June 20-22 Announcing HashiConf Europe full schedule: keynotes, sessions, labs & more Register Now
  • Infrastructure
    • terraform
    • packer
  • Networking
    • consul
  • Security
    • vault
    • boundary
  • Applications
    • nomad
    • waypoint
    • vagrant
  • HashiCorp Cloud Platform

    A fully managed platform to automate infrastructure on any cloud with HashiCorp products.

    • consul
    • terraform
    • vault
    • packerbeta
    Visit cloud.hashicorp.com
  • Overview
  • Tutorials
  • Docs
  • API
  • Community
GitHub—Stars on GitHub
Download
    • v0.8.x (latest)
    • v0.7.x
    • v0.6.x
    • v0.5.x
    • v0.4.x
    • v0.3.x
    • v0.2.x
    • v0.1.x
  • What is Boundary?
    • Overview
      • Overview
      • Production
    • Run and Login
    • Connect to Target
    • Overview
    • Non-Dev Environments
    • Systemd Install
    • Postgres Install
    • High Availability Install
    • Reference Architectures
    • Overview
    • API
    • CLI
    • Go SDK
    • Desktop
    • Desktop
    • Overview
    • Service Discovery
      • Overview
        • Overview
        • Assignable Permissions
        • Permission Grant Formats
        • Resource Table
      • Data Encryption
      • Connections/TLS
      • Overview
      • Accounts
      • Auth Methods
      • Credentials
      • Credential Libraries
      • Credential Stores
      • Groups
      • Hosts
      • Host Catalogs
      • Host Sets
      • Managed Groups
      • Scopes
      • Sessions
      • Session Connections
      • Targets
      • Roles
      • Users
      • Overview
      • OIDC Managed Groups
      • Resource Listing
      • Worker Tags
      • Events
    • Overview
    • Building
    • Developing the UI

    • Overview
      • Overview
      • TCP
      • Unix
      • Overview
      • AEAD
      • AWS KMS
      • AliCloud KMS
      • Azure Key Vault
      • GCP Cloud KMS
      • OCI KMS
      • Vault Transit
    • controller
    • worker
      • Overview
      • Common Sink Parameters
      • File Sink
      • Stderr Sink
    • plugins
    • Overview
    • Metrics
    • Health Endpoint
  • Common Workflows
    • Overview
    • Manage Roles
    • Manage Scopes
    • Manage Sessions
    • Manage Targets
    • Manage Users and Groups
    • Workflow SSH Proxy

  • Roadmap
    • Overview
    • v0.8.0
    • v0.7.0
    • v0.6.0
    • v0.5.0
    • v0.4.0
    • v0.3.0
    • v0.2.0
    • v0.1.0
Type '/' to Search

»Service Discovery

»Overview

Traditionally, connecting to remote hosts and services requires knowledge of the endpoint’s connection info (e.g. the IP address and port of the service). This creates complexity when managing the onboarding of new resources at scale or dealing with dynamic services whose connection info frequently changes.

Service discovery focuses on automating the process of onboarding new or changed infrastructure resources – and their connection info – to Boundary as hosts.

»Automating Service Discovery in Boundary

Boundary supports target/service discovery in three primary workflows:

Manual configuration: Boundary administrators can manually configure static hosts and targets via the administrator UI and CLI. Manual configuration of targets with static hosts requires knowledge of the IP address or endpoint used to connect to a host.

Service discovery via configuration as code with Terraform: Boundary is fully programmatically instrumented and the discovery and configuration of new infrastructure targets can be automated with Boundary’s Terraform provider. This allows for dynamic configuration of a host and target without the need for prior knowledge of the target’s connection info.

Runtime service discovery via dynamic host catalogs: Boundary dynamic host catalogs automate the ingestion of resources from infrastructure providers into Boundary. Boundary hosts are automatically created, updated and added to host sets in order to reflect the connection information maintained in these providers. This removes the need to know host connection info or reapply infrastructure as code templates to configure new or changed resources.This removes the need to know host connection info or reapply infrastructure as code templates to configure new or changed resources.

»Dynamic Host Catalogs

Dynamic host catalogs are an agentless workflow for Boundary to securely query infrastructure providers at runtime to discover and configure new services. Boundary dynamic host catalogs are written in go-plugin and run as separate processes. Boundary administrators can define rules for which external resources should be ingested into the catalog by creating dynamic host sets with an attributes filter. Attributes specify the fields which the plugin should use to lookup which hosts should be members of this host set.

Currently, Boundary supports dynamic host catalog implementations for AWS and Azure and we will continue to grow this ecosystem to support additional providers.

You can get started with dynamic host catalogs here.

github logoEdit this page
DocsLearnPrivacySecurityPress KitConsent Manager