Consul Auto Config deployment on Azure Kubernetes service

Hi

I am following the link Automate Consul Agent Security with Auto Config | Consul | HashiCorp Developer that has information regarding using auto-config in Consul. There is a docker file shipped with source code inside the secint(alternativer to vault) folder here: learn-consul-docker\datacenter-deploy-auto-config\secint folder (link to same is given in the above url) that builds docker image but with single node server and without any security config. This docker file says:

By default you’ll get an insecure single-node development server that stores

everything in RAM, exposes a web UI and HTTP endpoints, and bootstraps itself.

Don’t use this configuration for production.

But we need an image that has the auto config functionality configured. Seems like we need to build the image by creating the docker file, upload to our ACR (Azure Container registry) and deploy to AKS Cluster.

Is there any image available for us to consume that mimics the Infrastructure for auto config given in the link above(4 node Consul Cluster setup + 1 node for vault ) and use the functionality in AKS? Basically we wanted to deploy the official image of Service Mesh consul through helm chart to our infrastructure and and then want to configure an Azure VM outside the AKS Cluster communicating with the Consul Servers (running in AKS).

below is the docker compose file given in the link for the auto config setup.

version: ‘3.7’

services:

consul-server1:
image: hashicorp/consul:1.11.2
container_name: consul-server1
hostname: consul-server1
depends_on:
- vault-server
restart: always
volumes:
- ./consul/server1.json:/consul/config/server1.json
- ./certs/:/consul/config/certs/:ro
networks:
- hashicorp
ports:
- “8500:8500”
- “8600:8600/tcp”
- “8600:8600/udp”
command: “agent -bootstrap-expect=3”

consul-server2:
image: hashicorp/consul:1.11.2
container_name: consul-server2
hostname: consul-server2
depends_on:
- vault-server
restart: always
volumes:
- ./consul/server2.json:/consul/config/server2.json
- ./certs/:/consul/config/certs/:ro
networks:
- hashicorp
command: “agent -bootstrap-expect=3”

consul-server3:
image: hashicorp/consul:1.11.2
container_name: consul-server3
hostname: consul-server3
depends_on:
- vault-server
restart: always
volumes:
- ./consul/server3.json:/consul/config/server3.json
- ./certs/:/consul/config/certs/:ro
networks:
- hashicorp
command: “agent -bootstrap-expect=3”

consul-client:
image: hashicorp/consul:1.11.2
container_name: consul-client
hostname: consul-client
restart: always
volumes:
- ./consul/client.json:/consul/config/client.json
- ./certs/:/consul/config/certs/:ro
- ./tokens/:/consul/config/tokens/
networks:
- hashicorp
command: “agent”

vault-server:
image: hashicorp/vault:1.8.1
container_name: vault-server
hostname: vault-server
restart: always
ports:
- “8200:8200”
environment:
VAULT_ADDR: “http://vault-server:8200
VAULT_API_ADDR: “http://vault-server:8200
VAULT_DEV_ROOT_TOKEN_ID: “vault-plaintext-root-token”
CONSUL_HTTP_ADDR: “consul-server1:8500”
CONSUL_HTTP_TOKEN: “e95b599e-166e-7d80-08ad-aee76e7ddf19”
cap_add:
- IPC_LOCK
volumes:
- ./vault/policy.json:/vault/policies/policy.json
networks:
- hashicorp

networks:
hashicorp:
driver: bridge

Thanks,
SuvroJyoti