Difficulty: Beginner
Estimated Time: 10 minutes

Secure Consul Agent Communication with ACL

In this hands-on lab, you will deploy a secure Consul datacenter using Docker.

The lab will guide you through the steps necessary to deploy Consul with ACLs enabled to secure acces to the UI, API, CLI, services, and agents.

Specifically, you will:

  • Configure a default-deny policy
  • Enable token persistence through configuration
  • Start a server with user-defined configuration
  • Bootstrap the ACL System
  • Configure your environment to use the bootstrap token
  • Create a server policy
  • Associate the server policy with a token
  • Register the server token with the server agent
  • Create a client policy
  • Associate the client policy with a token
  • Register the client token with the client agent via configuration
  • Join a client agent to an existing datacenter with ACLs enabled and configured.
  • Create a read-only policy for non-priveleged access
  • Associate the non-priveleged policy with a token
  • Verify limited access with non-priveleged token

If you are already familiar with the basics of Consul, Secure Consul with ACLs provides a reference guide for the steps required to enable and use ACLs on your Consul datacenter.

Review

In this hands-on lab, you deployed a secure Consul datacenter using Docker.

The lab guided you through the steps necessary to deploy Consul with ACLs enabled for agent RPC communications.

Specifically, you:

  • Configured a default-deny policy
  • Enabled token persistence through configuration
  • Started a server with user-defined configuration
  • Bootstrapped the ACL System
  • Configured your environment to use the bootstrap token
  • Created a server policy
  • Associated the server policy with a token
  • Registered the server token with the server agent
  • Created a client policy
  • Associated the client policy with a token
  • Registered the client token with the client agent via configuration
  • Joined a client agent to an existing datacenter with ACLs enabled and configured.
  • Created a read-only policy for non-priveleged access
  • Associated the non-priveleged policy with a token
  • Verified limited access with non-priveleged token

Next Steps

If you are already familiar with the basics of Consul, Secure Consul with ACLs provides a reference guide for the steps required to enable and use ACLs on your Consul datacenter.

Secure Consul with ACLs

Step 1 of 7

Provisioning Lab Infrastructure

There are a few components that need to be added to the environment; we are adding them now. Wait for the complete message and then move to the next step.

Example Output

- Install prerequisites
- Install Consul locally
- Installing Consul x.y.z
- Pulling Docker image for Consul x.y.z
- Creating Docker volumes

and concluding with

- Complete! Move on to the next step.

Once this message appears, you are ready to continue.

Terminal
server
client
Consul UI
Dashboard
This tab will not be visible to users and provides only information to help authors when creating content.

Creating Katacoda Scenarios

Thanks for creating Katacoda scenarios. This tab is designed to help you as an author have quick access the information you need when creating scenarios.

Here are some useful links to get you started.

Running Katacoda Workshops

If you are planning to use Katacoda for workshops, please contact [email protected] to arrange capacity.

Debugging Scenarios

Below is the response from any background scripts run or files uploaded. This stream can aid debugging scenarios.

If you still need assistance, please contact [email protected]