Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

added 1.17 features to enterprise overview #19514

Merged
merged 10 commits into from
Nov 6, 2023
4 changes: 2 additions & 2 deletions website/content/docs/connect/gateways/api-gateway/index.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -52,8 +52,8 @@ Refer to the following resources for help setting up and using API gateways:
- [Reroute HTTP requests in Kubernetes](/consul/docs/connect/gateways/api-gateway/define-routes/reroute-http-requests)
- [Route traffic to peered services in Kubernetes](/consul/docs/connect/gateways/api-gateway/define-routes/route-to-peered-services)
- [Encrypt API gateway traffic on VMs](/consul/docs/connect/gateways/api-gateway/secure-traffic/encrypt-vms)
- [Use JWTs to verify requests to API gateways on VMs](/consul/docs/connect/gateways/api-gateway/secure-traffic/jwts-vms)
- [Use JWTs to verify requests to API gateways on Kubernetes](/consul/docs/connect/gateways/api-gateway/secure-traffic/jwts-k8s)
- [Use JWTs to verify requests to API gateways on VMs](/consul/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-vms)
- [Use JWTs to verify requests to API gateways on Kubernetes](/consul/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s)

### Reference

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@ description: Learn how to use JSON web tokens (JWT) to verify requests from exte

This topic describes how to use JSON web tokens (JWT) to verify requests to API gateways deployed to Kubernetes-orchestrated containers. If your API gateway is deployed to virtual machines, refer to [Use JWTs to verify requests to API gateways on VMs](/consu/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-vms).

<EnterpriseAlert> This feature is available in Consul Enterprise. </EnterpriseAlert>

## Overview

You can configure API gateways to use JWTs to verify incoming requests so that you can stop unverified traffic at the gateway. You can configure JWT verification at different levels:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@ description: Learn how to use JSON web tokens (JWT) to verify requests from exte

This topic describes how to use JSON web tokens (JWT) to verify requests to API gateways on virtual machines (VM). If your services are deployed to Kubernetes-orchestrated containers, refer to [Use JWTs to verify requests to API gateways on Kubernetes](/consul/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-vms).

<EnterpriseAlert> This feature is available in Consul Enterprise. </EnterpriseAlert>

## Overview

You can configure API gateways to use JWTs to verify incoming requests so that you can stop unverified traffic at the gateway. You can configure JWT verification at different levels:
Expand Down
73 changes: 42 additions & 31 deletions website/content/docs/enterprise/index.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,8 @@ The following features are [available in several forms of Consul Enterprise](#co
- [Automated Backups](/consul/docs/enterprise/backups): Configure the automatic backup of Consul state
- [Redundancy Zones](/consul/docs/enterprise/redundancy): Deploy backup voting Consul servers to efficiently improve Consul fault tolerance
- [Server request rate limits per source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips): Limit gRPC and RPC traffic to servers for source IP addresses.
- [Service request rate limits](/consul/docs/connect/manage-traffic/limit-request-rates): Limit the rate of HTTP requests a service receives from sources in the mesh.
trujillo-adam marked this conversation as resolved.
Show resolved Hide resolved
- [Locality-aware routing](/consul/docs/connect/manage-traffic/route-to-local-upstreams): Prioritize upstream services in the same region and zone as the downstream service.

### Scalability

Expand All @@ -46,6 +48,7 @@ The following features are [available in several forms of Consul Enterprise](#co

- [OIDC Auth Method](/consul/docs/security/acl/auth-methods/oidc): Manage user access to Consul through an OIDC identity provider instead of Consul ACL tokens directly
- [Audit Logging](/consul/docs/enterprise/audit-logging): Understand Consul access and usage patterns by reviewing access to the Consul HTTP API
- Use JWTs to verify requests at the API gateway on [VMs](/consul/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-vms) and on [Kubernetes](/consul/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s): Prevent unverified traffic at the API gateway using JWTs for authentication and authorization.
trujillo-adam marked this conversation as resolved.
Show resolved Hide resolved

### Regulatory compliance

Expand Down Expand Up @@ -116,42 +119,47 @@ Consul Enterprise feature availability can change depending on your server and c

<Tab heading="Server Runtime: VMs">

| Enterprise Feature | VM Client | K8s Client | ECS Client |
| ----------------------------------------------------------------------- | :-------: | :--------: | :--------: |
| [Admin Partitions](/consul/docs/enterprise/admin-partitions) | &#9989; | &#9989; | &#9989; |
| [Audit Logging](/consul/docs/enterprise/audit-logging) | &#9989; | &#9989; | &#9989; |
| [Automated Server Backups](/consul/docs/enterprise/backups) | &#9989; | &#9989; | &#9989; |
| [Automated Server Upgrades](/consul/docs/enterprise/upgrades) | &#9989; | &#9989; | &#9989; |
| [Enhanced Read Scalability](/consul/docs/enterprise/read-scale) | &#9989; | &#9989; | &#9989; |
| [FIPS 140-2 Compliance](/consul/docs/enterprise/fips) | &#9989; | &#9989; | &#10060; |
| [Namespaces](/consul/docs/enterprise/namespaces) | &#9989; | &#9989; | &#9989; |
| [Network Areas](/consul/docs/enterprise/federation) | &#9989; | &#9989; | &#9989; |
| [Network Segments](/consul/docs/enterprise/network-segments/network-segments-overview) | &#9989; | &#10060; | &#10060; |
| [OIDC Auth Method](/consul/docs/security/acl/auth-methods/oidc) | &#9989; | &#9989; | &#9989; |
| [Redundancy Zones](/consul/docs/enterprise/redundancy) | &#9989; | &#9989; | &#9989; |
| [Sameness Groups](/consul/docs/connect/config-entries/sameness-group) | &#9989; | &#9989; | &#9989; |
| [Server request rate limits per source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips) | &#9989; | &#9989; | &#9989; |
| Enterprise Feature | VM Client | K8s Client | ECS Client |
|----------------------------------------------------------------------------------------------------------|:---------:|:----------:| :--------: |
| [Admin Partitions](/consul/docs/enterprise/admin-partitions) | &#9989; | &#9989; | &#9989; |
| [Audit Logging](/consul/docs/enterprise/audit-logging) | &#9989; | &#9989; | &#9989; |
| [Automated Server Backups](/consul/docs/enterprise/backups) | &#9989; | &#9989; | &#9989; |
| [Automated Server Upgrades](/consul/docs/enterprise/upgrades) | &#9989; | &#9989; | &#9989; |
| [Enhanced Read Scalability](/consul/docs/enterprise/read-scale) | &#9989; | &#9989; | &#9989; |
| [FIPS 140-2 Compliance](/consul/docs/enterprise/fips) | &#9989; | &#9989; | &#10060; |
trujillo-adam marked this conversation as resolved.
Show resolved Hide resolved
| [JWT verification for API gateways](/consul/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-vms) | &#9989; | &#9989; | &#10060; |
| [Locality-aware routing](/consul/docs/connect/manage-traffic/route-to-local-upstreams) | &#9989; | &#9989; | &#10060; |
trujillo-adam marked this conversation as resolved.
Show resolved Hide resolved
| [Namespaces](/consul/docs/enterprise/namespaces) | &#9989; | &#9989; | &#9989; |
| [Network Areas](/consul/docs/enterprise/federation) | &#9989; | &#9989; | &#9989; |
| [Network Segments](/consul/docs/enterprise/network-segments/network-segments-overview) | &#9989; | &#10060; | &#10060; |
| [OIDC Auth Method](/consul/docs/security/acl/auth-methods/oidc) | &#9989; | &#9989; | &#9989; |
| [Redundancy Zones](/consul/docs/enterprise/redundancy) | &#9989; | &#9989; | &#9989; |
| [Sameness Groups](/consul/docs/connect/config-entries/sameness-group) | &#9989; | &#9989; | &#9989; |
| [Server request rate limits per source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips) | &#9989; | &#9989; | &#9989; |
| [Service request rate limits](/consul/docs/connect/manage-traffic/limit-request-rates) | &#9989; | &#9989; | &#10060; |
trujillo-adam marked this conversation as resolved.
Show resolved Hide resolved

</Tab>

<Tab heading="Server Runtime: Kubernetes">

| Enterprise Feature | VM Client | K8s Client | ECS Client |
| ----------------------------------------------------------------------- | :-------: | :--------: | :--------: |
| [Admin Partitions](/consul/docs/enterprise/admin-partitions) | &#9989; | &#9989; | &#9989; |
| [Audit Logging](/consul/docs/enterprise/audit-logging) | &#9989; | &#9989; | &#9989; |
| [Automated Server Backups](/consul/docs/enterprise/backups) | &#9989; | &#9989; | &#9989; |
| [Automated Server Upgrades](/consul/docs/enterprise/upgrades) | &#10060; | &#10060; | &#10060; |
| [Enhanced Read Scalability](/consul/docs/enterprise/read-scale) | &#10060; | &#10060; | &#10060; |
| [FIPS 140-2 Compliance](/consul/docs/enterprise/fips) | &#9989; | &#9989; | &#10060; |
| [Namespaces](/consul/docs/enterprise/namespaces) | &#9989; | &#9989; | &#9989; |
| [Network Areas](/consul/docs/enterprise/federation) | &#9989; | &#9989; | &#9989; |
| [Network Segments](/consul/docs/enterprise/network-segments/network-segments-overview) | &#10060; | &#10060; | &#10060; |
| [OIDC Auth Method](/consul/docs/security/acl/auth-methods/oidc) | &#9989; | &#9989; | &#9989; |
| [Redundancy Zones](/consul/docs/enterprise/redundancy) | &#10060; | &#10060; | &#10060; |
| [Sameness Groups](/consul/docs/connect/config-entries/sameness-group) | &#9989; | &#9989; | &#9989; |
| [Server request rate limits per source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips) | &#9989; | &#9989; | &#9989; |

| Enterprise Feature | VM Client | K8s Client | ECS Client |
|---------------------------------------------------------------------------------------------------------------| :-------: | :--------: | :--------: |
| [Admin Partitions](/consul/docs/enterprise/admin-partitions) | &#9989; | &#9989; | &#9989; |
| [Audit Logging](/consul/docs/enterprise/audit-logging) | &#9989; | &#9989; | &#9989; |
| [Automated Server Backups](/consul/docs/enterprise/backups) | &#9989; | &#9989; | &#9989; |
| [Automated Server Upgrades](/consul/docs/enterprise/upgrades) | &#10060; | &#10060; | &#10060; |
| [Enhanced Read Scalability](/consul/docs/enterprise/read-scale) | &#10060; | &#10060; | &#10060; |
| [FIPS 140-2 Compliance](/consul/docs/enterprise/fips) | &#9989; | &#9989; | &#10060; |
trujillo-adam marked this conversation as resolved.
Show resolved Hide resolved
| [JWT verification for API gateways](/consul/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s) | &#9989; | &#9989; | &#10060; |
| [Locality-aware routing](/consul/docs/connect/manage-traffic/route-to-local-upstreams) | &#9989; | &#9989; | &#10060; |
trujillo-adam marked this conversation as resolved.
Show resolved Hide resolved
| [Namespaces](/consul/docs/enterprise/namespaces) | &#9989; | &#9989; | &#9989; |
| [Network Areas](/consul/docs/enterprise/federation) | &#9989; | &#9989; | &#9989; |
| [Network Segments](/consul/docs/enterprise/network-segments/network-segments-overview) | &#10060; | &#10060; | &#10060; |
| [OIDC Auth Method](/consul/docs/security/acl/auth-methods/oidc) | &#9989; | &#9989; | &#9989; |
| [Redundancy Zones](/consul/docs/enterprise/redundancy) | &#10060; | &#10060; | &#10060; |
| [Sameness Groups](/consul/docs/connect/config-entries/sameness-group) | &#9989; | &#9989; | &#9989; |
| [Server request rate limits per source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips) | &#9989; | &#9989; | &#9989; |
| [Service request rate limits](/consul/docs/connect/manage-traffic/limit-request-rates) | &#9989; | &#9989; | &#10060; |
trujillo-adam marked this conversation as resolved.
Show resolved Hide resolved
</Tab>

<Tab heading ="Server Runtime: HCP">
Expand All @@ -164,13 +172,16 @@ Consul Enterprise feature availability can change depending on your server and c
| [Automated Server Upgrades](/consul/docs/enterprise/upgrades) | &#9989; | &#9989; | &#9989; |
| [Enhanced Read Scalability](/consul/docs/enterprise/read-scale) | &#10060; | &#10060; | &#10060; |
| [FIPS 140-2 Compliance](/consul/docs/enterprise/fips) | &#10060; | &#10060; | &#10060; |
| [JWT verification for API gateways](/consul/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-vms) | &#9989; | &#9989; | &#10060; |
| [Locality-aware routing](/consul/docs/connect/manage-traffic/route-to-local-upstreams) | &#9989; | &#9989; | &#10060; |
trujillo-adam marked this conversation as resolved.
Show resolved Hide resolved
| [Namespaces](/consul/docs/enterprise/namespaces) | &#9989; | &#9989; | &#9989; |
| [Network Areas](/consul/docs/enterprise/federation) | &#10060; | &#10060; | &#10060; |
| [Network Segments](/consul/docs/enterprise/network-segments/network-segments-overview) | &#10060; | &#10060; | &#10060; |
| [OIDC Auth Method](/consul/docs/security/acl/auth-methods/oidc) | &#10060; | &#10060; | &#10060; |
| [Redundancy Zones](/consul/docs/enterprise/redundancy) | n/a | n/a | n/a |
| [Sameness Groups](/consul/docs/connect/config-entries/sameness-group) | &#9989; | &#9989; | &#9989; |
| [Server request rate limits per source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips) | &#9989; | &#9989; | &#9989; |
| [Service request rate limits](/consul/docs/connect/manage-traffic/limit-request-rates) | &#9989; | &#9989; | &#10060; |
trujillo-adam marked this conversation as resolved.
Show resolved Hide resolved

</Tab>
</Tabs>