Feb 08 2018 Anubhav Mishra
Applying Policy as Code to Kubernetes Resources
Using HashiCorp Terraform Enterprise and the Kubernetes provider we can apply fine-grained policy enforcement using Sentinel to Kubernetes resources, before the changes to the resources are applied on the cluster. This blog post explores using Sentinel in Terraform Enterprise to manage Kubernetes clusters and enforce Kubernetes service types and namespace naming conventions.
Feb 05 2018 Chris Roberts
HashiCorp Vagrant 2.0.2.
We are pleased to announce the release of HashiCorp Vagrant 2.0.2. Vagrant is a tool for building and distributing development environments. The highlight of this release is an updated implementation of SMB synced folders with added host support for macOS.
Jan 25 2018 Nic Jackson
Using Sentinel Policy to enforce continuous deployment windows
In the same way that we can embed Sentinel into a pipeline to enforce policy for Terraform plans, or Vault secrets, we can also enforce policy in a continuous delivery pipeline.
In this post, we are going to examine how Sentinel Policy and the Sentinel Simulator can be used to ensure your CD system only deploys your application within a specified time window.
Jan 18 2018 Fraser Pollock
TFE and Sentinel: Provisioning Policy for Data Sovereignty in the Cloud
Infrastructure as code with HashiCorp Terraform enables operators to automate provisioning at scale. This comes with risks, as every action can have larger effects. Sentinel policy as code places guardrails to protect users from creating infrastructure changes that fall outside of business, security, and compliance policies. This blog will take a look at writing and enforcing a policy using Terraform Enterprise to restrict provisioning resources in certain availability zones to ensure data sovereignty.
Jan 12 2018 Armon Dadgar
Why Policy as Code?
HashiCorp advocates for "infrastructure as code" approaches to managing infrastructure. We have talked about it publicly and published about it in our Tao of HashiCorp. At HashiConf 2017, we announced Sentinel, a framework for "policy as code". The same coding practices that are applied to infrastructure can be very effective in enforcing and managing policies. Codifying policy removes the need for ticketing queues, without sacrificing enforcement.
Jan 10 2018 Nic Jackson
Functions as a Service with Nomad and OpenFaaS
OpenFaaS (or Functions as a Service) is a framework for building serverless functions but with containers. With OpenFaaS you can package any process or container as a serverless function for either Linux or Windows - just bring your Nomad cluster. The project focuses on ease of use through its UI and CLI which can be used to test and monitor functions in tandem with Prometheus enabling auto-scaling.
Jan 04 2018 Armon Dadgar
Brokering Cloud Identity
As organizations adopt one or more public clouds they are faced with the challenge of securely providing access to secret material, such as usernames and passwords, API tokens, encryption keys, and TLS certificates. This problem is known as secret management, and there are several primary challenges including authentication, authorization, auditing, and supporting a diverse set of environments, clients, and end systems.
Dec 27 2017 Armon Dadgar
2017 Year in Review
As we close out the year, we wanted to reflect on our amazing progress this year. In just the last year, we’ve gone from around 60 people with a majority in engineering, to over 160 across all groups. We’ve shipped more open source releases than in any previous years, delivered four commercial products, raised a $40M Series C, announced major partnerships, and added over a hundred new customers. And this list is only a subset of the last year!
Dec 19 2017 Burzin Patel
Deprecating the Microsoft Azure (legacy ASM) Terraform Provider
We're announcing the immediate deprecation of the Terraform provider for Azure ASM (Azure Service Management) in favor of the newer Azure Resource Manager (ARM) provider. The Azure ARM provider will be renamed to "Azure".
Dec 19 2017 Anubhav Mishra
Smart Networking with Consul and Service Meshes
Over the past year, service mesh technologies have gained significant interest. Even though the idea of a service mesh isn’t new, the implementation details are new to some people. At HashiCorp we build Consul, a free and open source tool that provides service discovery, health checking, load balancing, and a globally distributed key-value store. These features make Consul ideal as a control plane for a service mesh. This post discusses a few first principles around adopting service meshes and how Consul can be used as a control plane for projects like Istio, Linkerd, and Envoy.
Dec 12 2017 Maciej Skierkowski
HashiCorp Terraform Enterprise General Availability
We’re pleased to announce the general availability (GA) of the new HashiCorp Terraform Enterprise. Terraform Enterprise enables teams and organizations to safely use Terraform together with collaboration and governance features.
Dec 11 2017 Chris Marchesi
A (Re)-Introduction to the Terraform vSphere Provider
Since the release of HashiCorp Terraform 0.10, HashiCorp has been working hard to improve the features in our VMware vSphere provider for Terraform. At the start of December, we reached a major milestone for the vSphere provider with the release of version 1.0.
Nov 28 2017 Burzin Patel
AWS re:Invent 2017: HashiCorp Booth, Demos, Announcements, and more
We are excited to be part of AWS re:Invent again this year in Las Vegas, Nevada. The event is a great place to connect face-to-face with community and customers, a great showcase of our ongoing work with AWS, and a perfect location to announce day-1 support for one of their newly released services.
Nov 27 2017 Seth Vargo
Load Balancing Strategies for Consul
Consul is a free and open source tool that provides service discovery, health checking, load balancing, and a globally distributed key-value store. In microservice architectures, applications often run across many IP addresses and bind to a variety of ports. Service discovery aids in the process of finding these different services, regardless of where they are located. This post discusses a few common strategies for load balancing microservices with Consul.
Nov 21 2017 Pavel Klushin
Spotinst and HashiCorp Nomad to Reduce EC2 Costs for Users
Guest post from Pavel Klushin, Solutions Architect at Spotinst.
Utilizing capacity in the cloud can save a lot of money, but taking advantage of those savings requires a lot of work. Spotinst, is a platform for running and managing elastic cloud compute and enables companies to reduce their compute infrastructure costs by 60-80%. HashiCorp Nomad provides easy-to-use and flexible cluster management and container scheduling. Nomad and Spotinst Elastigroup together allow you to efficiently deploy containerized workloads and easily manage clusters at any scale for a fraction of the cost.
Nov 14 2017 Andy Manoske
HashiCorp Vault 0.9
We are excited to announce the release of HashiCorp Vault 0.9. Vault is an infrastructure automation security product that provides secrets management, encryption as a service, and privileged access management. The 0.9 release of Vault is focused on new functionality that improves Vault’s governance and data security capabilities across globally-distributed, multi-cloud environments.
Nov 02 2017 Ryan Uber
Sentinel and Terraform Enterprise: Applying policy as code to infrastructure provisioning
Infrastructure as code with HashiCorp Terraform enables operators to automate provisioning at scale. This comes with risks, as every action can have larger effects. Sentinel policy as code places guardrails to protect users from creating infrastructure changes that fall outside of business and/or regulatory policies.