Login 24/7 Support Community tyk.io

Tyk Helm Chart

Introduction

This is the preferred (and easiest) way to install the Tyk OSS Gateway on Kubernetes. It will install Tyk gateway in your Kubernetes cluster where you can add and manage APIs directly or via the Tyk Operator.

Prerequisites

The following are required for a Tyk OSS installation:

  • Redis - required for all the Tyk installations and must be installed in the cluster or reachable from inside K8s. You can find instructions for a simple Redis installation bellow.
  • MongoDB/SQL - Required only if you chose to use the MongoDB/SQL Tyk pump with your Tyk OSS installation. Same goes with any other pump you choose to use.

Interactive tutorial

Get hands-on practice deploying a simple configuration within a live environment! You can find full configuration details in the steps below.

Installation

As well as our official OSS Helm repo, you can also find it in ArtifactHub.

tyk-headless: This chart deploys the open source Tyk Gateway. Tyk Gateway is a fully open source Enterprise API Gateway, supporting REST, GraphQL, TCP and gRPC protocols. Tyk Gateway is provided ‘Batteries-included’, with no feature lockout. It enables organisations and businesses around the world to protect, secure, and process APIs and well as review and audit the consumed apis.

— Open in Artifact Hub

If you are interested in contributing to our charts, suggesting changes, creating PRs or any other way, please use GitHub Tyk-helm-chart repo

Step 1 - Add Tyk official Helm repo

helm repo add tyk-helm https://helm.tyk.io/public/helm/charts/
helm repo update

Step 2 - Create namespace for Tyk deployment

kubectl create namespace tyk

Step 3 - Getting values.yaml

Before we proceed with installation of the chart you may need to set some custom values. To see what options are configurable on a chart and save those options to a custom values.yaml file run:

helm show values tyk-helm/tyk-headless > values.yaml

Some of the necessary configration parameters will be explained in the next steps.

Step 4 - Installing Redis

You can first add and update the rather excellent helm chart provided by bitnami For Redis you can use these rather excellent chart provided by Bitnami.

helm install tyk-redis bitnami/redis -n tyk

Follow the notes from the installation output to get connection details and password.

  Redis(TM) can be accessed on the following DNS names from within your cluster:

    tyk-redis-master.tyk.svc.cluster.local for read/write operations (port 6379)
    tyk-redis-replicas.tyk.svc.cluster.local for read-only operations (port 6379)

  export REDIS_PASSWORD=$(kubectl get secret --namespace tyk tyk-redis -o jsonpath="{.data.redis-password}" | base64 --decode)

The DNS name of your Redis as set by Bitnami is tyk-redis-master.tyk.svc.cluster.local:6379 You can update them in your local values.yaml file under redis.addrs and redis.pass Alternatively, you can use --set flag to set it in Tyk installation. For example --set redis.pass=$REDIS_PASSWORD

Evaluation only: via simple-redis chart

Warning

Another option for Redis, to get started quickly, is to use our simple-redis chart. Please note that these provided charts must never be used in production or for anything but a quick start evaluation only. Use Bitnami redis or Official Redis Helm chart in any other case. We provide this chart, so you can quickly deploy Tyk gateway, but it is not meant for long term storage of data.

helm install redis tyk-helm/simple-redis -n tyk

Step 5 - Installing Tyk Open Source Gateway

helm install tyk-ce tyk-helm/tyk-headless -f values.yaml -n tyk

Please note that by default, Gateway runs as DaemonSet. If you are using more than a Node, please update Gateway kind to Deployment because multiple instances of headless gateways won’t sync API Definition.

To configure Gateway kind, update .gateway.kind field in the values.yaml to Deployment, Alternatively, you can use --set gateway.kind=Deployment while doing helm install.

helm install tyk-ce tyk-helm/tyk-headless --set gateway.kind=Deployment -n tyk

Installation Video

See our short video on how to install the Tyk Open Source Gateway. Please note that this video shows the use of GH repo, since it recorded before the official repo was available, However, it’s very similar to the above commands.

Pump Installation

By default pump installation is disabled. You can enable it by setting pump.enabled to true in values.yaml file. Alternatively, you can use --set pump.enabled=true while doing helm install.

Quick Pump configuration(Supported from tyk helm v0.10.0)

1. Mongo Pump

To configure mongo pump, do following changings in values.yaml file:

  1. Set backend to mongo.
  2. Set connection string in mongo.mongoURL.

2. Postgres Pump

To configure postgres pump, do following changings in values.yaml file:

  1. Set backend to postgres.
  2. Set connection string parameters in postgres section.

Optional - Using TLS

You can turn on the TLS option under the gateway section in your local values.yaml file which will make your Gateway listen on port 443 and load up a dummy certificate. You can set your own default certificate by replacing the file in the certs/ folder.

Optional - Mounting Files

To mount files to any of the Tyk stack components, add the following to the mounts array in the section of that component.

For example:

- name: aws-mongo-ssl-cert
 filename: rds-combined-ca-bundle.pem
 mountPath: /etc/certs

Optional - Tyk Ingress

To set up an ingress for your Tyk Gateways see our Tyk Operator GitHub repository.

Next Steps

Follow the Tutorials on the Open Source tabs for the following:

  1. Add an API
  2. Create a Security Policy
  3. Create an API Key