SaFi Bank Space : Tyk-API Gateway and Tyk Dashboard

Created by BharathKumar D, last modified by Ondřej Wantula on Nov 04, 2022

Tyk-API Gateway(Open Source -OSS)

  • Tyk is an open-source Enterprise API Gateway, supporting REST, GraphQL, TCP and gRPC protocols.

  • Tyk api gateway - we have deployed tyk-api gateway in our GKE kubernetes cluster using helm chart via ArgoCD(gitops)

Brave-Tyk-APIGW URL: https://api.smallog.tech/

Tyk-Dashboard

  • The Tyk Dashboard is the visual GUI and analytics platform for Tyk. It provides an easy-to-use management interface for managing a Tyk installation as well as clear and granular analytics

  • Tyk dashboard - we have deployed tyk-dashboard in our GKE kubernetes cluster using helm chart via ArgoCD(gitops)

Brave-Tyk-Dashboard URL: https://tyk-dash.tyk.brave.safibank.online/
Stage-Tyk-Dashboard URL: https://tyk-dash.tyk.stage.safibank.online/
Dev-Tyk-Dashboard URL: https://tyk-dash.tyk.dev.safibank.online/

Deployment automation steps for tyk:

Step1:

We are using kustomize with helm charts to deploy redis, mongodb, tyk(both apigw and dashboard) and Cloudflare tunnel(DNS, TLS we are achieving with Cloudflare tunnel) using ArgoCD

tyk_kustomize

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

resources:
- base/redis.yaml
- base/mongodb.yaml
- base/tykapigw.yaml
- base/cloudflare-tunnel.yaml

In ArgoCD we have project called env-dev-tyk as mentioned below. env-dev-tyk

Step2:

Deploy Redis helm chart using ArgoCD - the ArgoCD Application manifest for redis is here redis argocd application

And in the ArgoCD the redis is deployed as shown below as tyk-redis-dev

Step3:

Deploy Mongodb helm chart using ArgoCD - the ArgoCD Application manifest for mongodb is here mongodb argocd application

And in the ArgoCD the mongodb is deployed as shown below as tyk-mongodb-dev

Step4:

Deploy Tyk-API Gateway and Tyk-Dashboard using tyk-pro helm charts tyk-pro helm chart using ArgoCD - the ArgoCD Application manifest for tyk-pro is here tyk-pro

And in the tyk-pro app shown as tyk-apigw-dev in ArgoCD as below.

Step5:

Cloudflare Tunnel

Cloudflare Tunnel exposes applications running on your private GKE cluster with an internet connection without manually adding DNS records or configuring a firewall or router.

https://developers.cloudflare.com/cloudflare-one/tutorials/many-cfd-one-tunnel/

Use cloudflared to expose a Kubernetes app to the Internet

we can use Cloudflare Tunnel to connect applications and servers to Cloudflare’s network. Tunnel relies on a piece of software, cloudflared to create those connections.

The same Tunnel can be run from multiple instances of cloudflared, giving us the ability to run many cloudflared replicas to scale your system when incoming traffic changes.

This architecture allows cloudflared instances to proxy Internet traffic into whichever Kubernetes Service it was configured to.

We have deployed cloudflare-tunnel using custom helm charts cloudflare-tunnel custom helm chart using ArgoCD - the ArgoCD Application manifest for cloudflare-tunnel is here cloudflare-tunnel-argocd-application

And in the cloudflare-tunnel app shown as tyk-apigw-dev in ArgoCD as below.

We can update the ingress to point to different services mentioned here cloudflare-tunnel-ingress

DNS Records updated as CNAME’s for cloudflare tuennel in cloudflare using terraform cloudflare DNS record CNAME

locals {
  cloudflare_domain = local.safi_environments[var.env_name].domain_name
  cloudflare_subdomains = [
    "api",
    "tyk-dash",
  ]
}

data "cloudflare_zone" "safi_domain" {
  name = local.cloudflare_domain
}

resource "cloudflare_argo_tunnel" "safi_domain" {
  account_id = data.cloudflare_zone.safi_domain.account_id
  name       = format("%s", replace(local.cloudflare_domain, ".", "-"))
  secret     = random_password.safi_domain.result
}


resource "cloudflare_record" "safi_domain" {
  for_each = toset(local.cloudflare_subdomains)

  zone_id = data.cloudflare_zone.safi_domain.zone_id
  name    = format("%s", each.key)
  value   = cloudflare_argo_tunnel.safi_domain.cname
  type    = "CNAME"
  proxied = true
}

resource "vault_generic_secret" "safi_domain" {
  path      = format("secret/%s/cloudflare/%s", var.env_name, replace(local.cloudflare_domain, ".", ""))
  data_json = jsonencode(
    {
      "account_id"    = format("%s", data.cloudflare_zone.safi_domain.account_id),
      "tunnel_name"   = format("%s", cloudflare_argo_tunnel.safi_domain.name),
      "tunnel_id"     = format("%s", cloudflare_argo_tunnel.safi_domain.id),
      "tunnel_secret" = format("%s", cloudflare_argo_tunnel.safi_domain.secret)
    }
  )
}

DNS Records are shown below

Attachments:

tyk_apigateway.png (image/png)
tyk_apigateway.png (image/png)
tyk_dashboard.png (image/png)
env-dev-tyk.png (image/png)
image-20220726-035218.png (image/png)
image-20220726-035722.png (image/png)
image-20220726-040546.png (image/png)
image-20220726-043210.png (image/png)
image-20220726-044557.png (image/png)
image-20220726-045308.png (image/png)