HashiCorp bolstered its Consul service mesh platform with tighter integration of Kubernetes. The change will help enterprises synchronize data and manage that data across multiple infrastructure deployments. The move also fortifies Consul as a more broadly-focused service mesh option than the Kubernetes-focused Istio platform.
The Consul integration includes an official Helm Chart for installing Consul on Kubernetes; automatic syncing of services between Kubernetes and Consul; auto-join for external Consul agents to join a cluster in Kubernetes; injectors so pods are automatically secured with HashiCorp’s Connect platform; and support for Envoy.
Mitchell Hashimoto, founder and co-CTO at HashiCorp, explained that the integration helps bridge resources between Consul and the Kubernetes community that have so far been tenuous.
“We have heard from the community that bridging Kubernetes resources with non-Kubernetes resources or even other Kubernetes resources can be hard,” Hashimoto said.
He gave a basic example in bridging cloud infrastructure resources running on a virtual machine (VM) instance and a Kubernetes cluster. “How do they discover each other? It’s either automated or a hard manual process. That’s what Consul does: it makes it easy,” he explained.
Hashimoto said that the latest update benefits both Consul and Kubernetes users, especially in terms of synching. “It’s a challenge for both now, but this helps that process.”
Consul is a service mesh platform with a control plane that can handle service discovery, configuration, and segmentation functionality. Those functions can be used individually or all together as part of the service mesh. It includes a built-in proxy to work out of the box, but can also support third-party proxy integrators like Envoy.
HashiCorp’s angle with Consul is to target heterogeneous workloads that an enterprise is likely to have spread across different infrastructure. This would include on premises, in a public cloud, or in multiple public clouds.
“Even if a company has a stated goal of going 100 percent Kubernetes, workloads will be everywhere for an extended period during that transition and we are focused on how to make that work for everyone,” Hashimoto explained.
Hashimoto said the process of binding Consul and Kubernetes was relatively straight forward, noting, “we mostly just glued them together.”
“Kubernetes users shouldn’t even realize what Consul is doing,” Hashimoto said. “Nothing changes with things moving into Kubernetes.”
Hashimoto admitted that Consul does overlap a bit with Istio as a service mesh platform, though Consul has a broader focus.
“[Consul] is a service mesh solution so it does overlap and compete with Istio in some regard,” Hashimoto said. “But you don’t have to use all of the parts of the mesh with Consul. The big thing for us is just being focused on all workloads.”
Hashimoto explained that Consul is able to handle the service mesh equally across VMs, containers, and bare metal. It also does not require a user to accept all the components to form a service mesh, providing organization’s with more options when compared with Istio. “Istio makes it easier in Kubernetes. Consul works globally.”
Istio was established last year to provide developers with visibility into microservices without the need to change application code. The platform sits at the network level and uses a substrate for microservices development and maintenance. This allows for the decoupling of management from application development.
Istio was initially launched with backing by Google, IBM, and Lyft, which donated its Envoy proxy that makes the network transparent to applications. A number of other vendors have since jumped on board to support the project, including Red Hat and Cisco.
However, broad adoption of Istio by Amazon Web Services (AWS) and Microsoft Azure is still missing. Consul, on the other hand, is able to connect into any cloud environment.
More Kubernetes Integration Coming
Hashimoto said the company is also working on deeper integration of Kubernetes with its Terraform and Vault platforms. Terraform is an infrastructure-as-a-code software that allows users to define data center infrastructure, while Vault allows organizations that are spanning multiple public clouds or private data centers to centrally manage security policies.
“We have full-time engineers now working on the Terraform provider for Kubernetes,” Hashimoto said. “It’s been slow in development because we didn’t have anyone focused on it full time.”
HashiCorp late last year launched an enterprise version of Terraform for provisioning cloud-based and on-premises infrastructure.
For Vault, Hashimoto said the integration will make it easy to run the platform on Kubernetes. “It’s already been happening without official support, but that will now become official.”
HashiCorp was founded in 2012, and has raised $74 million in funding. The latest was a $40 million Series C funding round that closed last October. Financial backers include Mayfield, GGV Capital, Redpoint, and True Ventures.