How to Config Temporal Server with public access by different environment workers

Ryan_Qian · December 12, 2020, 9:11am

Our business runs inside different clouds, they can only access each other with public
ip addresses(we have config ACL for safety). Now we want to run one Temporal cluser inside
one cloud then provide centralized rings service here, other cloud runs only workers connected to
this cluster.

I’m not sure how to config this Temporal cluster for public access, take bellow as example:
for port 7233,7234,7235,7239, can I just create SLB with public ip address, then set bellow
EC2 ip(port) as upstream?

$ ./tctl adm cl d
{
  "supportedClients": {
    "temporal-cli": "\u003c2.0.0",
    "temporal-go": "\u003c2.0.0",
    "temporal-java": "\u003c2.0.0",
    "temporal-server": "\u003c2.0.0"
  },
  "serverVersion": "1.4.1",
  "membershipInfo": {
    "currentHost": {
      "identity": "172.18.0.3:7233"
    },
    "reachableMembers": [
      "172.18.0.3:6935",
      "172.18.0.3:6934",
      "172.18.0.3:6933",
      "172.18.0.3:6939"
    ],
    "rings": [
      {
        "role": "frontend",
        "memberCount": 1,
        "members": [
          {
            "identity": "172.18.0.3:7233"
          }
        ]
      },
      {
        "role": "history",
        "memberCount": 1,
        "members": [
          {
            "identity": "172.18.0.3:7234"
          }
        ]
      },
      {
        "role": "matching",
        "memberCount": 1,
        "members": [
          {
            "identity": "172.18.0.3:7235"
          }
        ]
      },
      {
        "role": "worker",
        "memberCount": 1,
        "members": [
          {
            "identity": "172.18.0.3:7239"
          }
        ]
      }
    ]
  }
}

Ryan_Qian · December 12, 2020, 12:13pm

this question is kind of like:
can we config temporal cluster service nodes with public ip adress , like kafka cluster with config:
advertised.listeners

Vitaly · December 13, 2020, 5:11am

Let me rephrase the question to make sure I understood it correctly.
You want to run temporal backend in one cloud and be able to connect to it using public IP from the other cloud?
If so what you want is just setup a load balancer with public IP (or public DNS record), put temporal frontend behind it and point workers to the public address that you’ve created. You shouldn’t need to change the way temporal ring is configured internally as backend would not care which way calls are routed to it.

Ryan_Qian · December 14, 2020, 3:16am

So the clients no need to aware the temporal ring behind it? that will be greate.

maxim · October 12, 2021, 5:31pm

Yes, the ring is the internal cluster implementation detail. The clients only connect to the frontends using gRPC.

Topic		Replies	Views
How to expose temporal-frontend running on port 7233 so workers can connect to it? Community Support production , worker	4	3230	January 2, 2022
Is it possible to configure temporal/temporal front end to accept both tls and non tls traffic? Community Support general-impl , tls	1	490	September 2, 2021
Temporal Server cannot starts and unable to bootstrap ringpop Community Support ringpop , bootstrap	3	1036	April 7, 2022
Config muti worker listen local and execute activity from other temporal server Community Support go-sdk	0	127	December 25, 2023
Docker-compose deployment with mutual TLS Community Support	5	1322	August 13, 2020

How to Config Temporal Server with public access by different environment workers

Related Topics