Consul 1.10 adds exciting new features such as transparent proxy for service mesh, support for xDS v3, streaming, and observability enhancements.
We are pleased to announce that HashiCorp Consul 1.10 is now generally available to all users. This release is yet another step forward in our effort to help organizations run Consul efficiently at scale and seamlessly integrate service mesh into their application workflows. Consul 1.10 contains a number of exciting features that we will review in this blog.
As with any service mesh, Consul facilitates secure service-to-service communication through sidecar proxies, typically Envoy. Previously, our goal was to allow users to be very prescriptive in the flow of traffic between these services by setting dedicated upstreams and guidance to the proxies for connectivity. While many users value this capability, others prefer to allow the mesh to govern itself and allow Envoy to infer the destination based on the application information.
This feature is known as Transparent Proxy and it is available today in Consul 1.10. Now users can have the proxy intercept and redirect traffic from applications running in virtual machines or Kubernetes without additional modifications.
Consul 1.10 will default to using xDS version 3 and Incremental xDS for all supported Envoy proxy versions bootstrapped by the Consul 1.10 CLI. This is driven by the fact that xDS v2 was deprecated in Envoy 1.15 and disabled in Envoy 1.17. Envoy proxies bootstrapped with older Consul CLI binaries will continue to use the xDS v2 state-of-the-world API.
Consul 1.9 introduced a major architectural enhancement in how update notifications for blocking queries are delivered within the cluster. The enhancement is called streaming and it significantly reduces CPU and network bandwidth usage for large-scale Consul deployments. One of our customers, Criteo, actually blogged about their experience with streaming and how it helps them run Consul at a large scale.
In Consul 1.10, streaming is now available for the service health HTTP endpoint and is enabled by default. Our goal is to make streaming the only mechanism for delivering blocking query updates.
In Consul 1.10, the Consul UI has a fresh redesign complete with a new sidebar layout. The new UI makes it easier for users to navigate Consul if they would prefer to not use the CLI. Additionally, we have made it even easier to take advantage of Consul’s Service Visualization UI, introduced in Consul 1.9.
Kubernetes users now have the ability to deploy Prometheus via the Consul Helm chart. This will automatically integrate Prometheus with Consul’s Service Visualization UI for displaying traffic metrics between services. This is currently intended to be used for demo / non-production environments. Additionally, Consul Agent and Gateway metrics can be enabled with Helm and loaded into a Grafana dashboard.
Additionally, we have enabled users to expose Pod and Envoy metrics to Prometheus using Kubernetes annotations via a single endpoint. In the past, users needed to choose either Envoy or Pod metrics since the Prometheus annotations only allow users to scrape from a single Pod with a container on Kubernetes. You can read more about configuring metrics for Consul Kubernetes in our Observability docs.
In Consul 1.4, we upgraded to a new Access Controls (ACLs) system. This upgrade made improvements in Consul’s ACL system handles the API, Tokens, and Policies. With Consul 1.10, we are officially deprecating the legacy system and will be making plans to officially remove it from Consul. The legacy ACL system will still remain available for users in the near term, but we strongly recommend that users begin the process of migrating to our new ACL system. For more information about our ACL system and recommendations on migrating tokens, please review our documentation.
We are excited for users to try this release of Consul and further expand their service mesh implementations. This release includes enhancements for all types of Consul users leveraging the product for service discovery and service mesh, across both containerized and non-containerized environments. Our goal with Consul is to enable an enterprise-ready, consistent control plane to discover and securely connect any application. One last note for our enterprise customers, Consul 1.10 introduces some changes to how enterprise licensing is handled. If you are an enterprise customer and have questions about these changes, please refer to this learn guide. For more information about Consul, please visit our documentation and to get started with the Consul 1.10, please download operating system binaries from our release page or install the latest v0.32.0 Helm chart that supports Consul 1.10 for Kubernetes.
Auto-Config is a highly scalable method to distribute secure properties and other configuration settings to all Consul agents in a datacenter.
From maturity to security, take a closer look at the networking and service mesh trends uncovered in the new HashiCorp State of Cloud Strategy Survey.
Compliance-driven network infrastructure automation with Consul-Terraform-Sync 0.3 is now generally available for HashiCorp Terraform Enterprise.