Day 1: Security and Network Operations

Introduction

» Security and Networking

This learning track is part of the Day 1 learning path, and will cover how to secure and set up networking for your first Consul cluster. It assumes that you have already completed the Day 1: Deploying Your First Datacenter track.

By following this track you will learn about:

» Securing Consul with ACLs

By the end of this guide, you will have ACLs configured on the Consul agents, servers and clients. For each step, you will be able to recognize if the process is not properly executed. Optionally, you can also configure the anonyomous token and token for the UI.

Bootstrapping ACLs

» Creating Agent Certificates

By the end of the this guide, you will know how to generate certificates for your cluster. This guide will cover how to create a Certificate Authority(CA), and how to generate server certificates and client certificates.

Creating Agent Certificates

» Gossip and RPC Encryption

By the end of this guide, you will be able to configure gossip and RPC encryption on a your cluster. Encrypting both incoming and outgoing communication is crucial for securing the cluster.

Gossip and RPC Encryption

» DNS Caching

By the end of this guide, you will be able to update the parameters for tuning stale reads, negative response caching, and TTL in the agent's configuration file.

DNS Caching

» Forwarding DNS

By the end of this guide, you will be able to setup DNS forwarding from BIND, dnsmasq, Unbound, systemd-resolved, iptables, or macOS. You will also be able to test and troubleshoot the DNS service after the inital setup.

Forwarding DNS

» Multiple Datacenters: Basic Federation with WAN Gossip

By the end of this guide, you will connect two datacenters using WAN gossip. This guide includes two methods for connecting the Consul servers, on the command line or in the agent's configuration file.

Multiple Datacenters