The Big Infra

While working on Consul and Vault and discovering their features, I began to think I had enough tools to build a complete infrastructure that will follow my principles and help me to reach my goals (presented here).

So I decided to build one: let’s have a look

Of course, this demo is only a demo and is probably not well-suited for real use-cases.

Goals

I want to build an infrastructure that will serve a simple service: an echo TCP server based on socat (here is a simple Ansible playbook).

Here are the constraints for the infrastructure:

Here are the constraints for the deployment:

My initial plans was to also use the Auto-scalling feature from AWS.
But I was not able to find a way to create, in a secure manner, per-host unique accesses to Vault, using this method.

So the infrastructure will not scale automatically.

Tools

Here is the list of the different tools I used:

I only have access to the free editions of Consul and Vault.

Results

This projects gave me the opportunity to work with a lots of tools and I’ve learned and build a lot.
It also gives me the opportunity to open and participate in tickets and PRs, in the Consul and in some Terraform providers repositories (for example: Consul #5602, Consul #6192, Consul #6284, Terraform Provider Cloudflare #428).

Here is a global view of the infrastructure:

"global"

The picture does not show some important parts of the project:

Roadmap

If I could find some time, I really would like to work on those features:

3, 2, 1, Let’s jam!

Do you want more information, do you want to try this demo yourself? go!

This will probably take (in cumulative time): 2 hours for the preparations and 4 hours for the deployment.
But there will be a lot of coffee breaks

Here are the chapters: