Virtual Event
Join us for the next HashiConf Digital October 12-15, 2020 Register for Free

HashiCorp Consul Service on Azure

Deploy HashiCorp Consul Service on Azure

HashiCorp Consul Service (HCS) on Azure enables Microsoft Azure users to natively provision HashiCorp-managed Consul servers in any supported Azure region directly through the Azure Marketplace. As a fully managed service, HCS on Azure lowers the barrier to entry for an organization to leverage Consul for service discovery or service mesh across a mix of VM, hybrid/on-premises, and Kubernetes environments while offloading the operational burden to the Site Reliability Engineering (SRE) experts at HashiCorp.

In this tutorial, you will deploy an instance of HashiCorp Consul Service on your Azure subscription and learn the available configuration options for the servers. Finally you will interact with your Consul service using the Consul UI.

»Prerequisites

To successfully complete this tutorial, you need previous experience with Azure. We also recommend experience deploying applications from the Azure Marketplace and familiarity with Azure networking regions and VNets.

You will also need an Azure subscription with the Microsoft.Network and Microsoft.Compute resource providers registered.

»Managed HashiCorp Consul Service on Azure

HCS on Azure is a fully managed service. The HashiCorp SRE team will manage all of the operational tasks including provisioning, monitoring, troubleshooting, and server upgrades. This allows you to adopt Consul for secure service-to-service communication across any Azure-connected environment and to focus on application and workload-specific concerns.

HCS 10000ft architecture

»Setup HCS on Azure

»Create a resource group

First, you will need to define a resource group where you will deploy the Consul service. Create a new one and ensure that it is located in one of the eight supported regions.

  • (US) East US
  • (US) East US 2
  • (US) Central US
  • (US) West US 2
  • (Europe) West Europe
  • (Europe) North Europe
  • (Europe) Central France
  • (Europe) South UK

It can take up to 30 seconds for the resource group to converge.

»Create an HCS on Azure datacenter

HCS will be deployed as a managed application, you will be able to locate it in the marketplace under the name "HashiCorp Consul Service on Azure."

You can also access the service directly using the following URL.

 https://portal.azure.com/#create/hashicorp-4665790.hcs-productionon-demand

Azure Marketplace create Consul service

Click the Create button to start the configuration process.

»Configure your HCS on Azure datacenter

On the create screen, you'll define parameters for your Consul service.

  • On the Basics tab, you will define details such as the resource group, region, and cluster mode.
  • The Consul settings tab is optional. You can adapt Consul cluster settings to your use case, such as the visibility of the Consul UI.

»Security defaults

We have configured HCS on Azure with several security defaults that cannot be disabled. You will need to take additional steps to configure your Consul clients in order to communicate with your HCS on Azure servers.

  • Access Control Lists (ACL) are enabled by default and cannot be disabled. The next tutorial provides steps to Bootstrap the ACL system and create ACL tokens for Consul clients installed on VMs or legacy nodes.
  • Transport Layer Security (TLS) and gossip encryption are on by default and cannot be disabled. You will need to retrieve the TLS certificates and encryption key in order to participate in agent to agent communication. The next tutorial will help you retrieve the Consul client configuration and certificates for Consul clients installed on VMs or legacy nodes.

»Cluster settings

Azure Marketplace create Consul service basic tab

  • Subscription: the subscription you are using.

  • Resource Group: the resource group you created earlier. If you did not create one yet, you can do it using the Create new link. In this tutorial, we will use the resource group named learn-hcs-lab.

  • Region: the region where you want the application to be deployed.

    • (US) East US
    • (US) East US 2
    • (US) Central US
    • (US) West US 2
    • (Europe) West Europe
    • (Europe) North Europe
    • (Europe) Central France
    • (Europe) South UK
  • Email: the email will be used by HashiCorp to notify you about system updates and operational issues.

  • Cluster Mode and Number of Servers: two options are available for the mode.

    • Production creates a highly available Consul datacenter. During the public beta, the only value available for Number of Servers in production mode is 3. To support 3 servers, you will need at least 6 vCPU available in the deployment region.

    • Development creates a single server Consul service. This mode should only be used for testing purposes as the single node configuration makes the enforcement of uptime SLA policies impossible.

  • Application Name: defines the name of the application deployed inside the resource group. In this tutorial, we will use learnlab.

In the Azure dashboard, click Next to move to the Consul Settings.

»Consul settings

Azure Marketplace create HCS datacenter Consul tab

  • Cluster Name: defines the name for the Consul datacenter you are creating. In this tutorial, we will use consul-learn-test.

  • Data Center: defines the datacenter name for your configuration, this is the datacenter you are going to use to configure your clients. This defaults to dc1.

  • Consul Version: helps you select a Consul version to run in your datacenter. Currently, the only available version is 1.8.0. The deployment will run using Consul Enterprise.

  • External Endpoint: defines whether you want your External Endpoint enabled or disabled. “Enabled” means that your datacenter will have a public IP address. “Disabled” means that you will have no public IPs visible to the internet. Note that if you select “Disabled” you will not be able to connect to the datacenter unless you can route to the VLAN and IP address configured for Consul.

  • VNET starting IP address: configures the initial IP address for the VNET CIDR range of your Consul datacenter. A prefix of /24 will be applied to the created VNet. The default value should be fine for test environments. In case you are planning to connect the HCS datacenter to an existing VNet that already uses addresses in the default range, or if you have internal policies on the address ranges to use internally, you can adapt your instance to your needs by changing the default value here.

Click Review + Create and then Create to create the cluster. The cluster will be provisioned, which shouldn't take more than 15 minutes.

You can monitor the status of the provisioning process by navigating to your resource group (such as learn-hcs-lab), finding your application (such as learnlab), and examining the Overview section. If you see a message that "The application is still being provisioned", wait a few minutes and refresh the page. Provisioning should take less than 15 minutes.

Azure Managed Application Dashboard Being Provisioned

»Access the Consul UI

There are two options for accessing the Consul UI. The first and quickest is through the Azure dashboard. Alternatively, you can access the UI in a new browser tab.

To display the embedded Consul UI open the Azure portal using this link:

https://portal.azure.com/?feature.canmodifystamps=true&Microsoft_Azure_Appliance=beta&feature.amaiframe=true

This link contains a feature flag that enables IFrame behavior. Once you have done so, navigate to your application and click “Consul UI” in the left hand navigation pane.

Azure Marketplace Consul UI Azure Dashboard

You will be able to access the Consul UI and asked to login.

»Delete your HCS on Azure datacenter

Continue to the next steps below to read additional tutorials on how to use your Consul service. Review them if you want to start experimenting with your Consul service and conduct integration tests for your applications.

Remember to delete the test environment at the end of your tests. Follow these steps to remove the application from your resource group.

  • Navigate to the resource group you deployed (learn-hcs-lab in our case).

  • Locate the application (learnlab in our case) and click on it to open the overview.

  • In the overview screen click on the Delete button as shown on the screen below.

Azure Marketplace Consul HCS delete

Once you confirm deletion, the Consul service will be removed from your resource group.

»Next steps

In this tutorial, you deployed the managed HashiCorp Consul Service (HCS) on Azure. You learned how to access the Consul UI and how to delete your HCS on Azure.

In the the next tutorial, Discover HashiCorp Consul Service on Azure Configuration you will learn how to retrieve HCS on Azure data including server connection information, Consul client configuration, and Consul certificates. The data retrieved enables you to add Consul clients VMs.

If you want to use HCS with AKS clients on Azure you can follow Connect an Azure Kubernetes Service (AKS) cluster to HashiCorp Consul Service on Azure.

If you have any feedback the HashiCorp Consul Service on Azure, including leaving comments and filing bugs, contact HCS-beta@hashicorp.com.

You can monitor the state of the HashiCorp Consul Service on Azure and subscribe to updates at https://hashicorpcloud.statuspage.io/.