95.25 53.7611 95.1556 54.0345 94.9668 54.2168C94.778 54.3926 94.5534 54.4805 94.293 54.4805C94.0195 54.4805 93.7917 54.3926 93.6094 54.2168C93.4271 54.0345 93.3359 53.7611 93.3359 53.3965ZM105.855 67V60.0762C105.855 59.2038 105.657 58.5527 105.26 58.123C104.863 57.6934 104.241 57.4785 103.395 57.4785C102.275 57.4785 101.454 57.7812 100.934 58.3867C100.413 58.9922 100.152 59.9915 100.152 61.3848V67H98.5312V56.2969H99.8496L100.113 57.7617H100.191C100.523 57.2344 100.989 56.8275 101.588 56.541C102.187 56.248 102.854 56.1016 103.59 56.1016C104.879 56.1016 105.849 56.4141 106.5 57.0391C107.151 57.6576 107.477 58.6504 107.477 60.0176V67H105.855ZM119.576 56.2969V57.3223L117.594 57.5566C117.776 57.7845 117.939 58.084 118.082 58.4551C118.225 58.8197 118.297 59.2331 118.297 59.6953C118.297 60.7435 117.939 61.5801 117.223 62.2051C116.507 62.8301 115.523 63.1426 114.273 63.1426C113.954 63.1426 113.655 63.1165 113.375 63.0645C112.685 63.429 112.34 63.888 112.34 64.4414C112.34 64.7344 112.46 64.9525 112.701 65.0957C112.942 65.2324 113.355 65.3008 113.941 65.3008H115.836C116.995 65.3008 117.883 65.5449 118.502 66.0332C119.127 66.5215 119.439 67.2311 119.439 68.1621C119.439 69.347 118.964 70.2487 118.014 70.8672C117.063 71.4922 115.676 71.8047 113.854 71.8047C112.454 71.8047 111.373 71.5443 110.611 71.0234C109.856 70.5026 109.479 69.7669 109.479 68.8164C109.479 68.1654 109.687 67.6022 110.104 67.127C110.52 66.6517 111.106 66.3294 111.861 66.1602C111.588 66.0365 111.357 65.8444 111.168 65.584C110.986 65.3236 110.895 65.0208 110.895 64.6758C110.895 64.2852 110.999 63.9434 111.207 63.6504C111.415 63.3574 111.744 63.0742 112.193 62.8008C111.64 62.5729 111.188 62.1855 110.836 61.6387C110.491 61.0918 110.318 60.4668 110.318 59.7637C110.318 58.5918 110.67 57.6901 111.373 57.0586C112.076 56.4206 113.072 56.1016 114.361 56.1016C114.921 56.1016 115.426 56.1667 115.875 56.2969H119.576ZM111.041 68.7969C111.041 69.3763 111.285 69.8158 111.773 70.1152C112.262 70.4147 112.962 70.5645 113.873 70.5645C115.234 70.5645 116.24 70.3594 116.891 69.9492C117.548 69.5456 117.877 68.9954 117.877 68.2988C117.877 67.7194 117.698 67.3158 117.34 67.0879C116.982 66.8665 116.308 66.7559 115.318 66.7559H113.375C112.639 66.7559 112.066 66.9316 111.656 67.2832C111.246 67.6348 111.041 68.1393 111.041 68.7969ZM111.92 59.7246C111.92 60.4733 112.132 61.0397 112.555 61.4238C112.978 61.8079 113.567 62 114.322 62C115.904 62 116.695 61.2318 116.695 59.6953C116.695 58.0872 115.895 57.2832 114.293 57.2832C113.531 57.2832 112.945 57.4883 112.535 57.8984C112.125 58.3086 111.92 58.9173 111.92 59.7246Z" fill="black"/>
+<g filter="url(#filter1_d)">
+<rect x="524" width="160" height="116" fill="#89D888"/>
+<rect x="524.5" y="0.5" width="159" height="115" stroke="black"/>
+</g>
+<path d="M558.082 60.0625V66H556.422V51.7227H560.338C562.089 51.7227 563.382 52.0579 564.215 52.7285C565.055 53.3991 565.475 54.4082 565.475 55.7559C565.475 57.6439 564.518 58.9199 562.604 59.584L566.48 66H564.518L561.061 60.0625H558.082ZM558.082 58.6367H560.357C561.529 58.6367 562.389 58.4056 562.936 57.9434C563.482 57.4746 563.756 56.7747 563.756 55.8438C563.756 54.8997 563.476 54.2194 562.916 53.8027C562.363 53.3861 561.471 53.1777 560.24 53.1777H558.082V58.6367ZM573.062 66.1953C571.48 66.1953 570.23 65.7135 569.312 64.75C568.401 63.7865 567.945 62.4486 567.945 60.7363C567.945 59.0111 568.368 57.6406 569.215 56.625C570.068 55.6094 571.21 55.1016 572.643 55.1016C573.984 55.1016 575.045 55.5443 575.826 56.4297C576.607 57.3086 576.998 58.4707 576.998 59.916V60.9414H569.625C569.658 62.1979 569.973 63.1517 570.572 63.8027C571.178 64.4538 572.027 64.7793 573.121 64.7793C574.273 64.7793 575.413 64.5384 576.539 64.0566V65.502C575.966 65.7493 575.423 65.9251 574.908 66.0293C574.4 66.14 573.785 66.1953 573.062 66.1953ZM572.623 56.459C571.764 56.459 571.077 56.7389 570.562 57.2988C570.055 57.8587 569.755 58.6335 569.664 59.623H575.26C575.26 58.6009 575.032 57.8197 574.576 57.2793C574.12 56.7324 573.469 56.459 572.623 56.459ZM586.676 63.0801C586.676 64.0762 586.305 64.8444 585.562 65.3848C584.82 65.9251 583.779 66.1953 582.438 66.1953C581.018 66.1953 579.911 65.9707 579.117 65.5215V64.0176C579.632 64.278 580.182 64.4831 580.768 64.6328C581.36 64.7826 581.93 64.8574 582.477 64.8574C583.323 64.8574 583.974 64.724 584.43 64.457C584.885 64.1836 585.113 63.7702 585.113 63.2168C585.113 62.8001 584.931 62.4453 584.566 62.1523C584.208 61.8529 583.505 61.5013 582.457 61.0977C581.461 60.7266 580.751 60.4043 580.328 60.1309C579.911 59.8509 579.599 59.5352 579.391 59.1836C579.189 58.832 579.088 58.4121 579.088 57.9238C579.088 57.0514 579.443 56.3646 580.152 55.8633C580.862 55.3555 581.835 55.1016 583.072 55.1016C584.225 55.1016 585.351 55.3359 586.451 55.8047L585.875 57.123C584.801 56.6803 583.827 56.459 582.955 56.459C582.187 56.459 581.607 56.5794 581.217 56.8203C580.826 57.0612 580.631 57.3932 580.631 57.8164C580.631 58.1029 580.702 58.347 580.846 58.5488C580.995 58.7507 581.233 58.9427 581.559 59.125C581.884 59.3073 582.509 59.571 583.434 59.916C584.703 60.3783 585.559 60.8438 586.002 61.3125C586.451 61.7812 586.676 62.3704 586.676 63.0801ZM598.561 60.6387C598.561 62.3835 598.121 63.7474 597.242 64.7305C596.363 65.707 595.149 66.1953 593.6 66.1953C592.643 66.1953 591.793 65.9707 591.051 65.5215C590.309 65.0723 589.736 64.4277 589.332 63.5879C588.928 62.748 588.727 61.765 588.727 60.6387C588.727 58.8939 589.163 57.5365 590.035 56.5664C590.908 55.5898 592.118 55.1016 593.668 55.1016C595.165 55.1016 596.354 55.5996 597.232 56.5957C598.118 57.5918 598.561 58.9395 598.561 60.6387ZM590.406 60.6387C590.406 62.0059 590.68 63.0475 591.227 63.7637C591.773 64.4798 592.577 64.8379 593.639 64.8379C594.7 64.8379 595.504 64.4831 596.051 63.7734C596.604 63.0573 596.881 62.0124 596.881 60.6387C596.881 59.278 596.604 58.2461 596.051 57.543C595.504 56.8333 594.693 56.4785 593.619 56.4785C592.558 56.4785 591.757 56.8268 591.217 57.5234C590.676 58.2201 590.406 59.2585 590.406 60.6387ZM603.033 66H601.412V50.8047H603.033V66ZM607.994 55.2969V62.2402C607.994 63.1126 608.193 63.7637 608.59 64.1934C608.987 64.623 609.609 64.8379 610.455 64.8379C611.575 64.8379 612.392 64.5319 612.906 63.9199C613.427 63.3079 613.688 62.3086 613.688 60.9219V55.2969H615.309V66H613.971L613.736 64.5645H613.648C613.316 65.0918 612.854 65.4954 612.262 65.7754C611.676 66.0553 611.005 66.1953 610.25 66.1953C608.948 66.1953 607.971 65.8861 607.32 65.2676C606.676 64.6491 606.354 63.6595 606.354 62.2988V55.2969H607.994ZM622.213 64.8574C622.499 64.8574 622.776 64.8379 623.043 64.7988C623.31 64.7533 623.521 64.7077 623.678 64.6621V65.9023C623.502 65.987 623.242 66.0553 622.896 66.1074C622.558 66.166 622.252 66.1953 621.979 66.1953C619.908 66.1953 618.873 65.1048 618.873 62.9238V56.5566H617.34V55.7754L618.873 55.1016L619.557 52.8164H620.494V55.2969H623.6V56.5566H620.494V62.8555C620.494 63.5 620.647 63.9948 620.953 64.3398C621.259 64.6849 621.679 64.8574 622.213 64.8574ZM627.447 66H625.826V55.2969H627.447V66ZM625.689 52.3965C625.689 52.0254 625.781 51.7552 625.963 51.5859C626.145 51.4102 626.373 51.3223 626.646 51.3223C626.907 51.3223 627.132 51.4102 627.32 51.5859C627.509 51.7617 627.604 52.0319 627.604 52.3965C627.604 52.7611 627.509 53.0345 627.32 53.2168C627.132 53.3926 626.907 53.4805 626.646 53.4805C626.373 53.4805 626.145 53.3926 625.963 53.2168C625.781 53.0345 625.689 52.7611 625.689 52.3965ZM640.123 60.6387C640.123 62.3835 639.684 63.7474 638.805 64.7305C637.926 65.707 636.712 66.1953 635.162 66.1953C634.205 66.1953 633.355 65.9707 632.613 65.5215C631.871 65.0723 631.298 64.4277 630.895 63.5879C630.491 62.748 630.289 61.765 630.289 60.6387C630.289 58.8939 630.725 57.5365 631.598 56.5664C632.47 55.5898 633.681 55.1016 635.23 55.1016C636.728 55.1016 637.916 55.5996 638.795 56.5957C639.68 57.5918 640.123 58.9395 640.123 60.6387ZM631.969 60.6387C631.969 62.0059 632.242 63.0475 632.789 63.7637C633.336 64.4798 634.14 64.8379 635.201 64.8379C636.262 64.8379 637.066 64.4831 637.613 63.7734C638.167 63.0573 638.443 62.0124 638.443 60.6387C638.443 59.278 638.167 58.2461 637.613 57.543C637.066 56.8333 636.256 56.4785 635.182 56.4785C634.12 56.4785 633.32 56.8268 632.779 57.5234C632.239 58.2201 631.969 59.2585 631.969 60.6387ZM650.299 66V59.0762C650.299 58.2038 650.1 57.5527 649.703 57.123C649.306 56.6934 648.684 56.4785 647.838 56.4785C646.718 56.4785 645.898 56.7812 645.377 57.3867C644.856 57.9922 644.596 58.9915 644.596 60.3848V66H642.975V55.2969H644.293L644.557 56.7617H644.635C644.967 56.2344 645.432 55.8275 646.031 55.541C646.63 55.248 647.298 55.1016 648.033 55.1016C649.322 55.1016 650.292 55.4141 650.943 56.0391C651.594 56.6576 651.92 57.6504 651.92 59.0176V66H650.299Z" fill="black"/>
+<g filter="url(#filter2_d)">
+<rect x="264" width="160" height="116" fill="#DFE093"/>
+<rect x="264.5" y="0.5" width="159" height="115" stroke="black"/>
+</g>
+<path d="M316.119 62.2012C316.119 63.4577 315.663 64.4375 314.752 65.1406C313.84 65.8438 312.604 66.1953 311.041 66.1953C309.348 66.1953 308.046 65.9772 307.135 65.541V63.9395C307.721 64.1868 308.359 64.3822 309.049 64.5254C309.739 64.6686 310.423 64.7402 311.1 64.7402C312.206 64.7402 313.04 64.5319 313.6 64.1152C314.16 63.6921 314.439 63.1061 314.439 62.3574C314.439 61.8626 314.339 61.459 314.137 61.1465C313.941 60.8275 313.609 60.5345 313.141 60.2676C312.678 60.0007 311.972 59.6979 311.021 59.3594C309.693 58.8841 308.743 58.321 308.17 57.6699C307.604 57.0189 307.32 56.1693 307.32 55.1211C307.32 54.0208 307.734 53.1452 308.561 52.4941C309.387 51.8431 310.481 51.5176 311.842 51.5176C313.261 51.5176 314.566 51.778 315.758 52.2988L315.24 53.7441C314.062 53.2493 312.916 53.002 311.803 53.002C310.924 53.002 310.237 53.1908 309.742 53.5684C309.247 53.946 309 54.4701 309 55.1406C309 55.6354 309.091 56.0423 309.273 56.3613C309.456 56.6738 309.762 56.9635 310.191 57.2305C310.628 57.4909 311.292 57.7806 312.184 58.0996C313.681 58.6335 314.71 59.2064 315.27 59.8184C315.836 60.4303 316.119 61.2246 316.119 62.2012ZM323.775 66.1953C323.079 66.1953 322.441 66.0684 321.861 65.8145C321.288 65.554 320.807 65.1569 320.416 64.623H320.299C320.377 65.248 320.416 65.8405 320.416 66.4004V70.8047H318.795V55.2969H320.113L320.338 56.7617H320.416C320.833 56.1758 321.318 55.7526 321.871 55.4922C322.424 55.2318 323.059 55.1016 323.775 55.1016C325.195 55.1016 326.288 55.5866 327.057 56.5566C327.831 57.5267 328.219 58.8874 328.219 60.6387C328.219 62.3965 327.825 63.7637 327.037 64.7402C326.256 65.7103 325.169 66.1953 323.775 66.1953ZM323.541 56.4785C322.447 56.4785 321.656 56.7812 321.168 57.3867C320.68 57.9922 320.429 58.9557 320.416 60.2773V60.6387C320.416 62.1426 320.667 63.2201 321.168 63.8711C321.669 64.5156 322.473 64.8379 323.58 64.8379C324.505 64.8379 325.227 64.4635 325.748 63.7148C326.275 62.9661 326.539 61.9342 326.539 60.6191C326.539 59.2845 326.275 58.2624 325.748 57.5527C325.227 56.8366 324.492 56.4785 323.541 56.4785ZM332.682 66H331.061V50.8047H332.682V66ZM337.74 66H336.119V55.2969H337.74V66ZM335.982 52.3965C335.982 52.0254 336.074 51.7552 336.256 51.5859C336.438 51.4102 336.666 51.3223 336.939 51.3223C337.2 51.3223 337.424 51.4102 337.613 51.5859C337.802 51.7617 337.896 52.0319 337.896 52.3965C337.896 52.7611 337.802 53.0345 337.613 53.2168C337.424 53.3926 337.2 53.4805 336.939 53.4805C336.666 53.4805 336.438 53.3926 336.256 53.2168C336.074 53.0345 335.982 52.7611 335.982 52.3965ZM344.635 64.8574C344.921 64.8574 345.198 64.8379 345.465 64.7988C345.732 64.7533 345.943 64.7077 346.1 64.6621V65.9023C345.924 65.987 345.663 66.0553 345.318 66.1074C344.98 66.166 344.674 66.1953 344.4 66.1953C342.33 66.1953 341.295 65.1048 341.295 62.9238V56.5566H339.762V55.7754L341.295 55.1016L341.979 52.8164H342.916V55.2969H346.021V56.5566H342.916V62.8555C342.916 63.5 343.069 63.9948 343.375 64.3398C343.681 64.6849 344.101 64.8574 344.635 64.8574ZM351.705 64.8574C351.992 64.8574 352.268 64.8379 352.535 64.7988C352.802 64.7533 353.014 64.7077 353.17 64.6621V65.9023C352.994 65.987 352.734 66.0553 352.389 66.1074C352.05 66.166 351.744 66.1953 351.471 66.1953C349.4 66.1953 348.365 65.1048 348.365 62.9238V56.5566H346.832V55.7754L348.365 55.1016L349.049 52.8164H349.986V55.2969H353.092V56.5566H349.986V62.8555C349.986 63.5 350.139 63.9948 350.445 64.3398C350.751 64.6849 351.171 64.8574 351.705 64.8574ZM356.939 66H355.318V55.2969H356.939V66ZM355.182 52.3965C355.182 52.0254 355.273 51.7552 355.455 51.5859C355.637 51.4102 355.865 51.3223 356.139 51.3223C356.399 51.3223 356.624 51.4102 356.812 51.5859C357.001 51.7617 357.096 52.0319 357.096 52.3965C357.096 52.7611 357.001 53.0345 356.812 53.2168C356.624 53.3926 356.399 53.4805 356.139 53.4805C355.865 53.4805 355.637 53.3926 355.455 53.2168C355.273 53.0345 355.182 52.7611 355.182 52.3965ZM367.701 66V59.0762C367.701 58.2038 367.503 57.5527 367.105 57.123C366.708 56.6934 366.087 56.4785 365.24 56.4785C364.12 56.4785 363.3 56.7812 362.779 57.3867C362.258 57.9922 361.998 58.9915 361.998 60.3848V66H360.377V55.2969H361.695L361.959 56.7617H362.037C362.369 56.2344 362.835 55.8275 363.434 55.541C364.033 55.248 364.7 55.1016 365.436 55.1016C366.725 55.1016 367.695 55.4141 368.346 56.0391C368.997 56.6576 369.322 57.6504 369.322 59.0176V66H367.701ZM381.422 55.2969V56.3223L379.439 56.5566C379.622 56.7845 379.785 57.084 379.928 57.4551C380.071 57.8197 380.143 58.2331 380.143 58.6953C380.143 59.7435 379.785 60.5801 379.068 61.2051C378.352 61.8301 377.369 62.1426 376.119 62.1426C375.8 62.1426 375.501 62.1165 375.221 62.0645C374.531 62.429 374.186 62.888 374.186 63.4414C374.186 63.7344 374.306 63.9525 374.547 64.0957C374.788 64.2324 375.201 64.3008 375.787 64.3008H377.682C378.84 64.3008 379.729 64.5449 380.348 65.0332C380.973 65.5215 381.285 66.2311 381.285 67.1621C381.285 68.347 380.81 69.2487 379.859 69.8672C378.909 70.4922 377.522 70.8047 375.699 70.8047C374.299 70.8047 373.219 70.5443 372.457 70.0234C371.702 69.5026 371.324 68.7669 371.324 67.8164C371.324 67.1654 371.533 66.6022 371.949 66.127C372.366 65.6517 372.952 65.3294 373.707 65.1602C373.434 65.0365 373.202 64.8444 373.014 64.584C372.831 64.3236 372.74 64.0208 372.74 63.6758C372.74 63.2852 372.844 62.9434 373.053 62.6504C373.261 62.3574 373.59 62.0742 374.039 61.8008C373.486 61.5729 373.033 61.1855 372.682 60.6387C372.337 60.0918 372.164 59.4668 372.164 58.7637C372.164 57.5918 372.516 56.6901 373.219 56.0586C373.922 55.4206 374.918 55.1016 376.207 55.1016C376.767 55.1016 377.271 55.1667 377.721 55.2969H381.422ZM372.887 67.7969C372.887 68.3763 373.131 68.8158 373.619 69.1152C374.107 69.4147 374.807 69.5645 375.719 69.5645C377.079 69.5645 378.085 69.3594 378.736 68.9492C379.394 68.5456 379.723 67.9954 379.723 67.2988C379.723 66.7194 379.544 66.3158 379.186 66.0879C378.827 65.8665 378.154 65.7559 377.164 65.7559H375.221C374.485 65.7559 373.912 65.9316 373.502 66.2832C373.092 66.6348 372.887 67.1393 372.887 67.7969ZM373.766 58.7246C373.766 59.4733 373.977 60.0397 374.4 60.4238C374.824 60.8079 375.413 61 376.168 61C377.75 61 378.541 60.2318 378.541 58.6953C378.541 57.0872 377.74 56.2832 376.139 56.2832C375.377 56.2832 374.791 56.4883 374.381 56.8984C373.971 57.3086 373.766 57.9173 373.766 58.7246Z" fill="black"/>
+<path d="M264 58L249 49.3397V66.6603L264 58ZM164 59.5L250.5 59.5V56.5L164 56.5V59.5Z" fill="black"/>
+<path d="M524 58L509 49.3397V66.6603L524 58ZM424 59.5L510.5 59.5V56.5L424 56.5V59.5Z" fill="black"/>
+<defs>
+<filter id="filter0_d" x="0" y="0" width="168" height="124" filterUnits="userSpaceOnUse" color-interpolation-filters="sRGB">
+<feFlood flood-opacity="0" result="BackgroundImageFix"/>
+<feColorMatrix in="SourceAlpha" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 127 0"/>
+<feOffset dy="4"/>
+<feGaussianBlur stdDeviation="2"/>
+<feColorMatrix type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.25 0"/>
+<feBlend mode="normal" in2="BackgroundImageFix" result="effect1_dropShadow"/>
+<feBlend mode="normal" in="SourceGraphic" in2="effect1_dropShadow" result="shape"/>
+</filter>
+<filter id="filter1_d" x="520" y="0" width="168" height="124" filterUnits="userSpaceOnUse" color-interpolation-filters="sRGB">
+<feFlood flood-opacity="0" result="BackgroundImageFix"/>
+<feColorMatrix in="SourceAlpha" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 127 0"/>
+<feOffset dy="4"/>
+<feGaussianBlur stdDeviation="2"/>
+<feColorMatrix type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.25 0"/>
+<feBlend mode="normal" in2="BackgroundImageFix" result="effect1_dropShadow"/>
+<feBlend mode="normal" in="SourceGraphic" in2="effect1_dropShadow" result="shape"/>
+</filter>
+<filter id="filter2_d" x="260" y="0" width="168" height="124" filterUnits="userSpaceOnUse" color-interpolation-filters="sRGB">
+<feFlood flood-opacity="0" result="BackgroundImageFix"/>
+<feColorMatrix in="SourceAlpha" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 127 0"/>
+<feOffset dy="4"/>
+<feGaussianBlur stdDeviation="2"/>
+<feColorMatrix type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.25 0"/>
+<feBlend mode="normal" in2="BackgroundImageFix" result="effect1_dropShadow"/>
+<feBlend mode="normal" in="SourceGraphic" in2="effect1_dropShadow" result="shape"/>
+</filter>
+</defs>
+</svg>
diff --git a/website/source/docs/agent/config-entries/proxy-defaults.html.md b/website/source/docs/agent/config-entries/proxy-defaults.html.md
new file mode 100644
index 0000000000..ba847bbb23
--- /dev/null
+++ b/website/source/docs/agent/config-entries/proxy-defaults.html.md
@@ -0,0 +1,60 @@
+---
+layout: "docs"
+page_title: "Configuration Entry Kind: Proxy Defaults"
+sidebar_current: "docs-agent-cfg_entries-proxy_defaults"
+description: |-
+  The proxy-defaults config entry kind allows for configuring global config defaults across all services for Connect proxy configuration. Currently, only one global entry is supported.
+---
+
+# Proxy Defaults
+
+The `proxy-defaults` config entry kind allows for configuring global config
+defaults across all services for Connect proxy configuration. Currently, only
+one global entry is supported.
+
+## Sample Config Entries
+
+Set the default protocol for all sidecar proxies:
+
+```hcl
+kind = "proxy-defaults"
+name = "global"
+config {
+  protocol = "http"
+}
+```
+
+Set proxy-specific defaults:
+
+```hcl
+kind = "proxy-defaults"
+name = "global"
+config {
+  local_connect_timeout_ms = 1000
+  handshake_timeout_ms = 10000
+}
+```
+
+## Available Fields
+
+- `Kind` - Must be set to `proxy-defaults`
+
+- `Name` - Must be set to `global`
+
+- `Config` `(map[string]arbitrary)` - An arbitrary map of configuration values used by Connect proxies.
+  The available configurations depend on the Connect proxy you use. Any values
+  that your proxy allows can be configured globally here. To
+  explore these options please see the documentation for your chosen proxy.
+
+  * [Envoy](/docs/connect/proxies/envoy.html#bootstrap-configuration)
+  * [Consul's built-in proxy](/docs/connect/proxies/built-in.html)
+
+## ACLs
+
+Configuration entries may be protected by
+[ACLs](https://learn.hashicorp.com/consul/security-networking/production-acls).
+
+Reading a `proxy-defaults` config entry requires no specific privileges.
+
+Creating, updating, or deleting a `proxy-defaults` config entry requires
+`operator:write`.
diff --git a/website/source/docs/agent/config-entries/service-defaults.html.md b/website/source/docs/agent/config-entries/service-defaults.html.md
new file mode 100644
index 0000000000..680276c74c
--- /dev/null
+++ b/website/source/docs/agent/config-entries/service-defaults.html.md
@@ -0,0 +1,46 @@
+---
+layout: "docs"
+page_title: "Configuration Entry Kind: Service Defaults"
+sidebar_current: "docs-agent-cfg_entries-service_defaults"
+description: |-
+  The service-defaults config entry kind controls default global values for a service, such as its protocol.
+---
+
+# Service Defaults
+
+The `service-defaults` config entry kind controls default global values for a
+service, such as its protocol.
+
+## Sample Config Entries
+
+Set the default protocol for a service to HTTP:
+
+```hcl
+Kind = "service-defaults"
+Name = "web"
+Protocol = "http"
+```
+
+## Available Fields
+
+- `Kind` - Must be set to `service-defaults`
+
+- `Name` `(string: <required>)` - Set to the name of the service being configured.
+
+- `Protocol` `(string: "tcp")` - Sets the protocol of the service. This is used
+  by Connect proxies for things like observability features and to unlock usage
+  of the [`service-splitter`
+  <sup>(beta)</sup>](/docs/agent/config-entries/service-splitter.html) and
+  [`service-router`
+  <sup>(beta)</sup>](/docs/agent/config-entries/service-router.html) config
+  entries for a service.
+
+## ACLs
+
+Configuration entries may be protected by
+[ACLs](https://learn.hashicorp.com/consul/security-networking/production-acls).
+
+Reading a `service-defaults` config entry requires `service:read` on itself.
+
+Creating, updating, or deleting a `service-defaults` config entry requires
+`service:write` on itself.
diff --git a/website/source/docs/agent/config-entries/service-resolver.html.md b/website/source/docs/agent/config-entries/service-resolver.html.md
new file mode 100644
index 0000000000..d0a6a782d9
--- /dev/null
+++ b/website/source/docs/agent/config-entries/service-resolver.html.md
@@ -0,0 +1,185 @@
+---
+layout: "docs"
+page_title: "Configuration Entry Kind: Service Resolver (beta)"
+sidebar_current: "docs-agent-cfg_entries-service_resolver"
+description: |-
+  The `service-resolver` config entry kind controls which service instances should satisfy Connect upstream discovery requests for a given service name.
+---
+
+# Service Resolver <sup>(beta)</sup>
+
+The `service-resolver` config entry kind controls which service instances
+should satisfy Connect upstream discovery requests for a given service name.
+
+If no resolver config is defined the chain assumes 100% of traffic goes to the
+healthy instances of the default service in the current datacenter+namespace
+and discovery terminates.
+
+## Interaction with other Config Entries
+
+- Service resolver config entries are a component of [L7 Traffic
+  Management](/docs/connect/l7-traffic-management.html).
+
+## Sample Config Entries
+
+Create service subsets based on a version metadata and override the defaults:
+
+```hcl
+kind           = "service-resolver"
+name           = "web"
+default_subset = "v1"
+subsets = {
+  "v1" = {
+    filter = "Service.Meta.version == v1"
+  }
+  "v2" = {
+    filter = "Service.Meta.version == v2"
+  }
+}
+```
+
+Expose a set of services in another datacenter as a virtual service:
+
+```hcl
+kind = "service-resolver"
+name = "web-dc2"
+redirect {
+  service    = "web"
+  datacenter = "dc2"
+}
+```
+
+Enable failover for all subsets:
+
+```hcl
+kind            = "service-resolver"
+name            = "web"
+connect_timeout = "15s"
+failover = {
+  "*" = {
+    datacenters = ["dc3", "dc4"]
+  }
+}
+```
+
+Representation of the defaults when a resolver is not configured:
+
+```hcl
+kind = "service-resolver"
+name = "web"
+```
+
+## Available Fields
+
+- `Kind` - Must be set to `service-resolver`
+
+- `Name` `(string: <required>)` - Set to the name of the service being configured.
+
+- `ConnectTimeout` `(duration: 0s)` - The timeout for establishing new network
+  connections to this service.
+
+- `DefaultSubset` `(string: "")` - The subset to use when no explicit subset is
+  requested. If empty the unnamed subset is used.
+
+- `Subsets` `(map[string]ServiceResolverSubset)` - A map of subset name to
+  subset definition for all usable named subsets of this service. The map key
+  is the name of the subset and all names must be valid DNS subdomain elements.
+
+    This may be empty, in which case only the unnamed default subset will be
+    usable.
+
+  - `Filter` `(string: "")` - The 
+    [filter expression](/api/features/filtering.html) to be used for selecting
+    instances of the requested service. If empty all healthy instances are
+    returned.
+
+  - `OnlyPassing` `(bool: false)` - Specifies the behavior of the resolver's
+    health check filtering. If this is set to false, the results will include
+    instances with checks in the passing as well as the warning states. If this
+    is set to true, only instances with checks in the passing state will be
+    returned.
+
+- `Redirect` `(ServiceResolverRedirect: <optional>)` - When configured, all
+  attempts to resolve the service this resolver defines will be substituted for
+  the supplied redirect EXCEPT when the redirect has already been applied.
+
+    When substituting the supplied redirect into the all other fields besides
+    `Kind`, `Name`, and `Redirect` will be ignored.
+
+  - `Service` `(string: "")` - A service to resolve instead of the current
+    service.
+
+  - `ServiceSubset` `(string: "")` - A named subset of the given service to
+    resolve instead of one defined as that service's DefaultSubset If empty the
+    default subset is used.
+
+        If this is specified at least one of Service, Datacenter, or Namespace
+        should be configured.
+
+  - `Namespace` `(string: "")` - The namespace to resolve the service from
+    instead of the current one.
+
+  - `Datacenter` `(string: "")` - The datacenter to resolve the service from
+    instead of the current one.
+
+- `Failover` `(map[string]ServiceResolverFailover`) - Controls when and how to
+  reroute traffic to an alternate pool of service instances.
+
+    The map is keyed by the service subset it applies to and the special
+    string `"*"` is a wildcard that applies to any subset not otherwise
+    specified here.
+
+    `Service`, `ServiceSubset`, `Namespace`, and `Datacenters` cannot all be
+    empty at once.
+
+  - `Service` `(string: "")` - The service to resolve instead of the default as
+    the failover group of instances during failover.
+
+  - `ServiceSubset` `(string: "")` - The named subset of the requested service
+    to resolve as the failover group of instances. If empty the default subset
+    for the requested service is used.
+
+  - `Namespace` `(string: "")` - The namespace to resolve the requested service
+    from to form the failover group of instances. If empty the current
+    namespace is used.
+
+  - `Datacenters` `(array<string>)` - A fixed list of datacenters to try during
+    failover.
+
+  - `OverprovisioningFactor` `(int: 0)` - OverprovisioningFactor is a pass
+    through for envoy's
+    [`overprovisioning_factor`](https://www.envoyproxy.io/docs/envoy/v1.10.0/intro/arch_overview/load_balancing/priority)
+    value.
+
+        If omitted the overprovisioning factor value will be set so high as to
+        imply binary failover (all or nothing).
+
+## Service Subsets
+
+A service subset assigns a concrete name to a specific subset of discoverable
+service instances within a datacenter, such as `"version2"` or `"canary"`.
+
+A service subset name is useful only when composed with an actual service name,
+a specific datacenter, and namespace.
+
+All services have an unnamed default subset that will return all healthy
+instances unfiltered.
+
+Subsets are defined in `service-resolver` configuration entries, but are
+referenced by their names throughout the other configuration entry kinds.
+
+## ACLs
+
+Configuration entries may be protected by
+[ACLs](https://learn.hashicorp.com/consul/security-networking/production-acls).
+
+Reading a `service-resolver` config entry requires `service:read` on itself.
+
+Creating, updating, or deleting a `service-resolver` config entry requires
+`service:write` on itself and `service:read` on any other service referenced by
+name in these fields:
+
+- [`Redirect.Service`](#service)
+
+- [`Failover[].Service`](#service-1)
+
diff --git a/website/source/docs/agent/config-entries/service-router.html.md b/website/source/docs/agent/config-entries/service-router.html.md
new file mode 100644
index 0000000000..59860b6597
--- /dev/null
+++ b/website/source/docs/agent/config-entries/service-router.html.md
@@ -0,0 +1,233 @@
+---
+layout: "docs"
+page_title: "Configuration Entry Kind: Service Router (beta)"
+sidebar_current: "docs-agent-cfg_entries-service_router"
+description: |-
+  The service-router config entry kind controls Connect traffic routing and manipulation at networking layer 7 (e.g. HTTP).
+---
+
+# Service Router <sup>(beta)</sup>
+
+The `service-router` config entry kind controls Connect traffic routing and
+manipulation at networking layer 7 (e.g. HTTP).
+
+If a router is not explicitly configured or is configured with no routes then
+the system behaves as if a router were configured sending all traffic to a
+service of the same name.
+
+## Interaction with other Config Entries
+
+- Service router config entries are a component of [L7 Traffic
+  Management](/docs/connect/l7-traffic-management.html).
+
+- Service router config entries are restricted to only services that define
+  their protocol as http-based via a corresponding
+  [`service-defaults`](/docs/agent/config-entries/service-defaults.html) config
+  entry or globally via
+  [`proxy-defaults`](/docs/agent/config-entries/proxy-defaults.html) .
+
+- Any route destination that omits the `ServiceSubset` field is eligible for
+  splitting via a
+  [`service-splitter`](/docs/agent/config-entries/service-splitter.html) should
+  one be configured for that service, otherwise resolution proceeds according
+  to any configured
+  [`service-resolver`](/docs/agent/config-entries/service-resolver.html).
+
+## Sample Config Entries
+
+Route HTTP requests with a path starting with `/admin` to a different service:
+
+```hcl
+kind = "service-router"
+name = "web"
+routes = [
+  {
+    match {
+      http {
+        path_prefix = "/admin"
+      }
+    }
+
+    destination {
+      service = "admin"
+    }
+  },
+  # NOTE: a default catch-all will send unmatched traffic to "web"
+]
+```
+
+Route HTTP requests with a special url parameter or header to a canary subset:
+
+```hcl
+kind = "service-router"
+name = "web"
+routes = [
+  {
+    match {
+      http {
+        header = [
+          {
+            name  = "x-debug"
+            exact = "1"
+          },
+        ]
+      }
+    }
+    destination {
+      service        = "web"
+      service_subset = "canary"
+    }
+  },
+  {
+    match {
+      http {
+        query_param = [
+          {
+            name  = "x-debug"
+            value = "1"
+          },
+        ]
+      }
+    }
+    destination {
+      service        = "web"
+      service_subset = "canary"
+    }
+  },
+  # NOTE: a default catch-all will send unmatched traffic to "web"
+]
+```
+
+## Available Fields
+
+- `Kind` - Must be set to `service-router`
+
+- `Name` `(string: <required>)` - Set to the name of the service being configured.
+
+- `Routes` `(array<ServiceRoute>)` - The list of routes to consider when
+  processing L7 requests. The first route to match in the list is terminal and
+  stops further evaluation. Traffic that fails to match any of the provided
+  routes will be routed to the default service.
+
+  - `Match` `(ServiceRouteMatch: <optional>)` - A set of criteria that can
+    match incoming L7 requests. If empty or omitted it acts as a catch-all.
+
+    - `HTTP` `(ServiceRouteHTTPMatch: <optional>)` - A set of http-specific match criteria.
+
+      - `PathExact` `(string: "")` - Exact path to match on the HTTP request path.
+
+            At most only one of `PathExact`, `PathPrefix`, or `PathRegex` may be configured.
+
+      - `PathPrefix` `(string: "")` - Path prefix to match on the HTTP request path.
+
+            At most only one of `PathExact`, `PathPrefix`, or `PathRegex` may be configured.
+
+      - `PathRegex` `(string: "")` - Regular expression to match on the HTTP
+        request path.
+        
+            The syntax when using the Envoy proxy is [documented here](https://en.cppreference.com/w/cpp/regex/ecmascript).
+      
+            At most only one of `PathExact`, `PathPrefix`, or `PathRegex` may be configured.
+
+      - `Header` `(array<ServiceRouteHTTPMatchHeader>)` - A set of criteria
+        that can match on HTTP request headers. If more than one is configured
+        all must match for the overall match to apply.
+
+        - `Name` `(string: <required>)` - Name of the header to match on.
+
+        - `Present` `(bool: false)` - Match if the header with the given name
+          is present with any value.
+
+            At most only one of `Exact`, `Prefix`, `Suffix`, `Regex`, or
+            `Present` may be configured.
+
+        - `Exact` `(string: "")` - Match if the header with the given name is
+          this value.
+
+            At most only one of `Exact`, `Prefix`, `Suffix`, `Regex`, or
+            `Present` may be configured.
+
+        - `Prefix` `(string: "")` - Match if the header with the given name has
+          this prefix.
+
+            At most only one of `Exact`, `Prefix`, `Suffix`, `Regex`, or
+            `Present` may be configured.
+
+        - `Suffix` `(string: "")` - Match if the header with the given name has
+          this suffix.
+
+            At most only one of `Exact`, `Prefix`, `Suffix`, `Regex`, or
+            `Present` may be configured.
+
+        - `Regex` `(string: "")` - Match if the header with the given name
+          matches this pattern.
+
+            The syntax when using the Envoy proxy is [documented here](https://en.cppreference.com/w/cpp/regex/ecmascript).
+
+            At most only one of `Exact`, `Prefix`, `Suffix`, `Regex`, or
+            `Present` may be configured.
+
+        - `Invert` `(bool: false)` - Inverts the logic of the match.
+
+      - `QueryParam` `(array<ServiceRouteHTTPMatchQueryParam>)` - A set of
+        criteria that can match on HTTP query parameters. If more than one is
+        configured all must match for the overall match to apply.
+
+        - `Name` `(string: <required>)` - The name of the query parameter to
+          match on.
+
+        - `Value` `(string: <required>)` - String to match against the query
+          parameter value.  The behavior changes with the definition of the
+          `Regex` field.
+        
+        - `Regex` `(bool: false)` - Controls how the `Value` field is used.  If
+          `Regex` is `false` then `Value` matches exactly.  If `Regex` is
+          `true` then `Value` matches as a regular expression pattern.
+
+            The syntax when using the Envoy proxy is [documented
+            here](https://en.cppreference.com/w/cpp/regex/ecmascript).
+
+  - `Destination` `(ServiceRouteDestination: <optional>)` - Controls how to
+    proxy the actual matching request to a service.
+
+      - `Service` `(string: "")` - The service to resolve instead of the default
+        service. If empty then the default service name is used.
+
+      - `ServiceSubset` `(string: "")` - A named subset of the given service to
+        resolve instead of one defined as that service's `DefaultSubset`. If
+        empty the default subset is used.
+
+      - `Namespace` `(string: "")` - The namespace to resolve the service from
+        instead of the current namespace. If empty the current namespace is
+        assumed.
+
+      - `PrefixRewrite` `(string: "")` - Defines how to rewrite the http request
+        path before proxying it to its final destination.
+
+            This requires that either `Match.HTTP.PathPrefix` or
+            `Match.HTTP.PathExact` be configured on this route.
+
+      - `RequestTimeout` `(duration: 0s)` - The total amount of time permitted
+        for the entire downstream request (and retries) to be processed.
+
+      - `NumRetries` `(int: 0)` - The number of times to retry the request when a
+        retryable result occurs.
+
+      - `RetryOnConnectFailure` `(bool: false)` - Allows for connection failure
+        errors to trigger a retry.
+
+      - `RetryOnStatusCodes` `(array<int>)` - A flat list of http response status
+        codes that are eligible for retry.
+
+## ACLs
+
+Configuration entries may be protected by
+[ACLs](https://learn.hashicorp.com/consul/security-networking/production-acls).
+
+Reading a `service-router` config entry requires `service:read` on itself.
+
+Creating, updating, or deleting a `service-router` config entry requires
+`service:write` on itself and `service:read` on any other service referenced by
+name in these fields:
+
+- [`Routes[].Destination.Service`](#service)
diff --git a/website/source/docs/agent/config-entries/service-splitter.html.md b/website/source/docs/agent/config-entries/service-splitter.html.md
new file mode 100644
index 0000000000..778d24cf48
--- /dev/null
+++ b/website/source/docs/agent/config-entries/service-splitter.html.md
@@ -0,0 +1,108 @@
+---
+layout: "docs"
+page_title: "Configuration Entry Kind: Service Splitter (beta)"
+sidebar_current: "docs-agent-cfg_entries-service_splitter"
+description: |-
+  The service-splitter config entry kind controls how to split incoming Connect requests across different subsets of a single service (like during staged canary rollouts), or perhaps across different services (like during a v2 rewrite or other type of codebase migration).
+---
+
+# Service Splitter <sup>(beta)</sup>
+
+The `service-splitter` config entry kind controls how to split incoming Connect
+requests across different subsets of a single service (like during staged
+canary rollouts), or perhaps across different services (like during a v2
+rewrite or other type of codebase migration).
+
+If no splitter config is defined for a service it is assumed 100% of traffic
+flows to a service with the same name and discovery continues on to the
+resolution stage.
+
+## Interaction with other Config Entries
+
+- Service splitter config entries are a component of [L7 Traffic
+  Management](/docs/connect/l7-traffic-management.html).
+
+- Service splitter config entries are restricted to only services that define
+  their protocol as http-based via a corresponding
+  [`service-defaults`](/docs/agent/config-entries/service-defaults.html) config
+  entry or globally via
+  [`proxy-defaults`](/docs/agent/config-entries/proxy-defaults.html) .
+
+- Any split destination that specifies a different `Service` field and omits
+  the `ServiceSubset` field is eligible for further splitting should a splitter
+  be configured for that other service, otherwise resolution proceeds according
+  to any configured
+  [`service-resolver`](/docs/agent/config-entries/service-resolver.html).
+
+## Sample Config Entries
+
+Split traffic between two subsets of the same service:
+
+```hcl
+kind = "service-splitter"
+name = "web"
+splits = [
+  {
+    weight         = 90
+    service_subset = "v1"
+  },
+  {
+    weight         = 10
+    service_subset = "v2"
+  },
+]
+```
+
+Split traffic between two services:
+
+```hcl
+kind = "service-splitter"
+name = "web"
+splits = [
+  {
+    weight = 50
+    # will default to service with same name as config entry ("web")
+  },
+  {
+    weight  = 10
+    service = "web-rewrite"
+  },
+]
+```
+
+## Available Fields
+
+- `Kind` - Must be set to `service-splitter`
+
+- `Name` `(string: <required>)` - Set to the name of the service being configured.
+
+- `Splits` `(array<ServiceSplit>)` - Defines how much traffic to send to which
+  set of service instances during a traffic split.  The sum of weights across
+  all splits must add up to 100.
+
+  - `Weight` `(float32: 0)` - A value between 0 and 100 reflecting what portion
+    of traffic should be directed to this split. The smallest representable
+    weight is 1/10000 or .01%
+
+  - `Service` `(string: "")` - The service to resolve instead of the default.
+
+  - `ServiceSubset` `(string: "")` - A named subset of the given service to
+    resolve instead of one defined as that service's `DefaultSubset`. If empty
+    the default subset is used.
+
+  - `Namespace` `(string: "")` - The namespace to resolve the service from
+    instead of the current namespace. If empty the current namespace is
+    assumed.
+
+## ACLs
+
+Configuration entries may be protected by
+[ACLs](https://learn.hashicorp.com/consul/security-networking/production-acls).
+
+Reading a `service-splitter` config entry requires `service:read` on itself.
+
+Creating, updating, or deleting a `service-splitter` config entry requires
+`service:write` on itself and `service:read` on any other service referenced by
+name in these fields:
+
+- [`Splits[].Service`](#service)
diff --git a/website/source/docs/agent/config_entries.html.md b/website/source/docs/agent/config_entries.html.md
index 4135a33c26..7a6323e2ab 100644
--- a/website/source/docs/agent/config_entries.html.md
+++ b/website/source/docs/agent/config_entries.html.md
@@ -12,7 +12,8 @@ Configuration entries can be created to provide cluster-wide defaults for
 various aspects of Consul. Every configuration entry has at least two fields:
 `Kind` and `Name`. Those two fields are used to uniquely identify a
 configuration entry. When put into configuration files, configuration entries
-can be specified as HCL or JSON objects.
+can be specified as HCL or JSON objects using either `snake_case` or `CamelCase`
+for key names.
 
 Example:
 
@@ -21,53 +22,22 @@ Kind = "<supported kind>"
 Name = "<name of entry>"
 ```
 
-The two supported `Kind` configuration entries are detailed below.
+The supported `Kind` names for configuration entries are:
 
-## Configuration Entry Kinds
+* [`service-router` <sup>(beta)</sup>](/docs/agent/config-entries/service-router.html) - defines
+where to send layer 7 traffic based on the HTTP route
 
-### Proxy Defaults - `proxy-defaults`
+* [`service-splitter` <sup>(beta)</sup>](/docs/agent/config-entries/service-splitter.html) - defines
+how to divide requests for a single HTTP route based on percentages
 
-Proxy defaults allow for configuring global config defaults across all services
-for Connect proxy configuration. Currently, only one global entry is supported.
+* [`service-resolver` <sup>(beta)</sup>](/docs/agent/config-entries/service-resolver.html) - matches
+service instances with a specific Connect upstream discovery requests
 
-```hcl
-Kind = "proxy-defaults"
-Name = "global"
-Config {
-   local_connect_timeout_ms = 1000
-   handshake_timeout_ms = 10000
-}
-```
-
-* `Kind` - Must be set to `proxy-defaults`
-
-* `Name` - Must be set to `global`
-
-* `Config` - An arbitrary map of configuration values used by Connect proxies.
-  The available configurations depend on the Connect proxy you use. Any values
-  that your proxy allows can be configured globally here. To
-  explore these options please see the documentation for your chosen proxy.
-
-  * [Envoy](/docs/connect/proxies/envoy.html#bootstrap-configuration)
-  * [Consul's Builtin Proxy](/docs/connect/proxies/built-in.html)
-
-### Service Defaults - `service-defaults`
-
-Service defaults control default global values for a service, such as its
-protocol.
-
-```hcl
-Kind = "service-defaults"
-Name = "web"
-Protocol = "http"
-```
-
-* `Kind` - Must be set to `service-defaults`
-
-* `Name` - Set to the name of the service being configured.
+* [`service-defaults`](/docs/agent/config-entries/service-defaults.html) - configures
+defaults for all the instances of a given service
 
-* `Protocol` - Sets the protocol of the service. This is used by Connect proxies
-  for things like observability features.
+* [`proxy-defaults`](/docs/agent/config-entries/proxy-defaults.html) - controls
+proxy configuration
 
 ## Managing Configuration Entries
 
diff --git a/website/source/docs/connect/l7-traffic-management.html.md b/website/source/docs/connect/l7-traffic-management.html.md
new file mode 100644
index 0000000000..0a2b2fa04a
--- /dev/null
+++ b/website/source/docs/connect/l7-traffic-management.html.md
@@ -0,0 +1,118 @@
+---
+layout: "docs"
+page_title: "Connect - L7 Traffic Management (beta)"
+sidebar_current: "docs-connect-l7_traffic_management"
+description: |-
+  Layer 7 traffic management allows operators to divide L7 traffic between different subsets of service instances when using Connect.
+---
+
+# L7 Traffic Management <sup>(beta)</sup>
+
+-> **Note:** This feature is not compatible with the 
+[built-in proxy](/docs/connect/proxies/built-in.html)
+or [native proxies](/docs/connect/native.html).
+
+Layer 7 traffic management allows operators to divide L7 traffic between
+different
+[subsets](/docs/agent/config-entries/service-resolver.html#service-subsets) of
+service instances when using Connect.
+
+There are many ways you may wish to carve up a single datacenter's pool of
+services beyond simply returning all healthy instances for load balancing.
+Canary testing, A/B tests, blue/green deploys, and soft multi-tenancy
+(prod/qa/staging sharing compute resources) all require some mechanism of
+carving out portions of the Consul catalog smaller than the level of a single
+service and configuring when that subset should receive traffic.
+
+## Stages
+
+Connect proxy upstreams are discovered using a series of stages: routing,
+splitting, and resolution. These stages represent different ways of managing L7
+traffic.
+
+![diagram showing l7 traffic discovery stages: routing to splitting to resolution](/assets/images/l7-traffic-stages.svg)
+
+Each stage of this discovery process can be dynamically reconfigured via various
+[configuration entries](/docs/agent/config_entries.html). When a configuration
+entry is missing, that stage will fall back on reasonable default behavior.
+
+### Routing
+
+A [`service-router`](/docs/agent/config-entries/service-router.html) config
+entry kind is the first configurable stage.
+
+A router config entry allows for a user to intercept traffic using L7 criteria
+such as path prefixes or http headers, and change behavior such as by sending
+traffic to a different service or service subset.
+
+These config entries may only reference `service-splitter` or
+`service-resolver` entries.
+
+[Examples](/docs/agent/config-entries/service-router.html#sample-config-entries)
+can be found in the `service-router` documentation.
+
+### Splitting
+
+A [`service-splitter`](/docs/agent/config-entries/service-splitter.html) config
+entry kind is the next stage after routing.
+
+A splitter config entry allows for a user to choose to split incoming requests
+across different subsets of a single service (like during staged canary
+rollouts), or perhaps across different services (like during a v2 rewrite or
+other type of codebase migration).
+
+These config entries may only reference `service-splitter` or
+`service-resolver` entries.
+
+If one splitter references another splitter the overall effects are flattened
+into one effective splitter config entry which reflects the multiplicative
+union. For instance:
+
+	splitter[A]:           A_v1=50%, A_v2=50%
+	splitter[B]:           A=50%,    B=50%
+	---------------------
+	splitter[effective_B]: A_v1=25%, A_v2=25%, B=50%
+
+[Examples](/docs/agent/config-entries/service-splitter.html#sample-config-entries)
+can be found in the `service-splitter` documentation.
+
+### Resolution
+
+A [`service-resolver`](/docs/agent/config-entries/service-resolver.html) config
+entry kind is the last stage.
+
+A resolver config entry allows for a user to define which instances of a
+service should satisfy discovery requests for the provided name.
+
+Examples of things you can do with resolver config entries:
+
+- Control where to send traffic if all instances of `api` in the current
+datacenter are unhealthy.
+
+- Configure service subsets based on `Service.Meta.version` values.
+
+- Send all traffic for `web` that does not specify a service subset to the
+`version1` subset.
+
+- Send all traffic for `api` to `new-api`.
+
+- Send all traffic for `api` in all datacenters to instances of `api` in `dc2`.
+
+- Create a "virtual service" `api-dc2` that sends traffic to instances of `api`
+in `dc2`. This can be referenced in upstreams or in other config entries.
+
+If no resolver config is defined for a service it is assumed 100% of traffic
+flows to the healthy instances of a service with the same name in the current
+datacenter/namespace and discovery terminates.
+
+This should feel similar in spirit to various uses of Prepared Queries, but is
+not intended to be a drop-in replacement currently.
+
+These config entries may only reference other `service-resolver` entries.
+
+[Examples](/docs/agent/config-entries/service-resolver.html#sample-config-entries)
+can be found in the `service-resolver` documentation.
+
+-> **Note:** `service-resolver` config entries kinds function at L4 (unlike
+`service-router` and `service-splitter` kinds). These can be created for
+services of any protocol such as `tcp`.
diff --git a/website/source/docs/connect/observability.html.md b/website/source/docs/connect/observability.html.md
index 84af9b2b10..680655b662 100644
--- a/website/source/docs/connect/observability.html.md
+++ b/website/source/docs/connect/observability.html.md
@@ -7,7 +7,7 @@ description: |-
   Consul Connect.
 ---
 
-## Observability
+# Observability
 
 In order to take advantage of Connect's L7 observability features you will need
 to:
@@ -44,7 +44,7 @@ Find other possible metrics syncs in the [Connect Envoy documentation](/docs/con
 
 ### Service Protocol
 
-You can specify the [service protocol](/docs/agent/config_entries.html#protocol)
+You can specify the [service protocol](/docs/agent/config-entries/service-defaults.html#protocol)
 in the `service-defaults` configuration entry. You can override it in the
 [service registration](/docs/agent/services.html). By default, proxies only give
 you L4 metrics. This protocol allows proxies to handle requests at the right L7
diff --git a/website/source/docs/connect/proxies/envoy.md b/website/source/docs/connect/proxies/envoy.md
index 5f6dd44654..7afac49f85 100644
--- a/website/source/docs/connect/proxies/envoy.md
+++ b/website/source/docs/connect/proxies/envoy.md
@@ -95,7 +95,7 @@ the ability to control some parts of the bootstrap config via proxy
 configuration options.
 
 Users can add the following configuration items to the [global `proxy-defaults`
-configuration entry](/docs/agent/config_entries.html#proxy-defaults-proxy-defaults) or override them directly in the `proxy.config` field
+configuration entry](/docs/agent/config-entries/proxy-defaults.html) or override them directly in the `proxy.config` field
 of a [proxy service
 definition](/docs/connect/registration/service-registration.html) or
 [`sidecar_service`](/docs/connect/registration/sidecar-service.html) block.
@@ -104,7 +104,7 @@ definition](/docs/connect/registration/service-registration.html) or
   StatsD listener that Envoy should deliver metrics to. For example, this may be
   `udp://127.0.0.1:8125` if every host has a local StatsD listener. In this case
   users can configure this property once in the [global `proxy-defaults`
-configuration entry](/docs/agent/config_entries.html#proxy-defaults-proxy-defaults) for convenience. Currently, TCP is not supported.
+configuration entry](/docs/agent/config-entries/proxy-defaults.html) for convenience. Currently, TCP is not supported.
 
     ~> **Note:** currently the url **must use an ip address** not a dns name due
     to the way Envoy is setup for StatsD.
@@ -115,7 +115,7 @@ configuration entry](/docs/agent/config_entries.html#proxy-defaults-proxy-defaul
     pod in a Kubernetes cluster to learn of a pod-specific IP address for StatsD
     when the Envoy instance is bootstrapped while still allowing global
     configuration of all proxies to use StatsD in the [global `proxy-defaults`
-configuration entry](/docs/agent/config_entries.html#proxy-defaults-proxy-defaults). The env variable must contain a full valid URL
+configuration entry](/docs/agent/config-entries/proxy-defaults.html). The env variable must contain a full valid URL
     value as specified above and nothing else. It is not currently possible to use
     environment variables as only part of the URL.
 
@@ -153,7 +153,7 @@ to configure appropriate proxy settings for that service's proxies and also for
 the upstream listeners of any downstream service.
 
 Users can define a service's protocol in its [`service-defaults` configuration
-entry](/docs/agent/config_entries.html#service-defaults-service-defaults). Agents with
+entry](/docs/agent/config-entries/service-defaults.html). Agents with
 [`enable_central_service_config`](/docs/agent/options.html#enable_central_service_config)
 set to true will automatically discover the protocol when configuring a proxy
 for a service. The proxy will discover the main protocol of the service it
@@ -171,7 +171,7 @@ actually registered.
 These fields may also be overridden explicitly in the [proxy service
 definition](/docs/connect/registration/service-registration.html), or defined in
 the  [global `proxy-defaults` configuration
-entry](/docs/agent/config_entries.html#proxy-defaults-proxy-defaults) to act as
+entry](/docs/agent/config-entries/proxy-defaults.html) to act as
 defaults that are inherited by all services.
 
 
@@ -282,7 +282,7 @@ with no `@type` field.
 
 Users may add the following configuration items to the [global `proxy-defaults`
 configuration
-entry](/docs/agent/config_entries.html#proxy-defaults-proxy-defaults) or
+entry](/docs/agent/config-entries/proxy-defaults.html) or
 override them directly in the `proxy.config` field of a [proxy service
 definition](/docs/connect/registration/service-registration.html) or
 [`sidecar_service`](/docs/connect/registration/sidecar-service.html) block.
@@ -318,7 +318,7 @@ definition](/docs/connect/registration/service-registration.html) or
 
 Users may add the following configuration items to the [global `proxy-defaults`
 configuration
-entry](/docs/agent/config_entries.html#proxy-defaults-proxy-defaults) or
+entry](/docs/agent/config-entries/proxy-defaults.html) or
 override them directly in the `proxy.config` field of a [proxy service
 definition](/docs/connect/registration/service-registration.html) or
 [`sidecar_service`](/docs/connect/registration/sidecar-service.html) block.
diff --git a/website/source/layouts/docs.erb b/website/source/layouts/docs.erb
index 00fe1956b3..0063822e12 100644
--- a/website/source/layouts/docs.erb
+++ b/website/source/layouts/docs.erb
@@ -414,6 +414,23 @@
           </li>
           <li<%= sidebar_current("docs-agent-cfg_entries") %>>
             <a href="/docs/agent/config_entries.html">Configuration Entries</a>
+            <ul class="nav">
+              <li<%= sidebar_current("docs-agent-cfg_entries-service_router") %>>
+                <a href="/docs/agent/config-entries/service-router.html">service-router <sup>(beta)</sup></a>
+              </li>
+              <li<%= sidebar_current("docs-agent-cfg_entries-service_splitter") %>>
+                <a href="/docs/agent/config-entries/service-splitter.html">service-splitter <sup>(beta)</sup></a>
+              </li>
+              <li<%= sidebar_current("docs-agent-cfg_entries-service_resolver") %>>
+                <a href="/docs/agent/config-entries/service-resolver.html">service-resolver <sup>(beta)</sup></a>
+              </li>
+              <li<%= sidebar_current("docs-agent-cfg_entries-service_defaults") %>>
+                <a href="/docs/agent/config-entries/service-defaults.html">service-defaults</a>
+              </li>
+              <li<%= sidebar_current("docs-agent-cfg_entries-proxy_defaults") %>>
+                <a href="/docs/agent/config-entries/proxy-defaults.html">proxy-defaults</a>
+              </li>
+            </ul>
           </li>
           <li<%= sidebar_current("docs-agent-cloud-auto-join") %>>
             <a href="/docs/agent/cloud-auto-join.html">Cloud Auto-join</a>
@@ -477,13 +494,15 @@
           <li<%= sidebar_current("docs-connect-observability") %>>
             <a href="/docs/connect/observability.html">Observability</a>
           </li>
-        </li>
-        <li<%= sidebar_current("docs-connect-intentions") %>>
-          <a href="/docs/connect/intentions.html">Intentions - Security Policies</a>
-        </li>
-        <li<%= sidebar_current("docs-connect-internals") %>>
-          <a href="/docs/connect/connect-internals.html">Architecture</a>
-        </li>
+          <li<%= sidebar_current("docs-connect-l7_traffic_management") %>>
+            <a href="/docs/connect/l7-traffic-management.html">L7 Traffic Management <sup>(beta)</sup></a>
+          </li>
+          <li<%= sidebar_current("docs-connect-intentions") %>>
+            <a href="/docs/connect/intentions.html">Intentions - Security Policies</a>
+          </li>
+          <li<%= sidebar_current("docs-connect-internals") %>>
+            <a href="/docs/connect/connect-internals.html">Architecture</a>
+          </li>
           <li<%= sidebar_current("docs-connect-proxies") %>>
             <a href="/docs/connect/proxies.html">Supported Proxies</a>
             <ul class="nav">