Security and Networking
This learning track is part of the Day 1 learning path, and will cover how to secure and set up networking for your first Consul cluster. It assumes that you have already completed the Day 1: Deploying Your First Datacenter track.
By following this track you will learn about:
Securing Consul with ACLs
By the end of this guide, you will have ACLs configured on the Consul agents, servers and clients. For each step, you will be able to recognize if the process is not properly executed. Optionally, you can also configure the anonyomous token and token for the UI.
Creating Agent Certificates
By the end of the this guide, you will know how to generate certificates for your cluster. This guide will cover how to create a Certificate Authority(CA), and how to generate server certificates and client certificates.
Gossip and RPC Encryption
By the end of this guide, you will be able to configure gossip and RPC encryption on a your cluster. Encrypting both incoming and outgoing communication is crucial for securing the cluster.
By the end of this guide, you will be able to update the parameters for tuning stale reads, negative response caching, and TTL in the agent's configuration file.
By the end of this guide, you will be able to setup DNS forwarding from BIND, dnsmasq, Unbound, systemd-resolved, iptables, or macOS. You will also be able to test and troubleshoot the DNS service after the initial setup.
Multiple Datacenters: Basic Federation with WAN Gossip
By the end of this guide, you will connect two datacenters using WAN gossip. This guide includes two methods for connecting the Consul servers, on the command line or in the agent's configuration file.