HashiCorp Consul Service on Azure: the First Fully Managed Service Mesh
HCS on Azure, now in private beta, provides a way to connect services no matter if they are virtual machines or Kubernetes environments, explained HashiCorp co-founder and Chief Technology Officer Armon Dadgar, during the kickoff of the company’s annual HashiConf user conference, being held this week in Seattle. When a user deploys Consul from the Azure Marketplace a HashiCorp-managed Consul cluster is evoked in the user’s preferred Azure region. It can then be managed either by a private Azure console or from an externally exposed command shell.
The true benefit of this Consul-based approach is to manage a mix of Kubernetes and non-Kubernetes assets, either on Azure or on other clouds or from private data centers, noted Brendan Burns, Microsoft distinguished engineer and one of the creators of Kubernetes, in a follow-up interview.
“Actually connecting Kubernetes is not that hard, but Consul’s sweet spot is connecting other stuff into that infrastructure,” Burns said.
A Network Control Plane
Consul provides a network control plane, one that can be used to tie together multiple managed Kubernetes, VM, and hybrid/on-premises environments, in effect creating a flat network topology to enable such features as multi-cluster service discovery and request routing. It supports the Service Mesh Interface (SMI) to integrate with other service meshes and, according to the blog, “enables a user to define Consul Connect intentions in a custom Kubernetes resource that can be directly managed with kubectl or Helm.”
Because Consul can work in a federated model with other Consul instances in other locations, latencies across different clouds or between a cloud and a private data center can be kept to a minimum, noted HashiCorp co-founder Mitchell Hashimoto in a follow-up interview.
In a blog post explaining the new service, HashiCorp listed the benefits of the new offering:
- Service Discovery: Provide a service registry with integrated health checking to enable any service to discover and be discovered by other services.
- Service Mesh: Simplify service networking by shifting core functionality from centralized middleware to the endpoints.
- Dynamic Traffic Management: Enable advanced traffic management to support different deployment strategies and improve application resiliency.
- Service Segmentation: Encrypt communications and control access across services with mutual TLS and a native Envoy integration.
- Observability: Enable networking metric collection to provide insights into application behavior and performance without code modifications.
- Mesh Gateway: Route traffic transparently and securely across Azure regions, private data centers, and runtime environments like AKS, Azure Stack, and HashiCorp Nomad.
HashiCorp Partners with Microsoft
There are several benefits that came from partnering with Microsoft, notably around billing and security. All billing is done through existing Azure accounts, which could greatly reduce the accounting headache for users that already have Azure accounts. And the authentication needed to provision the services is also completely handled by the service, by way of leveraging existing Azure accounts, eliminating the messy steps of certificate generation for each new project.
These capabilities come from a recent Microsoft initiative, the Managed Applications Platform, designed for third-party software providers such as HashiCorp to build services on top of Azure, Burns explained. It’s a different approach than other cloud providers have taken (read: Amazon Web Services) of competing directly with open source software distributions by way of offering competing services using the same technology.
When a customer procures Consul from the Marketplace “Microsoft generates a special sub-account within the customer’s account that gives us a little pocket within their account where we can manage Consul for them,” Dadgar said.
HCS for Azure can be “great for people who have been reading about the service mesh in the press and doing a little a bit of experiment,” and wish to move ahead with larger-scale implementations, Burns said. “If you’ve been struggling with hybrid connectivity, this could be a really great solution.”