Tyk Operator Release Notes
Last updated: 11 minutes read.
Licensed Protected Product
This page contains all release notes for Tyk Operator displayed in a reverse chronological order
Support Lifetime
Our minor releases are supported until our next minor comes out.
1.1 Release Notes
1.1.0 Release Notes
Release Date 09 December 2024
Release Highlights
Support for Tyk Streams API
Tyk Operator v1.1 supports management of Tyk Streams APIs through the new TykStreamsApiDefinition
custom resource. This allows you to have declarative, versioned, and fully automated control to your streaming APIs.
Breaking Changes
This release has no breaking changes.
Dependencies
3rd Party Dependencies & Tools
Third Party Dependency | Tested Versions | Compatible Versions | Comments |
---|---|---|---|
Kubernetes | 1.26.x to 1.30.x | 1.19.x to 1.30.x |
Given the time difference between your upgrade and the release of this version, we recommend customers verify the ongoing support of third-party dependencies they install, as their status may have changed since the release.
Deprecations
There are no deprecations in this release.
Upgrade instructions
Tyk Operator v1.1 introduced new Custom Resource Definitions (CRDs). Before upgrading to Tyk Operator v1.1 with Helm Chart, please run the following commands to install the CRDs:
$ kubectl apply -f https://raw.githubusercontent.com/TykTechnologies/tyk-charts/refs/heads/main/tyk-operator-crds/crd-v1.1.0.yaml
Go to the Upgrading Tyk Operator section for detailed upgrade instructions.
Downloads
- Docker image v1.1.0
-
docker pull tykio/tyk-operator:v1.1.0
-
- Helm chart
- tyk-charts v2.2.0
Changelog
Added
-
TykStreamsApiDefinition: new Custom Resource for Tyk Streams
The
TykStreamsApiDefinition
custom resource allows you to manage Tyk Streams APIs directly within your Kubernetes environment. This enhancement offers a Kubernetes-native approach to managing Tyk APIs, streamlining operations and ensure single source of truth in Kubernetes.
1.0 Release Notes
1.0.0 Release Notes
We are excited to announce the release of Tyk Operator v1.0, marking a significant milestone with new features, enhancements, and critical changes. This release introduces support for Tyk OAS APIs, extended capabilities for managing Classic APIs and security policies, and includes license changes that you must be aware of before upgrading.
Release Date 10 Oct 2024
Release Highlights
Support for Tyk OAS API
The Tyk Operator v1.0 release introduces powerful new features designed to enhance how you manage APIs in Kubernetes environments. One of the key highlights is the full support for Tyk OAS APIs, allowing you to define and manage APIs through the new TykOasApiDefinition
custom resource. This integration extends GitOps API Management to Tyk OAS, allowing you to have declarative, versioned, and fully automated control to your APIs in Kubernetes environments.
Key features:
- Define and Manage Tyk OAS APIs using the TykOasApiDefinition custom resource.
- Manage API Definitions in ConfigMaps: Any changes are automatically tracked and synced to Tyk.
- Configure Tyk OAS in a Kubernetes-native way: You can organize APIs by categories or manage multiple API versions easily with the new CRD.
- Simplify certificate management by referencing Kubernetes secrets.
- Use the Tyk Ingress controller to create Tyk OAS APIs from Ingress specs.
With this release, users benefit from seamless GitOps workflows, ensuring a Kubernetes-native operation workflow. Security is also made simpler with automated certificate synchronization, removing the hassle of manual certificate management.
Enhanced Classic API and Security Policy Features
Enhanced support for Tyk Classic APIs continues, with improvements to security policies and new capabilities for setting API and endpoint-specific rate limits, making it easier than ever to customize API usage policies.
This release represents a significant upgrade for both API management and security, offering a more efficient, scalable, and Kubernetes-native way to operate Tyk. Whether you’re leveraging Tyk OAS APIs or continuing with Tyk Classic, this version brings the tools and features you need to streamline your workflows and enhance operational efficiency.
For details please refer to the changelog below.
Breaking Changes
License Requirement: Tyk Operator is now a closed-source product and requires a valid license key to operate. Please follow our Installation and Upgrade Guide to set your license key before installation or upgrade.
If the license is missing, invalid, or expired, Tyk Operator will exit with an error message. Ensure that you carefully review the setup steps to avoid any issues during the upgrade or installation process.
Dependencies
3rd Party Dependencies & Tools
Third Party Dependency | Tested Versions | Compatible Versions | Comments |
---|---|---|---|
Kubernetes | 1.26.x to 1.30.x | 1.19.x to 1.30.x |
Given the time difference between your upgrade and the release of this version, we recommend customers verify the ongoing support of third-party dependencies they install, as their status may have changed since the release.
Deprecations
There are no deprecations in this release.
Upgrade instructions
Tyk Operator v1.0 introduced new Custom Resource Definitions (CRDs). Before upgrading to Tyk Operator v1.0 with Helm Chart, please run the following commands to install the CRDs:
$ kubectl apply -f https://raw.githubusercontent.com/TykTechnologies/tyk-charts/refs/heads/main/tyk-operator-crds/crd-v1.0.0.yaml
Go to the Upgrading Tyk Operator section for detailed upgrade instructions.
Downloads
- Docker image v1.0.0
-
docker pull tykio/tyk-operator:v1.0.0
-
- Helm chart
Changelog
Added
-
TykOasApiDefinition: new Custom Resource for Tyk OAS
The
TykOasApiDefinition
custom resource allows you to manage Tyk OAS APIs directly within your Kubernetes environment. You can now categorize APIs, manage multiple versions, and simplify SSL certificate management by referencing Kubernetes secrets. This enhancement offers a Kubernetes-native approach to managing Tyk APIs, streamlining operations and reducing the complexity of versioning and certificate handling across different environments.Learn More: Create Tyk OAS API
-
Ingress Controller: Support Tyk OAS API as an Ingress Template
With this release, you can use the TykOasApiDefinition resource as a template for automatically creating Tyk OAS APIs based on Kubernetes Ingress specs. This simplifies the process of generating APIs by leveraging Ingress controller annotations, reducing manual intervention, and automating API creation workflows for better scalability and operational efficiency.
Learn More: Tyk Ingress Controller
-
SecurityPolicy: Support for Key-Level Per-API Rate Limits and Quota
This release introduces the ability to configure specific rate limits, quotas, and throttling rules at the API level using the
access_rights_array
in the security policy. Each API now has the flexibility to inherit global limit settings or apply custom limits, making it easier to control API usage on a per-API basis. This provides enhanced granularity in managing traffic, ensuring optimal resource allocation and improved performance under heavy loads.Learn More: Key-Level Per-API Rate Limits and Quota
-
SecurityPolicy: Support for Key-Level Per-Endpoint Rate Limits
By configuring key-level per-endpoint limits, you can restrict the request rate for specific API clients to a specific endpoint of an API.
Learn More: Key-Level Per-Endpoint Rate Limits
-
SecurityPolicy: Support for TykOasApiDefinition
This update extends the security policy to include TykOasApiDefinition resources within the
access_rights_array
, allowing you to manage security policies for both Tyk Classic APIs and Tyk OAS APIs. By specifying the API kind, you can now apply rate limits, quotas, and other access controls to Tyk OAS APIs, streamlining security management in mixed environments.Learn More: TykOasApiDefinition in Security Policy
-
ApiDefinition: Support for Event Handler
Tyk Operator now supports event handler integration for ApiDefinition, enabling webhooks to be triggered by specific API events. This allows for real-time, event-driven automation between Tyk and other systems, sending notifications or executing actions as events occur in the API lifecycle. The event_handlers field in the ApiDefinition CRD makes it easy to set up webhook-driven processes for better control and automation across your services.
Learn More: Event Webhook with Tyk Classic
-
ApiDefinition: Support timeout Field in Advanced Cache Control
The advanced cache configuration for ApiDefinition now supports a timeout field, providing greater control over cache behavior. You can define specific cache timeouts for different API paths, allowing for more fine-tuned control over caching strategies. This feature helps optimize API performance, particularly for high-traffic endpoints requiring precise cache management.
extended_paths: advance_cache_config: - path: "/json" method: "GET" cache_response_codes: [200, 204] timeout: 120
-
ApiDefinition: Support new Fields in `VersionDefinition`
VersionDefinition
withinApiDefinition
has been expanded to include additional fields, offering more granular control over API versioning and path management. These new fields allow you to configure version handling more flexibly, enhancing your ability to manage API versions and customize how version data is processed in API paths.
Changed
-
Go Version Updated to 1.22
The underlying Go runtime for Tyk Operator has been updated to version 1.22. This upgrade brings performance improvements, enhanced security, and compatibility with the latest Go libraries, ensuring Tyk Operator remains efficient and secure in production environments.
0.18 Release Notes
0.18.0 Release Notes
Release date 4 Jul 2024
Breaking Changes
This release has no breaking changes.
Deprecations
There are no deprecations in this release.
Upgrade Instructions
Go to the Upgrading Tyk Operator section for detailed upgrade instructions.
Release Highlights
This release added support for Tyk 5.4 API definition.
For details please refer to the changelog below.
Downloads
- Docker image v0.18.0
-
docker pull tykio/tyk-operator:v0.18.0
-
- Source code tarball - Tyk Operator Repo
Changelog
Added
-
Added support of Tyk 5.4 API definition CRD
Added to ApiDefinition Custom Resource Definition (CRD):
- introspection option to enable/disable GraphQL introspection
- graphql.proxy.auth_headers
- graphql.proxy.subscription_type
- graphql.proxy.request_headers
- graphql.proxy.use_response_extensions
- graphql.proxy.request_headers_rewrite
- graphql.proxy.features
0.17 Release Notes
0.17.1 Release Notes
Release date 6 May 2024
Breaking Changes
This release has no breaking changes.
Deprecations
There are no deprecations in this release.
Upgrade Instructions
Go to the Upgrading Tyk Operator section for detailed upgrade instructions.
Release Highlights
This release is focused on bug fixes. For details please refer to the changelog below.
Downloads
- Docker image v0.17
-
docker pull tykio/tyk-operator:v0.17.1
-
- Source code tarball - Tyk Operator Repo
Changelog
Fixed
-
Fixed ApiDefinition Custom Resources generated by the Ingress Controller used a wrong certificate
When using Tyk as an Ingress Controller with TLS enabled, the ApiDefinition Custom Resources generated by the Ingress Controller is missing the OrgID field. As a result, Tyk Gateway used a wrong certificate when serving a request. It is fixed by adding back OrgID field to ApiDefinition CRs created by Ingress Controller.
-
Added Webhook and RBAC port configurations in Tyk Operator Helm chart
Users can configure Tyk Operator webhook and RBAC port via helm chart values
.Values.webhookPort
and.Values.rbac.port
respectively. -
Addressed security vulnerabilities CVE-2023-45288
Addressed security vulnerabilities CVE-2023-45288 where an attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request’s headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.
-
Addressed security vulnerabilities CVE-2024-24786
Addressed security vulnerabilities CVE-2024-24786 where the
protojson.Unmarshal
function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains agoogle.protobuf.Any
value, or when theUnmarshalOptions.DiscardUnknown
option is set.
0.17.0 Release Notes
Release date 05 Apr 2024
Breaking Changes
This release has no breaking changes.
Deprecations
There are no deprecations in this release.
Upgrade Instructions
Go to the Upgrading Tyk Operator section for detailed upgrade Instructions.
Release Highlights
This release added support for GraphQLIntrospectionConfig
in API definition and fixed an issue where the Tyk Operator creates duplicate APIs on Tyk.
For details please refer to the changelog below.
Downloads
- Docker image v0.17
-
docker pull tykio/tyk-operator:v0.17.0
-
- Source code tarball - Tyk Operator Repo
Changelog
Fixed
-
Fixed creating duplicated API definitions on Tyk
Fix creating duplicated API definitions on Tyk in case of cluster failures. If network errors happen while updating the API definition, the Tyk Operator retries the reconciliation based on the underlying error type.
Added
-
Added support of GraphQLIntrospectionConfig in API definition CRD
Added to ApiDefinition CRD: support of
GraphQLIntrospectionConfig
field atgraphql.introspection.disabled
. This feature will be enabled in future Tyk releases.
0.16 Release Notes
0.16.0 Release Notes
Release date 12 Jan 2024
Breaking Changes
This release has no breaking changes.
Deprecations
There are no deprecations in this release.
Upgrade Instructions
While upgrading Tyk Operator release via Helm, please make sure that the latest CRDs are also applied on the cluster, as follows:
kubectl apply -f https://raw.githubusercontent.com/TykTechnologies/tyk-operator/v0.16.0/helm/crds/crds.yaml
Release Highlights
This release added support for analytics plugin, UDG global header, and detailed tracing setting in ApiDefinition as detailed in the changelog below.
Downloads
Changelog
Added
-
Added imagePullSecrets configuration for ServiceAccount in Tyk Operator Helm chart
Added imagePullSecrets configuration for ServiceAccount in Tyk Operator Helm chart. It allows user to pull image from a private registry.
-
Added tyk to categories field of CRDs
Added tyk to categories field of CRDs. So, from now on, all CRs related to Tyk Operator is grouped into tyk category and can be displayed via kubectl get tyk.
-
Added support of analytics plugin in ApiDefinition CRD
Added to ApiDefinition CRD: support of analytics plugin at spec.analytics_plugin. See Example CRD with Analytics Plugin for details.
-
Added support of UDG Global Header in ApiDefinition CRD
Added to ApiDefinition CRD: support for UDG Global Header at spec.graphql.engine.global_headers object in ApiDefinition CRD. This feature is compatible with Tyk 5.2 or above.
-
Added support of detail tracing in ApiDefinition CRD
Added to ApiDefinition CRD: support for detail tracing configuration at spec.detailed_tracing field in ApiDefinition CRD. Enable it for the API if you want to get detail span for each middleware involved in request processing.
Updated
-
Updated Go version to 1.21
Updated Go version to 1.21
Fixed
-
Fixed CVE-2023-39325 (NVD)
Fixed CVE-2023-39325 (NVD)
-
Fixed security policy handling in OSS mode
Fixed a bug that prevents Tyk Operator to work with SecurityPolicy in OSS Mode. Now, SecurityPolicy controller will not modify spec.MID (_id) field in SecurityPolicy
Further Information
Upgrading Tyk
Please refer to the upgrading Tyk page for further guidance on the upgrade strategy.
FAQ
Please visit our Developer Support page for further information relating to reporting bugs, upgrading Tyk, technical support and how to contribute.