Hi everyone,
I noticed a potential inconsistency in the HCP Boundary documentation regarding how ingress workers should connect to controller port 9201.
On this page, there’s a diagram that shows ingress workers connecting directly to port 9201 on the controllers. However, in another section, the configuration example suggests connecting to port 9201 through a load balancer instead. ( Line 14 of /etc/boundary.d/ingress-worker.hcl suggests using <contoller_lb_address>:9201)
This raised a question:
Which approach is actually recommended for production deployments of HCP Boundary?
I understand that the controller API (9201) handles operational traffic like authentication and session brokering, but I’d like to confirm whether direct access to controllers is ever appropriate — or if all connections should be routed through a load balancer for reliability and scaling.
Another thing that I’ve couldn’t wrap my head around is that are controllers need to communicate with each other? because in Vault we see that the nodes have identity and we cannot use loadbalancer in front of the port 8002 ( I guess the port is right ), but my assumption here is that the controllers are just stateless and they do not know how many of them are deployed. In other words is this sentence correct ?
The Boundary controllers have 0 dependency to each other, that means the cryptographic operations are happening in the vault ( or through a shared key ) so that everything that one node signs or trusts the others can verify as if it was signed or trusted by themselves.