Consul: Service Discovery & Configuration

Master HashiCorp Consul for service discovery, configuration management, and service mesh

20 min readIntermediate
Not Started
Loading...

What is Consul?

HashiCorp Consul is a service networking solution that enables teams to manage secure network connectivity between services, discover services dynamically, and configure services centrally. It provides service discovery, health checking, key-value storage, and multi-datacenter support out of the box.

Core Components

  • • Service Registry & Discovery
  • • Health Monitoring
  • • KV Store
  • • Service Mesh (Connect)
  • • Multi-Datacenter

Key Benefits

  • • Dynamic infrastructure
  • • Zero-trust security
  • • Runtime configuration
  • • Platform agnostic
  • • High availability

Core Features

Service Discovery

Automatic service registration and discovery with health checking

Use Case: Microservices can find and communicate with each other dynamically

Configuration Example

{
  "service": {
    "name": "api-gateway",
    "port": 8080,
    "tags": ["primary", "v1"],
    "check": {
      "http": "http://localhost:8080/health",
      "interval": "10s",
      "timeout": "5s"
    }
  }
}

Key Benefits

Dynamic service registry
Health-based routing
DNS and HTTP interfaces
Multi-datacenter support
Service mesh integration

Service Health Monitor

Cluster Health Status

Overall Health: 75%

Healthy Services
3
Warning Services
1
Critical Services
0

Health Check Types

HTTP

REST endpoint checks

TCP

Port connectivity

Script

Custom health scripts

Implementation Patterns

Service Mesh with Consul Connect

Zero-trust networking with automatic TLS and service authorization

Implementation: Sidecar proxies handle encryption and authorization

Example Configuration

# Service definition with Connect
{
  "service": {
    "name": "web",
    "port": 8080,
    "connect": {
      "sidecar_service": {
        "proxy": {
          "upstreams": [
            {
              "destination_name": "api",
              "local_bind_port": 9090
            }
          ]
        }
      }
    }
  }
}

# Intention for service authorization
consul intention create -allow web api

Key Considerations

  • Automatic mTLS between services
  • Service-to-service authorization
  • Transparent proxy injection
  • Observability integration
  • Progressive rollout support

Consul vs Other Solutions

FeatureConsulEurekaEtcdZookeeper
Service Discovery✓ Native✓ Native○ Basic○ Basic
Health Checking✓ Built-in✓ Built-in✗ External✗ External
KV Store✓ Yes✗ No✓ Yes✓ Yes
Multi-DC✓ Native○ Limited○ Manual○ Manual
Service Mesh✓ Connect✗ No✗ No✗ No

Best Practices

Deployment

  • Run 3-5 server nodes for HA
  • Use separate server and client agents
  • Enable ACLs in production
  • Use TLS for agent communication

Performance

  • Tune health check intervals
  • Use blocking queries for watches
  • Cache DNS responses appropriately
  • Limit KV value sizes (< 512KB)

Security

  • Enable and enforce ACLs
  • Use intentions for service auth
  • Rotate gossip encryption keys
  • Audit sensitive KV operations

Monitoring

  • Export metrics to Prometheus
  • Monitor leader elections
  • Track service health trends
  • Alert on cluster state changes

📝 Test Your Knowledge

📝 Consul Quiz

1 of 5Current: 0/5

What protocol does Consul use for cluster membership and failure detection?