HashiConf Last chance to register for our cloud conference October 10-12. Register today
Boundary
Boundary Home

You are viewing documentation for version v0.10.x. View latest version.

worker Stanza

The worker stanza configures Boundary worker-specific parameters. Boundary supports two different types of workers, differentiated by their means of authentication to Boundary:

  • PKI Workers use certificates issued by Boundary to authenticate with controllers
  • KMS Workers use a shared KMS to authenticate with controllers

Different worker types have different configuration requirements, but share the common worker parameters listed below.

Common Worker Parameters

The following fields are supported for all worker types:

worker {
  public_addr = "5.1.23.198"

  initial_upstreams = [
    "10.0.0.1",
    "10.0.0.2",
  ]

  tags {
    type   = ["prod", "webservers"]
    region = ["us-east-1"]
  }
}

  • public_addr - Specifies the public host or IP address (and optionally port) at which the worker can be reached by clients for proxying. This defaults to the address of the listener marked for proxy purpose. This is especially useful for cloud environments that do not bind a publicly accessible IP to a NIC on the host directly, such as an Amazon EIP.

    This value can reference any of the following:

    • a direct address string
    • a file on disk (file://) from which an address will be read
    • an env var (env://) from which the address will be read
    • a go-sockaddr template

  • initial_upstreams - A list of hosts/IP addresses and optionally ports for reaching the boundary cluster. The port will default to :9201 if not specified. This value can be a direct access string array with the addresses, or it can refer to a file on disk (file://) from which the addresses will be read, or an env var (env://) from which the addresses will be read. When using env or file, their contents must formatted as a JSON array: ["127.0.0.1", "192.168.0.1", "10.0.0.1"]

  • tags - A map of key-value pairs where values are an array of strings. Most commonly used for filtering targets a worker can proxy via worker tags. On SIGHUP, the tags set here will be re-parsed and new values used. It can also be a string referring to a file on disk (file://) or an env var (env://).