How Stripe Uses Consul to Build Service Mesh
Hear about Stripe's service networking team talks about their multi-region service networking tech stack built on Consul.
Your challenge
Standardizing infrastructure on Kubernetes is a popular strategy. And it’s a smart one — Kubernetes is a powerful technology that opens a world of possibilities.
And therein lies the challenge. Platform teams are faced with many choices for how to run Kubernetes reliably and securely. From there, continuously deploying apps to Kubernetes is the next task.
Increasingly, organizations are using HashiCorp to achieve better business outcomes with Kubernetes. Learn how our tools can help you advance your Kubernetes journey.
Accelerate your Kubernetes adoption
Use industry-standard tools to provision and update Kubernetes resources. Adopt a zero trust model to reduce risk. Securely run and connect enterprise apps on top of Kubernetes.
HashiCorp Products used
- Terraform
- Vault
- Consul
- Waypoint
Outcomes
- 1
Simplify lifecycle management of resources
Codify your Kubernetes infrastructure with HashiCorp Terraform. Reduce human error and increase automation by provisioning infrastructure as code. - 2
Manage secrets and protect sensitive data
HashiCorp Vault helps you reduce the risk of breaches and data exposure with identity-based security automation and Encryption-as-a-Service. Vault securely stores Kubernetes secrets and automates secrets injection into apps and infrastructure. - 3
Automate networking for simple and secure app delivery
Use HashiCorp Consul to create a service mesh for modern apps and improve security with identity-based authorization, L7 traffic management, intelligent ingress routing, and service-to-service encryption.
Because secret management and Kubernetes wasn't that well-crafted...Vault was a no brainer.
Pato Arvizu
SRE, ASAPP
SRE, ASAPP
HashiCorp helps organizations achieve success with Kubernetes
Full Kubernetes lifecycle management with Terraform
Unified workflow
If you are already provisioning Kubernetes clusters with Terraform, use the same configuration language to deploy your applications into your cluster.
Full lifecycle management
Terraform doesn't just create resources, it updates and deletes tracked resources without requiring you to inspect the API to identify those resources.
Graph of relationships
Terraform understands dependency relationships between resources. For example, if a Persistent Volume Claim claims space from a particular Persistent Volume, Terraform won't attempt to create the claim if it fails to create the volume.
Improve your Kubernetes security posture with Vault secrets management
Simple deployment
Bring Vault to your Kubernetes environment using the official HashiCorp Vault Helm chart.
Run Vault as a service
The Vault server cluster can run directly on Kubernetes. This can in turn be used by applications running within Kubernetes as well as external to Kubernetes, as long as they can communicate with the server via the network.
Access and store secrets
Applications using the Vault service running in Kubernetes can access and store encrypted secrets from Vault using a number of different secret engines and authentication methods.
Run and connect microservices at the edge with HashiCorp Consul
Multi-platform
Consul supports both Kubernetes and non-Kubernetes workloads on any runtime. Wire services together across clusters, platforms, and clouds.
Kube-native workflow
Use Consul’s custom resource definitions (CRDs) to manage traffic patterns, control ingress, and update Consul configurations. This helps you reduce application deployment times using a “workflows not technologies” approach, and Kube-native tools instead of manual scripts.
Ready for observability
Use built-in UI metrics and enable Kubernetes metrics via helm configuration. For more advanced deployments, add popular tools like Prometheus and Grafana, or use third-party solutions to monitor performance.
Easy application deployment for Kubernetes and Amazon ECS
Simple developer experience
HashiCorp Waypoint provides a simple and consistent abstraction for developers to easily build, deploy, and release applications.
Application-centric abstraction
Use Waypoint to specify deployment needs with a simple and consistent abstraction that avoids the underlying complexity.
End-to-end deployment workflow
Waypoint offers distinct build, deploy, release steps to help move and manage resources efficiently.
Learn from your peers
On the road again
Cars, Kubernetes, and HashiCorp Consul. How Mercedes-Benz delivers on service networking to accelerate delivery of its next-gen connected vehicles.
A G-Research Story: 1 to 1000 Vault Namespaces
Learn how G-Research leverages HashiCorp Vault environments to secure the self-service GitOps delivery of 1000+ Vault namespaces using Jenkins, Kubernetes, and HashiCorp Terraform.
Complement your Kubernetes environment with HashiCorp partners
Build around your Kubernetes environment with HashiCorp’s partner ecosystem.
HashiCorp and the Kubernetes Ecosystem
If you're working in a Kubernetes ecosystem, would you ever need tools like HashiCorp Terraform, Vault, Consul, or Nomad? Kubernetes does have some overlap in functionality with many of these tools, however, HashiCorp products also integrate and can fit nicely into a Kubernetes system because they may provide improved ways to handle various challenges like secrets management, service discovery, service mesh, and more.
Armon Dadgar
Co-founder & CTO, HashiCorp
Take the next step
Learn how we can help you build, run, connect, and secure applications atop Kubernetes.
Explore our resources
End-to-End Automation for Vault on Kubernetes Using the Operator Pattern
Hear about ASAPP's method for running Vault on Kubernetes using the Operator pattern so SRE's don't even have to set things up for service owners.
View
- Securing secrets and identity for 100,000+ edge devices at Starbucks with HashiCorp Vault
- Vault & Kubernetes: Better Together
- The New Sidecar Method for Injecting Vault Secrets Into Kubernetes
- Service Discovery With Consul on Kubernetes
- How does Consul provide a unified registry for Kubernetes and other workloads?
- Kubernetes the Hard Way Using Terraform