Consul 1.18 GA improves enterprise reliability with Long-Term Support

Consul 1.18 improves enterprise reliability with Long-Term Support, fault-injection capabilities, and expanded Amazon ECS support for multi-runtime deployments.

We're excited to announce that HashiCorp Consul 1.18 is now generally available. This release introduces significant enhancements for HashiCorp Consul, our service networking solution designed to help users discover and securely connect any application across any cloud or runtime. These new capabilities aid organizations in increasing enterprise reliability and scale, facilitating easier deployment and management of distributed applications across various environments.

This blog post will take a closer look at the key enhancements in Consul 1.18:

  • Long-Term Support (LTS) releases for Consul Enterprise
  • Fault injection for Consul Enterprise service mesh
  • Consul ECS runtime enhancements: Transparent proxy, API gateways, and terminating gateways

»Enterprise reliability

Two of Consul 1.18’s major new features enhance enterprise reliability, reduce maintenance burden, and enable service resiliency improvements.

»Long-Term Support releases (Enterprise)

We’re pleased to introduce a Long-Term Support (LTS) release program for self-managed Consul Enterprise, starting with versions 1.15 and 1.18. This program designates the first major release of each calendar year, typically in late February, as an LTS release. The annual LTS release will receive critical fixes and security patches for two years as well as a hardened upgrade path to the next LTS release.

Upgrading critical software is a balancing act: Action incurs engineering effort and risks, while inaction leaves vulnerabilities and defects open. Consul Enterprise LTS reduces both overhead and risk beyond the industry standard by providing critical fixes for an extra year without requiring major upgrades.

For more information, refer to this blog post: Consul Enterprise Long-Term Support (LTS) improves operational efficiency.

»Fault injection for service mesh (Enterprise)

Fault injection for service mesh enables organizations to explore and enhance their system resilience in microservice architectures. Teams can explore service behavior in response to problems with an upstream service by injecting faults without changing application code.

For example, how does the ‘frontend’ service respond to latency from the ‘api’ service? Just configure the service mesh to cause the ‘api’ service to automatically add 3,000ms of latency to 100% of requests. The developers of the ‘frontend’ service can then iteratively modify and test their code to provide a better consumer experience when facing latency.

Three fault types can be introduced to a specified percentage of HTTP or gRPC traffic to a service:

  • Error code (e.g. 429 too many requests)
  • Response latency (e.g. 5,000ms)
  • Response rate limit (e.g. 1,000KiB/s)

Faults can also be conditionally injected based on request header matching. Referencing the previous example, the service mesh could be configured to inject latency to ‘api’ service responses only when the X-FAULT-INJECTION-OPT-IN request header has the value true. Now, ‘frontend’ service developers can opt into latency in ‘api’ service responses by including that request header.

Refer to the fault injection documentation for more information.

»Expanded runtime support

Consul is designed to provide a unified solution across any cloud and any runtime, including:

  • Virtual machines (VMs) and bare metal machines
  • Kubernetes
  • HashiCorp Nomad: A simple and flexible scheduler and orchestrator for managing containers and non-containerized applications
  • Amazon ECS: Serverless container runtime
  • AWS Lambda: Serverless function runtime

Consul 1.18 includes several enhancements to the maturity of its Amazon ECS runtime adaptation:

»Amazon ECS: Transparent proxy support

Transparent proxy mode is a feature available on some Consul runtimes (Kubernetes, VMs) that simplifies both:

  • Security: All outbound traffic from, and inbound traffic to, a service must go through its local service mesh sidecar proxy. Therefore, the service mesh cannot be bypassed, ensuring enforcement of all policies — such as service-to-service authorization.
  • Service onboarding: Services can reference their upstreams without needing to explicitly configure them in a Consul service definition.
This diagram shows that if a downstream service attempts to directly access the ‘database’ service, such as with an AWS Cloud Map DNS lookup, transparent proxy mode redirects that traffic through its sidecar to ensure that service mesh policies are enforced.

If a downstream service attempts to directly access the ‘database’ service, such as with an AWS Cloud Map DNS lookup, transparent proxy mode redirects that traffic through its sidecar to ensure that service mesh policies are enforced.

Consul 1.18 and Consul ECS 0.8 add support for transparent proxy mode for ECS on Amazon EC2 tasks. With transparent proxy mode enabled, all traffic to and from each application container will pass through the sidecar proxy container within the same task.

Refer to the Consul ECS technical specifications and the EC2 with transparent proxy example deployment for more details.

»Amazon ECS: Expanded gateway support for mesh ingress and egress

Consul service mesh provides built-in gateways for managing traffic coming into and out of the service mesh:

  • API gateway for ingress traffic: Controls access from services outside the mesh into the mesh, including authorization, TLS settings, and traffic management.
  • Terminating gateway for egress traffic: Controls access from services in the mesh to services outside the mesh, including authorization and TLS settings.

Consul 1.18 and Consul ECS 0.8 add support for configuring API and terminating gateways as ECS tasks.

Refer to the following deployments in the Consul ECS example repository for more details:

»Next steps for HashiCorp Consul

Our goal is for Consul to enable a consistent, enterprise-ready control plane to discover and securely connect any application. Consul 1.18 includes enhanced workflow management, reliability, and security for service networking.

We are excited for users to try these new Consul updates and further expand their service discovery and service mesh implementations. Here’s how to get started:

Sign up for the latest HashiCorp news

By submitting this form, you acknowledge and agree that HashiCorp will process your personal information in accordance with the Privacy Policy.