Releases: TykTechnologies/tyk-charts
Tyk Charts v2.2.0
What's Changed
- [TT-13326] - Adds sidecars by @vanny96 in #336
- [TT-13210] Add log level and format vars by @LLe27 in #333
- TT-13449 Fixed template name of opentelemetry caFilePath by @dklenke in #344
- [TT-11247] Adds customization for liveness and readiness probes by @vanny96 in #346
- TT-13448 Adds capability to customize HPA behavior by @vanny96 in #348
- [TT-13461] - Fix mdcb service by @zalbiraw in #352
- TT-13082 - Add Tyk Streams support by @buraksekili in #353
- Set tyk operator license key in OSS chart by @komalsukhani in #359
- [TT-13082] cont'd: enable streaming by default by @buraksekili in #360
- [TT-13445] Add opa support by @zalbiraw in #350
- Add support of audit logs configurations by @komalsukhani in #356
- Update component versions by @komalsukhani in #354
- Update Tyk Operator CRD for version operator-release-v1.1.0 by @Tyk-ITS in #368
New Contributors
- @vanny96 made their first contribution in #336
- @LLe27 made their first contribution in #333
- @dklenke made their first contribution in #344
Full Changelog: v2.1.0...v2.2.0
v2.1.0
What's Changed
- TT-12922: update helm chart component version by @olamilekan000 in #317
- Update Tyk Operator CRD for version operator-release-v0.18.8-rc-test by @Tyk-ITS in #334
- Update Tyk Operator CRD for version operator-release-v1.0.0 by @Tyk-ITS in #338
- (release): version to v2.1.0 by @buraksekili in #339
New Contributors
Full Changelog: v2.0.0...v2.1.0
Tyk Charts v2.0.0
What's Changed
- [TT-12848] Add optional extraVolumes and extraVolumeMounts to bootstrap jobs by @nbentfeld in #316
- [TT-13080], added support for path prefix/suffix matching env vars by @andrei-tyk in #319
New Contributors
- @nbentfeld made their first contribution in #316
v1.6.0
What's Changed
- Update k8s version matrix by @komalsukhani in #308
- [TT-12508] Fix dev portal ingress issue by @komalsukhani in #307
- [TT-12685] Update component version by @komalsukhani in #310
- TT-11537 added new MDCB config option healthcheck.cache_renewal_period by @sredxny in #306
Full Changelog: v1.5.0...v1.6.0
v1.5.0
What's Changed
- [TT-9514] Add tyk-operator chart as a dependency by @buraksekili in #278
- Update mongo chart version by @komalsukhani in #293
- TT-11532 added config option for the http server in mdcb 2.5.1 by @sredxny in #284
- TT-11532 deprecated healthcheck port and now use http port. MDCB 2.6 by @sredxny in #286
- Add init containers resources param by @gilankpam in #294
- [TT-12125] Add fixed window rate limiter vars by @titpetric in #292
- TT-12112 Add the value annotations to tyk-stack and component helm charts by @mgnisia in #291
- [TT-12321] Fix MDCB HealthCheck Port settings by @komalsukhani in #299
- (update): upgrade tyk-k8s-bootstrap version to 2.1.2 by @buraksekili in #303
- TT-12202: bootstrap portal using api by @olamilekan000 in #301
- [TT-12407] MDCB improvements by @komalsukhani in #302
- [TT-11730] Fixed mongo analytics settings by @komalsukhani in #296
- [TT-12294] Remove check for v3 from gateway probes by @komalsukhani in #297
- [TT-12320] Update component versions by @komalsukhani in #298
- [TT-12126] Release to 1.5.0 - Prepare artifacts for 1.5.0 helm release by @buraksekili in #305
New Contributors
- @sredxny made their first contribution in #284
- @gilankpam made their first contribution in #294
- @mgnisia made their first contribution in #291
Full Changelog: v1.4.0...v1.5.0
Tyk Charts v1.4.0
Release Highlights
General availability release of tyk-control-plane chart and tyk-mdcb chart
We’re pleased to announce the official release of the Tyk Helm Charts for Tyk Control Plane and MDCB! Following a successful beta phase, these charts are now stable and ready for production use.
With this release, we aim to provide a straightforward solution for deploying and managing Tyk Control Plane and Multi-Data Center Bridge (MDCB) using Helm Charts. Whether you’re looking for our recommended setup configurations or need flexibility to adapt to your architectural requirements, our Helm Charts have you covered.
To leverage this stable release and simplify your Tyk deployments, we invite you to explore our example setup for MDCB Control Plane using Helm Chart. Simply follow our MDCB Control Plane setup guide to get started.
Updated default Tyk versions
Tyk Charts 1.4 will install the following Tyk component versions by default.
Tyk Gateway v5.3.1
Tyk Dashboard v5.3.1
Tyk Pump v1.9.0
Tyk MDCB v2.5.1
Tyk Developer Portal v1.8.5
Changelog
Added
- OSS: Simplify Tyk Operator setup with Kubernetes Secret creation
- MDCB: Enhanced analytics configuration options
- Tyk Control Plane: Added option to enable Dashboard hybrid organisation
- Enhanced security with customisable Pod or Container security context
- Gateway: Allow Gateway to be updated if secret value is updated
- Customizable Pod Labels Across All Components
- Portal: Customizable Pod annotations in tyk-dev-portal
Changed
- Gateway/Pump: Removed the command in Gateway and Pump pod templates
- Dashboard: Allow arbitary image tags in tyk-dashboard
- Dashboard: Classic portal bootstrapping disabled by default
- Dashboard: Deprecation of
hashKeys
field
Fixed
- Global: Redis TLS version specification
tyk-stack 1.0.0, tyk-oss 1.2.0, tyk-data-plane 1.1.0, tyk-gateway 1.2.0, tyk-pump 1.2.0, tyk-dashboard 1.0.0, tyk-dev-portal 1.0.0, tyk-bootstrap 1.0.0
Open Source (Mozilla Public License)
Support Lifetime
Our minor releases are supported until our next minor comes out.
Release Date 7 Dec 2023
Breaking Changes
- Updated the default service type of Gateway, Dashboard, Developer Portal, and Pump from NodePort to ClusterIP for better security. You can configure external access to a service with your desired method like changing service type to NodePort, LoadBalancer or configuring Ingress.
- Removed
global.components.dashboard
flag as it was misleading. Adapted gateway to use a gateway-specific flaggateway.useDashboardAppConfig
. Setgateway.useDashboardAppConfig
to true if gateway should connect to Dashboard for app configurations.
Deprecations
There are no deprecations in this release.
Upgrade instructions
You can use helm upgrade
to upgrade your release
helm upgrade [RELEASE_NAME] tyk-helm/tyk-oss
Release Highlights
This version upgrades Tyk Gateway and Tyk Dashboard to v5.2.3 and Tyk Portal to 1.8.0.
Stable release of Tyk Stack, Tyk Dashboard, Tyk Developer Portal and bootstrapping 🎉
tyk-stack
provides the default deployment of Tyk Self Managed on a cluster. It will deploy all required Tyk components with the settings provided in the values.yaml file.
Components charts for Tyk Dashboard, Tyk Developer Portal are also available if you want to manage deployment of Dashboard and Developer portal independently.
Please visit Tyk Docs for installation instructions.
New Gateway parameters
This version enhances Gateway charts by introducing configurations for OpenTelemetry. Their usage can be found in values.yaml:
# opentelemetry is used to configure opentelemetry for Tyk Gateway
opentelemetry:
# Used to enable/disable opentelemetry
enabled: false
# exporter is used to define the type of the exporter to sending data in OTLP protocol
# Valid values are "grpc" or "http"
exporter: grpc
# endpoint defines OpenTelemetry collector endpoint to connect to.
endpoint: localhost:4317
# A map of headers that will be sent with HTTP requests to the collector.
# It should be set to map of string to string
headers: {}
# Timeout for establishing a connection to the collector
connectionTimeout: 1
# Name of the resource that will be used to identify the resource.
resourceName: tyk
# Type of the span processor to use. Valid values are “simple” or “batch”.
spanProcessorType: batch
# Type of the context propagator to use. Valid values are "tracecontext" and "b3".
contextPropagation: tracecontext
# TLS configuration for the exporter.
tls:
# Flag that can be used to enable TLS
enabled: false
# Flag that can be used to skip TLS verification if TLS is enabled
insecureSkipVerify: true
# Maximum TLS version that is supported.
maxVersion: 1.3
# Minimum TLS version that is supported
minVersion: 1.2
# Path to the cert file
certFileName: ""
# Path to the key file
keyFileName: ""
# Path to CA file
caFileName: ""
# Existing secret that stores TLS and CA Certificate
certificateSecretName: ""
# Mount path on which certificate secret should be mounted
secretMountPath: ""
sampling:
# Refers to the policy used by OpenTelemetry to determine whether a particular trace should be sampled or not.
type: "AlwaysOn"
# Parameter for the TraceIDRatioBased sampler type and represents the percentage of traces to be sampled.
rate: 0.5
# Rule that ensures that if we decide to record data for a particular operation, we’ll also record data for
# all the subsequent work that operation causes
parentBased: false
Compatibility Notes
This release is tested on Kubernetes 1.26.3, 1.25.2, 1.24.6, 1.23.12, 1.22.15, 1.21.14, 1.20.15, Tyk Gateway v5.2.3, Tyk Dashboard v5.2.3, Tyk Pump v1.8.3, and Tyk Portal v1.8.0.
tyk-bootstrap-1.0.0 |
tyk-dashboard-1.0.0 |
tyk-data-plane-1.1.0 |
tyk-dev-portal-1.0.0 |
tyk-gateway-1.2.0 |
tyk-oss-1.2.0 |
tyk-pump-1.2.0 |
tyk-stack-1.0.0
tyk-bootstrap-1.0.0
Changelog
Added
- Added a field
global.components.bootstrap
to enable or disable bootstrapping. - Added
extraEnvs
to support setting environment variables for jobs.
Changed
- Bootstrapping Job does not fail if there is existing ORG found in dashboard storage. If the database has been bootstrapped already, the job will proceed with creating secret with Operator and Developer Portal.
- Renamed environment variable names to be consistent with
envconfig
naming convention. The list of supported environment variables are documented at tyk-k8s-bootstrap. - Remove .cluster.local from service URL to allow for named cluster support.
Removed
- Removed annotation
[sidecar.istio.io/inject:](http://sidecar.istio.io/inject:) “false”
from postInstall and preDelete jobs. If Tyk is deployed inside Istio service mesh, you can configure the required annotation for all jobs using values.yaml file. - Removed unused fields from tyk-bootstrap chart values.yaml:
global.servicePorts
andglobal.components
,global.tls.gateway
.
tyk-dashboard-1.0.0
Changelog
Added
- Added Ingress configuration for dashboard and classic portal.
- In
tyk-dashboard
, a new field (dashboard.tykApiHost
) allows configuring a custom service name for Tyk Gateway.
Fixed
- Fixed gateway connection string at environment variable TYK_DB_TYKAPI_HOST and TYK_DB_TYKAPI_PORT.
- Aligned the value of
dashboard.overrideHostname
withgwHostName
yaml anchor. - Fixed setting TYK_DB_ENABLEAGGREGATELOOKUPS via
dashboard.enableAggregateLookups
. - Fixed the issue that Dashboard version <= 5.0.2 failed to start because of missing configuration file (tyk_analytics.conf). In order to fix that, if the dashboard version is <= v5.0.2, it runs init-container to create empty tyk_analytics.conf file.
Changed
- Updated Dashboard default image tag to v5.2.3.
- Updated default value for PostgreSQL sslmode (
global.postgres.sslmode
) from empty todisable
.
- Updated default service type of Dashboard service from NodePort to ClusterIP.
- Removed
.cluster.local
from service URL to allow for named cluster support.
Removed
- Removed annotation
traffic.sidecar.istio.io/excludeInboundPorts
andtraffic.sidecar.istio.io/includeInboundPorts
. If Tyk is deployed inside Istio service mesh, you can configure the required annotation using values.yaml file. - Removed support for
dashboard.enableIstioIngress
field in values.yaml.
tyk-data-plane-1.1.0
Breaking Changes
- Updated the default service type of Gateway and Pump service from NodePort to ClusterIP for better security. You can configure external access to a service with your desired method like changing service type to NodePort, LoadBalancer, or configuring Ingress.
Changelog
Added
- Added OpenTelemetry support under
tyk-gateway.gateway.opentelemetry
.
Updated
- Updated Gateway default image tag to v5.2.3.
- Updated the default service type of Gateway and Pump service from NodePort to ClusterIP. You can configure external access to a service with your desired method like changing service type to NodePort, LoadBalancer, or configuring Ingress.
- Removed
.cluster.local
from service URL to allow for named cluster support.
tyk-dev-portal-1.0.0
Changelog
Updated
- Updated Developer Portal default image tag to v1.8.0.
- Updated the default service type of Gateway and Pump service from NodePort to ClusterIP for better security. You can configure external access to a service with your desired method like changing service type to NodePort, LoadBalancer, or configuring Ingress.
- Updated default storage type in values.yaml from
fs
todb
. The new default option does not require additional configuration to work. - Updated liveliness probe from
/
to/live
and readiness probe from/
to/ready
. - Moved the database related variables in the values.yaml outside the section related to the storage of the assets inside enterprise portal. This reduces confusion, facilitating database configuration.
- Updated setting Dashboard URL in Portal using service discovery.
- User can provide developer portal configurations via secret
useSecretName
instead ofglobal.secrets.useSecretName
. This is to make it easier to manage portal and dashboard configuration separately.
Removed
- Removed field
global.bootstrap.devPortal
. You can now set bothglobal.components.bootstrap
andtyk-bootstrap.bootstrap.devPortal
to true to enable portal bootstrapping.
tyk-gateway-1.2.0
Breaking Changes
- Updated the default service type of Gateway service from NodePort to ClusterIP. You can configure external access to service with your desired method like changing service type to NodePort, LoadBalancer, or configuring Ingress.
Changelog
Added
- Added OpenTelemetry support under
gateway.opentelemetry
. - In
tyk-gateway
, new fields (`dashboardConnection...
Tyk Charts 1.1.0
Open Source (Mozilla Public License)
Support Lifetime
Our minor releases are supported until our next minor comes out.
Release Date 30 Oct 2023
Breaking Changes
tyk-mdcb-data-plane
chart is renamed totyk-data-plane
. This change is part of the terminology alignment initiatives where Tyk is standardising how we refer to the components. If you have previously usedtyk-mdcb-data-plane
, please delete the release and reinstall usingtyk-data-plane
. Please refer to change log below for enhancements and fixes that are added to the new chart.tyk-enterprise-portal
chart is renamed totyk-dev-portal
. This change is part of the terminology alignment initiatives where Tyk is standardising how we refer to the components. If you have previously usedtyk-enterprise-portal
, please delete the release and reinstall usingtyk-dev-portal
. Please refer to change log below for enhancements and fixes that are added to the new chart.tyk-single-dc
chart is renamed totyk-stack
. This change is part of the terminology alignment initiatives where Tyk is standardising how we refer to the components. If you have previously usedtyk-single-dc
, please delete the release and reinstall usingtyk-stack
. Please refer to change log below for enhancements and fixes that are added to the new chart.- Renamed parameter
backend
tostorageType
intyk-dashboard
Deprecations
tyk-mdcb-data-plane
is now marked as deprecated.tyk-enterprise-portal
is now marked as deprecated.tyk-single-dc
is now marked as deprecated.
Upgrade instructions
For renamed charts, please delete the release and reinstall using the new chart.
helm delete [RELEASE_NAME] tyk-helm/tyk-mdcb-data-plane
helm install [RELEASE_NAME] tyk-helm/tyk-data-plane
For other charts, you can use helm upgrade
to upgrade your release.
helm upgrade [RELEASE_NAME] tyk-helm/tyk-oss
Release Highlights
This version upgrades Tyk Gateway and Tyk Dashboard to v5.2.1, Tyk Pump to 1.8.3 and Tyk Portal to 1.7.0.
Security Enhancements
This version introduces a few security enhancements. It adds configuration options to configure SSL in dashboard and support of insecureSkipVerify
option for all charts to bypass verification for self-signed certificates. For security best practices, we now support use of secret to pass sensitive fields including admin credentials, license keys, database connection string and remote control plane connection details via secrets.
New Gateway parameters
This version enhances Gateway charts by introducing more parameters, like containerPort
, analyticsEnabled
, analyticsConfigType
, hashkeyFunction
for Gateway. Their usage can be found in values.yaml:
# The port which will be exposed on the container for tyk-gateway
containerPort: 8080
# analyticsEnabled property is used to enable/disable analytics.
# If set to empty or nil, analytics will be enabled/disabled based on `global.components.pump`.
analyticsEnabled: ""
# used to decide whether to send the results back directly to Tyk without a hybrid pump
# if you want to send analytics to control plane instead of pump, change analyticsConfigType to "rpc"
analyticsConfigType: ""
# hashKeyFunction property is used to specify the Key hashing algorithm.
# Possible values: murmur64, murmur128, sha256.
hashKeyFunction: murmur128
New Portal parameters
The latest tyk-dev-portal beta chart has full support of all storage type options: fs
, db
, and s3
.
Compatibility Notes
This release is tested on Kubernetes 1.26.3, 1.25.2, 1.24.6, 1.23.12, 1.22.15, 1.21.14, 1.20.15, Tyk Gateway v5.2.1, Tyk Dashboard v5.2.1, Tyk Pump v1.8.3, and Tyk Portal v1.7.0.
tyk-pump-1.1.0 | tyk-gateway-1.1.0 | tyk-oss-1.1.0 | tyk-data-plane-1.0.0 | tyk-dashboard-1.0.0-beta6 | tyk-bootstrap-1.0.0-beta6 | tyk-dev-portal-1.0.0-beta1 | tyk-stack-1.0.0-beta1
tyk-pump-1.1.0
Changelog
Added
- Added parameter
.global.mongo.driver
to configure which Mongo Driver to use. - Added new options to
pump.backend
parameter. Users can enable specific Mongo & Postgres Pumps:mongo-aggregate
,mongo-selective
,postgres-aggregate
,postgres-pump
. - Added
global.remoteControlPlane.useSecretName
parameter to allows user to pass control plane connection details via Kubernetes secrets. - Added support for
containerSecurityContext
configuration. This is required as K8s and OpenShift versions require the security context for container to be set. - Added support for
imagePullSecret
so user can pull an image from a private container image registry or repository.
Changed
- Updated Pump default image tag to v1.8.3.
Fixed
- Fixed typo in Pump deployment template to pick up the correct field
pump.resources
specified in values.yaml.
tyk-gateway-1.1.0
Changelog
Added
- Added
Horizontal Pod Autoscaler
specs for Gateway deployments, allowing users to easily enable automatic scaling by CPU utilisation, memory utilisation or custom metrics. - Added
insecureSkipVerify
option for Gateway undergateway.tls
section to bypass verification for self-signed certificates. - Added
global.remoteControlPlane.useSecretName
parameter to allows user to pass control plane connection details via Kubernetes secrets. - Added support for
containerSecurityContext
configuration. This is required as K8s and OpenShift versions require the security context for container to be set. - Added
containerPort
parameter for Gateway to allow for different values to be set for port and targetPort. - Added support for
imagePullSecret
so user can pull an image from a private container image registry or repository. - Added parameter
analyticsEnabled
to enable or disable analytics in Gateway. It is set to "" by default which means it will be enabled or disabled based on Pump installations. - Added
hashKeyFunction
parameter for Gateway. Default tomurmur128
.
Changed
- Updated Gateway default image tag to v5.2.1.
- Removed setting of obsolete environment variable TYK_GW_OPTIMISATIONSUSEASYNCSESSIONWRITE.
tyk-oss-1.1.0
Changelog
Added
- Added new options to
pump.backend
parameter. Users can enable specific Mongo & Postgres Pumps:mongo-aggregate
,mongo-selective
,postgres-aggregate
,postgres-pump
. - Added
Horizontal Pod Autoscaler
specs for Gateway deployments, allowing users to easily enable automatic scaling by CPU utilisation, memory utilisation or custom metrics. - Added
insecureSkipVerify
option for Gateway undergateway.tls
section to bypass verification for self-signed certificates. - Added support for
containerSecurityContext
configuration. This is required as K8s and OpenShift versions require the security context for container to be set. - Added
containerPort
parameter for Gateway to allow for different values to be set for port and targetPort. - Added support for
imagePullSecret
so user can pull an image from a private container image registry or repository. - Added parameter
analyticsEnabled
to enable or disable analytics in Gateway. It is set to "" by default which means it will be enabled or disabled based on Pump installations.
Changed
- Updated Gateway default image tag to v5.2.1.
- Updated Pump default image tag to v1.8.3.
tyk-data-plane-1.0.0
Breaking Changes
tyk-mdcb-data-plane
chart is renamed totyk-data-plane
. This change is part of the terminology alignment initiatives where Tyk is standardising how we refer to the components. If you have previously usedtyk-mdcb-data-plane
, please delete the release and reinstall usingtyk-data-plane
. Please refer to change log below for enhancements and fixes that are added to the new chart.
Deprecations
tyk-mdcb-data-plane
is now marked as deprecated.
Changelog
Added
- Added new options to
pump.backend
parameter. Users can enable specific Mongo & Postgres Pumps:mongo-aggregate
,mongo-selective
,postgres-aggregate
,postgres-pump
. - Added
Horizontal Pod Autoscaler
specs for Gateway deployments, allowing users to easily enable automatic scaling by CPU utilisation, memory utilisation or custom metrics. - Added
insecureSkipVerify
option for Gateway undergateway.tls
section to bypass verification for self-signed certificates. - Added
global.remoteControlPlane.useSecretName
parameter to allows user to pass control plane connection details via Kubernetes secrets. For detail uses of secrets, see README. - Added support for
containerSecurityContext
configuration. This is required as [K8s]...
Tyk Charts v1.0.0
New chart updates in this release:
- Tyk Gateway v1.0.0
- Tyk Pump v1.0.0
- Tyk OSS v1.0.0
- Tyk MDCB Data Plane v1.0.0
- Tyk Single Data Center v1.0.0-beta6
What's Changed
- [TT-9188] Make Hybrid Pump configuration optional by @buraksekili in #64
- [TT-9195] Add podAnnotations to tyk-gateway chart by @buraksekili in #58
- Fixed wrong port for TYK_GW_POLICIES_POLICYCONNECTIONSTRING by @andrei-tyk in #69
- [TT-9215] Update svc names shown in post-installation notes of charts by @buraksekili in #62
- [TT-9369] Add missing helper to render extraVolumes in dashboard chart by @buraksekili in #72
- [TT-9213] Add Tyk Pump service by @buraksekili in #65
- Add missing flag in tyk-single-dc doc by @buraksekili in #71
- [TT-9286] Fix secret and configmap name of tyk-mdcb-data-plane by @komalsukhani in #70
- [TT-9469] Fixed the redis url in pump deployment by @komalsukhani in #75
- [TT-9264] Support setting of database credentials using secret by @komalsukhani in #68
- [TT-9545] Add missing nameoverrides by @buraksekili in #77
- [TT-9324] Removed unused secret fields and configmaps by @buraksekili in #80
- [TT-9535] Update image tag to latest by @buraksekili in #78
- Update README.md by @caroltyk in #81
- [TT-9523] Add missing volume options in single-dc and mdcb-data-plane charts by @buraksekili in #79
- TT-9547 Edge gw fix by @andrei-tyk in #67
- Fixed bug that prevented tyk-oss gateway from installing with TLS on by @andrei-tyk in #84
- TT-9656 Fix gateway service ports by @caroltyk in #83
- Fix Typo by @caroltyk in #82
- Update NOTES.txt by @caroltyk in #85
- Update Gateway listen ports in integration tests by @buraksekili in #87
- update readme by @caroltyk in #86
- Release v1.0.0-beta5 by @andrei-tyk in #88
- Release v1.0.0-beta6 by @andrei-tyk in #89
- release tyk-oss / tyk-mdcb-data-plane v1 by @caroltyk in #91
- Release v1.0.0 GA by @andrei-tyk in #90
Full Changelog: v1.0.0-beta4...v1.0.0