Tyk-API Gateway(Open Source -OSS)
Tyk is an open-source Enterprise API Gateway, supporting REST, GraphQL, TCP and gRPC protocols.
Tyk api gateway - we have deployed tyk-api gateway in our GKE kubernetes cluster using helm chart via ArgoCD(gitops)
Brave-Tyk-APIGW URL: https://api.smallog.tech/
Tyk-Dashboard
The Tyk Dashboard is the visual GUI and analytics platform for Tyk. It provides an easy-to-use management interface for managing a Tyk installation as well as clear and granular analytics
Tyk dashboard - we have deployed tyk-dashboard in our GKE kubernetes cluster using helm chart via ArgoCD(gitops)
Brave-Tyk-Dashboard URL: https://tyk-dash.tyk.brave.safibank.online/
Stage-Tyk-Dashboard URL: https://tyk-dash.tyk.stage.safibank.online/
Dev-Tyk-Dashboard URL: https://tyk-dash.tyk.dev.safibank.online/
Deployment automation steps for tyk:
Step1:
We are using kustomize with helm charts to deploy redis, mongodb, tyk(both apigw and dashboard) and Cloudflare tunnel(DNS, TLS we are achieving with Cloudflare tunnel) using ArgoCD
apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - base/redis.yaml - base/mongodb.yaml - base/tykapigw.yaml - base/cloudflare-tunnel.yaml
In ArgoCD we have project called env-dev-tyk
as mentioned below. env-dev-tyk
Step2:
Deploy Redis helm chart using ArgoCD - the ArgoCD Application manifest for redis is here redis argocd application
And in the ArgoCD the redis is deployed as shown below as tyk-redis-dev
Step3:
Deploy Mongodb helm chart using ArgoCD - the ArgoCD Application manifest for mongodb is here mongodb argocd application
And in the ArgoCD the mongodb is deployed as shown below as tyk-mongodb-dev
Step4:
Deploy Tyk-API Gateway and Tyk-Dashboard using tyk-pro helm charts tyk-pro helm chart using ArgoCD - the ArgoCD Application manifest for tyk-pro
is here tyk-pro
And in the tyk-pro
app shown as tyk-apigw-dev
in ArgoCD as below.
Step5:
Cloudflare Tunnel
Cloudflare Tunnel exposes applications running on your private GKE cluster with an internet connection without manually adding DNS records or configuring a firewall or router.
Use cloudflared
to expose a Kubernetes app to the Internet
we can use Cloudflare Tunnel to connect applications and servers to Cloudflare’s network. Tunnel relies on a piece of software, cloudflared to create those connections.
The same Tunnel can be run from multiple instances of cloudflared
, giving us the ability to run many cloudflared
replicas to scale your system when incoming traffic changes.
This architecture allows cloudflared
instances to proxy Internet traffic into whichever Kubernetes Service it was configured to.
…
We have deployed cloudflare-tunnel using custom helm charts cloudflare-tunnel custom helm chart using ArgoCD - the ArgoCD Application manifest for cloudflare-tunnel
is here cloudflare-tunnel-argocd-application
And in the cloudflare-tunnel
app shown as tyk-apigw-dev
in ArgoCD as below.
We can update the ingress to point to different services mentioned here cloudflare-tunnel-ingress
DNS Records updated as CNAME’s for cloudflare tuennel in cloudflare using terraform cloudflare DNS record CNAME
locals { cloudflare_domain = local.safi_environments[var.env_name].domain_name cloudflare_subdomains = [ "api", "tyk-dash", ] } data "cloudflare_zone" "safi_domain" { name = local.cloudflare_domain } resource "cloudflare_argo_tunnel" "safi_domain" { account_id = data.cloudflare_zone.safi_domain.account_id name = format("%s", replace(local.cloudflare_domain, ".", "-")) secret = random_password.safi_domain.result } resource "cloudflare_record" "safi_domain" { for_each = toset(local.cloudflare_subdomains) zone_id = data.cloudflare_zone.safi_domain.zone_id name = format("%s", each.key) value = cloudflare_argo_tunnel.safi_domain.cname type = "CNAME" proxied = true } resource "vault_generic_secret" "safi_domain" { path = format("secret/%s/cloudflare/%s", var.env_name, replace(local.cloudflare_domain, ".", "")) data_json = jsonencode( { "account_id" = format("%s", data.cloudflare_zone.safi_domain.account_id), "tunnel_name" = format("%s", cloudflare_argo_tunnel.safi_domain.name), "tunnel_id" = format("%s", cloudflare_argo_tunnel.safi_domain.id), "tunnel_secret" = format("%s", cloudflare_argo_tunnel.safi_domain.secret) } ) }
DNS Records are shown below
Attachments:
tyk_apigateway.png (image/png)
tyk_dashboard.png (image/png)
env-dev-tyk.png (image/png)
image-20220726-035218.png (image/png)
image-20220726-035722.png (image/png)
image-20220726-040546.png (image/png)
image-20220726-043210.png (image/png)
image-20220726-044557.png (image/png)
image-20220726-045308.png (image/png)