├── key-of-my-api ├── my-api ├── redis-deploy.yaml ├── gw-deploy.yaml ├── gw-configmap.yaml └── README.md /key-of-my-api: -------------------------------------------------------------------------------- 1 | { 2 | "quota_max": 60, 3 | "quota_renews": 1406121006, 4 | "quota_renewal_rate": 60, 5 | "allowance": 100, 6 | "rate": 100, 7 | "per": 5, 8 | "org_id": "1", 9 | "access_rights": { 10 | "2": { 11 | "api_id": "2", 12 | "api_name": "my api", 13 | "versions": ["Default"] 14 | } 15 | }, 16 | "meta_data": {} 17 | } 18 | -------------------------------------------------------------------------------- /my-api: -------------------------------------------------------------------------------- 1 | { 2 | "name": "my api", 3 | "slug": "my-api", 4 | "api_id": "2", 5 | "org_id": "1", 6 | "auth": { 7 | "auth_header_name": "Authorization" 8 | }, 9 | "definition": { 10 | "location": "header", 11 | "key": "x-api-version" 12 | }, 13 | "version_data": { 14 | "not_versioned": true, 15 | "versions": { 16 | "Default": { 17 | "name": "Default", 18 | "use_extended_paths": true 19 | } 20 | } 21 | }, 22 | "proxy": { 23 | "listen_path": "/my-api/", 24 | "target_url": "http://httpbin.org/", 25 | "strip_listen_path": true 26 | }, 27 | "active": true 28 | } 29 | -------------------------------------------------------------------------------- /redis-deploy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: redis 5 | labels: 6 | app: redis 7 | spec: 8 | selector: 9 | matchLabels: 10 | app: redis 11 | replicas: 1 12 | template: 13 | metadata: 14 | labels: 15 | app: redis 16 | spec: 17 | containers: 18 | - name: master 19 | image: k8s.gcr.io/redis:e2e 20 | resources: 21 | limits: 22 | memory: 512Mi 23 | cpu: "1" 24 | requests: 25 | memory: 256Mi 26 | cpu: "0.2" 27 | ports: 28 | - containerPort: 6379 29 | --- 30 | apiVersion: v1 31 | kind: Service 32 | metadata: 33 | name: redis 34 | labels: 35 | app: redis 36 | spec: 37 | ports: 38 | - port: 6379 39 | targetPort: 6379 40 | selector: 41 | app: redis 42 | -------------------------------------------------------------------------------- /gw-deploy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: tyk-gtw 5 | labels: 6 | app: tyk-gtw 7 | spec: 8 | replicas: 1 9 | selector: 10 | matchLabels: 11 | app: tyk-gtw 12 | template: 13 | metadata: 14 | labels: 15 | app: tyk-gtw 16 | spec: 17 | containers: 18 | - name: tyk-gtw 19 | image: "tykio/tyk-gateway:v3.1.0" 20 | imagePullPolicy: Always 21 | ports: 22 | - containerPort: 8089 23 | env: 24 | - name: TYK_GW_LISTENPORT 25 | value: "8080" 26 | - name: TYK_GW_SECRET 27 | value: "foo" 28 | - name: TYK_GW_STORAGE_HOST 29 | value: "redis" 30 | - name: TYK_GW_STORAGE_PORT 31 | value: "6379" 32 | - name: TYK_GW_STORAGE_PASSWORD 33 | value: "" 34 | - name: TYK_LOGLEVEL 35 | value: "info" 36 | - name: GODEBUG 37 | value: "netdns=cgo" 38 | volumeMounts: 39 | - name: tyk-gateway-conf 40 | mountPath: /opt/tyk-gateway/tyk.conf 41 | subPath: tyk.conf 42 | resources: 43 | limits: 44 | memory: 512Mi 45 | cpu: "1" 46 | requests: 47 | memory: 256Mi 48 | cpu: "0.2" 49 | volumes: 50 | - name: tyk-gateway-conf 51 | configMap: 52 | name: tyk-gateway-conf 53 | items: 54 | - key: tyk.conf 55 | path: tyk.conf 56 | --- 57 | apiVersion: v1 58 | kind: Service 59 | metadata: 60 | name: tyk-svc 61 | labels: 62 | app: tyk-gtw 63 | spec: 64 | ports: 65 | - port: 8080 66 | targetPort: 8080 67 | selector: 68 | app: tyk-gtw 69 | -------------------------------------------------------------------------------- /gw-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | data: 3 | tyk.conf: | 4 | { 5 | "listen_port": 8080, 6 | "secret": "352d20ee67be67f6340b4c0605b044b7", 7 | "template_path": "/opt/tyk-gateway/templates", 8 | "tyk_js_path": "/opt/tyk-gateway/js/tyk.js", 9 | "middleware_path": "/opt/tyk-gateway/middleware", 10 | "use_db_app_configs": false, 11 | "app_path": "/opt/tyk-gateway/apps/", 12 | "storage": { 13 | "type": "redis", 14 | "host": "tyk-redis", 15 | "port": 6379, 16 | "username": "", 17 | "password": "", 18 | "database": 0, 19 | "optimisation_max_idle": 2000, 20 | "optimisation_max_active": 4000 21 | }, 22 | "enable_analytics": false, 23 | "analytics_config": { 24 | "type": "csv", 25 | "csv_dir": "/tmp", 26 | "mongo_url": "", 27 | "mongo_db_name": "", 28 | "mongo_collection": "", 29 | "purge_delay": -1, 30 | "ignored_ips": [] 31 | }, 32 | "health_check": { 33 | "enable_health_checks": true, 34 | "health_check_value_timeouts": 60 35 | }, 36 | "optimisations_use_async_session_write": true, 37 | "enable_non_transactional_rate_limiter": true, 38 | "enable_sentinel_rate_limiter": false, 39 | "enable_redis_rolling_limiter": false, 40 | "allow_master_keys": false, 41 | "policies": { 42 | "policy_source": "file", 43 | "policy_record_name": "/opt/tyk-gateway/policies/policies.json" 44 | }, 45 | "hash_keys": true, 46 | "close_connections": false, 47 | "http_server_options": { 48 | "enable_websockets": true 49 | }, 50 | "allow_insecure_configs": true, 51 | "coprocess_options": { 52 | "enable_coprocess": true, 53 | "coprocess_grpc_server": "" 54 | }, 55 | "enable_bundle_downloader": true, 56 | "bundle_base_url": "", 57 | "global_session_lifetime": 100, 58 | "force_global_session_lifetime": false, 59 | "max_idle_connections_per_host": 500 60 | } 61 | kind: ConfigMap 62 | metadata: 63 | name: tyk-gateway-conf -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # DEPRECATED 2 | Use https://github.com/TykTechnologies/tyk-k8s-demo instead 3 | 4 | # Tyk OSS Deployment 5 | 6 | This contains deployment files to run a Tyk GW with Redis in a kubernetes cluster. 7 | 8 | 1. Clone this directory: 9 | ``` 10 | $ git clone git@github.com:TykTechnologies/tyk-oss-k8s-deployment.git 11 | ``` 12 | 13 | 2. To install, just run the following command from within the directory: 14 | ``` 15 | $ kubectl apply -f . 16 | configmap/tyk-gateway-conf created 17 | deployment.apps/tyk-gtw created 18 | service/tyk-svc created 19 | deployment.apps/redis created 20 | service/redis created 21 | ``` 22 | 23 | 3. Check logs to ensure its running 24 | 25 | ``` 26 | $ kubectl get pods 27 | NAME READY STATUS RESTARTS AGE 28 | redis-7bb4df7c8c-2565f 1/1 Running 0 36s 29 | tyk-gtw-bb7b74677-k9jx9 1/1 Running 0 36s 30 | 31 | $ kubectl logs tyk-gtw-bb7b74677-k9jx9 32 | 33 | ... 34 | time="Dec 04 19:19:39" level=info msg="API Loaded" api_id=1 api_name="Tyk Test API" org_id=default prefix=gateway server_name=-- user_id=-- user_ip=-- 35 | time="Dec 04 19:19:39" level=info msg="Loading uptime tests..." prefix=host-check-mgr 36 | time="Dec 04 19:19:39" level=info msg="Initialised API Definitions" prefix=main 37 | time="Dec 04 19:19:39" level=info msg="API reload complete" prefix=main 38 | ``` 39 | 40 | 4. To access the gateway run 41 | $ `kubectl port-forward svc/tyk-svc 8080:8080` 42 | 43 | We see that now our Gateway is ready to accept requests. Use the [Gateway REST API](https://tyk.io/docs/tyk-gateway-api/) to create your first API 44 | OR, use the [Tyk-Operator](https://github.com/TykTechnologies/tyk-operator) to declaratively create and manage your API definitions using the kubectl cli. 45 | 46 | ## Tyk REST APIS 47 | 48 | Following please find a few apis to help you getting started quickly 49 | 50 | 1. Create an api 51 | 1. Check the current APIs: 52 | `curl -s -H "x-tyk-authorization: foo" http://localhost:8080/tyk/apis | jq '.[]| { api_id: .api_id, name: .name, listen_path: .proxy.listen_path }'` 53 | 54 | 2. Create a new api 55 | ``` 56 | $ curl -s -H "x-tyk-authorization: foo" http://localhost:8080/tyk/apis/ -d @my-api -X POST | jq . 57 | { 58 | "key": "2", 59 | "status": "ok", 60 | "action": "added" 61 | } 62 | ``` 63 | 64 | 3. If you check the list of APIs again ,you'll see no change. You need to hot reload the gateway so it'll start listening to the new api 65 | ``` 66 | $ curl -s -H "x-tyk-authorization: foo" http://localhost:8080/tyk/reload | jq . 67 | { 68 | "status": "ok", 69 | "message": "" 70 | } 71 | ``` 72 | 73 | 4. Now you can call `/tyk/apis` again and see your new api in the list 74 | 75 | 5. Try to call the api, you'll get 403, continue to step `#2 Create a key` 76 | ``` 77 | $ curl -s http://localhost:8080/my-api/ip 78 | { 79 | "error": "Authorization field missing" 80 | } 81 | ``` 82 | 83 | 2. Create a key 84 | 85 | ``` 86 | $ curl -s -H "x-tyk-authorization: foo" http://localhost:8080/tyk/keys/create -d @key-of-my-api | jq . 87 | { 88 | "key": "", 89 | "status": "ok", 90 | "action": "added", 91 | "key_hash": "889abc9c" 92 | } 93 | ``` 94 | 95 | 3. Try to call the api again, with the new key from step #2 96 | 97 | ``` 98 | $ curl http://localhost:8080/my-api/ip -H "Authorization: " 99 | { 100 | "origin": "127.0.0.1, 90.252.81.14" 101 | } 102 | ``` 103 | 104 | To delete the API run: 105 | ``` 106 | curl -H "x-tyk-authorization: foo" http://localhost:8080/tyk/apis/2 -X DELETE 107 | ``` 108 | 109 | ## Tyk Operator 110 | 111 | If combining with [Tyk Operator]((https://github.com/TykTechnologies/tyk-operator)), you can use the following secret config to have the Tyk Operator control the Tyk Gateway using the K8S DNS name. Follow the install instructions for Tyk Operator if this doesn't make sense. 112 | 113 | ``` 114 | kubectl create secret -n tyk-operator-system generic tyk-operator-conf \ 115 | --from-literal "TYK_AUTH=foo" \ 116 | --from-literal "TYK_ORG=oss" \ 117 | --from-literal "TYK_MODE=oss" \ 118 | --from-literal "TYK_URL=http://tyk-svc.default.svc.cluster.local:8080" 119 | ``` 120 | --------------------------------------------------------------------------------