Looking to do a POC on boundary, don’t need all the HA stuff, just a simple VM with everything on it. I’m not familiar with postgresql at all and it looks like a lot of the configuration examples are snippets. I realize some of it may be tbd
To start I’d probably spin up that VM, then run Boundary in dev mode (I know you said non-dev, but standing up a separate controller and worker on one VM is just going to take up extra resources for no real benefit for this case). That gets you the Postgres database automatically set up too if you want it. Besides that, run a single-node Vault so you can use it as a credential source. Then for an additional target, run a default NGINX Docker container.
Then you can set up several things:
SSH target to localhost is already set up in dev mode
HTTP targets to the Vault GUI and the NGINX container
Postgres target to the postgres container that’s run automatically
Dynamic credentials in Vault for the postgres container
A credential source in Boundary that retrieves those dynamic credentials
If you want to take that further and still have room to squeeze it into the VM, set up an OIDC auth provider (I like dex backed by OpenLDAP at the moment but you can use anything you want that provides OIDC) and set up a few OIDC auth methods and managed groups in Boundary.
Thank you for that information. Is there a way to run boundary in dev mode in the background? I’ve tried with the standard & but it still ran in the foreground it seems. Maybe under systemd as a unit? Also is there a way to retain information. When I stop boundary in dev mode it wipes everything.
I do have a vault server setup already so I’m good to go there.
Yes, systemd is a good option for running the background. If you take the unit file from here, then it should be easy to adapt.
You can see all flags for dev mode with boundary dev -h. The one that should help you keep resources between restarts is -disable-database-destruction.