Security and Networking
This learning track is part of the Day 1 learning path, and will cover how to secure and set up networking for your first Consul cluster. It assumes that you have already completed the Day 1: Deploying Your First Datacenter track.
By following this track you will learn about:
By the end of this guide, you will be able to configure gossip encryption on a your cluster. Gossip communication between all agents in the cluster can be secured with a symmetric key.
Securing Agent Communication with TLS Encryption
By the end of the this guide, you will know how to generate certificates for your cluster. This guide will cover how to create a Certificate Authority(CA), and how to generate server certificates and client certificates. Encrypting both incoming and outgoing communication is crucial for securing the cluster.
Securing Consul with ACLs
By the end of this guide, you will have ACLs configured on the Consul agents, servers and clients. For each step, you will be able to recognize if the process is not properly executed. Optionally, you can also configure the anonymous token and token for the UI.
Managing ACL Policies
By the end of this guide, you will be able to discover the minimum privileges required for any datacenter operation.
By the end of this guide, you will be able to update the parameters for tuning stale reads, negative response caching, and TTL in the agent's configuration file.
By the end of this guide, you will be able to setup DNS forwarding from BIND, dnsmasq, Unbound, systemd-resolved, iptables, or macOS. You will also be able to test and troubleshoot the DNS service after the initial setup.
Datacenter Federation with WAN Gossip
By the end of this guide, you will connect two datacenters using WAN gossip. This guide includes two methods for connecting the Consul servers, on the command line or in the agent's configuration file.