SEP 05 2018 MITCHELL HASHIMOTO

We're excited to announce multiple features that deeply integrate HashiCorp Consul with Kubernetes. This post will share the initial set of features that will be released in the coming weeks.

The features include an official Helm Chart for installing Consul on Kubernetes, automatic syncing of Kubernetes services with Consul (and vice versa), auto-join for external Consul agents to join a cluster in Kubernetes, injectors so pods are automatically secured with Connect, and support for Envoy.

In addition to natively integrating with Kubernetes, these features help solve important cross-cluster challenges between multiple Kubernetes clusters as well as non-Kubernetes services interacting with Kubernetes services. We're excited to share this work with you.

Features

The following is the list of features that will be announced and released in the coming weeks. Follow-on announcement blog posts will cover each in detail, and each item will be updated to link to that announcement post.

• Helm Chart. An official Helm chart for installing, configuring, and upgrading Consul on Kubernetes. This Helm chart will also support automatic installation and configuration of the other features for Kubernetes such as catalog syncing.

• Auto-join for Kubernetes. Consul's cloud auto-join feature will be updated to support discovering and joining Kubernetes-based agents. This will enable external Consul agents to join a Consul cluster running in Kubernetes.

• Service Catalog Sync: K8S to Consul. Appropriate Kubernetes services will be automatically synced to the Consul catalog, enabling non-Kubernetes services to discover and connect to services running within Kubernetes.

• Service Catalog Sync: Consul to K8S. Consul services will be synced to Kubernetes services so that applications can use Kubernetes-native service discovery to discover and connect to services running outside of Kubernetes.

• Connect Auto-Inject. Pods deployed in Kubernetes can be configured to automatically use Connect to securely communicate via mutual TLS.

• Envoy Proxy Support. Pods configured to use Connect Auto-Inject can use the Envoy Proxy for layer 4 communication, secured via Connect. Envoy will also be available for non-Kubernetes Connect deployments.

Integrating with Kubernetes

We're currently integrating closely with Kubernetes across multiple products. We see opportunities to solve challenges for pure Kubernetes users by making our products easier to run as well as integrating with and enhancing Kubernetes features.

A core tenet of this integration is to enhance existing features rather than replace. Features such as Services, ConfigMaps, Secrets, and more are part of the core Kubernetes workflow. Higher level tools and extensions leverage these core primitives. Therefore, we're also integrating with and enhancing these core primitives. For example, the Consul catalog sync converts external services in Consul's catalog into first-class Kubernetes Service resources. Applications running in Kubernetes can then discover and connect to non-Kubernetes services natively.

In addition to making our products easier and more natural to use within Kubernetes, these integrations allow users to better work in environments shared with non-Kubernetes workloads. While it is easy for new users to start in pure-Kubernetes environments, most deployments have to interact with external services running in cloud computing environments, on-prem datacenters, and more. HashiCorp products such as Consul are designed for these heterogeneous environments. By enabling a more natural Kubernetes experience, it becomes equally natural for non-Kubernetes applications to interact with Kubernetes applications.

Next

We're excited to announce the first set of HashiCorp Consul and Kubernetes features. These features make it much easier to run Consul on Kubernetes, interact with non-Kubernetes services, securely communicate within and beyond Kubernetes, and more. Each of these features will be fully announced and released over the coming weeks, beginning with the Helm Chart next week.

Terraform and Vault are also being closely integrated with Kubernetes. The Terraform Kubernetes provider now has a dedicated engineer and should improve rapidly over the coming months. Vault has new integrations under development and will also be announced soon.

If you're passionate about Kubernetes, our tools, and improving those integrations, please join us! We have a few roles open for ecosystem engineers to work on Kubernetes integrations.