Tyk Charts 1.4 Release Notes

Open Source (Mozilla Public License)

This page contains all release notes for version 1.4.X displayed in a reverse chronological order

Support Lifetime

Our minor releases are supported until our next minor comes out.

1.4.0 Release Notes

Release Date – 6 May 2024

Breaking Changes

This release has no breaking changes.

3rd Party Dependencies & Tools

Given the time difference between your upgrade and the release of this version, we recommend customers verify the ongoing support of third-party dependencies they install, as their status may have changed since the release.

Deprecations

• In the tyk-dashboard chart, the dashboard.hashKeys field is deprecated and has been replaced with .global.hashKeys. This is to ensure Dashboard, Gateway, and MDCB always get the same hashKeys configurations. Setting dashboard.hashKeys will no longer take effect. Please only use .global.hashKeys field.

Upgrade instructions

For users currently on v1.3.x, we strongly recommend promptly upgrading to the latest release.

You can use helm upgrade to upgrade your release

helm repo add tyk-helm https://helm.tyk.io/public/helm/charts/
helm repo update

helm upgrade [RELEASE_NAME] tyk-helm/[CHART_NAME]

Release Highlights

General availability release of tyk-control-plane chart and tyk-mdcb chart

We’re pleased to announce the official release of the Tyk Helm Charts for Tyk Control Plane and MDCB! Following a successful beta phase, these charts are now stable and ready for production use.

With this release, we aim to provide a straightforward solution for deploying and managing Tyk Control Plane and Multi-Data Center Bridge (MDCB) using Helm Charts. Whether you’re looking for our recommended setup configurations or need flexibility to adapt to your architectural requirements, our Helm Charts have you covered.

To leverage this stable release and simplify your Tyk deployments, we invite you to explore our example setup for MDCB Control Plane using Helm Chart. Simply follow our MDCB Control Plane setup guide to get started.

Updated default Tyk versions

Tyk Charts 1.4 will install the following Tyk component versions by default.

• Tyk Gateway v5.3.1
• Tyk Dashboard v5.3.1
• Tyk Pump v1.9.0
• Tyk MDCB v2.5.1
• Tyk Developer Portal v1.8.5

For a comprehensive list of changes, please refer to the detailed changelog below.

Downloads

• Source code
• ArtifactHub - tyk-stack
• ArtifactHub - tyk-control-plane
• ArtifactHub - tyk-data-plane
• ArtifactHub - tyk-oss

Changelog

Added

• OSS: Simplify Tyk Operator setup with Kubernetes Secret creation

  When you set operatorSecret.enabled to true in the tyk-oss chart, a Kubernetes Secret named tyk-operator-conf will be automatically created in the same namespace. This secret is essential for connecting Tyk Operator to the Gateway, enabling seamless management of Tyk API resources. To learn more about setting up Tyk Operator, check out Tyk Operator installation.

• MDCB: Enhanced analytics configuration options

  We have introduced new configuration options for handling analytics data flow in MDCB deployments. By default, MDCB stores aggregated analytics data from the data plane pump to SQL/Mongo. Additionally, users have the flexibility to enable Pump in the control plane, allowing MDCB to send analytics to Redis instead.

  Here are the default configurations:

  mdcb:
    # When it is set to true, instead of sending analytics directly to MongoDB / SQL,
    # MDCB can send analytics to Redis. This will allow tyk-pump to pull
    # analytics from Redis and send to your own data sinks.
    # It is used to set TYK_MDCB_FORWARDANALYTICSTOPUMP
    forwardAnalyticsToPump: false
  
    # This enables saving analytics in multiple keys as oppose to just having one.
    # It is useful when using a Redis cluster.
    # It also only works when TYK_MDCB_FORWARDANALYTICSTOPUMP is set to true.
    enableMultipleAnalyticsKey: true
  
    # This should be set to true if you choose not to store selective analytics
    dontStoreSelective: false
  
    # This should be set to true if you choose not to store aggregate analytics
    dontStoreAggregate: false
  
    # If set to true then it will not store analytics for tags having prefix specified in the list.
    # NB: Prefix “key-” is added in the list by default. This tag is added by gateway for keys.
    ignoreTagPrefixList: []
  
    # If enabled, it will store analytics for all the endpoints, irrespective of Track Endpoint plugin.
    trackAllPaths: false
  
    # If enabled, aggregate data will be generated per minute.
    storeAnalyticsPerMinute: false   
  

• Tyk Control Plane: Added option to enable Dashboard hybrid organization

  We've added a convenient option to enable dashboard hybrid organization during bootstrapping. This eliminates the manual step of calling the Dashboard Admin API post-deployment to enable hybrid organization, which is essential for MDCB deployment.
• Enhanced security with customizable Pod or Container security context

  To harden security, we have made security context of all Pods and Containers customizable. Also, we have set `runAsNonRoot: true` in all Pod's `securityContext`. This prevents the Pods from running as root users, ensuring compatibility with the [*Restricted* Pod Security Policy](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted).
• Gateway: Allow Gateway to be updated if secret value is updated

  We've introduced an annotation with a checksum of the secret as a value, triggering a deployment change when the secret is updated. This ensures that pods are replaced promptly, immediately utilizing the new values from the secret. This logic applies if `global.secrets.useSecretName` is not set, as the secret is then not part of the chart.
• Customizable Pod Labels Across All Components

  Now, you have the flexibility to customize Pod labels in all component charts. Simply populate the `podLabels` field with your desired content, and it will be added as pod labels.
• Portal: Customizable Pod annotations in tyk-dev-portal

  We've added a `podAnnotations` field to the `tyk-dev-portal` chart, allowing you to customize pod annotations. Fill in the `podAnnotations` field with your specific content, and it will be added as pod annotations.

Changed

• Gateway/Pump: Removed the command in Gateway and Pump pod templates

  We've removed unnecessary commands from the Gateway and Pump pod templates, allowing for the utilization of entrypoint scripts.
• Dashboard: Allow arbitary image tags in tyk-dashboard

  Now, you can use arbitrary image tags, including non-Semantic Versioning tags like `latest` for Dashboard. We've bypassed version checking in the Dashboard Deployment template to accommodate this flexibility.
• Dashboard: Classic portal bootstrapping disabled by default

  To avoid confusion with the latest Developer Portal, Classic Portal bootstrapping is now disabled by default in the Dashboard. If you wish to utilize the Classic Portal, simply enable it by setting `tyk-bootstrap.bootstrap.portal` to `true` in either the Tyk Stack or Tyk Control Plane chart.
• Dashboard: Deprecation of `hashKeys` field

  The `dashboard.hashKeys` field is now deprecated. Instead, users should utilize the `global.hashKeys` field to set key hashing. This ensures configuration alignment across Gateway, Dashboard, and MDCB components.

Fixed

• Global: Redis TLS version specification

  We've corrected a typo in the values.yaml file within the "global.redis" section. The fields `sslMinVersion` and `sslMaxVersion` have been updated to `tlsMinVersion` and `tlsMaxVersion`, respectively. This ensures accurate specification of the Redis TLS version for enhanced security.

Further Information

Upgrading Tyk

Please refer to the upgrading Tyk page for further guidance on the upgrade strategy.

FAQ

Please visit our Developer Support page for further information relating to reporting bugs, upgrading Tyk, technical support and how to contribute.