• HashiCorp Developer

  • HashiCorp Cloud Platform
  • Terraform
  • Packer
  • Consul
  • Vault
  • Boundary
  • Nomad
  • Waypoint
  • Vagrant
Boundary
  • Install
  • Tutorials
  • Documentation
  • API
  • Try Cloud(opens in new tab)
  • Sign up
Boundary Home

Docs

Skip to main content
  • Docs
    • Overview/Top-Level Parameters
      • Overview
      • PKI Workers
      • KMS Workers
        OSS OnlyOSS Only
    • controller
      OSS OnlyOSS Only
    • plugins
      OSS OnlyOSS Only
  • Common Workflows


  • HCP Boundary


  • Resources

  • Tutorial Library
  • Community Forum
    (opens in new tab)
  • Support
    (opens in new tab)
  • GitHub
    (opens in new tab)
  1. Developer
  2. Boundary
  3. Docs
  4. Configuration
  5. worker
  • Boundary
  • v0.10.x
  • v0.9.x
  • v0.8.x
  • v0.7.x
  • v0.6.x
  • v0.5.x
  • v0.4.x
  • v0.3.x
  • v0.2.x
  • v0.1.x

ยปworker Stanza

The worker stanza configures Boundary worker-specific parameters. Boundary supports two different types of workers, differentiated by their means of authentication to Boundary:

  • PKI Workers use certificates issued by Boundary to authenticate with controllers
  • KMS Workers use a shared KMS to authenticate with controllers

Different worker types have different configuration requirements, but share the common worker parameters listed below.

Common Worker Parameters

The following fields are supported for all worker types:

worker {
  public_addr = "5.1.23.198"

  initial_upstreams = [
    "10.0.0.1",
    "10.0.0.2",
  ]

  tags {
    type   = ["prod", "webservers"]
    region = ["us-east-1"]
  }
}
  • public_addr - Specifies the public host or IP address (and optionally port) at which the worker can be reached by clients for proxying. This defaults to the address of the listener marked for proxy purpose. This is especially useful for cloud environments that do not bind a publicly accessible IP to a NIC on the host directly, such as an Amazon EIP.

    This value can reference any of the following:

    • a direct address string
    • a file on disk (file://) from which an address will be read
    • an env var (env://) from which the address will be read
    • a go-sockaddr template
  • initial_upstreams - A list of hosts/IP addresses and optionally ports for reaching the boundary cluster. The port will default to :9201 if not specified. This value can be a direct access string array with the addresses, or it can refer to a file on disk (file://) from which the addresses will be read, or an env var (env://) from which the addresses will be read. When using env or file, their contents must formatted as a JSON array: ["127.0.0.1", "192.168.0.1", "10.0.0.1"]

  • tags - A map of key-value pairs where values are an array of strings. Most commonly used for filtering targets a worker can proxy via worker tags. On SIGHUP, the tags set here will be re-parsed and new values used. It can also be a string referring to a file on disk (file://) or an env var (env://).

Edit this page on GitHub

On this page

  1. worker Stanza
  2. Common Worker Parameters
Give Feedback(opens in new tab)
  • Certifications
  • System Status
  • Terms of Use
  • Security
  • Privacy
  • Trademark Policy
  • Trade Controls
  • Give Feedback(opens in new tab)