How to use the 1.15.1 remoteClusters config feature?

Andrey_Dubnik · April 11, 2022, 9:54am

Anyway - have figured it out

Current cluster should have a remote cluster block describing which certificate to present while communicating to the remote cluster

remoteClusters:
      <remote cluster FQDN>:
        server:
          requireClientAuth: true
          certFile: /etc/temporal/remote-certificates/server.pem
          keyFile: /etc/temporal/remote-certificates/server.key
          clientCaFiles:
            - /etc/temporal/remote-certificates/ca.pem
        client:
          serverName: <remote cluster FQDN>
          rootCaFiles:
            - /etc/temporal/remote-certificates/ca.pem

Remove cluster should have either a catch-all TLS server configuration which require client to present a common mTLS cert or the host override like this to auth on per client basis for the specific call

frontend:
...
   hostOverrides:
      <remote cluster FQDN>:
          requireClientAuth: true
          certFile: /etc/temporal/remote-certificates/server.pem
          keyFile: /etc/temporal/remote-certificates/server.key
          clientCaFiles:
            - /etc/temporal/remote-certificates/ca.pem

Topic		Replies	Views
Cluster linking with mTLS - tctl admin cluster upsert-remote-cluster Community Support tctl , mtls	1	555	January 24, 2023
TLS simple queries Community Support security	1	624	April 26, 2022
Error when enable Multi-cluster replication + TLS Community Support multicluster , tls	3	472	July 10, 2023
Need Help on tls config in java Community Support java-sdk	4	1402	January 18, 2022
Security with mTLS and JWT Community Support	1	606	December 6, 2024

How to use the 1.15.1 remoteClusters config feature?

Related topics