DOC-1743 Document feature Private Networking Phase 1

[micheleRP]

Description

This pull request introduces several important updates to the Redpanda Cloud documentation, focusing on the general availability (GA) of Serverless on AWS, the addition of private networking support for Serverless clusters, and a terminology update to refer to the "Cloud Console" instead of the "Cloud UI."

Key changes include:

Serverless on AWS: General Availability and Feature Updates

• Announced that Serverless on AWS is now generally available (GA), including support for private networking with AWS PrivateLink and monitoring integrations.
• Updated documentation to show that Serverless clusters now support private networking (AWS PrivateLink), and clarified how to enable, use, and manage private access for these clusters. [1] [2]
• Removed references to Serverless on AWS being in limited availability (LA), reflecting its GA status. [1] [2] [3]

Documentation and Navigation Improvements

• Added a new Serverless section to the networking documentation, including guides for configuring AWS PrivateLink via the Cloud Console and API.
• Updated navigation and page titles to consistently refer to the "Cloud Console" instead of the "Cloud UI" across AWS, Azure, and GCP networking guides. [1] [2] [3] [4] [5]

Clarifications and Corrections

• Clarified that Serverless clusters now support private networking, and updated feature comparison tables and lists accordingly. [1] [2] [3]
• Improved instructions and descriptions for networking setup, including VPC peering and PrivateLink, to match new terminology and UI flows. [1] [2] [3] [4] [5] [6] [7] [8] [9]

These updates ensure that users have accurate, up-to-date guidance on deploying and managing Serverless clusters, especially with respect to private networking and the transition to the new Cloud Console interface.

Resolves https://redpandadata.atlassian.net/browse/DOC-1743, https://redpandadata.atlassian.net/browse/DOC-1508
Review deadline:

Page previews

• Create Serverless Cluster
• What's New
• Networking - Cloud UI
• Networking - Cloud API
• Cloud Overview

Checks

• New feature
• Content gap
• Support Follow-up
• Small fix (typos, links, copyedits, etc)

[netlify]

✅ Deploy Preview for rp-cloud ready!

Name	Link
🔨 Latest commit	95e43e5
🔍 Latest deploy log	https://app.netlify.com/projects/rp-cloud/deploys/697ffae0bf97c4000812ba9e
😎 Deploy Preview	https://deploy-preview-453--rp-cloud.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[coderabbitai]

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

• 🔍 Trigger a full review

📝 Walkthrough

Walkthrough

This PR adds documentation for Serverless private networking support on AWS. It introduces new navigation entries under the Serverless subsection, creates documentation pages for configuring AWS PrivateLink with the Cloud API, updates the cluster overview to indicate Serverless now supports private networking, and adds a January 2026 changelog entry. Additionally, it updates references from "Networks page" to "Networking page" across multiple networking documentation files and replaces the "Metrics endpoints" feature with "Ability to export metrics to third-party monitoring systems" in the Serverless cluster documentation.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• DOC-1056 Serverless not multi-az #264: Both PRs include the identical change replacing "Metrics endpoints" with "Ability to export metrics to a third-party monitoring system" in Serverless cluster documentation.
• DOC-1350 Document feature Serverless on GCP #432: Both PRs modify the Serverless cluster documentation page (modules/get-started/pages/cluster-types/serverless.adoc) with overlapping content updates.
• DOC-1652 change from VPC peering to PSC #408: Both PRs modify VPC peering GCP documentation files, resulting in related networking documentation changes.

Suggested reviewers

• frenchfrywpepper
• paulzhang97
• david-yu

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically identifies the main change: documenting Private Networking Phase 1 feature with issue reference DOC-1743.
Linked Issues check	✅ Passed	The PR successfully addresses DOC-1743 by documenting AWS PrivateLink support for Serverless clusters, including configuration details, billing information, and updating all related documentation.
Out of Scope Changes check	✅ Passed	All changes are directly related to documenting Private Networking Phase 1. Updates to UI references (Networks to Networking page) are necessary adjustments for consistency with current UI.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description check	✅ Passed	The pull request description is comprehensive and well-structured, covering all major changes including Serverless GA, private networking support, and terminology updates.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch DOC-1743-Document-feature-Private-Networking-Phase-1

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🤖 Fix all issues with AI agents

In `@modules/get-started/pages/cluster-types/serverless.adoc`:
- Line 96: The docs contradict each other about metrics export: update
modules/get-started/pages/cluster-types/serverless.adoc by removing or moving
the bullet "Ability to export metrics to a third-party monitoring system" out of
the "Unsupported features" list and instead include it under the
supported/features or capabilities section (or add a note that Serverless now
supports exporting metrics) so it aligns with the announcement in
modules/get-started/pages/whats-new-cloud.adoc; ensure the wording matches the
What's New statement about the January 2026 GA release and keep the exact phrase
so cross-references remain clear.

In `@modules/networking/pages/serverless/aws/privatelink.adoc`:
- Around line 1-2: The file privatelink.adoc currently contains only a title and
description with no setup instructions; add full AWS PrivateLink documentation
or convert it to a placeholder index page. Either (A) add sections similar to
transit-gateway.adoc/vpc-peering-aws.adoc: prerequisites, required IAM
permissions, Cloud API resource names and examples, step-by-step configuration
commands, endpoint service and VPC endpoint setup, testing/verification steps,
and usage notes/FAQ; or (B) replace the body with a clear placeholder section
indicating the page is intentionally empty and linking to related Serverless AWS
pages (e.g., transit-gateway.adoc, vpc-peering-aws.adoc) and a TODO to add
detailed PrivateLink configuration later. Include explicit examples and resource
identifiers in the content you add (API call examples, CLI snippets, and sample
YAML/JSON), so reviewers can validate correctness.

In `@modules/ROOT/nav.adoc`:
- Around line 29-31: Update the incorrect navigation xref in
modules/ROOT/nav.adoc: replace the reference
xref:networking:byoc/aws/index.adoc[AWS] with
xref:networking:serverless/aws/index.adoc[AWS] so the "Serverless" section
points to the correct serverless/aws index; ensure the third-level entry that
currently reads xref:networking:serverless/aws/privatelink.adoc[...] remains
unchanged.

🧹 Nitpick comments (1)

modules/networking/pages/serverless/aws/index.adoc (1)

1-3: Consider adding introductory content for the index page.

While index pages with page-layout: index can be minimal, adding a brief introduction would help users understand what private networking options are available for Serverless clusters on AWS and provide context before they navigate to child pages.

For example, a paragraph explaining AWS PrivateLink support, its benefits, and linking to configuration steps would improve the user experience.

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 1e15afc and 8875289.

📒 Files selected for processing (10)

• modules/ROOT/nav.adoc
• modules/get-started/pages/cloud-overview.adoc
• modules/get-started/pages/cluster-types/serverless.adoc
• modules/get-started/pages/whats-new-cloud.adoc
• modules/networking/pages/dedicated/aws/vpc-peering.adoc
• modules/networking/pages/dedicated/gcp/vpc-peering-gcp.adoc
• modules/networking/pages/serverless/aws/index.adoc
• modules/networking/pages/serverless/aws/privatelink.adoc
• modules/networking/pages/serverless/index.adoc
• modules/networking/partials/vnet-peering.adoc

🧰 Additional context used

🧠 Learnings (6)

📓 Common learnings

Learnt from: micheleRP
Repo: redpanda-data/cloud-docs PR: 377
File: modules/networking/pages/dedicated/gcp/configure-psc-in-ui.adoc:35-71
Timestamp: 2025-08-07T16:36:45.111Z
Learning: In Redpanda Cloud documentation, NAT subnet and firewall rule creation commands for GCP Private Service Connect are producer-side infrastructure steps that only BYOC (Bring Your Own Cloud) customers need to perform, since they manage their own VPC. Dedicated cluster customers don't need these steps because Redpanda manages the infrastructure for them. The ifdef::env-byoc[] guard correctly hides these commands from Dedicated users.

📚 Learning: 2025-08-07T16:36:45.111Z

Learnt from: micheleRP
Repo: redpanda-data/cloud-docs PR: 377
File: modules/networking/pages/dedicated/gcp/configure-psc-in-ui.adoc:35-71
Timestamp: 2025-08-07T16:36:45.111Z
Learning: In Redpanda Cloud documentation, NAT subnet and firewall rule creation commands for GCP Private Service Connect are producer-side infrastructure steps that only BYOC (Bring Your Own Cloud) customers need to perform, since they manage their own VPC. Dedicated cluster customers don't need these steps because Redpanda manages the infrastructure for them. The ifdef::env-byoc[] guard correctly hides these commands from Dedicated users.

Applied to files:

• modules/networking/pages/dedicated/gcp/vpc-peering-gcp.adoc
• modules/get-started/pages/whats-new-cloud.adoc
• modules/networking/partials/vnet-peering.adoc
• modules/get-started/pages/cloud-overview.adoc
• modules/networking/pages/dedicated/aws/vpc-peering.adoc

📚 Learning: 2025-07-21T21:53:37.731Z

Learnt from: micheleRP
Repo: redpanda-data/cloud-docs PR: 361
File: modules/networking/pages/cloud-security-network.adoc:193-196
Timestamp: 2025-07-21T21:53:37.731Z
Learning: In Redpanda Cloud documentation, field names and labels should match exactly what appears in the UI, even if the terminology might seem technically inconsistent. For example, the NAT gateway IP address field is labeled "Internet gateway" in the UI, so documentation should use "Internet gateway" to help users locate the correct field.

Applied to files:

• modules/networking/pages/dedicated/gcp/vpc-peering-gcp.adoc

📚 Learning: 2025-07-21T21:52:17.061Z

Learnt from: micheleRP
Repo: redpanda-data/cloud-docs PR: 361
File: modules/networking/pages/cloud-security-network.adoc:176-179
Timestamp: 2025-07-21T21:52:17.061Z
Learning: In Redpanda Cloud documentation, BYOVPC and BYOVNet are different product names for different cloud providers: BYOVPC is used for AWS and GCP, while BYOVNet is used for Azure. When documentation sections cover multiple cloud providers, the combined notation "BYOVPC/BYOVNet" is correct and should not be changed to use only one term.

Applied to files:

• modules/networking/pages/dedicated/gcp/vpc-peering-gcp.adoc
• modules/ROOT/nav.adoc

📚 Learning: 2025-04-25T01:41:57.162Z

Learnt from: micheleRP
Repo: redpanda-data/cloud-docs PR: 267
File: modules/manage/pages/maintenance.adoc:91-92
Timestamp: 2025-04-25T01:41:57.162Z
Learning: The notification timeline for Redpanda Cloud deprecations has been deliberately removed from the documentation, even though the PR summary mentioned a 180-day advance notice period.

Applied to files:

• modules/get-started/pages/whats-new-cloud.adoc

📚 Learning: 2025-04-25T01:42:09.318Z

Learnt from: micheleRP
Repo: redpanda-data/cloud-docs PR: 267
File: modules/manage/pages/maintenance.adoc:63-64
Timestamp: 2025-04-25T01:42:09.318Z
Learning: The timeline for major upgrade notifications (180 days in advance) was intentionally removed from the Redpanda Cloud maintenance documentation, even though it was mentioned in the PR objectives.

Applied to files:

• modules/get-started/pages/whats-new-cloud.adoc

🔇 Additional comments (9)

modules/get-started/pages/cloud-overview.adoc (1)

62-62: LGTM! Private networking correctly enabled for Serverless.

The update accurately reflects that Serverless clusters now support private networking via AWS PrivateLink, which aligns with the PR objectives for documenting Private Networking Phase 1.

modules/networking/pages/dedicated/gcp/vpc-peering-gcp.adoc (1)

24-24: LGTM! UI reference updated for consistency.

The navigation reference correctly reflects the current UI terminology by changing "Networks page" to "Networking page."

modules/networking/partials/vnet-peering.adoc (1)

30-30: LGTM! UI reference updated for consistency.

The navigation reference correctly uses "Networking page" to match the current UI and align with similar updates across other networking documentation files.

modules/networking/pages/dedicated/aws/vpc-peering.adoc (2)

25-25: LGTM! Terminology update aligns with current UI.

The change from "Networks page" to "Networking page" correctly reflects the current UI terminology.

---

40-46: LGTM! Helpful clarifications added.

The additions provide clearer guidance on the peering connection acceptance process, including the expected status and route table configuration steps.

modules/networking/pages/serverless/index.adoc (1)

1-3: LGTM! Clean index page for the new Serverless networking section.

The index page follows standard documentation conventions and appropriately introduces the AWS PrivateLink configuration topic.

modules/get-started/pages/cluster-types/serverless.adoc (2)

53-56: LGTM! Clear documentation of AWS PrivateLink support.

The added text effectively explains private networking capabilities for Serverless clusters on AWS, including the billing implications and management options.

---

57-57: LGTM! Helpful step addition.

The explicit "Click Create cluster" step improves the clarity of the cluster creation workflow.

modules/get-started/pages/whats-new-cloud.adoc (1)

9-13: Verify consistency with Serverless feature documentation.

The announcement states that the GA release includes "the ability to view and export metrics from Serverless clusters to third-party monitoring systems", but modules/get-started/pages/cluster-types/serverless.adoc (line 96) still lists this as an unsupported feature. Please ensure both documents accurately reflect the current feature availability.

_{✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.}

[frenchfrywpepper]

Same comments on this page as I made in the UI doc

[frenchfrywpepper]

These steps require the PL to already exist. Should we add something for actually creating the PL via the UI?

[micheleRP]

added an intro line for this!

[Feediver1]

I see that you can check both, but nothing in the UI or doc here explains to me how it works when I've selected both. Does one take precedence over the other? I see that when I select Private access, I then must select either an existing private link or create a new private link. So, after I've done that, how does have both private and public access get reconciled?

[Feediver1]

I must be looking at the wrong instance (It's just Create in https://cloud.redpanda.com/clusters/create/serverless)--what is the correct env to test this in? Cloud UI (main)? Prod? Dev?

[Feediver1]

Checked--it's not main or preprod, and I could not successfully log into dev.

[micheleRP]

@Feediver1 it's prod, and I'll edit to Create. It must have changed, so I'll also update for BYOC & Dedicated

[Feediver1]

Not seeing an Actions dropdown anywhere.

[Feediver1]

This is the Topics page for a Serverless cluster (existing). There is no Actions pulldown.

[Feediver1]

So are we now calling the Cloud UI "Console"? Find that confusing because we already have Console in Cloud. Not seeing Console anywhere, so feeling confused given that I cannot find any of these updates in all the Cloud envs I'm trying.

[micheleRP]

Yes, we're calling the UI Console now.

[Feediver1]

Please provide a link to the Redpanda Cloud Console here.

[Feediver1]

Might it help users to link to https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver.html?

[Feediver1]

Suggested change

	. For on-premises DNS, create a conditional forwarder for `<cluster_domain>` that forwards to the inbound endpoint IPs from the earlier step (over VPN/Direct Connect).
	. For on-premise DNS, create a conditional forwarder for `<cluster_domain>` that forwards to the inbound endpoint IPs from the earlier step (over VPN/Direct Connect).

[micheleRP]

@Feediver1 Google & MS use on-premises