You are browsing documentation for the next version of Kuma. Use this version at your own risk.


  • networking (required)

    • address (required)

      Address of the external service

    • tls (optional)

      • enabled (optional)

        denotes that the external service uses TLS

      • caCert (optional)

        Data source for the certificate of CA

      • clientCert (optional)

        Data source for the authentication

      • clientKey (optional)

        Data source for the authentication

      • allowRenegotiation (optional)

        If true then TLS session will allow renegotiation. It’s not recommended to set this to true because of security reasons. However, some servers requires this setting, especially when using mTLS.

      • serverName (optional)

        ServerName overrides the default Server Name Indicator set by Kuma. The default value is set to “address” specified in “networking”.

    • disableHostDNSEntry (optional)

      If disableHostDNSEntry is set to true then a DNS entry for the external service taken from ‘networking.address’ won’t be generated. You can still reach this external service using external-service-name.mesh:80 where “external-service-name” is taken from “” tag.

  • tags (required)

    Tags associated with the external service, e.g.,, version=1.0.

Last Updated: 10/28/2022, 12:23:07 PM