Below is a checklist that can help you deploy your first datacenter. This checklist is not an exhaustive list and you may need to add additional tasks depending on your environment.
»Infrastructure Planning
- Review the reference diagram and requirements.
»Ports
Refer to the API documentation for specific port numbers or alternate configuration options.
- DNS server
- HTTP API
- HTTPS API
- gRPC API
- Serf LAN port
- Serf WAN port
- Server RPC address
- Inclusive minimum port number to use for automatically assigned sidecar service registrations.
- Sidecar_max_port
»Deployment
»Consul Servers
- Read the release notes for the Consul version.
- Consul binary has been distributed to all servers.
- Customize the server configuration file or files.
- Autopilot is configured or disabled.
- TLS encryption is enabled for RPC and consensus communication.
- Gossip encryption configured.
- ACLs bootstrapped.
- Telemetry configured.
»Consul Clients
- Consul binary has been distributed to all clients.
- The configuration file has been customized.
- TLS enabled for RPC communication
- Gossip encryption configured
- External Service Monitor has been deployed to nodes that cannot run a Consul client.
»Networking
»Configure DNS Caching
Refer to the DNS caching tutorial for step by step instructions and considerations around DNS performance.
- Stale reads have been configured in the agent configuration file.
- Negative response caching have been configured in the agent configuration file.
- TTL values have been configured in the agent configuration file.
»Setup DNS Forwarding
Refer to the DNS forwarding tutorial for instructions on integrating Consul with system DNS.
- BIND, dnsmasq, Unbound, systemd-resolved, or iptables has been configured.
»Security
»Encryption of Communication
- TLS: RPC encryption for both incoming and outgoing communication.
- Gossip Encryption. Both incoming and outgoing communication.
»Enable ACLs
Refer to the "Secure Consul with Access Control Lists (ACLs)" tutorial for instructions on setting up access control lists.
- Tokens have been created for all agents and services.
»Setup a Certificate Authority
Refer to the "Secure Consul Agent Communication with TLS Encryption for instructions on setting up a certificate authority.
- Agent certificates have been created and distributed to all agents.
»Monitoring
- Telemetry has been enabled.
- API has been configured. New user and token have been created.
»Failure Recovery
- Backups are being periodically captured.
- Outage recovery plan has been outlined.