Skip to main content

โœ… How to Enable TLS for the Tyk Enterprise Developer Portal (EDP)

Marvin Huaco
  • Updated
 

Enabling TLS for the Tyk Enterprise Developer Portal (EDP) is essential for securing all user traffic, ensuring that authentication and sensitive portal interactions remain encrypted. This guide outlines the recommended approach to configuring TLS/HTTPS for the EDP in a Kubernetes environment so teams can meet security and compliance requirements.

 

1. Generate a Self-Signed TLS Certificate

Run the following command to generate a certificate and private key:

openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
  -keyout tls.key -out tls.crt \
  -subj "/CN=localhost/O=local"

 

This will produce:

  • tls.crt โ€“ certificate

  • tls.key โ€“ private key

 

2. Create a Kubernetes TLS Secret

Create the secret in the same namespace where Tyk is installed (example: tyk):

kubectl create secret tls tyk-tls-secret \
  --cert=tls.crt \
  --key=tls.key \
  -n tyk

 

3. Enable TLS in Helm Values

Ensure the following setting is enabled in values.yaml:

global:
  tls:
    devPortal: true

This tells the Tyk Helm chart to use HTTPS for probes and internal communication.

 

4. Mount the TLS Secret Into the Pod

Add the following sections in your Helm values:

Volumes

extraVolumes:
  - name: tls-volume
    secret:
      secretName: tyk-tls-secret

 

Volume Mounts

extraVolumeMounts:
 - name: tls-volume
   mountPath: /etc/ssl/certs
   readOnly: true

This makes the certificate and key available at:

/etc/ssl/certs/tls.crt
/etc/ssl/certs/tls.key

 

5. Configure TLS Environment Variables

Add the required TLS environment variables to the Developer Portal:

extraEnvs:
  - name: PORTAL_TLS_ENABLE
    value: "true"
  - name: PORTAL_TLS_INSECURE_SKIP_VERIFY
    value: "true"
  - name: PORTAL_TLS_CERTIFICATES
    value: '[{"Name":"localhost","CertFile":"/etc/ssl/certs/tls.crt","KeyFile":"/etc/ssl/certs/tls.key"}]'

These instruct the Portal to use the mounted certificates.

 

6. Apply the Helm Upgrade

After updating values.yaml:

helm upgrade tyk-portal tyk-helm/portal -n tyk -f values.yaml

 

7. Validation

After the pod starts, confirm:

kubectl get pods -n tyk
kubectl describe pod <portal-pod> -n tyk

Related articles

Comments

0 comments

Please sign in to leave a comment.