Skip to main content
Open Source (Mozilla Public License) This page contains all release notes for Tyk Charts displayed in a reverse chronological order

Support Lifetime

Our minor releases are supported until our next minor comes out.

4.0 Release Notes

4.0.1 Release Notes

Release Date 21st October 2025

Release Highlights

Tyk Charts 4.0.1 is a version alignment release that ensures compatibility with the most recent Tyk LTS release 5.8.6 and Developer Portal 1.14.1. No functional changes have been implemented in this release.

Breaking Changes

This release has no breaking changes.

Dependencies

3rd Party Dependencies & Tools
Third Party DependencyTested VersionsCompatible VersionsComments
Kubernetes1.26.x, 1.27.x, 1.28.x, 1.29.x, 1.30.x, 1.31.x, 1.32.x1.19+
Helm3.14.x3.x
Redis5.x, 6.x, 7.x5.x, 6.x, 7.x
Valkey7.2.x, 8.0.x, 8.1.x7.2.x, 8.0.x, 8.1.x
MongoDB6, 7, 85, 6, 7, 8Used by Tyk Dashboard, Pump, and MDCB
PostgreSQL13.x - 17.x13.x - 17.xUsed by Tyk Dashboard, Pump, and MDCB
Given the time difference between your upgrade and the release of this version, we recommend customers verify the ongoing support of third-party dependencies they install, as their status may have changed since the release.

Deprecations

There are no deprecations in this release.

Upgrade instructions

You can use helm upgrade to upgrade your release 
helm repo add tyk-helm https://helm.tyk.io/public/helm/charts/
helm repo update

helm upgrade [RELEASE_NAME] tyk-helm/[CHART_NAME]

Downloads

Changelog

No changes in this release.

4.0.0 Release Notes

Release Date 26th September 2025

Release Highlights

This release includes improvements to support for Redis Sentinel deployments and updates the default charts to install the most recent Tyk LTS release 5.8.5 and Developer Portal 1.14.0. For a comprehensive list of changes, please refer to the detailed changelog below.

Breaking Changes

In this release, the MongoDB GraphQL Pump is not enabled by default. If you are using this Tyk Pump then you will need to enable it explicitly in your charts.

Dependencies

3rd Party Dependencies & Tools
Third Party DependencyTested VersionsCompatible VersionsComments
Kubernetes1.26.x, 1.27.x, 1.28.x, 1.29.x, 1.30.x, 1.31.x, 1.32.x1.19+
Helm3.14.x3.x
Redis5.x, 6.x, 7.x5.x, 6.x, 7.x
Valkey7.2.x, 8.0.x, 8.1.x7.2.x, 8.0.x, 8.1.x
MongoDB6, 7, 85, 6, 7, 8Used by Tyk Dashboard, Pump, and MDCB
PostgreSQL13.x - 17.x13.x - 17.xUsed by Tyk Dashboard, Pump, and MDCB
Given the time difference between your upgrade and the release of this version, we recommend customers verify the ongoing support of third-party dependencies they install, as their status may have changed since the release.

Deprecations

There are no deprecation in this release.

Upgrade instructions

You can use helm upgrade to upgrade your release 
helm repo add tyk-helm https://helm.tyk.io/public/helm/charts/
helm repo update

helm upgrade [RELEASE_NAME] tyk-helm/[CHART_NAME]

Downloads

Changelog

Added
Changed
Fixed
Resolved an issue where the Helm Charts bootstrap post-install job for tyk-stack failed due to an unnecessary requirement for an operator license, even when the operator was disabled by default. The bootstrap process now completes successfully without requiring the operator license.
Corrected the placement of the fsGroup field in the tyk-stack chart’s values.yaml from containerSecurityContext to podSecurityContext to resolve pre-install job failures.
Resolved an issue where the Redis Sentinel password (TYK_GW_STORAGE_SENTINELPASSWORD) was not correctly picked up by Helm charts. Previously, both Redis and Sentinel passwords referenced the same secret key, leading to the Sentinel password defaulting to the regular Redis password. This fix ensures correct handling of distinct Sentinel passwords.

3.0 Release Notes

3.0.0 Release Notes

Release Date 02 April 2025

Release Highlights

Tyk Charts 3.0 significantly improves configurability, reliability, and support for Tyk 5.8. This release enhances monitoring capabilities, expands Helm chart flexibility, and resolves key issues related to service availability and configuration management. For a comprehensive list of changes, please refer to the detailed changelog below.

Breaking Changes

Tyk Charts 3.0 introduces a breaking configuration changes for Tyk Dashboard: To provide a default secure configuration, security.forbid_admin_view_access_token and security.forbid_admin_reset_access_token are set to true to restrict admin users from being able to view and reset other users’ Dashboard API Access Credentials.

Dependencies

3rd Party Dependencies & Tools
Third Party DependencyTested VersionsCompatible VersionsComments
Kubernetes1.26.x, 1.27.x, 1.28.x, 1.29.x, 1.30.x, 1.31.x, 1.32.x1.19+
Helm3.14.x3.x
Redis6.2.x, 7.x6.2.x, 7.xUsed by Tyk Gateway and Dashboard
MongoDB5.0.x, 6.0.x, 7.0.x5.0.x, 6.0.x, 7.0.xUsed by Tyk Dashboard, Pump, and MDCB
PostgreSQL13.x - 17.x13.x - 17.xUsed by Tyk Dashboard, Pump, and MDCB
Given the time difference between your upgrade and the release of this version, we recommend customers verify the ongoing support of third-party dependencies they install, as their status may have changed since the release.

Deprecations

There are no deprecation in this release.

Upgrade instructions

You can use helm upgrade to upgrade your release 
helm repo add tyk-helm https://helm.tyk.io/public/helm/charts/
helm repo update

helm upgrade [RELEASE_NAME] tyk-helm/[CHART_NAME]

Downloads

Changelog

Added
Added readiness and liveness probes using Tyk Pump’s health check service, allowing proactive monitoring to detect failures and improve system reliability.
Added support for a global image registry, making it easier for users to configure private registries and streamline container image management.
Added configurable startup probes for Tyk Gateway, improving readiness checks to prevent premature traffic routing during initialization.
Added support for configuring access logs in Tyk Gateway 5.8, allowing users to track API transaction logs for enhanced monitoring and debugging.
Added support for retrieving a single OpenTelemetry Authorization header from a Kubernetes secret, enhancing security by preventing exposure of sensitive credentials in Helm values or Kubernetes manifests.
Replaced hardcoded values in Helm charts with configurable parameters, providing greater flexibility in deployment customization.
Added support for tolerations, affinity, and node selector configurations, enabling users to fine-tune Kubernetes scheduling for better resource allocation and workload distribution.
Added support to enable or disable test pods, allowing users to optimize resource utilization based on their environment needs.
Changed
Fixed
Fixed an issue where service annotations for Tyk Pump were not being applied correctly, which caused misconfigurations in Kubernetes deployments. This has been resolved by ensuring annotations are properly processed.
Fixed an issue where the Operator’s liveness and readiness probes were failing, causing the service to enter a CrashLoopBackOff state. This has been resolved by adjusting configurations to ensure proper startup and health checks.
Fixed an issue where TYK_DB_TYKAPI_HOST and TYK_DB_TYKAPI_PORT environment variables were incorrectly set when the Control API was enabled, leading to connectivity issues. This has been resolved by ensuring the correct values are assigned during configuration.

2.2 Release Notes

2.2.0 Release Notes

Release Date 09 December 2024

Release Highlights

The Tyk Helm Charts v2.2.0 release brings exciting new features, improvements, and crucial fixes to enhance deployment flexibility, customization, and reliability. Here are the highlights:
  • Sidecar containers support
  • Dashboard enhancements: Configurable audit log storage, Open Policy Agent (OPA) settings
  • Gateway enhancements: Custom liveness and readiness probes, enhanced logging configuration, customizable HPA behavior
  • Operator updates: Custom deployment annotations,
For a comprehensive list of changes, please refer to the detailed changelog below.

Breaking Changes

This release has no breaking changes.

Dependencies

3rd Party Dependencies & Tools
Third Party DependencyTested VersionsCompatible VersionsComments
Kubernetes1.26.x, 1.27.x, 1.28.x, 1.29.x, 1.30.x1.19+
Helm3.14.x3.x
Redis6.2.x, 7.x6.2.x, 7.xUsed by Tyk Gateway and Dashboard
MongoDB5.0.x, 6.0.x, 7.0.x5.0.x, 6.0.x, 7.0.xUsed by Tyk Dashboard, Pump, and MDCB
PostgreSQL12.x - 16.x12.x - 16.xUsed by Tyk Dashboard, Pump, and MDCB
Given the time difference between your upgrade and the release of this version, we recommend customers verify the ongoing support of third-party dependencies they install, as their status may have changed since the release.

Deprecations

There are no deprecation in this release.

Upgrade instructions

You can use helm upgrade to upgrade your release 
helm repo add tyk-helm https://helm.tyk.io/public/helm/charts/
helm repo update

helm upgrade [RELEASE_NAME] tyk-helm/[CHART_NAME]

Downloads

Changelog

Added
User can enable or disable Tyk Streams feature via global.streaming.enabled. This option is enabled by default.
Introduced new configuration options to manage audit logging for the Tyk Dashboard. This enhancement allows users to enable, customize, and specify how audit logs are stored and formatted.To configure, see Tyk Stack documentation.
Introduced new options to enable and manage Open Policy Agent (OPA) support directly from the Helm chart. This feature simplifies the configuration process, guiding users to use the correct settings without relying on extraEnvs.To configure, see Tyk Stack documentation.
Support for configuring liveness and readiness probes for the Tyk Gateway via Helm charts.Users can now define custom configurations for these probes, providing more flexibility and control over health checks in Kubernetes deployments. Defaults are provided if custom configurations are not specified.This enhancement improves deployment reliability and ensures better integration with Kubernetes health monitoring systems.To configure, see Tyk Stack documentation.
Support for configuring the Tyk Gateway logging level and format through new fields under .Values.gateway.log in the Helm chart values.yaml.This enhancement enables fine-tuned control over logging behavior directly from the Helm chart, simplifying deployment customization.
Users can now define custom HPA behavior settings directly in the Helm values file via a new field a new field: .Values.gateway.autoscaling.behavior.This enhancement provides more flexibility in configuring HPA scaling behavior, allowing tailored performance tuning for Gateway deployments.
Users can now specify annotations directly in the Helm values field .Values.annotations, enabling better integration with external tools and systems that rely on metadata annotations.
Support for adding sidecar containers for Tyk components, enhancing flexibility and integration capabilities. This feature allows for the addition of auxiliary containers through extraContainers field to the following components:
  • Tyk Gateway
  • Tyk Dashboard
  • Tyk MDCB
  • Tyk Pump
  • Tyk Enterprise Developer Portal
Changed
Fixed
Corrected the template name for the OpenTelemetry caFilePath in the Gateway configuration. Updated template reference from otel-CAPath to otel-tlsCAPath to ensure proper functionality. This fix addresses misconfigurations related to the OpenTelemetry TLS CA path and ensures accurate rendering of Gateway templates.
The externalTrafficPolicy field is now correctly set under the spec section instead of selectors. This fix ensures proper functionality and alignment with Kubernetes service configuration requirements.
Resolved an issue where the Tyk OSS chart did not set the Operator license key in the secret created for the Operator. This fix ensures seamless configuration of the license key when deploying Tyk Operator.

2.1 Release Notes

2.1.0 Release Notes

Release Date 10 Oct 2024

Release Highlights

Added the ability to specify a static IP for Kubernetes LoadBalancer services, giving users more control over network configurations for the Tyk Gateway and Dashboard. Added an option to configure the Dashboard container port, addressing issues with restricted port permissions. Updated the default versions of Tyk components. For a comprehensive list of changes, please refer to the detailed changelog below.

Breaking Changes

This release has no breaking changes. However, if you are upgrading to Tyk Operator v1.0 using the Helm Chart, please read the license requirement and Tyk Operator installation and upgrade instructions carefully.

Dependencies

3rd Party Dependencies & Tools
Third Party DependencyTested VersionsCompatible VersionsComments
Kubernetes1.26.x, 1.27.x, 1.28.x, 1.29.x, 1.30.x1.19+
Helm3.14.x3.x
Redis6.2.x, 7.x6.2.x, 7.xUsed by Tyk Gateway and Dashboard
MongoDB5.0.x, 6.0.x, 7.0.x5.0.x, 6.0.x, 7.0.xUsed by Tyk Dashboard, Pump, and MDCB
PostgreSQL12.x - 16.x12.x - 16.xUsed by Tyk Dashboard, Pump, and MDCB
Given the time difference between your upgrade and the release of this version, we recommend customers verify the ongoing support of third-party dependencies they install, as their status may have changed since the release.

Deprecations

There are no deprecation in this release.

Upgrade instructions

For users currently on v2.0.x, we strongly recommend promptly upgrading to the latest release.
You can use helm upgrade to upgrade your release 
helm repo add tyk-helm https://helm.tyk.io/public/helm/charts/
helm repo update

helm upgrade [RELEASE_NAME] tyk-helm/[CHART_NAME]

Downloads

Changelog

Added
Added an optional loadBalancerIP parameter in the chart that allows users to set a static IP for Tyk Gateway and Dashboard services when using the LoadBalancer service type. This update provides enhanced control over IP configuration, useful for network stability in environments with multiple load balancers.Tyk gateway service configuration:
  • tyk-gateway.gateway.service.loadBalancerIP (default to "")
Tyk Dashboard service configuration:
  • tyk-dashboard.dashboard.service.loadBalancerIP (default to "")
Enables specifying an alternate port for the container while using standard ports in the service. This option resolves permission issues associated with restricted ports, such as port 443, within containers.
Starting from Tyk Operator v1.0, a license key is required to use the Tyk Operator. You can provide it while installing Tyk Stack, Tyk Control Plane, or Tyk OSS helm chart by setting global.license.operator field. You can also set license key via a Kubernetes secret using global.secrets.useSecretName field. The secret should contain a key called OperatorLicense.
Changed

2.0 Release Notes

2.0.0 Release Notes

Release Date 26 September 2024

Breaking Changes

1. URL Path Matching Configuration Changes
Tyk Charts v2.0 introduces a breaking change related to URL path matching behavior in the Tyk Gateway. If you are using Tyk Gateway versions 5.0.14 (2023 LTS), 5.3.5 (2024 LTS), or 5.5.1 (latest feature branch) or above, two new configuration options have been added to the Gateway:
  • http_server_options.enable_path_prefix_matching
  • http_server_options.enable_path_suffix_matching
These options allow more restrictive URL path matching by controlling whether the request path matches the start or end of the specified pattern. If both are set to true, Tyk enforces “exact” path matching. By default, these options are set to false in the Gateway to avoid breaking existing configurations. However, starting with Tyk Charts v2.0, these options will be set to true by default, enforcing stricter security by requiring precise path matches. This change applies to new installations or upgrades via Tyk Charts v2.0 and above. From this version of Tyk Charts we also set the following configuration option to true by default as part of the stricter path matching:
  • http_server_options.enable_strict_routes
Impact on existing users:
  • The change is backward-compatible for users upgrading their Tyk Gateway directly (i.e. not via Helm Chart), because by default, these features will not be active. This ensures that existing configurations are not affected if you update the Gateway manually.
  • However, if you install or upgrade via Tyk Charts v2.0, these options will be set to true by default. This means stricter URL path matching will be enforced automatically, which could impact your existing routes or configurations if you’re not prepared for it. Please ensure you understand and test these new configurations before upgrading your production environment.
Action required:
  • Familiarize yourself with URL matching in Tyk here.
  • For production setup guidance, see this guide.
  • Configure the new options via the Helm chart, and test the changes in a non-production environment before upgrading.
2. Default Tyk Component Versions
This release changes the default component versions in Tyk Charts v2.0 to Long-Term Support (LTS) versions for greater stability in production environments. The new defaults are:
Tyk ComponentDefault VersionCustomization Parameter
Tyk Gateway5.3.5 LTS--set tyk-gateway.gateway.image.tag=<desired-version>
Tyk Dashboard5.3.5 LTS--set tyk-dashboard.dashboard.image.tag=<desired-version>
Tyk Pump1.11.0--set tyk-pump.pump.image.tag=<desired-version>
Tyk MDCB2.7.0--set tyk-mdcb.mdcb.image.tag=<desired-version>
Tyk Developer Portal1.10.0--set tyk-dev-portal.image.tag=<desired-version>
Tyk Operator0.18.0--set tyk-operator.image.tag=<desired-version>
If you need to use a different version for any component, adjust the Helm chart parameters during installation or upgrade.

3rd Party Dependencies & Tools

Third Party DependencyTested VersionsCompatible VersionsComments
Kubernetes1.26.x, 1.27.x, 1.28.x, 1.29.x, 1.30.x1.19+
Helm3.14.x3.x
Redis6.2.x, 7.x6.2.x, 7.xUsed by Tyk Gateway and Dashboard
MongoDB5.0.x, 6.0.x, 7.0.x5.0.x, 6.0.x, 7.0.xUsed by Tyk Dashboard, Pump, and MDCB
PostgreSQL12.x - 16.x12.x - 16.xUsed by Tyk Dashboard, Pump, and MDCB
Given the time difference between your upgrade and the release of this version, we recommend customers verify the ongoing support of third-party dependencies they install, as their status may have changed since the release.

Deprecations

There are no deprecation in this release.

Upgrade instructions

For users currently on v1.x.x, we strongly recommend promptly upgrading to the latest release.
You can use helm upgrade to upgrade your release 
helm repo add tyk-helm https://helm.tyk.io/public/helm/charts/
helm repo update

helm upgrade [RELEASE_NAME] tyk-helm/[CHART_NAME]

Release Highlights

Support Gateway configuration for URL path matching
The default Gateway configuration in the Helm chart will set Tyk’s URL path matching to exact mode. This ensures that the request URL must exactly match the listen path and endpoint patterns configured in the API definition.
Updated default Tyk versions
Tyk Charts 2.0 will install the following Tyk component versions by default.
  • Tyk Gateway v5.3.5
  • Tyk Dashboard v5.3.5
  • Tyk Pump v1.11.0
  • Tyk MDCB v2.7.0
  • Tyk Developer Portal v1.10.0
  • Tyk Operator v0.18.0

Downloads

Changelog

Added
Changed

1.6 Release Notes

1.6.0 Release Notes

Release Date 14 August 2024

Breaking Changes

This release has no breaking changes.

3rd Party Dependencies & Tools

Third Party DependencyTested VersionsCompatible VersionsComments
Kubernetes1.26.x, 1.27.x, 1.28.x, 1.29.x, 1.30.x1.19+
Helm3.14.x3.x
Redis6.2.x, 7.x6.2.x, 7.xUsed by Tyk Gateway and Dashboard
MongoDB5.0.x, 6.0.x, 7.0.x5.0.x, 6.0.x, 7.0.xUsed by Tyk Dashboard, Pump, and MDCB
PostgreSQL12.x - 16.x12.x - 16.xUsed by Tyk Dashboard, Pump, and MDCB
Given the time difference between your upgrade and the release of this version, we recommend customers verify the ongoing support of third-party dependencies they install, as their status may have changed since the release.

Deprecations

There are no deprecation in this release.

Upgrade instructions

For users currently on v1.4.x, we strongly recommend promptly upgrading to the latest release.
You can use helm upgrade to upgrade your release 
helm repo add tyk-helm https://helm.tyk.io/public/helm/charts/
helm repo update

helm upgrade [RELEASE_NAME] tyk-helm/[CHART_NAME]

Release Highlights

Updated MDCB Health check probes
MDCB v2.7.0 release introduces /liveness and /readiness probes which give more accurate and detail health check information. MDCB deployment has been updated to use the new endpoints. See MDCB Health Check section for information about the new probes.
Updated default Tyk versions
Tyk Charts 1.6 will install the following Tyk component versions by default.
  • Tyk Gateway v5.5.0
  • Tyk Dashboard v5.5.0
  • Tyk Pump v1.11.0
  • Tyk MDCB v2.7.0
  • Tyk Developer Portal v1.10.0
  • Tyk Operator v0.18.0

Downloads

Changelog

Added
Fixed

1.5 Release Notes

1.5.0 Release Notes

Release Date 4 July 2024

Breaking Changes

This release has no breaking changes.

3rd Party Dependencies & Tools

With PostgreSQL v11 has reach EOL on November 2023, we can no longer guarantee full compatibility with this version of the database. If you are using PostgreSQL we recommend that you upgrade to a version that we have tested with, as indicated below.
Third Party DependencyTested VersionsCompatible VersionsComments
Kubernetes1.26.x, 1.27.x, 1.28.x, 1.29.x1.19+
Helm3.14.x3.x
Redis6.2.x, 7.x6.2.x, 7.xUsed by Tyk Gateway and Dashboard
MongoDB5.0.x, 6.0.x, 7.0.x5.0.x, 6.0.x, 7.0.xUsed by Tyk Dashboard, Pump, and MDCB
PostgreSQL12.x - 16.x12.x - 16.xUsed by Tyk Dashboard, Pump, and MDCB
Given the time difference between your upgrade and the release of this version, we recommend customers verify the ongoing support of third-party dependencies they install, as their status may have changed since the release.

Deprecations

MDCB: Deprecated healthcheck_port and replaced with http_port
Starting with MDCB v2.6.0, the configuration parameter http_port has been introduced to replace the original healthcheck_port. This new HTTP port is designed to expose various endpoints for monitoring and debugging MDCB. For consistency and future compatibility, it is recommended to use mdcb.httpPort. ####### Backward compatibility: The mdcb.httpPort parameter is backward compatible, meaning it will function correctly with all existing MDCB versions, ensuring a smooth transition. ####### Recommendations for users:
  • Helm Chart Adjustments: Update your Helm chart configurations to use mdcb.httpPort instead of mdcb.probes.healthcheckPort to define the HTTP port.

Upgrade instructions

For users currently on v1.4.x, we strongly recommend promptly upgrading to the latest release.
You can use helm upgrade to upgrade your release 
helm repo add tyk-helm https://helm.tyk.io/public/helm/charts/
helm repo update

helm upgrade [RELEASE_NAME] tyk-helm/[CHART_NAME]

Release Highlights

Updated default Tyk versions
Tyk Charts 1.5 will install the following Tyk component versions by default.
  • Tyk Gateway v5.4.0
  • Tyk Dashboard v5.4.0
  • Tyk Pump v1.10.0
  • Tyk MDCB v2.6.0
  • Tyk Developer Portal v1.9.0
  • Tyk Operator v0.18.0
Tyk Operator is covered under the same umbrella
Tyk Operator can now be installed as an optional component alongside any of the following Tyk umbrella charts:
  • tyk-oss
  • tyk-stack
  • tyk-control-plane
With bootstrapping, the tyk-operator-conf secret will be automatically configured during the bootstrapping process. This means that the Tyk Operator will be ready for use with just one command, simplifying the deployment and configuration process. For a comprehensive list of changes, please refer to the detailed changelog below.

Downloads

Changelog

Added
New field gateway.enableFixedWindowRateLimiter added to tyk-gateway chart.This feature allows users to enable fixed window rate limiter in the Gateway. The fixed window rate limiter feature permits requests up to the configured rate limit within a specified time window, after which any additional requests are blocked until the next window. This method has minimal impact on Redis and is straightforward to implement. However, it should be noted that it does not protect against traffic spikes as it lacks spike arrest behavior. The default value for this setting is false.
Optional parameters dashboard.initContainers.initAnalyticsConf.resources and gateway.initContainers.setupDirectories.resources added to set resources for init containers in Dashboard and Gateway charts respectively.This feature is introduced to allow the definition of resource parameters for init containers, which is particularly useful in environments with namespace quotas that require specific resource definitions. Users can now specify the resources for init containers to comply with namespace resource quotas, ensuring that the init containers operate within the defined resource limits. The resource parameters can be defined at below locations.Tyk Dashboard chart
dashboard:
  initContainers:
    initAnalyticsConf:
      resources: {}
      # If you do want to specify resources, uncomment the following
      # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
      # limits:
      #   cpu: 100m
      #   memory: 128Mi
      # requests:
      #   cpu: 100m
      #   memory: 128Mi
Tyk Gateway chart
gateway:
  initContainers:
    setupDirectories:
	    resources: {}
      # If you do want to specify resources, uncomment the following
      # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
      # limits:
      #   cpu: 100m
      #   memory: 128Mi
      # requests:
      #   cpu: 100m
      #   memory: 128Mi
Added mdcb.httpServerOptions for SSL configuration of the MDCB HTTP server.This feature allows users to enable SSL for the MDCB HTTP server by configuring SSL-specific options. Users can enhance the security of their MDCB HTTP server by enabling SSL. The configuration includes settings such as useSSL, certificateKeyFile, certificateCertFile, and minVersion. For other HTTP server options, users can utilize extraEnvs to configure additional parameters.
mdcb:
  # defines the SSL/TLS settings for the http server where the healthcheck is exposed
  httpServerOptions:
    # if enabled then the endpoints will be served over https
    useSSL: true
    certificateKeyFile: /path-to-cert-keyfile
    certificateCertFile: /path-to-certfile
    
    # For TLS 1.0 use 769, for TLS 1.1 use 770, for TLS 1.2 use 771, for TLS 1.3 use 772
    minVersion: 771
mdcb.httpPort added to define the port used for accessing MDCB HTTP endpoints.This change deprecates the previous healthcheck port in favor of using a defined HTTP port for accessing MDCB HTTP endpoints. This update streamlines the configuration by consolidating the HTTP endpoints under a single port setting, making it simpler to manage and configure the MDCB health checks.
mdcb:
  # This is the preferred port setting for MDCB >= v2.6.0.
  # Users should use httpPort instead of probes.healthCheckPort for newer versions.
  httpPort: 8181

  probes:
    # This port lets MDCB allow standard health checks.
    # It also defines the path for liveness and readiness probes.
    # It is used to set TYK_MDCB_HEALTHCHECKPORT and TYK_MDCB_HTTPPORT when mdcb >= v2.6.0
    # This field will be deprecated in upcoming release. Use `httpPort` instead.
    # healthCheckPort: 8181
global.components.operator added to determine whether the Tyk Operator component should be installed.This feature adds a dependency on the Tyk Operator to the umbrella charts, facilitating the installation of the Tyk Operator component. Users can now easily install the Tyk Operator component by setting the global.components.operator parameter. Note that the Tyk Operator requires cert-manager to be installed beforehand. It also expects secret tyk-operator-conf is present in the installation namespace. You can enable bootstrapping at global.components.bootstrap if you are working on a new installation to have this secret created for you. Refer to the Tyk Operator installation guide for detailed information on pre-requisites.
global:
  components:
    # operator determines whether Tyk Operator component should be installed or not.
    # Tyk Operator needs cert-manager to be installed beforehand. Make sure that cert-manager is installed.
    # For further details, please refer to https://tyk.io/docs/api-management/automations#install-and-configure-tyk-operator/
    operator: false
Introduced annotations values to the Tyk stack and component Helm charts to define annotations for Deployments or StatefulSets.This enhancement allows users to define custom annotations for the Deployments or StatefulSets of Tyk components. Annotations are useful for supporting automated reloading of the Gateway or other components using tools like reloader. Previously, the Helm charts did not support any annotations at the deployment level.Users can now add custom annotations to facilitate automation and improve the management of Tyk components. The following annotations have been added:
  • Dashboard: dashboard.annotations for Tyk Dashboard Deployment/StatefulSet
  • Dev Portal: annotations for Tyk Developer Portal Deployment/StatefulSet
  • Gateway: gateway.annotations for Tyk Gateway Deployment/StatefulSet
  • MDCB: mdcb.annotations for MDCB Deployment/StatefulSet
  • Pump: pump.annotations for Tyk Pump Deployment
Fixed
This fix addresses a misconfiguration in the Dashboard chart that was causing the Log Browser not showing API activity logs for users utilizing Mongo Pump. The default configuration dashboard.useShardedAnalytics is now set to true, ensuring proper log visibility. Users who use Mongo Pump will now be able to view the API activity log as expected. Additionally, the correct Dashboard environment variable TYK_DB_USESHARDEDANLAYTICS is now set using dashboard.useShardedAnalytics. This enhancement ensures accurate log visibility and improves the overall user experience with the Dashboard by properly configuring sharded analytics.
Resolved an issue in the Gateway chart that prevented the use of a container image with the latest tag when gateway.control.enabled is set to true.This fix addresses a problem in the Gateway chart where enabling the control port (gateway.control.enabled) would cause an error if the container image tag was set to latest. The helm chart template previously assumed that all images would use semantic versioning.Users can now use the latest tag for container images even when the control port is enabled. This enhancement removes the restriction and assumption of semantic versioning, providing more flexibility in specifying container image tags.
Resolved an issue in tyk-stack and tyk-control-plane chart that prevented bootstrap and devPortal components to be enabled at the same time.When user deploy Developer Portal using tyk-stack or tyk-control-plane Helm Chart, there was a problem before that bootstrapping and devPortal cannot be enabled at the same time. It was because dev portal was depending on secret tyk-dev-portal-conf to start up but the secret can only be created after all pods has been created successfully via the bootstrapping job. This problem arises when user use --wait flag in helm install or use ArgoCD for installation.We have fixed this issue by not passing required org ID and API key as command option during portal startup. The dev portal is configured after Pod creation via Dev Portal API.

1.4 Release Notes

1.4.0 Release Notes

Release Date — 6 May 2024

Breaking Changes

This release has no breaking changes.

3rd Party Dependencies & Tools

Third Party DependencyTested VersionsCompatible VersionsComments
Kubernetes1.26.x, 1.27.x, 1.28.x, 1.29.x1.19+
Helm3.14.x3.x
Redis6.2.x, 7.x6.2.x, 7.xUsed by Tyk Gateway and Dashboard
MongoDB5.0.x, 6.0.x, 7.0.x4.4.x, 5.0.x, 6.0.x, 7.0.xUsed by Tyk Dashboard, Pump, and MDCB
PostgreSQL11.x - 15.x LTS11.x - 15.xUsed by Tyk Dashboard, Pump, and MDCB
Given the time difference between your upgrade and the release of this version, we recommend customers verify the ongoing support of third-party dependencies they install, as their status may have changed since the release.

Deprecations

  • In the tyk-dashboard chart, the dashboard.hashKeys field is deprecated and has been replaced with .global.hashKeys. This is to ensure Dashboard, Gateway, and MDCB always get the same hashKeys configurations. Setting dashboard.hashKeys will no longer take effect. Please only use .global.hashKeys field.

Upgrade instructions

For users currently on v1.3.x, we strongly recommend promptly upgrading to the latest release.
You can use helm upgrade to upgrade your release 
helm repo add tyk-helm https://helm.tyk.io/public/helm/charts/
helm repo update

helm upgrade [RELEASE_NAME] tyk-helm/[CHART_NAME]

Release Highlights

General availability release of tyk-control-plane chart and tyk-mdcb chart
We’re pleased to announce the official release of the Tyk Helm Charts for Tyk Control Plane and MDCB! Following a successful beta phase, these charts are now stable and ready for production use. With this release, we aim to provide a straightforward solution for deploying and managing Tyk Control Plane and Multi-Data Center Bridge (MDCB) using Helm Charts. Whether you’re looking for our recommended setup configurations or need flexibility to adapt to your architectural requirements, our Helm Charts have you covered. To leverage this stable release and simplify your Tyk deployments, we invite you to explore our example setup for MDCB Control Plane using Helm Chart. Simply follow our MDCB Control Plane setup guide to get started.
Updated default Tyk versions
Tyk Charts 1.4 will install the following Tyk component versions by default.
  • Tyk Gateway v5.3.1
  • Tyk Dashboard v5.3.1
  • Tyk Pump v1.9.0
  • Tyk MDCB v2.5.1
  • Tyk Developer Portal v1.8.5
For a comprehensive list of changes, please refer to the detailed changelog below.

Downloads

Changelog

Added
When you set operatorSecret.enabled to true in the tyk-oss chart, a Kubernetes Secret named tyk-operator-conf will be automatically created in the same namespace. This secret is essential for connecting Tyk Operator to the Gateway, enabling seamless management of Tyk API resources. To learn more about setting up Tyk Operator, check out Tyk Operator installation.
We have introduced new configuration options for handling analytics data flow in MDCB deployments. By default, MDCB stores aggregated analytics data from the data plane pump to SQL/Mongo. Additionally, users have the flexibility to enable Pump in the control plane, allowing MDCB to send analytics to Redis instead.Here are the default configurations:
mdcb:
  # When it is set to true, instead of sending analytics directly to MongoDB / SQL,
  # MDCB can send analytics to Redis. This will allow tyk-pump to pull
  # analytics from Redis and send to your own data sinks.
  # It is used to set TYK_MDCB_FORWARDANALYTICSTOPUMP
  forwardAnalyticsToPump: false

  # This enables saving analytics in multiple keys as oppose to just having one.
  # It is useful when using a Redis cluster.
  # It also only works when TYK_MDCB_FORWARDANALYTICSTOPUMP is set to true.
  enableMultipleAnalyticsKey: true

  # This should be set to true if you choose not to store selective analytics
  dontStoreSelective: false

  # This should be set to true if you choose not to store aggregate analytics
  dontStoreAggregate: false

  # If set to true then it will not store analytics for tags having prefix specified in the list.
  # NB: Prefix “key-” is added in the list by default. This tag is added by gateway for keys.
  ignoreTagPrefixList: []

  # If enabled, it will store analytics for all the endpoints, irrespective of Track Endpoint plugin.
  trackAllPaths: false

  # If enabled, aggregate data will be generated per minute.
  storeAnalyticsPerMinute: false
We’ve added a convenient option to enable dashboard hybrid organization during bootstrapping. This eliminates the manual step of calling the Dashboard Admin API post-deployment to enable hybrid organization, which is essential for MDCB deployment.
To harden security, we have made security context of all Pods and Containers customizable. Also, we have set runAsNonRoot: true in all Pod’s securityContext. This prevents the Pods from running as root users, ensuring compatibility with the Restricted Pod Security Policy.
We’ve introduced an annotation with a checksum of the secret as a value, triggering a deployment change when the secret is updated. This ensures that pods are replaced promptly, immediately utilizing the new values from the secret. This logic applies if global.secrets.useSecretName is not set, as the secret is then not part of the chart.
Now, you have the flexibility to customize Pod labels in all component charts. Simply populate the podLabels field with your desired content, and it will be added as pod labels.
We’ve added a podAnnotations field to the tyk-dev-portal chart, allowing you to customize pod annotations. Fill in the podAnnotations field with your specific content, and it will be added as pod annotations.
Changed
We’ve removed unnecessary commands from the Gateway and Pump pod templates, allowing for the utilization of entrypoint scripts.
Now, you can use arbitrary image tags, including non-Semantic Versioning tags like latest for Dashboard. We’ve bypassed version checking in the Dashboard Deployment template to accommodate this flexibility.
To avoid confusion with the latest Developer Portal, Classic Portal bootstrapping is now disabled by default in the Dashboard. If you wish to utilize the Classic Portal, simply enable it by setting tyk-bootstrap.bootstrap.portal to true in either the Tyk Stack or Tyk Control Plane chart.
The dashboard.hashKeys field is now deprecated. Instead, users should utilize the global.hashKeys field to set key hashing. This ensures configuration alignment across Gateway, Dashboard, and MDCB components.
Fixed

1.3. Release Notes

1.3.0 Release Notes

Release Date 05 Apr 2024

Breaking Changes

For MongoDB users: Tyk Charts 1.3.0 uses mongo-go as the default driver to connect to MongoDB. mongo-go driver is compatible with MongoDB 4.4.x and above. For MongoDB versions prior to 4.4, please set global.mongo.driver to mgo. We recommend reading Choose a MongoDB driver when you need to change driver setting.

3rd Party Dependencies & Tools

Third Party DependencyTested VersionsCompatible VersionsComments
Kubernetes1.26.x, 1.27.x, 1.28.x, 1.29.x1.19+
Helm3.14.x3.x
Redis6.2.x, 7.x6.2.x, 7.xUsed by Tyk Gateway and Dashboard
MongoDB5.0.x, 6.0.x, 7.0.x4.4.x, 5.0.x, 6.0.x, 7.0.xUsed by Tyk Dashboard
PostgreSQL11.x - 15.x LTS11.x - 15.xUsed by Tyk Dashboard
Given the time difference between your upgrade and the release of this version, we recommend customers verify the ongoing support of third-party dependencies they install, as their status may have changed since the release.

Deprecations

There are no deprecations in this release.
Future deprecations
  • In tyk-dashboard chart, dashboard.hashKeys field will be deprecated in future and be replaced with .global.hashKeys. This is to ensure Dashboard, Gateway, and MDCB always get the same hashKeys configurations. It is recommended users do not set dashboard.hashKeys and only use .global.hashKeys field.

Upgrade instructions

For users currently on v1.2.x, we strongly recommend promptly upgrading to the latest release.
You can use helm upgrade to upgrade your release 
helm repo add tyk-helm https://helm.tyk.io/public/helm/charts/
helm repo update

helm upgrade [RELEASE_NAME] tyk-helm/[CHART_NAME]

Release Highlights

This release primarily focuses on adding support for Tyk v5.3 configurations. Tyk Charts 1.3 will install the following Tyk component versions by default.
  • Tyk Gateway v5.3.0
  • Tyk Dashboard v5.3.0
  • Tyk Pump v1.9.0
  • Tyk MDCB v2.5.0
  • Tyk Developer Portal v1.8.3
For a comprehensive list of changes, please refer to the detailed changelog below.
Support new features available from Tyk v5.3.0
Tyk Charts 1.3 adds support for a number of new Tyk features available from Tyk 5.3.0. These include: Support use of SSL certificates when connecting to Redis, Configurations for OAS Validate examples and OAS Validate Schema defaults.
Graph Pump
Tyk Charts 1.3 adds support for Graph MongoDB Pump, Graph SQL Pump and Graph SQL Aggregate Pump. see Graph Pump setup to learn more about the GraphQL-specific metrics available.
Enable Tyk Identity Broker (TIB) in Tyk Dashboard
Tyk Charts 1.3 adds a field to enable Internal Tyk Identity Broker (TIB) in Tyk Dashboard by field tyk-dashboard.tib.enabled to true.

Downloads

Changelog

Added
Added following fields in global.redis to support use of SSL certificates when connecting to Redis.
    # Allows usage of self-signed certificates when connecting to an encrypted Redis database.
    # sslInsecureSkipVerify: false

    # Path to the CA file.
    # sslCAFile: ""

    # The Volume mount path
    # Default value: /etc/certs
    # certificatesMountPath: ""

    # Path to the cert file.
    # sslCertFile: ""

    # Path to the key file.
    # sslKeyFile: ""

    # Maximum supported TLS version. Valid values are TLS 1.0, 1.1, 1.2, 1.3.
    # Default value: 1.3
    # sslMaxVersion: "1.3"

    # Minimum supported TLS version. Valid values are TLS 1.0, 1.1, 1.2, 1.3.
    # Default value: 1.2
    # sslMinVersion: "1.2"

    # Name of the tls secret. A secret needs to be created for this manually using the name as specified here
    # secretName: ""

    # Name of the volume where the secret will be mounted
    # volumeName: ""
Added field global.oasValidateExamples. When set to true, it enables validation of examples in the OAS spec. It is used to set TYK_DB_OAS_VALIDATE_EXAMPLES and TYK_GW_OAS_VALIDATE_EXAMPLES.
Added field global.oasValidateSchemaDefaults. When set to true, it enables validation of schema defaults in the OAS spec. It is used to set TYK_DB_OAS_VALIDATE_SCHEMA_DEFAULTS and TYK_GW_OAS_VALIDATE_SCHEMA_DEFAULTS.
Added field global.hashKeys. When set to true, it enables key hashing in Gateway. Dashboard will also operate in a mode that is compatible with key hashing. Please do not set dashboard.hashKeys or make sure dashboard.hashKeys is set to the same value or else dashboard.hashKeys will take precedence.Note: dashboard.hashKeys will be deprecated in future release.
Added built-in support for PodDisruptionBudget resource for Tyk Gateway. This will enhance the reliability and availability of your applications, giving you some control over the disruption caused by scaling operations, updates or maintenance on your pods. To enable it, set gateway.pdb.enabled to true and configure gateway.pdb.minAvailable or gateway.pdb.maxUnavailable.
When enabled at gateway.control.ingress.enabled, an Ingress resource will be created to allow external access to gateway’s control service.
Allow users to configure worker gateway to work with Tyk MDCB synchroniser easily by setting global.mdcbSynchronizer.enabled in tyk-data-plane. The control plane should be deployed with same global.mdcbSynchronizer.enabled value too.
Allow users to customize serviceAccountName for gateway, the name of the Service Account that is going to be used by the Pods.
Users can configure Tyk Gateway service port name and Tyk Gateway control service port name. Default is http.
Users can configure Tyk Gateway initContainer image so that it is possible to load busybox image from preferred registry.
You can enable Internal Tyk Identity Broker (TIB) in Tyk Dashboard by field tyk-dashboard.tib.enabled to true.
Allow users to customize serviceAccountName for dashboard, the name of the Service Account that is going to be used by the Pods.
Users can configure Tyk Dashboard service port name. Default is http.
Graph Pumps will be added when the user adds mongo or postgres to pump.backend. When mongo is added to pump.backend the Graph MongoDB Pump will be enabled. When postgres is added to pump.backend the Graph SQL Pump and Graph SQL Aggregate Pump will be enabled.
Allow users to customize serviceAccountName for pump, the name of the Service Account that is going to be used by the Pods.
Users can configure Tyk Pump service port name. Default is http.
Allow users to customize serviceAccountName for portal, the name of the Service Account that is going to be used by the Pods.
Users can configure Tyk Developer Portal service port name. Default is http.
A new MDCB component chart has been added to deploy MDCB. It is currently in Beta. For installation instructions and configurations, please read Tyk Control Plane chart.
A new Tyk Control Plane umbrella chart has been added to deploy Tyk Control Plane. It is currently in Beta. For installation instructions and configurations, please read Tyk Control Plane chart.
Changed

Further Information

Upgrading Tyk

Please refer to the upgrading Tyk page for further guidance on the upgrade strategy.

FAQ

Please visit our Developer Support page for further information relating to reporting bugs, upgrading Tyk, technical support and how to contribute.