Learn From 20 Free Interactive Tutorials As Presented At HashiConf Digital

Instructor-led workshops have always been a popular attraction at HashiConf events. However, those conferences were one of the few opportunities to learn from what was taught there.

So when we transitioned to an exclusively online format for HashiConf events in 2020, it was time to rethink both our goals and our delivery format.

We delivered 20 hands-on projects using an in-browser terminal together with the best instructors and assistants to answer questions and help along the way. And unlike previous conferences, we've now published all of that content for you to learn from for free, at your own pace, at any time.

This post offers a textual step-by-step description of the tutorials, or click the "Show Terminal" button to launch the in-browser terminal with all code installed and services configured for you.

»Consul

Consul has always been a multi-functional tool for your cloud networking needs, but in 2020 it's an even more powerful service networking tool that works with Kubernetes, as a managed service on Azure, and as the first part of the HashiCorp Cloud Platform.

• Deploy Consul Service Mesh on Kubernetes

  Install and configure Consul service mesh on an existing Kubernetes cluster.

• Secure Applications with Service Sidecar Proxies

  Deploy two services to Consul's service mesh running on a Kubernetes cluster. The two services will use Consul to discover each other and communicate over mTLS with sidecar proxies.

• Enforce a Zero-trust Network with Consul Service Mesh

  This tutorial builds on the previous tutorial (or you can start here without completing the previous tutorial). You will define high-level privileges to secure network traffic using Consul intentions within a Kubernetes cluster.

• Secure Consul with Access Control Lists

  ACLs operate by grouping rules into policies, then associating one or more policies with a token. You will bootstrap the ACL system and then learn how to create tokens with minimum privileges for servers, clients, services, DNS, Consul key/value store, and the Consul UI.

• Secure Consul Agent Communication with TLS Encryption

  Correctly configuring TLS can be a complex process, especially given the wide range of deployment methodologies. This guide will provide you with a production-ready TLS configuration for RPC and consensus communication.

• Secure Service Mesh Communication Across Kubernetes Clusters

  It wasn't long ago that connecting and securing communication across multiple Kubernetes clusters was difficult. In this tutorial, you'll use Consul to secure service-to-service communication across multiple Kubernetes clusters with Consul's mesh gateway feature. Mesh gateways enable you to secure cross-datacenter communication that may be sent over the public internet with mTLS.

»Terraform

There are many resources to help you learn to provision cloud infrastructure with Terraform. For HashiConf Digital, we created intermediate and advanced tutorials so you can use Terraform confidently in production environments.

• Separate Development and Production Environments

  Some Terraform projects start as a monolith. Restructuring your monolith into logical units will make your Terraform configurations less confusing and safer to modify. This was our most popular tutorial at HashiConf and you can experience it now on your own time.

• Deploy Consul and Vault on Kubernetes with Run Triggers

  This tutorial packs a lot of useful content into a single tutorial. You'll deploy Consul and Vault to a Kubernetes cluster using Terraform Cloud run triggers, a feature where multiple workspaces can be linked together. The Kubernetes cluster starts with three nodes but when expanded to five nodes, it will trigger the Consul and Vault run triggers to deploy Consul and Vault.

• Enforce Policy with Sentinel

  Sentinel is a language and policy framework in Terraform Cloud, which restricts Terraform actions to defined, allowed behaviors. Policy authors manage Sentinel policies in Terraform Cloud with policy sets which are groups of policies. Organization owners control the scope of policy sets by applying certain policy sets to the entire organization or to select workspaces.

»Vault

Vault is the best solution for encrypting secrets for use by Kubernetes applications. And now with integrated storage and the transform secrets engine, you can do even more.

• Manage Secrets with Vault on Kubernetes

  After completing these three tutorials, you'll be confident using Vault to store secrets that can be accessed from applications running on Kubernetes. Start with Vault Installation to Minikube via Helm then proceed to Injecting Secrets into Kubernetes Pods via Vault Helm Sidecar and finish with Mount Vault Secrets through a Container Storage Interface Volume.

• Highly Available (HA) Cluster with Integrated Storage

  Vault can protect your data in its highly available internal storage engine. Start with Vault HA Cluster with Integrated Storage and finish with Migrating to Integrated Storage.

• Protecting Data with Transform Secrets Engine

  Use the Transform Secrets Engine to protect personally identifiable information while preserving the data format and length (such as a credit card number or a PIN).

»Nomad

Run applications with Nomad in a secure and scalable way.

• Nomad ACL System Fundamentals

  Work with tokens, policies, and capabilities to restrict or enable access in Nomad.

• Enable Gossip Encryption for Nomad

  Nomad can encrypt all communication between servers, including membership and liveness data. In this tutorial, you'll generate an encryption key and configure your servers to use it.

• Enable TLS Encryption for Nomad

  Securing Nomad's cluster communication is not only important for security but can even ease operations by preventing mistakes and misconfigurations. In this tutorial you'll learn to create certificates, configure Nomad, switch and existing cluster to use TLS, rotate certificates, and migrate a cluster to TLS.

• Configure NGINX Reverse Proxy for Nomad's Web UI

  You'll use NGINX to balance load across multiple instances of the Nomad UI. In order to deliver full functionality, you'll configure NGINX to meet Nomad's requirements. Your final setup will be capable of load balancing HTTP and WebSocket traffic.

»Conclusion

We hope you'll find these hands-on tutorials educational and helpful. Please do not forget to leave feedback on the form at the bottom of any tutorial and discover even more at HashiCorp Learn.