HashiCorp Consul is agent-based cluster management software that addresses the challenge of sharing network and configuration details across a distributed system. Consul handles service discovery and configuration for potentially massive clusters of hosts, spread across multiple datacenters. Consul was released in 2014, and organizations have adopted it for its service discovery capabilities, distributed key-value store, and automated health checks, among other features (including, recently, a service mesh).
Monitoring Consul is necessary for making sure that up-to-date network and configuration details are reaching all hosts in your cluster, allowing them to communicate with one another and perform the work of your distributed applications.
Observability comes from the world of engineering and control theory. Control theory states that observability is itself a measure that describes “how well internal states of a system can be inferred from knowledge of external outputs”. In contrast to monitoring which is something you do, observability, is a property of a system.
A system is observable if the external outputs, logging, metrics, tracing, health-checks, etc, allow you to understand its internal state.
In the following tutorial we’ll walk you through provisioning a highly-available Hashicorp Vault and Consul cluster on Kubernetes with TLS. This is an intermediate-level tutorial. It assumes that you have basic working knowledge of Vault, Consul, Docker, and Kubernetes.
Minikube is a tool used to run a single-node Kubernetes cluster locally. It’s designed to get a cluster up and running quickly so you can start interacting with the Kubernetes API locally.
We’ve recently become aware of a set of malware targeting Consul nodes with a specific configuration which allows remote code execution. Members of our community also (responsibly) reported incidents caused by this malware, and worked with us to include a patch in a recent version of Consul that protects from this threat in the wild. This post details how this malware may affect users, depending on their configuration, as well as outlines the steps we’ve taken to backport a patch for versions 1.
We are excited to announce the release of HashiCorp Consul 1.2. This release supports a major new feature called Connect that automatically turns any existing Consul cluster into a service mesh solution. Connect enables secure service-to-service communication with automatic TLS encryption and identity-based authorization.
Consul is currently deployed on millions of machines worldwide. After upgrading to Consul 1.2 and enabling Connect, any existing cluster will instantly become a service mesh solution that works on any platform: physical machines, cloud, containers, schedulers, and more.