manually backport #19514

hashicorp · Nov 6, 2023 · be51211 · be51211
1 parent ad33720
commit be51211
Show file tree

Hide file tree

Showing 7 changed files with 178 additions and 35 deletions.
diff --git a/website/content/docs/connect/gateways/api-gateway/index.mdx b/website/content/docs/connect/gateways/api-gateway/index.mdx
@@ -52,8 +52,8 @@ Refer to the following resources for help setting up and using API gateways:
 - [Reroute HTTP requests in Kubernetes](/consul/docs/connect/gateways/api-gateway/define-routes/reroute-http-requests)
 - [Route traffic to peered services in Kubernetes](/consul/docs/connect/gateways/api-gateway/define-routes/route-to-peered-services)
 - [Encrypt API gateway traffic on VMs](/consul/docs/connect/gateways/api-gateway/secure-traffic/encrypt-vms)
-- [Use JWTs to verify requests to API gateways on VMs](/consul/docs/connect/gateways/api-gateway/secure-traffic/jwts-vms)
-- [Use JWTs to verify requests to API gateways on Kubernetes](/consul/docs/connect/gateways/api-gateway/secure-traffic/jwts-k8s)
+- [Use JWTs to verify requests to API gateways on VMs](/consul/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-vms)
+- [Use JWTs to verify requests to API gateways on Kubernetes](/consul/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s)
 
 ### Reference
 

diff --git a/...te/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx b/...te/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx
@@ -8,6 +8,8 @@ description: Learn how to use JSON web tokens (JWT) to verify requests from exte
 
 This topic describes how to use JSON web tokens (JWT) to verify requests to API gateways deployed to Kubernetes-orchestrated containers. If your API gateway is deployed to virtual machines, refer to [Use JWTs to verify requests to API gateways on VMs](/consu/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-vms).
 
+<EnterpriseAlert> This feature is available in Consul Enterprise. </EnterpriseAlert>
+
 ## Overview
 
 You can configure API gateways to use JWTs to verify incoming requests so that you can stop unverified traffic at the gateway. You can configure JWT verification at different levels:

diff --git a/...te/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-vms.mdx b/...te/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-vms.mdx
@@ -8,6 +8,8 @@ description: Learn how to use JSON web tokens (JWT) to verify requests from exte
 
 This topic describes how to use JSON web tokens (JWT) to verify requests to API gateways on virtual machines (VM). If your services are deployed to Kubernetes-orchestrated containers, refer to [Use JWTs to verify requests to API gateways on Kubernetes](/consul/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-vms).
 
+<EnterpriseAlert> This feature is available in Consul Enterprise. </EnterpriseAlert>
+
 ## Overview
 
 You can configure API gateways to use JWTs to verify incoming requests so that you can stop unverified traffic at the gateway. You can configure JWT verification at different levels:

diff --git a/website/content/docs/enterprise/index.mdx b/website/content/docs/enterprise/index.mdx
@@ -27,6 +27,8 @@ The following features are [available in several forms of Consul Enterprise](#co
 - [Automated Backups](/consul/docs/enterprise/backups): Configure the automatic backup of Consul state
 - [Redundancy Zones](/consul/docs/enterprise/redundancy): Deploy backup voting Consul servers to efficiently improve Consul fault tolerance
 - [Server request rate limits per source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips): Limit gRPC and RPC traffic to servers for source IP addresses.
+- [Traffic rate limiting for services](/consul/docs/connect/manage-traffic/limit-request-rates): Limit the rate of HTTP requests a service receives per service instance.  
+- [Locality-aware routing](/consul/docs/connect/manage-traffic/route-to-local-upstreams): Prioritize upstream services in the same region and zone as the downstream service.
 
 ### Scalability
 
@@ -46,6 +48,7 @@ The following features are [available in several forms of Consul Enterprise](#co
 
 - [OIDC Auth Method](/consul/docs/security/acl/auth-methods/oidc): Manage user access to Consul through an OIDC identity provider instead of Consul ACL tokens directly
 - [Audit Logging](/consul/docs/enterprise/audit-logging): Understand Consul access and usage patterns by reviewing access to the Consul HTTP API
+- JWT authentication and authorization for API gateway: Prevent unverified traffic at the API gateway using JWTs for authentication and authorization on [VMs](/consul/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-vms) and on [Kubernetes](/consul/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s):
 
 ### Regulatory compliance
 
@@ -116,42 +119,47 @@ Consul Enterprise feature availability can change depending on your server and c
 
 <Tab heading="Server Runtime: VMs">
 
-| Enterprise Feature                                                      | VM Client | K8s Client | ECS Client |
-| ----------------------------------------------------------------------- | :-------: | :--------: | :--------: |
-| [Admin Partitions](/consul/docs/enterprise/admin-partitions)            |  &#9989;  |  &#9989;   |   &#9989;  |
-| [Audit Logging](/consul/docs/enterprise/audit-logging)                  |  &#9989;  |  &#9989;   |   &#9989;  |
-| [Automated Server Backups](/consul/docs/enterprise/backups)             |  &#9989;  |  &#9989;   |   &#9989;  |
-| [Automated Server Upgrades](/consul/docs/enterprise/upgrades)           |  &#9989;  |  &#9989;   |   &#9989;  |
-| [Enhanced Read Scalability](/consul/docs/enterprise/read-scale)         |  &#9989;  |  &#9989;   |   &#9989;  |
-| [FIPS 140-2 Compliance](/consul/docs/enterprise/fips)                   |  &#9989;  |  &#9989;   |   &#10060;  |
-| [Namespaces](/consul/docs/enterprise/namespaces)                        |  &#9989;  |  &#9989;   |   &#9989;  |
-| [Network Areas](/consul/docs/enterprise/federation)                     |  &#9989;  |  &#9989;   |   &#9989;  |
-| [Network Segments](/consul/docs/enterprise/network-segments/network-segments-overview)            |  &#9989;  |  &#10060;  |  &#10060;  |
-| [OIDC Auth Method](/consul/docs/security/acl/auth-methods/oidc)         |  &#9989;  |  &#9989;   |   &#9989;  |
-| [Redundancy Zones](/consul/docs/enterprise/redundancy)                  |  &#9989;  |  &#9989;   |   &#9989;  |
-| [Sameness Groups](/consul/docs/connect/config-entries/sameness-group)    |  &#9989;  |  &#9989;   |   &#9989;  |
-| [Server request rate limits per source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips) | &#9989; | &#9989; | &#9989; |
+| Enterprise Feature                                                                                       | VM Client | K8s Client | ECS Client |
+|----------------------------------------------------------------------------------------------------------|:---------:|:----------:| :--------: |
+| [Admin Partitions](/consul/docs/enterprise/admin-partitions)                                             |  &#9989;  |  &#9989;   |   &#9989;  |
+| [Audit Logging](/consul/docs/enterprise/audit-logging)                                                   |  &#9989;  |  &#9989;   |   &#9989;  |
+| [Automated Server Backups](/consul/docs/enterprise/backups)                                              |  &#9989;  |  &#9989;   |   &#9989;  |
+| [Automated Server Upgrades](/consul/docs/enterprise/upgrades)                                            |  &#9989;  |  &#9989;   |   &#9989;  |
+| [Enhanced Read Scalability](/consul/docs/enterprise/read-scale)                                          |  &#9989;  |  &#9989;   |   &#9989;  |
+| [FIPS 140-2 Compliance](/consul/docs/enterprise/fips)                                                    |  &#9989;  |  &#9989;   |   &#9989;  |
+| [JWT verification for API gateways](/consul/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-vms) |  &#9989;  |  &#9989;   |   &#10060;  |
+| [Locality-aware routing](/consul/docs/connect/manage-traffic/route-to-local-upstreams)                   |  &#9989;  |  &#9989;   | &#9989; |
+| [Namespaces](/consul/docs/enterprise/namespaces)                                                         |  &#9989;  |  &#9989;   |   &#9989;  |
+| [Network Areas](/consul/docs/enterprise/federation)                                                      |  &#9989;  |  &#9989;   |   &#9989;  |
+| [Network Segments](/consul/docs/enterprise/network-segments/network-segments-overview)                   |  &#9989;  |  &#10060;  |  &#10060;  |
+| [OIDC Auth Method](/consul/docs/security/acl/auth-methods/oidc)                                          |  &#9989;  |  &#9989;   |   &#9989;  |
+| [Redundancy Zones](/consul/docs/enterprise/redundancy)                                                   |  &#9989;  |  &#9989;   |   &#9989;  |
+| [Sameness Groups](/consul/docs/connect/config-entries/sameness-group)                                    |  &#9989;  |  &#9989;   |   &#9989;  |
+| [Server request rate limits per source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips) |  &#9989;  |  &#9989;   | &#9989; |
+| [Traffic rate limiting for services](/consul/docs/connect/manage-traffic/limit-request-rates)                   |  &#9989;  |  &#9989;   | &#9989; |
 
 </Tab>
 
 <Tab heading="Server Runtime: Kubernetes">
 
-| Enterprise Feature                                                      | VM Client | K8s Client | ECS Client |
-| ----------------------------------------------------------------------- | :-------: | :--------: | :--------: |
-| [Admin Partitions](/consul/docs/enterprise/admin-partitions)            |  &#9989;  |  &#9989;   |  &#9989;  |
-| [Audit Logging](/consul/docs/enterprise/audit-logging)                  |  &#9989;  |  &#9989;   |  &#9989;  |
-| [Automated Server Backups](/consul/docs/enterprise/backups)             |  &#9989;  |  &#9989;   |  &#9989;  |
-| [Automated Server Upgrades](/consul/docs/enterprise/upgrades)           |  &#10060; |  &#10060;  |  &#10060;  |
-| [Enhanced Read Scalability](/consul/docs/enterprise/read-scale)         |  &#10060; |  &#10060;  |  &#10060;  |
-| [FIPS 140-2 Compliance](/consul/docs/enterprise/fips)                   |  &#9989;  |  &#9989;   |   &#10060;  |
-| [Namespaces](/consul/docs/enterprise/namespaces)                        |  &#9989;  |  &#9989;   |  &#9989;  |
-| [Network Areas](/consul/docs/enterprise/federation)                     |  &#9989;  |  &#9989;   |  &#9989;  |
-| [Network Segments](/consul/docs/enterprise/network-segments/network-segments-overview)            |  &#10060; |  &#10060;  |  &#10060;  |
-| [OIDC Auth Method](/consul/docs/security/acl/auth-methods/oidc)         |  &#9989;  |  &#9989;   |  &#9989;  |
-| [Redundancy Zones](/consul/docs/enterprise/redundancy)                  |  &#10060; |  &#10060;  |  &#10060;  |
-| [Sameness Groups](/consul/docs/connect/config-entries/sameness-group)    |  &#9989;  |  &#9989;   |   &#9989;  |
-| [Server request rate limits per source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips) | &#9989; | &#9989; | &#9989; |
-
+| Enterprise Feature                                                                                            | VM Client | K8s Client | ECS Client |
+|---------------------------------------------------------------------------------------------------------------| :-------: | :--------: | :--------: |
+| [Admin Partitions](/consul/docs/enterprise/admin-partitions)                                                  |  &#9989;  |  &#9989;   |  &#9989;  |
+| [Audit Logging](/consul/docs/enterprise/audit-logging)                                                        |  &#9989;  |  &#9989;   |  &#9989;  |
+| [Automated Server Backups](/consul/docs/enterprise/backups)                                                   |  &#9989;  |  &#9989;   |  &#9989;  |
+| [Automated Server Upgrades](/consul/docs/enterprise/upgrades)                                                 |  &#10060; |  &#10060;  |  &#10060;  |
+| [Enhanced Read Scalability](/consul/docs/enterprise/read-scale)                                               |  &#10060; |  &#10060;  |  &#10060;  |
+| [FIPS 140-2 Compliance](/consul/docs/enterprise/fips)                                                         |  &#9989;  |  &#9989;   |   &#9989;  |
+| [JWT verification for API gateways](/consul/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s) |  &#9989;  |  &#9989;   |   &#10060;  |
+| [Locality-aware routing](/consul/docs/connect/manage-traffic/route-to-local-upstreams)                        |  &#9989;  |  &#9989;   | &#9989; |
+| [Namespaces](/consul/docs/enterprise/namespaces)                                                              |  &#9989;  |  &#9989;   |  &#9989;  |
+| [Network Areas](/consul/docs/enterprise/federation)                                                           |  &#9989;  |  &#9989;   |  &#9989;  |
+| [Network Segments](/consul/docs/enterprise/network-segments/network-segments-overview)                        |  &#10060; |  &#10060;  |  &#10060;  |
+| [OIDC Auth Method](/consul/docs/security/acl/auth-methods/oidc)                                               |  &#9989;  |  &#9989;   |  &#9989;  |
+| [Redundancy Zones](/consul/docs/enterprise/redundancy)                                                        |  &#10060; |  &#10060;  |  &#10060;  |
+| [Sameness Groups](/consul/docs/connect/config-entries/sameness-group)                                         |  &#9989;  |  &#9989;   |   &#9989;  |
+| [Server request rate limits per source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips)      | &#9989; | &#9989; | &#9989; |
+| [Traffic rate limiting for services](/consul/docs/connect/manage-traffic/limit-request-rates) |  &#9989;  |  &#9989;   | &#9989; |
 </Tab>
 
 <Tab heading ="Server Runtime: HCP">
@@ -164,13 +172,16 @@ Consul Enterprise feature availability can change depending on your server and c
 | [Automated Server Upgrades](/consul/docs/enterprise/upgrades)           |  &#9989;  |  &#9989;   |   &#9989;  |
 | [Enhanced Read Scalability](/consul/docs/enterprise/read-scale)         |  &#10060; |  &#10060;  |  &#10060;  |
 | [FIPS 140-2 Compliance](/consul/docs/enterprise/fips)                   |  &#10060; |  &#10060;  |  &#10060;  |
+| [JWT verification for API gateways](/consul/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-vms) |  &#9989;  |  &#9989;   |   &#10060;  |
+| [Locality-aware routing](/consul/docs/connect/manage-traffic/route-to-local-upstreams)                   |  &#9989;  |  &#9989;   | &#9989; |
 | [Namespaces](/consul/docs/enterprise/namespaces)                        |  &#9989;  |  &#9989;   |   &#9989;  |
 | [Network Areas](/consul/docs/enterprise/federation)                     |  &#10060; |  &#10060;  |  &#10060;  |
 | [Network Segments](/consul/docs/enterprise/network-segments/network-segments-overview)            |  &#10060; |  &#10060;  |  &#10060;  |
 | [OIDC Auth Method](/consul/docs/security/acl/auth-methods/oidc)         |  &#10060; |  &#10060;  |  &#10060;  |
 | [Redundancy Zones](/consul/docs/enterprise/redundancy)                  |  n/a      |  n/a       |  n/a       |
 | [Sameness Groups](/consul/docs/connect/config-entries/sameness-group)    |  &#9989;  |  &#9989;   |   &#9989;  |
 | [Server request rate limits per source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips) | &#9989; | &#9989; | &#9989; |
+| [Traffic rate limiting for services](/consul/docs/connect/manage-traffic/limit-request-rates) |  &#9989;  |  &#9989;   | &#9989; |
 
 </Tab>
-</Tabs>
+</Tabs>