Introduction
HashiCorp Validated Designs (HVDs) provide customers and partners with best practices for deploying resilient, secure, and high-performance HashiCorp solutions on various platforms. This solution guide offers HashiCorp's recommendations for deploying Consul Enterprise, enabling your organization to leverage Consul for discovering and securely connecting services across any environment using identity-based networking. By following this guide, you can enhance application resilience, improve uptime, accelerate deployment, and strengthen security in service-to-service communications.
Objective
The objective of this Consul Solution Design Guide is to assist you in deploying Consul Enterprise. Consul allows users to register services for service discovery use cases in a centralized registry, enabling the discovery, monitoring, and tracking of service health. Additionally, it supports service mesh use cases for secure service-to-service communication across multiple environments, platforms, and runtimes.
This guide addresses these objectives using two architectural patterns:
- Consul on virtual machines (VMs)
- Consul on Kubernetes
These patterns are adaptable to various cloud providers and on-premises environments, ensuring flexibility in deployment.
Note
The recommendations in this solution guide are derived from different production Consul deployments. Before you implement these recommendations, carefully evaluate them and determine if it is acceptable for your specific environment.Audience
This document is designed for development, platform, networking, and application security teams seeking to implement Consul Enterprise to register, discover, and securely connect applications across cloud and datacenter environments.
Document structure
| Document section | Purpose |
|---|---|
| Consul overview | Provides a high-level view of the key components in a Consul Enterprise deployment. |
| Consul architecture | Offers a structured approach for deploying Consul Enterprise, drawing on best practices from production deployments on virtual machines and Kubernetes, for both service discovery and service mesh use cases. |
| Consul on virtual machines | Provides recommendations for deploying the control plane and data plane components of Consul on virtual machines in cloud or on-premise environments. |
| Consul on Kubernetes | Offers guidance for deploying the control plane and data plane of Consul on Kubernetes. |
| Detailed design | Focuses on example Terraform configurations and design implementation choices for deploying the control plane and data plane components on virtual machines and Kubernetes. |
| Deploying Consul using Terraform | This section provides step-by-step instructions to install and verify the Consul Enterprise deployment using Terraform. |
| Use Cases | Lists common Consul Service Discovery and Service Mesh use cases, along with their recommended deployment patterns. |
Supported versions
This version of the guide has been validated with the following versions of Consul Enterprise:
- Consul Enterprise 1.19.x+ent(opens in new tab)
Language and definitions
This documentation uses technology-agnostic terminology; however, some terms may vary slightly between cloud providers. Below are the definitions of key terms used throughout this document.
| Cloud provider terms | Definition |
|---|---|
| Region | A physical location with multiple clusters of data centers globally. |
| Availability zone (AZ) | One or more distinct data centers within a region, each with redundant power, networking, and connectivity. |
| Public subnet | A network accessible to application users. |
| Private subnet | A network used internally by applications, not accessible to application users. |
| Secrets Manager (SM) | A system used to securely store and manage secrets for bootstrapping and configuration. |
| Virtual private cloud (VPC) | A software-defined cloud networking environment. |
| Consul terms | Definition |
|---|---|
| Datacenter(opens in new tab) | The smallest unit of Consul infrastructure capable of performing basic operations. It may align with cloud region boundaries. |
| Partition or Admin Partition(opens in new tab) | A logical boundary within a single Consul datacenter that separates distinct network boundaries or teams. |
| Peering or Cluster Peering(opens in new tab) | A Consul datacenter or admin partition with an established relationship with a remote datacenter or partition. |
| Attribute | Definition |
|---|---|
| Availability | Design features that minimize the impact of subsystem failures on overall solution uptime. |
| Operational excellence | Best practices that ensure efficient management and operation of the system. |
| Performance | How design decisions affect the overall performance of the solution. |
| Scalability | The ability of design decisions to allow the service usage and control plane to handle increasing workloads. |
| Security | How a design decision affects the security posture of the overall solution. |