Announcing HashiCorp Consul 1.7
HashiCorp Consul 1.7 is here! See what that means for you and if you find yourself asking how to get these technologies implemented in your environment, reach out! IGNW is here to help!
We're really excited to announce the availability of Consul 1.7.0. Consul is a multi-cloud service networking platform to connect and secure services across any runtime platform and public or private cloud.
This release includes the following features:
Namespaces (Consul Enterprise only): Namespaces help reduce operational challenges by removing restrictions around uniqueness of resource names across distinct teams. They enable operators to provide self-service through delegation of administrative privileges.
GCP Snapshot Storage (Consul Enterprise only): This allows Consul snapshots (created as backup for disaster recovery) to be stored in GCP.
AWS PCA as Certificate Authority for Consul: This release adds AWS PCA as a certificate authority option for Consul.
Release 1.7.0 is available for beta now, with general availability to follow. Please review the v1.7.0 changelog for a detailed list of changes. The binaries can be downloaded here.
Namespaces
Note: This is a Consul Enterprise feature
Traditionally, Consul has utilized a single, global scope for resources within an environment. All resources share this single scope for naming. This creates challenges in large scale, multi-user environments as teams must ensure distinct services utilize either unique names or tags and service metadata to differentiate themselves from services belonging to another team. This introduces additional operational overhead to ensure no conflicts exist and can increase the risk of misconfigurations if this process is not automated. In addition, administrative privileges are centralized at the global level, which places additional burden on operators to manage simple, day-to-day administrative tasks required by individual teams.
Namespaces allow a Consul environment to be divided into one or more logical environments that provide resource separation and allow the re-use of service names or K/V prefixes across namespaces—removing the requirement to coordinate resource names between teams.
In addition, operators may sub-delegate administrative privileges for a given namespace to individual teams, enabling self-service for ACLs, tokens, policies, service registrations, K/V prefixes, and central configurations (a new feature for defining site-wide or service-specific Connect proxy configurations via the API) within the respective namespace.
With this feature, users will be able to:
Create, Update, Delete, and List Namespaces via the API, CLI, and UI
Create, Update, Delete, and List ACL Tokens, Roles, Policies, Auth Methods, and Binding Rules for a specific namespace
Delegate ACL administration for a Namespace to another user/token that doesn't have universal privileges
Register and discover services within a namespace
Create, Update, Delete, and List entries in the KV store within a namespace
Create, Update, Delete, and List sessions within a namespace
Create, Update, Delete, and List central config entries for a namespace.
Use DNS to discover services in particular namespaces
GCP Snapshot Storage
Note: This is a Consul Enterprise feature
Consul Enterprise automatically saves and restores the state of Consul servers for disaster recovery. The snapshot feature enables point-in-time backups of the K/V store, ACLs, service catalogs, plus prepared queries, automated backup files rotation, and the ability to store the backup file in a cloud storage service like Amazon S3 or Azure Storage. With this release, we are adding the capability to store the backup in Google Cloud Platform (GCP).
AWS Private CA as Certificate Authority for Consul
Consul provides an internal CA and can also use Vault to provide certificates. With this release, we are adding the ability to use AWS PCA as a CA for Consul.