Question regarding the concept of target in Boundary

Hi, I’m curious about the concept of target in Boundary. From my understanding, client connects to the target first, and the target can connect with the backend databases or servers, and so on.

The question I have, is the target a logical machine or an actual physical machine?

resource "boundary_target" "redis" {
  type                     = "tcp"
  name                     = "redis"
  description              = "Redis container"
  scope_id                 = boundary_scope.project.id
  session_connection_limit = -1
  session_max_seconds      = 10000
  default_port             = 6379
  host_set_ids = [
    boundary_host_set.redis_containers.id
  ]
}

resource "boundary_target" "postgres" {
  type                     = "tcp"
  name                     = "postgres"
  description              = "Postgres server"
  scope_id                 = boundary_scope.project.id
  session_connection_limit = -1
  session_max_seconds      = 10000
  default_port             = 5432
  host_set_ids = [
    boundary_host_set.postgres_containers.id
  ]
}

From the official example, I found the example as above. However, there aren’t any physical redis or postgresql running, right? From my understanding, if I create boundary_target, a process is spun up inside the boundary, and that process works as a middle role, behavioring similarly to the the bastion host. Is this concept correct?

Correct: workers are proxies to targets. A target can contain many hosts however, which are differentiated by their logical address. So if you wanted to setup a zookeeper cluster behind a target, you can add all hosts associated with that cluster to a target as multiple hosts. You can pass a -host-id flag to the connect command to choose the host you connect to, otherwise it’s randomly selected.