Replication of TLS certificates to gateway fails with "Attempted administrative access with invalid or missing key!"

[fastexitlane]

Hey there,

we deployed Tyk.io CE using the Tyk Helm Chart to AKS. The ingress controller recognizes ingress ressources on pod creation and replication to API definitions in the gateway component works, as long as there is no reference to a TLS certificate (secret) defined in the ingress ressource. For ingress ressources with a dedicated TLS certificate (Ingress.spec.tls) the replication fails with a gateway-side error "Attempted administrative access with invalid or missing key!".

What we found out so far:

• The communication between tyk-k8s and gateway-tyk-headless seems to work and only fails with the above error when replicating TLS certificates.
• tyk-k8s recognizes the TLS certificate in the ingress ressource and tries replicating it to the gateway.
• The API secret is set correctly by the Helm Chart to the environment variable TK8S_TYK_SECRET. During troubleshooting I also configured the secret explicitly in the tyk-k8s.yaml config file (this is done using a configmap within the Helm Chart - we also verified, that the correct value is handed over to the pod to etc/tyk-k8s/tyk-k8s.yaml).

I suspect that there is an issue with the HTTP request (missing/incorrect X-Tyk-Authorization header?) when tyk-k8s replicates TLS certificates to the gateway. However, I would not rule out misconfiguration issues. Has anybody else experienced this issue? Do we need to configure anything special on the gateway side? Are TLS certificates in ingress ressources supported with Tyk CE at all?

Thanks in advance!