About Gateway Manager
The Gateway Manager
is a Kong Konnect functionality module
that lets you catalog, connect to, and monitor the status of all control planes
and data plane nodes in one place, as well as manage control plane configuration.
The Gateway Manager overview page displays a list of
control planes currently owned by the organization. From here, you can add or
delete control planes, or go into each individual control plane to manage
data plane nodes and their global configuration.
Figure 1: Example Gateway Manager dashboard with several control planes, including the
default control plane, a KIC control plane, and control planes for development and production.
With Konnect hosting the control plane, a data plane node
doesn’t need a database to store configuration data. Instead, configuration
is stored in-memory on each node, and you can easily update all data plane nodes
in a control plane with a few clicks.
The Gateway Manager, and the Kong Konnect application as
a whole, does not have access or visibility into the data flowing through your
data plane nodes, and it does not store any data except the state and connection details
for each node.
Konnect manages data plane configuration via control planes.
Control planes come in three types:
Kong Gateway control plane:
A collection of Kong Gateway data plane nodes sharing the same
configuration and behavior space. Each control plane
manages configurations independently.
Control plane group:
A type of control plane that manages central data plane nodes for multiple control planes.
It collects configuration from its member control planes and applies the
aggregate config to a group of nodes.
This means that teams within a group share a cluster of Kong Gateway data
plane nodes, where each team has its own segregated configuration.
Kong Ingress Controller
Monitor the configuration of Kubernetes-based Kong Gateway data plane nodes.
You can find a list of all control planes in your organization
on the Gateway Manager overview.
Access to each control plane is configurable on a team-by-team basis using
entity-specific permissions. For more information, see Administer teams.
Kong Gateway control planes
Every region in every organization starts with one default control plane.
This control plane can’t be deleted, and its status as the default can’t be changed.
With Konnect you can configure additional Kong Gateway
control panes, each of which will have isolated configuration.
Use multiple control planes in one Konnect organization to
manage data plane nodes and their configuration in any groupings you want.
Some common use cases for using multiple control planes include:
Environment separation: Split environments based on their purpose, such as
development, staging, and production.
Region separation: Assign each control plane to a region or group of
regions. Spin up data plane nodes in those regions for each control plane.
Team separation: Dedicate each control plane to a different team and share
resources based on team purpose.
Figure 1: Example control plane group configuration for three control planes: the default, a development CP, and a production CP. Konnect is the SaaS-managed global management plane that manages all of the control planes, while the control planes manage configuration for data plane nodes.
Control plane configuration
For each control plane, you can spin up data plane nodes and configure
the following Kong Gateway entities:
- Gateway services
- Consumer Groups
When there are multiple control planes, any entity configuration only
applies to the control plane that it was created in. Consumers and
their authentication mechanisms don’t carry over to other control planes.
Kong Gateway configuration in Konnect →
Control plane groups
A control plane group is a read-only control plane that combines configuration from
its members, which are standard Kong Gateway control planes. All of the members of a
control plane group share the same cluster of data plane nodes.
The benefits of a control plane group include:
Shared infrastructure, individual config: Users or organizations can share infrastructure,
while teams still have their own standard control planes to manage individual configuration.
Modular clusters: Combine standard control planes in different ways to create unique configurations
for different purposes.
Workspaces in the cloud: Control plane groups function similarly to Kong Gateway workspaces, with the added benefit of a cloud control plane.
Learn more about control plane groups:
Control plane dashboard
For each control plane, you can view traffic, error rate, and Kong Gateway service analytics for its data plane nodes.
This allows you to see how much of a control plane is used. You can also select the time frame of analytics that you want to display.
Deleting a control plane
Warning: Deleting a control plane is irreversible. Make sure that you are
certain that you want to delete the control plane, and that all entities and data plane
nodes in the control plane the have been accounted for.
To delete a control plane, you can use the Gateway Manager or the
Control Plane API.
When a control plane is deleted, all associated entities are also deleted.
This includes all entities configured in the Gateway Manager for this control plane.
As a best practice, back up a
control plane’s configuration before deleting it to avoid losing necessary configuration.
Data plane nodes that are still active when the control plane is deleted will not be
terminated, but they will be orphaned. They will continue processing traffic
using the last configuration they received until they are either connected to
a new control plane or manually shut down.
You cannot delete the default control plane.
Data plane nodes
A data plane node is a single Kong Gateway instance.
Data plane nodes service traffic for the control plane.
Kong does not host data plane nodes.
You must deploy your own nodes, either on your own systems or in
an external cloud provider.
The Gateway Manager simplifies data plane node deployment
by providing a script to provision a Kong Gateway data plane node in a
Docker container running Linux, on MacOS, or on Windows.
You can also choose to manually configure data plane nodes on various platforms, including cloud providers.
See the data plane node installation options for more detail.
You can extend Konnect by using plugins. Kong provides a set of standard Lua plugins that get bundled with Konnect. The set of plugins you have access to depends on your installation.
Custom plugins can also be developed by the Kong Community and are supported and maintained by the plugin creators. If they are published on the Kong Plugin Hub, they are called Community or Third-Party plugins.
See the Konnect plugin ordering documentation for more information.