luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity

Backport of docs - remove Sentinel from enterprise features list into release/1.16.x (#18182) 

* resolve conflicts

---------

Co-authored-by: David Yu <dyu@hashicorp.com>
This commit is contained in:
hc-github-team-consul-core 2023-07-18 21:03:30 -05:00 committed by GitHub
parent 53132650b1
commit 0cf6442bd5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 31 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
website/content/docs/dynamic-app-config/kv.mdx
View File

@ -61,6 +61,24 @@ and when recursively searching within the data store. We also recommend that
you avoid the use of `*`, `?`, `'`, and `%` because they can cause issues when
using the API and in shell scripts.
## Using Sentinel to apply policies for Consul KV
<EnterpriseAlert>
This feature requires
HashiCorp Cloud Platform (HCP) or self-managed Consul Enterprise.
</EnterpriseAlert>
You can also use Sentinel as a Policy-as-code framework for defining advanced key-value storage access control policies. Sentinel policies extend the ACL system in Consul beyond static "read", "write",
and "deny" policies to support full conditional logic and integration with
external systems. Reference the [Sentinel documentation](https://docs.hashicorp.com/sentinel/concepts) for high-level Sentinel concepts.
To get started with Sentinel in Consul,
refer to the [Sentinel documentation](https://docs.hashicorp.com/sentinel/consul) or
[Consul documentation](/consul/docs/agent/sentinel).
## Extending Consul KV
### Consul Template

18
website/content/docs/enterprise/index.mdx
View File

@ -20,12 +20,13 @@ The following features are [available in several forms of Consul Enterprise](#co
- [Admin Partitions](/consul/docs/enterprise/admin-partitions): Define administrative boundaries between tenants within a single Consul datacenter
- [Namespaces](/consul/docs/enterprise/namespaces): Define resource boundaries within a single admin partition for further organizational flexibility
- [Sameness Groups](/consul/docs/connect/config-entries/samenes-group): Define partitions and cluster peers as members of a group with identical services
- [Sameness Groups](/consul/docs/connect/config-entries/sameness-group): Define partitions and cluster peers as members of a group with identical services
### Resiliency
- [Automated Backups](/consul/docs/enterprise/backups): Configure the automatic backup of Consul state
- [Redundancy Zones](/consul/docs/enterprise/redundancy): Deploy backup voting Consul servers to efficiently improve Consul fault tolerance
- [Server request rate limits per source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips): Limit gRPC and RPC traffic to servers for source IP addresses.
### Scalability
@ -45,7 +46,6 @@ The following features are [available in several forms of Consul Enterprise](#co
- [OIDC Auth Method](/consul/docs/security/acl/auth-methods/oidc): Manage user access to Consul through an OIDC identity provider instead of Consul ACL tokens directly
- [Audit Logging](/consul/docs/enterprise/audit-logging): Understand Consul access and usage patterns by reviewing access to the Consul HTTP API
- [Sentinel for KV](/consul/docs/enterprise/sentinel): Policy-as-code framework for defining advanced key-value storage access control policies
### Regulatory compliance
@ -102,8 +102,7 @@ Available Enterprise features per Consul form and license include:
| [OIDC Auth Method](/consul/docs/security/acl/auth-methods/oidc) | No | Yes | Yes |
| [Redundancy Zones](/consul/docs/enterprise/redundancy) | Not applicable | Yes | With Global Visibility, Routing, and Scale module |
| [Sameness Groups](/consul/docs/connect/config-entries/samenes-group) | No | Yes | N/A |
| [Sentinel for KV](/consul/docs/enterprise/sentinel) | All tiers | Yes | With Governance and Policy module |
| [Server request rate limits per source IP](/consul/docs/v1.16.x/agent/limits/usage/limit-request-rates-from-ips) | All tiers | Yes | With Governance and Policy module |
| [Server request rate limits per source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips) | All tiers | Yes | With Governance and Policy module |
[HashiCorp Cloud Platform (HCP) Consul]: https://cloud.hashicorp.com/products/consul
@ -131,8 +130,7 @@ Consul Enterprise feature availability can change depending on your server and c
| [OIDC Auth Method](/consul/docs/security/acl/auth-methods/oidc) | &#9989; | &#9989; | &#9989; |
| [Redundancy Zones](/consul/docs/enterprise/redundancy) | &#9989; | &#9989; | &#9989; |
| [Sameness Groups](/consul/docs/connect/config-entries/samenes-group) | &#9989; | &#9989; | &#9989; |
| [Sentinel ](/consul/docs/enterprise/sentinel) | &#9989; | &#9989; | &#9989; |
| [Server request rate limits per source IP](/consul/docs/v1.16.x/agent/limits/usage/limit-request-rates-from-ips) | &#9989; | &#9989; | &#9989; |
| [Server request rate limits per source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips) | &#9989; | &#9989; | &#9989; |
</Tab>
@ -152,8 +150,7 @@ Consul Enterprise feature availability can change depending on your server and c
| [OIDC Auth Method](/consul/docs/security/acl/auth-methods/oidc) | &#9989; | &#9989; | &#9989; |
| [Redundancy Zones](/consul/docs/enterprise/redundancy) | &#10060; | &#10060; | &#10060; |
| [Sameness Groups](/consul/docs/connect/config-entries/samenes-group) | &#9989; | &#9989; | &#9989; |
| [Sentinel ](/consul/docs/enterprise/sentinel) | &#9989; | &#9989; | &#9989; |
| [Server request rate limits per source IP](/consul/docs/v1.16.x/agent/limits/usage/limit-request-rates-from-ips) | &#9989; | &#9989; | &#9989; |
| [Server request rate limits per source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips) | &#9989; | &#9989; | &#9989; |
</Tab>
@ -173,8 +170,7 @@ Consul Enterprise feature availability can change depending on your server and c
| [OIDC Auth Method](/consul/docs/security/acl/auth-methods/oidc) | &#10060; | &#10060; | &#10060; |
| [Redundancy Zones](/consul/docs/enterprise/redundancy) | n/a | n/a | n/a |
| [Sameness Groups](/consul/docs/connect/config-entries/samenes-group) | &#9989; | &#9989; | &#9989; |
| [Sentinel ](/consul/docs/enterprise/sentinel) | &#9989; | &#9989; | &#9989; |
| [Server request rate limits per source IP](/consul/docs/v1.16.x/agent/limits/usage/limit-request-rates-from-ips) | &#9989; | &#9989; | &#9989; |
| [Server request rate limits per source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips) | &#9989; | &#9989; | &#9989; |
</Tab>
</Tabs>
</Tabs>

24
website/content/docs/enterprise/sentinel.mdx
View File

@ -1,24 +0,0 @@
---
layout: docs
page_title: Sentinel in Consul (Enterprise)
description: >-
Sentinel is an access-control-policy-as-code framework and language. Learn how Consul can use Sentinel policies to extend the ACL system's capabilities and further secure your clusters by controlling key-value (KV) store write access.
---
# Sentinel in Consul
<EnterpriseAlert>
This feature requires
HashiCorp Cloud Platform (HCP) or self-managed Consul Enterprise.
Refer to the [enterprise feature matrix](/consul/docs/enterprise#consul-enterprise-feature-availability) for additional information.
</EnterpriseAlert>
Sentinel policies extend the ACL system in Consul beyond static "read", "write",
and "deny" policies to support full conditional logic and integration with
external systems. Reference the [Sentinel documentation](https://docs.hashicorp.com/sentinel/concepts) for high-level Sentinel concepts.
To get started with Sentinel in Consul,
[read the general documentation](https://docs.hashicorp.com/sentinel/consul) or
[Consul documentation](/consul/docs/agent/sentinel).

4
website/data/docs-nav-data.json
View File

@ -1707,10 +1707,6 @@
"title": "NIA with TFE",
"href": "/docs/nia/enterprise"
},
{
"title": "Sentinel",
"path": "enterprise/sentinel"
},
{
"title": "License",
"routes": [

6
website/redirects.js
View File

@ -60,4 +60,10 @@ module.exports = [
'/consul/docs/connect/cluster-peering/usage/establish-cluster-peering',
permanent: true,
},
{
source: '/consul/docs/enterprise/sentinel',
destination:
'/consul/docs/dynamic-app-config/kv#using-sentinel-to-apply-policies-for-consul-kv',
permanent: true,
},
]