vaultconsulpacker

HashiCorp Cloud Platform Adds Transit Gateway, Okta Support, New Packages

The HashiCorp Cloud Platform (HCP) now has expanded capabilities for networking, single sign-on, and more. HCP will also support new configurations of HashiCorp Consul and HashiCorp Vault in the coming months.

Last year, we announced the HashiCorp Cloud Platform (HCP), a fully managed platform offering the HashiCorp products as a service to automate infrastructure on any cloud. We’re excited about our progress with the platform and with what practitioners are already doing with these new cloud services. In this blog, we will highlight some of the new features we’ve shipped recently and preview our future plans for HCP.

»Core Enhancements to HCP

Support for AWS Transit Gateway attachments. As you grow your HCP footprint, you’ll need more elegant ways to simplify networking at scale. That’s why we introduced support for transit gateway attachments in HCP.

Transit gateways enable a “hub-and-spoke” configuration of your networks, a simpler and more secure option compared to the complexity of managing separate virtual private cloud (VPC) connections over time. Instead of establishing a VPC peering connection for every environment, you can create an “attachment” to a transit gateway. The transit gateway then manages these connections centrally. With a transit gateway, you can secure a single ingress/egress point, instead of monitoring multiple peering connections. To get started, read this tutorial and watch this recent webinar.

HCP transit gateways

Single sign-on with Okta. Identity management is foundational to any platform. With HCP, we want to enable frictionless access to resources while simultaneously respecting enterprise permissions and controls. You now have a new option for single sign-on for HCP: Okta.

This option will appeal to organizations that require added security protections via SAML-based single sign-on. HCP also offers authentication via GitHub, and email/password (with optional multi-factor authentication).

Ready to connect Okta to HCP? Check out the step-by-step setup instructions.

Terraform Provider for HCP adds new actions. The HashiCorp Cloud Platform has a Terraform Provider for HCP that we update regularly to keep pace with the capabilities of the platform. Practitioners use the provider to manage their HVNs, connectivity to HCP, HashiCorp Consul deployments, and snapshots.

Now, we’ve added the first HashiCorp Vault resources to this provider in concert with the general availability of HCP Vault. Authorized users can interact with the HCP Terraform Provider to:

resource "hcp_hvn" "example" {
  hvn_id         = "hvn"
  cloud_provider = "aws"
  region         = "us-west-2"
  cidr_block     = "172.25.16.0/20"
}

resource "hcp_vault_cluster" "example" {
  cluster_id = "vault-cluster"
  hvn_id     = hcp_hvn.example.hvn_id
}
resource "hcp_hvn" "example" {  hvn_id         = "hvn"  cloud_provider = "aws"  region         = "us-west-2"  cidr_block     = "172.25.16.0/20"} resource "hcp_vault_cluster" "example" {  cluster_id = "vault-cluster"  hvn_id     = hcp_hvn.example.hvn_id}

Keep tabs on our progress with the Provider via the project’s GitHub releases page.

»HCP Consul Prepares New Configurations, More Federation Options

HCP Consul hit GA in February. We offer a dev/test package and three sizes suitable for production deployments. All feature hourly pricing. We’re excited about the reaction to HCP Consul so far, and we are investing in new configurations for additional cloud service networking scenarios.

Starter and Plus configurations. For entry-level production environments, we’re planning an HCP Consul Starter tier. This option will appeal to:

  • Practitioners looking to support a production-ready environment, but still early in their adoption journey.
  • Open source users looking to minimize the operational cost of managing Consul in their own environment.

We can envision an organization deploying Consul Starter clusters initially, then gracefully growing into more powerful HCP Consul configurations over time. (If you want to know when the Consul Starter package launches, sign up to be notified.)

At the other end of the spectrum, we’re also building an HCP Consul Plus tier. This package is designed for organizations with a more distributed service-networking footprint. The Plus tier will feature multi-cluster federation, which aids enterprises running services in different regions or looking to build out additional redundancy.

Of course, resiliency and segmentation of clusters are also important within a single region, so we’re building intra-region federation as well. Look for these federation capabilities to hit HCP later in 2021.

Consul 1.10. You can expect HashiCorp services running atop HCP to keep pace with our open source releases. As such, we’ll upgrade HCP Consul to Consul 1.10 in the coming months. The Consul 1.10 flagship feature is the transparent proxy. Instead of requiring prescriptive steps to govern the flow of traffic between services, the transparent proxy allows Consul to figure out the destination based on details embedded in the service itself. Developers will appreciate this feature’s ability to transparently intercept and redirect traffic from applications without any extra work. (Check out the Consul 1.10 beta blog post to learn more.)

»HCP Vault Readies More Production Packages, Cross-Region Replication

The second service we brought to HCP was Vault, which launched in April. As with HCP Consul, we launched with dev/test and standard production packages to fit a range of scenarios.

Even in its early days, HCP Vault demonstrates HashiCorp’s commitment to lifecycle management; we updated from Vault 1.6 in our beta period to Vault 1.7 for GA. Best of all, HashiCorp engineers did the upgrade work, so you didn’t have to.

Starter and Plus configurations. Vault is used by a wide range of organizations, and we want to add more sizing options so HCP Vault can serve even more companies. A Starter package — coming soon — will be ideal for folks bringing over new cloud security workloads running in production that need room to grow. After that, we’ll look to the higher end of the market with a Plus configuration catering to organizations that need cross-region replication for HCP Vault clusters. We’re also planning to add encryption-as-a-service and other features.

»HCP Packer Aims to Accelerate Image Management Workflows

The next service coming to HCP is HashiCorp Packer. For many users, an automation gap exists between image builds with Packer and image deployments with Terraform. Practitioners often use custom scripts and spreadsheets to choose which image to deploy. These manual tasks can be slow and error-prone.

HCP Packer registry

The initial launch of HCP Packer will provide a cloud-hosted registry that streamlines this workflow, bridging the gap between Packer image builds and Terraform instance provisioning. The service will host the metadata associated with artifacts generated by Packer. From there, you’ll be able to expose the metadata for downstream consumption and deployment. To learn more, check out the HCP Packer announcement blog post and sign-up to be a beta tester.

»Try HCP and Get a $50 Credit

HCP provides you the convenience of consuming HashiCorp tools as a managed service. To help you get started, we’re offering a $50 credit when you create an HCP account and spin up your first cluster. Sign up today.

Sign up for the latest HashiCorp news