Locating logs on tyk kubernetes (Community Edition) setup

Hi,

We are in the process of evaluating Tyk for API gateway use cases. We are using Tyk community edition for our evaluation. We have used the helm chart available in the tyk github account and could bring Tyk gateway component (community edition) up and running on our kubernetes on premises cluster. We know, we wont be having access to Dashboard in the Tyk Community Edition.

We could define and test api proxy configuration for a set of scenarios where no authorization and authorization header passing is required. But, when we tried to define api proxy configuration and testing it, we have been getting “There was a problem proxying the request tyk gateway” error. To debug and understand more on the root cause of this issue, we are not able to locate the logs information. We have searched in the tyk gateway pod’s /var/log/* and /etc/tyk-gateway/* folders.

Can someone help us by providing information on where to look for tyk-gateway’s log messages?

Thanks,
Suresh Charan

Your logs will be on the pod. I’d spend some more time with the kubernetes documentation if you’re choosing that architecture.

kubectl logs --help will give you your options

Thanks
Josh

Yes. We have verified gateway-tyk-headless-HASH pod’s log as well. Unfortunately, we dont see any useful information about the error.

We’re trying to configure endpoint for upstream API with the following json. We can successfully post this API definition using curl command.

{
  "name": "aai_keyless",
  "api_id": "1",
  "org_id": "default",
  "use_keyless": true,
  "auth": {
    "auth_header_name": "Authorization"
  },
  "version_data": {
    "not_versioned": true,
    "versions": {
      "default": {
        "name": "default",
        "expires": "",
        "paths": {
          "ignored": [],
          "white_list": [],
          "black_list": []
        }
      }
    }
  },
  "proxy": {
    "listen_path": "/aaitry",
    "target_url": "https://ipaddress:port/aai",
    "strip_listen_path": true
  }
}

However, we are getting the error as below when we tried to test with the curl command.
{
“error”: “There was a problem proxying the request”
}

Check the pod logs while you make the requests. It’s most likely some 500 code related to TLS or network availability between the gateway and your upstream service. i.e. IP not reachable, misconfigured cert etc

Also try curl from the gateway pod to your upstream to see if you can make requests at all.

Cheers

Thank you for your reply. We could check the pod logs while we make the requests. The error message was due to certs.

level=error msg="http: proxy error: x509: cannot validate certificate for xx.xx.xx.xxx because it doesn't contain any IP SANs" api_id=1 api_name="portal_keyless" mw=ReverseProxy org_id=default prefix=proxy server_name="xx.xx.xx.xxx:xxxxx" user_id=-- user_ip=127.0.0.1 user_name=

Now we would like to skip SSL verification on proxied backend. In another thread, it was suggested to modify Gateway config to set the value of “proxy_ssl_insecure_skip_verify” to true.

Do you think only changing the config value of proxy_ssl_insecure_skip_verify to true will help us.If yes, how do we change tyk configuration on a tyk kubernetes setup?

We have added the config for proxy_ssl_insecure_skip_verify in tyk-headless/configs/tyk_mgmt.conf file and redeployed tyk on k8s cluster. We were just wondering, if there is any better way to do this without redeploying tyk.

You can set it on a per api definition basis and this way wont need to restart the pod.