Deploy Tyk OSS using new Helm Chart
New Tyk Helm Charts (Beta)
Tyk is working to provide a new set of helm charts, and will progressively roll them out at tyk-charts. It will provide component charts for all Tyk Components, as well as umbrella charts as reference configurations for open source and self-managed users.
Warning
The new Helm Charts are in beta stage. Breaking changes may be introduced before stable release.
To deploy Tyk OSS using the new helm chart, please use tyk-oss chart.
Tyk Open Source
tyk-oss provides the default deployment of the Tyk Open Source stack. It includes the Tyk Gateway, an open source Enterprise API Gateway, supporting REST, GraphQL, TCP and gRPC protocols; and Tyk Pump, an analytics purger that moves the data generated by your Tyk nodes to any back-end.
Introduction
By default, this chart installs following components as subcharts on a Kubernetes cluster using the Helm package manager.
| Component | Enabled by Default | Flag |
|---|---|---|
| Tyk Gateway | true | n/a |
| Tyk Pump | false | global.components.pump |
To enable or disable each component, change the corresponding enabled flag.
Also, you can set the version of each component through image.tag. You could find the list of version tags available from Docker hub.
Prerequisites
- Kuberentes 1.19+
- Helm 3+
- Redis should already be installed or accessible by the gateway. For Redis installation instruction, please see https://tyk.io/docs/tyk-oss/ce-helm-chart/#recommended-via-bitnami-chart.
Installing the Chart
To install the chart from the Helm repository in namespace tyk with the release name tyk-oss:
helm repo add tyk-helm https://helm.tyk.io/public/helm/charts/
helm repo update
helm show values tyk-helm/tyk-oss > values-oss.yaml --devel
If you use the bitnami chart for Redis installation, the DNS name of your Redis as set by Bitnami is tyk-redis-master.tyk.svc.cluster.local:6379 You can update them in your local values-oss.yaml file under global.redis.addr and global.redis.pass. Alternatively, you can use --set flag to set it in Tyk installation. For example --set global.redis.pass=$REDIS_PASSWORD
helm install tyk-oss tyk-helm/tyk-oss -n tyk --create-namespace -f values-oss.yaml --devel
Uninstalling the Chart
helm uninstall tyk-oss -n tyk
This removes all the Kubernetes components associated with the chart and deletes the release.
Upgrading Chart
helm upgrade tyk-oss tyk-helm/tyk-oss -n tyk --devel
Note: Upgrading from tyk-headless chart
If you were using tyk-headless chart for existing release, you cannot upgrade directly. Please modify the values.yaml base on your requirements and install using the new tyk-oss chart.
Configuration
To get all configurable options with detailed comments:
helm show values tyk-helm/tyk-oss > values.yaml --devel
You can update any value in your local values.yaml file and use -f [filename] flag to override default values during installation.
Alternatively, you can use --set flag to set it in Tyk installation.
Set Redis Connection Details (Required)
Tyk uses Redis for distributed rate-limiting and token storage. You may set global.redis.addr and global.redis.pass with Redis connection
string and password respectively.
If you do not already have Redis installed, you may use these charts provided by Bitnami
helm repo add bitnami https://charts.bitnami.com/bitnami
helm install tyk-redis bitnami/redis -n tyk --create-namespace
Follow the notes from the installation output to get connection details and password. The DNS name of your Redis as set by Bitnami is
tyk-redis-master.tyk.svc.cluster.local:6379 (Tyk needs the name including the port)
Gateway Configurations
Configure below inside tyk-gateway section.
Enabling TLS
We have provided an easy way of enabling TLS via the gateway.tls.enabled flag. Setting this value to true will
automatically enable TLS using the certificate provided under tyk-gateway/certs/cert.pem.
If you want to use your own key/cert pair, you must follow the following steps:
- Create a tls secret using your cert and key pair.
- Set
.Values.tyk-gateway.tls.enabledto true. - Set
.Values.tyk-gateway.tls.useDefaultTykCertificateto false. - Set
.Values.tyk-gateway.tls.secretNameto the name of the newly created secret.
Pump Configurations
To enable Pump, set global.components.pump to true, and configure below inside tyk-pump section.
| Pump | Configuration |
|---|---|
| Prometheus Pump (Default) | Add prometheus to pump.backend, and add connection details for prometheus under pump.prometheusPump. |
| Mongo Pump | Add mongo to pump.backend, and add connection details for mongo under .global.mongo. |
| SQL Pump | Add postgres to pump.backend, and add connection details for postgres under .global.postgres. |
| Uptime Pump | Set pump.uptimePumpBackend to 'mongo' or 'postgres' or '' |
| Other Pumps | Add the required environment variables in pump.extraEnvs |
Prometheus Pump
Add prometheus to pump.backend, and add connection details for prometheus under pump.prometheusPump.
We also support monitoring using Prometheus Operator. All you have to do is set pump.prometheusPump.prometheusOperator.enabled to true.
This will create a PodMonitor resource for your Pump instance.
Mongo Pump
If you are using the MongoDB pumps in the tyk-oss installation you will require MongoDB installed for that as well.
To install Mongo you can use these rather excellent charts provided by Bitnami:
helm install tyk-mongo bitnami/mongodb --version {HELM_CHART_VERSION} --set "replicaSet.enabled=true" -n tyk
(follow notes from the installation output to get connection details and update them in values.yaml file)
NOTE: Here is list of supported MongoDB versions. Please make sure you are installing mongo helm chart that matches these version.
Important Note regarding MongoDB: This helm chart enables the PodDisruptionBudget for MongoDB with an arbiter replica-count of 1. If you intend to perform system maintenance on the node where the MongoDB pod is running and this maintenance requires for the node to be drained, this action will be prevented due the replica count being 1. Increase the replica count in the helm chart deployment to a minimum of 2 to remedy this issue.
Add following under the global section in values.yaml:
# Set mongo connection details if you want to configure mongo pump.
mongo:
# The mongoURL value will allow you to set your MongoDB address.
# Default value: mongodb://mongo.{{ .Release.Namespace }}.svc.cluster.local:27017/tyk_analytics
# mongoURL: mongodb://mongo.tyk.svc.cluster.local:27017/tyk_analytics
# If your MongoDB has a password you can add the username and password to the url
# mongoURL: mongodb://root:pass@tyk-mongo-mongodb.tyk.svc.cluster.local:27017/tyk_analytics?authSource=admin
mongoURL: <MongoDB address>
# Enables SSL for MongoDB connection. MongoDB instance will have to support that.
# Default value: false
# useSSL: false
SQL Pump
If you are using the SQL pumps in the tyk-oss installation you will require PostgreSQL installed for that as well.
To install PostgreSQL you can use these rather excellent charts provided by Bitnami:
helm install tyk-postgres bitnami/postgresql --set "auth.database=tyk_analytics" -n tyk
(follow notes from the installation output to get connection details and update them in values.yaml file)
Add following under the global section in values.yaml:
# Set postgres connection details if you want to configure postgres pump.
# Postgres connection string parameters.
postgres:
host: tyk-postgres-postgresql.tyk.svc.cluster.local
port: 5432
user: postgres
password:
database: tyk_analytics
sslmode: disable
Uptime Pump
Uptime Pump can be configured by setting pump.uptimePumpBackend in values.yaml file. It support the following values
- mongo: Used to set mongo pump for uptime analytics. Mongo Pump should be enabled.
- postgres: Used to set postgres pump for uptime analytics. Postgres Pump should be enabled.
- empty: Used to disable uptime analytics.
Other Pumps
To setup other backends for pump, refer to this document and add the required environment variables in pump.extraEnvs