This repository provides comprehensive deployment solutions for Tyk Control Plane, supporting both traditional script-based deployment and modern GitOps workflows.
# One-command Helm-based deployment
make helm-deploy# One-command GitOps deployment
make gitops-deploytyk-ops/
βββ terraform/ # Infrastructure as Code
β βββ deployments/control-plane/ # Terraform configurations
βββ kubernetes/ # Kubernetes manifests
β βββ tyk-control-plane/ # Helm values and configs
βββ gitops/ # GitOps manifests
β βββ applications/ # ArgoCD applications
β βββ prerequisites/ # Prerequisites (cert-manager, CRDs)
β βββ control-plane/ # Control plane manifests
βββ scripts/ # Deployment scripts
β βββ install-argocd.sh # ArgoCD installation
β βββ setup-gitops.sh # GitOps setup
β βββ [traditional scripts...]
βββ docs/ # Documentation
βββ deployment-playbook.md # Traditional deployment guide
βββ gitops-deployment-guide.md # GitOps deployment guide
Perfect for getting started quickly or when you need manual control:
# Deploy infrastructure
terraform apply -var-file="examples/dev.tfvars"
# Extract secrets
./scripts/extract-infrastructure-secrets.sh
# Setup prerequisites
./scripts/setup-cluster-prerequisites.sh
# Deploy Tyk Control Plane
./scripts/deploy-tyk-control-plane.shBenefits:
- Quick setup
- Manual control
- Easy troubleshooting
- Immediate feedback
Modern, production-ready approach for scalable deployments:
# 1. Provision infrastructure (AKS cluster + databases)
cd terraform/deployments/control-plane/azure
terraform apply -var-file="examples/dev.tfvars"
# 2. Extract secrets and configure kubectl
./scripts/extract-infrastructure-secrets.sh
# 3. Install ArgoCD on the provisioned cluster
make install-argocd
# 4. Setup Tyk applications in ArgoCD (auto-detects your Git repo)
make setup-gitops
# 5. Monitor ArgoCD deployment (Tyk deploys automatically)
make gitops-statusπ How GitOps Works: Step 5 creates ArgoCD applications that automatically deploy:
- Prerequisites: cert-manager, Tyk Operator CRDs, namespaces
- Tyk Control Plane: Dashboard, Gateway, MDCB, Pump, Developer Portal, Operator
π Automated Sync: All applications have automated sync enabled - any Git commit to the main branch will trigger automatic re-deployment within 3 minutes (default ArgoCD polling interval).
π Demo Repository: Fork this repository and the setup script automatically detects your fork and configures ArgoCD to use it!
π Repository Access: Ensure your forked repository is publicly accessible or configure ArgoCD with appropriate credentials for private repositories.
Benefits:
- Declarative configuration
- Automated synchronization
- Audit trail and rollback
- Multi-environment support
- Tyk Dashboard: API management interface
- Tyk Gateway: API gateway for control plane
- Tyk MDCB: Multi-Data Center Bridge
- Tyk Pump: Analytics processor
- Tyk Developer Portal: API portal
- Tyk Operator: Kubernetes-native API management
- Azure AKS: Current implementation
- AWS EKS: Planned support
- GCP GKE: Planned support
- DigitalOcean DOKS: Planned support
.env: Tyk licenses and admin credentialsinfrastructure.env: Generated from Terraform outputs
dev.tfvars: Development environmentstaging.tfvars: Staging environmentprod.tfvars: Production environment
# Traditional deployment
make status
# GitOps deployment
make gitops-status# Tyk Dashboard
kubectl port-forward -n tyk svc/tyk-cp-tyk-dashboard 3000:3000
# Developer Portal
kubectl port-forward -n tyk svc/tyk-cp-tyk-dev-portal 3001:3001
# Tyk Gateway
kubectl port-forward -n tyk svc/tyk-cp-tyk-gateway 8080:8080# Access ArgoCD UI
kubectl port-forward svc/argocd-server -n argocd 8080:443
# Open: https://localhost:8080make setup-prerequisites # Install prerequisites
make deploy # Deploy Tyk Control Plane
make helm-deploy # Complete Helm-based deployment
make status # Check deployment statusmake install-argocd # Install ArgoCD
make create-secrets # Create Kubernetes secrets (optional)
make setup-gitops # Setup GitOps applications
make gitops-deploy # Complete GitOps deployment
make gitops-status # Check GitOps statusmake logs-dashboard # Show Dashboard logs
make logs-mdcb # Show MDCB logs
make logs-portal # Show Portal logs
make logs-all # Show all component logs- Traditional Deployment Playbook: Complete guide for script-based deployment
- GitOps Deployment Guide: Comprehensive ArgoCD-based deployment
- Terraform Deployment Guide: Infrastructure provisioning details
- Architecture Decisions: Infrastructure design decisions
- Tyk Control Plane Deployment: Component-specific deployment details
- Infrastructure secrets generated from Terraform outputs
- Kubernetes secrets created automatically
- No secrets committed to Git repository
- Support for external secret management (Vault, External Secrets Operator)
- All services deployed with ClusterIP (no internet exposure)
- SSL/TLS enabled for all communications
- Network policies can be applied for additional security
# Development
terraform apply -var-file="examples/dev.tfvars"
# Staging
terraform apply -var-file="examples/staging.tfvars"
# Production
terraform apply -var-file="examples/prod.tfvars"- main: Production deployments
- staging: Staging deployments
- develop: Development deployments
- Tyk Operator CrashLoopBackOff: Check CRD installation
- MDCB Issues: Verify license and security secrets
- Database Connection: Check PostgreSQL connection strings
- ArgoCD Sync Issues: Check application status and logs
- SSH Agent Error: ArgoCD requires HTTPS Git URLs, not SSH
- The setup script automatically converts SSH URLs to HTTPS
- If you encounter SSH errors, ensure your repository is publicly accessible
# Check all pods
kubectl get pods -n tyk
# Check recent events
kubectl get events -n tyk --sort-by='.lastTimestamp'
# Check ArgoCD applications (GitOps)
kubectl get applications -n argocd- Git-driven: All changes are made via Git commits
- Automatic sync: ArgoCD polls the repository every 3 minutes for changes
- Instant deployment: Push to main/master branch triggers automatic re-deployment
- Self-healing: ArgoCD automatically reverts manual kubectl changes
# 1. Make changes to GitOps manifests
vim gitops/applications/tyk-control-plane.yaml
# 2. Commit and push changes
git add .
git commit -m "Update Tyk configuration"
git push origin main
# 3. ArgoCD automatically detects and applies changes (within 3 minutes)
# No manual intervention required!- Root Application: Automated sync with pruning and self-healing
- Prerequisites: Automated sync with retry logic
- Tyk Control Plane: Automated sync with retry logic
# Force immediate sync without waiting for polling
kubectl patch app tyk-control-plane -n argocd -p '{"metadata":{"annotations":{"argocd.argoproj.io/refresh":"hard"}}}'
# Or use ArgoCD CLI
argocd app sync tyk-control-plane- Fork the repository
- Create a feature branch
- Make your changes
- Test thoroughly
- Submit a pull request
This project is licensed under the MIT License - see the LICENSE file for details.
For issues and questions:
- Check the troubleshooting sections in the documentation
- Review the logs using the provided commands
- Open an issue in this repository
- Contact the Tyk team for enterprise support
Get started with Tyk Control Plane today! π
Choose your deployment method:
- Quick Start:
make helm-deploy(Traditional Helm) - Production Ready:
make gitops-deploy(GitOps)