Consul 1.6 sets out to make service traffic routing more secure

By Julia Schmidt
-
Consul 1.6 sets out to make service traffic routing more secure

HashiCorp’s Consul team has released version 1.6 beta of its distributed service mesh. Stand-out additions of the release are new Layer 7 features and a mesh gateway.

The latter are Envoy proxies that facilitate communication between services in different networking environments, but aren’t suited for “general purpose ingress from non-mesh traffic”. The mesh gateways use the server name indication which is part of the TLS handshake to route traffic from one service to another. Like that, there is no way for the gateway to decrypt the data of a payload, which comes in handy in case the gateway is compromised.

To make it even more useful, the Kubernetes integration now also allows gateway deployment. This is meant to simplify communication between services running inside the orchstrator’s environment and those on other platforms, which can be quite tricky at times.

In terms of application layer (Layer 7 of the OSI model) features, the Consul team has built on the observability features they introduced in v1.5. New configuration entry types service-resolver, service-splitter, and service-router should help with traffic management. 

Routing can be used to intercept traffic using path prefixes or HTTP headers for example, while splitting allows dividing requests across services and the resolver lets users “define which instances of a service should satisfy discovery requests for the provided name”.

The goal of those additions can be boiled down to making systems more reliable in case of failure and helping with deployment patterns like HTTP path-based routing, and traffic shifting.

On top of that all, HashiCorp has decided to open source intention and certificate authority replication features. They have been part of Consul Enterprise since the 1.4 release, but are also a crucial mesh gateway component, which seems to be the major motivation for the move. However, even smaller teams have to manage all kinds of different infrastructure components across platforms nowadays, so having them publicly available could encourage people to decide for Consul.

AWS combines "building block" blueprints with CodeCatalyst for rapid project creation including DevO...
Atlassian takes another step toward full DevOps automation
GitHub autofix progresses to public beta: insecure code corrected with AI, but only for enterprise
Secret leakage in public GitHub repositories increasing, claims new report
Test launch of TEA open source reward project clouded by repository spam attack 
From Docker to Dagger: Solomon Hykes on modernisation of the DevOps pipeline
Enterprises struggle with Agile methodology, reports long-standing survey of practitioners
Spotlight on GitHub self-hosted runners again as researcher demonstrates attack on PyTorch code
PyPy moves from Mercurial, says 'open source has become synonymous with GitHub'
Where next for Jamstack? Netlify survey avoids the word, highlights rise of Astro
Docker buys AtomicJar to integrate container-based test automation
AWS promotes cell-based architecture for 'resilience at scale'