How to Config Temporal Server with public access by different environment workers

Ryan_Qian · December 12, 2020, 9:11am

Our business runs inside different clouds, they can only access each other with public
ip addresses(we have config ACL for safety). Now we want to run one Temporal cluser inside
one cloud then provide centralized rings service here, other cloud runs only workers connected to
this cluster.

I’m not sure how to config this Temporal cluster for public access, take bellow as example:
for port 7233,7234,7235,7239, can I just create SLB with public ip address, then set bellow
EC2 ip(port) as upstream?

$ ./tctl adm cl d
{
  "supportedClients": {
    "temporal-cli": "\u003c2.0.0",
    "temporal-go": "\u003c2.0.0",
    "temporal-java": "\u003c2.0.0",
    "temporal-server": "\u003c2.0.0"
  },
  "serverVersion": "1.4.1",
  "membershipInfo": {
    "currentHost": {
      "identity": "172.18.0.3:7233"
    },
    "reachableMembers": [
      "172.18.0.3:6935",
      "172.18.0.3:6934",
      "172.18.0.3:6933",
      "172.18.0.3:6939"
    ],
    "rings": [
      {
        "role": "frontend",
        "memberCount": 1,
        "members": [
          {
            "identity": "172.18.0.3:7233"
          }
        ]
      },
      {
        "role": "history",
        "memberCount": 1,
        "members": [
          {
            "identity": "172.18.0.3:7234"
          }
        ]
      },
      {
        "role": "matching",
        "memberCount": 1,
        "members": [
          {
            "identity": "172.18.0.3:7235"
          }
        ]
      },
      {
        "role": "worker",
        "memberCount": 1,
        "members": [
          {
            "identity": "172.18.0.3:7239"
          }
        ]
      }
    ]
  }
}

Ryan_Qian · December 12, 2020, 12:13pm

this question is kind of like:
can we config temporal cluster service nodes with public ip adress , like kafka cluster with config:
advertised.listeners

Vitaly · December 13, 2020, 5:11am

Let me rephrase the question to make sure I understood it correctly.
You want to run temporal backend in one cloud and be able to connect to it using public IP from the other cloud?
If so what you want is just setup a load balancer with public IP (or public DNS record), put temporal frontend behind it and point workers to the public address that you’ve created. You shouldn’t need to change the way temporal ring is configured internally as backend would not care which way calls are routed to it.

Ryan_Qian · December 14, 2020, 3:16am

So the clients no need to aware the temporal ring behind it? that will be greate.

maxim · October 12, 2021, 5:31pm

Yes, the ring is the internal cluster implementation detail. The clients only connect to the frontends using gRPC.

Topic		Replies	Views
Setting up a server cluster Community Support general-impl , server	3	1186	June 4, 2021
How to expose temporal-frontend running on port 7233 so workers can connect to it? Community Support production , worker	4	4329	January 2, 2022
Deploying on AWS ECS - do I need to configure the addresses somehow? Community Support	5	1348	January 8, 2023
Deploy Temporal Workers in AWS EKS in Private Subnet of VPC for use with Temporal Cloud Community Support helm , typescript-sdk	1	116	August 17, 2024
Temporal Server cannot starts and unable to bootstrap ringpop Community Support ringpop , bootstrap	3	1302	April 7, 2022

How to Config Temporal Server with public access by different environment workers

Related topics