worker
Stanza
The worker
stanza configures Boundary worker-specific parameters.
worker {
name = "example-worker"
description = "An example worker"
public_addr = "5.1.23.198"
}
name
- Specifies a unique name of this worker within the Boundary worker cluster.description
- Specifies a friendly description of this worker.public_addr
- Specifies the public host or IP address (and optionally port) at which the worker can be reached by clients for proxying. This defaults to the address of the listener marked forproxy
purpose. This is especially useful for cloud environments that do not bind a publicly accessible IP to a NIC on the host directly, such as an Amazon EIP.controllers
- A list of hosts/IP addresses and optionally ports for reaching controllers. The port will default to :9201 if not specified.KMS block designated for
worker-auth
- This is the KMS configuration for authentication between the workers and controllers and must be present. Example (not safe for production!):
purpose = "worker-auth"
aead_type = "aes-gcm"
key = "8fZBjCUfN0TzjEGLQldGY4+iE9AkOvCfjh7+p0GtRBQ="
key_id = "global_worker-auth"
}
Complete Configuration Example
listener "tcp" {
purpose = "proxy"
tls_disable = true
}
worker {
# Name attr must be unique across workers
name = "demo-worker-1"
description = "A default worker created demonstration"
# Workers must be able to reach controllers on :9202
controllers = [
"10.0.0.1",
"10.0.0.2",
"10.0.0.3",
]
public_addr = "myhost.mycompany.com"
}
# must be same key as used on controller config
kms "aead" {
purpose = "worker-auth"
aead_type = "aes-gcm"
key = "8fZBjCUfN0TzjEGLQldGY4+iE9AkOvCfjh7+p0GtRBQ="
key_id = "global_worker-auth"
}