Hello. We’re looking to build a consul+nomad stack that must be very flexible: as well as quickly scaling within a region, we need to be able to add new clusters in different regions on different providers very quickly.
I was hoping that using Consul Connect would allow us to simplify the networking layer, so that we don’t have to think about VPNs or whitelisting IPs. I have a working multi-dc setup with consul and now want to try to expand it to other DCs.
The issue is, (from the docs):
A federated Consul environment requires the server certificate to include the names of all Consul datacenters that are within the federated environment.
But we don’t know in advance how many DCs we’re going to have, or where they might be. I’d really like some advice on how to architect this in a way that will not require us to redistribute hundreds of certificates. We want to create completely immutable infrastructure without the need for config management.