Tyk CE on Minikube, where is tyk.conf so I can get secret

I have installed Tyk CE (open-source) version into minikube cluster using helm charts.

After a start with: minikube service gateway-svc-tyk-ce-tyk-headless

I can hit it via<random_port>/hello and get:

{"status":"pass","version":"v3.2.1","description":"Tyk GW","details":{"redis":{"status":"pass","componentType":"datastore","time":"2021-08-25T13:29:22Z"}}}

So now I am trying to follow along with next step Create API sample from Create an API

Under Open-Source tab, this the first step:

Step 1: Make sure you know your API secret

Your Tyk Gateway API secret is stored in your tyk.conf file, the property is called secret, you will need to use this as a header called x-tyk-authorization to make calls to the Gateway API.

Now I have no idea where this tyk.conf is located for this installation? How do I get this “secret” so I can interact with Gateway API. I feel like documentation/samples have so much assumed knowledge.

So to share how I got secret. In the helm charts article there is a step to create values.yaml file.

helm show values tyk-helm/tyk-headless > values.yaml

In that yaml file under secrets - APISecret it shows CHANGEME. Well I did not change it. Installing:

helm install tyk-ce tyk-helm/tyk-headless --version 0.9.2 -f values.yaml -n tyk

And that makes my secret: CHANGEME.
I pass it to the header x-tyk-authorization and viola.

Glad to hear that you found your way to solution !!! Just want to let you know that after the installation of Tyk CE, you will find a secret resource created named as “secrets-tyk-ce-tyk-headless” under your namespace which contains your APISecret key in a base64 encoded form. To decode its value you can use below command

kubectl get secrets/secrets-tyk-ce-tyk-headless --template={{.data.APISecret}} | base64 -d

The decoded value then can be passed to the header x-tyk-authorization . Attaching the link https://github.com/TykTechnologies/tyk-helm-chart/blob/master/tyk-headless/templates/secrets.yaml for your reference to the Secret resource .

Thanks @Cherry! I had to make small change to that command to add the namespace:

kubectl get secrets/secrets-tyk-ce-tyk-headless -n tyk --template={{.data.APISecret}} | base64 -d

Do you know how to update this value?

Hey @crnastena , to change the value of the APISecret after the installation, you can either make the change for the APISecret at the values.yaml file and upgrade your helm release to a newer version or you can pass the updated value of the APISecret using --set flags during helm upgrade command. I would recommend you to use the latter one as it set the values at runtime. Below are the steps to do this

helm upgrade tyk-ce tyk-helm/tyk-headless -f values.yaml --set secrets.APISecret="<your-value>"

Now, check again the APISecret value from the secret as we did earlier

kubectl get secrets/secrets-tyk-ce-tyk-headless -n tyk --template={{.data.APISecret}} | base64 -d

It will be changed to the value which we have passed using the --set flag above. Now, to make the gateway use this new APISecret value, simply delete your gateway pod and it will be recreated automatically referencing new APISecret as it is a Daemon Set.

kubectl delete pod gateway-tyk-ce-tyk-headless-xxxxx -n tyk

Once the pod comes up, you can test the newly changed values by creating an API or try reloading the gateway.

1 Like