• HashiCorp Developer

  • HashiCorp Cloud Platform
  • Terraform
  • Packer
  • Consul
  • Vault
  • Boundary
  • Nomad
  • Waypoint
  • Vagrant
Consul
  • Install
  • Tutorials
  • Documentation
  • API
  • CLI
  • Try Cloud(opens in new tab)
  • Sign up
Datacenter Deploy

Skip to main content
8 tutorials
  • Introduction
  • Consul Reference Architecture
  • Deployment Guide
  • Consul Disaster Recovery Considerations
  • Backup Consul Data and State
  • Consul Security Considerations
  • Production Readiness Checklist
  • Next Steps

  • Resources

  • Tutorial Library
  • Certifications
  • Community Forum
    (opens in new tab)
  • Support
    (opens in new tab)
  • GitHub
    (opens in new tab)
  1. Developer
  2. Consul
  3. Tutorials
  4. Datacenter Deploy
  5. Production Readiness Checklist

Production Readiness Checklist

  • 5min

  • ConsulConsul

Below is a checklist that can help you deploy your first datacenter. This checklist is not an exhaustive list and you may need to add additional tasks depending on your environment.

Infrastructure Planning

  • Review the reference diagram and requirements.

Ports

Refer to the API documentation for specific port numbers or alternate configuration options.

  • dns, DNS server port
  • http, HTTP API port
  • https, HTTPS API port
  • grpc, gRPC API port
  • serf_lan, Serf LAN port
  • serf_wan, Serf WAN port
  • server, server RPC address port
  • sidecar_min_port, inclusive minimum port number to use for automatically assigned sidecar service registrations
  • sidecar_max_port, inclusive maximum port number to use for automatically assigned sidecar service registrations
  • expose_min_port, inclusive minimum port number to use for automatically assigned exposed check listeners
  • expose_max_port, inclusive maximum port number to use for automatically assigned exposed check listeners

Deployment

Consul Servers

  • Read the release notes for the Consul version.
  • Consul binary has been distributed to all servers.
  • Customize the server configuration file or files.
  • Autopilot is configured or disabled.
  • TLS encryption is enabled for RPC and consensus communication.
  • Gossip encryption configured.
  • ACLs bootstrapped.
  • Telemetry configured.

Consul Clients

  • Consul binary has been distributed to all clients.
  • The configuration file has been customized.
  • TLS enabled for RPC communication
  • Gossip encryption configured
  • External Service Monitor has been deployed to nodes that cannot run a Consul client.

Networking

Configure DNS Caching

Refer to the DNS caching tutorial for step by step instructions and considerations around DNS performance.

  • Stale reads have been configured in the agent configuration file.
  • Negative response caching have been configured in the agent configuration file.
  • TTL values have been configured in the agent configuration file.

Setup DNS Forwarding

Refer to the DNS forwarding tutorial for instructions on integrating Consul with system DNS.

  • BIND, dnsmasq, Unbound, systemd-resolved, or iptables has been configured.

Security

Encryption of Communication

  • TLS: RPC encryption for both incoming and outgoing communication.
  • Gossip Encryption. Both incoming and outgoing communication.

Enable ACLs

Refer to the Secure Consul with Access Control Lists (ACLs) tutorial for instructions on setting up access control lists.

  • Tokens have been created for all agents and services.

Setup a Certificate Authority

Refer to the Secure Consul Agent Communication with TLS Encryption tutorial for instructions on setting up a certificate authority.

  • Agent certificates have been created and distributed to all agents.

Monitoring

  • Telemetry has been enabled.
  • API has been configured. New user and token have been created.

Official Grafana dashboard: If your are using Grafana to monitor your Consul datacenter health, we suggest you to use the Consul Server Monitoring Dashboard maintained by the Consul team at HashiCorp.

Failure Recovery

  • Backups are being periodically captured.
  • Outage recovery plan has been outlined.
 Previous
 Next

This tutorial also appears in:

  •  
    30 tutorials
    Associate Tutorial List
    Study for the Consul Associate exam by following these tutorials. Login to Learn and bookmark them to track your progress. Study the complete list of study materials (including docs) in the Certification Prep guides.
    • Consul

On this page

  1. Production Readiness Checklist
  2. Infrastructure Planning
  3. Deployment
  4. Networking
  5. Security
  6. Monitoring
  7. Failure Recovery
Give Feedback(opens in new tab)
  • Certifications
  • System Status
  • Terms of Use
  • Security
  • Privacy
  • Trademark Policy
  • Trade Controls
  • Give Feedback(opens in new tab)