HomeArchitectureDeploying Consul on HCP - Part 1

Deploying Consul on HCP – Part 1

In our last post, What is a Service Mesh? I said Mesh, not Mess, we introduced the concepts of a service mesh and explained how it differs from Service Discovery and API gateways.  In that article, we talked about the architecture, and introduced the concepts of the solutions, and explained several use cases.

In this article, we start our journey into deploying a Service Mesh based on Consul, a Hashicorp product.

Why Consul as a Service Mesh?

Hashicorp Consul product is a mature and fully featured product that has almost nine years of development (at the time of writing (January 2023)).  Hashicorp has improved its functionality incrementally over this period and recently improved the ease of deploying the solution by deploying the Raft Consensus protocol (2019) into the product to simplify the clustering component of the product. Further, with the release of Consul 1.14, they introduced the concept of the Sidecar into consul to remove the requirement for deploying the Consul Client on Kubernetes.  This is a vast improvement in ease of use and significantly lowers the bar to entry; with this change, Consul is now truly a Service Mesh.

There are many advantages to this new architecture. Instead of using the gossip protocol, the Consul Dataplane needs one gRPC connection to the Consul servers. Additionally, any peer networks between the Consul servers and runtimes running workloads are not necessary. There is no requirement to configure the gossip encryption key because, as already stated, the Consul Dataplane does not use the gossip protocol. Furthermore, it is no longer necessary to distribute unique ACL tokens for every client agent.

Our First Decision on deploying Consul as a Service Mesh is where.

Usually, the first discussion point is why, but we assume you have already had that discussion and understand your use cases, requirements and value proposition for deploying a Service Mesh, or you read the previous section.   There are three main methods of deploying Consul in the wild.  These are:

  • Roll your own with VM’s
  • Roll your own on Kubernetes
  • Deploying Consul on HCP

Each option has its benefits and constraints, but the endpoint is a standardised interface for your service mesh deployment.  For the benefits of this article, we will only be deploying the features of the free open-source product.  Yes, there is much value in the free version.

Deploying Consul Service the Hard way (roll your own)

Deploying HashiCorp consul services in a cloud environment by rolling your own can be quite a complicated process. But one of the best reasons is that you can utilise the open-source and free, as in beer.  Therefore, you can dip your toes into Service Mesh, and enhance your deployment without incurring external costs.  There are however some functional limitations.

Consul Pricing
Consul Pricing

However, since HashiCorp have the ability to deploy a Consul cluster on Hashicorp’s managed platform HCP,  things are significantly simpler to deploy.

Currently the Consul service can be deployed on both AWS and Azure from the HCP portal,  we have discussed HCP before, so we are making the assumption you already have a login to the platform.

Once you have successfully logged in you will be presented with the familiar home portal

HCP Home Dashboard
Familiar HCP Dashboard

Click on the Deploy Consul link to start the process of deploying your first Cluster.

Create a Cluster
Let’s get the party started.

As shown above, you can deploy into both AWS and Azure, yes it is still limited regions with AWS have the greater global reach. To start we will look at deploying on AWS, then we will look at the deployment process for Azure.

Select the AWS box and click the next button at the bottom of the form.

Manual or Automated Deployment
Pointy clicky or automate it all out?

You are now presented with two options, for this article we will concentrate on manually deploying the service. So make sure that you have selected “HCP UI workflow” and click the “next” button to continue.  The form that you are presented with is quite busy so we will look at each section individually start with the network option.

Consult AWS Network
Creating your HVN on AWS

Chose your network name and desired region, if this is a production environment it is important that you consider your network naming well, because if you need to change it at a later date it will mean a complete redeploy of the environment.  We have chosen London as our region, and as this is a test environment, we are not selecting a custom CIDR and accepting the default one provided by HashiCorp.  Once you have completed your settings, we move on to the customisation of the cluster.

Cluster conifuguration
make your choice, Development, standard or plus

Give your Cluster a meaningful name, we chose “amazic-consul-cluster”.  As with the naming of the network the “Cluster Tier” side needs some consideration if it is to be a production server as it is not possible to change this after deployment.  Even though this is a test environment, we decided to go with a standard deployment, as we want to show the cluster functionality.  There is also the added advantage that an HCP deployed Consul Cluster is using the Enterprise binaries, so fully featured.  Finally we need to set the cluster size.

time to consider costs
How much is this going to cost me?

As this is a Test environment with minimal expected throughput, we chose to deploy the small cluster.  It is important to remember that here you are not stuck, if your needs change and you need more throughput or are adding more services, you can edit your deployment’s host sizes.   In a production Cluster, it is recommended that you protect your Service Mesh, and not set it to allow public connections,  again as this is a test environment and ease of access is desired we set it to allow connections.  Finally, we set our version to the latest and greatest as per the deployment recommendations.  To deploy this cluster, simply click the deploy “Cluster” button.

NOTE:  Amazic is not responsible for any charges relating to this guide.  HCP Consul service is a costed deployment and you will incur service costs.

Creating the cluster
Oh look, its deploying.

The deployment will take approximately 10 minutes.

While the AWS version is deploying, let’s have a look at the process for deploying on Azure.

As we already have a deployment in place the view is slightly different.  Now, when we login to the dashboard, we can see that it recognises that we have a cluster.

Consul is alive
Oh look Consul is Active

Click the “View Consul” button and  you will immediately notice that this is significantly different.

Deploying Consul
Oh look, somethings a little different.

To get started we now need to click the “+ Create Cluster” button.

Now we are back in familiar territory.

familiar territory
OK let’s have a look at deploying an Azure based Consul Service

Make sure you have the radio button in the “Microsoft Azure” box has been selected and click “Next” to continue.

Again we will go down the “HCP UI workflow” route so make sure that the radio button is selected in that box and click “Next” to continue.

Here we can see a slight difference, but this is not due to any difference between Azure HCP and AWS HCP; but due to the fact that we have deployed a Vault Cluster on Azure.  If we had not deployed any resources in Azure on HCP this would look exactly the same.  If you wish, click the “+ Create new network” link to add a second network to Azure.

Azure Network
Something is different. but why?

Next we look at the cluster customization section, here we can see that there are less options.

Azure HCP
there are not as many options in Azure as in AWS

The remainder of the Azure customization form reflect the AWS deployment form.  If you wish click “Create Cluster” to deploy the server on Azure

NOTE: This is a costed deployment, Amazic is not responsible for any charges incurred.

Whilst we have been reviewing the deployment process on Azure, our AWS cluster had finished deploying and is now running.

every thing is now up and running
We have life, AWS HCP Consul is running

Logging on to Consul for the first time.

To logon to Consul for the first time from HCP,  click on the “amazic-consul-cluster” link.  This will open your cluster environment.

Consul portal
The infrastructure is deployed not lets start configuring

To login to your consul service, you will need to create an access token. To do this click the “Access Consul” dropdown

Admin Token Generation
let’s start to log in for the first time.

Click on the “Generate admin token” link.

Generated Token
we have our token.

Copy the token and click the “Launch UI Publicly” link.

Logging on for the first time.
Everybody remembers their first time.

Click the log in button and enter the previously copied token into the SecretID box, then click login.

Consul portal
And we are in.

Proof it is alive!

Next we need to connect our AWS VPC to the HVN to that workload can communicate with HCP Consul.

Return to the HCP Portal, and start to configure AWS to HVN peering.

AWS Peering
HVN to AWS Peering

Click the dropdown button and for simplicity we will chose Automatic peering connection

AWS Peering
Three options, take your pick

This will direct you to your AWS environment,  if you are currently logged in a cloud formation stack page will open.   We are going to accept the defaults, the only decision needed to to select the VPC that will be peered.

Create your Peer
the Marriage is almost complete.

Click the check box acknowledging that Cloud formation will create ant necessary resources. And click “Create Stack” to create the peering.  Once complete you should have something similar to the image below.

Peering is complete
AWS to HVN peering is in complete

Return back to the HCP portal and you will notice that the display has changed

We now have choices

Click on the view existing button to verify the connection.

Proof we are peered

You have two options to connect further AWS VPC’s, you can either click the “Connect more” button from the currently displayed form or return to the previous form and click the “Connect” button.

The final stage is to Click the “Deploy” button

deploy clients
deploying clients.

We will leave this as an exercise for the reader.


As you can see, Consul is reasonably simple to deploy when using HashiCorp HCP Platform.  In the next article ,we will look at automating the creation using Terraform and in the final article in the series we will show how to create service discovery and a service mesh on your environment.

If you have questions related to this topic, feel free to book a meeting with one of our solutions experts, mail to sales@amazic.com.


Receive our top stories directly in your inbox!

Sign up for our Newsletters