aherman
/
boundary
mirror of https://github.com/hashicorp/boundary
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '4d966c8eb4'
${ noResults }
boundary/website/content/docs/configuration/worker/overview.mdx

65 lines
2.5 KiB
Raw Blame History

---
layout: docs
page_title: Worker - Overview
description: |-
The worker stanza configures worker-specific parameters.
---
# `worker` Stanza
The `worker` stanza configures Boundary worker-specific parameters. Boundary
supports two different types of workers, differentiated by their means of
authentication to Boundary:
- [KMS Workers][] use a shared KMS to authenticate with controllers
- [PKI Workers][] use certificates issued by Boundary to authenticate with controllers
Different worker types have different configuration requirements, but share the common worker parameters listed below.
## Common Worker Parameters
The following fields are supported for all worker types:
```hcl
worker {
public_addr = "5.1.23.198"
initial_upstreams = [
"10.0.0.1",
"10.0.0.2",
]
tags {
type = ["prod", "webservers"]
region = ["us-east-1"]
}
}
```
- `public_addr` - Specifies the public host or IP address (and optionally port)
at which the worker can be reached _by clients for proxying_. This defaults to
the address of the listener marked for `proxy` purpose. This is especially
useful for cloud environments that do not bind a publicly accessible IP to a NIC
on the host directly, such as an Amazon EIP.
This value can reference any of the following:
- a direct address string
- a file on disk (file://) from which an address will be read
- an env var (env://) from which the address will be read
- a [go-sockaddr template](https://godoc.org/github.com/hashicorp/go-sockaddr/template)
- `initial_upstreams` - A list of hosts/IP addresses and optionally ports for
reaching the boundary cluster. The port will default to `:9201` if not
specified. This value can be a direct access string array with the addresses,
or it can refer to a file on disk (`file://`) from which the addresses will be
read, or an env var (`env://`) from which the addresses will be read. When using
env or file, their contents must formatted as a JSON array: `["127.0.0.1",
"192.168.0.1", "10.0.0.1"]`
- `tags` - A map of key-value pairs where values are an array of strings. Most
commonly used for [filtering](/docs/concepts/filtering) targets a worker can
proxy via [worker tags](/docs/concepts/filtering/worker-tags). On `SIGHUP`, the
tags set here will be re-parsed and new values used. It can also be a string
referring to a file on disk (`file://`) or an env var (`env://`).
[kms workers]: /docs/configuration/worker/kms-worker
[pki workers]: /docs/configuration/worker/pki-worker
Reference in new issue View Git Blame Copy Permalink