The github example and also the boundary official website shows the architecture below, having both controller and worker instances in public subnet.
However, according to the https://medium.com/hashicorp-engineering/hashicorp-boundary-make-sure-your-human-to-machine-access-is-secure-68718674c22c , the hashicorp medium, the controller instances reside in private subnet. This may seem to confuse some people, including me. I believe controllers residing in private subnet seems to be correct. Any thoughts on this issue ?