NOV 14 2018 THE CONSUL TEAM

We are pleased to announce that HashiCorp Consul1.4 will be widely available. Consul is a distributed service grid that can be used to connect, secure and configure services across any operating platform and between public or private clouds. This release introduces a completely redesigned ACL system and the first enterprise-class Consul Connect feature with multi-data center support. Special thanks to our active community members for their valuable feedback during the RC.

Download now

Consul Connect will be widely available (GA)

We launched Connect in June, enabling Consul to segment traffic and build a zero-trust network using TLS based methods. Since its initial release, Consul’s team has focused on production Hardening and extended ecosystem integration. We are pleased to announce that Connect will be widely available in this release.

ACL Redesign

Consul’s ACL system has been redesigned to simplify operations and administration. This change covers several different areas.

Tokens and policy

Tokens can now be retrieved and modified using common storage ids that are different from the secret IDS used to authorize requests to Consul (tokens in API interactions). This allows for more secure management of ACL tokens.

A policy data model has also been added that can be applied to many tokens and can be centrally managed. This gives the operator a central location. A specific policy can be updated for a group of applications, business units, or other groupings, and this update applies to all tokens created under that policy.

UI

Consul web UI allows comprehensive management of tokens and policies.

CLI

The new ACL system includes a new CLI to manage tokens, policies, and upgrades. This can be used for automation or manual administration.

In this example, a new policy is created, followed by the Token attached to that policy.

$ consul acl policy create -name "example" -description "Example policy" -rules @rules.hcl
ID:           ca44555b-a2d8-94de-d763-88caffdaf11f
Name:         example
Description:  Example policy
Datacenters: 
Rules:
service_prefix "marketing-" {
   policy = "read"
}

$ consul acl token create -description "www-app" -policy-id ca44555b
AccessorID:   986193b5-e2b5-eb26-6264-b524ea60cc6d
SecretID:     ec15675e-2999-d789-832e-8c4794daa8d7
Description:  www-app
Local:        falseCreate Time: 2018-10-22 15:33:39.01789-0400 EDT Policies: CA44555b-a2d8-94de-d763-88caffdaf11f - example
Copy the code

Access the ACL Command documentation for a complete example and all the commands available.

upgrade

We designed this new system to allow in-place upgrades from the old ACL system, which would retain compatibility for the current API Token of ACL-enabled clusters while automatically migrating. Read the complete upgrade guide.

Multi-data Center Service Segmentation (Enterprise Edition features)

Consul Enterprise edition adds a new major feature to extend connect’s capabilities beyond the scope of a single cluster use case. Consul Connect now supports intent replication and joint certificate management across data centers. This allows secure, authorized connections between source and target services in any data center. Real-time replication of intent also ensures that consistent security policies are applied to services regardless of where they reside or are migrated.

Other enhancements

In addition to the new UI, this release provides new features, enhancements, and bug fixes. Some of the key features include:

• The newconsul debugCommand, which gathers information about target agents and clusters to help solve incidents and debugging problems
• DNS supports prefix lookup, for examplelb-*To match the servicelb-001orlb-service-007

Learn more

For more information, visit Consul project page. We hope you enjoy Consul 1.4!

—

Consul 1.4: Multi-data Center Service Mesh

NOV 14 2018 THE CONSUL TEAM

We are excited to announce the general availability of HashiCorp Consul 1.4. Consul is a distributed service mesh to connect, secure, and configure services across any runtime platform and public or private cloud. This release introduces a completely redesigned ACL system and the first enterprise Consul Connect feature with multi-data center support. A special thanks to our active community members for their valuable feedback during the RC period.

Download Now

Consul Connect General Availability (GA)

We introduced the Connect feature in June this year, which enabled Consul to segment traffic and use a TLS-based approach to do zero trust networking. Since the initial release, the Consul team has focused on production hardening and expanding the ecosystem integration. We are pleased to announce the general availability of Connect in this release.

ACL Redesign

The ACL system in Consul has been redesigned to simplify operations and management. This change covered several different areas.

Tokens & Policies

Tokens can now be retrieved and modified using public accessor IDs, which are different than the secret ID (token in API interactions) used for authorizing requests to Consul. This allows for more secure management of ACL tokens.

A policy data model was also added, which can be applied to many tokens and managed centrally. This gives operators a central place to update a specific policy for a set of applications, business unit, or other groupings that will apply to all tokens created under that policy.

UI

The Consul web UI allows for full management of tokens and policies.

CLI

The new ACL system includes a new CLI to manage tokens, policies, and upgrades. This can be used in automation or for manual management.

In this example, a new policy is created, followed by a token which is attached to that policy.

$ consul acl policy create -name "example" -description "Example policy" -rules @rules.hcl
ID:           ca44555b-a2d8-94de-d763-88caffdaf11f
Name:         example
Description:  Example policy
Datacenters: 
Rules:
service_prefix "marketing-" {
   policy = "read"
}

$ consul acl token create -description "www-app" -policy-id ca44555b
AccessorID:   986193b5-e2b5-eb26-6264-b524ea60cc6d
SecretID:     ec15675e-2999-d789-832e-8c4794daa8d7
Description:  www-app
Local:        falseCreate Time: 2018-10-22 15:33:39.01789-0400 EDT Policies: CA44555b-a2d8-94de-d763-88caffdaf11f - example
Copy the code

Visit the ACL command documentation for a full set of examples and all the commands available.

Upgrading

We’ve designed this new system to allow for in-place upgrades coming from the old ACL system that will automatically migrate while retaining compatibility for current API tokens for clusters where ACLs are enabled. Read the full upgrade guide.

Multi-Data Center Service Segmentation (Enterprise Feature)

Consul Enterprise added a new major feature to extend Connect’s capabilities beyond the single cluster use case. Consul Connect now supports replication of intentions and federated certificate management between data centers. This allows secure, authorized connections between source and destination services in any data center. The real-time replication of intentions also ensures that consistent security policies are applied to a service regardless of where it resides or migrates to.

Other Enhancements

In addition to the new UI, this release also delivers new features, enhancements and bug fixes. Some of the major features include:

• A new consul debug command which gathers information about the target agent and cluster to help resolve incidents and debug issues
• DNS supports prefix lookups, such as lb-* to match services lb-001 or lb-service-007

Learn More

For more information, please visit the Consul project page. We hope you enjoy Consul 1.4!