Today at HashiConf 2018 in San Francisco, we are announcing major updates across our entire suite of open source and enterprise products. Our mission is to allow users to run applications on any infrastructure, cloud or on-premises, using a modern infrastructure as code approach. This blog is a summary of the announcements being made at the event.
HashiCorp Terraform provides an infrastructure as code approach to safely and easily provision infrastructure at any scale. Terraform announcements include major enhancements to the HashiCorp Configuration Language (HCL), availability of Remote Operations for Enterprise users, and a new free tier for remote state storage.
Terraform’s configuration language, HCL, has seen tremendous adoption and after years of production usage in a wide range of organizational settings, Terraform users uncovered areas that would benefit from improvement.
We are excited to announce the preview release of Terraform 0.12 to address HCL feedback holistically. This release includes a more robust, feature-rich HCL to make the language simpler, consistent, and more flexible.
For more information on Terraform 0.12 and the improvements made to HCL, refer to the introductory blog detailing Terraform 0.12 and watch this short video:
Today we're announcing the availability of Remote Plans and Applies. This allows the Terraform CLI to interact with Terraform Enterprise transparently, making it easier to integrate into developer workflows and continuous integration (CI) systems.
For organizations transitioning to Terraform Enterprise, remote operations provides a way to take advantage of Enterprise capabilities, such as access controls and Sentinel policy enforcement, while preserving the core CLI workflow users are accustomed to.
For more information, read the blog Bringing Collaboration to the HashiCorp Terraform CLI: Introducing Remote Operations.
There are three core elements to the Terraform collaboration experience:
Managing a state file is the first collaboration hurdle with Terraform, and we are kicking off our commitment to collaboration for all by providing free remote state storage with:
This functionality will begin beta later this year. We invite all Terraform users to sign up for the waitlist to be notified when this and other collaboration functionality become available.
In time, we will offer both free and paid tiers for remote plans and applies and module registry. We are still working on the pricing, but the goal is to make the paid tier accessible to as broad an audience as possible. We are adding users to the free tier slowly and waiting to open the paid tiers to maintain a high-quality Terraform collaboration experience without performance issues. There are a lot of Terraform users in the world and we want to make sure the experience is robust for all.
For more information read the blog Terraform Collaboration for Everyone and watch this short video:
Today we are excited to announce the preview release of HashiCorp Vault 1.0. Vault enables users to centrally manage secrets to enforce access to systems, applications, and protect sensitive data. Since the first release of Vault in 2015, it has grown from a central place to keep secrets, to a comprehensive secrets management and data protection platform for some of the largest organizations in the world.
We hold a high bar for the 1.0 version of our products. At HashiCorp, 1.0 means: The major use cases are understood and well supported with a mature technical architecture and implementation that is highly stable for the intended use cases. The user experience and workflow of the project is well defined, easy to learn, and enables the major use cases in practice. The project is deployed broadly and has years of production hardening.
This gives us confidence that the software provides a successful "out-of-the-box" experience. Over the last three years Vault has evolved considerably and we’re excited to announce Vault 1.0.
A big ask from the community has been to open source the auto unseal capability of Enterprise. With this release, we are doing just that, with support for Alibaba Cloud, AWS, Google Cloud, and Microsoft Azure. This allows users to more easily automate the provisioning and lifecycle of Vault without a manual unseal process.
Additionally, Vault 1.0 will focus on enterprise stability, ecosystem integration, and scale, including: deeper integration with Kubernetes, helm charts, and batch tokens for enabling serverless and high scale batch processing use cases, and many other enhancements.
For more information visit the Vault homepage and watch this short video:
We are excited to announce Consul 1.4, featuring the General Availability of Consul Connect and a preview release for new multi-data center enterprise capabilities. Consul is a distributed service mesh to connect, secure, and configure services across any runtime platform and public or private cloud.
Since the initial release of Consul Connect in June this year, the Consul team has focused on production hardening and expanding the ecosystem integration to enable a global service mesh. This summer, we released native integration with Kubernetes to automate service discovery across Kubernetes clusters and other runtime platforms. We also delivered native integration with Envoy, one of the widely adopted proxies for service mesh solutions. Now, services within and outside Kubernetes clusters can be automatically discovered and securely connected using Envoy proxy.
Consul also enhanced its ACL system which significantly simplifies ACL operations and management.
In addition to Consul open source updates, Consul Enterprise added a new major feature to extend Connect capabilities beyond the single cluster use case. The new multi-data center service segmentation feature supports replication of intentions, to secure cross-cluster communication and enforce consistent security policies across distributed environments.
With the GA of Connect and the new release of Consul Enterprise, Consul is a universal service mesh to seamlessly bridge and securely connect services running on different runtime platforms and multiple clouds. Consul 1.4 and Consul Enterprise will be available later this week.
For more information visit the Consul project page and watch this short video:
HashiCorp Nomad provides a consistent workflow to deploy any application across any infrastructure. We are excited to showcase the capabilities in Nomad 0.9 that will be in preview release coming soon, and generally available in November. The release will include new affinity and spreading scheduling capabilities, plugin-based integrations for task drivers and device drivers, Web UI support for job submission, and improved resource statistic visualizations.
Affinity refers to the ability for a user to express desired placement for a given workload based on the current state of the runtime environment. Unlike constraints, allocations will still be placed if the defined affinity conditions cannot be met by the scheduler. This allows users to fine tune the scheduling logic to improve application performance or cluster utilization.
Anti-Affinities is similar to affinities but allow a job to express that it wants to avoid certain nodes. These are specified in the same way, but use a negative weight instead of a positive weight.
Nomad by default will attempt placement of a job on any eligible node while bin packing to maximize density. For some jobs we may want to spread workloads, for example across availability zones. The new Spreading capability will allow a user to define a desired spread within the job definition across any attribute, such as datacenter, availability zone, or hardware class.
Preemption support will enable Nomad to evict lower priority jobs to accommodate higher priority jobs when a cluster is at capacity. The 0.9 release specifically will allow Nomad to evict lower priority allocations as necessary to ensure that system jobs can run on every node in the cluster. Preemption for service and batch jobs will land in the Enterprise version of Nomad in a subsequent point 0.9.x point release.
This release involves a refactor of the Nomad client to enable plugin-based support for a range of features in both the current and future releases. The 0.9 release will add a plugin system to enable the community to easily contribute and maintain new task drivers. This will add another dimension to Nomad's flexibility to handle any containerized or non-containerized workload.
The 0.9 release will also add a device driver plugin system. Device driver plugins will enable Nomad to support specialized hardware including GPUs, TPUs, and FPGAs. GPUs in particular have become a standard means to accelerate computational workloads including machine learning, image processing, and financial modeling. An NVIDIA GPU device plugin will be natively supported in 0.9.
Upcoming releases will add additional plugin-based features including CNI-based network driver plugins and storage volume plugins.
Nomad 0.9 will enhance the Web UI to support job submission. This will enable easy experimentation for new users, fast iteration during dev/test cycles, and an escape hatch for operators to quickly make minor changes to resolve service outages. The Nomad team still strongly recommends a CI/CD and version control-based approach to deploy and manage production workloads.
The Preview release of Nomad 0.9 will be available in the coming weeks, with a GA release in November. To learn more about Nomad or get started visit https://www.hashicorp.com/nomad.
A core element of our Tao is "workflows, not technologies.” This philosophy extends to each tool and product within the HashiCorp Suite. This year, one of our major ecosystem initiatives is providing first-class integrations for Terraform, Vault, and Consul with Kubernetes for both native and mixed-mode environments.
To learn more about each of these integration read the blog Announcing First-Class Kubernetes Support for HashiCorp Products.
We acknowledge the need for our tools to work with all the technologies used by our users and customers. This includes large investments in private datacenters and on-premises environments. We highlighted our work at HashiConf, partnering with VMware, Nutanix, Cisco, F5, Venafi, and many other technology partners.
We are also excited to announce the availability of the the HashiCorp Learn Platform. The Learn Platform is focused on HashiCorp product education for practitioners. The platform is self-guided, so you can follow along at your own pace and schedule. The courses start with beginner introductions and progressively go through intermediate and advanced topics. The Learn Platform will initially offer Vault education and expand to include Terraform, Consul, and Nomad.
To learn more about the Learn Platform, read the blog Announcing the HashiCorp Learn Platform with Vault Experience. To get started, visit learn.hashicorp.com.
We are very excited about each of the announcements being made at HashiConf 2018. Investigate the many links above for more information. In addition, videos of the HashiConf 2018 keynotes and breakout sessions will be available shortly in the HashiCorp Resource Library.
Learn our best practices and get customer-tested templates that help HashiCorp Vault users adopt efficient producer-consumer models.
HashiCorp has renewed its SOC II Type II report for HCP Vault and HCP Consul, and obtained ISO 27017 and ISO 27018 certificates for its cloud products.
Learn how to configure HashiCorp Vault’s OIDC auth method to use Azure as an identity provider.