backport of commit d899808 (#21628)

website/content/docs/connect/gateways/api-gateway/configuration/gatewaypolicy.mdx

@@ -15,33 +15,33 @@ The following list outlines field hierarchy, data types, and requirements in a g
 - [`apiVersion`](#apiversion): string | required | must be set to `consul.hashicorp.com/v1alpha1`
 - [`kind`](#kind): string | required | must be set to `GatewayPolicy`
 - [`metadata`](#metadata): map | required
-   - [`name`](#metadata-name): string | required 
+   - [`name`](#metadata-name): string | required
    - [`namespace`](#metadata-namespace): string  | `default`
 - [`spec`](#spec): map | required
    - [`targetRef`](#spec-targetref): map | required
-      - [`namespace`](#spec-targetref): string | `default` 
-      - [`name`](#spec-targetref): string | required 
+      - [`namespace`](#spec-targetref): string | `default`
+      - [`name`](#spec-targetref): string | required
       - [`kind`](#spec-targetref): string | required | must be set to `Gateway`
-      - [`group`](#spec-targetref): string | required 
-      - [`sectionName`](#spec-targetref): string 
-   - [`override`](#spec-override): map | required 
-      - [`jwt`](#spec-override-jwt): map | required 
-         - [`providers`](#spec-override-providers): list | required 
-            - [`name`](#spec-override-providers): string | required 
-            - [`verifyClaims`](#spec-override-providers): map | required 
-               - [`path`](#spec-override-providers): list of strings | required 
-               - [`value`](#spec-override-providers): string | required 
-   - [`default`](#spec-default): map | required 
-      - [`jwt`](#spec-default-jwt): map | required 
-         - [`providers`](#spec-default-providers): list | required 
-            - [`name`](#spec-default-providers): string | required 
-            - [`verifyClaims`](#spec-default-providers): map | required 
-               - [`path`](#spec-default-providers): list of strings | required 
-               - [`value`](#spec-default-providers): string | required 
+      - [`group`](#spec-targetref): string | required
+      - [`sectionName`](#spec-targetref): string
+   - [`override`](#spec-override): map | required
+      - [`jwt`](#spec-override-jwt): map | required
+         - [`providers`](#spec-override-providers): list | required
+            - [`name`](#spec-override-providers): string | required
+            - [`verifyClaims`](#spec-override-providers): map | required
+               - [`path`](#spec-override-providers): list of strings | required
+               - [`value`](#spec-override-providers): string | required
+   - [`default`](#spec-default): map | required
+      - [`jwt`](#spec-default-jwt): map | required
+         - [`providers`](#spec-default-providers): list | required
+            - [`name`](#spec-default-providers): string | required
+            - [`verifyClaims`](#spec-default-providers): map | required
+               - [`path`](#spec-default-providers): list of strings | required
+               - [`value`](#spec-default-providers): string | required
 
 ## Complete configuration
 
-When every field is defined, a gateway policy has the following form: 
+When every field is defined, a gateway policy has the following form:
 
 ```yaml
 apiVersion: consul.hashicorp.com/v1alpha1
@@ -53,7 +53,7 @@ spec:
   targetRef:
     name: gateway
     kind: Gateway
-    group: gateway.networking.kuberenetes.io
+    group: gateway.networking.k8s.io/v1beta1
     sectionName: <name of a specific listener the policy applies>
   override:
     jwt:
@@ -109,15 +109,15 @@ Map that contains an arbitrary name for the resource and the namespace it applie
 
 ### `metadata.name`
 
-Specifies a name for the resource. The name is metadata that you can use to reference the resource when performing Consul operations, such as applying the resource to a specific cluster. 
+Specifies a name for the resource. The name is metadata that you can use to reference the resource when performing Consul operations, such as applying the resource to a specific cluster.
 
 #### Values
 
 - Default: None
 - This field is required.
 - Data type: String
 
-### `metadata.namespace` 
+### `metadata.namespace`
 
 Specifies the namespace that the configuration applies to. Refer to [namespaces](/consul/docs/enterprise/namespaces) for more information.
 
@@ -138,7 +138,7 @@ Map that contains the details about the gateway policy. The `apiVersion`, `kind`
 
 ### `targetRef`
 
-Map that contains references to the gateway that the policy applies to. 
+Map that contains references to the gateway that the policy applies to.
 
 #### Values
 
@@ -153,7 +153,7 @@ The following table describes the members of the `targetRef` map:
 | `namespace` | Specifies the namespace that the target reference is a member of. | String | `default` |
 | `name` | Specifies the name of the API gateway that the policy attaches to. | String | None |
 | `kind` | Specifies the type of resource that the policy attaches to. Must be set to `Gateway`. | String | None |
-| `group` | Specifies the resource group. Must be set to `gateway.networking.kuberenetes.io`. | String | None |
+| `group` | Specifies the resource group. Must be set to `gateway.networking.k8s.io/v1beta1`. | String | None |
 | `sectionName` | Specifies a part of the gateway that the policy applies to. | String | None |
 
 ### `spec.override`
@@ -192,7 +192,7 @@ The following table describes the parameters you can specify in a member of the
 
 ### `spec.default`
 
-Map that contains default configurations to apply to listeners when the policy is attached to the gateway. All routes attached to the gateway listener inherit the default configurations. You can specify override configurations that have precedence over default configurations. Refer to [`spec.override`](#spec-override) for details.  
+Map that contains default configurations to apply to listeners when the policy is attached to the gateway. All routes attached to the gateway listener inherit the default configurations. You can specify override configurations that have precedence over default configurations. Refer to [`spec.override`](#spec-override) for details.
 
 #### Values
 
@@ -226,7 +226,7 @@ The following table describes the parameters you can specify in a member of the
 
 ## Example configuration
 
-In the following example, all requests through the gateway must have the `api.apps.organization.com` audience claim. Additionally, requests through the gateway must have a `user` role by default. 
+In the following example, all requests through the gateway must have the `api.apps.organization.com` audience claim. Additionally, requests through the gateway must have a `user` role by default.
 
 ```yaml
 apiVersion: consul.hashicorp.com/v1alpha1
@@ -237,7 +237,7 @@ spec:
   targetRef:
     name: gateway
     kind: Gateway
-    group: gateway.networking.kuberenetes.io
+    group: gateway.networking.k8s.io/v1beta1
     sectionName: to-server
   override:
     jwt:
@@ -256,4 +256,4 @@ spec:
           - "roles"
           - "perm"
           value: "user"
-```
+```

website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx

@@ -67,7 +67,7 @@ Create a `GatewayPolicy` CRD that defines default and override settings for JWT
 - `metadata.name`: Specifies a name for the policy.
 - `spec.targetRef.name`: Specifies the name of the API gateway to attach the policy to.
 - `spec.targetRef.kind`: Specifies the kind of resource to attach to the policy to. Must be set to `Gateway`.
-- `spec.targetRef.group`: Specifies the resource group. Unless you have created a custom group, this should be set to `gateway.networking.kubernetes.io`.
+- `spec.targetRef.group`: Specifies the resource group. Unless you have created a custom group, this should be set to `gateway.networking.k8s.io/v1beta1`.
 - `spec.targetRef.sectionName`: Specifies a part of the gateway that the policy applies to.
 - `spec.targetRef.override.jwt.providers`: Specifies a list of providers and claims used to verify requests to the gateway. The override settings take precedence over the default and route-specific JWT verification settings.
 - `spec.targetRef.default.jwt.providers`: Specifies a list of default providers and claims used to verify requests to the gateway.
@@ -176,7 +176,7 @@ For more information about the fields you can configure, refer to [`RouteAuthFil
 In the `filters` field of your HTTPRoute configuration, define the filter behavior that results from JWT verification.
 
 - `type: extensionRef`: Declare list of extension references.
-- `extensionRef.group`: Specifies the resource group. Unless you have created a custom group, this should be set to `gateway.networking.kubernetes.io`.
+- `extensionRef.group`: Specifies the resource group. Unless you have created a custom group, this should be set to `gateway.networking.k8s.io/v1beta1`.
 - `extensionRef.kind`: Specifies the type of extension reference to attach to the route. Must be `RouteAuthFilter`
 - `extensionRef.name`: Specifies the name of the auth filter.