v2.1.0

What's Changed

• TT-12922: update helm chart component version by @olamilekan000 in #317
• Update Tyk Operator CRD for version operator-release-v0.18.8-rc-test by @Tyk-ITS in #334
• Update Tyk Operator CRD for version operator-release-v1.0.0 by @Tyk-ITS in #338
• (release): version to v2.1.0 by @buraksekili in #339

New Contributors

• @Tyk-ITS made their first contribution in #334

Full Changelog: v2.0.0...v2.1.0

Tyk Charts v2.0.0

What's Changed

• [TT-12848] Add optional extraVolumes and extraVolumeMounts to bootstrap jobs by @nbentfeld in #316
• [TT-13080], added support for path prefix/suffix matching env vars by @andrei-tyk in #319

New Contributors

• @nbentfeld made their first contribution in #316

v1.6.0

What's Changed

• Update k8s version matrix by @komalsukhani in #308
• [TT-12508] Fix dev portal ingress issue by @komalsukhani in #307
• [TT-12685] Update component version by @komalsukhani in #310
• TT-11537 added new MDCB config option healthcheck.cache_renewal_period by @sredxny in #306

Full Changelog: v1.5.0...v1.6.0

v1.5.0

What's Changed

• [TT-9514] Add tyk-operator chart as a dependency by @buraksekili in #278
• Update mongo chart version by @komalsukhani in #293
• TT-11532 added config option for the http server in mdcb 2.5.1 by @sredxny in #284
• TT-11532 deprecated healthcheck port and now use http port. MDCB 2.6 by @sredxny in #286
• Add init containers resources param by @gilankpam in #294
• [TT-12125] Add fixed window rate limiter vars by @titpetric in #292
• TT-12112 Add the value annotations to tyk-stack and component helm charts by @mgnisia in #291
• [TT-12321] Fix MDCB HealthCheck Port settings by @komalsukhani in #299
• (update): upgrade tyk-k8s-bootstrap version to 2.1.2 by @buraksekili in #303
• TT-12202: bootstrap portal using api by @olamilekan000 in #301
• [TT-12407] MDCB improvements by @komalsukhani in #302
• [TT-11730] Fixed mongo analytics settings by @komalsukhani in #296
• [TT-12294] Remove check for v3 from gateway probes by @komalsukhani in #297
• [TT-12320] Update component versions by @komalsukhani in #298
• [TT-12126] Release to 1.5.0 - Prepare artifacts for 1.5.0 helm release by @buraksekili in #305

New Contributors

• @sredxny made their first contribution in #284
• @gilankpam made their first contribution in #294
• @mgnisia made their first contribution in #291

Full Changelog: v1.4.0...v1.5.0

Tyk Charts v1.4.0

Release Highlights

General availability release of tyk-control-plane chart and tyk-mdcb chart
We’re pleased to announce the official release of the Tyk Helm Charts for Tyk Control Plane and MDCB! Following a successful beta phase, these charts are now stable and ready for production use.

With this release, we aim to provide a straightforward solution for deploying and managing Tyk Control Plane and Multi-Data Center Bridge (MDCB) using Helm Charts. Whether you’re looking for our recommended setup configurations or need flexibility to adapt to your architectural requirements, our Helm Charts have you covered.

To leverage this stable release and simplify your Tyk deployments, we invite you to explore our example setup for MDCB Control Plane using Helm Chart. Simply follow our MDCB Control Plane setup guide to get started.

Updated default Tyk versions
Tyk Charts 1.4 will install the following Tyk component versions by default.

Tyk Gateway v5.3.1
Tyk Dashboard v5.3.1
Tyk Pump v1.9.0
Tyk MDCB v2.5.1
Tyk Developer Portal v1.8.5

Changelog

Added

• OSS: Simplify Tyk Operator setup with Kubernetes Secret creation
• MDCB: Enhanced analytics configuration options
• Tyk Control Plane: Added option to enable Dashboard hybrid organisation
• Enhanced security with customisable Pod or Container security context
• Gateway: Allow Gateway to be updated if secret value is updated
• Customizable Pod Labels Across All Components
• Portal: Customizable Pod annotations in tyk-dev-portal

Changed

• Gateway/Pump: Removed the command in Gateway and Pump pod templates
• Dashboard: Allow arbitary image tags in tyk-dashboard
• Dashboard: Classic portal bootstrapping disabled by default
• Dashboard: Deprecation of hashKeys field

Fixed

• Global: Redis TLS version specification

tyk-stack 1.0.0, tyk-oss 1.2.0, tyk-data-plane 1.1.0, tyk-gateway 1.2.0, tyk-pump 1.2.0, tyk-dashboard 1.0.0, tyk-dev-portal 1.0.0, tyk-bootstrap 1.0.0

Open Source (Mozilla Public License)

Support Lifetime

Our minor releases are supported until our next minor comes out.

Release Date 7 Dec 2023

Breaking Changes

• Updated the default service type of Gateway, Dashboard, Developer Portal, and Pump from NodePort to ClusterIP for better security. You can configure external access to a service with your desired method like changing service type to NodePort, LoadBalancer or configuring Ingress.
• Removed global.components.dashboard flag as it was misleading. Adapted gateway to use a gateway-specific flag gateway.useDashboardAppConfig. Set gateway.useDashboardAppConfig to true if gateway should connect to Dashboard for app configurations.

Deprecations

There are no deprecations in this release.

Upgrade instructions

You can use helm upgrade to upgrade your release

helm upgrade [RELEASE_NAME] tyk-helm/tyk-oss

Release Highlights

This version upgrades Tyk Gateway and Tyk Dashboard to v5.2.3 and Tyk Portal to 1.8.0.

Stable release of Tyk Stack, Tyk Dashboard, Tyk Developer Portal and bootstrapping 🎉

tyk-stack provides the default deployment of Tyk Self Managed on a cluster. It will deploy all required Tyk components with the settings provided in the values.yaml file.

Components charts for Tyk Dashboard, Tyk Developer Portal are also available if you want to manage deployment of Dashboard and Developer portal independently.

Please visit Tyk Docs for installation instructions.

New Gateway parameters

This version enhances Gateway charts by introducing configurations for OpenTelemetry. Their usage can be found in values.yaml:

    # opentelemetry is used to configure opentelemetry for Tyk Gateway
    opentelemetry:
      # Used to enable/disable opentelemetry
      enabled: false
      # exporter is used to define the type of the exporter to sending data in OTLP protocol
      # Valid values are "grpc" or "http"
      exporter: grpc
      # endpoint defines OpenTelemetry collector endpoint to connect to.
      endpoint: localhost:4317
      # A map of headers that will be sent with HTTP requests to the collector.
      # It should be set to map of string to string
      headers: {}
      # Timeout for establishing a connection to the collector
      connectionTimeout: 1
      # Name of the resource that will be used to identify the resource.
      resourceName: tyk
      # Type of the span processor to use. Valid values are “simple” or “batch”.
      spanProcessorType: batch
      # Type of the context propagator to use. Valid values are "tracecontext" and "b3".
      contextPropagation: tracecontext
      # TLS configuration for the exporter.
      tls:
        # Flag that can be used to enable TLS
        enabled: false
        # Flag that can be used to skip TLS verification if TLS is enabled
        insecureSkipVerify: true
        # Maximum TLS version that is supported.
        maxVersion: 1.3
        # Minimum TLS version that is supported
        minVersion: 1.2
        # Path to the cert file
        certFileName: ""
        # Path to the key file
        keyFileName: ""
        # Path to CA file
        caFileName: ""
        # Existing secret that stores TLS and CA Certificate
        certificateSecretName: ""
        # Mount path on which certificate secret should be mounted
        secretMountPath: ""
      sampling:
        # Refers to the policy used by OpenTelemetry to determine whether a particular trace should be sampled or not.
        type: "AlwaysOn"
        # Parameter for the TraceIDRatioBased sampler type and represents the percentage of traces to be sampled.
        rate: 0.5
        # Rule that ensures that if we decide to record data for a particular operation, we’ll also record data for
        # all the subsequent work that operation causes
        parentBased: false

Compatibility Notes

This release is tested on Kubernetes 1.26.3, 1.25.2, 1.24.6, 1.23.12, 1.22.15, 1.21.14, 1.20.15, Tyk Gateway v5.2.3, Tyk Dashboard v5.2.3, Tyk Pump v1.8.3, and Tyk Portal v1.8.0.

tyk-bootstrap-1.0.0 |
tyk-dashboard-1.0.0 |
tyk-data-plane-1.1.0 |
tyk-dev-portal-1.0.0 |
tyk-gateway-1.2.0 |
tyk-oss-1.2.0 |
tyk-pump-1.2.0 |
tyk-stack-1.0.0

---

tyk-bootstrap-1.0.0

Changelog

Added

• Added a field global.components.bootstrap to enable or disable bootstrapping.
• Added extraEnvs to support setting environment variables for jobs.

Changed

• Bootstrapping Job does not fail if there is existing ORG found in dashboard storage. If the database has been bootstrapped already, the job will proceed with creating secret with Operator and Developer Portal.
• Renamed environment variable names to be consistent with envconfig naming convention. The list of supported environment variables are documented at tyk-k8s-bootstrap.
• Remove .cluster.local from service URL to allow for named cluster support.

Removed

• Removed annotation [sidecar.istio.io/inject:](http://sidecar.istio.io/inject:) “false” from postInstall and preDelete jobs. If Tyk is deployed inside Istio service mesh, you can configure the required annotation for all jobs using values.yaml file.
• Removed unused fields from tyk-bootstrap chart values.yaml: global.servicePorts and global.components, global.tls.gateway.

tyk-dashboard-1.0.0

Changelog

Added

• Added Ingress configuration for dashboard and classic portal.
• In tyk-dashboard, a new field (dashboard.tykApiHost) allows configuring a custom service name for Tyk Gateway.

Fixed

• Fixed gateway connection string at environment variable TYK_DB_TYKAPI_HOST and TYK_DB_TYKAPI_PORT.
• Aligned the value of dashboard.overrideHostname with gwHostName yaml anchor.
• Fixed setting TYK_DB_ENABLEAGGREGATELOOKUPS via dashboard.enableAggregateLookups.
• Fixed the issue that Dashboard version <= 5.0.2 failed to start because of missing configuration file (tyk_analytics.conf). In order to fix that, if the dashboard version is <= v5.0.2, it runs init-container to create empty tyk_analytics.conf file.

Changed

• Updated Dashboard default image tag to v5.2.3.
• Updated default value for PostgreSQL sslmode (global.postgres.sslmode) from empty to disable.

• Updated default service type of Dashboard service from NodePort to ClusterIP.
• Removed .cluster.local from service URL to allow for named cluster support.

Removed

• Removed annotation traffic.sidecar.istio.io/excludeInboundPorts and traffic.sidecar.istio.io/includeInboundPorts. If Tyk is deployed inside Istio service mesh, you can configure the required annotation using values.yaml file.
• Removed support for dashboard.enableIstioIngress field in values.yaml.

tyk-data-plane-1.1.0

Breaking Changes

• Updated the default service type of Gateway and Pump service from NodePort to ClusterIP for better security. You can configure external access to a service with your desired method like changing service type to NodePort, LoadBalancer, or configuring Ingress.

Changelog

Added

• Added OpenTelemetry support under tyk-gateway.gateway.opentelemetry.

Updated

• Updated Gateway default image tag to v5.2.3.
• Updated the default service type of Gateway and Pump service from NodePort to ClusterIP. You can configure external access to a service with your desired method like changing service type to NodePort, LoadBalancer, or configuring Ingress.
• Removed .cluster.local from service URL to allow for named cluster support.

tyk-dev-portal-1.0.0

Changelog

Updated

• Updated Developer Portal default image tag to v1.8.0.
• Updated the default service type of Gateway and Pump service from NodePort to ClusterIP for better security. You can configure external access to a service with your desired method like changing service type to NodePort, LoadBalancer, or configuring Ingress.
• Updated default storage type in values.yaml from fs to db. The new default option does not require additional configuration to work.
• Updated liveliness probe from / to /live and readiness probe from / to /ready.
• Moved the database related variables in the values.yaml outside the section related to the storage of the assets inside enterprise portal. This reduces confusion, facilitating database configuration.
• Updated setting Dashboard URL in Portal using service discovery.
• User can provide developer portal configurations via secret useSecretName instead of global.secrets.useSecretName. This is to make it easier to manage portal and dashboard configuration separately.

Removed

• Removed field global.bootstrap.devPortal. You can now set both global.components.bootstrap and tyk-bootstrap.bootstrap.devPortal to true to enable portal bootstrapping.

tyk-gateway-1.2.0

Breaking Changes

• Updated the default service type of Gateway service from NodePort to ClusterIP. You can configure external access to service with your desired method like changing service type to NodePort, LoadBalancer, or configuring Ingress.

Changelog

Added

• Added OpenTelemetry support under gateway.opentelemetry.
• In tyk-gateway, new fields (`dashboardConnection...

Tyk Charts 1.1.0

Open Source (Mozilla Public License)

Support Lifetime

Our minor releases are supported until our next minor comes out.

Release Date 30 Oct 2023

Breaking Changes

• tyk-mdcb-data-plane chart is renamed to tyk-data-plane. This change is part of the terminology alignment initiatives where Tyk is standardising how we refer to the components. If you have previously used tyk-mdcb-data-plane, please delete the release and reinstall using tyk-data-plane. Please refer to change log below for enhancements and fixes that are added to the new chart.
• tyk-enterprise-portal chart is renamed to tyk-dev-portal. This change is part of the terminology alignment initiatives where Tyk is standardising how we refer to the components. If you have previously used tyk-enterprise-portal, please delete the release and reinstall using tyk-dev-portal. Please refer to change log below for enhancements and fixes that are added to the new chart.
• tyk-single-dc chart is renamed to tyk-stack. This change is part of the terminology alignment initiatives where Tyk is standardising how we refer to the components. If you have previously used tyk-single-dc, please delete the release and reinstall using tyk-stack. Please refer to change log below for enhancements and fixes that are added to the new chart.
• Renamed parameter backend to storageType in tyk-dashboard

Deprecations

• tyk-mdcb-data-plane is now marked as deprecated.
• tyk-enterprise-portal is now marked as deprecated.
• tyk-single-dc is now marked as deprecated.

Upgrade instructions

For renamed charts, please delete the release and reinstall using the new chart.

helm delete [RELEASE_NAME] tyk-helm/tyk-mdcb-data-plane
helm install [RELEASE_NAME] tyk-helm/tyk-data-plane

For other charts, you can use helm upgrade to upgrade your release.

helm upgrade [RELEASE_NAME] tyk-helm/tyk-oss

Release Highlights

This version upgrades Tyk Gateway and Tyk Dashboard to v5.2.1, Tyk Pump to 1.8.3 and Tyk Portal to 1.7.0.

Security Enhancements

This version introduces a few security enhancements. It adds configuration options to configure SSL in dashboard and support of insecureSkipVerify option for all charts to bypass verification for self-signed certificates. For security best practices, we now support use of secret to pass sensitive fields including admin credentials, license keys, database connection string and remote control plane connection details via secrets.

New Gateway parameters

This version enhances Gateway charts by introducing more parameters, like containerPort, analyticsEnabled, analyticsConfigType, hashkeyFunction for Gateway. Their usage can be found in values.yaml:

  # The port which will be exposed on the container for tyk-gateway
  containerPort: 8080

  # analyticsEnabled property is used to enable/disable analytics.
  # If set to empty or nil, analytics will be enabled/disabled based on `global.components.pump`.
  analyticsEnabled: ""

  # used to decide whether to send the results back directly to Tyk without a hybrid pump
  # if you want to send analytics to control plane instead of pump, change analyticsConfigType to "rpc"
  analyticsConfigType: ""

  # hashKeyFunction property is used to specify the Key hashing algorithm.
  # Possible values: murmur64, murmur128, sha256.
  hashKeyFunction: murmur128

New Portal parameters

The latest tyk-dev-portal beta chart has full support of all storage type options: fs, db, and s3.

Compatibility Notes

This release is tested on Kubernetes 1.26.3, 1.25.2, 1.24.6, 1.23.12, 1.22.15, 1.21.14, 1.20.15, Tyk Gateway v5.2.1, Tyk Dashboard v5.2.1, Tyk Pump v1.8.3, and Tyk Portal v1.7.0.

tyk-pump-1.1.0 | tyk-gateway-1.1.0 | tyk-oss-1.1.0 | tyk-data-plane-1.0.0 | tyk-dashboard-1.0.0-beta6 | tyk-bootstrap-1.0.0-beta6 | tyk-dev-portal-1.0.0-beta1 | tyk-stack-1.0.0-beta1

---

tyk-pump-1.1.0

Changelog

Added

• Added parameter .global.mongo.driver to configure which Mongo Driver to use.
• Added new options to pump.backend parameter. Users can enable specific Mongo & Postgres Pumps: mongo-aggregate, mongo-selective, postgres-aggregate, postgres-pump.
• Added global.remoteControlPlane.useSecretName parameter to allows user to pass control plane connection details via Kubernetes secrets.
• Added support for containerSecurityContext configuration. This is required as K8s and OpenShift versions require the security context for container to be set.
• Added support for imagePullSecret so user can pull an image from a private container image registry or repository.

Changed

• Updated Pump default image tag to v1.8.3.

Fixed

• Fixed typo in Pump deployment template to pick up the correct field pump.resources specified in values.yaml.

tyk-gateway-1.1.0

Changelog

Added

• Added Horizontal Pod Autoscaler specs for Gateway deployments, allowing users to easily enable automatic scaling by CPU utilisation, memory utilisation or custom metrics.
• Added insecureSkipVerify option for Gateway under gateway.tls section to bypass verification for self-signed certificates.
• Added global.remoteControlPlane.useSecretName parameter to allows user to pass control plane connection details via Kubernetes secrets.
• Added support for containerSecurityContext configuration. This is required as K8s and OpenShift versions require the security context for container to be set.
• Added containerPort parameter for Gateway to allow for different values to be set for port and targetPort.
• Added support for imagePullSecret so user can pull an image from a private container image registry or repository.
• Added parameter analyticsEnabled to enable or disable analytics in Gateway. It is set to "" by default which means it will be enabled or disabled based on Pump installations.
• Added hashKeyFunction parameter for Gateway. Default to murmur128.

Changed

• Updated Gateway default image tag to v5.2.1.
• Removed setting of obsolete environment variable TYK_GW_OPTIMISATIONSUSEASYNCSESSIONWRITE.

tyk-oss-1.1.0

Changelog

Added

• Added new options to pump.backend parameter. Users can enable specific Mongo & Postgres Pumps: mongo-aggregate, mongo-selective, postgres-aggregate, postgres-pump.
• Added Horizontal Pod Autoscaler specs for Gateway deployments, allowing users to easily enable automatic scaling by CPU utilisation, memory utilisation or custom metrics.
• Added insecureSkipVerify option for Gateway under gateway.tls section to bypass verification for self-signed certificates.
• Added support for containerSecurityContext configuration. This is required as K8s and OpenShift versions require the security context for container to be set.
• Added containerPort parameter for Gateway to allow for different values to be set for port and targetPort.
• Added support for imagePullSecret so user can pull an image from a private container image registry or repository.
• Added parameter analyticsEnabled to enable or disable analytics in Gateway. It is set to "" by default which means it will be enabled or disabled based on Pump installations.

Changed

• Updated Gateway default image tag to v5.2.1.
• Updated Pump default image tag to v1.8.3.

tyk-data-plane-1.0.0

Breaking Changes

• tyk-mdcb-data-plane chart is renamed to tyk-data-plane. This change is part of the terminology alignment initiatives where Tyk is standardising how we refer to the components. If you have previously used tyk-mdcb-data-plane, please delete the release and reinstall using tyk-data-plane. Please refer to change log below for enhancements and fixes that are added to the new chart.

Deprecations

• tyk-mdcb-data-plane is now marked as deprecated.

Changelog

Added

• Added new options to pump.backend parameter. Users can enable specific Mongo & Postgres Pumps: mongo-aggregate, mongo-selective, postgres-aggregate, postgres-pump.
• Added Horizontal Pod Autoscaler specs for Gateway deployments, allowing users to easily enable automatic scaling by CPU utilisation, memory utilisation or custom metrics.
• Added insecureSkipVerify option for Gateway under gateway.tls section to bypass verification for self-signed certificates.
• Added global.remoteControlPlane.useSecretName parameter to allows user to pass control plane connection details via Kubernetes secrets. For detail uses of secrets, see README.
• Added support for containerSecurityContext configuration. This is required as [K8s]...

Tyk Charts v1.0.0

New chart updates in this release:

1. Tyk Gateway v1.0.0
2. Tyk Pump v1.0.0
3. Tyk OSS v1.0.0
4. Tyk MDCB Data Plane v1.0.0
5. Tyk Single Data Center v1.0.0-beta6

What's Changed

• [TT-9188] Make Hybrid Pump configuration optional by @buraksekili in #64
• [TT-9195] Add podAnnotations to tyk-gateway chart by @buraksekili in #58
• Fixed wrong port for TYK_GW_POLICIES_POLICYCONNECTIONSTRING by @andrei-tyk in #69
• [TT-9215] Update svc names shown in post-installation notes of charts by @buraksekili in #62
• [TT-9369] Add missing helper to render extraVolumes in dashboard chart by @buraksekili in #72
• [TT-9213] Add Tyk Pump service by @buraksekili in #65
• Add missing flag in tyk-single-dc doc by @buraksekili in #71
• [TT-9286] Fix secret and configmap name of tyk-mdcb-data-plane by @komalsukhani in #70
• [TT-9469] Fixed the redis url in pump deployment by @komalsukhani in #75
• [TT-9264] Support setting of database credentials using secret by @komalsukhani in #68
• [TT-9545] Add missing nameoverrides by @buraksekili in #77
• [TT-9324] Removed unused secret fields and configmaps by @buraksekili in #80
• [TT-9535] Update image tag to latest by @buraksekili in #78
• Update README.md by @caroltyk in #81
• [TT-9523] Add missing volume options in single-dc and mdcb-data-plane charts by @buraksekili in #79
• TT-9547 Edge gw fix by @andrei-tyk in #67
• Fixed bug that prevented tyk-oss gateway from installing with TLS on by @andrei-tyk in #84
• TT-9656 Fix gateway service ports by @caroltyk in #83
• Fix Typo by @caroltyk in #82
• Update NOTES.txt by @caroltyk in #85
• Update Gateway listen ports in integration tests by @buraksekili in #87
• update readme by @caroltyk in #86
• Release v1.0.0-beta5 by @andrei-tyk in #88
• Release v1.0.0-beta6 by @andrei-tyk in #89
• release tyk-oss / tyk-mdcb-data-plane v1 by @caroltyk in #91
• Release v1.0.0 GA by @andrei-tyk in #90

Full Changelog: v1.0.0-beta4...v1.0.0

Tyk Helm Charts v1.0.0-beta4

Tyk Helm Charts v1.0.0-beta4

Tyk Helm Charts v1.0.0-beta3

Updated chart version to 1.0.0-beta3 (#53)