Refactor docs links to learn (#8490)

website/pages/docs/acl/acl-rules.mdx

@@ -145,8 +145,8 @@ On success, the Policy is returned:
 ```
 
 The created policy can now be specified either by name or by ID when
-[creating a token](https://learn.hashicorp.com/consul/security-networking/production-acls#create-the-agent-token). This will grant the rules
-provided to the [bearer of that token](/api#authentication).
+[creating a token](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production#create-the-agent-token). 
+This will grant the rules provided to the [bearer of that token](/api#authentication).
 
 Below is a breakdown of each rule type.
 

website/pages/docs/acl/acl-system.mdx

@@ -18,7 +18,7 @@ The ACL is [Capability-based](https://en.wikipedia.org/wiki/Capability-based_sec
 are associated with policies to determine which fine grained rules can be applied. Consul's capability based
 ACL system is very similar to the design of [AWS IAM](https://aws.amazon.com/iam/).
 
-To learn how to setup the ACL system on an existing Consul datacenter, use the [Bootstrapping The ACL System guide](https://learn.hashicorp.com/consul/day-0/acl-guide?utm_source=consul.io&utm_medium=docs).
+To learn how to setup the ACL system on an existing Consul datacenter, use the [Bootstrapping The ACL System tutorial](https://learn.hashicorp.com/tutorials/consul/access-control-setup?utm_source=consul.io&utm_medium=docs).
 
 ## ACL System Overview
 
@@ -62,7 +62,7 @@ Consul operators via Consul's [ACL API](/api/acl/acl),
 [HashiCorp's Vault](https://www.vaultproject.io/docs/secrets/consul).
 
 If the ACL system becomes inoperable, you can follow the
-[reset procedure](https://learn.hashicorp.com/consul/security-networking/acl-troubleshooting?utm_source=consul.io&utm_medium=docs) at any time.
+[reset procedure](https://learn.hashicorp.com/tutorials/consul/access-control-troubleshoot#reset-the-acl-system) at any time.
 
 ### ACL Policies
 
@@ -292,7 +292,7 @@ system, or accessing Consul in special situations:
 | ------------------------------------------------------------------------ | ---------- | ---------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
 | [`acl.tokens.agent_master`](/docs/agent/options#acl_tokens_agent_master) | `OPTIONAL` | `OPTIONAL` | Special token that can be used to access [Agent API](/api/agent) when remote bearer token resolution fails; used for setting up the cluster such as doing initial join operations, see the [ACL Agent Master Token](#acl-agent-master-token) section for more details |
 | [`acl.tokens.agent`](/docs/agent/options#acl_tokens_agent)               | `OPTIONAL` | `OPTIONAL` | Special token that is used for an agent's internal operations, see the [ACL Agent Token](#acl-agent-token) section for more details                                                                                                                                   |
-| [`acl.tokens.master`](/docs/agent/options#acl_tokens_master)             | `OPTIONAL` | `N/A`      | Special token used to bootstrap the ACL system, see the [Bootstrapping ACLs](https://learn.hashicorp.com/consul/advanced/day-1-operations/acl-guide) guide for more details                                                                                           |
+| [`acl.tokens.master`](/docs/agent/options#acl_tokens_master)             | `OPTIONAL` | `N/A`      | Special token used to bootstrap the ACL system, check the [Bootstrapping ACLs](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production) tutorial for more details                                                                                           |
 | [`acl.tokens.default`](/docs/agent/options#acl_tokens_default)           | `OPTIONAL` | `OPTIONAL` | Default token to use for client requests where no token is supplied; this is often configured with read-only access to services to enable DNS service discovery on agents                                                                                             |
 
 All of these tokens except the `master` token can all be introduced or updated via the [/v1/agent/token API](/api/agent#update-acl-tokens).
@@ -336,5 +336,5 @@ The `service_prefix` policy needs read access for any services that can be regis
 
 ## Next Steps
 
-Setup ACLs with the [Bootstrapping the ACL System guide](https://learn.hashicorp.com/consul/security-networking/production-acls?utm_source=consul.io&utm_medium=docs) or continue reading about
+Setup ACLs with the [Bootstrapping the ACL System tutorial](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production?utm_source=consul.io&utm_medium=docs) or continue reading about
 [ACL rules](/docs/acl/acl-rules).

website/pages/docs/acl/index.mdx

@@ -68,4 +68,4 @@ communications, and agent communications with ACLs. When securing your cluster
 you should configure the ACLs first. The ACL documentation introduces basic
 concepts and syntax for the ACL system, and we recommend that you read it
 before you begin [this
-guide](https://learn.hashicorp.com/consul/security-networking/production-acls).
+tutorial](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production).

website/pages/docs/agent/checks.mdx

@@ -14,7 +14,7 @@ description: >-
 One of the primary roles of the agent is management of system-level and application-level health
 checks. A health check is considered to be application-level if it is associated with a
 service. If not associated with a service, the check monitors the health of the entire node.
-Review the [health checks guide](https://learn.hashicorp.com/consul/developer-discovery/health-checks) to get a more complete example on how to leverage health check capabilities in Consul.
+Review the [health checks tutorial](https://learn.hashicorp.com/tutorials/consul/service-registration-health-checks) to get a more complete example on how to leverage health check capabilities in Consul.
 
 A check is defined in a configuration file or added at runtime over the HTTP interface. Checks
 created via the HTTP interface persist with that node.

website/pages/docs/agent/config-entries/ingress-gateway.mdx

@@ -387,7 +387,7 @@ Also make two services in the frontend namespace available over a custom port wi
 ## ACLs
 
 Configuration entries may be protected by
-[ACLs](https://learn.hashicorp.com/consul/security-networking/production-acls).
+[ACLs](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production).
 
 Reading an `ingress-gateway` config entry requires `service:read` on the `Name`
 field of the config entry.

website/pages/docs/agent/config-entries/proxy-defaults.mdx

@@ -85,7 +85,7 @@ Config {
 ## ACLs
 
 Configuration entries may be protected by
-[ACLs](https://learn.hashicorp.com/consul/security-networking/production-acls).
+[ACLs](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production).
 
 Reading a `proxy-defaults` config entry requires no specific privileges.
 

website/pages/docs/agent/config-entries/service-defaults.mdx

@@ -73,7 +73,7 @@ Protocol  = "http"
 ## ACLs
 
 Configuration entries may be protected by
-[ACLs](https://learn.hashicorp.com/consul/security-networking/production-acls).
+[ACLs](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production).
 
 Reading a `service-defaults` config entry requires `service:read` on itself.
 

website/pages/docs/agent/config-entries/service-resolver.mdx

@@ -167,7 +167,7 @@ referenced by their names throughout the other configuration entry kinds.
 ## ACLs
 
 Configuration entries may be protected by
-[ACLs](https://learn.hashicorp.com/consul/security-networking/production-acls).
+[ACLs](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production).
 
 Reading a `service-resolver` config entry requires `service:read` on itself.
 

website/pages/docs/agent/config-entries/service-router.mdx

@@ -260,7 +260,7 @@ Routes = [
 ## ACLs
 
 Configuration entries may be protected by
-[ACLs](https://learn.hashicorp.com/consul/security-networking/production-acls).
+[ACLs](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production).
 
 Reading a `service-router` config entry requires `service:read` on itself.
 

website/pages/docs/agent/config-entries/service-splitter.mdx

@@ -102,7 +102,7 @@ Splits = [
 ## ACLs
 
 Configuration entries may be protected by
-[ACLs](https://learn.hashicorp.com/consul/security-networking/production-acls).
+[ACLs](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production).
 
 Reading a `service-splitter` config entry requires `service:read` on itself.
 

website/pages/docs/agent/config-entries/terminating-gateway.mdx

@@ -438,7 +438,7 @@ and configure default certificates for mutual TLS. Also override the SNI and CA
 ## ACLs
 
 Configuration entries may be protected by
-[ACLs](https://learn.hashicorp.com/consul/security-networking/production-acls).
+[ACLs](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production).
 
 Reading a `terminating-gateway` config entry requires `service:read` on the `Name`
 field of the config entry.

website/pages/docs/agent/dns.mdx

@@ -36,7 +36,7 @@ as the DNS server for a node and provide a
 [`recursors`](/docs/agent/options#recursors) configuration so that non-Consul queries
 can also be resolved. The last method is to forward all queries for the "consul."
 domain to a Consul agent from the existing DNS server. Review the
-[DNS Forwarding guide](https://learn.hashicorp.com/consul/security-networking/forwarding?utm_source=consul.io&utm_medium=docs) for examples.
+[DNS Forwarding tutorial](https://learn.hashicorp.com/tutorials/consul/dns-forwarding?utm_source=consul.io&utm_medium=docs) for examples.
 
 You can experiment with Consul's DNS server on the command line using tools such as `dig`:
 
@@ -283,8 +283,8 @@ are not truncated.
 
 By default, all DNS results served by Consul set a 0 TTL value. This disables
 caching of DNS results. However, there are many situations in which caching is
-desirable for performance and scalability. This is discussed more in the guide
-for [DNS caching](https://learn.hashicorp.com/consul/security-networking/dns-caching).
+desirable for performance and scalability. This is discussed more in the tutorial
+for [DNS caching](https://learn.hashicorp.com/tutorials/consul/dns-caching).
 
 ## WAN Address Translation
 

website/pages/docs/agent/encryption.mdx

@@ -14,9 +14,9 @@ The Consul agent supports encrypting all of its network traffic. The exact
 method of encryption is described on the [encryption internals page](/docs/internals/security).
 There are two separate encryption systems, one for gossip traffic and one for RPC.
 
-To configure the encryption systems on a new cluster, review this following guides to
-[enable gossip encryption](https://learn.hashicorp.com/consul/security-networking/agent-encryption?utm_source=consul.io&utm_medium=docs) and
-[TLS encryption for agent communication](https://learn.hashicorp.com/consul/security-networking/certificates?utm_source=consul.io&utm_medium=docs).
+To configure the encryption systems on a new cluster, review this following tutorials to
+[enable gossip encryption](https://learn.hashicorp.com/tutorials/consul/gossip-encryption-secure?utm_source=consul.io&utm_medium=docs) and
+[TLS encryption for agent communication](https://learn.hashicorp.com/tutorials/consul/tls-encryption-secure?utm_source=consul.io&utm_medium=docs).
 
 ## Gossip Encryption
 
@@ -62,7 +62,7 @@ order to send and receive cluster information.
 ## Configuring Gossip Encryption on an existing cluster
 
 As of version 0.8.4, Consul supports upshifting to encrypted gossip on a running cluster
-through the following process. Review this [step-by-step guide](https://learn.hashicorp.com/consul/security-networking/agent-encryption#enable-gossip-encryption-existing-cluster)
+through the following process. Review this [step-by-step tutorial](https://learn.hashicorp.com/tutorials/consul/gossip-encryption-secure#enable-gossip-encryption-existing-cluster)
 to encrypt gossip on an existing cluster.
 
 ## RPC Encryption with TLS
@@ -71,7 +71,7 @@ Consul supports using TLS to verify the authenticity of servers and clients. To
 Consul requires that all clients and servers have key pairs that are generated by a single
 Certificate Authority. This can be a private CA, used only internally. The
 CA then signs keys for each of the agents, as in
-[this tutorial on generating both a CA and signing keys](https://learn.hashicorp.com/consul/security-networking/certificates).
+[this tutorial on generating both a CA and signing keys](https://learn.hashicorp.com/tutorials/consul/tls-encryption-secure).
 
 ~> Certificates need to be created with x509v3 extendedKeyUsage attributes for both clientAuth and serverAuth since Consul uses a single cert/key pair for both server and client communications.
 
@@ -109,6 +109,6 @@ and is secured using a symmetric key. See above for enabling gossip encryption.
 As of version 0.8.4, Consul supports migrating to TLS-encrypted traffic on a running cluster
 without downtime. This process assumes a starting point with no TLS settings configured and involves
 an intermediate step in order to get to full TLS encryption. Review the
-[Securing RPC Communication with TLS Encryption guide](https://learn.hashicorp.com/consul/security-networking/certificates)
+[Securing RPC Communication with TLS Encryption tutorial](ps://learn.hashicorp.com/tutorials/consul/tls-encryption-secure)
 for the step-by-step process to configure TLS on a new or existing cluster. Note the call outs there
 for existing cluster configuration.

website/pages/docs/agent/index.mdx

@@ -29,7 +29,7 @@ operations and maintain very little state of their own.
 The agent is started with the [`consul agent`](/docs/commands/agent) command.
 This command blocks, running forever or until told to quit. You can test a
 local agent by following the
-[Getting Started guides](https://learn.hashicorp.com/consul/getting-started/install?utm_source=consul.io&utm_medium=docs).
+[Getting Started tutorials](https://learn.hashicorp.com/tutorials/consul/get-started-install?utm_source=consul.io&utm_medium=docs).
 
 The agent command takes a variety of
 [`configuration options`](/docs/agent/options#command-line-options), but most

website/pages/docs/agent/kv.mdx

@@ -23,7 +23,7 @@ Having a quorum of servers will decrease the risk of data loss if an outage
 occurs.
 
 If you have not used Consul KV, check out this [Getting Started
-guide](https://learn.hashicorp.com/consul/getting-started/kv?utm_source=consul.io&utm_medium=docs) on HashiCorp
+tutorial](https://learn.hashicorp.com/tutorials/consul/get-started-key-value-store?utm_source=consul.io&utm_medium=docs) on HashiCorp
 Learn.
 
 ## Accessing the KV store
@@ -31,7 +31,7 @@ Learn.
 The KV store can be accessed by the [consul kv CLI
 subcommands](/docs/commands/kv), [HTTP API](/api/kv), and Consul UI.
 To restrict access, enable and configure
-[ACLs](https://learn.hashicorp.com/consul/security-networking/production-acls).
+[ACLs](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production).
 Once the ACL system has been bootstrapped, users and services, will need a
 valid token with KV [privileges](/docs/agent/acl-rules#key-value-rules) to
 access the the data store, this includes even reads. We recommend creating a
@@ -68,8 +68,8 @@ using the API and in shell scripts.
 
 If you plan to use Consul KV as part of your configuration management process
 review the [Consul
-Template](https://learn.hashicorp.com/consul/developer-configuration/consul-template)
-guide on how to update configuration based on value updates in the KV. Consul
+Template](https://learn.hashicorp.com/tutorials/consul/consul-template)
+tutorial on how to update configuration based on value updates in the KV. Consul
 Template is based on Go Templates and allows for a series of scripted actions
 to be initiated on value changes to a Consul key.
 
@@ -90,10 +90,10 @@ increment to the `LockIndex` and the session value is updated to reflect the
 session holding the lock. Review the session documentation for more information
 on the [integration](/docs/internals/sessions#k-v-integration).
 
-Review the following guides to learn how to use Consul sessions for [application leader election](https://learn.hashicorp.com/consul/developer-configuration/elections) and
-to [build distributed semaphores](https://learn.hashicorp.com/consul/developer-configuration/semaphore).
+Review the following tutorials to learn how to use Consul sessions for [application leader election](https://learn.hashicorp.com/tutorials/consul/application-leader-elections) and
+to [build distributed semaphores](https://learn.hashicorp.com/tutorials/consul/distributed-semaphore).
 
 ### Vault
 
 If you plan to use Consul KV as a backend for Vault, please review [this
-guide](https://learn.hashicorp.com/vault/operations/ops-vault-ha-consul).
+tutorial](https://learn.hashicorp.com/tutorials/vault/ha-with-consul).

website/pages/docs/agent/options.mdx

@@ -41,8 +41,8 @@ documented below in the
 configuration reload.
 
 You can test the following configuration options by following the
-[Getting Started](https://learn.hashicorp.com/consul/getting-started/install?utm_source=consul.io&utm_medium=docs)
-guides to install a local agent.
+[Getting Started](https://learn.hashicorp.com/tutorials/consul/get-started-install?utm_source=consul.io&utm_medium=docs)
+tutorials to install a local agent.
 
 ## Environment Variables
 
@@ -442,8 +442,8 @@ The options below are all specified on the command-line.
 
 - `-segment` ((#\_segment)) <EnterpriseAlert inline /> - This flag is used to set
   the name of the network segment the agent belongs to. An agent can only join and
-  communicate with other agents within its network segment. See the [Network Segments
-  Guide](https://learn.hashicorp.com/consul/day-2-operations/network-segments) for
+  communicate with other agents within its network segment. Review the [Network Segments
+  tutorial](https://learn.hashicorp.com/tutorials/consul/network-partition-datacenters) for
   more details. By default, this is an empty string, which is the default network
   segment.
 
@@ -699,7 +699,7 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'."
 
   This designates the datacenter which is authoritative for ACL information. It must be provided to enable ACLs. All servers and datacenters must agree on the ACL datacenter. Setting it on the servers is all you need for cluster-level enforcement, but for the APIs to forward properly from the clients,
   it must be set on them too. In Consul 0.8 and later, this also enables agent-level enforcement
-  of ACLs. Please see the [ACL Guide](https://learn.hashicorp.com/consul/security-networking/production-acls) for more details.
+  of ACLs. Please review the [ACL tutorial](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production) for more details.
 
 - `acl_default_policy` ((#acl_default_policy_legacy)) - **Deprecated in Consul 1.4.0. See the [`acl.default_policy`](#acl_default_policy) field instead.**
   Either "allow" or "deny"; defaults to "allow". The default policy controls the
@@ -759,7 +759,7 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'."
 - `acl_replication_token` ((#acl_replication_token_legacy)) - **Deprecated
   in Consul 1.4.0. See the [`acl.tokens.replication`](#acl_tokens_replication) field
   instead.** Only used for servers outside the [`primary_datacenter`](#primary_datacenter)
-  running Consul 0.7 or later. When provided, this will enable [ACL replication](https://learn.hashicorp.com/consul/day-2-operations/acl-replication)
+  running Consul 0.7 or later. When provided, this will enable [ACL replication](https://learn.hashicorp.com/tutorials/consul/access-control-replication-multiple-datacenters)
   using this ACL replication using this token to retrieve and replicate the ACLs
   to the non-authoritative local datacenter. In Consul 0.9.1 and later you can enable
   ACL replication using [`enable_acl_replication`](#enable_acl_replication) and then
@@ -877,7 +877,7 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'."
   respected on bootstrapping. If they are not provided, the defaults will be used.
   In order to change the value of these options after bootstrapping, you will need
   to use the [Consul Operator Autopilot](/docs/commands/operator/autopilot)
-  command. For more information about Autopilot, see the [Autopilot Guide](https://learn.hashicorp.com/consul/day-2-operations/autopilot).
+  command. For more information about Autopilot, review the [Autopilot tutorial](https://learn.hashicorp.com/tutorials/consul/autopilot-datacenter-operations).
 
   The following sub-keys are available:
 
@@ -1292,7 +1292,7 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'."
   equivalent to the [`max_stale`](#max_stale) configuration for DNS requests. If this value is zero (default), all service discovery HTTP endpoints are forwarded to the leader. If this value is greater than zero, any Consul server can handle the service discovery request. If a Consul server is behind the leader by more than `discovery_max_stale`, the query will be re-evaluated on the leader to get more up-to-date results. Consul agents also add a new `X-Consul-Effective-Consistency` response header which indicates if the agent did a stale read. `discover-max-stale` was introduced in Consul 1.0.7 as a way for Consul operators to force stale requests from clients at the agent level, and defaults to zero which matches default consistency behavior in earlier Consul versions.
 
 - `dns_config` This object allows a number of sub-keys
-  to be set which can tune how DNS queries are serviced. See this guide on [DNS caching](https://learn.hashicorp.com/consul/security-networking/dns-caching) for more detail.
+  to be set which can tune how DNS queries are serviced. Check the tutorial on [DNS caching](https://learn.hashicorp.com/tutorials/consul/dns-caching) for more detail.
 
   The following sub-keys are available:
 
@@ -1554,7 +1554,7 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'."
     only works with API endpoints, not `/ui` or `/debug`, those must be disabled
     with their respective configuration options. Any CLI commands that use disabled
     endpoints will no longer function as well. For more general access control, Consul's
-    [ACL system](https://learn.hashicorp.com/consul/security-networking/production-acls)
+    [ACL system](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production)
     should be used, but this option is useful for removing access to HTTP API endpoints
     completely, or on specific agents. This is available in Consul 0.9.0 and later.
 
@@ -1773,7 +1773,7 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'."
 
 - `segments` <EnterpriseAlert inline /> - This is a list of nested objects
   that allows setting the bind/advertise information for network segments. This can
-  only be set on servers. See the [Network Segments Guide](https://learn.hashicorp.com/consul/day-2-operations/network-segments)
+  only be set on servers. Review the [Network Segments tutorial](https://learn.hashicorp.com/tutorials/consul/network-partition-datacenters)
   for more details.
 
   - `name` ((#segment_name)) - The name of the segment. Must be a string

website/pages/docs/agent/services.mdx

@@ -20,7 +20,7 @@ a health check. A health check is considered to be application level if it is
 associated with a service. A service is defined in a configuration file
 or added at runtime over the HTTP interface.
 
-Use the [Getting Started guides](https://learn.hashicorp.com/consul/getting-started/services?utm_source=consul.io&utm_medium=docs) to get hands-on experience registering a simple service with a health check on your local machine.
+Use the [Getting Started tutorials](https://learn.hashicorp.com/tutorials/consul/get-started-service-discovery?utm_source=consul.io&utm_medium=docs) to get hands-on experience registering a simple service with a health check on your local machine.
 
 ## Service Definition
 

website/pages/docs/agent/telemetry.mdx

@@ -20,13 +20,13 @@ it will dump the current telemetry information to the agent's `stderr`.
 
 This telemetry information can be used for debugging or otherwise
 getting a better view of what Consul is doing. Review the [Monitoring and
-Metrics guide](https://learn.hashicorp.com/consul/day-2-operations/monitoring?utm_source=consul.io&utm_medium=docs) to learn how collect and interpret Consul data.
+Metrics tutorial](https://learn.hashicorp.com/tutorials/consul/monitor-datacenter-health?utm_source=consul.io&utm_medium=docs) to learn how collect and interpret Consul data.
 
 Additionally, if the [`telemetry` configuration options](/docs/agent/options#telemetry)
 are provided, the telemetry information will be streamed to a
 [statsite](http://github.com/armon/statsite) or [statsd](http://github.com/etsy/statsd) server where
 it can be aggregated and flushed to Graphite or any other metrics store.
-For a configuration example for Telegraf, review the [Monitoring with Telegraf guide](https://learn.hashicorp.com/consul/integrations/telegraf?utm_source=consul.io&utm_medium=docs).
+For a configuration example for Telegraf, review the [Monitoring with Telegraf tutorial](https://learn.hashicorp.com/tutorials/consul/monitor-health-telegraf?utm_source=consul.io&utm_medium=docs).
 
 This
 information can also be viewed with the [metrics endpoint](/api/agent#view-metrics) in JSON