Membership Ports Access

Hello everyone!

There is one point I’m not sure about that I was hoping you could clarify regarding the different services’ membership ports: I believe those ports supposed to be opened to all the temporal services? for example the matching service’s membership port needs to be opened to the frontend/history/worker and matching (so itself) services right? Or can it be opened only to the first three?

We’re working on setting up temporal with HA and I’m trying to properly scope my network access permissions for the different services :slight_smile:


Hi @abezard-cl

I think that this post from Samar has the information you need.

Let me know if you have further questions.

Yes I would allow each service to communicate with each other. There is one port for membership communication used by all services to discover each other and a separate port to make rpc calls.