Introducing Consul 1.4

Transcript

We're excited to announce the availability of Consul 1.4 which now turns Consul into a full service mesh that's enterprise ready and supports multiple data centers.

Consul 1.2: Connect

When we first introduced the concept of Consul Connect in Consul 1.2 it was with the goal of expanding Consul from a tool that just focuses on service discovery and service configuration, to a tool that also looks at how to segment traffic between all of our different services, some of which might be running on-prem, some of which might be in the cloud, some are containerized, some are virtual machines—this is the whole breadth of infrastructure. So with 1.2, we introduced that original set of functionality we called Connect, which enabled us to segment traffic and use a TLS-based approach to do zero trust networking.

Consul 1.3: Envoy

With 1.3 we looked at where the ecosystem's going in terms of users' preferences for how we actually proxy and filter this traffic. We particularly looked at Envoy Proxy as something our users wanted native support for. So with Consul 1.3, we added native support for Envoy as well as deeper and richer integrations with Kubernetes so that now we can sync catalog information so services in Kubernetes are available in Consul, services available in Consul are available in Kubernetes, and what this lets us do is do service discovery between applications inside and outside of Kubernetes seamlessly with Consul.

Consul 1.4: Multi-DC service mesh

With 1.4 what we looked at is, what is it going to take to make that an enterprise-ready solution? So part of that was support for multiple data centers. With Consul 1.2, the segmentation was limited to only a single data center, but with Consul 1.4, we now support native multi-data center capability so that we can manage and secure traffic that's flowing between multiple cloud data centers, public and private data centers, maybe just different regions of the same cloud, and really do that effectively and seamlessly.

Consul 1.4: Simplified ACL system

So part of that was supporting multiple data centers. The other part of it was looking at the limitations of Consul's ACL system in terms of defining and enforcing policies around what services are allowed to do what. Key values, service discovery, all of that surface area of Consul. In listening to our users, we heard that the existing ACL system was a little too complex, too difficult to get it to work at scale. So we took this opportunity to rewrite that and have a newer, simpler ACL system so that as part of now supporting multiple data centers, there's a simpler way of managing the policy around which services are allowed to do what.

All of that is now available as Consul 1.4 and we're very excited to be able to share that with the community.