How does tyk-ce auth itself to elasticsearch?

Hello,
I have a tyk-ce installed Kubernetes environment. My purpose is to integrate tyk-ce with ElasticSearch for observe analytics.

How can I pass ElasticSearch authentication and tls information via Helm chart?

Thanks & Regards

Regarding to the advise here I updated the config like that:

extraEnvs: 
  - name: TYK_PMP_PUMPS_ELASTICSEARCH_TYPE
    value: "elasticsearch"
  - name: TYK_PMP_PUMPS_ELASTICSEARCH_META_ELASTICSEARCHURL
    value: https://escluster-es-http.eck.svc.cluster.local:9200     
  - name: TYK_PMP_PUMPS_ELASTICSEARCH_META_INDEXNAME
    value: "tyk_analytics"
  - name: TYK_PMP_PUMPS_ELASTICSEARCH_META_DOCUMENTTYPE
    value: "tyk_analytics"
  - name: TYK_PMP_PUMPS_ELASTICSEARCH_META_ROLLINGINDEX
    value: true
  - name: TYK_PMP_PUMPS_ELASTICSEARCH_META_EXTENDEDSTATS
    value: false
  - name: TYK_PMP_PUMPS_ELASTICSEARCH_META_ENABLESNIFFING
    value: false
  - name: TYK_PMP_PUMPS_ELASTICSEARCH_META_VERSION
    value: 6
  - name: TYK_PMP_PUMPS_ELASTICSEARCH_META_BULKCONFIG
    workers: 2
    flush_interval: 60
  - name: TYK_PMP_PUMPS_ELASTICSEARCH_META_USER
    value: "elastic"
  - name: TYK_PMP_PUMPS_ELASTICSEARCH_META_PASSWD
    valueFrom:
      secretKeyRef:
        name: escluster-es-elastic-user
        key: elastic
  - name: TYK_PMP_PUMPS_ELASTICSEARCH_META_TLS
    value: true
  - name: TYK_PMP_PUMPS_ELASTICSEARCH_META_TLSVERIFY
    value: false

but there is something missing or wrong in my config. Could u pls advise?

$:~/tyk/tyk-headless$ k logs -n tyk pump-tyk-ce-tyk-headless-6799f5d555-l9j88
time="Oct 27 14:05:23" level=info msg="## Tyk Analytics Pump, 1.4.0 ##"
time="Oct 27 14:05:23" level=info msg="--> [REDIS] Creating single-node client"
time="Oct 27 14:05:23" level=info msg="Serving health check endpoint at http://localhost:8083/health ..."
time="Oct 27 14:05:23" level=info msg=Init collection_name="tyk_analytics_headless" url=
time="Oct 27 14:05:23" level=info msg="-- No max batch size set, defaulting to 10MB"
time="Oct 27 14:05:23" level=info msg="-- No max document size set, defaulting to 10MB"
$:~/tyk/tyk-headless$

Are you sure you added the variables to the Pump section and not the Gateway section? The variables did not get picked up by Pump at all.

yes @sedky

pump:
  # Determines whither or not the pump component should be installed.
  enabled: true
  replicaCount: 1
  image:
    repository: docker.tyk.io/tyk-pump/tyk-pump
    tag: v1.4.0
    pullPolicy: IfNotPresent
  annotations: {}
  resources: {}
    # We usually recommend not to specify default resources and to leave this
    # as a conscious choice for the user. This also increases chances charts
    # run on environments with little resources, such as Minikube. If you do
    # want to specify resources, uncomment the following lines, adjust them
    # as necessary, and remove the curly braces after 'resources:'.
    # limits:
    #  cpu: 100m
    #  memory: 128Mi
    # requests:
    #  cpu: 100m
    #  memory: 128Mi
  nodeSelector: {}
  tolerations: []
  affinity: {}
  extraEnvs:
  - name: TYK_PMP_PUMPS_ELASTICSEARCH_TYPE
    value: "elasticsearch"
  - name: TYK_PMP_PUMPS_ELASTICSEARCH_META_ELASTICSEARCHURL
    value: "https://escluster-es-http.eck.svc.cluster.local:9200"    
  - name: TYK_PMP_PUMPS_ELASTICSEARCH_META_INDEXNAME
    value: "tyk_analytics"
  - name: TYK_PMP_PUMPS_ELASTICSEARCH_META_DOCUMENTTYPE
    value: "tyk_analytics"
  - name: TYK_PMP_PUMPS_ELASTICSEARCH_META_ROLLINGINDEX
    value: true
  - name: TYK_PMP_PUMPS_ELASTICSEARCH_META_EXTENDEDSTATS
    value: false
  - name: TYK_PMP_PUMPS_ELASTICSEARCH_META_ENABLESNIFFING
    value: false
  - name: TYK_PMP_PUMPS_ELASTICSEARCH_META_VERSION
    value: 6
  - name: TYK_PMP_PUMPS_ELASTICSEARCH_META_BULKCONFIG
    workers: 2
    flush_interval: 60
  - name: TYK_PMP_PUMPS_ELASTICSEARCH_META_USER
    value: "elastic"
  - name: TYK_PMP_PUMPS_ELASTICSEARCH_META_PASSWD
    valueFrom:
      secretKeyRef:
        name: escluster-es-elastic-user
        key: elastic
  - name: TYK_PMP_PUMPS_ELASTICSEARCH_META_TLS
    value: true
  - name: TYK_PMP_PUMPS_ELASTICSEARCH_META_TLSVERIFY
    value: false
  mounts: []
rbac: true
bash-5.1# curl -u "elastic:8x7Vblablalbalabla" -k "https://escluster-es-http.eck.svc.cluster.local:9200" | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   550  1{0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  "name": "escluster-es-default-0",
  "cluster_name": "escluster",
  "cluster_uuid": "E4PuDMgKTWmVkt8Lf2FxgQ",
00   550    0     0   80  "version": {
21         "number": "7.15.0",
    "build_flavor": "default",
    "build_type": "docker",
    "build_hash": "79d65f6e357953a5b3cbcc5e2c7c21073d89aa29",
    "build_date": "2021-09-16T03:05:29.143308416Z",
    "build_snapshot": false,
    "lucene_version": "8.9.0" ,
0     "minimum_wire_compatibility_version": "6.8.0",
-    "minimum_index_compatibility_version": "6.0.0-beta1"
-  },
:-  "tagline": "You Know, for Search"-
:-- --:--}
:-- --:--:--  8088
bash-5.1#

@sedky it says

collection_name="tyk_analytics_headless" url=

…because the both gw and pump variables are set in the same values.yaml file in helm package.

Hello,
Tyk pump doesn’t care what I type in extraEnv field in Helm values.yaml file. When I check pump pod, none of variables were set there.

I had to edit configmap pump-conf-tyk-ce-tyk-headless and added following lines:

...
"tls": true,
"tlsverify": false,
..

nothing changed,

...
"use_ssl": true,
"ssl_insecure_skip_verify": true,
...

nothing changed,

...
"elasticsearch_tls": true,
"elasticsearch_tlsverify": false,
...

…still getting same error:

level=error msg="Elasticsearch connection failed: health check timeout: Head \"https://escluster-es-http.eck.svc.cluster.local:9200\": x509: certificate signed by unknown authority: no Elasticsearch node available"
type or paste code here


Could you please advise what is the correct definition?

Thanks & Regards