If you already have a zone Control Plane that’s not connected to any global Control Plane, you can federate it to Konnect using Mesh Manager.
By federating a zone Control Plane, you move Kong Mesh from a single-zone setup to a multi-zone setup. This enables automatic service failover if a specific zone becomes unavailable.
This guide explains how to federate a zone Control Plane to Konnect by migrating an existing Kong Mesh zone and adding a new one.
kumactl installed and configuredIn Mesh Manager, click Global Control Plane Actions, then Configure kumactl.
Configure kumactl to access the zone Control Plane.
Kubernetes only: If your zone is deployed on Kubernetes, forward port 5681 for access:
kubectl port-forward svc/kong-mesh-control-plane -n kong-mesh-system 5681
Use the admin token to configure kumactl:
export ZONE_USER_ADMIN_TOKEN=$(kubectl get secrets -n kong-mesh-system admin-user-token -ojson | jq -r .data.value | base64 -d)
kumactl config control-planes add \
--address http://localhost:5681 \
--headers "authorization=Bearer $ZONE_USER_ADMIN_TOKEN" \
--name "zone-cp" \
--overwrite
Universal/VM only: Follow the API server authentication guide to configure kumactl.
Export federation-ready resources:
kumactl export --profile=federation --format=universal > resources.yaml
Switch kumactl to target the Konnect global Control Plane:
kumactl config control-planes list
kumactl config control-planes switch --name {konnect-config-name}
Apply the exported resources:
kumactl apply -f resources.yaml
Create a new zone in Konnect.
Replace your existing zone Control Plane’s values.yaml configuration with the values provided by the Konnect UI wizard.
Restart the zone Control Plane with the new configuration.
Once restarted, Konnect will automatically detect and display the new zone in the UI.
Navigate to Mesh Manager and confirm: