Is tyk-operator production ready?

Hi ,

Is tyk-operator ready for production usage? Is there a cookbook to guide for set up tyk api gateway(OSS) and tyk-operator in production environment? Thank you.

BR, Kevin

Hi @uzmo

Is tyk-operator ready for production usage?

Yes: We have several customers using tyk-opeartor in production from startups through to fortune 100 enterprises. In this regard, it is definitely production ready.

Please note not all features have been implemented yet: Tyk Operator is under active development. It is still new, and we are adding features & capabilities every week.

see our API Definition documentation, tyk-operator/api_definitions.md at master · TykTechnologies/tyk-operator · GitHub which we have clearly provided guidance for features which have been:

  • tested and working
  • untested
  • not implemented

If there are any capabilities you need, but are not available yet, please open a feature request and we will be happy to look into the possibility of prioritising them.

We implemented BDD for each of our core capabiities. These tests run against K8s versions 1.16 through to 1.20. tyk-operator/pro.yaml at master · TykTechnologies/tyk-operator · GitHub

As an example, for our loading of certificates from cert-manager to Tyk’s certificate storage (to dynamically load into ingress): tyk-operator/certificates.feature at master · TykTechnologies/tyk-operator · GitHub

Is there a cookbook to guide for set up tyk api gateway(OSS) and tyk-operator in production environment?

Tyk Operator with Open Source Gateway was primarily designed for enterprise customer use-cases - where this setup is typically used locally in a kind/minikube development environment, or within CI/CD, or in a dev/qa/staging environment allowing consistency (production-like functionality) in lower environments, without needing to boot the entire Tyk enterprise stack.

The limitation with the Open Source offering is that the Operator will only manage a single Gateway. meaning if you need HA / a clustered gateway setup - such as different gateways in different namespaces, this is not currently possible without taking a paid license, or deploying the Operator multiple times - one operator per gateway as nginx / traefik would do it with their ingress controllers.

Further, the open source Gateway offering currently does not expose a Security Policy API. Meaning that you will need to manually manage security policies by mounting them as volumes into the gateway containers. Once again, if you need dynamic security policies - you would need to take a paid license.

So in summary - Tyk Community Edition + Tyk Operator is definitely production ready. Unlike our competitors, our gateway is 100% open source meaning there is no feature lockout. Only depending on your deployment topology / complexity, your life will be made significantly easier with a paid license when operating a production environment. We have to eat too. :smiley:

For instructions on deploying Tyk Operator, please see:

3 Likes