Tyk Helm Chart
Introduction
Tyk Helm chart is the preferred (and easiest) way to install Tyk Self-Managed on Kubernetes.
The helm chart tyk-helm/tyk-pro
will install full Tyk platform with Tyk Manager, Tyk Gateways and Tyk Pump into your Kubernetes cluster. You can also choose to enable the installation of Tyk Operator (to manage your APIs in a declarative way).
Prerequisites
1. Tyk License
If you are evaluating Tyk on Kubernetes, contact us to obtain a temporary licence.
2. Data stores
The following are required for a Tyk Self-Managed installation:
- Redis - Should be installed in the cluster or reachable from inside the cluster (for SaaS option). You can find instructions for a simple Redis installation bellow.
- MongoDB or SQL - Should be installed in the cluster or be reachable by the Tyk Manager (for SaaS option).
You can find supported MongoDB and SQL versions here.
Installation instructions for Redis and MongoDB/SQL are detailed below.
3. Helm
Installed Helm 3 Tyk Helm Chart is using Helm v3 version (i.e. not Helm v2).
Installation
As well as our official Helm repo, you can also find it in ArtifactHub.
If you are interested in contributing to our charts, suggesting changes, creating PRs or any other way, please use GitHub Tyk-helm-chart repo or contact us in Tyk Community forum or through our sales team.
Add Tyk official Helm repo to your local Helm repository
helm repo add tyk-helm https://helm.tyk.io/public/helm/charts/
helm repo update
Create namespace for your Tyk deployment
kubectl create namespace tyk
Getting the values.yaml of the chart
Before we proceed with installation of the chart you need to set some custom values. To see what options are configurable on a chart and save that options to a custom values.yaml file run:
helm show values tyk-helm/tyk-pro > values.yaml
Installing the data stores
For Redis, MongoDB or SQL you can use these rather excellent charts provided by Bitnami
Redis
helm install tyk-redis bitnami/redis -n tyk
Follow the notes from the installation output to get connection details and password.
Redis(TM) can be accessed on the following DNS names from within your cluster:
tyk-redis-master.tyk.svc.cluster.local for read/write operations (port 6379)
tyk-redis-replicas.tyk.svc.cluster.local for read-only operations (port 6379)
export REDIS_PASSWORD=$(kubectl get secret --namespace tyk tyk-redis -o jsonpath="{.data.redis-password}" | base64 --decode)
The DNS name of your Redis as set by Bitnami is tyk-redis-master.tyk.svc.cluster.local:6379
(Tyk needs the name including the port)
You can update them in your local values.yaml
file under redis.addrs
and redis.pass
Alternatively, you can use --set
flag to set it in Tyk installation. For example --set redis.pass=$REDIS_PASSWORD
MongoDB
helm install tyk-mongo bitnami/mongodb --version {HELM_CHART_VERSION} --set "replicaSet.enabled=true" -n tyk
Replace HELM_CHART_VERSION
with a helm chart version of our supported Mongo versions.
Follow the notes from the installation output to get connection details and password. The DNS name of your MongoDB as set with Bitnami is tyk-mongo-mongodb.tyk.svc.cluster.local
and you also need to set the authSource
parameter to admin
. The full mongoURL
should be similar to mongoURL: mongodb://root:[email protected]:27017/tyk_analytics?authSource=admin
. You can update them in your local values.yaml
file under mongo.mongoURL
Alternatively, you can use --set
flag to set it in your Tyk installation.
Important Note regarding MongoDB
This Helm chart enables the PodDisruptionBudget for MongoDB with an arbiter replica-count of 1. If you intend to perform system maintenance on the node where the MongoDB pod is running and this maintenance requires for the node to be drained, this action will be prevented due the replica count being 1. Increase the replica count in the helm chart deployment to a minimum of 2 to remedy this issue.
Postgres
helm install tyk-postgres bitnami/postgresql --set "auth.database=tyk_analytics" -n tyk
Follow the notes from the installation output to get connection details and password. The DNS name of your Postgres service as set by Bitnami is tyk-postgres-postgresql.tyk.svc.cluster.local
.
You can update connection details in values.yaml
file under postgres
.
Quick Redis and MongoDB PoC installation
Warning
Another option for Redis and MongoDB, to get started quickly, is to use our simple-redis and simple-mongodb charts. Please note that these provided charts must not ever be used in production and for anything but a quick start evaluation only. Use external redis or Official Redis Helm chart in any other case. We provide this chart, so you can quickly get up and running, however it is not meant for long term storage of data for example.
helm install redis tyk-helm/simple-redis -n tyk
helm install mongo tyk-helm/simple-mongodb -n tyk
License setting
For the Tyk Self-Managed chart we need to set the license key in your custom values.yaml
file under dash.license
field
or use --set dash.license={YOUR-LICENSE_KEY}
with the helm install
command.
Tyk Self-Managed licensing allow for different numbers of Gateway nodes to connect to a single Dashboard instance.
To ensure that your Gateway pods will not scale beyond your license allowance, please ensure that the Gateway’s resource kind is Deployment
and the replica count to your license node limit. By default, the chart is configured to work with a single node license: gateway.kind=Deployment
and gateway.replicaCount=1
.
Please Note
There may be intermittent issues on the new pods during the rolling update process, when the total number of online gateway pods is more than the license limit with lower amounts of Licensed nodes.
Installing Tyk Self managed
Now we can install the chart using our custom values:
helm install tyk-pro tyk-helm/tyk-pro -f ./values.yaml -n tyk --wait
Important Note regarding MongoDB
The --wait
argument is important to successfully complete the bootstrap of your Tyk Manager.
Pump Installation
By default pump installation is disabled. You can enable it by setting pump.enabled
to true
in values.yaml
file.
Alternatively, you can use --set pump.enabled=true
while doing helm install.
Quick Pump configuration(Supported from tyk helm v0.10.0)
1. Mongo Pump
To configure mongo pump, do following changings in values.yaml
file:
- Set
backend
tomongo
. - Set connection string in
mongo.mongoURL
.
2. Postgres Pump
To configure postgres pump, do following changings in values.yaml
file:
- Set
backend
topostgres
. - Set connection string parameters in
postgres
section.
Tyk Developer Portal
You can disable the bootstrapping of the Developer Portal by the portal.bootstrap: false
in your local values.yaml
file.
Using TLS
You can turn on the TLS option under the gateway section in your local values.yaml
file which will make your Gateway
listen on port 443 and load up a dummy certificate. You can set your own default certificate by replacing the file in the certs/
folder.
Mounting Files
To mount files to any of the Tyk stack components, add the following to the mounts array in the section of that component. For example:
- name: aws-mongo-ssl-cert
filename: rds-combined-ca-bundle.pem
mountPath: /etc/certs
Sharding APIs
Sharding is the ability for you to decide which of your APIs are loaded on which of your Tyk Gateways. This option is
turned off by default, however, you can turn it on by updating the gateway.sharding.enabled
option. Once you do that you
will also need to set the gateway.sharding.tags
field with the tags that you want that particular Gateway to load. (ex. tags: “external,ingress”.)
You can then add those tags to your APIs in the API Designer, under the Advanced Options tab, and
the Segment Tags (Node Segmentation) section in your Tyk Dashboard.
Check Tyk Gateway Sharding for more details.
Other Tyk Components
Installing Tyk Enterprise Developer Portal
If you are deploying the Tyk Enterprise Developer Portal, set the appropriate values under the enterprisePortal
section in your values.yaml
. Please visit Tyk Enterprise Developer Portal installation for a step by step guide.
Installing Tyk Self-managed Control Plane
If you are deploying the Tyk Control plane, a.k.a MDCB, for a Tyk Multi Data Centre Bridge deployment then you set
the mdcb.enabled: true
option in the local values.yaml
to add of the MDCB component to your installation.
Check Tyk Control plane for more configuration details.
This setting enables multi-cluster, multi Data-Centre API management from a single dashboard.
Tyk Identity Broker (TIB)
The Tyk Identity Broker (TIB) is a micro-service portal that provides a bridge between various Identity Management Systems such as LDAP, OpenID Connect providers and legacy Basic Authentication providers, to your Tyk installation. See TIB for more details.
For SSO to Tyk Manager and Tyk developer portal purposes you do not need to install TIB, as its functionality is now part of the Tyk Manager. However, if you want to run it separately (as you used to before this merge) or if you need it as a broker for the Tyk Gateway you can do so.
Once you have installed your Tyk Gateway and Tyk Manager, you can configure TIB by adding its configuration environment variables
under the tib.extraEnvs
section and updating the profile.json
in your configs
folder.
See our TIB GitHub repo.
Once you complete your modifications you can run the following command from the root of the repository to update your helm chart.
helm upgrade tyk-pro values.yaml -n tyk
This chart implies there’s a ConfigMap with a profiles.json
definition in it. Please use tib.configMap.profiles
value
to set the name of this ConfigMap (tyk-tib-profiles-conf
by default).
Tyk as an Ingress using Tyk Operator
To set up an ingress for your Tyk Gateways see our Tyk Operator GitHub repository.
Next Steps Tutorials
Follow the Tutorials on the Self-Managed tabs for the following: