/*

Announcing HashiCorp Consul 1.7

Announcing HashiCorp Consul 1.7

HashiCorp Consul 1.7 is here! See what that means for you and if you find yourself asking how to get these technologies implemented in your environment, reach out! IGNW is here to help!


We're really excited to announce the availability of Consul 1.7.0. Consul is a multi-cloud service networking platform to connect and secure services across any runtime platform and public or private cloud.

This release includes the following features:

  • Namespaces (Consul Enterprise only): Namespaces help reduce operational challenges by removing restrictions around uniqueness of resource names across distinct teams. They enable operators to provide self-service through delegation of administrative privileges.

  • GCP Snapshot Storage (Consul Enterprise only): This allows Consul snapshots (created as backup for disaster recovery) to be stored in GCP.

  • AWS PCA as Certificate Authority for Consul: This release adds AWS PCA as a certificate authority option for Consul.

Release 1.7.0 is available for beta now, with general availability to follow. Please review the v1.7.0 changelog for a detailed list of changes. The binaries can be downloaded here.

Namespaces

Note: This is a Consul Enterprise feature

Traditionally, Consul has utilized a single, global scope for resources within an environment. All resources share this single scope for naming. This creates challenges in large scale, multi-user environments as teams must ensure distinct services utilize either unique names or tags and service metadata to differentiate themselves from services belonging to another team. This introduces additional operational overhead to ensure no conflicts exist and can increase the risk of misconfigurations if this process is not automated. In addition, administrative privileges are centralized at the global level, which places additional burden on operators to manage simple, day-to-day administrative tasks required by individual teams.

Namespaces allow a Consul environment to be divided into one or more logical environments that provide resource separation and allow the re-use of service names or K/V prefixes across namespaces—removing the requirement to coordinate resource names between teams.

Screen Shot 2019-12-18 at 11.23.33 AM.png

In addition, operators may sub-delegate administrative privileges for a given namespace to individual teams, enabling self-service for ACLs, tokens, policies, service registrations, K/V prefixes, and central configurations (a new feature for defining site-wide or service-specific Connect proxy configurations via the API) within the respective namespace.

With this feature, users will be able to:

  • Create, Update, Delete, and List Namespaces via the API, CLI, and UI

  • Create, Update, Delete, and List ACL Tokens, Roles, Policies, Auth Methods, and Binding Rules for a specific namespace

  • Delegate ACL administration for a Namespace to another user/token that doesn't have universal privileges

  • Register and discover services within a namespace

  • Create, Update, Delete, and List entries in the KV store within a namespace

  • Create, Update, Delete, and List sessions within a namespace

  • Create, Update, Delete, and List central config entries for a namespace.

  • Use DNS to discover services in particular namespaces

GCP Snapshot Storage

Note: This is a Consul Enterprise feature

Consul Enterprise automatically saves and restores the state of Consul servers for disaster recovery. The snapshot feature enables point-in-time backups of the K/V store, ACLs, service catalogs, plus prepared queries, automated backup files rotation, and the ability to store the backup file in a cloud storage service like Amazon S3 or Azure Storage. With this release, we are adding the capability to store the backup in Google Cloud Platform (GCP).

AWS Private CA as Certificate Authority for Consul

Consul provides an internal CA and can also use Vault to provide certificates. With this release, we are adding the ability to use AWS PCA as a CA for Consul.