After following tyk[.]io/blog/how-to-deploy-your-tyk-stack-in-kubernetes-on-aws/ to set up tyk in AWS, you will find that the /hello health check endpoint is also accessible publicly.
Is there a recommended way to block access to this, and furthermore protect access to the tyk API that runs at /tyk?
Hi,
There is a discussion of this at Planning for Production which should answer your question.
It’s important to make sure that K8s liveness and readyness checks are configured to access the /hello API or a user defined replacement if you want to use one.
Cheers,
Pete
Thanks Pete. I’ve read that page. Specifically, is it changing the control port number that allows you to block access to the healthchecks and the API?
Yes, but it’s also about making sure the port is not exposed publicly or is behind a proxy like a firewall.