Custom Go Plugin (.so) Not Persisting in Middleware Directory via InitContainer (Helm/K8s) #7200
Description
Description
We're deploying Tyk Gateway CE v5.3.0 on Kubernetes (EKS) via the official Helm chart. We need to load a custom Go plugin (.so file, ~32 MB) stored in Azure Blob Storage:
https://blobstorage.blob.core.windows.net/tykstorage/authenticator_v5.3.0_linux_amd64.so
We’re using an initContainer to download the .so into a shared emptyDir volume mounted at /opt/tyk-gateway/middleware/, which is also mounted into the main gateway container.
What We Tried
Snippet from our values.yaml:
yaml
extraVolumes:
- name: tyk-plugins
emptyDir: {}
extraVolumeMounts:
- name: tyk-plugins
mountPath: /opt/tyk-gateway/middleware/
initContainers:
setupDirectories:
image: curlimages/curl:latest
command: [ "sh", "-c" ]
args:
- |
mkdir -p /opt/tyk-gateway/middleware && \
curl -f -L -o /opt/tyk-gateway/middleware/authenticator.so \
https://blobstorage.blob.core.windows.net/tykstorage/authenticator_v5.3.0_linux_amd64.so && \
ls -lh /opt/tyk-gateway/middleware
volumeMounts:
- name: tyk-plugins
mountPath: /opt/tyk-gateway/middleware/
The Tyk container is also configured with:
yaml
extraVolumeMounts:
- name: tyk-plugins
mountPath: /opt/tyk-gateway/middleware/
And TYK_GW_MIDDLEWAREPATH is correctly pointing to that directory.
Observed Behavior
Pod starts without errors.
The .so appears to be downloaded successfully (no download errors, Azure returns 200 OK).
However, inside the running gateway container, the /opt/tyk-gateway/middleware/ dir is empty — no .so file.
Tyk logs show no errors related to middleware loading.
Expected Behavior
The .so plugin file should persist in the shared volume and be visible inside /opt/tyk-gateway/middleware in the main Tyk container so Tyk can load the plugin at runtime.
Questions / Assistance Requested
Is using an initContainer with curl (or wget) and emptyDir the recommended method to deploy Go plugins to Tyk in Kubernetes?
Are there known limitations or issues with emptyDir volume sharing across initContainers and Tyk gateway pods?
Would bundling the .so into the Docker image be a better or required approach?
Does Tyk have alternative supported mechanisms (like S3 downloader, Helm extraContainers, or bundle server)?
Additional Info
Azure Blob download tested independently with curl -I and returns valid 200 OK.
Also tried with wget in busybox, same outcome.
Both curlimages/curl and busybox:1.32 for initContainer saw correct download behavior but file not visible in main container.