-
-
Save carlosjgp/24e9695db92b30154365b6de5e260d7c to your computer and use it in GitHub Desktop.
Tyk - Deployment and configuration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ingressShim: | |
defaultIssuerName: letsencript-staging | |
defaultIssuerKind: ClusterIssuer | |
defaultACMEChallengeType: dns01 | |
defaultACMEDNS01ChallengeProvider: route53 | |
extraArgs: | |
- --dns01-recursive-nameservers=8.8.8.8:53,8.8.4.4:53 | |
podAnnotations: | |
iam.amazonaws.com/role: change:this:to:use:a:real:aws:iam:role |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: v1 | |
kind: ConfigMap | |
metadata: | |
name: tyk-dashboard | |
labels: | |
app: tyk | |
component: dashboard | |
data: | |
tyk.conf: |- | |
{ | |
"listen_port": 8080, | |
"tyk_api_config": { | |
"Host": "http://tyk-gateway.tyk.svc.cluster.local", | |
"Port": "8080", | |
"Secret": "[[TYK_TOKEN]]" | |
}, | |
"mongo_url": "mongodb://mongodb-mongodb-replicaset-0.mongodb-mongodb-replicaset.tyk.svc.cluster.local:27017,mongodb-mongodb-replicaset-1.mongodb-mongodb-replicaset.tyk.svc.cluster.local:27017,mongodb-mongodb-replicaset-2.mongodb-mongodb-replicaset.tyk.svc.cluster.local:27017/tyk_analytics?replicaSet=rs0", | |
"license_key": "[[LICENSE_TOKEN]]", | |
"page_size": 10, | |
"admin_secret": "[[TYK_DEV_PORTAL_ADMIN_TOKEN]]", | |
"shared_node_secret": "[[NODE_TOKEN]]", | |
"force_api_defaults": false, | |
"notify_on_change": false, | |
"redis_host": "redis-master.tyk.svc.cluster.local", | |
"redis_port": 6379, | |
"enable_cluster": false, | |
"redis_database": 0, | |
"hash_keys": true, | |
"email_backend": { | |
"enable_email_notifications": false, | |
"code": "", | |
"settings": null, | |
"default_from_email": "", | |
"default_from_name": "" | |
}, | |
"hide_listen_path": false, | |
"use_sentry": false, | |
"enable_master_keys": false, | |
"enable_duplicate_slugs": true, | |
"show_org_id": true, | |
"host_config": { | |
"enable_host_names": true, | |
"disable_org_slug_prefix": true, | |
"hostname": "developer-admin.my-domain.com", | |
"override_hostname": "api.my-domain.com", | |
"portal_domains": {}, | |
"portal_root_path": "", | |
"generate_secure_paths": true, | |
"secure_cookies": true | |
}, | |
"http_server_options": { | |
"use_ssl": false, | |
"certificates": [], | |
"min_version": 0 | |
}, | |
"ui": { | |
"login_page": {}, | |
"nav": { | |
"dont_show_admin_sockets": true, | |
"hide_licenses_section": true | |
}, | |
"uptime": {}, | |
"portal_section": null, | |
"designer": {}, | |
"dont_allow_license_management": true, | |
"dont_allow_license_management_view": true | |
}, | |
"home_dir": "/opt/tyk-dashboard", | |
"identity_broker": { | |
"enabled": false | |
}, | |
"security": { | |
"login_failure_username_limit": 3, | |
"login_failure_ip_limit": 15, | |
"login_failure_expiration": 900, | |
"login_disallow_forward_proxy": false, | |
"audit_log_path": "/tmp/logs/audit.log", | |
"allow_admin_reset_password": false | |
}, | |
"disable_parallel_sessions": true, | |
"tagging_options": { | |
"tag_all_apis_by_org": false | |
}, | |
"use_sharded_analytics": true, | |
"enable_aggregate_lookups": false | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: extensions/v1beta1 | |
kind: Deployment | |
metadata: | |
labels: | |
app: tyk | |
component: dashboard | |
name: tyk-dashboard | |
namespace: tyk | |
spec: | |
minReadySeconds: 30 | |
progressDeadlineSeconds: 600 | |
replicas: 1 | |
revisionHistoryLimit: 3 | |
selector: | |
matchLabels: | |
app: tyk | |
component: dashboard | |
strategy: | |
rollingUpdate: | |
maxSurge: 50% | |
maxUnavailable: 50% | |
type: RollingUpdate | |
template: | |
metadata: | |
labels: | |
app: tyk | |
component: dashboard | |
spec: | |
containers: | |
- command: | |
- /opt/tyk-dashboard/tyk-analytics | |
- --conf=/etc/tyk-dashboard/tyk.conf | |
image: tykio/tyk-dashboard:v1.7.5 | |
imagePullPolicy: IfNotPresent | |
livenessProbe: | |
failureThreshold: 3 | |
initialDelaySeconds: 5 | |
periodSeconds: 5 | |
successThreshold: 1 | |
tcpSocket: | |
port: 8080 | |
timeoutSeconds: 1 | |
name: tyk | |
ports: | |
- containerPort: 8080 | |
protocol: TCP | |
readinessProbe: | |
failureThreshold: 3 | |
httpGet: | |
path: / | |
port: 8080 | |
scheme: HTTP | |
initialDelaySeconds: 10 | |
periodSeconds: 5 | |
successThreshold: 1 | |
timeoutSeconds: 1 | |
volumeMounts: | |
- mountPath: /etc/tyk-dashboard | |
name: dashboard-configuration | |
restartPolicy: Always | |
terminationGracePeriodSeconds: 30 | |
volumes: | |
- name: dashboard-configuration | |
configMap: | |
name: tyk-dashboard |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: extensions/v1beta1 | |
kind: Ingress | |
metadata: | |
annotations: | |
certmanager.k8s.io/cluster-issuer: letsencrypt | |
kubernetes.io/ingress.class: nginx-public | |
kubernetes.io/tls-acme: "true" | |
labels: | |
app: tyk | |
component: dashboard | |
name: tyk-dashboard | |
namespace: tyk | |
spec: | |
rules: | |
- host: developer-admin.my-domain.com | |
http: | |
paths: | |
- backend: | |
serviceName: tyk-dashboard | |
servicePort: http | |
path: / | |
- host: developer.my-domain.com | |
http: | |
paths: | |
- backend: | |
serviceName: tyk-dashboard | |
servicePort: http | |
path: / | |
tls: | |
- hosts: | |
- developer-admin.my-domain.com | |
- developer.my-domain.com | |
secretName: tyk-dashboard-developer-portal-tls |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: v1 | |
kind: Service | |
metadata: | |
labels: | |
app: tyk | |
component: dashboard | |
name: tyk-dashboard | |
namespace: tyk | |
spec: | |
ports: | |
- name: http | |
port: 8080 | |
protocol: TCP | |
targetPort: 8080 | |
selector: | |
app: tyk | |
component: dashboard | |
type: ClusterIP |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
publishInternalServices: true | |
provider: aws | |
aws: | |
region: "xxx" | |
policy: sync | |
logLevel: debug | |
domainFilters: | |
- "my-domain.com" | |
txtOwnerId: "k8s-test" | |
rbac: | |
create: true | |
podAnnotations: | |
iam.amazonaws.com/role: change:this:to:use:a:real:aws:iam:role |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: v1 | |
kind: ConfigMap | |
metadata: | |
name: tyk-gateway | |
labels: | |
app: tyk | |
component: gateway | |
data: | |
tyk.conf: | | |
{ | |
"listen_port": 8080, | |
"secret": "[[TYK_TOKEN]]", | |
"node_secret": "[[NODE_TOKEN]]", | |
"template_path": "/opt/tyk-gateway/templates", | |
"tyk_js_path": "/opt/tyk-gateway/js/tyk.js", | |
"middleware_path": "/opt/tyk-gateway/middleware", | |
"use_db_app_configs": true, | |
"db_app_conf_options": { | |
"connection_string": "http://tyk-dashboard.tyk.svc.cluster.local:8080", | |
"node_is_segmented": true, | |
"tags": [] | |
}, | |
"app_path": "/opt/tyk-gateway/apps/", | |
"storage": { | |
"type": "redis", | |
"enable_cluster": false, | |
"hosts" : { | |
"redis-master.tyk.svc.cluster.local": "6379" | |
}, | |
"username": "", | |
"password": "", | |
"database": 0, | |
"optimisation_max_idle": 2000, | |
"optimisation_max_active": 4000 | |
}, | |
"enable_analytics": true, | |
"analytics_config": { | |
"type": "mongo", | |
"csv_dir": "/tmp", | |
"mongo_url": "mongodb://mongodb-mongodb-replicaset-0.mongodb-mongodb-replicaset.tyk.svc.cluster.local:27017,mongodb-mongodb-replicaset-1.mongodb-mongodb-replicaset.tyk.svc.cluster.local:27017,mongodb-mongodb-replicaset-2.mongodb-mongodb-replicaset.tyk.svc.cluster.local:27017/tyk_analytics?replicaSet=rs0", | |
"mongo_db_name": "", | |
"mongo_collection": "", | |
"purge_delay": -1, | |
"ignored_ips": [] | |
}, | |
"health_check": { | |
"enable_health_checks": true, | |
"health_check_value_timeouts": 60 | |
}, | |
"optimisations_use_async_session_write": true, | |
"enable_non_transactional_rate_limiter": true, | |
"enable_sentinel_rate_limiter": false, | |
"allow_master_keys": false, | |
"policies": { | |
"policy_source": "service", | |
"policy_connection_string": "http://tyk-dashboard.tyk.svc.cluster.local:8080", | |
"policy_record_name": "tyk_policies" | |
}, | |
"hash_keys": true, | |
"close_connections": true, | |
"http_server_options": { | |
"enable_websockets": true | |
}, | |
"allow_insecure_configs": true, | |
"coprocess_options": { | |
"enable_coprocess": false, | |
"coprocess_grpc_server": "" | |
}, | |
"enable_bundle_downloader": true, | |
"bundle_base_url": "", | |
"global_session_lifetime": 100, | |
"force_global_session_lifetime": false, | |
"max_idle_connections_per_host": 500 | |
} | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: extensions/v1beta1 | |
kind: Deployment | |
metadata: | |
labels: | |
app: tyk | |
component: gateway | |
name: tyk-gateway | |
namespace: tyk | |
spec: | |
minReadySeconds: 30 | |
progressDeadlineSeconds: 600 | |
replicas: 1 | |
revisionHistoryLimit: 3 | |
selector: | |
matchLabels: | |
app: tyk | |
component: gateway | |
strategy: | |
rollingUpdate: | |
maxSurge: 50% | |
maxUnavailable: 50% | |
type: RollingUpdate | |
template: | |
metadata: | |
labels: | |
app: tyk | |
component: gateway | |
spec: | |
containers: | |
- command: | |
- /opt/tyk-gateway/tyk | |
- --conf=/etc/tyk-gateway/tyk.conf | |
image: tykio/tyk-gateway:v2.7.6 | |
imagePullPolicy: IfNotPresent | |
livenessProbe: | |
failureThreshold: 3 | |
initialDelaySeconds: 5 | |
periodSeconds: 5 | |
successThreshold: 1 | |
tcpSocket: | |
port: 8080 | |
timeoutSeconds: 1 | |
name: tyk | |
ports: | |
- containerPort: 8080 | |
protocol: TCP | |
readinessProbe: | |
failureThreshold: 3 | |
httpGet: | |
path: /hello | |
port: 8080 | |
scheme: HTTP | |
initialDelaySeconds: 10 | |
periodSeconds: 5 | |
successThreshold: 1 | |
timeoutSeconds: 1 | |
volumeMounts: | |
- mountPath: /etc/tyk-gateway | |
name: gateway-configuration | |
restartPolicy: Always | |
terminationGracePeriodSeconds: 30 | |
volumes: | |
- name: gateway-configuration | |
configMap: | |
name: tyk-gateway |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: extensions/v1beta1 | |
kind: Ingress | |
metadata: | |
annotations: | |
certmanager.k8s.io/cluster-issuer: letsencrypt | |
kubernetes.io/ingress.class: nginx-public | |
kubernetes.io/tls-acme: "true" | |
generation: 1 | |
labels: | |
app: tyk | |
component: gateway | |
name: tyk-gateway | |
namespace: tyk | |
spec: | |
rules: | |
- host: api.my-domain.com | |
http: | |
paths: | |
- backend: | |
serviceName: tyk-gateway | |
servicePort: http | |
path: / | |
tls: | |
- hosts: | |
- api.my-domain.com | |
secretName: tyk-gateway-api-tyk-tls |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: v1 | |
kind: Service | |
metadata: | |
labels: | |
app: tyk | |
component: gateway | |
name: tyk-gateway | |
namespace: tyk | |
spec: | |
ports: | |
- name: http | |
port: 8080 | |
protocol: TCP | |
targetPort: 8080 | |
selector: | |
app: tyk | |
component: gateway | |
type: ClusterIP |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# redis | |
helm upgrade --install --namespace tyk \ | |
--version 6.3.1 redis redis \ | |
--set usePassword=false,cluster.enabled=true,cluster.slaveCount=2,metrics.enabled=true | |
# mongo | |
helm upgrade --install --namespace tyk \ | |
--version 3.9.2 mongodb mongodb-replicaset \ | |
--set replicas=3,metrics.enabled=true,persistentVolume:size=10Gi | |
# Nginx ingress | |
helm upgrade --install --namespace ingress \ | |
--version 1.4.0 nginx-ingress nginx-ingress \ | |
--set-file nginx-ingress.yaml | |
# ExternalDNS | |
helm upgrade --install --namespace kube-system \ | |
--version 1.7.3 external-dns external-dns \ | |
--set-file external-dns.yaml | |
# Cert-manager | |
helm upgrade --install --namespace cert-manager \ | |
--version v0.6.6 cert-manager cert-manager \ | |
--set-file cert-manager.yaml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Allow preservation of the source IP address (required for rate limiting) | |
# Read more about this here https://github.com/kubernetes-incubator/external-dns/issues/456#issuecomment-404229331 | |
controller: | |
ingressClass: nginx-public | |
# server-port 8282 to avoid clash with Kube2IAM running on 8181 (Nginx ingress default) | |
# annotations-prefix to be less tightened to nginx default annotations => "nginx.ingress.kubernetes.io" | |
extraArgs: | |
default-server-port: 8282 | |
annotations-prefix: "ingress.kubernetes.io" | |
# this is required to allow ExternalDNS to work properly | |
# https://github.com/kubernetes/ingress-nginx/issues/2085 | |
# https://github.com/kubernetes-incubator/external-dns/issues/456#issuecomment-404229331 | |
publishService: | |
enabled: true | |
replicaCount: 3 | |
service: | |
annotations: | |
# Enable PROXY protocol | |
service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*" | |
# Ensure the ELB idle timeout is less than nginx keep-alive timeout. By default, | |
# NGINX keep-alive is set to 75s. If using WebSockets, the value will need to be | |
# increased to '3600' to avoid any potential issues. | |
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "60" | |
# Limit access to this LB | |
loadBalancerSourceRanges: | |
- xxxx | |
stats: | |
enabled: true | |
metrics: | |
enabled: true | |
config: | |
use-proxy-protocol: "true" | |
use-gzip: "true" | |
use-geoip: "true" | |
skip-access-log-urls: "/healthz" | |
# This is the default 404/5xx pages shown when ingress controller can't be found | |
defaultBackend: | |
replicaCount: 3 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment