Instructor-led workshops have always been a popular attraction at HashiConf events. However, those conferences were one of the few opportunities to learn from what was taught there.
So when we transitioned to an exclusively online format for HashiConf events in 2020, it was time to rethink both our goals and our delivery format.
We delivered 20 hands-on projects using an in-browser terminal together with the best instructors and assistants to answer questions and help along the way. And unlike previous conferences, we've now published all of that content for you to learn from for free, at your own pace, at any time.
This post offers a textual step-by-step description of the tutorials, or click the "Show Terminal" button to launch the in-browser terminal with all code installed and services configured for you.
Consul has always been a multi-functional tool for your cloud networking needs, but in 2020 it's an even more powerful service networking tool that works with Kubernetes, as a managed service on Azure, and as the first part of the HashiCorp Cloud Platform.
Install and configure Consul service mesh on an existing Kubernetes cluster.
Deploy two services to Consul's service mesh running on a Kubernetes cluster. The two services will use Consul to discover each other and communicate over mTLS with sidecar proxies.
This tutorial builds on the previous tutorial (or you can start here without completing the previous tutorial). You will define high-level privileges to secure network traffic using Consul intentions within a Kubernetes cluster.
ACLs operate by grouping rules into policies, then associating one or more policies with a token. You will bootstrap the ACL system and then learn how to create tokens with minimum privileges for servers, clients, services, DNS, Consul key/value store, and the Consul UI.
Correctly configuring TLS can be a complex process, especially given the wide range of deployment methodologies. This guide will provide you with a production-ready TLS configuration for RPC and consensus communication.
It wasn't long ago that connecting and securing communication across multiple Kubernetes clusters was difficult. In this tutorial, you'll use Consul to secure service-to-service communication across multiple Kubernetes clusters with Consul's mesh gateway feature. Mesh gateways enable you to secure cross-datacenter communication that may be sent over the public internet with mTLS.
There are many resources to help you learn to provision cloud infrastructure with Terraform. For HashiConf Digital, we created intermediate and advanced tutorials so you can use Terraform confidently in production environments.
Some Terraform projects start as a monolith. Restructuring your monolith into logical units will make your Terraform configurations less confusing and safer to modify. This was our most popular tutorial at HashiConf and you can experience it now on your own time.
This tutorial packs a lot of useful content into a single tutorial. You'll deploy Consul and Vault to a Kubernetes cluster using Terraform Cloud run triggers, a feature where multiple workspaces can be linked together. The Kubernetes cluster starts with three nodes but when expanded to five nodes, it will trigger the Consul and Vault run triggers to deploy Consul and Vault.
Sentinel is a language and policy framework in Terraform Cloud, which restricts Terraform actions to defined, allowed behaviors. Policy authors manage Sentinel policies in Terraform Cloud with policy sets which are groups of policies. Organization owners control the scope of policy sets by applying certain policy sets to the entire organization or to select workspaces.
Vault is the best solution for encrypting secrets for use by Kubernetes applications. And now with integrated storage and the transform secrets engine, you can do even more.
Manage Secrets with Vault on Kubernetes
After completing these three tutorials, you'll be confident using Vault to store secrets that can be accessed from applications running on Kubernetes. Start with Vault Installation to Minikube via Helm then proceed to Injecting Secrets into Kubernetes Pods via Vault Helm Sidecar and finish with Mount Vault Secrets through a Container Storage Interface Volume.
Highly Available (HA) Cluster with Integrated Storage
Protecting Data with Transform Secrets Engine
Use the Transform Secrets Engine to protect personally identifiable information while preserving the data format and length (such as a credit card number or a PIN).
Run applications with Nomad in a secure and scalable way.
Work with tokens, policies, and capabilities to restrict or enable access in Nomad.
Nomad can encrypt all communication between servers, including membership and liveness data. In this tutorial, you'll generate an encryption key and configure your servers to use it.
Securing Nomad's cluster communication is not only important for security but can even ease operations by preventing mistakes and misconfigurations. In this tutorial you'll learn to create certificates, configure Nomad, switch and existing cluster to use TLS, rotate certificates, and migrate a cluster to TLS.
You'll use NGINX to balance load across multiple instances of the Nomad UI. In order to deliver full functionality, you'll configure NGINX to meet Nomad's requirements. Your final setup will be capable of load balancing HTTP and WebSocket traffic.
We hope you'll find these hands-on tutorials educational and helpful. Please do not forget to leave feedback on the form at the bottom of any tutorial and discover even more at HashiCorp Learn.
We have updated our tutorials on integrating Terraform with CircleCI and GitHub Actions.
New Sentinel HTTP import capabilities in Vault Enterprise 1.5 enable new sophisticated governance policies. See it in action.
Terraform 0.14 is now available in beta and features improvements in security, visibility, and stability.