consul/website/content/docs/connect/config-entries/api-gateway.mdx

563 lines
18 KiB
Plaintext
Raw Normal View History

Native API Gateway Docs (#16365) * Create empty files * Copy over content for overview * Copy over content for usage * Copy over content for api-gateway config * Copy over content for http-route config * Copy over content for tcp-route config * Copy over content for inline-certificate config * Add docs to the sidebar * Clean up overview. Start cleaning up usage * Add BETA badge to API Gateways portion of nav * Fix header * Fix up usage * Fix up API Gateway config * Update paths to be consistent w/ other gateway docs * Fix up http-route * Fix up inline-certificate * rename path * Fix up tcp-route * Add CodeTabs * Add headers to config pages * Fix configuration model for http route and inline certificate * Add version callout to API gateway overview page * Fix values for inline certificate * Fix values for api gateway configuration * Fix values for TCP Route config * Fix values for HTTP Route config * Adds link from k8s gateway to vm gateway page * Remove versioning warning * Serve overview page at ../api-gateway, consistent w/ mesh-gateway * Remove weight field from tcp-route docs * Linking to usage instead of overview from k8s api-gateway to vm api-gateway * Fix issues in usage page * Fix links in usage * Capitalize Kubernetes * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * remove optional callout * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Apply suggestions from code review * Update website/content/docs/connect/gateways/api-gateway/configuration/api-gateway.mdx * Fix formatting of Hostnames * Update website/content/docs/api-gateway/index.mdx * Update website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx Co-authored-by: Andrew Stucki <andrew.stucki@hashicorp.com> * Add cross-linking of config entries * Fix rendering error on new operator usage docs * Update website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Update website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Apply suggestions from code review * Apply suggestions from code review * Add BETA badges to config entry links * http route updates * Add Enterprise keys * Use map instead of list for meta field, use consistent formatting * Convert spaces to tabs * Add all Enterprise info to TCP Route * Use pascal case for JSON api-gateway example * Add enterprise to HCL api-gw cfg * Use pascal case for missed JSON config fields * Add enterprise to JSON api-gw cfg * Add enterprise to api-gw values * adds enterprise to http route * Update website/content/docs/connect/gateways/api-gateway/index.mdx Co-authored-by: danielehc <40759828+danielehc@users.noreply.github.com> * Add enterprise to api-gw spec * Add missing namespace, partition + meta to specification * fixes for http route * Fix ordering of API Gatetway cfg spec items * whitespace * Add linking of values to tcp * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Fix comma in wrong place * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Move Certificates down * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Tabs to spaces in httproute * Use configuration entry instead of config entry * Fix indentations on api-gateway and tcp-route * Add whitespace between code block and prose * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * adds <> to http route --------- Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> Co-authored-by: Melisa Griffin <melisa.griffin@hashicorp.com> Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com> Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> Co-authored-by: Tu Nguyen <im2nguyen@gmail.com> Co-authored-by: Melisa Griffin <missylbytes@users.noreply.github.com> Co-authored-by: Andrew Stucki <andrew.stucki@hashicorp.com> Co-authored-by: danielehc <40759828+danielehc@users.noreply.github.com> Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2023-02-23 21:01:47 +00:00
---
layout: docs
page_title: API Gateway configuration reference
Docs/api-gw-jwts-openshift-1-17-x (#19035) * update main apigw overview * moved the tech specs to main gw folder * merged tech specs into single topic * restructure nav part 1 * fix typo in nav json file * moved k8s install up one level * restructure nav part 2 * moved and created all listeners and routes content * moved errors ref and upgrades * fix error in upgrade-k8s link * moved conf refs to appropriate spots * updated conf overview * fixed some links and bad formatting * fixed link * added JWT on VMs usage page * added JWT conf to APIGW conf entry * added JWTs to HTTP route conf entry * added new gatwaypolicy k8s conf reference * added metadesc for gatewaypolicy conf ref * added http route auth filter k8s conf ref * added http route auth filter k8s conf ref to nav * updates to k8s route conf ref to include extensionRef * added JWTs usage page for k8s * fixed link in gwpolicy conf ref * added openshift installation info to installation pages * fixed bad link on tech specs * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> * fixed VerityClaims param * best guess at verifyclaims params * tweaks to gateway policy dconf ref * Docs/ce 475 retries timeouts for apigw (#19086) * added timeout and retry conf ref for k8s * added retry and TO filters to HTTP routes conf ref for VMs * Apply suggestions from code review Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * fix copy/paste error in http route conf entry --------- Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * update links across site and add redirects * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Thomas Eckert <teckert@hashicorp.com> * Applied feedback from review * Apply suggestions from code review * Apply suggestions from code review Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> * Update CRD configuration for responseHeaderModifiers * Update Config Entry for http-route * Add ResponseFilter example to service * Update website/redirects.js errant curly brace breaking the preview * fix links and bad MD * fixed md formatting issues * fix formatting errors * fix formatting errors * Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx * Apply suggestions from code review * fixed typo * Fix headers in http-route * Apply suggestions from code review Co-authored-by: John Maguire <john.maguire@hashicorp.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> --------- Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> Co-authored-by: Thomas Eckert <teckert@hashicorp.com> Co-authored-by: John Maguire <john.maguire@hashicorp.com>
2023-10-10 20:29:55 +00:00
description: Learn how to configure a Consul API gateway on VMs.
Native API Gateway Docs (#16365) * Create empty files * Copy over content for overview * Copy over content for usage * Copy over content for api-gateway config * Copy over content for http-route config * Copy over content for tcp-route config * Copy over content for inline-certificate config * Add docs to the sidebar * Clean up overview. Start cleaning up usage * Add BETA badge to API Gateways portion of nav * Fix header * Fix up usage * Fix up API Gateway config * Update paths to be consistent w/ other gateway docs * Fix up http-route * Fix up inline-certificate * rename path * Fix up tcp-route * Add CodeTabs * Add headers to config pages * Fix configuration model for http route and inline certificate * Add version callout to API gateway overview page * Fix values for inline certificate * Fix values for api gateway configuration * Fix values for TCP Route config * Fix values for HTTP Route config * Adds link from k8s gateway to vm gateway page * Remove versioning warning * Serve overview page at ../api-gateway, consistent w/ mesh-gateway * Remove weight field from tcp-route docs * Linking to usage instead of overview from k8s api-gateway to vm api-gateway * Fix issues in usage page * Fix links in usage * Capitalize Kubernetes * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * remove optional callout * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Apply suggestions from code review * Update website/content/docs/connect/gateways/api-gateway/configuration/api-gateway.mdx * Fix formatting of Hostnames * Update website/content/docs/api-gateway/index.mdx * Update website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx Co-authored-by: Andrew Stucki <andrew.stucki@hashicorp.com> * Add cross-linking of config entries * Fix rendering error on new operator usage docs * Update website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Update website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Apply suggestions from code review * Apply suggestions from code review * Add BETA badges to config entry links * http route updates * Add Enterprise keys * Use map instead of list for meta field, use consistent formatting * Convert spaces to tabs * Add all Enterprise info to TCP Route * Use pascal case for JSON api-gateway example * Add enterprise to HCL api-gw cfg * Use pascal case for missed JSON config fields * Add enterprise to JSON api-gw cfg * Add enterprise to api-gw values * adds enterprise to http route * Update website/content/docs/connect/gateways/api-gateway/index.mdx Co-authored-by: danielehc <40759828+danielehc@users.noreply.github.com> * Add enterprise to api-gw spec * Add missing namespace, partition + meta to specification * fixes for http route * Fix ordering of API Gatetway cfg spec items * whitespace * Add linking of values to tcp * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Fix comma in wrong place * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Move Certificates down * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Tabs to spaces in httproute * Use configuration entry instead of config entry * Fix indentations on api-gateway and tcp-route * Add whitespace between code block and prose * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * adds <> to http route --------- Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> Co-authored-by: Melisa Griffin <melisa.griffin@hashicorp.com> Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com> Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> Co-authored-by: Tu Nguyen <im2nguyen@gmail.com> Co-authored-by: Melisa Griffin <missylbytes@users.noreply.github.com> Co-authored-by: Andrew Stucki <andrew.stucki@hashicorp.com> Co-authored-by: danielehc <40759828+danielehc@users.noreply.github.com> Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2023-02-23 21:01:47 +00:00
---
# API gateway configuration reference
Native API Gateway Docs (#16365) * Create empty files * Copy over content for overview * Copy over content for usage * Copy over content for api-gateway config * Copy over content for http-route config * Copy over content for tcp-route config * Copy over content for inline-certificate config * Add docs to the sidebar * Clean up overview. Start cleaning up usage * Add BETA badge to API Gateways portion of nav * Fix header * Fix up usage * Fix up API Gateway config * Update paths to be consistent w/ other gateway docs * Fix up http-route * Fix up inline-certificate * rename path * Fix up tcp-route * Add CodeTabs * Add headers to config pages * Fix configuration model for http route and inline certificate * Add version callout to API gateway overview page * Fix values for inline certificate * Fix values for api gateway configuration * Fix values for TCP Route config * Fix values for HTTP Route config * Adds link from k8s gateway to vm gateway page * Remove versioning warning * Serve overview page at ../api-gateway, consistent w/ mesh-gateway * Remove weight field from tcp-route docs * Linking to usage instead of overview from k8s api-gateway to vm api-gateway * Fix issues in usage page * Fix links in usage * Capitalize Kubernetes * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * remove optional callout * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Apply suggestions from code review * Update website/content/docs/connect/gateways/api-gateway/configuration/api-gateway.mdx * Fix formatting of Hostnames * Update website/content/docs/api-gateway/index.mdx * Update website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx Co-authored-by: Andrew Stucki <andrew.stucki@hashicorp.com> * Add cross-linking of config entries * Fix rendering error on new operator usage docs * Update website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Update website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Apply suggestions from code review * Apply suggestions from code review * Add BETA badges to config entry links * http route updates * Add Enterprise keys * Use map instead of list for meta field, use consistent formatting * Convert spaces to tabs * Add all Enterprise info to TCP Route * Use pascal case for JSON api-gateway example * Add enterprise to HCL api-gw cfg * Use pascal case for missed JSON config fields * Add enterprise to JSON api-gw cfg * Add enterprise to api-gw values * adds enterprise to http route * Update website/content/docs/connect/gateways/api-gateway/index.mdx Co-authored-by: danielehc <40759828+danielehc@users.noreply.github.com> * Add enterprise to api-gw spec * Add missing namespace, partition + meta to specification * fixes for http route * Fix ordering of API Gatetway cfg spec items * whitespace * Add linking of values to tcp * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Fix comma in wrong place * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Move Certificates down * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Tabs to spaces in httproute * Use configuration entry instead of config entry * Fix indentations on api-gateway and tcp-route * Add whitespace between code block and prose * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * adds <> to http route --------- Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> Co-authored-by: Melisa Griffin <melisa.griffin@hashicorp.com> Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com> Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> Co-authored-by: Tu Nguyen <im2nguyen@gmail.com> Co-authored-by: Melisa Griffin <missylbytes@users.noreply.github.com> Co-authored-by: Andrew Stucki <andrew.stucki@hashicorp.com> Co-authored-by: danielehc <40759828+danielehc@users.noreply.github.com> Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2023-02-23 21:01:47 +00:00
Docs/api-gw-jwts-openshift-1-17-x (#19035) * update main apigw overview * moved the tech specs to main gw folder * merged tech specs into single topic * restructure nav part 1 * fix typo in nav json file * moved k8s install up one level * restructure nav part 2 * moved and created all listeners and routes content * moved errors ref and upgrades * fix error in upgrade-k8s link * moved conf refs to appropriate spots * updated conf overview * fixed some links and bad formatting * fixed link * added JWT on VMs usage page * added JWT conf to APIGW conf entry * added JWTs to HTTP route conf entry * added new gatwaypolicy k8s conf reference * added metadesc for gatewaypolicy conf ref * added http route auth filter k8s conf ref * added http route auth filter k8s conf ref to nav * updates to k8s route conf ref to include extensionRef * added JWTs usage page for k8s * fixed link in gwpolicy conf ref * added openshift installation info to installation pages * fixed bad link on tech specs * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> * fixed VerityClaims param * best guess at verifyclaims params * tweaks to gateway policy dconf ref * Docs/ce 475 retries timeouts for apigw (#19086) * added timeout and retry conf ref for k8s * added retry and TO filters to HTTP routes conf ref for VMs * Apply suggestions from code review Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * fix copy/paste error in http route conf entry --------- Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * update links across site and add redirects * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Thomas Eckert <teckert@hashicorp.com> * Applied feedback from review * Apply suggestions from code review * Apply suggestions from code review Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> * Update CRD configuration for responseHeaderModifiers * Update Config Entry for http-route * Add ResponseFilter example to service * Update website/redirects.js errant curly brace breaking the preview * fix links and bad MD * fixed md formatting issues * fix formatting errors * fix formatting errors * Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx * Apply suggestions from code review * fixed typo * Fix headers in http-route * Apply suggestions from code review Co-authored-by: John Maguire <john.maguire@hashicorp.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> --------- Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> Co-authored-by: Thomas Eckert <teckert@hashicorp.com> Co-authored-by: John Maguire <john.maguire@hashicorp.com>
2023-10-10 20:29:55 +00:00
This topic provides reference information for the API gateway configuration entry that you can deploy to networks in virtual machine (VM) environments. For reference information about configuring Consul API gateways on Kubernetes, refer to [Gateway Resource Configuration](/consul/docs/connect/gateways/api-gateway/configuration/gateway).
Native API Gateway Docs (#16365) * Create empty files * Copy over content for overview * Copy over content for usage * Copy over content for api-gateway config * Copy over content for http-route config * Copy over content for tcp-route config * Copy over content for inline-certificate config * Add docs to the sidebar * Clean up overview. Start cleaning up usage * Add BETA badge to API Gateways portion of nav * Fix header * Fix up usage * Fix up API Gateway config * Update paths to be consistent w/ other gateway docs * Fix up http-route * Fix up inline-certificate * rename path * Fix up tcp-route * Add CodeTabs * Add headers to config pages * Fix configuration model for http route and inline certificate * Add version callout to API gateway overview page * Fix values for inline certificate * Fix values for api gateway configuration * Fix values for TCP Route config * Fix values for HTTP Route config * Adds link from k8s gateway to vm gateway page * Remove versioning warning * Serve overview page at ../api-gateway, consistent w/ mesh-gateway * Remove weight field from tcp-route docs * Linking to usage instead of overview from k8s api-gateway to vm api-gateway * Fix issues in usage page * Fix links in usage * Capitalize Kubernetes * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * remove optional callout * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Apply suggestions from code review * Update website/content/docs/connect/gateways/api-gateway/configuration/api-gateway.mdx * Fix formatting of Hostnames * Update website/content/docs/api-gateway/index.mdx * Update website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx Co-authored-by: Andrew Stucki <andrew.stucki@hashicorp.com> * Add cross-linking of config entries * Fix rendering error on new operator usage docs * Update website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Update website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Apply suggestions from code review * Apply suggestions from code review * Add BETA badges to config entry links * http route updates * Add Enterprise keys * Use map instead of list for meta field, use consistent formatting * Convert spaces to tabs * Add all Enterprise info to TCP Route * Use pascal case for JSON api-gateway example * Add enterprise to HCL api-gw cfg * Use pascal case for missed JSON config fields * Add enterprise to JSON api-gw cfg * Add enterprise to api-gw values * adds enterprise to http route * Update website/content/docs/connect/gateways/api-gateway/index.mdx Co-authored-by: danielehc <40759828+danielehc@users.noreply.github.com> * Add enterprise to api-gw spec * Add missing namespace, partition + meta to specification * fixes for http route * Fix ordering of API Gatetway cfg spec items * whitespace * Add linking of values to tcp * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Fix comma in wrong place * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Move Certificates down * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Tabs to spaces in httproute * Use configuration entry instead of config entry * Fix indentations on api-gateway and tcp-route * Add whitespace between code block and prose * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * adds <> to http route --------- Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> Co-authored-by: Melisa Griffin <melisa.griffin@hashicorp.com> Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com> Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> Co-authored-by: Tu Nguyen <im2nguyen@gmail.com> Co-authored-by: Melisa Griffin <missylbytes@users.noreply.github.com> Co-authored-by: Andrew Stucki <andrew.stucki@hashicorp.com> Co-authored-by: danielehc <40759828+danielehc@users.noreply.github.com> Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2023-02-23 21:01:47 +00:00
## Introduction
A gateway is a type of network infrastructure that determines how service traffic should be handled. Gateways contain one or more listeners that bind to a set of hosts and ports. An HTTP Route or TCP Route can then attach to a gateway listener to direct traffic from the gateway to a service.
## Configuration model
The following list outlines field hierarchy, language-specific data types, and requirements in an `api-gateway` configuration entry. Click on a property name to view additional details, including default values.
- [`Kind`](#kind): string | must be `"api-gateway"`
- [`Name`](#name): string | no default
- [`Namespace`](#namespace): string | no default <EnterpriseAlert inline />
- [`Partition`](#partition): string | no default <EnterpriseAlert inline />
- [`Meta`](#meta): map | no default
- [`Listeners`](#listeners): list of objects | no default
- [`Name`](#listeners-name): string | no default
- [`Port`](#listeners-port): number | no default
- [`Hostname`](#listeners-hostname): string | `"*"`
- [`Protocol`](#listeners-protocol): string | `"tcp"`
- [`TLS`](#listeners-tls): map | none
- [`MinVersion`](#listeners-tls-minversion): string | no default
- [`MaxVersion`](#listeners-tls-maxversion): string | no default
- [`CipherSuites`](#listeners-tls-ciphersuites): list of strings | Envoy default cipher suites
- [`Certificates`](#listeners-tls-certificates): list of objects | no default
[NET-8091] Add file-system-certificate config entry for API gateway (#20873) * Define file-system-certificate config entry * Collect file-system-certificate(s) referenced by api-gateway onto snapshot * Add file-system-certificate to config entry kind allow lists * Remove inapplicable validation This validation makes sense for inline certificates since Consul server is holding the certificate; however, for file system certificates, Consul server never actually sees the certificate. * Support file-system-certificate as source for listener TLS certificate * Add more required mappings for the new config entry type * Construct proper TLS context based on certificate kind * Add support or SDS in xdscommon * Remove unused param * Adds back verification of certs for inline-certificates * Undo tangential changes to TLS config consumption * Remove stray curly braces * Undo some more tangential changes * Improve function name for generating API gateway secrets * Add changelog entry * Update .changelog/20873.txt Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com> * Add some nil-checking, remove outdated TODO * Update test assertions to include file-system-certificate * Add documentation for file-system-certificate config entry Add new doc to nav * Fix grammar mistake * Rename watchmaps, remove outdated TODO --------- Co-authored-by: Melisa Griffin <melisa.griffin@hashicorp.com> Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2024-04-15 20:45:05 +00:00
- [`Kind`](#listeners-tls-certificates-kind): string | no default
Native API Gateway Docs (#16365) * Create empty files * Copy over content for overview * Copy over content for usage * Copy over content for api-gateway config * Copy over content for http-route config * Copy over content for tcp-route config * Copy over content for inline-certificate config * Add docs to the sidebar * Clean up overview. Start cleaning up usage * Add BETA badge to API Gateways portion of nav * Fix header * Fix up usage * Fix up API Gateway config * Update paths to be consistent w/ other gateway docs * Fix up http-route * Fix up inline-certificate * rename path * Fix up tcp-route * Add CodeTabs * Add headers to config pages * Fix configuration model for http route and inline certificate * Add version callout to API gateway overview page * Fix values for inline certificate * Fix values for api gateway configuration * Fix values for TCP Route config * Fix values for HTTP Route config * Adds link from k8s gateway to vm gateway page * Remove versioning warning * Serve overview page at ../api-gateway, consistent w/ mesh-gateway * Remove weight field from tcp-route docs * Linking to usage instead of overview from k8s api-gateway to vm api-gateway * Fix issues in usage page * Fix links in usage * Capitalize Kubernetes * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * remove optional callout * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Apply suggestions from code review * Update website/content/docs/connect/gateways/api-gateway/configuration/api-gateway.mdx * Fix formatting of Hostnames * Update website/content/docs/api-gateway/index.mdx * Update website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx Co-authored-by: Andrew Stucki <andrew.stucki@hashicorp.com> * Add cross-linking of config entries * Fix rendering error on new operator usage docs * Update website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Update website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Apply suggestions from code review * Apply suggestions from code review * Add BETA badges to config entry links * http route updates * Add Enterprise keys * Use map instead of list for meta field, use consistent formatting * Convert spaces to tabs * Add all Enterprise info to TCP Route * Use pascal case for JSON api-gateway example * Add enterprise to HCL api-gw cfg * Use pascal case for missed JSON config fields * Add enterprise to JSON api-gw cfg * Add enterprise to api-gw values * adds enterprise to http route * Update website/content/docs/connect/gateways/api-gateway/index.mdx Co-authored-by: danielehc <40759828+danielehc@users.noreply.github.com> * Add enterprise to api-gw spec * Add missing namespace, partition + meta to specification * fixes for http route * Fix ordering of API Gatetway cfg spec items * whitespace * Add linking of values to tcp * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Fix comma in wrong place * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Move Certificates down * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Tabs to spaces in httproute * Use configuration entry instead of config entry * Fix indentations on api-gateway and tcp-route * Add whitespace between code block and prose * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * adds <> to http route --------- Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> Co-authored-by: Melisa Griffin <melisa.griffin@hashicorp.com> Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com> Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> Co-authored-by: Tu Nguyen <im2nguyen@gmail.com> Co-authored-by: Melisa Griffin <missylbytes@users.noreply.github.com> Co-authored-by: Andrew Stucki <andrew.stucki@hashicorp.com> Co-authored-by: danielehc <40759828+danielehc@users.noreply.github.com> Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2023-02-23 21:01:47 +00:00
- [`Name`](#listeners-tls-certificates-name): string | no default
- [`Namespace`](#listeners-tls-certificates-namespace): string | no default <EnterpriseAlert inline />
- [`Partition`](#listeners-tls-certificates-partition): string | no default <EnterpriseAlert inline />
Docs/api-gw-jwts-openshift-1-17-x (#19035) * update main apigw overview * moved the tech specs to main gw folder * merged tech specs into single topic * restructure nav part 1 * fix typo in nav json file * moved k8s install up one level * restructure nav part 2 * moved and created all listeners and routes content * moved errors ref and upgrades * fix error in upgrade-k8s link * moved conf refs to appropriate spots * updated conf overview * fixed some links and bad formatting * fixed link * added JWT on VMs usage page * added JWT conf to APIGW conf entry * added JWTs to HTTP route conf entry * added new gatwaypolicy k8s conf reference * added metadesc for gatewaypolicy conf ref * added http route auth filter k8s conf ref * added http route auth filter k8s conf ref to nav * updates to k8s route conf ref to include extensionRef * added JWTs usage page for k8s * fixed link in gwpolicy conf ref * added openshift installation info to installation pages * fixed bad link on tech specs * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> * fixed VerityClaims param * best guess at verifyclaims params * tweaks to gateway policy dconf ref * Docs/ce 475 retries timeouts for apigw (#19086) * added timeout and retry conf ref for k8s * added retry and TO filters to HTTP routes conf ref for VMs * Apply suggestions from code review Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * fix copy/paste error in http route conf entry --------- Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * update links across site and add redirects * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Thomas Eckert <teckert@hashicorp.com> * Applied feedback from review * Apply suggestions from code review * Apply suggestions from code review Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> * Update CRD configuration for responseHeaderModifiers * Update Config Entry for http-route * Add ResponseFilter example to service * Update website/redirects.js errant curly brace breaking the preview * fix links and bad MD * fixed md formatting issues * fix formatting errors * fix formatting errors * Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx * Apply suggestions from code review * fixed typo * Fix headers in http-route * Apply suggestions from code review Co-authored-by: John Maguire <john.maguire@hashicorp.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> --------- Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> Co-authored-by: Thomas Eckert <teckert@hashicorp.com> Co-authored-by: John Maguire <john.maguire@hashicorp.com>
2023-10-10 20:29:55 +00:00
- [`default`](#listeners-default): map
[NET-8091] Add file-system-certificate config entry for API gateway (#20873) * Define file-system-certificate config entry * Collect file-system-certificate(s) referenced by api-gateway onto snapshot * Add file-system-certificate to config entry kind allow lists * Remove inapplicable validation This validation makes sense for inline certificates since Consul server is holding the certificate; however, for file system certificates, Consul server never actually sees the certificate. * Support file-system-certificate as source for listener TLS certificate * Add more required mappings for the new config entry type * Construct proper TLS context based on certificate kind * Add support or SDS in xdscommon * Remove unused param * Adds back verification of certs for inline-certificates * Undo tangential changes to TLS config consumption * Remove stray curly braces * Undo some more tangential changes * Improve function name for generating API gateway secrets * Add changelog entry * Update .changelog/20873.txt Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com> * Add some nil-checking, remove outdated TODO * Update test assertions to include file-system-certificate * Add documentation for file-system-certificate config entry Add new doc to nav * Fix grammar mistake * Rename watchmaps, remove outdated TODO --------- Co-authored-by: Melisa Griffin <melisa.griffin@hashicorp.com> Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2024-04-15 20:45:05 +00:00
- [`JWT`](#listeners-default-jwt): map
Docs/api-gw-jwts-openshift-1-17-x (#19035) * update main apigw overview * moved the tech specs to main gw folder * merged tech specs into single topic * restructure nav part 1 * fix typo in nav json file * moved k8s install up one level * restructure nav part 2 * moved and created all listeners and routes content * moved errors ref and upgrades * fix error in upgrade-k8s link * moved conf refs to appropriate spots * updated conf overview * fixed some links and bad formatting * fixed link * added JWT on VMs usage page * added JWT conf to APIGW conf entry * added JWTs to HTTP route conf entry * added new gatwaypolicy k8s conf reference * added metadesc for gatewaypolicy conf ref * added http route auth filter k8s conf ref * added http route auth filter k8s conf ref to nav * updates to k8s route conf ref to include extensionRef * added JWTs usage page for k8s * fixed link in gwpolicy conf ref * added openshift installation info to installation pages * fixed bad link on tech specs * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> * fixed VerityClaims param * best guess at verifyclaims params * tweaks to gateway policy dconf ref * Docs/ce 475 retries timeouts for apigw (#19086) * added timeout and retry conf ref for k8s * added retry and TO filters to HTTP routes conf ref for VMs * Apply suggestions from code review Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * fix copy/paste error in http route conf entry --------- Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * update links across site and add redirects * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Thomas Eckert <teckert@hashicorp.com> * Applied feedback from review * Apply suggestions from code review * Apply suggestions from code review Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> * Update CRD configuration for responseHeaderModifiers * Update Config Entry for http-route * Add ResponseFilter example to service * Update website/redirects.js errant curly brace breaking the preview * fix links and bad MD * fixed md formatting issues * fix formatting errors * fix formatting errors * Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx * Apply suggestions from code review * fixed typo * Fix headers in http-route * Apply suggestions from code review Co-authored-by: John Maguire <john.maguire@hashicorp.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> --------- Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> Co-authored-by: Thomas Eckert <teckert@hashicorp.com> Co-authored-by: John Maguire <john.maguire@hashicorp.com>
2023-10-10 20:29:55 +00:00
- [`Providers`](#listeners-default-jwt-providers): list
- [`Name`](#listeners-default-jwt-providers): string
- [`VerifyClaims`](#listeners-default-jwt-providers): map
- [`Path`](#listeners-default-jwt-providers): list
- [`Value`](#listeners-default-jwt-providers): string
- [`override`](#listeners-override): map
[NET-8091] Add file-system-certificate config entry for API gateway (#20873) * Define file-system-certificate config entry * Collect file-system-certificate(s) referenced by api-gateway onto snapshot * Add file-system-certificate to config entry kind allow lists * Remove inapplicable validation This validation makes sense for inline certificates since Consul server is holding the certificate; however, for file system certificates, Consul server never actually sees the certificate. * Support file-system-certificate as source for listener TLS certificate * Add more required mappings for the new config entry type * Construct proper TLS context based on certificate kind * Add support or SDS in xdscommon * Remove unused param * Adds back verification of certs for inline-certificates * Undo tangential changes to TLS config consumption * Remove stray curly braces * Undo some more tangential changes * Improve function name for generating API gateway secrets * Add changelog entry * Update .changelog/20873.txt Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com> * Add some nil-checking, remove outdated TODO * Update test assertions to include file-system-certificate * Add documentation for file-system-certificate config entry Add new doc to nav * Fix grammar mistake * Rename watchmaps, remove outdated TODO --------- Co-authored-by: Melisa Griffin <melisa.griffin@hashicorp.com> Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2024-04-15 20:45:05 +00:00
- [`JWT`](#listeners-override-jwt): map
Docs/api-gw-jwts-openshift-1-17-x (#19035) * update main apigw overview * moved the tech specs to main gw folder * merged tech specs into single topic * restructure nav part 1 * fix typo in nav json file * moved k8s install up one level * restructure nav part 2 * moved and created all listeners and routes content * moved errors ref and upgrades * fix error in upgrade-k8s link * moved conf refs to appropriate spots * updated conf overview * fixed some links and bad formatting * fixed link * added JWT on VMs usage page * added JWT conf to APIGW conf entry * added JWTs to HTTP route conf entry * added new gatwaypolicy k8s conf reference * added metadesc for gatewaypolicy conf ref * added http route auth filter k8s conf ref * added http route auth filter k8s conf ref to nav * updates to k8s route conf ref to include extensionRef * added JWTs usage page for k8s * fixed link in gwpolicy conf ref * added openshift installation info to installation pages * fixed bad link on tech specs * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> * fixed VerityClaims param * best guess at verifyclaims params * tweaks to gateway policy dconf ref * Docs/ce 475 retries timeouts for apigw (#19086) * added timeout and retry conf ref for k8s * added retry and TO filters to HTTP routes conf ref for VMs * Apply suggestions from code review Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * fix copy/paste error in http route conf entry --------- Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * update links across site and add redirects * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Thomas Eckert <teckert@hashicorp.com> * Applied feedback from review * Apply suggestions from code review * Apply suggestions from code review Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> * Update CRD configuration for responseHeaderModifiers * Update Config Entry for http-route * Add ResponseFilter example to service * Update website/redirects.js errant curly brace breaking the preview * fix links and bad MD * fixed md formatting issues * fix formatting errors * fix formatting errors * Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx * Apply suggestions from code review * fixed typo * Fix headers in http-route * Apply suggestions from code review Co-authored-by: John Maguire <john.maguire@hashicorp.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> --------- Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> Co-authored-by: Thomas Eckert <teckert@hashicorp.com> Co-authored-by: John Maguire <john.maguire@hashicorp.com>
2023-10-10 20:29:55 +00:00
- [`Providers`](#listeners-override-jwt-providers): list
- [`Name`](#listeners-override-jwt-providers): string
- [`VerifyClaims`](#listeners-override-jwt-providers): map
- [`Path`](#listeners-override-jwt-providers): list
- [`Value`](#listeners-override-jwt-providers): string
Native API Gateway Docs (#16365) * Create empty files * Copy over content for overview * Copy over content for usage * Copy over content for api-gateway config * Copy over content for http-route config * Copy over content for tcp-route config * Copy over content for inline-certificate config * Add docs to the sidebar * Clean up overview. Start cleaning up usage * Add BETA badge to API Gateways portion of nav * Fix header * Fix up usage * Fix up API Gateway config * Update paths to be consistent w/ other gateway docs * Fix up http-route * Fix up inline-certificate * rename path * Fix up tcp-route * Add CodeTabs * Add headers to config pages * Fix configuration model for http route and inline certificate * Add version callout to API gateway overview page * Fix values for inline certificate * Fix values for api gateway configuration * Fix values for TCP Route config * Fix values for HTTP Route config * Adds link from k8s gateway to vm gateway page * Remove versioning warning * Serve overview page at ../api-gateway, consistent w/ mesh-gateway * Remove weight field from tcp-route docs * Linking to usage instead of overview from k8s api-gateway to vm api-gateway * Fix issues in usage page * Fix links in usage * Capitalize Kubernetes * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * remove optional callout * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Apply suggestions from code review * Update website/content/docs/connect/gateways/api-gateway/configuration/api-gateway.mdx * Fix formatting of Hostnames * Update website/content/docs/api-gateway/index.mdx * Update website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx Co-authored-by: Andrew Stucki <andrew.stucki@hashicorp.com> * Add cross-linking of config entries * Fix rendering error on new operator usage docs * Update website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Update website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Apply suggestions from code review * Apply suggestions from code review * Add BETA badges to config entry links * http route updates * Add Enterprise keys * Use map instead of list for meta field, use consistent formatting * Convert spaces to tabs * Add all Enterprise info to TCP Route * Use pascal case for JSON api-gateway example * Add enterprise to HCL api-gw cfg * Use pascal case for missed JSON config fields * Add enterprise to JSON api-gw cfg * Add enterprise to api-gw values * adds enterprise to http route * Update website/content/docs/connect/gateways/api-gateway/index.mdx Co-authored-by: danielehc <40759828+danielehc@users.noreply.github.com> * Add enterprise to api-gw spec * Add missing namespace, partition + meta to specification * fixes for http route * Fix ordering of API Gatetway cfg spec items * whitespace * Add linking of values to tcp * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Fix comma in wrong place * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Move Certificates down * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Tabs to spaces in httproute * Use configuration entry instead of config entry * Fix indentations on api-gateway and tcp-route * Add whitespace between code block and prose * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * adds <> to http route --------- Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> Co-authored-by: Melisa Griffin <melisa.griffin@hashicorp.com> Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com> Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> Co-authored-by: Tu Nguyen <im2nguyen@gmail.com> Co-authored-by: Melisa Griffin <missylbytes@users.noreply.github.com> Co-authored-by: Andrew Stucki <andrew.stucki@hashicorp.com> Co-authored-by: danielehc <40759828+danielehc@users.noreply.github.com> Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2023-02-23 21:01:47 +00:00
## Complete configuration
When every field is defined, an `api-gateway` configuration entry has the following form:
<CodeTabs>
```hcl
Kind = "api-gateway"
Name = "<name of api gateway>"
Namespace = "<enterprise: namespace of the gateway>"
Partition = "<enterprise: partition of the gateway>"
Meta = {
<any key> = "<any value>"
}
Listeners = [
{
Port = <external service port>
Name = "<unique name for this listener>"
Protocol = "<protocol used by external service>"
TLS = {
MaxVersion = "<version of TLS>"
MinVersion = "<version of TLS>"
CipherSuites = [
"<cipher suite>"
]
Certificates = [
{
[NET-8091] Add file-system-certificate config entry for API gateway (#20873) * Define file-system-certificate config entry * Collect file-system-certificate(s) referenced by api-gateway onto snapshot * Add file-system-certificate to config entry kind allow lists * Remove inapplicable validation This validation makes sense for inline certificates since Consul server is holding the certificate; however, for file system certificates, Consul server never actually sees the certificate. * Support file-system-certificate as source for listener TLS certificate * Add more required mappings for the new config entry type * Construct proper TLS context based on certificate kind * Add support or SDS in xdscommon * Remove unused param * Adds back verification of certs for inline-certificates * Undo tangential changes to TLS config consumption * Remove stray curly braces * Undo some more tangential changes * Improve function name for generating API gateway secrets * Add changelog entry * Update .changelog/20873.txt Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com> * Add some nil-checking, remove outdated TODO * Update test assertions to include file-system-certificate * Add documentation for file-system-certificate config entry Add new doc to nav * Fix grammar mistake * Rename watchmaps, remove outdated TODO --------- Co-authored-by: Melisa Griffin <melisa.griffin@hashicorp.com> Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2024-04-15 20:45:05 +00:00
Kind = "file-system-certificate"
Name = "<name of file-system-certificate>"
Native API Gateway Docs (#16365) * Create empty files * Copy over content for overview * Copy over content for usage * Copy over content for api-gateway config * Copy over content for http-route config * Copy over content for tcp-route config * Copy over content for inline-certificate config * Add docs to the sidebar * Clean up overview. Start cleaning up usage * Add BETA badge to API Gateways portion of nav * Fix header * Fix up usage * Fix up API Gateway config * Update paths to be consistent w/ other gateway docs * Fix up http-route * Fix up inline-certificate * rename path * Fix up tcp-route * Add CodeTabs * Add headers to config pages * Fix configuration model for http route and inline certificate * Add version callout to API gateway overview page * Fix values for inline certificate * Fix values for api gateway configuration * Fix values for TCP Route config * Fix values for HTTP Route config * Adds link from k8s gateway to vm gateway page * Remove versioning warning * Serve overview page at ../api-gateway, consistent w/ mesh-gateway * Remove weight field from tcp-route docs * Linking to usage instead of overview from k8s api-gateway to vm api-gateway * Fix issues in usage page * Fix links in usage * Capitalize Kubernetes * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * remove optional callout * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Apply suggestions from code review * Update website/content/docs/connect/gateways/api-gateway/configuration/api-gateway.mdx * Fix formatting of Hostnames * Update website/content/docs/api-gateway/index.mdx * Update website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx Co-authored-by: Andrew Stucki <andrew.stucki@hashicorp.com> * Add cross-linking of config entries * Fix rendering error on new operator usage docs * Update website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Update website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Apply suggestions from code review * Apply suggestions from code review * Add BETA badges to config entry links * http route updates * Add Enterprise keys * Use map instead of list for meta field, use consistent formatting * Convert spaces to tabs * Add all Enterprise info to TCP Route * Use pascal case for JSON api-gateway example * Add enterprise to HCL api-gw cfg * Use pascal case for missed JSON config fields * Add enterprise to JSON api-gw cfg * Add enterprise to api-gw values * adds enterprise to http route * Update website/content/docs/connect/gateways/api-gateway/index.mdx Co-authored-by: danielehc <40759828+danielehc@users.noreply.github.com> * Add enterprise to api-gw spec * Add missing namespace, partition + meta to specification * fixes for http route * Fix ordering of API Gatetway cfg spec items * whitespace * Add linking of values to tcp * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Fix comma in wrong place * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Move Certificates down * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Tabs to spaces in httproute * Use configuration entry instead of config entry * Fix indentations on api-gateway and tcp-route * Add whitespace between code block and prose * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * adds <> to http route --------- Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> Co-authored-by: Melisa Griffin <melisa.griffin@hashicorp.com> Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com> Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> Co-authored-by: Tu Nguyen <im2nguyen@gmail.com> Co-authored-by: Melisa Griffin <missylbytes@users.noreply.github.com> Co-authored-by: Andrew Stucki <andrew.stucki@hashicorp.com> Co-authored-by: danielehc <40759828+danielehc@users.noreply.github.com> Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2023-02-23 21:01:47 +00:00
Namespace = "<enterprise: namespace of the certificate>"
Partition = "<enterprise: partition of the certificate>"
}
]
}
Docs/api-gw-jwts-openshift-1-17-x (#19035) * update main apigw overview * moved the tech specs to main gw folder * merged tech specs into single topic * restructure nav part 1 * fix typo in nav json file * moved k8s install up one level * restructure nav part 2 * moved and created all listeners and routes content * moved errors ref and upgrades * fix error in upgrade-k8s link * moved conf refs to appropriate spots * updated conf overview * fixed some links and bad formatting * fixed link * added JWT on VMs usage page * added JWT conf to APIGW conf entry * added JWTs to HTTP route conf entry * added new gatwaypolicy k8s conf reference * added metadesc for gatewaypolicy conf ref * added http route auth filter k8s conf ref * added http route auth filter k8s conf ref to nav * updates to k8s route conf ref to include extensionRef * added JWTs usage page for k8s * fixed link in gwpolicy conf ref * added openshift installation info to installation pages * fixed bad link on tech specs * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> * fixed VerityClaims param * best guess at verifyclaims params * tweaks to gateway policy dconf ref * Docs/ce 475 retries timeouts for apigw (#19086) * added timeout and retry conf ref for k8s * added retry and TO filters to HTTP routes conf ref for VMs * Apply suggestions from code review Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * fix copy/paste error in http route conf entry --------- Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * update links across site and add redirects * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Thomas Eckert <teckert@hashicorp.com> * Applied feedback from review * Apply suggestions from code review * Apply suggestions from code review Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> * Update CRD configuration for responseHeaderModifiers * Update Config Entry for http-route * Add ResponseFilter example to service * Update website/redirects.js errant curly brace breaking the preview * fix links and bad MD * fixed md formatting issues * fix formatting errors * fix formatting errors * Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx * Apply suggestions from code review * fixed typo * Fix headers in http-route * Apply suggestions from code review Co-authored-by: John Maguire <john.maguire@hashicorp.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> --------- Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> Co-authored-by: Thomas Eckert <teckert@hashicorp.com> Co-authored-by: John Maguire <john.maguire@hashicorp.com>
2023-10-10 20:29:55 +00:00
default = {
JWT = {
Providers = [
Name = "<provider>"
VerifyClaims = {
Path = ["<path to claim>"]
Value = "<value of claim>"
}
]
[NET-8091] Add file-system-certificate config entry for API gateway (#20873) * Define file-system-certificate config entry * Collect file-system-certificate(s) referenced by api-gateway onto snapshot * Add file-system-certificate to config entry kind allow lists * Remove inapplicable validation This validation makes sense for inline certificates since Consul server is holding the certificate; however, for file system certificates, Consul server never actually sees the certificate. * Support file-system-certificate as source for listener TLS certificate * Add more required mappings for the new config entry type * Construct proper TLS context based on certificate kind * Add support or SDS in xdscommon * Remove unused param * Adds back verification of certs for inline-certificates * Undo tangential changes to TLS config consumption * Remove stray curly braces * Undo some more tangential changes * Improve function name for generating API gateway secrets * Add changelog entry * Update .changelog/20873.txt Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com> * Add some nil-checking, remove outdated TODO * Update test assertions to include file-system-certificate * Add documentation for file-system-certificate config entry Add new doc to nav * Fix grammar mistake * Rename watchmaps, remove outdated TODO --------- Co-authored-by: Melisa Griffin <melisa.griffin@hashicorp.com> Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2024-04-15 20:45:05 +00:00
}
Docs/api-gw-jwts-openshift-1-17-x (#19035) * update main apigw overview * moved the tech specs to main gw folder * merged tech specs into single topic * restructure nav part 1 * fix typo in nav json file * moved k8s install up one level * restructure nav part 2 * moved and created all listeners and routes content * moved errors ref and upgrades * fix error in upgrade-k8s link * moved conf refs to appropriate spots * updated conf overview * fixed some links and bad formatting * fixed link * added JWT on VMs usage page * added JWT conf to APIGW conf entry * added JWTs to HTTP route conf entry * added new gatwaypolicy k8s conf reference * added metadesc for gatewaypolicy conf ref * added http route auth filter k8s conf ref * added http route auth filter k8s conf ref to nav * updates to k8s route conf ref to include extensionRef * added JWTs usage page for k8s * fixed link in gwpolicy conf ref * added openshift installation info to installation pages * fixed bad link on tech specs * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> * fixed VerityClaims param * best guess at verifyclaims params * tweaks to gateway policy dconf ref * Docs/ce 475 retries timeouts for apigw (#19086) * added timeout and retry conf ref for k8s * added retry and TO filters to HTTP routes conf ref for VMs * Apply suggestions from code review Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * fix copy/paste error in http route conf entry --------- Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * update links across site and add redirects * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Thomas Eckert <teckert@hashicorp.com> * Applied feedback from review * Apply suggestions from code review * Apply suggestions from code review Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> * Update CRD configuration for responseHeaderModifiers * Update Config Entry for http-route * Add ResponseFilter example to service * Update website/redirects.js errant curly brace breaking the preview * fix links and bad MD * fixed md formatting issues * fix formatting errors * fix formatting errors * Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx * Apply suggestions from code review * fixed typo * Fix headers in http-route * Apply suggestions from code review Co-authored-by: John Maguire <john.maguire@hashicorp.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> --------- Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> Co-authored-by: Thomas Eckert <teckert@hashicorp.com> Co-authored-by: John Maguire <john.maguire@hashicorp.com>
2023-10-10 20:29:55 +00:00
}
override = {
JWT = {
Providers = [
Name = "<provider>"
VerifyClaims = {
Path = ["<path to claim>"]
Value = "<value of claim>"
}
]
[NET-8091] Add file-system-certificate config entry for API gateway (#20873) * Define file-system-certificate config entry * Collect file-system-certificate(s) referenced by api-gateway onto snapshot * Add file-system-certificate to config entry kind allow lists * Remove inapplicable validation This validation makes sense for inline certificates since Consul server is holding the certificate; however, for file system certificates, Consul server never actually sees the certificate. * Support file-system-certificate as source for listener TLS certificate * Add more required mappings for the new config entry type * Construct proper TLS context based on certificate kind * Add support or SDS in xdscommon * Remove unused param * Adds back verification of certs for inline-certificates * Undo tangential changes to TLS config consumption * Remove stray curly braces * Undo some more tangential changes * Improve function name for generating API gateway secrets * Add changelog entry * Update .changelog/20873.txt Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com> * Add some nil-checking, remove outdated TODO * Update test assertions to include file-system-certificate * Add documentation for file-system-certificate config entry Add new doc to nav * Fix grammar mistake * Rename watchmaps, remove outdated TODO --------- Co-authored-by: Melisa Griffin <melisa.griffin@hashicorp.com> Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2024-04-15 20:45:05 +00:00
}
Docs/api-gw-jwts-openshift-1-17-x (#19035) * update main apigw overview * moved the tech specs to main gw folder * merged tech specs into single topic * restructure nav part 1 * fix typo in nav json file * moved k8s install up one level * restructure nav part 2 * moved and created all listeners and routes content * moved errors ref and upgrades * fix error in upgrade-k8s link * moved conf refs to appropriate spots * updated conf overview * fixed some links and bad formatting * fixed link * added JWT on VMs usage page * added JWT conf to APIGW conf entry * added JWTs to HTTP route conf entry * added new gatwaypolicy k8s conf reference * added metadesc for gatewaypolicy conf ref * added http route auth filter k8s conf ref * added http route auth filter k8s conf ref to nav * updates to k8s route conf ref to include extensionRef * added JWTs usage page for k8s * fixed link in gwpolicy conf ref * added openshift installation info to installation pages * fixed bad link on tech specs * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> * fixed VerityClaims param * best guess at verifyclaims params * tweaks to gateway policy dconf ref * Docs/ce 475 retries timeouts for apigw (#19086) * added timeout and retry conf ref for k8s * added retry and TO filters to HTTP routes conf ref for VMs * Apply suggestions from code review Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * fix copy/paste error in http route conf entry --------- Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * update links across site and add redirects * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Thomas Eckert <teckert@hashicorp.com> * Applied feedback from review * Apply suggestions from code review * Apply suggestions from code review Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> * Update CRD configuration for responseHeaderModifiers * Update Config Entry for http-route * Add ResponseFilter example to service * Update website/redirects.js errant curly brace breaking the preview * fix links and bad MD * fixed md formatting issues * fix formatting errors * fix formatting errors * Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx * Apply suggestions from code review * fixed typo * Fix headers in http-route * Apply suggestions from code review Co-authored-by: John Maguire <john.maguire@hashicorp.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> --------- Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> Co-authored-by: Thomas Eckert <teckert@hashicorp.com> Co-authored-by: John Maguire <john.maguire@hashicorp.com>
2023-10-10 20:29:55 +00:00
}
Native API Gateway Docs (#16365) * Create empty files * Copy over content for overview * Copy over content for usage * Copy over content for api-gateway config * Copy over content for http-route config * Copy over content for tcp-route config * Copy over content for inline-certificate config * Add docs to the sidebar * Clean up overview. Start cleaning up usage * Add BETA badge to API Gateways portion of nav * Fix header * Fix up usage * Fix up API Gateway config * Update paths to be consistent w/ other gateway docs * Fix up http-route * Fix up inline-certificate * rename path * Fix up tcp-route * Add CodeTabs * Add headers to config pages * Fix configuration model for http route and inline certificate * Add version callout to API gateway overview page * Fix values for inline certificate * Fix values for api gateway configuration * Fix values for TCP Route config * Fix values for HTTP Route config * Adds link from k8s gateway to vm gateway page * Remove versioning warning * Serve overview page at ../api-gateway, consistent w/ mesh-gateway * Remove weight field from tcp-route docs * Linking to usage instead of overview from k8s api-gateway to vm api-gateway * Fix issues in usage page * Fix links in usage * Capitalize Kubernetes * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * remove optional callout * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Apply suggestions from code review * Update website/content/docs/connect/gateways/api-gateway/configuration/api-gateway.mdx * Fix formatting of Hostnames * Update website/content/docs/api-gateway/index.mdx * Update website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx Co-authored-by: Andrew Stucki <andrew.stucki@hashicorp.com> * Add cross-linking of config entries * Fix rendering error on new operator usage docs * Update website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Update website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Apply suggestions from code review * Apply suggestions from code review * Add BETA badges to config entry links * http route updates * Add Enterprise keys * Use map instead of list for meta field, use consistent formatting * Convert spaces to tabs * Add all Enterprise info to TCP Route * Use pascal case for JSON api-gateway example * Add enterprise to HCL api-gw cfg * Use pascal case for missed JSON config fields * Add enterprise to JSON api-gw cfg * Add enterprise to api-gw values * adds enterprise to http route * Update website/content/docs/connect/gateways/api-gateway/index.mdx Co-authored-by: danielehc <40759828+danielehc@users.noreply.github.com> * Add enterprise to api-gw spec * Add missing namespace, partition + meta to specification * fixes for http route * Fix ordering of API Gatetway cfg spec items * whitespace * Add linking of values to tcp * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Fix comma in wrong place * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Move Certificates down * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Tabs to spaces in httproute * Use configuration entry instead of config entry * Fix indentations on api-gateway and tcp-route * Add whitespace between code block and prose * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * adds <> to http route --------- Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> Co-authored-by: Melisa Griffin <melisa.griffin@hashicorp.com> Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com> Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> Co-authored-by: Tu Nguyen <im2nguyen@gmail.com> Co-authored-by: Melisa Griffin <missylbytes@users.noreply.github.com> Co-authored-by: Andrew Stucki <andrew.stucki@hashicorp.com> Co-authored-by: danielehc <40759828+danielehc@users.noreply.github.com> Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2023-02-23 21:01:47 +00:00
}
]
```
```json
{
"Kind": "api-gateway",
"Name": "<name of api gateway>",
"Namespace": "<enterprise: namespace of the gateway>",
"Partition": "<enterprise: partition of the gateway>",
"Meta": {
"<any key>": "<any value>"
},
"Listeners": [
{
"Name": "<unique name for this listener>",
"Port": <external service port>,
"Protocol": "<protocol used by external service>",
"TLS": {
"MaxVersion": "<version of TLS>",
"MinVersion": "<version of TLS>",
"CipherSuites": [
"<cipher suite>"
],
"Certificates": [
{
[NET-8091] Add file-system-certificate config entry for API gateway (#20873) * Define file-system-certificate config entry * Collect file-system-certificate(s) referenced by api-gateway onto snapshot * Add file-system-certificate to config entry kind allow lists * Remove inapplicable validation This validation makes sense for inline certificates since Consul server is holding the certificate; however, for file system certificates, Consul server never actually sees the certificate. * Support file-system-certificate as source for listener TLS certificate * Add more required mappings for the new config entry type * Construct proper TLS context based on certificate kind * Add support or SDS in xdscommon * Remove unused param * Adds back verification of certs for inline-certificates * Undo tangential changes to TLS config consumption * Remove stray curly braces * Undo some more tangential changes * Improve function name for generating API gateway secrets * Add changelog entry * Update .changelog/20873.txt Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com> * Add some nil-checking, remove outdated TODO * Update test assertions to include file-system-certificate * Add documentation for file-system-certificate config entry Add new doc to nav * Fix grammar mistake * Rename watchmaps, remove outdated TODO --------- Co-authored-by: Melisa Griffin <melisa.griffin@hashicorp.com> Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2024-04-15 20:45:05 +00:00
"Kind": "file-system-certificate",
"Name": "<name of file-system-certificate>",
Native API Gateway Docs (#16365) * Create empty files * Copy over content for overview * Copy over content for usage * Copy over content for api-gateway config * Copy over content for http-route config * Copy over content for tcp-route config * Copy over content for inline-certificate config * Add docs to the sidebar * Clean up overview. Start cleaning up usage * Add BETA badge to API Gateways portion of nav * Fix header * Fix up usage * Fix up API Gateway config * Update paths to be consistent w/ other gateway docs * Fix up http-route * Fix up inline-certificate * rename path * Fix up tcp-route * Add CodeTabs * Add headers to config pages * Fix configuration model for http route and inline certificate * Add version callout to API gateway overview page * Fix values for inline certificate * Fix values for api gateway configuration * Fix values for TCP Route config * Fix values for HTTP Route config * Adds link from k8s gateway to vm gateway page * Remove versioning warning * Serve overview page at ../api-gateway, consistent w/ mesh-gateway * Remove weight field from tcp-route docs * Linking to usage instead of overview from k8s api-gateway to vm api-gateway * Fix issues in usage page * Fix links in usage * Capitalize Kubernetes * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * remove optional callout * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Apply suggestions from code review * Update website/content/docs/connect/gateways/api-gateway/configuration/api-gateway.mdx * Fix formatting of Hostnames * Update website/content/docs/api-gateway/index.mdx * Update website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx Co-authored-by: Andrew Stucki <andrew.stucki@hashicorp.com> * Add cross-linking of config entries * Fix rendering error on new operator usage docs * Update website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Update website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Apply suggestions from code review * Apply suggestions from code review * Add BETA badges to config entry links * http route updates * Add Enterprise keys * Use map instead of list for meta field, use consistent formatting * Convert spaces to tabs * Add all Enterprise info to TCP Route * Use pascal case for JSON api-gateway example * Add enterprise to HCL api-gw cfg * Use pascal case for missed JSON config fields * Add enterprise to JSON api-gw cfg * Add enterprise to api-gw values * adds enterprise to http route * Update website/content/docs/connect/gateways/api-gateway/index.mdx Co-authored-by: danielehc <40759828+danielehc@users.noreply.github.com> * Add enterprise to api-gw spec * Add missing namespace, partition + meta to specification * fixes for http route * Fix ordering of API Gatetway cfg spec items * whitespace * Add linking of values to tcp * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Fix comma in wrong place * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Move Certificates down * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Tabs to spaces in httproute * Use configuration entry instead of config entry * Fix indentations on api-gateway and tcp-route * Add whitespace between code block and prose * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * adds <> to http route --------- Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> Co-authored-by: Melisa Griffin <melisa.griffin@hashicorp.com> Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com> Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> Co-authored-by: Tu Nguyen <im2nguyen@gmail.com> Co-authored-by: Melisa Griffin <missylbytes@users.noreply.github.com> Co-authored-by: Andrew Stucki <andrew.stucki@hashicorp.com> Co-authored-by: danielehc <40759828+danielehc@users.noreply.github.com> Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2023-02-23 21:01:47 +00:00
"Namespace": "<enterprise: namespace of the certificate>",
"Partition": "<enterprise: partition of the certificate>"
}
]
}
Docs/api-gw-jwts-openshift-1-17-x (#19035) * update main apigw overview * moved the tech specs to main gw folder * merged tech specs into single topic * restructure nav part 1 * fix typo in nav json file * moved k8s install up one level * restructure nav part 2 * moved and created all listeners and routes content * moved errors ref and upgrades * fix error in upgrade-k8s link * moved conf refs to appropriate spots * updated conf overview * fixed some links and bad formatting * fixed link * added JWT on VMs usage page * added JWT conf to APIGW conf entry * added JWTs to HTTP route conf entry * added new gatwaypolicy k8s conf reference * added metadesc for gatewaypolicy conf ref * added http route auth filter k8s conf ref * added http route auth filter k8s conf ref to nav * updates to k8s route conf ref to include extensionRef * added JWTs usage page for k8s * fixed link in gwpolicy conf ref * added openshift installation info to installation pages * fixed bad link on tech specs * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> * fixed VerityClaims param * best guess at verifyclaims params * tweaks to gateway policy dconf ref * Docs/ce 475 retries timeouts for apigw (#19086) * added timeout and retry conf ref for k8s * added retry and TO filters to HTTP routes conf ref for VMs * Apply suggestions from code review Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * fix copy/paste error in http route conf entry --------- Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * update links across site and add redirects * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Thomas Eckert <teckert@hashicorp.com> * Applied feedback from review * Apply suggestions from code review * Apply suggestions from code review Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> * Update CRD configuration for responseHeaderModifiers * Update Config Entry for http-route * Add ResponseFilter example to service * Update website/redirects.js errant curly brace breaking the preview * fix links and bad MD * fixed md formatting issues * fix formatting errors * fix formatting errors * Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx * Apply suggestions from code review * fixed typo * Fix headers in http-route * Apply suggestions from code review Co-authored-by: John Maguire <john.maguire@hashicorp.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> --------- Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> Co-authored-by: Thomas Eckert <teckert@hashicorp.com> Co-authored-by: John Maguire <john.maguire@hashicorp.com>
2023-10-10 20:29:55 +00:00
},
{
"default": {
"JWT": {
"Providers": [
{
"Name": "<name of provider>",
"VerifyClaims": {
"Path": ["<path to claim>"],
"Value": "<value of the claim>"
}
}
]
}
}
},
{
"override": {
"JWT": {
"Providers": [
{
"Name": "<name of provider>",
"VerifyClaims": {
"Path": ["<path to claim>"],
"Value": "<value of the claim>"
}
}
]
}
}
Native API Gateway Docs (#16365) * Create empty files * Copy over content for overview * Copy over content for usage * Copy over content for api-gateway config * Copy over content for http-route config * Copy over content for tcp-route config * Copy over content for inline-certificate config * Add docs to the sidebar * Clean up overview. Start cleaning up usage * Add BETA badge to API Gateways portion of nav * Fix header * Fix up usage * Fix up API Gateway config * Update paths to be consistent w/ other gateway docs * Fix up http-route * Fix up inline-certificate * rename path * Fix up tcp-route * Add CodeTabs * Add headers to config pages * Fix configuration model for http route and inline certificate * Add version callout to API gateway overview page * Fix values for inline certificate * Fix values for api gateway configuration * Fix values for TCP Route config * Fix values for HTTP Route config * Adds link from k8s gateway to vm gateway page * Remove versioning warning * Serve overview page at ../api-gateway, consistent w/ mesh-gateway * Remove weight field from tcp-route docs * Linking to usage instead of overview from k8s api-gateway to vm api-gateway * Fix issues in usage page * Fix links in usage * Capitalize Kubernetes * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * remove optional callout * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Apply suggestions from code review * Update website/content/docs/connect/gateways/api-gateway/configuration/api-gateway.mdx * Fix formatting of Hostnames * Update website/content/docs/api-gateway/index.mdx * Update website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx Co-authored-by: Andrew Stucki <andrew.stucki@hashicorp.com> * Add cross-linking of config entries * Fix rendering error on new operator usage docs * Update website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Update website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Apply suggestions from code review * Apply suggestions from code review * Add BETA badges to config entry links * http route updates * Add Enterprise keys * Use map instead of list for meta field, use consistent formatting * Convert spaces to tabs * Add all Enterprise info to TCP Route * Use pascal case for JSON api-gateway example * Add enterprise to HCL api-gw cfg * Use pascal case for missed JSON config fields * Add enterprise to JSON api-gw cfg * Add enterprise to api-gw values * adds enterprise to http route * Update website/content/docs/connect/gateways/api-gateway/index.mdx Co-authored-by: danielehc <40759828+danielehc@users.noreply.github.com> * Add enterprise to api-gw spec * Add missing namespace, partition + meta to specification * fixes for http route * Fix ordering of API Gatetway cfg spec items * whitespace * Add linking of values to tcp * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Fix comma in wrong place * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Move Certificates down * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Tabs to spaces in httproute * Use configuration entry instead of config entry * Fix indentations on api-gateway and tcp-route * Add whitespace between code block and prose * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * adds <> to http route --------- Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> Co-authored-by: Melisa Griffin <melisa.griffin@hashicorp.com> Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com> Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> Co-authored-by: Tu Nguyen <im2nguyen@gmail.com> Co-authored-by: Melisa Griffin <missylbytes@users.noreply.github.com> Co-authored-by: Andrew Stucki <andrew.stucki@hashicorp.com> Co-authored-by: danielehc <40759828+danielehc@users.noreply.github.com> Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2023-02-23 21:01:47 +00:00
}
]
}
```
</CodeTabs>
## Specification
This section provides details about the fields you can configure in the
`api-gateway` configuration entry.
### `Kind`
Specifies the type of configuration entry to implement. This must be
`api-gateway`.
#### Values
- Default: none
- This field is required.
- Data type: string value that must be set to `"api-gateway"`.
### `Name`
Specifies a name for the configuration entry. The name is metadata that you can
use to reference the configuration entry when performing Consul operations,
such as applying a configuration entry to a specific cluster.
#### Values
- Default: none
- This field is required.
- Data type: string
### `Namespace` <EnterpriseAlert inline />
Specifies the Enterprise [namespace](/consul/docs/enterprise/namespaces) to apply to the configuration entry.
#### Values
- Default: `"default"` in Enterprise
- Data type: string
### `Partition` <EnterpriseAlert inline />
Specifies the Enterprise [admin partition](/consul/docs/enterprise/admin-partitions) to apply to the configuration entry.
#### Values
- Default: `"default"` in Enterprise
- Data type: string
### `Meta`
Specifies an arbitrary set of key-value pairs to associate with the gateway.
#### Values
- Default: none
- Data type: map containing one or more keys and string values.
### `Listeners[]`
Specifies a list of listeners that gateway should set up. Listeners are
uniquely identified by their port number.
#### Values
- Default: none
- This field is required.
- Data type: List of maps. Each member of the list contains the following fields:
- [`Name`](#listeners-name)
- [`Port`](#listeners-port)
- [`Hostname`](#listeners-hostname)
- [`Protocol`](#listeners-protocol)
- [`TLS`](#listeners-tls)
### `Listeners[].Name`
Specifies the unique name for the listener. This field accepts letters, numbers, and hyphens.
#### Values
- Default: none
- This field is required.
- Data type: string
### `Listeners[].Port`
Specifies the port number that the listener receives traffic on.
#### Values
- Default: `0`
- This field is required.
- Data type: integer
### `Listeners[].Hostname`
Specifies the hostname that the listener receives traffic on.
#### Values
- Default: `"*"`
- This field is optional.
- Data type: string
### `Listeners[].Protocol`
Specifies the protocol associated with the listener.
#### Values
- Default: none
- This field is required.
- The data type is one of the following string values: `"tcp"` or `"http"`.
### `Listeners[].TLS`
Specifies the TLS configurations for the listener.
#### Values
- Default: none
- Map that contains the following fields:
- [`MaxVersion`](#listeners-tls-maxversion)
- [`MinVersion`](#listeners-tls-minversion)
- [`CipherSuites`](#listeners-tls-ciphersuites)
- [`Certificates`](#listeners-tls-certificates)
### `Listeners[].TLS.MaxVersion`
Specifies the maximum TLS version supported for the listener.
#### Values
- Default depends on the version of Envoy:
- Envoy 1.22.0 and later default to `TLSv1_2`
- Older versions of Envoy default to `TLSv1_0`
- Data type is one of the following string values:
- `TLS_AUTO`
- `TLSv1_0`
- `TLSv1_1`
- `TLSv1_2`
- `TLSv1_3`
### `Listeners[].TLS.MinVersion`
Specifies the minimum TLS version supported for the listener.
#### Values
- Default: none
- Data type is one of the following string values:
- `TLS_AUTO`
- `TLSv1_0`
- `TLSv1_1`
- `TLSv1_2`
- `TLSv1_3`
### `Listeners[].TLS.CipherSuites[]`
Specifies a list of cipher suites that the listener supports when negotiating connections using TLS 1.2 or older.
#### Values
- Defaults to the ciphers supported by the version of Envoy in use. Refer to the
[Envoy documentation](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto#envoy-v3-api-field-extensions-transport-sockets-tls-v3-tlsparameters-cipher-suites)
for details.
- Data type: List of string values. Refer to the
[Consul repository](https://github.com/hashicorp/consul/blob/v1.11.2/types/tls.go#L154-L169)
for a list of supported ciphers.
### `Listeners[].TLS.Certificates[]`
The list of references to [file system](/consul/docs/connect/config-entries/file-system-certificate) or [inline certificates](/consul/docs/connect/config-entries/inline-certificate) that the listener uses for TLS termination. You should create the configuration entry for the certificate separately and then reference the configuration entry in the `Name` field.
Native API Gateway Docs (#16365) * Create empty files * Copy over content for overview * Copy over content for usage * Copy over content for api-gateway config * Copy over content for http-route config * Copy over content for tcp-route config * Copy over content for inline-certificate config * Add docs to the sidebar * Clean up overview. Start cleaning up usage * Add BETA badge to API Gateways portion of nav * Fix header * Fix up usage * Fix up API Gateway config * Update paths to be consistent w/ other gateway docs * Fix up http-route * Fix up inline-certificate * rename path * Fix up tcp-route * Add CodeTabs * Add headers to config pages * Fix configuration model for http route and inline certificate * Add version callout to API gateway overview page * Fix values for inline certificate * Fix values for api gateway configuration * Fix values for TCP Route config * Fix values for HTTP Route config * Adds link from k8s gateway to vm gateway page * Remove versioning warning * Serve overview page at ../api-gateway, consistent w/ mesh-gateway * Remove weight field from tcp-route docs * Linking to usage instead of overview from k8s api-gateway to vm api-gateway * Fix issues in usage page * Fix links in usage * Capitalize Kubernetes * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * remove optional callout * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Apply suggestions from code review * Update website/content/docs/connect/gateways/api-gateway/configuration/api-gateway.mdx * Fix formatting of Hostnames * Update website/content/docs/api-gateway/index.mdx * Update website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx Co-authored-by: Andrew Stucki <andrew.stucki@hashicorp.com> * Add cross-linking of config entries * Fix rendering error on new operator usage docs * Update website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Update website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Apply suggestions from code review * Apply suggestions from code review * Add BETA badges to config entry links * http route updates * Add Enterprise keys * Use map instead of list for meta field, use consistent formatting * Convert spaces to tabs * Add all Enterprise info to TCP Route * Use pascal case for JSON api-gateway example * Add enterprise to HCL api-gw cfg * Use pascal case for missed JSON config fields * Add enterprise to JSON api-gw cfg * Add enterprise to api-gw values * adds enterprise to http route * Update website/content/docs/connect/gateways/api-gateway/index.mdx Co-authored-by: danielehc <40759828+danielehc@users.noreply.github.com> * Add enterprise to api-gw spec * Add missing namespace, partition + meta to specification * fixes for http route * Fix ordering of API Gatetway cfg spec items * whitespace * Add linking of values to tcp * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Fix comma in wrong place * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Move Certificates down * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Tabs to spaces in httproute * Use configuration entry instead of config entry * Fix indentations on api-gateway and tcp-route * Add whitespace between code block and prose * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * adds <> to http route --------- Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> Co-authored-by: Melisa Griffin <melisa.griffin@hashicorp.com> Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com> Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> Co-authored-by: Tu Nguyen <im2nguyen@gmail.com> Co-authored-by: Melisa Griffin <missylbytes@users.noreply.github.com> Co-authored-by: Andrew Stucki <andrew.stucki@hashicorp.com> Co-authored-by: danielehc <40759828+danielehc@users.noreply.github.com> Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2023-02-23 21:01:47 +00:00
#### Values
- Default: None
- Data type: List of maps. Each member of the list has the following fields:
- [`Kind`](#listeners-tls-certificates-kind)
- [`Name`](#listeners-tls-certificates-name)
- [`Namespace`](#listeners-tls-certificates-namespace) <EnterpriseAlert inline />
- [`Partition`](#listeners-tls-certificates-partition) <EnterpriseAlert inline />
### `Listeners[].TLS.Certificates[].Kind`
[NET-8091] Add file-system-certificate config entry for API gateway (#20873) * Define file-system-certificate config entry * Collect file-system-certificate(s) referenced by api-gateway onto snapshot * Add file-system-certificate to config entry kind allow lists * Remove inapplicable validation This validation makes sense for inline certificates since Consul server is holding the certificate; however, for file system certificates, Consul server never actually sees the certificate. * Support file-system-certificate as source for listener TLS certificate * Add more required mappings for the new config entry type * Construct proper TLS context based on certificate kind * Add support or SDS in xdscommon * Remove unused param * Adds back verification of certs for inline-certificates * Undo tangential changes to TLS config consumption * Remove stray curly braces * Undo some more tangential changes * Improve function name for generating API gateway secrets * Add changelog entry * Update .changelog/20873.txt Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com> * Add some nil-checking, remove outdated TODO * Update test assertions to include file-system-certificate * Add documentation for file-system-certificate config entry Add new doc to nav * Fix grammar mistake * Rename watchmaps, remove outdated TODO --------- Co-authored-by: Melisa Griffin <melisa.griffin@hashicorp.com> Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2024-04-15 20:45:05 +00:00
The list of references to certificates that the listener uses for TLS termination.
Native API Gateway Docs (#16365) * Create empty files * Copy over content for overview * Copy over content for usage * Copy over content for api-gateway config * Copy over content for http-route config * Copy over content for tcp-route config * Copy over content for inline-certificate config * Add docs to the sidebar * Clean up overview. Start cleaning up usage * Add BETA badge to API Gateways portion of nav * Fix header * Fix up usage * Fix up API Gateway config * Update paths to be consistent w/ other gateway docs * Fix up http-route * Fix up inline-certificate * rename path * Fix up tcp-route * Add CodeTabs * Add headers to config pages * Fix configuration model for http route and inline certificate * Add version callout to API gateway overview page * Fix values for inline certificate * Fix values for api gateway configuration * Fix values for TCP Route config * Fix values for HTTP Route config * Adds link from k8s gateway to vm gateway page * Remove versioning warning * Serve overview page at ../api-gateway, consistent w/ mesh-gateway * Remove weight field from tcp-route docs * Linking to usage instead of overview from k8s api-gateway to vm api-gateway * Fix issues in usage page * Fix links in usage * Capitalize Kubernetes * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * remove optional callout * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Apply suggestions from code review * Update website/content/docs/connect/gateways/api-gateway/configuration/api-gateway.mdx * Fix formatting of Hostnames * Update website/content/docs/api-gateway/index.mdx * Update website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx Co-authored-by: Andrew Stucki <andrew.stucki@hashicorp.com> * Add cross-linking of config entries * Fix rendering error on new operator usage docs * Update website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Update website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Apply suggestions from code review * Apply suggestions from code review * Add BETA badges to config entry links * http route updates * Add Enterprise keys * Use map instead of list for meta field, use consistent formatting * Convert spaces to tabs * Add all Enterprise info to TCP Route * Use pascal case for JSON api-gateway example * Add enterprise to HCL api-gw cfg * Use pascal case for missed JSON config fields * Add enterprise to JSON api-gw cfg * Add enterprise to api-gw values * adds enterprise to http route * Update website/content/docs/connect/gateways/api-gateway/index.mdx Co-authored-by: danielehc <40759828+danielehc@users.noreply.github.com> * Add enterprise to api-gw spec * Add missing namespace, partition + meta to specification * fixes for http route * Fix ordering of API Gatetway cfg spec items * whitespace * Add linking of values to tcp * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Fix comma in wrong place * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Move Certificates down * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Tabs to spaces in httproute * Use configuration entry instead of config entry * Fix indentations on api-gateway and tcp-route * Add whitespace between code block and prose * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * adds <> to http route --------- Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> Co-authored-by: Melisa Griffin <melisa.griffin@hashicorp.com> Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com> Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> Co-authored-by: Tu Nguyen <im2nguyen@gmail.com> Co-authored-by: Melisa Griffin <missylbytes@users.noreply.github.com> Co-authored-by: Andrew Stucki <andrew.stucki@hashicorp.com> Co-authored-by: danielehc <40759828+danielehc@users.noreply.github.com> Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2023-02-23 21:01:47 +00:00
#### Values
- Default: None
[NET-8091] Add file-system-certificate config entry for API gateway (#20873) * Define file-system-certificate config entry * Collect file-system-certificate(s) referenced by api-gateway onto snapshot * Add file-system-certificate to config entry kind allow lists * Remove inapplicable validation This validation makes sense for inline certificates since Consul server is holding the certificate; however, for file system certificates, Consul server never actually sees the certificate. * Support file-system-certificate as source for listener TLS certificate * Add more required mappings for the new config entry type * Construct proper TLS context based on certificate kind * Add support or SDS in xdscommon * Remove unused param * Adds back verification of certs for inline-certificates * Undo tangential changes to TLS config consumption * Remove stray curly braces * Undo some more tangential changes * Improve function name for generating API gateway secrets * Add changelog entry * Update .changelog/20873.txt Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com> * Add some nil-checking, remove outdated TODO * Update test assertions to include file-system-certificate * Add documentation for file-system-certificate config entry Add new doc to nav * Fix grammar mistake * Rename watchmaps, remove outdated TODO --------- Co-authored-by: Melisa Griffin <melisa.griffin@hashicorp.com> Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2024-04-15 20:45:05 +00:00
- This field is required.
- The data type is one of the following string values: `"file-system-certificate"` or `"inline-certificate"`.
Native API Gateway Docs (#16365) * Create empty files * Copy over content for overview * Copy over content for usage * Copy over content for api-gateway config * Copy over content for http-route config * Copy over content for tcp-route config * Copy over content for inline-certificate config * Add docs to the sidebar * Clean up overview. Start cleaning up usage * Add BETA badge to API Gateways portion of nav * Fix header * Fix up usage * Fix up API Gateway config * Update paths to be consistent w/ other gateway docs * Fix up http-route * Fix up inline-certificate * rename path * Fix up tcp-route * Add CodeTabs * Add headers to config pages * Fix configuration model for http route and inline certificate * Add version callout to API gateway overview page * Fix values for inline certificate * Fix values for api gateway configuration * Fix values for TCP Route config * Fix values for HTTP Route config * Adds link from k8s gateway to vm gateway page * Remove versioning warning * Serve overview page at ../api-gateway, consistent w/ mesh-gateway * Remove weight field from tcp-route docs * Linking to usage instead of overview from k8s api-gateway to vm api-gateway * Fix issues in usage page * Fix links in usage * Capitalize Kubernetes * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * remove optional callout * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Apply suggestions from code review * Update website/content/docs/connect/gateways/api-gateway/configuration/api-gateway.mdx * Fix formatting of Hostnames * Update website/content/docs/api-gateway/index.mdx * Update website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx Co-authored-by: Andrew Stucki <andrew.stucki@hashicorp.com> * Add cross-linking of config entries * Fix rendering error on new operator usage docs * Update website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Update website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Apply suggestions from code review * Apply suggestions from code review * Add BETA badges to config entry links * http route updates * Add Enterprise keys * Use map instead of list for meta field, use consistent formatting * Convert spaces to tabs * Add all Enterprise info to TCP Route * Use pascal case for JSON api-gateway example * Add enterprise to HCL api-gw cfg * Use pascal case for missed JSON config fields * Add enterprise to JSON api-gw cfg * Add enterprise to api-gw values * adds enterprise to http route * Update website/content/docs/connect/gateways/api-gateway/index.mdx Co-authored-by: danielehc <40759828+danielehc@users.noreply.github.com> * Add enterprise to api-gw spec * Add missing namespace, partition + meta to specification * fixes for http route * Fix ordering of API Gatetway cfg spec items * whitespace * Add linking of values to tcp * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Fix comma in wrong place * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Move Certificates down * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Tabs to spaces in httproute * Use configuration entry instead of config entry * Fix indentations on api-gateway and tcp-route * Add whitespace between code block and prose * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * adds <> to http route --------- Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> Co-authored-by: Melisa Griffin <melisa.griffin@hashicorp.com> Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com> Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> Co-authored-by: Tu Nguyen <im2nguyen@gmail.com> Co-authored-by: Melisa Griffin <missylbytes@users.noreply.github.com> Co-authored-by: Andrew Stucki <andrew.stucki@hashicorp.com> Co-authored-by: danielehc <40759828+danielehc@users.noreply.github.com> Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2023-02-23 21:01:47 +00:00
### `Listeners[].TLS.Certificates[].Name`
Specifies the name of the [file system certificate](/consul/docs/connect/config-entries/file-system-certificate) or [inline certificate](/consul/docs/connect/config-entries/inline-certificate) that the listener uses for TLS termination.
Native API Gateway Docs (#16365) * Create empty files * Copy over content for overview * Copy over content for usage * Copy over content for api-gateway config * Copy over content for http-route config * Copy over content for tcp-route config * Copy over content for inline-certificate config * Add docs to the sidebar * Clean up overview. Start cleaning up usage * Add BETA badge to API Gateways portion of nav * Fix header * Fix up usage * Fix up API Gateway config * Update paths to be consistent w/ other gateway docs * Fix up http-route * Fix up inline-certificate * rename path * Fix up tcp-route * Add CodeTabs * Add headers to config pages * Fix configuration model for http route and inline certificate * Add version callout to API gateway overview page * Fix values for inline certificate * Fix values for api gateway configuration * Fix values for TCP Route config * Fix values for HTTP Route config * Adds link from k8s gateway to vm gateway page * Remove versioning warning * Serve overview page at ../api-gateway, consistent w/ mesh-gateway * Remove weight field from tcp-route docs * Linking to usage instead of overview from k8s api-gateway to vm api-gateway * Fix issues in usage page * Fix links in usage * Capitalize Kubernetes * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * remove optional callout * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Apply suggestions from code review * Update website/content/docs/connect/gateways/api-gateway/configuration/api-gateway.mdx * Fix formatting of Hostnames * Update website/content/docs/api-gateway/index.mdx * Update website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx Co-authored-by: Andrew Stucki <andrew.stucki@hashicorp.com> * Add cross-linking of config entries * Fix rendering error on new operator usage docs * Update website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Update website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Apply suggestions from code review * Apply suggestions from code review * Add BETA badges to config entry links * http route updates * Add Enterprise keys * Use map instead of list for meta field, use consistent formatting * Convert spaces to tabs * Add all Enterprise info to TCP Route * Use pascal case for JSON api-gateway example * Add enterprise to HCL api-gw cfg * Use pascal case for missed JSON config fields * Add enterprise to JSON api-gw cfg * Add enterprise to api-gw values * adds enterprise to http route * Update website/content/docs/connect/gateways/api-gateway/index.mdx Co-authored-by: danielehc <40759828+danielehc@users.noreply.github.com> * Add enterprise to api-gw spec * Add missing namespace, partition + meta to specification * fixes for http route * Fix ordering of API Gatetway cfg spec items * whitespace * Add linking of values to tcp * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Fix comma in wrong place * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Move Certificates down * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Tabs to spaces in httproute * Use configuration entry instead of config entry * Fix indentations on api-gateway and tcp-route * Add whitespace between code block and prose * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * adds <> to http route --------- Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> Co-authored-by: Melisa Griffin <melisa.griffin@hashicorp.com> Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com> Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> Co-authored-by: Tu Nguyen <im2nguyen@gmail.com> Co-authored-by: Melisa Griffin <missylbytes@users.noreply.github.com> Co-authored-by: Andrew Stucki <andrew.stucki@hashicorp.com> Co-authored-by: danielehc <40759828+danielehc@users.noreply.github.com> Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2023-02-23 21:01:47 +00:00
#### Values
- Default: None
- This field is required.
- Data type: string
### `Listeners[].TLS.Certificates[].Namespace` <EnterpriseAlert inline />
Specifies the Enterprise [namespace](/consul/docs/enterprise/namespaces) where the certificate can be found.
#### Values
- Default: `"default"` in Enterprise
- Data type: string
### `Listeners[].TLS.Certificates[].Partition` <EnterpriseAlert inline />
Specifies the Enterprise [admin partition](/consul/docs/enterprise/admin-partitions) where the certificate can be found.
#### Values
- Default: `"default"` in Enterprise
- Data type: string
Docs/api-gw-jwts-openshift-1-17-x (#19035) * update main apigw overview * moved the tech specs to main gw folder * merged tech specs into single topic * restructure nav part 1 * fix typo in nav json file * moved k8s install up one level * restructure nav part 2 * moved and created all listeners and routes content * moved errors ref and upgrades * fix error in upgrade-k8s link * moved conf refs to appropriate spots * updated conf overview * fixed some links and bad formatting * fixed link * added JWT on VMs usage page * added JWT conf to APIGW conf entry * added JWTs to HTTP route conf entry * added new gatwaypolicy k8s conf reference * added metadesc for gatewaypolicy conf ref * added http route auth filter k8s conf ref * added http route auth filter k8s conf ref to nav * updates to k8s route conf ref to include extensionRef * added JWTs usage page for k8s * fixed link in gwpolicy conf ref * added openshift installation info to installation pages * fixed bad link on tech specs * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> * fixed VerityClaims param * best guess at verifyclaims params * tweaks to gateway policy dconf ref * Docs/ce 475 retries timeouts for apigw (#19086) * added timeout and retry conf ref for k8s * added retry and TO filters to HTTP routes conf ref for VMs * Apply suggestions from code review Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * fix copy/paste error in http route conf entry --------- Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * update links across site and add redirects * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Thomas Eckert <teckert@hashicorp.com> * Applied feedback from review * Apply suggestions from code review * Apply suggestions from code review Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> * Update CRD configuration for responseHeaderModifiers * Update Config Entry for http-route * Add ResponseFilter example to service * Update website/redirects.js errant curly brace breaking the preview * fix links and bad MD * fixed md formatting issues * fix formatting errors * fix formatting errors * Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx * Apply suggestions from code review * fixed typo * Fix headers in http-route * Apply suggestions from code review Co-authored-by: John Maguire <john.maguire@hashicorp.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> --------- Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> Co-authored-by: Thomas Eckert <teckert@hashicorp.com> Co-authored-by: John Maguire <john.maguire@hashicorp.com>
2023-10-10 20:29:55 +00:00
### `Listeners[].default`
[NET-8091] Add file-system-certificate config entry for API gateway (#20873) * Define file-system-certificate config entry * Collect file-system-certificate(s) referenced by api-gateway onto snapshot * Add file-system-certificate to config entry kind allow lists * Remove inapplicable validation This validation makes sense for inline certificates since Consul server is holding the certificate; however, for file system certificates, Consul server never actually sees the certificate. * Support file-system-certificate as source for listener TLS certificate * Add more required mappings for the new config entry type * Construct proper TLS context based on certificate kind * Add support or SDS in xdscommon * Remove unused param * Adds back verification of certs for inline-certificates * Undo tangential changes to TLS config consumption * Remove stray curly braces * Undo some more tangential changes * Improve function name for generating API gateway secrets * Add changelog entry * Update .changelog/20873.txt Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com> * Add some nil-checking, remove outdated TODO * Update test assertions to include file-system-certificate * Add documentation for file-system-certificate config entry Add new doc to nav * Fix grammar mistake * Rename watchmaps, remove outdated TODO --------- Co-authored-by: Melisa Griffin <melisa.griffin@hashicorp.com> Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2024-04-15 20:45:05 +00:00
Specifies a block of default configurations to apply to the gateway listener. All routes attached to the listener inherit the default configurations. You can specify override configurations that have precedence over default configurations in the [`override` block](#listeners-override) as well as in the `JWT` block in the [HTTP route configuration entry](/consul/docs/connect/config-entries/http-route).
Docs/api-gw-jwts-openshift-1-17-x (#19035) * update main apigw overview * moved the tech specs to main gw folder * merged tech specs into single topic * restructure nav part 1 * fix typo in nav json file * moved k8s install up one level * restructure nav part 2 * moved and created all listeners and routes content * moved errors ref and upgrades * fix error in upgrade-k8s link * moved conf refs to appropriate spots * updated conf overview * fixed some links and bad formatting * fixed link * added JWT on VMs usage page * added JWT conf to APIGW conf entry * added JWTs to HTTP route conf entry * added new gatwaypolicy k8s conf reference * added metadesc for gatewaypolicy conf ref * added http route auth filter k8s conf ref * added http route auth filter k8s conf ref to nav * updates to k8s route conf ref to include extensionRef * added JWTs usage page for k8s * fixed link in gwpolicy conf ref * added openshift installation info to installation pages * fixed bad link on tech specs * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> * fixed VerityClaims param * best guess at verifyclaims params * tweaks to gateway policy dconf ref * Docs/ce 475 retries timeouts for apigw (#19086) * added timeout and retry conf ref for k8s * added retry and TO filters to HTTP routes conf ref for VMs * Apply suggestions from code review Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * fix copy/paste error in http route conf entry --------- Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * update links across site and add redirects * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Thomas Eckert <teckert@hashicorp.com> * Applied feedback from review * Apply suggestions from code review * Apply suggestions from code review Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> * Update CRD configuration for responseHeaderModifiers * Update Config Entry for http-route * Add ResponseFilter example to service * Update website/redirects.js errant curly brace breaking the preview * fix links and bad MD * fixed md formatting issues * fix formatting errors * fix formatting errors * Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx * Apply suggestions from code review * fixed typo * Fix headers in http-route * Apply suggestions from code review Co-authored-by: John Maguire <john.maguire@hashicorp.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> --------- Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> Co-authored-by: Thomas Eckert <teckert@hashicorp.com> Co-authored-by: John Maguire <john.maguire@hashicorp.com>
2023-10-10 20:29:55 +00:00
#### Values
- Default: None
- Data type: Map
### `Listeners[].default{}.JWT`
[NET-8091] Add file-system-certificate config entry for API gateway (#20873) * Define file-system-certificate config entry * Collect file-system-certificate(s) referenced by api-gateway onto snapshot * Add file-system-certificate to config entry kind allow lists * Remove inapplicable validation This validation makes sense for inline certificates since Consul server is holding the certificate; however, for file system certificates, Consul server never actually sees the certificate. * Support file-system-certificate as source for listener TLS certificate * Add more required mappings for the new config entry type * Construct proper TLS context based on certificate kind * Add support or SDS in xdscommon * Remove unused param * Adds back verification of certs for inline-certificates * Undo tangential changes to TLS config consumption * Remove stray curly braces * Undo some more tangential changes * Improve function name for generating API gateway secrets * Add changelog entry * Update .changelog/20873.txt Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com> * Add some nil-checking, remove outdated TODO * Update test assertions to include file-system-certificate * Add documentation for file-system-certificate config entry Add new doc to nav * Fix grammar mistake * Rename watchmaps, remove outdated TODO --------- Co-authored-by: Melisa Griffin <melisa.griffin@hashicorp.com> Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2024-04-15 20:45:05 +00:00
Specifies a block of default JWT verification configurations to apply to the gateway listener. Specify configurations that have precedence over the defaults in either the [`override.JWT` block](#listeners-override) or in the [`JWT` block](/consul/docs/connect/config-entries/http-route#rules-filters-jwt) in the HTTP route configuration. Refer to [Use JWTs to verify requests to API gateways](/consul/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-vms) for order of precedence and other details about using JWT verification in API gateways.
Docs/api-gw-jwts-openshift-1-17-x (#19035) * update main apigw overview * moved the tech specs to main gw folder * merged tech specs into single topic * restructure nav part 1 * fix typo in nav json file * moved k8s install up one level * restructure nav part 2 * moved and created all listeners and routes content * moved errors ref and upgrades * fix error in upgrade-k8s link * moved conf refs to appropriate spots * updated conf overview * fixed some links and bad formatting * fixed link * added JWT on VMs usage page * added JWT conf to APIGW conf entry * added JWTs to HTTP route conf entry * added new gatwaypolicy k8s conf reference * added metadesc for gatewaypolicy conf ref * added http route auth filter k8s conf ref * added http route auth filter k8s conf ref to nav * updates to k8s route conf ref to include extensionRef * added JWTs usage page for k8s * fixed link in gwpolicy conf ref * added openshift installation info to installation pages * fixed bad link on tech specs * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> * fixed VerityClaims param * best guess at verifyclaims params * tweaks to gateway policy dconf ref * Docs/ce 475 retries timeouts for apigw (#19086) * added timeout and retry conf ref for k8s * added retry and TO filters to HTTP routes conf ref for VMs * Apply suggestions from code review Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * fix copy/paste error in http route conf entry --------- Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * update links across site and add redirects * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Thomas Eckert <teckert@hashicorp.com> * Applied feedback from review * Apply suggestions from code review * Apply suggestions from code review Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> * Update CRD configuration for responseHeaderModifiers * Update Config Entry for http-route * Add ResponseFilter example to service * Update website/redirects.js errant curly brace breaking the preview * fix links and bad MD * fixed md formatting issues * fix formatting errors * fix formatting errors * Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx * Apply suggestions from code review * fixed typo * Fix headers in http-route * Apply suggestions from code review Co-authored-by: John Maguire <john.maguire@hashicorp.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> --------- Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> Co-authored-by: Thomas Eckert <teckert@hashicorp.com> Co-authored-by: John Maguire <john.maguire@hashicorp.com>
2023-10-10 20:29:55 +00:00
#### Values
- Default: None
- Data type: Map
### `Listeners[].default{}.JWT{}.Providers`
[NET-8091] Add file-system-certificate config entry for API gateway (#20873) * Define file-system-certificate config entry * Collect file-system-certificate(s) referenced by api-gateway onto snapshot * Add file-system-certificate to config entry kind allow lists * Remove inapplicable validation This validation makes sense for inline certificates since Consul server is holding the certificate; however, for file system certificates, Consul server never actually sees the certificate. * Support file-system-certificate as source for listener TLS certificate * Add more required mappings for the new config entry type * Construct proper TLS context based on certificate kind * Add support or SDS in xdscommon * Remove unused param * Adds back verification of certs for inline-certificates * Undo tangential changes to TLS config consumption * Remove stray curly braces * Undo some more tangential changes * Improve function name for generating API gateway secrets * Add changelog entry * Update .changelog/20873.txt Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com> * Add some nil-checking, remove outdated TODO * Update test assertions to include file-system-certificate * Add documentation for file-system-certificate config entry Add new doc to nav * Fix grammar mistake * Rename watchmaps, remove outdated TODO --------- Co-authored-by: Melisa Griffin <melisa.griffin@hashicorp.com> Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2024-04-15 20:45:05 +00:00
Specifies a list of default JWT provider configurations to apply to the gateway listener. A provider configuration contains the name of the provider and claims. Specify configurations that have precedence over the defaults in either the [`override.JWT.Providers` block](#listeners-override-providers) or in the [`JWT` block](/consul/docs/connect/config-entries/http-route#rules-filters-jwt-providers) of the HTTP route configuration. Refer to [Use JWTs to verify requests to API gateways](/consul/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-vms) for order of precedence and other details about using JWT verification in API gateways.
Docs/api-gw-jwts-openshift-1-17-x (#19035) * update main apigw overview * moved the tech specs to main gw folder * merged tech specs into single topic * restructure nav part 1 * fix typo in nav json file * moved k8s install up one level * restructure nav part 2 * moved and created all listeners and routes content * moved errors ref and upgrades * fix error in upgrade-k8s link * moved conf refs to appropriate spots * updated conf overview * fixed some links and bad formatting * fixed link * added JWT on VMs usage page * added JWT conf to APIGW conf entry * added JWTs to HTTP route conf entry * added new gatwaypolicy k8s conf reference * added metadesc for gatewaypolicy conf ref * added http route auth filter k8s conf ref * added http route auth filter k8s conf ref to nav * updates to k8s route conf ref to include extensionRef * added JWTs usage page for k8s * fixed link in gwpolicy conf ref * added openshift installation info to installation pages * fixed bad link on tech specs * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> * fixed VerityClaims param * best guess at verifyclaims params * tweaks to gateway policy dconf ref * Docs/ce 475 retries timeouts for apigw (#19086) * added timeout and retry conf ref for k8s * added retry and TO filters to HTTP routes conf ref for VMs * Apply suggestions from code review Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * fix copy/paste error in http route conf entry --------- Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * update links across site and add redirects * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Thomas Eckert <teckert@hashicorp.com> * Applied feedback from review * Apply suggestions from code review * Apply suggestions from code review Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> * Update CRD configuration for responseHeaderModifiers * Update Config Entry for http-route * Add ResponseFilter example to service * Update website/redirects.js errant curly brace breaking the preview * fix links and bad MD * fixed md formatting issues * fix formatting errors * fix formatting errors * Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx * Apply suggestions from code review * fixed typo * Fix headers in http-route * Apply suggestions from code review Co-authored-by: John Maguire <john.maguire@hashicorp.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> --------- Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> Co-authored-by: Thomas Eckert <teckert@hashicorp.com> Co-authored-by: John Maguire <john.maguire@hashicorp.com>
2023-10-10 20:29:55 +00:00
#### Values
- Default: None
- Data type: List of maps
The following table describes the parameters you can specify in a member of the `Providers` list:
| Parameter | Description | Data type | Default |
| --- | --- | --- | --- |
| `Name` | Specifies the name of the provider. | String | None |
| `VerifyClaims` | Specifies a list of paths and a value that define the claim that Consul verifies when it receives a request. The `VerifyClaims` map specifies the following settings: <ul><li>`Path`: Specifies a list of one or more registered or custom claims.</li><li>`Value`: Specifies the expected value of the claim.</li></ul> | Map | None |
[NET-8091] Add file-system-certificate config entry for API gateway (#20873) * Define file-system-certificate config entry * Collect file-system-certificate(s) referenced by api-gateway onto snapshot * Add file-system-certificate to config entry kind allow lists * Remove inapplicable validation This validation makes sense for inline certificates since Consul server is holding the certificate; however, for file system certificates, Consul server never actually sees the certificate. * Support file-system-certificate as source for listener TLS certificate * Add more required mappings for the new config entry type * Construct proper TLS context based on certificate kind * Add support or SDS in xdscommon * Remove unused param * Adds back verification of certs for inline-certificates * Undo tangential changes to TLS config consumption * Remove stray curly braces * Undo some more tangential changes * Improve function name for generating API gateway secrets * Add changelog entry * Update .changelog/20873.txt Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com> * Add some nil-checking, remove outdated TODO * Update test assertions to include file-system-certificate * Add documentation for file-system-certificate config entry Add new doc to nav * Fix grammar mistake * Rename watchmaps, remove outdated TODO --------- Co-authored-by: Melisa Griffin <melisa.griffin@hashicorp.com> Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2024-04-15 20:45:05 +00:00
Refer to [Configure JWT verification settings](#configure-jwt-verification-settings) for an example configuration.
Docs/api-gw-jwts-openshift-1-17-x (#19035) * update main apigw overview * moved the tech specs to main gw folder * merged tech specs into single topic * restructure nav part 1 * fix typo in nav json file * moved k8s install up one level * restructure nav part 2 * moved and created all listeners and routes content * moved errors ref and upgrades * fix error in upgrade-k8s link * moved conf refs to appropriate spots * updated conf overview * fixed some links and bad formatting * fixed link * added JWT on VMs usage page * added JWT conf to APIGW conf entry * added JWTs to HTTP route conf entry * added new gatwaypolicy k8s conf reference * added metadesc for gatewaypolicy conf ref * added http route auth filter k8s conf ref * added http route auth filter k8s conf ref to nav * updates to k8s route conf ref to include extensionRef * added JWTs usage page for k8s * fixed link in gwpolicy conf ref * added openshift installation info to installation pages * fixed bad link on tech specs * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> * fixed VerityClaims param * best guess at verifyclaims params * tweaks to gateway policy dconf ref * Docs/ce 475 retries timeouts for apigw (#19086) * added timeout and retry conf ref for k8s * added retry and TO filters to HTTP routes conf ref for VMs * Apply suggestions from code review Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * fix copy/paste error in http route conf entry --------- Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * update links across site and add redirects * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Thomas Eckert <teckert@hashicorp.com> * Applied feedback from review * Apply suggestions from code review * Apply suggestions from code review Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> * Update CRD configuration for responseHeaderModifiers * Update Config Entry for http-route * Add ResponseFilter example to service * Update website/redirects.js errant curly brace breaking the preview * fix links and bad MD * fixed md formatting issues * fix formatting errors * fix formatting errors * Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx * Apply suggestions from code review * fixed typo * Fix headers in http-route * Apply suggestions from code review Co-authored-by: John Maguire <john.maguire@hashicorp.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> --------- Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> Co-authored-by: Thomas Eckert <teckert@hashicorp.com> Co-authored-by: John Maguire <john.maguire@hashicorp.com>
2023-10-10 20:29:55 +00:00
### `Listeners[].override`
Specifies a block of configurations to apply to the gateway listener. The override settings have precedence over the configurations in the [`Listeners[].default` block](#listeners-default).
#### Values
- Default: None
- Data type: Map
### `Listeners[].override{}.JWT`
Specifies a block of JWT verification configurations to apply to the gateway listener. The override settings have precedence over the [`Listeners[].default` configurations](#listeners-default) as well as any route-specific JWT configurations.
#### Values
- Default: None
- Data type: Map
### `Listeners[].override{}.JWT{}.Providers`
[NET-8091] Add file-system-certificate config entry for API gateway (#20873) * Define file-system-certificate config entry * Collect file-system-certificate(s) referenced by api-gateway onto snapshot * Add file-system-certificate to config entry kind allow lists * Remove inapplicable validation This validation makes sense for inline certificates since Consul server is holding the certificate; however, for file system certificates, Consul server never actually sees the certificate. * Support file-system-certificate as source for listener TLS certificate * Add more required mappings for the new config entry type * Construct proper TLS context based on certificate kind * Add support or SDS in xdscommon * Remove unused param * Adds back verification of certs for inline-certificates * Undo tangential changes to TLS config consumption * Remove stray curly braces * Undo some more tangential changes * Improve function name for generating API gateway secrets * Add changelog entry * Update .changelog/20873.txt Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com> * Add some nil-checking, remove outdated TODO * Update test assertions to include file-system-certificate * Add documentation for file-system-certificate config entry Add new doc to nav * Fix grammar mistake * Rename watchmaps, remove outdated TODO --------- Co-authored-by: Melisa Griffin <melisa.griffin@hashicorp.com> Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2024-04-15 20:45:05 +00:00
Specifies a list of JWT provider configurations to apply to the gateway listener. A provider configuration contains the name of the provider and claims. The override settings have precedence over `Listeners[].defaults{}.JWT{}.Providers` as well as any listener-specific configuration.
Docs/api-gw-jwts-openshift-1-17-x (#19035) * update main apigw overview * moved the tech specs to main gw folder * merged tech specs into single topic * restructure nav part 1 * fix typo in nav json file * moved k8s install up one level * restructure nav part 2 * moved and created all listeners and routes content * moved errors ref and upgrades * fix error in upgrade-k8s link * moved conf refs to appropriate spots * updated conf overview * fixed some links and bad formatting * fixed link * added JWT on VMs usage page * added JWT conf to APIGW conf entry * added JWTs to HTTP route conf entry * added new gatwaypolicy k8s conf reference * added metadesc for gatewaypolicy conf ref * added http route auth filter k8s conf ref * added http route auth filter k8s conf ref to nav * updates to k8s route conf ref to include extensionRef * added JWTs usage page for k8s * fixed link in gwpolicy conf ref * added openshift installation info to installation pages * fixed bad link on tech specs * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> * fixed VerityClaims param * best guess at verifyclaims params * tweaks to gateway policy dconf ref * Docs/ce 475 retries timeouts for apigw (#19086) * added timeout and retry conf ref for k8s * added retry and TO filters to HTTP routes conf ref for VMs * Apply suggestions from code review Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * fix copy/paste error in http route conf entry --------- Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * update links across site and add redirects * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Thomas Eckert <teckert@hashicorp.com> * Applied feedback from review * Apply suggestions from code review * Apply suggestions from code review Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> * Update CRD configuration for responseHeaderModifiers * Update Config Entry for http-route * Add ResponseFilter example to service * Update website/redirects.js errant curly brace breaking the preview * fix links and bad MD * fixed md formatting issues * fix formatting errors * fix formatting errors * Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx * Apply suggestions from code review * fixed typo * Fix headers in http-route * Apply suggestions from code review Co-authored-by: John Maguire <john.maguire@hashicorp.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> --------- Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> Co-authored-by: Thomas Eckert <teckert@hashicorp.com> Co-authored-by: John Maguire <john.maguire@hashicorp.com>
2023-10-10 20:29:55 +00:00
#### Values
- Default: None
- Data type: List of maps
The following table describes the parameters you can specify in a member of the `Providers` list:
| Parameter | Description | Data type | Default |
| --- | --- | --- | --- |
| `Name` | Specifies the name of the provider. | String | None |
| `VerifyClaims` | Specifies a list of paths and a value that define the claim that Consul verifies when it receives a request. The `VerifyClaims` map specifies the following settings: <ul><li>`Path`: Specifies a list of one or more registered or custom claims.</li><li>`Value`: Specifies the expected value of the claim.</li></ul> | Map | None |
[NET-8091] Add file-system-certificate config entry for API gateway (#20873) * Define file-system-certificate config entry * Collect file-system-certificate(s) referenced by api-gateway onto snapshot * Add file-system-certificate to config entry kind allow lists * Remove inapplicable validation This validation makes sense for inline certificates since Consul server is holding the certificate; however, for file system certificates, Consul server never actually sees the certificate. * Support file-system-certificate as source for listener TLS certificate * Add more required mappings for the new config entry type * Construct proper TLS context based on certificate kind * Add support or SDS in xdscommon * Remove unused param * Adds back verification of certs for inline-certificates * Undo tangential changes to TLS config consumption * Remove stray curly braces * Undo some more tangential changes * Improve function name for generating API gateway secrets * Add changelog entry * Update .changelog/20873.txt Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com> * Add some nil-checking, remove outdated TODO * Update test assertions to include file-system-certificate * Add documentation for file-system-certificate config entry Add new doc to nav * Fix grammar mistake * Rename watchmaps, remove outdated TODO --------- Co-authored-by: Melisa Griffin <melisa.griffin@hashicorp.com> Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2024-04-15 20:45:05 +00:00
Refer to [Configure JWT verification settings](#configure-jwt-verification-settings) for an example configuration.
Docs/api-gw-jwts-openshift-1-17-x (#19035) * update main apigw overview * moved the tech specs to main gw folder * merged tech specs into single topic * restructure nav part 1 * fix typo in nav json file * moved k8s install up one level * restructure nav part 2 * moved and created all listeners and routes content * moved errors ref and upgrades * fix error in upgrade-k8s link * moved conf refs to appropriate spots * updated conf overview * fixed some links and bad formatting * fixed link * added JWT on VMs usage page * added JWT conf to APIGW conf entry * added JWTs to HTTP route conf entry * added new gatwaypolicy k8s conf reference * added metadesc for gatewaypolicy conf ref * added http route auth filter k8s conf ref * added http route auth filter k8s conf ref to nav * updates to k8s route conf ref to include extensionRef * added JWTs usage page for k8s * fixed link in gwpolicy conf ref * added openshift installation info to installation pages * fixed bad link on tech specs * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> * fixed VerityClaims param * best guess at verifyclaims params * tweaks to gateway policy dconf ref * Docs/ce 475 retries timeouts for apigw (#19086) * added timeout and retry conf ref for k8s * added retry and TO filters to HTTP routes conf ref for VMs * Apply suggestions from code review Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * fix copy/paste error in http route conf entry --------- Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * update links across site and add redirects * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Thomas Eckert <teckert@hashicorp.com> * Applied feedback from review * Apply suggestions from code review * Apply suggestions from code review Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> * Update CRD configuration for responseHeaderModifiers * Update Config Entry for http-route * Add ResponseFilter example to service * Update website/redirects.js errant curly brace breaking the preview * fix links and bad MD * fixed md formatting issues * fix formatting errors * fix formatting errors * Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx * Apply suggestions from code review * fixed typo * Fix headers in http-route * Apply suggestions from code review Co-authored-by: John Maguire <john.maguire@hashicorp.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> --------- Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> Co-authored-by: Thomas Eckert <teckert@hashicorp.com> Co-authored-by: John Maguire <john.maguire@hashicorp.com>
2023-10-10 20:29:55 +00:00
## Examples
The following examples demonstrate common API gateway configuration patterns for specific use cases.
### Configure JWT verification settings
The following example configures `listener-one` to verify that requests include a token with Okta user permissions by default. The listener also verifies that the token has an audience of `api.apps.organization.com`.
<Tabs>
<Tab heading="HCL" group="hcl">
```hcl
Kind = "api-gateway"
Name = "api-gateway"
Listeners = [
{
name = "listener-one"
port = 9001
protocol = "http"
# override and default are backed by the same type of data structure, see the following section for more on how they interact
override = {
JWT = {
Providers = [
{
Name = "okta",
VerifyClaims = {
Path = ["aud"],
Value = "api.apps.organization.com",
}
},
]
}
}
default = {
JWT = {
Providers = [
{
Name = "okta",
VerifyClaims = {
Path = ["perms", "role"],
Value = "user",
}
}
]
}
}
}
]
```
</Tab>
<Tab heading="JSON" group="json">
```json
{
"Kind": "api-gateway",
"Name": "api-gateway",
"Listeners": [
{
"name": "listener-one",
"port": 9001,
[NET-8091] Add file-system-certificate config entry for API gateway (#20873) * Define file-system-certificate config entry * Collect file-system-certificate(s) referenced by api-gateway onto snapshot * Add file-system-certificate to config entry kind allow lists * Remove inapplicable validation This validation makes sense for inline certificates since Consul server is holding the certificate; however, for file system certificates, Consul server never actually sees the certificate. * Support file-system-certificate as source for listener TLS certificate * Add more required mappings for the new config entry type * Construct proper TLS context based on certificate kind * Add support or SDS in xdscommon * Remove unused param * Adds back verification of certs for inline-certificates * Undo tangential changes to TLS config consumption * Remove stray curly braces * Undo some more tangential changes * Improve function name for generating API gateway secrets * Add changelog entry * Update .changelog/20873.txt Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com> * Add some nil-checking, remove outdated TODO * Update test assertions to include file-system-certificate * Add documentation for file-system-certificate config entry Add new doc to nav * Fix grammar mistake * Rename watchmaps, remove outdated TODO --------- Co-authored-by: Melisa Griffin <melisa.griffin@hashicorp.com> Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2024-04-15 20:45:05 +00:00
"protocol": "http",
Docs/api-gw-jwts-openshift-1-17-x (#19035) * update main apigw overview * moved the tech specs to main gw folder * merged tech specs into single topic * restructure nav part 1 * fix typo in nav json file * moved k8s install up one level * restructure nav part 2 * moved and created all listeners and routes content * moved errors ref and upgrades * fix error in upgrade-k8s link * moved conf refs to appropriate spots * updated conf overview * fixed some links and bad formatting * fixed link * added JWT on VMs usage page * added JWT conf to APIGW conf entry * added JWTs to HTTP route conf entry * added new gatwaypolicy k8s conf reference * added metadesc for gatewaypolicy conf ref * added http route auth filter k8s conf ref * added http route auth filter k8s conf ref to nav * updates to k8s route conf ref to include extensionRef * added JWTs usage page for k8s * fixed link in gwpolicy conf ref * added openshift installation info to installation pages * fixed bad link on tech specs * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> * fixed VerityClaims param * best guess at verifyclaims params * tweaks to gateway policy dconf ref * Docs/ce 475 retries timeouts for apigw (#19086) * added timeout and retry conf ref for k8s * added retry and TO filters to HTTP routes conf ref for VMs * Apply suggestions from code review Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * fix copy/paste error in http route conf entry --------- Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * update links across site and add redirects * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Thomas Eckert <teckert@hashicorp.com> * Applied feedback from review * Apply suggestions from code review * Apply suggestions from code review Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> * Update CRD configuration for responseHeaderModifiers * Update Config Entry for http-route * Add ResponseFilter example to service * Update website/redirects.js errant curly brace breaking the preview * fix links and bad MD * fixed md formatting issues * fix formatting errors * fix formatting errors * Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx * Apply suggestions from code review * fixed typo * Fix headers in http-route * Apply suggestions from code review Co-authored-by: John Maguire <john.maguire@hashicorp.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> --------- Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> Co-authored-by: Thomas Eckert <teckert@hashicorp.com> Co-authored-by: John Maguire <john.maguire@hashicorp.com>
2023-10-10 20:29:55 +00:00
"override": {
"JWT": {
"Providers": [{
"Name": "okta",
"VerifyClaims": {
"Path": ["aud"],
"Value": "api.apps.organization.com"
}
}]
}
},
"default": {
"JWT": {
"Providers": [{
"Name": "okta",
"VerifyClaims": {
"Path": ["perms", "role"],
"Value": "user"
}
}]
}
}
}
]
}
```
</Tab>
[NET-8091] Add file-system-certificate config entry for API gateway (#20873) * Define file-system-certificate config entry * Collect file-system-certificate(s) referenced by api-gateway onto snapshot * Add file-system-certificate to config entry kind allow lists * Remove inapplicable validation This validation makes sense for inline certificates since Consul server is holding the certificate; however, for file system certificates, Consul server never actually sees the certificate. * Support file-system-certificate as source for listener TLS certificate * Add more required mappings for the new config entry type * Construct proper TLS context based on certificate kind * Add support or SDS in xdscommon * Remove unused param * Adds back verification of certs for inline-certificates * Undo tangential changes to TLS config consumption * Remove stray curly braces * Undo some more tangential changes * Improve function name for generating API gateway secrets * Add changelog entry * Update .changelog/20873.txt Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com> * Add some nil-checking, remove outdated TODO * Update test assertions to include file-system-certificate * Add documentation for file-system-certificate config entry Add new doc to nav * Fix grammar mistake * Rename watchmaps, remove outdated TODO --------- Co-authored-by: Melisa Griffin <melisa.griffin@hashicorp.com> Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2024-04-15 20:45:05 +00:00
</Tabs>