Consul 1.18 GA improves enterprise reliability with Long-Term Support
Consul 1.18 improves enterprise reliability with Long-Term Support, fault-injection capabilities, and expanded Amazon ECS support for multi-runtime deployments.
We're excited to announce that HashiCorp Consul 1.18 is now generally available. This release introduces significant enhancements for HashiCorp Consul, our service networking solution designed to help users discover and securely connect any application across any cloud or runtime. These new capabilities aid organizations in increasing enterprise reliability and scale, facilitating easier deployment and management of distributed applications across various environments.
This blog post will take a closer look at the key enhancements in Consul 1.18:
- Long-Term Support (LTS) releases for Consul Enterprise
- Fault injection for Consul Enterprise service mesh
- Consul ECS runtime enhancements: Transparent proxy, API gateways, and terminating gateways
» Enterprise reliability
Two of Consul 1.18’s major new features enhance enterprise reliability, reduce maintenance burden, and enable service resiliency improvements.
» Long-Term Support releases (Enterprise)
We’re pleased to introduce a Long-Term Support (LTS) release program for self-managed Consul Enterprise, starting with versions 1.15 and 1.18. This program designates the first major release of each calendar year, typically in late February, as an LTS release. The annual LTS release will receive critical fixes and security patches for two years as well as a hardened upgrade path to the next LTS release.
Upgrading critical software is a balancing act: Action incurs engineering effort and risks, while inaction leaves vulnerabilities and defects open. Consul Enterprise LTS reduces both overhead and risk beyond the industry standard by providing critical fixes for an extra year without requiring major upgrades.
For more information, refer to this blog post: Consul Enterprise Long-Term Support (LTS) improves operational efficiency.
» Fault injection for service mesh (Enterprise)
Fault injection for service mesh enables organizations to explore and enhance their system resilience in microservice architectures. Teams can explore service behavior in response to problems with an upstream service by injecting faults without changing application code.
For example, how does the ‘frontend’ service respond to latency from the ‘api’ service? Just configure the service mesh to cause the ‘api’ service to automatically add 3,000ms of latency to 100% of requests. The developers of the ‘frontend’ service can then iteratively modify and test their code to provide a better consumer experience when facing latency.
Three fault types can be introduced to a specified percentage of HTTP or gRPC traffic to a service:
- Error code (e.g. 429 too many requests)
- Response latency (e.g. 5,000ms)
- Response rate limit (e.g. 1,000KiB/s)
Faults can also be conditionally injected based on request header matching. Referencing the previous example, the service mesh could be configured to inject latency to ‘api’ service responses only when the X-FAULT-INJECTION-OPT-IN
request header has the value true
. Now, ‘frontend’ service developers can opt into latency in ‘api’ service responses by including that request header.
Refer to the fault injection documentation for more information.
» Expanded runtime support
Consul is designed to provide a unified solution across any cloud and any runtime, including:
- Virtual machines (VMs) and bare metal machines
- Kubernetes
- HashiCorp Nomad: A simple and flexible scheduler and orchestrator for managing containers and non-containerized applications
- Amazon ECS: Serverless container runtime
- AWS Lambda: Serverless function runtime
Consul 1.18 includes several enhancements to the maturity of its Amazon ECS runtime adaptation:
» Amazon ECS: Transparent proxy support
Transparent proxy mode is a feature available on some Consul runtimes (Kubernetes, VMs) that simplifies both:
- Security: All outbound traffic from, and inbound traffic to, a service must go through its local service mesh sidecar proxy. Therefore, the service mesh cannot be bypassed, ensuring enforcement of all policies — such as service-to-service authorization.
- Service onboarding: Services can reference their upstreams without needing to explicitly configure them in a Consul service definition.
Consul 1.18 and Consul ECS 0.8 add support for transparent proxy mode for ECS on Amazon EC2 tasks. With transparent proxy mode enabled, all traffic to and from each application container will pass through the sidecar proxy container within the same task.
Refer to the Consul ECS technical specifications and the EC2 with transparent proxy example deployment for more details.
» Amazon ECS: Expanded gateway support for mesh ingress and egress
Consul service mesh provides built-in gateways for managing traffic coming into and out of the service mesh:
- API gateway for ingress traffic: Controls access from services outside the mesh into the mesh, including authorization, TLS settings, and traffic management.
- Terminating gateway for egress traffic: Controls access from services in the mesh to services outside the mesh, including authorization and TLS settings.
Consul 1.18 and Consul ECS 0.8 add support for configuring API and terminating gateways as ECS tasks.
Refer to the following deployments in the Consul ECS example repository for more details:
- API gateway on ECS example
- Terminating gateway on ECS example — with transparent proxy
- Terminating gateway on ECS example — with (m)TLS to the external service
» Next steps for HashiCorp Consul
Our goal is for Consul to enable a consistent, enterprise-ready control plane to discover and securely connect any application. Consul 1.18 includes enhanced workflow management, reliability, and security for service networking.
We are excited for users to try these new Consul updates and further expand their service discovery and service mesh implementations. Here’s how to get started:
- Learn more in the Consul documentation.
- Get started with Consul 1.18 on Kubernetes by installing the latest Helm chart, provided in the Consul Kubernetes documentation.
- For more information on Consul Enterprise LTS, refer to Consul Enterprise Long-Term Support (LTS) improves operational efficiency
- For more information on HashiCorp’s Long-Term Support policy, refer to HashiCorp Long-Term Support (LTS) releases
- Try Consul Enterprise by starting a free trial.
Sign up for the latest HashiCorp news
More blog posts like this one
HashiCorp at AWS re:Invent: Your blueprint to cloud success
If you’re attending AWS re:Invent in Las Vegas, Dec. 2 - Dec. 6th, visit us for breakout sessions, expert talks, and product demos to learn how to take a unified approach to Infrastructure and Security Lifecycle Management.
Consul 1.20 improves multi-tenancy, metrics, and OpenShift deployment
HashiCorp Consul 1.20 is a significant upgrade for the Kubernetes operator and developer experience, including better multi-tenant service discovery, catalog registration metrics, and secure OpenShift integration.
New SLM offerings for Vault, Boundary, and Consul at HashiConf 2024 make security easier
The latest Security Lifecycle Management (SLM) features from HashiCorp Vault, Boundary, and Consul help organizations offer a smoother path to better security practices for developers.