consulnomadterraformvaultwaypointboundary

HashiCorp and KubeCon North America Virtual

In this blog, we round-up all of the KubeCon related activities HashiCorp will be doing this week at the virtual conference and adjacent to it.

HashiCorp is a sponsor at KubeCon + CloudNativeCon North America Virtual this week. We wanted to publish this blog to give you the most up-to-date information about how the HashiCorp product set fits into the CNCF ecosystem with projects such as Kubernetes, and the ways you can interact with our team at the event to gain the technical information you need. As a sponsor, HashiCorp will have a digital booth and our team will be participating in several other activities at the conference. 

HashiCorp joined the CNCF in March 2020 to continue advancing HashiCorp product integrations with CNCF projects and to work more closely with its broad community of cloud engineers. It also gave us the opportunity to collaborate closely with the CNCF community both digitally and in-person (when appropriate), interact with the community at CNCF events, bringing our team closer to the users of CNCF technologies, and help them succeed with HashiCorp multi-cloud tools. To understand how our core products, HashiCorp Terraform, Vault, Consul, and Nomad fit into the CNCF landscape, please see this diagram

KubeCon & ServiceMeshCon Sessions

ServiceMeshCon — panel

KubeCon NA Sessions: 

  • The New Stack Pancake Breakfast panel — Immutable Security 
    • November 17 at 11:00am EST
    • Presented by: 
      • Rosemary Wang, Developer Advocate, HashiCorp 
      • Om Moolchandani, Co-founder & CTO, Accurics 
      • Krishna Bhagavathula, CTO, NBA 
      • Dr. Chenxi Wang, Founder & General Partner, Rain Capital 
      • Priyanka Sharma, General Manager, CNCF 
      • Alex Wiliams, Founder & Publisher, The New Stack 

KubeCon Adjacent activities — Data on Kubernetes Meetup

  • The State of State On K8s
    • November 17 at 12:00pm EST
    • Presented by: 
      • Rosemary Wang, Developer Advocate, HashiCorp 
      • Jacquie Grindrod, Developer Advocate, HashiCorp 
      • Lili Cosic, Principal Software Engineer, RedHat 
      • Tomasz Cholewa, Cloud Code Labs 

HashiCorp Booth + CNCF HashiCorp Slack Channel

Our team of technical experts will be available each day at our digital booth to answer questions, and to do product demos for those interested. HashiCorp Developer Advocates will also be available on our CNCF HashiCorp Slack channel to answer questions from the community. 

HashiCorp Community Office Hours at KubeCon North America

HashiCorp’s Developer Advocate, Engineering, and Product Management teams will be hosting a series of Community Office Hours this week focused on HashiCorp tools and some of the CNCF projects they integrate with. The following sessions are open to the community, and will be streamed live on YouTube; to see the full schedule, or ask questions ahead of time please go here.

Tuesday, November 17

  • 9:00am EST: Using Vault and Kubernetes with HashiCorp Cloud Platform & Waypoint
  • 6:15pm EST: Connect and Secure Apps in Kubernetes with Consul and Vault 

Wednesday, November 18 

  • 9:00am EST: Boundary & Kubernetes: Identity-Based Access for Dynamic Infrastructure  
  • 6:15pm EST: Waypoint Workflows in a Kubernetes World 

Thursday, November 19 

  • 9:00am EST: Managing Kubernetes with Terraform 
  • 5:00pm EST: Events! Events in Nomad
  • 6:15pm EST: Multi-cluster service mesh with Consul on Kubernetes 

Friday, November 20

  • 12:00pm EST: Monolith to microservices with Consul service mesh 

The HashiCorp Portfolio + CNCF Projects

HashiCorp’s portfolio of products integrates with many CNCF projects, including Kubernetes, Spinnaker, Helm, CNI, Envoy, Prometheus, gRPC, Jaeger, Open Tracing, and more. 

HashiCorp is committed to further strengthen the value delivered by Terraform, Vault, and Consul to the Kubernetes community. This is particularly reflected in the recent product announcements that strengthen our product interaction with Kubernetes as a platform. We detail several of these integrations below. 

HashiCorp Vault and Kubernetes 

We have made significant progress in supporting Kubernetes with Vault, as we built out new functionality, added enterprise support, and are working towards improving the overall experience to make it as seamless as possible for Vault users running Kubernetes. 

First, we made it possible to inject Vault Secrets into Kubernetes Pods via a Sidecar. This is a Kubernetes integration that enables applications with no native HashiCorp Vault logic built-in to leverage static and dynamic secrets sourced from Vault. This is powered by a new tool called vault-k8s, which leverages the Kubernetes Mutating Admission Webhook to intercept and augment specifically annotated pod configuration for secrets injection using Init and Sidecar containers.

We also released the kubernetes auth method that can be used to authenticate with Vault using a Kubernetes Service Account Token. This method of authentication makes it easy to introduce a Vault token into a Kubernetes Pod.

Finally, we released the official HashiCorp Vault Helm Chart a year ago. The Vault Helm chart is the recommended way to install and configure Vault on Kubernetes. In addition to running Vault itself, the Helm chart is the primary method for installing and configuring Vault to integrate with other services such as Consul for High Availability (HA) deployments.

HashiCorp Terraform: Kubernetes and Helm Providers

Terraform has expanded support for the Kubernetes ecosystem with several providers and tools. The new Kubernetes-alpha provider, currently released as an experimental project, allows operators the ability to manage all Kubernetes objects including CustomResources and CustomResourceDefitionions, and brings in the ability to use Kubernetes Server-side Apply. The work done in the Kubernetes-alpha provider is planned to merge into the Kubernetes provider later this year.  In addition to the Kubernetes provider enhancements, the updated Helm provider will improve users’ abilities to manage Helm deployments by providing a diff for the Kubernetes resources Helm creates.

In Terraform 0.13, we released support for a Kubernetes backend, with support for state locking. This backend stores your Terraform state in a Kubernetes Secret. It’s a great option for users who want to destroy the state for their cluster resources when the cluster is destroyed.

The latest release is the HashiCorp Terraform Cloud Operator for Kubernetes. This operator provides a unified way to manage Kubernetes applications and their infrastructure dependencies via Terraform Cloud, through a single Kubernetes CustomResourceDefinition.

HashiCorp Consul: Helping Organizations on the Journey to Service Mesh

HashiCorp is a leader in the evolving service mesh space, and Consul is our most widely adopted product. We’ve taken a “workflows not technologies” approach with HashiCorp Consul — a solution for cloud networking automation — that differentiates it from other service mesh offerings. Consul offers a comprehensive multi-platform solution which is helping organizations bridge the gap between existing environments and cloud native solutions. 

Consul continues to expand and improve its capabilities for service discovery and service mesh. Consul 1.9, (announced at HashiConf US) last month, contains several improvements aimed at improving observability in the UI, adding more granular controls for managing service to service connections, and expands Kubernetes support to create a more Kube-native experience for operators and developers.

The updates to Consul focus on something unique in the service mesh market — connecting services regardless of the platform or environment, whether that’s between VMs, bare metal, Kubernetes, on-premises, public cloud, greenfield, or other existing environments.

To learn more about Consul and Kubernetes: read our blog: KubeCon 2020: HashiCorp Consul Further Expands Kubernetes Support and visit HashiCorp Learn — Consul on Kubernetes Tutorials.

HashiCorp Nomad: Reached 1.0 milestone and Dynamic Application Sizing

HashiCorp Nomad just hit a major milestone of releasing 1.0 version, signifying product maturity, user adoption, and stability. As the orchestrator market matured rapidly over the past few years, more organizations choose orchestrators based on their merit and how they fit into their specific use case and project. They leverage technologies based on their particular needs and constraints, such as the nature of applications, infrastructure environments, technical competencies, team sizes, budgets, SLAs, and more. An increased number of customers have organically adopted Nomad as an alternative or supplement to Kubernetes and see Nomad’s unique strengths in:

  • Simplicity in usage and maintainability 
  • Flexibility to deploy and manage both containers and non-containerized applications (Java, Windows, etc.)

Specifically, Nomad 1.0 introduces Dynamic Application Sizing for Nomad Enterprise, enabling organizations to optimize the resource consumption of applications through sizing recommendations intelligently and non-disruptively at scale. It also releases namespaces to be available in open source and includes other new capabilities like the event stream, HCL2 support, Envoy versioning, CNI improvements, HashiCorp Consul namespace support, and topology visualization. 

Visit us at our virtual booth at Silver Hall B, find our team on our CNCF HashiCorp Slack channel, and download our HashiCorp community emojis for Slack. Our team looks forward to interacting with you at KubeCon + CloudNativeCon North America Virtual to discuss how our products can help you in your cloud native journey. 

Sign up for the latest HashiCorp news