docs(realm): key-auth centrally-managed consumers require network con…#5486
Open
outsinre wants to merge 1 commit into
Open
docs(realm): key-auth centrally-managed consumers require network con…#5486outsinre wants to merge 1 commit into
outsinre wants to merge 1 commit into
Conversation
✅ Deploy Preview for kongdeveloper ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates the Key Auth plugin documentation to explicitly call out that identity realm authentication for centrally-managed Consumers requires the Data Plane to have network connectivity to the Konnect identity service, helping set expectations for restricted-network deployments.
Changes:
- Adds an informational note in the Key Auth plugin overview explaining the Data Plane connectivity requirement for identity realms.
- Updates the identity-realms example to include the connectivity requirement as a prerequisite.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| app/_kong_plugins/key-auth/index.md | Adds an info note describing Data Plane connectivity requirements for realm-based auth. |
| app/_kong_plugins/key-auth/examples/identity-realms.yaml | Adds a new requirement stating the Data Plane must reach the Konnect identity endpoint. |
|
|
||
| Identity realms are scoped to the Control Plane by default (`scope: cp`). | ||
| {:.info} | ||
| > **Note:** Identity realms require the Data Plane to have network connectivity to {{site.konnect_short_name}} to look up centrally-managed Consumers. The Data Plane reaches the realm at the identity endpoint `https://%s.identity.konghq.com`, where `%s` is the region. If the Data Plane can't reach {{site.konnect_short_name}}, realm-scoped authentication won't work. |
| You have a realm configured with an associated Control Plane in {{site.konnect_short_name}}. | ||
| You can do this with the [`/realms`](/api/konnect/consumers/#/operations/list-realms) endpoint. | ||
| - | | ||
| The Data Plane has network connectivity to {{site.konnect_short_name}} to reach the identity endpoint `https://%s.identity.konghq.com`, where `%s` is the region. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
FTI: https://konghq.atlassian.net/browse/FTI-7542
Explicitly stating the centrally-managed consumers require network connectivity to the Konnect identity service to validate requests. Some DPs may not have public network connectivity, and hence they do not have access to this feature.
Preview Links
Checklist
descriptionentry in frontmatter.