Single-zone deployment

A single-zone deployment is the default deployment mode for Kong Mesh. In this mode, there is one deployment of the control plane that can be scaled horizontally. The data plane proxies connect to the control plane regardless of where they are deployed, and every data plane proxy must be able to connect directly to every other data plane proxy, regardless of where they are deployed.

Single-zone mode is a great choice to start within the context of one zone (for example, within one Kubernetes cluster or one AWS VPC). You can then federate it into a multi-zone deployment.

A single-zone deployment consists of two components, each with distinct responsibilities:

When the zone control plane is offline:

• New data plane proxies can’t join the mesh, including new instances (Pod/VM) created by automatic deployment mechanisms such as rolling updates. A control plane connection failure could block application updates.
• On mTLS-enabled meshes, a data plane proxy may fail to refresh its client certificate before it expires (defaults to 24 hours), causing traffic failures.
• Data plane proxy configuration won’t be updated.
• Communication between data plane proxies will still work.

You can think of this failure case as “freezing” the zone mesh configuration. Communication still works, but changes are not reflected on existing data plane proxies.

• All data plane proxies need to be able to communicate with every other data plane proxy.
• A single-zone deployment can’t mix Universal and Kubernetes workloads.
• A deployment can connect to only one Kubernetes cluster at once.

To avoid these limitations, see Multi-zone deployments.