Docker installation
To use tyger with Docker, you will need to have Docker installed on your local system.
The steps for installing Tyger are:
- Install the
tyger
CLI. - Create an installation config file.
- Install the Tyger API.
After installing the tyger
CLI, you will use it for the subsequent steps.
Install the tyger
CLI
tyger
is a single executable file. To install it:
- Visit the releases page.
- Download the right archive for your platform.
- Extract the archive to find the
tyger
executable. Copy it to a directory included in your PATH environment variable.
You should now be able to run tyger --version
.
Generate an installation configuration file
We will now generate an installation configuration file, which will be used for subsequent installation steps.
Next, generate the file with:
tyger config create -f config-path.yml
This command runs an interactive wizard, resulting in a config file saved at the specified location. We recommend keeping this file under version control.
Review and adjust the file's contents as needed.
The installation configuration file typically looks like this:
kind: docker
# The installation path. Defaults to /opt/tyger.
installationPath:
# Optionally specify the user id that the services will run as
userId:
# Optionally specify the user group ID that will be allowed
# to access the Tyger API
allowedGroupId:
# The port on which the data plane API will listen
dataPlanePort: 46339
# Specify asymmetric signing keys for the data plane service.
# These can be generated with `tyger api generate-signing-key`
# These files must not be stored in a source code repository.
signingKeys:
primary:
public: ${HOME}/tyger-signing-public.pem
private: ${HOME}/tyger-signing.pem
# Optionally specify a secondary key pair.
# The primary key will always be used for signing requests.
# Signature validation will accept payloads signed with either the
# primary or secondary key.
# secondary:
# private:
# public:
# Optionally specify settings for the Docker network to be created
# network:
# subnet: 172.20.0.0/16
# Optionally specify container images to use.
# controlPlaneImage:
# dataPlaneImage:
# bufferSidecarImage:
# gatewayImage:
# gatewayImage:
All of the installation commands (tyger api install
, tyger api uninstall
, etc.) require you to give a path the the config file (--file|-f PATH
).
Install the Tyger API
You are now ready to install the Tyger, API, which can be done by running:
tyger api install -f config.yml
Note
If using Windows, you will need to run this command from a WSL prompt.
If using the default installationDirectory
(/opt/tyger
), you will probably need to create it using ahead of time using sudo
. For example:
uid=$(id -u)
gid=$(id -g)
sudo mkdir /opt/tyger
sudo chown -R "$uid":"$gid" /opt/tyger
We have an open issue to reduce the permissions of the installation directory.
Testing it out
If using the default installation directory, you can log in with the tyger
CLI using:
tyger login --local
If using a different directory, you can log specifying the socket path:
tyger login unix:///path/to/installation/dir/api.sock
Or you can set the TYGER_SOCKET_PATH
environment variable:
export TYGER_SOCKET_PATH=/path/to/installation/dir/api.sock
tyger login --local
Once logged in, you should be able to run any of the core commands, such as:
tyger run list
Uninstalling
To uninstall the Tyger API, run:
tyger api uninstall -f config.yml
Note: This does not delete any database data or buffers. To permanently delete all data along with the API, run:
tyger api uninstall -f config.yml --delete-data
Security and remote access
The local Docker mode uses Unix domain sockets for communication and access to the Tyger API is controlled by file permissions on these sockets. You can use the userId
and allowedGroupId
properties on the installation config file to set these permissions.
To access Tyger from another machine, the tyger
CLI supports connecting to a Tyger server over SSH. To do this, run:
tyger login ssh://user@host
For this to work, it must be possible to connect to the SSH host using SSH keys, not a password.
The format of the SSH URL is:
ssh://[user@]host[:port][/path/to/installation/directory/api.sock][?key1=value1&key2=value2]
All values in []
are optional. The user and port default values will come from your SSH config file (~/.ssh/config). The API socket path can be omitted if the socket path is the default /opt/tyger/api.sock
or if the TYGER_SOCKET_PATH
environment variable is set on the SSH host.
Additional parameters can be passed in as query parameters (after the ?
). These are:
cliPath
, to speciy that path to thetyger
CLI on the host. This is only necessary if the localtion is not part of thePATH
variable.option[sshConfigKey]
, to specify additional SSH configuration options. For example,ssh://myhost?option[StrictHostChecking]=no
results in a SSH command that looks likessh myhost -o StrictHostChecking=no
For the best user experience with SSH, configure ~/.ssh/config as follows to allow reusing a SSH connection for multiple invocations of the tyger
CLI:
ControlMaster auto
ControlPath ~/.ssh/control-%C
ControlPersist yes