To further HashiCorp product integrations with Cloud Native Computing Foundation (CNCF) projects and to work more closely with the broad community of cloud engineers, today HashiCorp is joining the CNCF. This will enable HashiCorp to be more present in the CNCF community both digitally and in-person. We plan to be at more CNCF events, and with an expanded presence. We will make sure that our technical experts are available to help users of CNCF technologies to become successful with HashiCorp multi-cloud tools.
At a product level, following the feedback from our community, we are working on deeper and broader integrations with CNCF projects. We are committed to making sure Kubernetes is a first-class experience across all of our products. Across other CNCF projects, we want to collaborate on making sure there are seamless integrations, much like we already have with Envoy and Prometheus.
Below is a summary of some of those integrations and our efforts .
» HashiCorp, Kubernetes, and Other CNCF Integrations
Based on the feedback from many people in our community, it’s clear that Kubernetes is the path many are taking towards adopting cloud native technologies. This feedback is the reason why we announced our goal to make Kubernetes a first-class supported experience in 2018. Since then, we've staffed and delivered integrations across our projects and new features are launched with Kubernetes support immediately.
We have provided methods to deploy a HashiCorp Consul service mesh natively on to Kubernetes clusters using an easy-to-consume Helm chart, including features for syncing services, cross-cluster discovery, and more. We also participated in the Service Mesh Interface (SMI) Specification project which aims to standardize interactions with and between service mesh products on Kubernetes (review the repository here).
Consul provides a native integration with Envoy as well. It can be used both within a Kubernetes environment or with traditional infrastructure. Envoy can be used as a sidecar proxy for a service mesh, a traditional API gateway or ingress layer, or mesh gateway to enable multi-data center networking.
Our goal is to give a variety of options around how you can leverage HashiCorp Vault and Kubernetes to securely introduce secrets into your application stack (see our roadmap). To that end, applications can integrate directly with the Vault API, leverage a Kubernetes service account to authenticate with Vault, or use a Kubernetes Sidecar Injection to inject secrets sourced from Vault into applications with no native Vault logic built-in.
To address credentials and secrets in a cloud native world, you can start a Vault cluster running on Kubernetes in just minutes using the Helm Chart. This can greatly reduce the complexity of running Vault on Kubernetes and it gives you a repeatable deployment process in less time (versus creating your own).
We also partnered with Microsoft and the Kubernetes SIG community to deliver the Kubernetes Secrets Store CSI driver. This driver supports leveraging Vault to securely deliver secrets into a Kubernetes environment via the Container Storage Interface.
In the HashiCorp Terraform ecosystem, we’ve partnered with vendors and the community to develop providers not just for deploying Kubernetes clusters across the major cloud providers, but also for interacting directly with Kubernetes clusters. We’ve also worked collaboratively to maintain a provider for interacting directly with Helm charts. This gives practitioners a common way to interact with platforms that are deployed and managed in very different ways across multiple clouds.
All of these integrations are staffed today by dedicated teams, focused on improving the experience of our products with CNCF projects. We have an exciting roadmap ahead and look forward to working with the CNCF and the community to continue to deliver a first-class experience with Kubernetes and other CNCF projects.
» HashiCorp and the CNCF Community
We want to hear from the community on where we can be doing better. This is a large ecosystem and we want to know about opportunities for us to improve both product and process. We encourage people to engage with our teams on GitHub, our Discuss forum, or other community events. We look forward to using our new CNCF membership to expand our day-to-day involvement in the CNCF community and to continue to deliver what the community is looking for.