Consul 1.21 improves service discovery, Consul on Kubernetes, and supports OpenShift 4.17

HashiCorp Consul is a global service networking platform that provides multi-runtime service discovery and secure services networking. It is widely adopted and used in production by companies that include Expedia and Workday. The latest Consul version 1.21 includes a broad range of enhancements across different parts of Consul, including:

• A simplified architecture for discovering external software applications
• Disaster recovery improvements for Consul on Kubernetes
• Support for OpenShift 4.16 and 4.17
• Kubernetes Pod Security Admissions Controller support

»Simplified service discovery for external services

One of Consul’s core capabilities is to provide global service discovery across multiple different runtimes, platforms, and clouds. In order to do this, Consul agents that are installed on each service send updated information to the Consul servers, including health status and current IP addresses. However, there are some external applications, like Amazon RDS or Azure Database, that do not allow the installation of third-party agents. In these scenarios, Consul External Monitoring Service (ESM) can be used to query the latest health and location information from these external services.

Consul ESM is software that can be installed on a separate container or VM that queries each external service for its current health and location information. Prior to Consul 1.21, a Consul agent was also required alongside Consul ESM. The Consul agent was responsible for retrieving the information from Consul ESM and sending it to the Consul servers using the gossip protocol. However, gossip uses UDP, which is not as reliable. In addition, it requires bi-directional communication between Consul servers and Consul agents, which can be challenging for customers with restrictive network security policies.

In the latest Consul version, Consul ESM no longer requires Consul agents. Instead, Consul ESM will be able to communicate directly to Consul servers. Consul ESM will also only need outbound connectivity from its network, making it simpler to configure in highly restrictive networks. Lastly, Consul operators will no longer manage Consul agents with Consul ESM. As a result, this new simplified architecture makes it easier for organizations to deploy, manage, and maintain Consul ESM for service discovery of external services.

»Consul on Kubernetes improvements

Consul provides a capability to take snapshots of the Consul server’s current configuration. In the event of an outage or disaster, snapshots can be used to restore Consul servers back to their previous state. For Consul on Kubernetes, a snapshot agent is deployed as a sidecar that is responsible for performing the snapshots. The snapshot agents can store snapshots locally or send snapshots to S3-compatible storage targets, including Amazon S3 and Azure Blob Storage. In the latest release, we’ve added support for the Consul on Kubernetes snapshot agent to send snapshots to Google Cloud Storage. This adds more flexibility for organizations to easily send backups to their preferred storage locations, resulting in a reduced burden for operators to manually copy backups to Google Cloud Storage.

»OpenShift 4.16 and 4.17 support

Consul 1.21 now fully supports OpenShift 4.16 and 4.17. Applying Consul’s service mesh capability to enforce zero trust principles greatly improves security for OpenShift deployments. Organizations can ensure that all service-to-service communication on OpenShift is authorized, authenticated with mTLS, and encrypted over the network. Furthermore, OpenShift customers can continue to leverage Consul’s global service discovery capabilities across multiple runtimes and cloud environments. Lastly, Consul 1.21 is a Long-Term Support (LTS) release, which ensures OpenShift deployments on this version will be supported and maintained for approximately 2 years. Running on LTS versions greatly reduces the management burden of having to upgrade Consul every year.

»Kubernetes Pod Security Admissions support

Consul 1.21 supports Kubernetes Pod Securities Admissions, which replaces Kubernetes PodSecurityPolicies. PodSecurityPolicies allowed operators to define minimum security requirements for Kubernetes pods. However, due to the complexity and usability issues of PodSecurityPolicies, Pod Security Admissions was introduced in Kubernetes version 1.21 as a replacement. Consul’s latest support will allow Consul customers to manage and configure their Kubernetes clusters with Pod Security Admissions on each namespace, resulting in improved security and flexibility.

»New Consul documentation

Alongside the new Consul software release, we are introducing a reorganized Consul documentation structure designed to better serve our key audience personas — platform engineers, application developers, and security engineers. Previously, the documentation lacked consistent alignment with these users' needs, making it less intuitive to navigate. The new structure follows the Diataxis framework, featuring distinct sections for introductions, usage guides, and reference materials tailored to each persona. This refinement ensures that readers can more easily locate relevant information, improving accessibility and efficiency.

»Learn more about Consul 1.21

Get started with HashiCorp Consul through our many tutorials for both beginners and advanced users. You can start a free trial with self-managed Consul Enterprise to test out commercial features. More detailed information is available in the newly improved Consul documentation.