Working with control plane groups
A control plane group (CPG) is a read-only group that combines configuration from its members, which are standard control planes (CP). All of the standard control planes within a control plane group share the same cluster of data plane nodes.
In this guide, you will set up a control plane groups with two members, then test that the configuration from both member control planes is applied to the group.
- You must have the control plane admin role to fully manage control plane groups.
- If you are using the Konnect API, you have a personal or system access token.
Using control plane groups
Set up standard control planes
First, let’s create a standard control plane.
This control plane will be a member of a control plane group later on.
If you already have some standard control planes in your org that you want to add to a group, skip to creating a control plane group.
Set up control plane group
Next, create a control plane group with the control planes
CP2 as its members.
Set up a data plane node
Set up a data plane node in the control plane group.
Navigate to Gateway Manager, select
CPG, select Data Plane Nodes from the navigation menu, then click on the New Data Plane Node button.
Choose your installation method, then follow the instructions in Konnect to set up the data plane node.
Once the data plane node is connected, go back to the Gateway Manager.
Configure standard control planes
Create a service and route in
CP1. This will let you test the connection between members of a group.
Let’s test that the configurations from
CP2 are both being applied to the proxy running on
You should now have three control planes with the following configurations:
CP1: Has a service (
example_service) and a route (
CP2: Nothing configured
CPG: Has one data plane node
First, test the configuration of
CP1 by accessing it through the proxy URL
localhost:8000, which is
running on the data plane node configured in the
This means that the route is active, and the basic authentication plugin is blocking access to the route.
Since you were able to access the route, apply an auth plugin, and then add authorization to the route, it means that the configuration from both member control planes was applied. You now have a working control plane group.