Tyk OSS Operator Tutorial Always Returns 404

JohnHunterDDS · June 23, 2023, 10:03am

Hi,

We are currently evaluating Tyk for a new product we plan to bring to market later this year but I’m stuck getting Tyk Operator correctly configured.

I’ve followed the steps in this guide [tyk-charts/tyk-oss at main · TykTechnologies/tyk-charts · GitHub]

However, when it comes to running the test curl -i localhost:8080/httpbin/get all I get back is a 404 response with the following message being logged
Handling connection for 8080
E0623 11:07:32.746221 107096 portforward.go:391] error copying from local connection to remote stream: read tcp4 127.0.0.1:8080->127.0.0.1:47928: read: connection reset by peer
Handling connection for 8080

My configuration is as follows -
Windows 11
Docker Desktop + WSL2 Integration + Kubernetes enabled
Ubuntu 22.04.2 LTS

Any help would be greatly appreciated.

J.

Olu · June 26, 2023, 1:19pm

Hello @JohnHunterDDS and welcome to the community.

Can you confirm that your liveness check endpoint is healthy?

JohnHunterDDS · June 27, 2023, 10:35am

Hi Olu,

I managed to get it working. The issue was that the gateway was running in namespace tyk and the operator was running in namespace tyk-operator-system. These namespaces are the ones specified in the various getting started docs, so should the operator and gateway share the same namespace or is there a configuration step that I’m missing?

Thanks
John

carol · June 27, 2023, 1:25pm

Hi @JohnHunterDDS , welcome to the community!

Tyk Operator and Tyk Gateway can run on different namespace, as long as tyk-operator-conf is configured with the correct gateway management URL.

For example:

kubectl create secret -n $TYK_OPERATOR_NS generic tyk-operator-conf \
  --from-literal "TYK_AUTH=$APISecret" \
  --from-literal "TYK_ORG=org" \
  --from-literal "TYK_MODE=ce" \
  --from-literal "TYK_URL=http://gateway-svc-tyk-oss-tyk-gateway.$NAMESPACE.svc.cluster.local:443" \
  --from-literal "TYK_TLS_INSECURE_SKIP_VERIFY=true"

JohnHunterDDS · July 3, 2023, 1:40pm

Thanks Carol, that helped getting along to the next step which is SSL.

I’m trying to follow this sample (tyk-operator/config/samples/tls/example.yaml at master · TykTechnologies/tyk-operator · GitHub) using a certificate generated with this walkthrough Transport layer security and Tyk - Tyk API Gateway.

Using only non-SSL everything is cool, trying to use the available guidance for enabling SSL and we’re back to getting a 404.

Any suggestions? Is there a decent walkthrough example on how to enable SSL with Tyk Operator via Helm?

Thanks again
John.

Ubong · July 7, 2023, 7:33am

Hi @JohnHunterDDS,

You should be able to enable SSL on your gateway by setting tls in your values.yaml to true, and specifying the path to the certificate using extraEnvs (specifically the TYK_GW_HTTPSERVEROPTIONS_SSLCERTIFICATES variable on the gateway.

If you’re using this repo, you can enable the gateway SSL here.

This other line will let you use the certificate already provided (in the templates folder), rather than one you’ve generated yourself.

Hope this helps.