You are browsing documentation for a version of Kuma that is not the latest release.

Looking for even older versions? Learn more.


  • networking (required)

    • address (required)

      Address of the external service

    • tls (optional)

      • enabled (optional)

        denotes that the external service uses TLS

      • caCert (optional)

        Data source for the certificate of CA

      • clientCert (optional)

        Data source for the authentication

      • clientKey (optional)

        Data source for the authentication

      • allowRenegotiation (optional)

        If true then TLS session will allow renegotiation. It’s not recommended to set this to true because of security reasons. However, some servers requires this setting, especially when using mTLS.

      • serverName (optional)

        ServerName overrides the default Server Name Indicator set by Kuma. The default value is set to “address” specified in “networking”.

    • disableHostDNSEntry (optional)

      If disableHostDNSEntry is set to true then a DNS entry for the external service taken from ‘networking.address’ won’t be generated. You can still reach this external service using external-service-name.mesh:80 where “external-service-name” is taken from “” tag.

  • tags (required)

    Tags associated with the external service, e.g.,, version=1.0.

Last Updated: 11/4/2022, 19:20:08 PM