Skip to content

Commit

Permalink
manually backport #19514
Browse files Browse the repository at this point in the history
  • Loading branch information
im2nguyen committed Nov 6, 2023
1 parent ad33720 commit be51211
Show file tree
Hide file tree
Showing 7 changed files with 178 additions and 35 deletions.
4 changes: 2 additions & 2 deletions website/content/docs/connect/gateways/api-gateway/index.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -52,8 +52,8 @@ Refer to the following resources for help setting up and using API gateways:
- [Reroute HTTP requests in Kubernetes](/consul/docs/connect/gateways/api-gateway/define-routes/reroute-http-requests)
- [Route traffic to peered services in Kubernetes](/consul/docs/connect/gateways/api-gateway/define-routes/route-to-peered-services)
- [Encrypt API gateway traffic on VMs](/consul/docs/connect/gateways/api-gateway/secure-traffic/encrypt-vms)
- [Use JWTs to verify requests to API gateways on VMs](/consul/docs/connect/gateways/api-gateway/secure-traffic/jwts-vms)
- [Use JWTs to verify requests to API gateways on Kubernetes](/consul/docs/connect/gateways/api-gateway/secure-traffic/jwts-k8s)
- [Use JWTs to verify requests to API gateways on VMs](/consul/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-vms)
- [Use JWTs to verify requests to API gateways on Kubernetes](/consul/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s)

### Reference

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@ description: Learn how to use JSON web tokens (JWT) to verify requests from exte

This topic describes how to use JSON web tokens (JWT) to verify requests to API gateways deployed to Kubernetes-orchestrated containers. If your API gateway is deployed to virtual machines, refer to [Use JWTs to verify requests to API gateways on VMs](/consu/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-vms).

<EnterpriseAlert> This feature is available in Consul Enterprise. </EnterpriseAlert>

## Overview

You can configure API gateways to use JWTs to verify incoming requests so that you can stop unverified traffic at the gateway. You can configure JWT verification at different levels:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@ description: Learn how to use JSON web tokens (JWT) to verify requests from exte

This topic describes how to use JSON web tokens (JWT) to verify requests to API gateways on virtual machines (VM). If your services are deployed to Kubernetes-orchestrated containers, refer to [Use JWTs to verify requests to API gateways on Kubernetes](/consul/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-vms).

<EnterpriseAlert> This feature is available in Consul Enterprise. </EnterpriseAlert>

## Overview

You can configure API gateways to use JWTs to verify incoming requests so that you can stop unverified traffic at the gateway. You can configure JWT verification at different levels:
Expand Down
75 changes: 43 additions & 32 deletions website/content/docs/enterprise/index.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,8 @@ The following features are [available in several forms of Consul Enterprise](#co
- [Automated Backups](/consul/docs/enterprise/backups): Configure the automatic backup of Consul state
- [Redundancy Zones](/consul/docs/enterprise/redundancy): Deploy backup voting Consul servers to efficiently improve Consul fault tolerance
- [Server request rate limits per source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips): Limit gRPC and RPC traffic to servers for source IP addresses.
- [Traffic rate limiting for services](/consul/docs/connect/manage-traffic/limit-request-rates): Limit the rate of HTTP requests a service receives per service instance.
- [Locality-aware routing](/consul/docs/connect/manage-traffic/route-to-local-upstreams): Prioritize upstream services in the same region and zone as the downstream service.

### Scalability

Expand All @@ -46,6 +48,7 @@ The following features are [available in several forms of Consul Enterprise](#co

- [OIDC Auth Method](/consul/docs/security/acl/auth-methods/oidc): Manage user access to Consul through an OIDC identity provider instead of Consul ACL tokens directly
- [Audit Logging](/consul/docs/enterprise/audit-logging): Understand Consul access and usage patterns by reviewing access to the Consul HTTP API
- JWT authentication and authorization for API gateway: Prevent unverified traffic at the API gateway using JWTs for authentication and authorization on [VMs](/consul/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-vms) and on [Kubernetes](/consul/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s):

### Regulatory compliance

Expand Down Expand Up @@ -116,42 +119,47 @@ Consul Enterprise feature availability can change depending on your server and c

<Tab heading="Server Runtime: VMs">

| Enterprise Feature | VM Client | K8s Client | ECS Client |
| ----------------------------------------------------------------------- | :-------: | :--------: | :--------: |
| [Admin Partitions](/consul/docs/enterprise/admin-partitions) | &#9989; | &#9989; | &#9989; |
| [Audit Logging](/consul/docs/enterprise/audit-logging) | &#9989; | &#9989; | &#9989; |
| [Automated Server Backups](/consul/docs/enterprise/backups) | &#9989; | &#9989; | &#9989; |
| [Automated Server Upgrades](/consul/docs/enterprise/upgrades) | &#9989; | &#9989; | &#9989; |
| [Enhanced Read Scalability](/consul/docs/enterprise/read-scale) | &#9989; | &#9989; | &#9989; |
| [FIPS 140-2 Compliance](/consul/docs/enterprise/fips) | &#9989; | &#9989; | &#10060; |
| [Namespaces](/consul/docs/enterprise/namespaces) | &#9989; | &#9989; | &#9989; |
| [Network Areas](/consul/docs/enterprise/federation) | &#9989; | &#9989; | &#9989; |
| [Network Segments](/consul/docs/enterprise/network-segments/network-segments-overview) | &#9989; | &#10060; | &#10060; |
| [OIDC Auth Method](/consul/docs/security/acl/auth-methods/oidc) | &#9989; | &#9989; | &#9989; |
| [Redundancy Zones](/consul/docs/enterprise/redundancy) | &#9989; | &#9989; | &#9989; |
| [Sameness Groups](/consul/docs/connect/config-entries/sameness-group) | &#9989; | &#9989; | &#9989; |
| [Server request rate limits per source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips) | &#9989; | &#9989; | &#9989; |
| Enterprise Feature | VM Client | K8s Client | ECS Client |
|----------------------------------------------------------------------------------------------------------|:---------:|:----------:| :--------: |
| [Admin Partitions](/consul/docs/enterprise/admin-partitions) | &#9989; | &#9989; | &#9989; |
| [Audit Logging](/consul/docs/enterprise/audit-logging) | &#9989; | &#9989; | &#9989; |
| [Automated Server Backups](/consul/docs/enterprise/backups) | &#9989; | &#9989; | &#9989; |
| [Automated Server Upgrades](/consul/docs/enterprise/upgrades) | &#9989; | &#9989; | &#9989; |
| [Enhanced Read Scalability](/consul/docs/enterprise/read-scale) | &#9989; | &#9989; | &#9989; |
| [FIPS 140-2 Compliance](/consul/docs/enterprise/fips) | &#9989; | &#9989; | &#9989; |
| [JWT verification for API gateways](/consul/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-vms) | &#9989; | &#9989; | &#10060; |
| [Locality-aware routing](/consul/docs/connect/manage-traffic/route-to-local-upstreams) | &#9989; | &#9989; | &#9989; |
| [Namespaces](/consul/docs/enterprise/namespaces) | &#9989; | &#9989; | &#9989; |
| [Network Areas](/consul/docs/enterprise/federation) | &#9989; | &#9989; | &#9989; |
| [Network Segments](/consul/docs/enterprise/network-segments/network-segments-overview) | &#9989; | &#10060; | &#10060; |
| [OIDC Auth Method](/consul/docs/security/acl/auth-methods/oidc) | &#9989; | &#9989; | &#9989; |
| [Redundancy Zones](/consul/docs/enterprise/redundancy) | &#9989; | &#9989; | &#9989; |
| [Sameness Groups](/consul/docs/connect/config-entries/sameness-group) | &#9989; | &#9989; | &#9989; |
| [Server request rate limits per source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips) | &#9989; | &#9989; | &#9989; |
| [Traffic rate limiting for services](/consul/docs/connect/manage-traffic/limit-request-rates) | &#9989; | &#9989; | &#9989; |

</Tab>

<Tab heading="Server Runtime: Kubernetes">

| Enterprise Feature | VM Client | K8s Client | ECS Client |
| ----------------------------------------------------------------------- | :-------: | :--------: | :--------: |
| [Admin Partitions](/consul/docs/enterprise/admin-partitions) | &#9989; | &#9989; | &#9989; |
| [Audit Logging](/consul/docs/enterprise/audit-logging) | &#9989; | &#9989; | &#9989; |
| [Automated Server Backups](/consul/docs/enterprise/backups) | &#9989; | &#9989; | &#9989; |
| [Automated Server Upgrades](/consul/docs/enterprise/upgrades) | &#10060; | &#10060; | &#10060; |
| [Enhanced Read Scalability](/consul/docs/enterprise/read-scale) | &#10060; | &#10060; | &#10060; |
| [FIPS 140-2 Compliance](/consul/docs/enterprise/fips) | &#9989; | &#9989; | &#10060; |
| [Namespaces](/consul/docs/enterprise/namespaces) | &#9989; | &#9989; | &#9989; |
| [Network Areas](/consul/docs/enterprise/federation) | &#9989; | &#9989; | &#9989; |
| [Network Segments](/consul/docs/enterprise/network-segments/network-segments-overview) | &#10060; | &#10060; | &#10060; |
| [OIDC Auth Method](/consul/docs/security/acl/auth-methods/oidc) | &#9989; | &#9989; | &#9989; |
| [Redundancy Zones](/consul/docs/enterprise/redundancy) | &#10060; | &#10060; | &#10060; |
| [Sameness Groups](/consul/docs/connect/config-entries/sameness-group) | &#9989; | &#9989; | &#9989; |
| [Server request rate limits per source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips) | &#9989; | &#9989; | &#9989; |

| Enterprise Feature | VM Client | K8s Client | ECS Client |
|---------------------------------------------------------------------------------------------------------------| :-------: | :--------: | :--------: |
| [Admin Partitions](/consul/docs/enterprise/admin-partitions) | &#9989; | &#9989; | &#9989; |
| [Audit Logging](/consul/docs/enterprise/audit-logging) | &#9989; | &#9989; | &#9989; |
| [Automated Server Backups](/consul/docs/enterprise/backups) | &#9989; | &#9989; | &#9989; |
| [Automated Server Upgrades](/consul/docs/enterprise/upgrades) | &#10060; | &#10060; | &#10060; |
| [Enhanced Read Scalability](/consul/docs/enterprise/read-scale) | &#10060; | &#10060; | &#10060; |
| [FIPS 140-2 Compliance](/consul/docs/enterprise/fips) | &#9989; | &#9989; | &#9989; |
| [JWT verification for API gateways](/consul/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s) | &#9989; | &#9989; | &#10060; |
| [Locality-aware routing](/consul/docs/connect/manage-traffic/route-to-local-upstreams) | &#9989; | &#9989; | &#9989; |
| [Namespaces](/consul/docs/enterprise/namespaces) | &#9989; | &#9989; | &#9989; |
| [Network Areas](/consul/docs/enterprise/federation) | &#9989; | &#9989; | &#9989; |
| [Network Segments](/consul/docs/enterprise/network-segments/network-segments-overview) | &#10060; | &#10060; | &#10060; |
| [OIDC Auth Method](/consul/docs/security/acl/auth-methods/oidc) | &#9989; | &#9989; | &#9989; |
| [Redundancy Zones](/consul/docs/enterprise/redundancy) | &#10060; | &#10060; | &#10060; |
| [Sameness Groups](/consul/docs/connect/config-entries/sameness-group) | &#9989; | &#9989; | &#9989; |
| [Server request rate limits per source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips) | &#9989; | &#9989; | &#9989; |
| [Traffic rate limiting for services](/consul/docs/connect/manage-traffic/limit-request-rates) | &#9989; | &#9989; | &#9989; |
</Tab>

<Tab heading ="Server Runtime: HCP">
Expand All @@ -164,13 +172,16 @@ Consul Enterprise feature availability can change depending on your server and c
| [Automated Server Upgrades](/consul/docs/enterprise/upgrades) | &#9989; | &#9989; | &#9989; |
| [Enhanced Read Scalability](/consul/docs/enterprise/read-scale) | &#10060; | &#10060; | &#10060; |
| [FIPS 140-2 Compliance](/consul/docs/enterprise/fips) | &#10060; | &#10060; | &#10060; |
| [JWT verification for API gateways](/consul/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-vms) | &#9989; | &#9989; | &#10060; |
| [Locality-aware routing](/consul/docs/connect/manage-traffic/route-to-local-upstreams) | &#9989; | &#9989; | &#9989; |
| [Namespaces](/consul/docs/enterprise/namespaces) | &#9989; | &#9989; | &#9989; |
| [Network Areas](/consul/docs/enterprise/federation) | &#10060; | &#10060; | &#10060; |
| [Network Segments](/consul/docs/enterprise/network-segments/network-segments-overview) | &#10060; | &#10060; | &#10060; |
| [OIDC Auth Method](/consul/docs/security/acl/auth-methods/oidc) | &#10060; | &#10060; | &#10060; |
| [Redundancy Zones](/consul/docs/enterprise/redundancy) | n/a | n/a | n/a |
| [Sameness Groups](/consul/docs/connect/config-entries/sameness-group) | &#9989; | &#9989; | &#9989; |
| [Server request rate limits per source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips) | &#9989; | &#9989; | &#9989; |
| [Traffic rate limiting for services](/consul/docs/connect/manage-traffic/limit-request-rates) | &#9989; | &#9989; | &#9989; |

</Tab>
</Tabs>
</Tabs>
Loading

0 comments on commit be51211

Please sign in to comment.