Skip to main content

Introduction

Tyk Cloud hosts and manages the control planes for you. You can deploy the data planes across multiple locations:
  • as Cloud Gateways: Deployed and managed in Tyk Cloud, in any of our available regions. These are SaaS gateways, so there are no deployment or operational concerns.
  • as Hybrid Gateways: This is a self-managed data plane, deployed in your infrastructure and managed by yourself. Your infrastructure can be a public or private cloud, or even your own data center.
This page describes the deployment of hybrid data planes and how to connect them to Tyk Cloud, in both Kubernetes and Docker environments.

Prerequisites

  • Tyk Cloud Account, register here if you don’t have one yet:
  • A Redis instance for each data plane, used as ephemeral storage for distributed rate limiting, token storage and analytics. You will find instructions for a simple Redis installation in the steps below.
  • No incoming firewall rules are needed, as the connection between Tyk Hybrid Gateways and Tyk Cloud is always initiated from the Gateways, not from Tyk Cloud.

Tyk Hybrid Gateway configuration

The hybrid gateways in the data plane connect to the control plane in Tyk Cloud using the Tyk Dashboard API Access Credentials. Follow the guides below to create the configuration that we will be used in later sections to create a deployment: Login to your Tyk Cloud account deployments section and click on ADD HYBRID DATA PLANE Tyk Cloud hybrid configuration home Fill in the details and then click SAVE DATA PLANE CONFIG Save Tyk Cloud hybrid configuration home This will open up a page with the data plane configuration details that we need. Save Tyk Cloud hybrid configuration masked details Those details are: You can also click on OPEN DETAILS Tyk Cloud hybrid open for details This will reveal instructions that you can use to connect your hybrid data plane to Tyk Cloud. Tyk Cloud hybrid detailed instructions

Deploy with Docker

Step 1: Clone and configure

  1. Clone the tyk-install repository and navigate to the hybrid directory:

Step 2: Configure the Gateway connection to the control plane

Edit confs/tyk.env and set your MDCB credentials:
To enable API sharding (optional), add to confs/tyk.env:

Step 3: Configure the Pump connection to the control plane

Edit confs/pump.env with the same MDCB credentials:

Step 4: Start services

Wait for all health checks to pass (~30 seconds), then verify the containers are running:
Expected containers:

Step 5: Verify the connection

Expected response:
Then verify in your control plane: Navigate to Deployments > your Control Plane. Your hybrid data plane should appear under Hybrid data planes. Hybrid Data Plane Added

Deploy in Kubernetes with Helm Chart

Prerequisites The following quick start guide explains how to use the Tyk Data Plane Helm chart to configure Tyk Gateway that includes:
  • Redis for key storage
  • Tyk Pump to send analytics to Tyk Cloud and Prometheus
At the end of this quickstart Tyk Gateway should be accessible through service gateway-svc-hybrid-dp-tyk-gateway at port 8080. Pump is also configured with Hybrid Pump which sends aggregated analytics to Tyk Cloud, and Prometheus Pump which expose metrics locally at :9090/metrics. 1. Set connection details Set the below environment variables and replace values with connection details to your Tyk Cloud remote control plane. See the above section on how to get the connection details.
2. Then use Helm to install Redis and Tyk
3. Done! Now Tyk Gateway should be accessible through service gateway-svc-hybrid-dp-tyk-gateway at port 8080. Pump is also configured with Hybrid Pump which sends aggregated analytics to Tyk Cloud, and Prometheus Pump which expose metrics locally at :9090/metrics. For the complete installation guide and configuration options, please see Tyk Data Plane Chart.

Remove hybrid data plane configuration

Please note the action of removing a hybrid data plane configuration cannot be undone.To remove the hybrid data plane configuration, navigate to the page of the hybrid data plane you want to remove and click OPEN DETAILS
Tyk Cloud hybrid open for details Then click on REMOVE DATA PLANE CONFIGS Tyk Cloud hybrid remove configs Confirm the removal by clicking DELETE HYBRID DATA PLANE Tyk Cloud hybrid confirm removal of configs

Tyk Cloud MDCB Supported versions

This section lists the supported MDCB version for hybrid setup

Deploy Legacy Hybrid Gateways

tyk-hybrid chart is deprecated. Please use our Tyk Data Plane helm chart instead.We recommend that all users to migrate to the tyk-data-plane Chart. Please review the Configuration section of the new helm chart and cross-check with your existing configurations while planning for migration.
  1. Add the Tyk official Helm repo tyk-helm to your local Helm repository
The helm charts are also available on ArtifactHub.
  1. Then create a new namespace that will be hosting the Tyk Gateways
  1. Get the default values.yaml for configuration
Before proceeding with installation of the chart we need to set some custom values. First save the full original values.yaml to a local copy:
  1. Configure Tyk Gateway and its connection to Tyk Cloud
You need to modify the following values in your custom values.yaml file:
  • gateway.rpc.apiKey - Tyk Dashboard API Access Credentials of the user created earlier
  • gateway.rpc.rpcKey - Organization ID
  • gateway.rpc.connString - MDCB connection string
  • gateway.rpc.group_id(optional) - if you have multiple data plane (e.g. in different regions), specify the data plane group (string) to which the gateway you are deploying belong. The data planes in the same group share one Redis instance.
  • gateway.sharding.enabled and gateway.sharding.tags(optional) - you can enable sharding to selectively load APIs to specific gateways, using tags. By default, sharding is disabled and the gateway will load all APIs.
  1. Configure the connection to Redis
You can connect the gateway to any Redis instance already deployed (as DBaaS or hosted in your private infrastructure). In case you don’t have a Redis instance yet, here’s how to deploy Redis in Kubernetes using Bitnami Helm charts.
Please make sure you are installing Redis versions that are supported by Tyk. Please refer to Tyk docs to get list of supported versions.
Follow the notes from the installation output to get connection details and password.
You need to modify the following values in your custom values.yaml file:
  • redis.addrs: the name of the Redis instance including the port as set by Bitnami tyk-redis-master.tyk.svc.cluster.local:6379
  • redis.pass: password set in redis ($REDIS_PASSWORD). Alternatively, you can use —set flag to set it during helm installation. For example --set redis.pass=$REDIS_PASSWORD.
  1. Install Hybrid data plane
Install the chart using the configured custom values file:
You should see the prompt:
  1. Check that the installation was successful
The hybrid data planes are not yet visible in Tyk Cloud (coming soon!). Here is how you can check that the deployment was successful. Run this command in your terminal to check that all pods in the tyk namespace are running:
Expected result:
Note: if you are using a Redis instance hosted somewhere else, then no Redis pods will appear here. Run this command in your terminal to check that the services were correctly created:
Expected result:
Note: IP adresses might differ on your system. Finally, from your terminal, send an HTTP call to the /hello endpoint of the gateway gateway-svc-tyk-hybrid: Note: you may need to port forward if you’re testing on a local machine, e.g. kubectl port-forward service/gateway-svc-tyk-hybrid -n tyk 8080:443
Expected result: