You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jan 22, 2021. It is now read-only.
we deployed Tyk.io CE using the Tyk Helm Chart to AKS. The ingress controller recognizes ingress ressources on pod creation and replication to API definitions in the gateway component works, as long as there is no reference to a TLS certificate (secret) defined in the ingress ressource. For ingress ressources with a dedicated TLS certificate (Ingress.spec.tls) the replication fails with a gateway-side error "Attempted administrative access with invalid or missing key!".
What we found out so far:
The communication between tyk-k8s and gateway-tyk-headless seems to work and only fails with the above error when replicating TLS certificates.
tyk-k8s recognizes the TLS certificate in the ingress ressource and tries replicating it to the gateway.
The API secret is set correctly by the Helm Chart to the environment variable TK8S_TYK_SECRET. During troubleshooting I also configured the secret explicitly in the tyk-k8s.yaml config file (this is done using a configmap within the Helm Chart - we also verified, that the correct value is handed over to the pod to etc/tyk-k8s/tyk-k8s.yaml).
I suspect that there is an issue with the HTTP request (missing/incorrect X-Tyk-Authorization header?) when tyk-k8s replicates TLS certificates to the gateway. However, I would not rule out misconfiguration issues. Has anybody else experienced this issue? Do we need to configure anything special on the gateway side? Are TLS certificates in ingress ressources supported with Tyk CE at all?
Thanks in advance!
The text was updated successfully, but these errors were encountered:
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Hey there,
we deployed Tyk.io CE using the Tyk Helm Chart to AKS. The ingress controller recognizes ingress ressources on pod creation and replication to API definitions in the gateway component works, as long as there is no reference to a TLS certificate (secret) defined in the ingress ressource. For ingress ressources with a dedicated TLS certificate (
Ingress.spec.tls
) the replication fails with a gateway-side error"Attempted administrative access with invalid or missing key!"
.What we found out so far:
tyk-k8s
andgateway-tyk-headless
seems to work and only fails with the above error when replicating TLS certificates.tyk-k8s
recognizes the TLS certificate in the ingress ressource and tries replicating it to the gateway.TK8S_TYK_SECRET
. During troubleshooting I also configured the secret explicitly in thetyk-k8s.yaml
config file (this is done using a configmap within the Helm Chart - we also verified, that the correct value is handed over to the pod toetc/tyk-k8s/tyk-k8s.yaml
).I suspect that there is an issue with the HTTP request (missing/incorrect
X-Tyk-Authorization
header?) whentyk-k8s
replicates TLS certificates to the gateway. However, I would not rule out misconfiguration issues. Has anybody else experienced this issue? Do we need to configure anything special on the gateway side? Are TLS certificates in ingress ressources supported with Tyk CE at all?Thanks in advance!
The text was updated successfully, but these errors were encountered: