HashiConf took place on October 14 and 15, in virtual format due to the health context. If there are many novelties to report in HashiCorp’s arsenal, we were entitled to the announcement of two new products! In this article we will review together the new products presented, including HashiCorp Boundary and HashiCorp Waypoint.
Boundary completes HashiCorp’s security offer. If until now HashiCorp Vault was dealing with the management of secrets, access to the different resources remained a challenge for users.
HashiCorp Boundary completes the Vault offer by answering this challenge:
The tool allows to authenticate a user who will have a role with defined rights allowing him or not to connect, without installing an agent beforehand, to services or server:
Imagine the following simplified scenario:
- The user authenticates to HashiCorp Boundary with a defined authentication method (e.g. SSO).
- Once authenticated, it accesses a catalog of resources according to the rights provided by its role (example: in AWS, all the EC2 instances of a mail order vendor).
- It selects the server or service and is connected (e.g. SSH on the EC2 instance in a private subnet).
Boundary is now available in version 0.1 and can be used by Terraform (in version 0.12 or later) for its configuration.
For those who wish to do without Terraform for configuration/use, please note that the tool has an API, CLI and UI.
- HashiCorp Boundar Annnoucement
- HashiCorp Learning
- Boundary provider Terraform
- HashiCorp Boundary forum
Of course, the product is in version 0.1 and there are some limitations today (especially with the example mentioned above). However, you can visit the Boundary roadmap and give your feedback.
« Developer just want to deploy » is the quote from HashiCorp that best defines the objective of this new product.
HashiCorp Waypoint is a tool based on the workflow to build, deploy and release an application on any platform.
The interest of the product is to make the abstraction of the application code as well as the deployment platform and to have a configuration file with a common language:
What does HashiCorp Waypoint support over its lifecycle to date?
- Docker Build
- Docker Pull Build
- Cloud Native Buildpacks
- HashiCorp Nomad
- AWS EC2
- AWS ECS
- Google Cloud Run
- Azure Container Instances
- Finally, at Release level: it depends of the deployment platform (see here for more details)
There are a few more functionalities such as :
- URL Waypoint generated by application and deployment: each application deployed by Waypoint has a public URL in « waypoint.run » with a TLS certificate signed by Let’s Encrypt. The functionality is optional.
- Waypoint Exec: allows to execute remote commands to the deployed application
- Waypoint Logs: allows to get a snapshot of the current logs of the deployed application
- A UI web interface in addition to the CLI
- Plugins: the strength and potential of Waypoint lies in plugins. To date, Waypoint has about ten plugins (ex: Kubernetes, AWS ECS, Google Cloud Run, etc) and probably much more in the coming months. This is an invitation to the community to get involved!
- A tool made for CI/CD: Waypoint integrates very well in an automation or CI/CD context. You can find several examples on the official website (ex: Github action, Gitlab CI/CD, etc).
- Waypoint Annoucement
- HashiCorp Learning
- Waypoint HashiCorp Forum
- Writing a Waypoint plugin
- Gitlab post on using Waypoint in Gitlab CI/CD
Of course, the product is in version 0.1 and there again there are limitations. However, you can visit the Waypoint roadmap and give your feedback.
We want to highlight apps from the community deployed using Waypoint. Tweet a screenshot of your app running with its > Waypoint URL and tag @HashiCorp + use #WaypointUp.
Terraform 0.14 (Public Beta)
Terraform version 0.14 has finally been released as a public beta version and we are getting closer and closer to a version 1.0 (planned for 2021)!
Here are the highlights of the new features:
- Sensitive input variable: variables can now be indicated as « sensitive » so that the values are not present in the output. Note that, to date, the value is present in the state file in clear text.
- Shorter diff: some of you may have noticed that since version 0.12 that the plan or apply displays much more information than previous versions. Now it will only show the modifications/additions/deletions lines and hide the other unchanged lines.
- Provider Dependency Lock File: since version 0.13, more and more providers have been created and the pace of upgrades for each of them has accelerated. This feature comes into play in order to avoid any upgrade of a provider altering your IaC.
- ARM64 version for Linux
Consul 1.9 (Public Beta)
Among the good surprises, we have HashiCorp Consul which is also upgrading to version 1.9 beta. This version focuses on observability, more features on service mesh and finally a better integration with Kubernetes.
Here is what this new version offers us:
- Application – Aware Intention (HTTP et gRPC): intentions now support layer 7 allowing to allow/disallow the communication of services based on HTTP Header, URI or path URL requests.
- Service Mesh Visualization: in Consul’s UI, it is now possible to see the topology of the different services and their interactions, but also new application metrics make their appearance, such as the number of requests per second, the number of errors and latency.
- Custom Resources for Kubernetes: it is now possible to configure Consul’s mesh service via Kubernetes’ Custom Resource Definitions (CRD).
- Deployment of a Consul cluster in OpenShift via a Helm chart.
- Active Health Checks for Consul on Kubernetes: allows Consul’s mesh service to integrate Kubernetes’ Health Check (Kubernetes Readiness probes) in order to avoid routing traffic on a unhealthy pod (readiness or Health in fail).
- Streaming: reduces the CPU usage and bandwidth of a large Consul cluster, in particular by improving the processing of blocking queries.
Finally two last announcements related to HashiCorp Consul:
- Consul certification is available
- Announcement of Consul Terraform Sync in Tech preview, a new tool to automate Network infrastructure through Terraform
Vault HCP (Private Beta) & Consul HCP (Public Beta)
HashiCorp Cloud Platform (HCP) is a managed platform on which HashiCorp products are deployed in an automated way.
HashiCorp maintains the infrastructure and hosts it on the chosen cloud provider (e.g. Azure or AWS). Finally, you will be able to directly access your cluster or create a private link (ex: mail order peering for AWS) to connect to it.
To date, HashiCorp has announced HashiCorp Consul Service (HCS) on Azure for production and with the HashiConf, Consul to be released on HCP in Public Beta on AWS.
For Vault, this one also runs on HCP only on AWS (for the moment) but in Private Beta and you will have to request it to have access to it.
- Vault HCP AWS
- Consul HCP AWS
- HashiCorp Cloud Platform
- HCP portal
- Ask access to HCP Vault Private Beta
We have had the opportunity to see in June 2020 version 0.12 of HashiCorp Nomad, adding some new features such as: Multi-Cluster Deployment, Spread Scheduling, Container Network Interface, etc. As well as integrations with HashiCorp Consul.
HashiCorp announces the release of Nomad 1.0 for October 27, 2020 through a webinar on which you can register.
For the new features of this version 1.0, the functionalities are still hidden but Yishan Lin (Nomad’s Product Manager) has indicated that the namespaces will go from the Enterprise version to open source!
With the Changelog we can get an idea of some of the features that will come out:
- Event Stream: allows real-time streaming of Nomad objects, JobEvent, AllocEvent, EvalEvent, DeploymentEvent and NodeEvent events.
- Topology Visualization: used to view the status of each client and the allocation via the UI.
- And other improvements
While waiting for version 1.0 of HashiCorp Nomad, you can follow Jacquie Grindrod who will be interviewing HashiCorp employees to find out what they expect the most from this version through daily bite size episodes: Welcome to Nomad: The Path to Nomad 1.0
Vault, Packer and Vagrant ?
No specific announcement for these products during HashiConf. The new versions were produced before HashiConf, as well as the communications on the subject that you can find directly via:
Finally, a few extras: