Gateway Groups
A Gateway Group is a logical grouping of API7 Gateway data plane instances that share the same configuration. It isolates services, consumers, certificates, and global rules across environments, regions, or teams.
How gateway groups work
When you deploy API7 Gateway, you assign each data plane instance to a specific gateway group. The control plane then pushes the relevant configuration to all instances within that group.
A gateway group contains:
- Services: API configurations that are live on the group.
- Global Rules: Plugins that apply to every request processed by the group (e.g., centralized logging or global rate limiting).
- SSL Certificates: Certificates assigned to the group for TLS termination.
- Consumers: Identity and credentials authorized for the group.
Configuration fields
The following fields define a gateway group:
- Name: A descriptive name for the group (e.g.,
us-east-prod). - Type:
api7_gateway: Standard API7 Gateway group.api7_ingress_controller: Group managed via Kubernetes Ingress/Gateway API.
- Control Plane Key Prefix: The unique path used by the data plane to fetch configuration (e.g.,
/gateway_groups/us-west-1). - Image Tag: The specific version of the API7 Gateway data plane used by this group.
Use cases
Gateway groups are essential for managing multi-environment and multi-region deployments:
- Environment Isolation: Create separate groups for
development,staging, andproduction. - Regional Deployment: Deploy gateway groups in different geographic regions (e.g.,
aws-us-east-1andaws-eu-central-1) while managing them from a single global control plane. - Tenant Isolation: Assign dedicated gateway groups to specific business units or high-priority customers to ensure resource isolation and specialized policy enforcement.
Next steps
- Enterprise Features — explore additional enterprise capabilities.
- Multi-AZ Deployment — deploy gateway groups across availability zones.
- Services and Routes — understand how services, routes, and upstreams work together.