HashiCorp Consul is a services networking platform that automates cloud networking using a shared service registry. Both practitioners and Enterprises use Consul to connect and secure application services across multiple runtime platforms and cloud environments. Organizations can adopt Consul features gradually as their cloud capabilities mature - allowing them to benefit from it immediately, run in production environments safely and scale confidently.
We are excited to announce the Consul 1.7 release. This release includes a new enterprise feature called namespaces that simplifies organizational complexity for enterprises by enabling self-service, governance and operations across many user environments and services.
» The Problem - Service Name Sprawl Across Application Teams
A key part of DevOps is agile development where specific teams develop and deploy applications in shorter cycles to ensure continuous delivery of software across development, testing, and production.
Until now, all resources registered in Consul shared a single universal scope. Specific development teams had to coordinate with each other to make sure their service names didn’t overlap. If different teams registered different services with the same name, Consul service discovery would surface all instances of both services. To work around this problem, teams could coordinate with each other to create unique names or tags and service metadata to differentiate their services. This introduced additional operational overhead, increased risk of misconfigurations, and forced discrete teams to be more reliant on each other.
According to DevOps principles, teams should be able to manage their own services. Before namespaces, a central security team had to manage and review all application policies including who can register what services and which services can communicate with each other - even when both services belonged to the same team. This restriction slowed down the deployment process and made it more difficult for teams to own their own software deployments.
» Consul Namespaces
Consul namespaces allow global operators to create isolated environments in a shared cluster and apply any required service access restrictions for authenticated users. This allows teams to re-use services names or K/V prefixes across namespaces and removes the requirement to coordinate resource names between teams.
In addition, operators may sub-delegate administrative privileges for a given namespace to individual teams, enabling team administrators to further delegate permission for service registrations, ACLs, policies and token creations, etc.
Namespaces will be critical for larger organizations automating their services networking infrastructure in the cloud. With the proliferation of application services, governance and policy management features like namespaces will enable your organization to adopt key DevOps patterns including service discovery, network middleware automation, and zero-trust networking with service mesh. Organizations can get started with namespaces immediately by reading our new learn guide on namespaces. To hear more about Consul namespaces and watch a live demo of namespaces, register for the upcoming webinar here.