ยปworker Stanza
The worker stanza configures Boundary worker-specific parameters. Boundary
supports two different types of workers, differentiated by their means of
authentication to Boundary:
- PKI Workers use certificates issued by Boundary to authenticate with controllers
- KMS Workers use a shared KMS to authenticate with controllers
Different worker types have different configuration requirements, but share the common worker parameters listed below.
Common Worker Parameters
The following fields are supported for all worker types:
public_addr- Specifies the public host or IP address (and optionally port) at which the worker can be reached by clients for proxying. This defaults to the address of the listener marked forproxypurpose. This is especially useful for cloud environments that do not bind a publicly accessible IP to a NIC on the host directly, such as an Amazon EIP.This value can reference any of the following:
- a direct address string
- a file on disk (file://) from which an address will be read
- an env var (env://) from which the address will be read
- a go-sockaddr template
initial_upstreams- A list of hosts/IP addresses and optionally ports for reaching the boundary cluster. The port will default to:9201if not specified. This value can be a direct access string array with the addresses, or it can refer to a file on disk (file://) from which the addresses will be read, or an env var (env://) from which the addresses will be read. When using env or file, their contents must formatted as a JSON array:["127.0.0.1", "192.168.0.1", "10.0.0.1"]tags- A map of key-value pairs where values are an array of strings. Most commonly used for filtering targets a worker can proxy via worker tags. OnSIGHUP, the tags set here will be re-parsed and new values used. It can also be a string referring to a file on disk (file://) or an env var (env://).