Hybrid Gateway does not connect to Tyk Cloud

Support Installation and Deployment
,
1

Hello there,

I want to setup a Hybrid Gateway as described in the docs using a Helm deployment. I also deployed the Bitnami Redis Helm chart. The Tyk DeamonSet is started successfully. But I can’t see the Gateway in the Tyk Cloud Dashboard (there is only the control plane without any gateways).

This is my yaml configuration:

gateway:
  hostname: service.example.com
  # tls: true
  rpc:
    connString: subdomain.aws-euc1.cloud-ara.tyk.io:443
    apiKey: "..." # the api key
    rpcKey: "..." #
  ingress:
    enabled: true
    annotations:
      kubernetes.io/ingress.class: nginx
      cert-manager.io/issuer: "letsencrypt-prod"
      nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
    path: /
    hosts:
      - service.example.com
    tls:
    - secretName: "letsencrypt-prod"
      hosts:
        - service.example.com
redis:
  addrs:
  - tyk-redis-master.tyk.svc.cluster.local:6379

  pass: "..."

  # storage:
  #   database: 0

Am I missing something?

2

Hi Raman, could you share the value of the connString and the gateway logs?

3

Hi Olu,

connString: confused-memory-hyb.aws-euc1.cloud-ara.tyk.io:443

Gateway logs (attention: the latest log entry is at the top; logs starting from bottom):

"time=""Sep 10 12:24:44"" level=warning msg=""Reconnecting storage: Redis is either down or ws not configured"" prefix=pub-sub

"time=""Sep 10 12:24:44"" level=info msg=""[HOST CHECKER] Stopping poller""

"time=""Sep 10 12:24:44"" level=warning msg=""Reconnecting storage: Redis is either down or ws not configured"" prefix=pub-sub

"time=""Sep 10 12:24:44"" level=info msg=""[HOST CHECKER] Stopping poller""

"time=""Sep 10 12:24:44"" level=warning msg=""Reconnecting storage: Redis is either down or ws not configured"" prefix=pub-sub

"time=""Sep 10 12:24:44"" level=info msg=""[HOST CHECKER] Stopping poller""

"time=""Sep 10 12:24:44"" level=info msg=""[HOST CHECKER] Stopping poller""

"time=""Sep 10 12:24:44"" level=warning msg=""Reconnecting storage: Redis is either down or ws not configured"" prefix=pub-sub

"time=""Sep 10 12:24:43"" level=info msg=""[HOST CHECKER] Stopping poller""

"time=""Sep 10 12:24:43"" level=warning msg=""Reconnecting storage: Redis is either down or ws not configured"" prefix=pub-sub

"time=""Sep 10 12:24:43"" level=warning msg=""Reconnecting storage: Redis is either down or ws not configured"" prefix=pub-sub

"time=""Sep 10 12:24:34"" level=info msg=""--> [REDIS] Creating single-node client""

"time=""Sep 10 12:24:34"" level=info msg=""--> [REDIS] Creating single-node client""

"time=""Sep 10 12:24:34"" level=info msg=""API reload complete"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""Initialised API Definitions"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""Loading uptime tests..."" prefix=host-check-mgr

"time=""Sep 10 12:24:34"" level=info msg=""API Loaded"" api_id=1 api_name=""Tyk Test API"" org_id=default prefix=gateway server_name=-- user_id=-- user_ip=--

"time=""Sep 10 12:24:34"" level=info msg=""Checking security policy: Token"" api_id=1 api_name=""Tyk Test API"" org_id=default

"time=""Sep 10 12:24:34"" level=info msg=""API bind on custom port:0"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""Initialising Tyk REST API Endpoints"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""Tracking hostname"" api_name=""Tyk Test API"" domain=""(no host)"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""Loading API configurations."" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""Detected 1 APIs"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""Loading API Specification from /opt/tyk-gateway/apps/app_sample.json""

"time=""Sep 10 12:24:34"" level=info msg=""Loading policies"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""Starting gateway rate limiter notifications...""

"time=""Sep 10 12:24:34"" level=info msg=""--> PID: 0"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""--> Listening on port: 8080"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""--> Listening on address: (open interface)"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""Tyk Gateway started (v3.2.1)"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""Initialising distributed rate limiter"" prefix=main

"time=""Sep 10 12:24:34"" level=warning msg=""Starting HTTP server on:[::]:8080"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""--> Standard listener (http)"" port="":8080"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""Initialising Tyk REST API Endpoints"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""--> [REDIS] Creating single-node client""

"time=""Sep 10 12:24:34"" level=warning msg=""The control_api_port should be changed for production"" prefix=main

"time=""Sep 10 12:24:34"" level=error msg=""Failed ot get host pid: open /var/run/tyk/tyk-gateway.pid: no such file or directory"" prefix=main

"time=""Sep 10 12:24:34"" level=error msg=""Failed to write PIDFile: mkdir /var/run/tyk: read-only file system"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""PIDFile location set to: /var/run/tyk/tyk-gateway.pid"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""Rich plugins are disabled"" prefix=coprocess

"time=""Sep 10 12:24:34"" level=info msg=""Starting Poller"" prefix=host-check-mgr

"time=""Sep 10 12:24:34"" level=info msg=""Tyk API Gateway v3.2.1"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""--> [REDIS] Creating single-node client""

"time=""Sep 10 12:24:34"" level=info msg=""--> [REDIS] Creating single-node client""

"time=""Sep 10 12:24:34"" level=info msg=""Starting gateway rate limiter notifications...""

"time=""Sep 10 12:24:34"" level=info msg=""API reload complete"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""Initialised API Definitions"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""Loading uptime tests..."" prefix=host-check-mgr

"time=""Sep 10 12:24:34"" level=info msg=""API Loaded"" api_id=1 api_name=""Tyk Test API"" org_id=default prefix=gateway server_name=-- user_id=-- user_ip=--

"time=""Sep 10 12:24:34"" level=info msg=""Checking security policy: Token"" api_id=1 api_name=""Tyk Test API"" org_id=default

"time=""Sep 10 12:24:34"" level=info msg=""API bind on custom port:0"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""Initialising Tyk REST API Endpoints"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""Tracking hostname"" api_name=""Tyk Test API"" domain=""(no host)"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""Loading API configurations."" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""Detected 1 APIs"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""Loading API Specification from /opt/tyk-gateway/apps/app_sample.json""

"time=""Sep 10 12:24:34"" level=info msg=""Loading policies"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""--> PID: 0"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""--> Listening on port: 8080"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""--> Listening on address: (open interface)"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""Tyk Gateway started (v3.2.1)"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""Initialising distributed rate limiter"" prefix=main

"time=""Sep 10 12:24:34"" level=warning msg=""Starting HTTP server on:[::]:8080"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""--> Standard listener (http)"" port="":8080"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""--> [REDIS] Creating single-node client""

"time=""Sep 10 12:24:34"" level=info msg=""Initialising Tyk REST API Endpoints"" prefix=main

"time=""Sep 10 12:24:34"" level=warning msg=""The control_api_port should be changed for production"" prefix=main

"time=""Sep 10 12:24:34"" level=error msg=""Failed ot get host pid: open /var/run/tyk/tyk-gateway.pid: no such file or directory"" prefix=main

"time=""Sep 10 12:24:34"" level=error msg=""Failed to write PIDFile: mkdir /var/run/tyk: read-only file system"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""PIDFile location set to: /var/run/tyk/tyk-gateway.pid"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""Rich plugins are disabled"" prefix=coprocess

"time=""Sep 10 12:24:34"" level=info msg=""Starting Poller"" prefix=host-check-mgr

"time=""Sep 10 12:24:34"" level=info msg=""Tyk API Gateway v3.2.1"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""--> [REDIS] Creating single-node client""

"time=""Sep 10 12:24:34"" level=info msg=""--> [REDIS] Creating single-node client""

"time=""Sep 10 12:24:34"" level=info msg=""--> [REDIS] Creating single-node client""

"time=""Sep 10 12:24:34"" level=info msg=""Starting gateway rate limiter notifications...""

"time=""Sep 10 12:24:34"" level=info msg=""API reload complete"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""Initialised API Definitions"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""Loading uptime tests..."" prefix=host-check-mgr

"time=""Sep 10 12:24:34"" level=info msg=""API Loaded"" api_id=1 api_name=""Tyk Test API"" org_id=default prefix=gateway server_name=-- user_id=-- user_ip=--

"time=""Sep 10 12:24:34"" level=info msg=""Checking security policy: Token"" api_id=1 api_name=""Tyk Test API"" org_id=default

"time=""Sep 10 12:24:34"" level=info msg=""--> [REDIS] Creating single-node client""

"time=""Sep 10 12:24:34"" level=info msg=""API bind on custom port:0"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""Initialising Tyk REST API Endpoints"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""Tracking hostname"" api_name=""Tyk Test API"" domain=""(no host)"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""Loading API configurations."" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""Detected 1 APIs"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""Loading API Specification from /opt/tyk-gateway/apps/app_sample.json""

"time=""Sep 10 12:24:34"" level=info msg=""Loading policies"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""--> PID: 0"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""--> Listening on port: 8080"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""--> Listening on address: (open interface)"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""Tyk Gateway started (v3.2.1)"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""Initialising distributed rate limiter"" prefix=main

"time=""Sep 10 12:24:34"" level=warning msg=""Starting HTTP server on:[::]:8080"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""--> Standard listener (http)"" port="":8080"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""--> [REDIS] Creating single-node client""

"time=""Sep 10 12:24:34"" level=info msg=""Initialising Tyk REST API Endpoints"" prefix=main

"time=""Sep 10 12:24:34"" level=warning msg=""The control_api_port should be changed for production"" prefix=main

"time=""Sep 10 12:24:34"" level=error msg=""Failed ot get host pid: open /var/run/tyk/tyk-gateway.pid: no such file or directory"" prefix=main

"time=""Sep 10 12:24:34"" level=error msg=""Failed to write PIDFile: mkdir /var/run/tyk: read-only file system"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""PIDFile location set to: /var/run/tyk/tyk-gateway.pid"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""Rich plugins are disabled"" prefix=coprocess

"time=""Sep 10 12:24:34"" level=info msg=""Starting Poller"" prefix=host-check-mgr

"time=""Sep 10 12:24:34"" level=info msg=""Tyk API Gateway v3.2.1"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""Starting gateway rate limiter notifications...""

"time=""Sep 10 12:24:34"" level=info msg=""API reload complete"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""Initialised API Definitions"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""Loading uptime tests..."" prefix=host-check-mgr

"time=""Sep 10 12:24:34"" level=info msg=""API Loaded"" api_id=1 api_name=""Tyk Test API"" org_id=default prefix=gateway server_name=-- user_id=-- user_ip=--

"time=""Sep 10 12:24:34"" level=info msg=""Checking security policy: Token"" api_id=1 api_name=""Tyk Test API"" org_id=default

"time=""Sep 10 12:24:34"" level=info msg=""API bind on custom port:0"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""Initialising Tyk REST API Endpoints"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""Tracking hostname"" api_name=""Tyk Test API"" domain=""(no host)"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""Loading API configurations."" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""Detected 1 APIs"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""Loading API Specification from /opt/tyk-gateway/apps/app_sample.json""

"time=""Sep 10 12:24:34"" level=info msg=""Loading policies"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""--> PID: 0"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""--> Listening on port: 8080"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""--> Listening on address: (open interface)"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""Tyk Gateway started (v3.2.1)"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""Initialising distributed rate limiter"" prefix=main

"time=""Sep 10 12:24:34"" level=warning msg=""Starting HTTP server on:[::]:8080"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""--> Standard listener (http)"" port="":8080"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""--> [REDIS] Creating single-node client""

"time=""Sep 10 12:24:34"" level=info msg=""Initialising Tyk REST API Endpoints"" prefix=main

"time=""Sep 10 12:24:34"" level=warning msg=""The control_api_port should be changed for production"" prefix=main

"time=""Sep 10 12:24:34"" level=error msg=""Failed ot get host pid: open /var/run/tyk/tyk-gateway.pid: no such file or directory"" prefix=main

"time=""Sep 10 12:24:34"" level=error msg=""Failed to write PIDFile: mkdir /var/run/tyk: read-only file system"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""PIDFile location set to: /var/run/tyk/tyk-gateway.pid"" prefix=main

"time=""Sep 10 12:24:34"" level=info msg=""Rich plugins are disabled"" prefix=coprocess

"time=""Sep 10 12:24:34"" level=info msg=""Starting Poller"" prefix=host-check-mgr

"time=""Sep 10 12:24:34"" level=info msg=""Tyk API Gateway v3.2.1"" prefix=main

"time=""Sep 10 12:24:33"" level=info msg=""--> [REDIS] Creating single-node client""

"time=""Sep 10 12:24:33"" level=info msg=""--> [REDIS] Creating single-node client""

"time=""Sep 10 12:24:33"" level=info msg=""Starting gateway rate limiter notifications...""

"time=""Sep 10 12:24:33"" level=info msg=""API reload complete"" prefix=main

"time=""Sep 10 12:24:33"" level=info msg=""Initialised API Definitions"" prefix=main

"time=""Sep 10 12:24:33"" level=info msg=""Loading uptime tests..."" prefix=host-check-mgr

"time=""Sep 10 12:24:33"" level=info msg=""API Loaded"" api_id=1 api_name=""Tyk Test API"" org_id=default prefix=gateway server_name=-- user_id=-- user_ip=--

"time=""Sep 10 12:24:33"" level=info msg=""Checking security policy: Token"" api_id=1 api_name=""Tyk Test API"" org_id=default

"time=""Sep 10 12:24:33"" level=info msg=""API bind on custom port:0"" prefix=main

"time=""Sep 10 12:24:33"" level=info msg=""Initialising Tyk REST API Endpoints"" prefix=main

"time=""Sep 10 12:24:33"" level=info msg=""Tracking hostname"" api_name=""Tyk Test API"" domain=""(no host)"" prefix=main

"time=""Sep 10 12:24:33"" level=info msg=""Loading API configurations."" prefix=main

"time=""Sep 10 12:24:33"" level=info msg=""Detected 1 APIs"" prefix=main

"time=""Sep 10 12:24:33"" level=info msg=""Loading API Specification from /opt/tyk-gateway/apps/app_sample.json""

"time=""Sep 10 12:24:33"" level=info msg=""Loading policies"" prefix=main

"time=""Sep 10 12:24:33"" level=info msg=""--> PID: 0"" prefix=main

"time=""Sep 10 12:24:33"" level=info msg=""--> Listening on port: 8080"" prefix=main

"time=""Sep 10 12:24:33"" level=info msg=""--> Listening on address: (open interface)"" prefix=main

"time=""Sep 10 12:24:33"" level=info msg=""Tyk Gateway started (v3.2.1)"" prefix=main

"time=""Sep 10 12:24:33"" level=info msg=""Initialising distributed rate limiter"" prefix=main

"time=""Sep 10 12:24:33"" level=warning msg=""Starting HTTP server on:[::]:8080"" prefix=main

"time=""Sep 10 12:24:33"" level=info msg=""--> Standard listener (http)"" port="":8080"" prefix=main

"time=""Sep 10 12:24:33"" level=info msg=""--> [REDIS] Creating single-node client""

"time=""Sep 10 12:24:33"" level=info msg=""Initialising Tyk REST API Endpoints"" prefix=main

"time=""Sep 10 12:24:33"" level=warning msg=""The control_api_port should be changed for production"" prefix=main

"time=""Sep 10 12:24:33"" level=error msg=""Failed ot get host pid: open /var/run/tyk/tyk-gateway.pid: no such file or directory"" prefix=main

"time=""Sep 10 12:24:33"" level=error msg=""Failed to write PIDFile: mkdir /var/run/tyk: read-only file system"" prefix=main

"time=""Sep 10 12:24:33"" level=info msg=""PIDFile location set to: /var/run/tyk/tyk-gateway.pid"" prefix=main

"time=""Sep 10 12:24:33"" level=info msg=""Rich plugins are disabled"" prefix=coprocess

"time=""Sep 10 12:24:33"" level=info msg=""Starting Poller"" prefix=host-check-mgr

"time=""Sep 10 12:24:33"" level=info msg=""Tyk API Gateway v3.2.1"" prefix=main

According to the logs the gateway can’t establish a connection to Redis. But I can see that there was some data written to Redis (using kubectl port-forwarding and redis commander).

image
image895×576 55.9 KB

4

You could check the health of the gateway to confirm if redis is connected properly.

About the logs, I will check on a few things and get back to you.

5

Just confirmed that if this is about the new Tyk Cloud, the hybrids do not appear anywhere in the UI at this time.

As long as the hybrid gateway receives the APIs and keys from the control plane — it’s connected

6

I checked the /hello resource. I got the following response:

{"status":"pass","version":"v3.2.1","description":"Tyk GW","details":{"redis":{"status":"pass","componentType":"datastore","time":"2021-09-11T09:08:54Z"}}}

Seems good so far - or should there also be a detail about rpc?

But I still can’t reach my backend service. The gateway always sends the response Not Found.

This is my API configuration (copied from Tyk API Manager UI):

{
  "created_at": "2021-09-07T10:29:23Z",
  "api_model": {},
  "api_definition": {
    "api_id": "36415fa19cf84b76767e900f2a22f6b7",
    "jwt_issued_at_validation_skew": 0,
    "upstream_certificates": {},
    "use_keyless": true,
    "enable_coprocess_auth": false,
    "base_identity_provided_by": "",
    "custom_middleware": {
      "pre": [],
      "post": [],
      "post_key_auth": [],
      "auth_check": {
        "name": "",
        "path": "",
        "require_session": false,
        "raw_body_only": false
      },
      "response": [],
      "driver": "",
      "id_extractor": {
        "extract_from": "",
        "extract_with": "",
        "extractor_config": {}
      }
    },
    "disable_quota": false,
    "custom_middleware_bundle": "",
    "cache_options": {
      "cache_timeout": 60,
      "enable_cache": true,
      "cache_all_safe_requests": false,
      "cache_response_codes": [],
      "enable_upstream_cache_control": false,
      "cache_control_ttl_header": "",
      "cache_by_headers": []
    },
    "enable_ip_blacklisting": false,
    "tag_headers": [],
    "jwt_scope_to_policy_mapping": {},
    "pinned_public_keys": {},
    "expire_analytics_after": 0,
    "domain": "tyk.heatmap.visitor-analytics.abl-solutions.io",
    "openid_options": {
      "providers": [],
      "segregate_by_client": false
    },
    "jwt_policy_field_name": "",
    "enable_proxy_protocol": false,
    "jwt_default_policies": [],
    "active": true,
    "jwt_expires_at_validation_skew": 0,
    "config_data": {},
    "notifications": {
      "shared_secret": "",
      "oauth_on_keychange_url": ""
    },
    "jwt_client_base_field": "",
    "auth": {
      "use_param": false,
      "param_name": "",
      "use_cookie": false,
      "cookie_name": "",
      "auth_header_name": "Authorization",
      "use_certificate": false,
      "validate_signature": false,
      "signature": {
        "algorithm": "",
        "header": "",
        "secret": "",
        "allowed_clock_skew": 0,
        "error_code": 0,
        "error_message": ""
      }
    },
    "check_host_against_uptime_tests": false,
    "auth_provider": {
      "name": "",
      "storage_engine": "",
      "meta": {}
    },
    "blacklisted_ips": [],
    "graphql": {
      "schema": "",
      "enabled": false,
      "engine": {
        "field_configs": [],
        "data_sources": []
      },
      "type_field_configurations": [],
      "execution_mode": "proxyOnly",
      "proxy": {
        "auth_headers": {}
      },
      "version": "2",
      "playground": {
        "enabled": false,
        "path": ""
      }
    },
    "hmac_allowed_clock_skew": -1,
    "dont_set_quota_on_create": false,
    "uptime_tests": {
      "check_list": [],
      "config": {
        "expire_utime_after": 0,
        "service_discovery": {
          "use_discovery_service": false,
          "query_endpoint": "",
          "use_nested_query": false,
          "parent_data_path": "",
          "data_path": "",
          "cache_timeout": 60
        },
        "recheck_wait": 0
      }
    },
    "enable_jwt": false,
    "do_not_track": false,
    "name": "Visitor Analytics",
    "slug": "visitor-analytics",
    "oauth_meta": {
      "allowed_access_types": [],
      "allowed_authorize_types": [],
      "auth_login_redirect": ""
    },
    "CORS": {
      "enable": false,
      "max_age": 24,
      "allow_credentials": false,
      "exposed_headers": [],
      "allowed_headers": [
        "Origin",
        "Accept",
        "Content-Type",
        "X-Requested-With",
        "Authorization"
      ],
      "options_passthrough": false,
      "debug": false,
      "allowed_origins": [
        "*"
      ],
      "allowed_methods": [
        "GET",
        "POST",
        "HEAD"
      ]
    },
    "event_handlers": {
      "events": {}
    },
    "proxy": {
      "target_url": "http://heatmap-service.heatmap.svc.cluster.local:3000",
      "service_discovery": {
        "endpoint_returns_list": false,
        "cache_timeout": 0,
        "parent_data_path": "",
        "query_endpoint": "",
        "use_discovery_service": false,
        "_sd_show_port_path": false,
        "target_path": "",
        "use_target_list": false,
        "use_nested_query": false,
        "data_path": "",
        "port_data_path": ""
      },
      "check_host_against_uptime_tests": false,
      "transport": {
        "ssl_insecure_skip_verify": false,
        "ssl_min_version": 0,
        "proxy_url": "",
        "ssl_ciphers": []
      },
      "target_list": [],
      "preserve_host_header": false,
      "strip_listen_path": false,
      "enable_load_balancing": false,
      "listen_path": "/",
      "disable_strip_slash": true
    },
    "client_certificates": [],
    "use_basic_auth": false,
    "version_data": {
      "not_versioned": true,
      "default_version": "",
      "versions": {
        "Default": {
          "name": "Default",
          "expires": "",
          "paths": {
            "ignored": [],
            "white_list": [],
            "black_list": []
          },
          "use_extended_paths": true,
          "extended_paths": {
            "ignored": [],
            "white_list": [],
            "black_list": [],
            "transform": [],
            "transform_response": [],
            "transform_jq": [],
            "transform_jq_response": [],
            "transform_headers": [],
            "transform_response_headers": [],
            "hard_timeouts": [],
            "circuit_breakers": [],
            "url_rewrites": [],
            "virtual": [],
            "size_limits": [],
            "method_transforms": [],
            "track_endpoints": [],
            "do_not_track_endpoints": [],
            "validate_json": [],
            "internal": []
          },
          "global_headers": {},
          "global_headers_remove": [],
          "global_response_headers": {},
          "global_response_headers_remove": [],
          "ignore_endpoint_case": false,
          "global_size_limit": 0,
          "override_target": ""
        }
      }
    },
    "jwt_scope_claim_name": "",
    "use_standard_auth": false,
    "session_lifetime": 0,
    "hmac_allowed_algorithms": [],
    "disable_rate_limit": false,
    "definition": {
      "location": "header",
      "key": "x-api-version",
      "strip_path": false
    },
    "use_oauth2": false,
    "jwt_source": "",
    "jwt_signing_method": "",
    "jwt_not_before_validation_skew": 0,
    "use_go_plugin_auth": false,
    "jwt_identity_base_field": "",
    "allowed_ips": [],
    "request_signing": {
      "is_enabled": false,
      "secret": "",
      "key_id": "",
      "algorithm": "",
      "header_list": [],
      "certificate_id": "",
      "signature_header": ""
    },
    "org_id": "61323e4bfa45870001520ec4",
    "enable_ip_whitelisting": false,
    "global_rate_limit": {
      "rate": 0,
      "per": 0
    },
    "protocol": "https",
    "enable_context_vars": false,
    "tags": [],
    "basic_auth": {
      "disable_caching": false,
      "cache_ttl": 0,
      "extract_from_body": false,
      "body_user_regexp": "",
      "body_password_regexp": ""
    },
    "listen_port": 0,
    "session_provider": {
      "name": "",
      "storage_engine": "",
      "meta": {}
    },
    "auth_configs": {
      "authToken": {
        "use_param": false,
        "param_name": "",
        "use_cookie": false,
        "cookie_name": "",
        "auth_header_name": "Authorization",
        "use_certificate": false,
        "validate_signature": false,
        "signature": {
          "algorithm": "",
          "header": "",
          "secret": "",
          "allowed_clock_skew": 0,
          "error_code": 0,
          "error_message": ""
        }
      },
      "basic": {
        "use_param": false,
        "param_name": "",
        "use_cookie": false,
        "cookie_name": "",
        "auth_header_name": "Authorization",
        "use_certificate": false,
        "validate_signature": false,
        "signature": {
          "algorithm": "",
          "header": "",
          "secret": "",
          "allowed_clock_skew": 0,
          "error_code": 0,
          "error_message": ""
        }
      },
      "coprocess": {
        "use_param": false,
        "param_name": "",
        "use_cookie": false,
        "cookie_name": "",
        "auth_header_name": "Authorization",
        "use_certificate": false,
        "validate_signature": false,
        "signature": {
          "algorithm": "",
          "header": "",
          "secret": "",
          "allowed_clock_skew": 0,
          "error_code": 0,
          "error_message": ""
        }
      },
      "hmac": {
        "use_param": false,
        "param_name": "",
        "use_cookie": false,
        "cookie_name": "",
        "auth_header_name": "Authorization",
        "use_certificate": false,
        "validate_signature": false,
        "signature": {
          "algorithm": "",
          "header": "",
          "secret": "",
          "allowed_clock_skew": 0,
          "error_code": 0,
          "error_message": ""
        }
      },
      "jwt": {
        "use_param": false,
        "param_name": "",
        "use_cookie": false,
        "cookie_name": "",
        "auth_header_name": "Authorization",
        "use_certificate": false,
        "validate_signature": false,
        "signature": {
          "algorithm": "",
          "header": "",
          "secret": "",
          "allowed_clock_skew": 0,
          "error_code": 0,
          "error_message": ""
        }
      },
      "oauth": {
        "use_param": false,
        "param_name": "",
        "use_cookie": false,
        "cookie_name": "",
        "auth_header_name": "Authorization",
        "use_certificate": false,
        "validate_signature": false,
        "signature": {
          "algorithm": "",
          "header": "",
          "secret": "",
          "allowed_clock_skew": 0,
          "error_code": 0,
          "error_message": ""
        }
      },
      "oidc": {
        "use_param": false,
        "param_name": "",
        "use_cookie": false,
        "cookie_name": "",
        "auth_header_name": "Authorization",
        "use_certificate": false,
        "validate_signature": false,
        "signature": {
          "algorithm": "",
          "header": "",
          "secret": "",
          "allowed_clock_skew": 0,
          "error_code": 0,
          "error_message": ""
        }
      }
    },
    "strip_auth_data": false,
    "id": "61373f03f14f740001cb4b3d",
    "certificates": [],
    "enable_signature_checking": false,
    "use_openid": false,
    "internal": false,
    "jwt_skip_kid": false,
    "enable_batch_request_support": false,
    "enable_detailed_recording": false,
    "response_processors": [],
    "use_mutual_tls_auth": false
  },
  "hook_references": [],
  "is_site": false,
  "sort_by": 0,
  "user_group_owners": [],
  "user_owners": []
}

This is all data that I have exported from Redis:

{
    "redis-test-a931259b-dc0c-4a34-b854-77235e27bd1c": "test",
    "redis-test-d7e538cc-2b49-4d78-905b-cded55c4d521": "test",
    "host-checker:PollerActiveInstanceID": "8273b57e-41f7-4f94-9179-49d81c19a1ed",
    "tyk-liveness-probe": "tyk-liveness-probe",
    "redis-test-89bdd4a9-de19-48b3-b017-53eb4df240cd": "test",
    "redis-test-7a4e6e0d-b140-4255-9417-ffce6fc684c8": "test",
    "redis-test-a4fb0512-3fea-496e-99bd-68cb5f85669a": "test",
    "redis-test-9f8057a4-12e2-4d45-b290-e27f1b8d18c7": null
}

Sending a request to https://tyk.heatmap.visitor-analytics.abl-solutions.io/locations returns Not Found. Usually, hitting /locations on my backend service returns a valid response. Looks like that the Gateway does not accept/route the request.

Behind tyk.heatmap.visitor.analytics.abl-solutions.io there is a NGINX Kubernetes Ingress. The Ingress forwords the request to the Tyk Gateway. It seems like that this is working.

Is there any way to troubleshoot this?

7

Hi @Raman,

Does the Host header coming in to tyk contain tyk.heatmap.visitor.analytics.abl-solutions.io? If that is the address that hits nginx it seems possible it will not be the address that nginx sends upstream to tyk.

The API is configured with "domain": "tyk.heatmap.visitor-analytics.abl-solutions.io" so it will be looking at the Host header and if that doesn’t match it will not identify that this is the API to be called. Which will result in a 404

If you have no other APIs defined in tyk you could try removing the domain config from the API to verify this.

Cheers,
Pete

8

Usually, the NGINX controller should not change the Host header - but I’m not 100% sure.

Removing the domain value does not change anything.
I also tried to access the Gateway directly by using kubectl port-forward and set the Host header in the request explicitly to tyk.heatmap.visitor.analytics.abl-solutions.io. Still getting Not Found.

Is there a way to check that the Gateway has applied the configuration from the Control Plane?

9

It would be great if someone could help me here. Currently, we are evaluating Tyk but our trial ends on friday. So far we couldn’t test anything due to this problem. :frowning:

10

Hey @Raman

One of the team is going to reach out directly and get a call setup to troubleshoot and get you up and running - you should have an email imminently!

Chris

1 Like