Key takeaways from HashiConf EU
HashiConf EU 19 is a major event that took place this week in Amsterdam, where Hashicorp made some announcements like Consul 1.6 beta release with a full featured service mesh. Couldn’t make it to Amsterdam to attend the show? Don’t worry, we’ve got you covered! Here are the key elements that you need to know.
1- Multi-cloud infrastructure is real and gains ground.
In his opening keynote, Armon Dagdar, co-CTO & co-founder gives his view on the adoption of multi-cloud infrastructures and explains how Hashicorp’s portfolio of offerings spans across multiple environments.
HashiCorp is moving towards enabling its portfolio of offerings to span multiple types and classes of IT environments. HashiCorp Consul, for example, can be run across both legacy IT environments as well as Kubernetes.
“Most organizations will need to support both legacy monolithic and microservices applications using a combination of DevOps and legacy ITIL processes.”
Rather than having to master new tools for each environment, HashiCorp is making a case for a common set of tooling that can be applied across multiple IT classes of processes.
While many organizations have fully transitioned to DevOps, many more are still struggling to make the transition. Reasons for not making that transition faster range from simple inertia to a lack of skills. Rather than having to take an all-or-nothing approach to modernizing IT processes, Dadgar said HashiCorp is enabling each IT department to embrace IT automation wherever they happen to be on that journey, including being able to embrace new platforms as they become available.
Armon Dadgar noted that level of extensibility is critical because most tools are still being brought into organizations from the bottom-up by individual members of the IT staff, rather than being championed from the top-down.
“The path of least resistance is to make IT automation tools as accessible as possible to members of the IT team regardless of skill level. Networking becomes more dynamic and complex with the move to microservices and multi-cloud environments. It is very challenging for network operations and security teams to keep up with the updates to network middleware and manage the increasingly complex network topologies."
The Beta release of Consul 1.6. comes with a set of new features to enable Layer 7 routing and traffic management. It also delivers a new feature, mesh gateway, that transparently and securely routes service traffic across multiple regions, platforms, and clouds.
Moving forward from its original focus on solving security challenges at Layer 4 and leveraging Consul’s service discovery feature to provide service-to-service identity and trust, Consul Connect has added support for additional proxies (Envoy), L7 observability, a simpler way to enable Consul ACLs and TLS, and platform integrations with Kubernetes.
"Today we’re proud to announce a major milestone in realizing our vision for service mesh. With the release of Consul 1.6 we are adding features for traffic management at Layer 7 and enabling transparent, cross-network connectivity with Mesh Gateways. Of course, these features work across platforms, with continued first-class support for Kubernetes and easy deployment across more traditional environments on any cloud or private network. This delivers on HashiCorp’s goal for Consul to enable multi-cloud service networking."
Additional Layer 7 Features, moving from Layer 7 observability to advanced traffic management patterns
The Last Consul release enabled Layer 7 observability using Consul Connect and Envoy by writing configuration entries that would configure the sidecar proxies to export metrics and tracing data.
Consul 1.6 introduces additional configuration entry types that enable advanced traffic management patterns for service-to-service requests. Users can now create configuration entries in HashiCorp Configuration Language (HCL) or JSON, and interact with them via the Consul CLI or API.
Mesh Gateway now answers the critical need to manage connections between multiple network environments.
As organizations distribute their workloads across multiple platforms, data centers, and clouds, the underlying network becomes increasingly fragmented and complex. Services in their respective environments run on independent networks, leading to multiple network silos. Managing connections between multiple network environments is challenging. It requires careful network planning to avoid overlapping IP addresses and typically relies on point-to-point VPN, networking peering, or private links. These approaches add operational overhead to manage and troubleshoot.
Mesh gateways are Envoy proxies at the edge of a network, which enable services in separate networking environments to easily communicate with each other. They are configured by Consul using a similar mechanism as sidecar proxies.
Consul’s Kubernetes integration is being updated too.
In addition, Consul’s Kubernetes integrations have been updated to enable Kubernetes users to easily deploy gateways. This enables services inside Kubernetes environments to communicate with services running on other platforms without complex configuration.
Hashicorp Nomad benefits from Consul 1.6 release with full integration.
3 - What’s up, Terraform?
Versioned policy sets, context-rich error messages and ServiceNow integration available on Terraform
Policy sets are a feature for users to enforce policies on select workspaces of their choice with Sentinel, the embeddable HashiCorp policy as code framework (currently only available for their line of Enterprise products). They enable organizations to create logical groups of policies to apply against different environments and for different components of their infrastructure.
HashiCorp announced that policy sets may now be configured using the source policies available in multiple version control systems (VCS), including GitHub, GitLab and Bitbucket. The goal is to make it simpler to enforce policies that would limit, for example, the number of virtual machines a developer might be allowed to spin up within the context of a set of GitOps processes.
"Today at HashiConf EU we are pleased to announce that policy sets may now be configured to source policies from version control systems (VCS), bringing all of the immutability benefits that users currently enjoy with Terraform configuration to Sentinel policies.
Immutability is a guiding principle in all of our products — part of the Tao of HashiCorp. Infrastructure management done responsibly is a versioned, auditable, repeatable, and collaborative process. All of these principles are exactly what Terraform Enterprise provides for infrastructure. With versioned policy sets, these same principles can now be applied to governance and policy management."
Policy code can now be sourced directly from any VCS provider configured in Terraform Enterprise. With the policy set configured, Terraform Enterprise has sourced our policy from version control and will enforce it on a run.
Versioned policy sets are now available in Terraform Cloud and will be available in the upcoming release of Terraform Enterprise.
Hashicorp announced Terraform Enterprise integration for ServiceNow Service Catalog.
Via integration with the Service Catalog from ServiceNow, IT administrators working with a traditional ITIL-based framework now can invoke Terraform Enterprise to provision IT services. HashiCorp CTO Armon Dadgar said rather than requiring organizations to hire an infrastructure engineer to automate the provisioning of IT infrastructure, IT administrators now can do the job.
Terraform Enterprise offers organizations an infrastructure-as-code approach to multi-cloud provisioning, compliance, and management. Organizations who adopt Terraform Enterprise want to provide self-service infrastructure to end-users within their organization. The integration with ServiceNow extends this capability so that any end-user can request infrastructure from the ServiceNow Service Catalog and Terraform Enterprise can provide an automated way to service those requests.
Self-Service Infrastructure with ServiceNow & Terraform Enterprise
ServiceNow provides digital workflow management, helping teams work quickly and efficiently with one another by offering a straightforward workflow for their interactions. The ServiceNow Service Catalog offers a storefront of services that can be ordered by different people in the organization. One common request between teams is for Cloud resources: a developer needs a fleet of machines to test out a codebase or the IT team in finance has a request for infrastructure to run their new accounting software. For organizations who use the ServiceNow Service Catalog, the requests can be submitted through ServiceNow and routed to the right team for Cloud Infrastructure.