Consul Key-Value (KV) store is a distributed, strongly consistent data store that’s part of HashiCorp’s Consul service mesh platform. When you combine it with Docker, you get a powerful configuration management solution that can handle everything from application config to service discovery metadata. This post walks you through setting up Consul KV with Docker, covers the common gotchas you’ll run into, and shows you real-world scenarios where this setup shines.

How Consul KV Works Under the Hood

Consul’s KV store uses the Raft consensus algorithm to maintain consistency across cluster nodes. Each key-value pair is stored with metadata including modification index, creation index, and flags. The beauty of Consul KV is that it’s not just a dumb key-value store – it integrates tightly with Consul’s service discovery, health checking, and ACL systems.

When you run Consul in Docker, you’re essentially containerizing the entire Consul agent, which includes the KV store, DNS interface, HTTP API, and gossip protocol handler. The agent can run in server mode (participates in consensus) or client mode (forwards requests to servers).

Step-by-Step Docker Setup

Let’s start with a single-node Consul server for development. In production, you’d want at least 3 nodes for proper consensus, but this gets you up and running quickly:

docker run -d \
  --name consul-server \
  -p 8500:8500 \
  -p 8600:8600/udp \
  consul:latest agent -server -ui -node=server-1 -bootstrap-expect=1 -client=0.0.0.0

For a more robust multi-node setup using Docker Compose, create this docker-compose.yml:

version: '3.8'
services:
  consul-server-1:
    image: consul:1.16
    container_name: consul-server-1
    restart: always
    volumes:
     - ./consul/server1.json:/consul/config/server1.json:ro
     - consul-data-1:/consul/data
    networks:
     - consul
    ports:
     - "8500:8500"
     - "8600:8600/tcp"
     - "8600:8600/udp"
    command: 'agent -server -ui -node=server-1 -bootstrap-expect=3 -retry-join=consul-server-2 -retry-join=consul-server-3 -client=0.0.0.0 -datacenter=dc1'

  consul-server-2:
    image: consul:1.16
    container_name: consul-server-2
    restart: always
    volumes:
     - ./consul/server2.json:/consul/config/server2.json:ro
     - consul-data-2:/consul/data
    networks:
     - consul
    command: 'agent -server -node=server-2 -bootstrap-expect=3 -retry-join=consul-server-1 -retry-join=consul-server-3 -datacenter=dc1'

  consul-server-3:
    image: consul:1.16
    container_name: consul-server-3
    restart: always
    volumes:
     - ./consul/server3.json:/consul/config/server3.json:ro
     - consul-data-3:/consul/data
    networks:
     - consul
    command: 'agent -server -node=server-3 -bootstrap-expect=3 -retry-join=consul-server-1 -retry-join=consul-server-2 -datacenter=dc1'

volumes:
  consul-data-1:
  consul-data-2:
  consul-data-3:

networks:
  consul:
    driver: bridge

Create the configuration files referenced in the compose file. Here’s consul/server1.json:

{
  "datacenter": "dc1",
  "data_dir": "/consul/data",
  "log_level": "INFO",
  "server": true,
  "bind_addr": "0.0.0.0",
  "client_addr": "0.0.0.0",
  "retry_join": ["consul-server-2", "consul-server-3"],
  "ui_config": {
    "enabled": true
  },
  "connect": {
    "enabled": true
  },
  "ports": {
    "grpc": 8502
  }
}

Start the cluster:

docker-compose up -d

Verify your cluster is healthy:

docker exec consul-server-1 consul members

Working with the KV Store

Once your Consul cluster is running, you can interact with the KV store through the HTTP API, CLI, or web UI. Here are the most common operations:

# Set a key-value pair
curl -X PUT -d 'production' http://localhost:8500/v1/kv/app/environment

# Get a value
curl http://localhost:8500/v1/kv/app/environment?raw

# Set a nested configuration
curl -X PUT -d '{"host": "db.example.com", "port": 5432}' \
  http://localhost:8500/v1/kv/app/database/config

# List all keys under a prefix
curl http://localhost:8500/v1/kv/app/?keys

# Delete a key
curl -X DELETE http://localhost:8500/v1/kv/app/old-config

Using the Consul CLI from within a container:

# Set values
docker exec consul-server-1 consul kv put app/version "1.2.3"
docker exec consul-server-1 consul kv put app/features/feature-flags "enabled"

# Get values
docker exec consul-server-1 consul kv get app/version
docker exec consul-server-1 consul kv get -recurse app/

# Export/Import
docker exec consul-server-1 consul kv export app/ > app-config.json
docker exec -i consul-server-1 consul kv import - < app-config.json

Real-World Use Cases and Examples

Here's a practical example of using Consul KV for application configuration management. Let's say you're running a Node.js app that needs to pull its config from Consul:

const consul = require('consul')({ host: 'consul-server-1', port: 8500 });

async function loadConfiguration() {
  try {
    const result = await consul.kv.get({ key: 'myapp/', recurse: true });
    const config = {};
    
    result.forEach(item => {
      const key = item.Key.replace('myapp/', '');
      config[key] = JSON.parse(item.Value);
    });
    
    return config;
  } catch (error) {
    console.error('Failed to load configuration from Consul:', error);
    process.exit(1);
  }
}

// Watch for configuration changes
const watcher = consul.watch({
  method: consul.kv.get,
  options: { key: 'myapp/', recurse: true }
});

watcher.on('change', (data) => {
  console.log('Configuration changed, reloading...');
  // Handle configuration reload
});

watcher.on('error', (err) => {
  console.error('Configuration watch error:', err);
});

For microservices architectures, you might use Consul KV to store feature flags:

# Set feature flags
docker exec consul-server-1 consul kv put features/new-checkout "true"
docker exec consul-server-1 consul kv put features/beta-dashboard "false"
docker exec consul-server-1 consul kv put features/rollout-percentage "25"

Another common pattern is storing service-specific configurations:

# Database configurations per environment
docker exec consul-server-1 consul kv put config/production/database/host "prod-db.internal"
docker exec consul-server-1 consul kv put config/production/database/port "5432"
docker exec consul-server-1 consul kv put config/staging/database/host "staging-db.internal"
docker exec consul-server-1 consul kv put config/staging/database/port "5433"

Consul KV vs Alternatives

Here's how Consul KV stacks up against other configuration management solutions:

Feature	Consul KV	etcd	Redis	AWS Parameter Store
Consistency Model	Strong (Raft)	Strong (Raft)	Eventually Consistent	Strong
Built-in UI	Yes	No	Third-party	AWS Console
Service Discovery	Native	Via additional tools	No	No
Health Checking	Native	No	No	No
ACL/Security	Comprehensive	RBAC	Basic AUTH	IAM Integration
Watch/Subscribe	Yes	Yes	Yes	CloudWatch Events

Performance Considerations and Benchmarks

Consul KV performance varies significantly based on your setup. Here are some numbers from testing on a 3-node cluster (4 CPU, 8GB RAM per node):

• Single key reads: ~5,000-8,000 ops/sec
• Single key writes: ~1,500-2,500 ops/sec
• Batch operations (100 keys): ~500-800 batches/sec
• Key listing operations: ~2,000-3,000 ops/sec

Write performance is lower because of the consensus requirement - every write must be acknowledged by a majority of servers. For read-heavy workloads, you can use Consul's blocking queries or implement client-side caching.

Common Issues and Troubleshooting

The most frequent problems you'll encounter:

Split Brain Scenarios: If your cluster loses quorum, writes will fail. Always run an odd number of servers (3, 5, 7) and monitor cluster health:

docker exec consul-server-1 consul operator raft list-peers

Memory Usage: Consul loads the entire KV store into memory. Monitor your memory usage and implement key rotation for large datasets:

docker exec consul-server-1 consul kv get -detailed app/config

Network Partitions: Use proper Docker networking and avoid bridge network issues by creating dedicated networks:

docker network create consul-net --driver bridge
docker run --network consul-net consul:latest

Data Persistence: Always mount volumes for data persistence in production:

docker run -v consul-data:/consul/data consul:latest

Bootstrap Issues: If bootstrap fails, check that bootstrap-expect matches your actual server count:

docker logs consul-server-1 | grep -i bootstrap

Security Best Practices

Never run Consul without ACLs in production. Here's a basic ACL setup:

# Enable ACLs in your consul configuration
{
  "acl": {
    "enabled": true,
    "default_policy": "deny",
    "enable_token_persistence": true
  }
}

Bootstrap the ACL system:

docker exec consul-server-1 consul acl bootstrap

Create application-specific tokens:

docker exec consul-server-1 consul acl policy create \
  -name "app-read-policy" \
  -rules 'key_prefix "app/" { policy = "read" }'

docker exec consul-server-1 consul acl token create \
  -description "App read token" \
  -policy-name "app-read-policy"

For additional security, enable TLS encryption and use proper Docker secrets management for sensitive values.

The combination of Consul KV and Docker gives you a robust, scalable configuration management platform that integrates well with modern container orchestration systems. While the initial setup requires attention to detail, the operational benefits of centralized configuration management, real-time updates, and strong consistency make it worthwhile for most distributed applications.

For more detailed information, check out the official Consul documentation and the official Consul Docker image documentation.

---

---

This article incorporates information and material from various online sources. We acknowledge and appreciate the work of all original authors, publishers, and websites. While every effort has been made to appropriately credit the source material, any unintentional oversight or omission does not constitute a copyright infringement. All trademarks, logos, and images mentioned are the property of their respective owners. If you believe that any content used in this article infringes upon your copyright, please contact us immediately for review and prompt action.

This article is intended for informational and educational purposes only and does not infringe on the rights of the copyright owners. If any copyrighted material has been used without proper credit or in violation of copyright laws, it is unintentional and we will rectify it promptly upon notification. Please note that the republishing, redistribution, or reproduction of part or all of the contents in any form is prohibited without express written permission from the author and website owner. For permissions or further inquiries, please contact us.