Hi,
We’re trying to put together POC of tyk running in kubernetes, we dont want the dashboard or mongo
we plan to pump logs into elasticsearch, all our config needs to be automated as the gateway needs to be able to scale with load.
Ive got kubernetes config sorted, i’m passing the .conf and an api.json file via kubectl but i’m having problems with SSL
I was hoping to use the lets encrypt functionality to quickly get some SSL certs up - i guess i’m missing something from your documentation because i keep getting errors
The main example below seems to be for predefined SSL certs, do i just add the use_ssl_le boolean? If so where does LE create the SSL key (docs refer to REDIS) - if i leave out the cert_file and key_file locations i just get an error at boot: [Server error: loadkeys: open : no such file or directory]
"http_server_options": { "use_ssl": true, "use_ssl_le": true ##documentation## suggests this is all i need?? "server_name": "yoursite.com", "min_version": "1.2", "certificates": [ { "domain_name": "*.yoursite.com", "cert_file": "./new.cert.cert", ## what do i do with these? "key_file": "./new.cert.key" ## when using letsencrypt } ] },
My full config is below:
{ "listen_port": 8443, "secret": "000000000000000000", "node_secret": "000000000000000000", "template_path": "/opt/tyk-gateway/templates", "tyk_js_path": "/opt/tyk-gateway/js/tyk.js", "middleware_path": "/opt/tyk-gateway/middleware", "use_db_app_configs": false, "app_path": "/opt/tyk-gateway/apps/", "storage": { "type": "redis", "enable_cluster": false, "hosts": { "euw-gcp-prd-redis-001-1-vm": "6379" }, "username": "", "password": "", "database": 1, "optimisation_max_idle": 100 }, "enable_analytics": true, "use_logstash": true, "logstash_transport": "tcp", "logstash_network_addr": "tbc", "health_check": { "enable_health_checks": true, "health_check_value_timeouts": 60 }, "optimisations_use_async_session_write": true, "enable_non_transactional_rate_limiter": true, "enable_sentinel_rate_limiter": false, "allow_master_keys": false, "policies": { "policy_source": "file" }, "hash_keys": true, "close_connections": true, "http_server_options": { "use_ssl": true, "use_ssl_le": true, "server_name": "projectone.com", "min_version": "1.2", "certificates": [ { "domain_name": "tyk.projectone.com" } ] }, "allow_insecure_configs": true, "coprocess_options": { "enable_coprocess": false, "coprocess_grpc_server": "" }, "enable_bundle_downloader": true, "bundle_base_url": "", "global_session_lifetime": 100, "force_global_session_lifetime": false, "max_idle_connections_per_host": 100 }
I anyone could let me know where im going wrong that would be amazing - thanks