<!DOCTYPE html> <html lang="en-US" itemscope itemtype="http://schema.org/Article"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <!-- OneTrust Cookies Consent Notice start for konghq.com --> <script src="https://cdn.cookielaw.org/scripttemplates/otSDKStub.js" type="text/javascript" charset="UTF-8" data-domain-script="2c4de954-6bec-4e93-8086-64cb113f151a"> </script> <script type="text/javascript"> function OptanonWrapper() { } </script> <!-- OneTrust Cookies Consent Notice end for konghq.com --> <!-- Google Tag Manager --> <script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0], j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src= 'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f); })(window,document,'script','dataLayer', 'GTM-NL48VKT');</script> <!-- End Google Tag Manager --> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>MeshTLS - Kong Mesh | Kong Docs</title> <meta name="description" content="Documentation for Kong, the Cloud Connectivity Company for APIs and Microservices."> <meta name="author" content="KongHQ"> <meta property="og:title" content="MeshTLS - Kong Mesh | Kong Docs"> <meta property="og:site_name" content="Kong Docs"> <!-- use share link for facebook --> <meta property="og:url" content="https://docs.konghq.com"> <meta property="og:description" content="Documentation for Kong, the Cloud Connectivity Company for APIs and Microservices."> <meta property="og:type" content="website"> <meta property="og:locale" content="en_US"> <meta property="og:image" content="https://docs.konghq.com/assets/images/share.png"> <meta name="twitter:card" content="summary_large_image"> <meta name="twitter:site" content="@thekonginc"> <meta name="twitter:creator" content="@thekonginc"> <meta name="twitter:url" content="https://docs.konghq.com"> <meta name="twitter:description" content="Documentation for Kong, the Cloud Connectivity Company for APIs and Microservices."> <meta name="twitter:image" content="https://docs.konghq.com/assets/images/share.png"> <meta property="fb:admins" content="227304446"> <meta property="fb:admins" content="576641408"> <meta name="google-site-verification" content="CrU3zp02dNKTe8NSAipL4NCPkrIjDXG8fViTZ-MIzP4"> <script type="application/ld+json"> { "@context": "http://schema.org", "@type": "Organization", "name": "KongHQ", "url": "https://docs.konghq.com", "logo": "https://docs.konghq.com/assets/images/logo.png", "sameAs": [ "https://www.facebook.com/konginc", "https://twitter.com/thekonginc", "https://plus.google.com/+mashape" ] } </script> <!-- Preload assets --> <link rel="dns-prefetch" href="https://cloud.typography.com"> <link rel="dns-prefetch" href="https://dev.visualwebsiteoptimizer.com"> <link rel="dns-prefetch" href="https://cdn.segment.com"> <link rel="icon" type="image/x-icon" href="/assets/images/favicon.ico"> <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@docsearch/css@3"> <link rel="canonical" href="https://docs.konghq.com/mesh/latest/policies/meshtls/"> <link rel="alternate" hreflang="x-default" href="https://docs.konghq.com/mesh/latest/policies/meshtls/"> <link rel="alternate" hreflang="ja" href="https://docs.jp.konghq.com/mesh/latest/policies/meshtls/"> <meta name="robots" content="follow,index"> <!-- FontAwesome icon font --> <script src="https://kit.fontawesome.com/1332a92967.js" crossorigin="anonymous"> </script> <script src="/vite/assets/application-D8sXFsvE.js" crossorigin="anonymous" type="module"></script> <link href="/vite/assets/_commonjsHelpers-Cpj98o6Y.js" rel="modulepreload" as="script" crossorigin="anonymous"> <link rel="stylesheet" href="/vite/assets/application-C5Quk452.css" media="screen"> </head> <body id="" data-spy="scroll" data-target="#scroll-sidebar" data-offset="350"> <!-- Google Tag Manager (noscript) --> <noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-NL48VKT" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript> <!-- End Google Tag Manager (noscript) --> <header class="navbar-v2 closed"> <a class="skip-main" href="#main">Skip to content</a> <!-- uncomment the promo-banner div when adding a new promo banner--> <!--also uncomment the promo banner sections in app/assets/stylesheets/header.less and application.js--> <!-- <div id="promo-banner"> <div class="container"> <div class="closebanner"></div> <strong>2024 API Summit Hackathon: Experiment with API Innovation & AI. Submit by Sept 11 &nbsp;&mdash;<a href="https://konghq.com/conferences/kong-summit/hackathon?utm_medium=website&utm_source=docs-konghq-com&utm_campaign=docs-banner">Enter Now &rarr;</a> </strong> </div> </div> --> <div class="navbar-content"> <a href="https://konghq.com" class="navbar-brand col col-xl-auto" target="_blank" rel="noopener noreferrer"> <img src="/assets/images/logos/konglogo-dark-theme.svg" alt="Kong Logo" id="kong-logo"> </a> <span class="logo-divider">|</span> <a href="/" class="navbar-brand col col-xl-auto"> <img src="/assets/images/logos/docslogo-dark-theme.svg" alt="Kong Docs Logo" id="kong-docs-logo"> </a> <div class="separator mobile"></div> <div class="search-input-wrapper" id="getkong-algolia-search-input"> </div> <div class="search-results-wrapper"></div> <div class="navbar-items" role="navigation" aria-label="Main menu"> <ul class="navbar-items" role="menubar"> <li id="top-module-list" aria-haspopup="true" role="menuitem" aria-expanded="false" class="navbar-item main-menu-item with-submenu active"> <span tabindex="0" id="docs-link" class="main-menu-item-title">Docs</span> <span class="caret"></span> <ul class="navbar-item-submenu" role="menu"> <div class="submenu-section"> <li role="menuitem" class="docs-dropdown-li"> <a href="/api/" class="docs-dropdown-li__link" tabindex="-1"> <div class="docs-dropdown-li__card"> <span class="heading">Explore the API Specs</span> <div class="docs-dropdown-li__card-link"> <img src="/assets/images/landing-page/view-all-api-specs.png" alt="View all API Specs"> <span class="docs-dropdown-li__card-image"> View all API Specs <img src="/assets/images/landing-page/arrow-right.svg" alt="View all API Specs arrow image"> </span> </div> </div> </a> </li> <li role="menuitem" class="docs-dropdown-li" tabindex="-1"> <div class="docs-dropdown-li__section"> <div class="docs-dropdown-li__section-title"> <span class="heading">Documentation</span> </div> <div class="docs-dropdown-li__section-items"> <a class="item item-all" href="/api/" tabindex="-1"> <div class="item__description"> <div class="item__description-title">API Specs</div> </div> </a> <a class="item" href="/gateway/latest/" tabindex="-1"> <div class="item__description"> <div class="item__description-title">Kong Gateway</div> <div class="item__description-desc">Lightweight, fast, and flexible cloud-native API gateway</div> </div> </a> <a class="item" href="/konnect/" tabindex="-1"> <div class="item__description"> <div class="item__description-title">Kong Konnect</div> <div class="item__description-desc">Single platform for SaaS end-to-end connectivity</div> </div> </a> <a class="item" href="/gateway/latest/ai-gateway/" tabindex="-1"> <div class="item__description"> <div class="item__description-title">Kong AI Gateway</div> <div class="item__description-desc">Multi-LLM AI Gateway for GenAI infrastructure</div> </div> </a> <a class="item" href="/mesh/latest/" tabindex="-1"> <div class="item__description"> <div class="item__description-title">Kong Mesh</div> <div class="item__description-desc">Enterprise service mesh based on Kuma and Envoy</div> </div> </a> <a class="item" href="/deck/" tabindex="-1"> <div class="item__description"> <div class="item__description-title">decK</div> <div class="item__description-desc">Helps manage Kong’s configuration in a declarative fashion</div> </div> </a> <a class="item" href="/kubernetes-ingress-controller/latest/" tabindex="-1"> <div class="item__description"> <div class="item__description-title">Kong Ingress Controller</div> <div class="item__description-desc">Works inside a Kubernetes cluster and configures Kong to proxy traffic</div> </div> </a> <a class="item" href="/gateway-operator/latest/" tabindex="-1"> <div class="item__description"> <div class="item__description-title">Kong Gateway Operator</div> <div class="item__description-desc">Manage your Kong deployments on Kubernetes using YAML Manifests</div> </div> </a> <a class="item" href="https://docs.insomnia.rest/" tabindex="-1" target="_blank" rel="noopener nofollow noreferrer "> <div class="item__description"> <div class="item__description-title">Insomnia</div> <div class="item__description-desc">Collaborative API development platform</div> </div> </a> </div> </div> </li> </div> </ul> </li> <li role="menuitem" aria-haspopup="true" aria-expanded="false" class="navbar-item main-menu-item with-submenu navbar-item-hub"> <span id="plugin-link" class="main-menu-item-title" tabindex="0">Plugin Hub</span> <span class="caret"></span> <ul class="navbar-item-submenu" role="menu"> <div class="submenu-section"> <li role="menuitem" class="docs-dropdown-li"> <a href="/hub/" class="docs-dropdown-li__link" tabindex="-1"> <div class="docs-dropdown-li__card"> <span class="heading">Explore the Plugin Hub</span> <div class="docs-dropdown-li__card-link"> <img src="/assets/images/landing-page/view-all-plugins.svg" alt="View all plugins"> <span class="docs-dropdown-li__card-image"> View all plugins <img src="/assets/images/landing-page/arrow-right.svg" alt="View all plugins arrow image"> </span> </div> </div> </a> </li> <li role="menuitem" class="docs-dropdown-li"> <div class="docs-dropdown-li__section"> <div class="docs-dropdown-li__section-title"> <span class="heading">Functionality</span> <a href="/hub/" class="view-all" tabindex="-1"> View all <img src="/assets/images/landing-page/arrow-right.svg" alt="View all arrow image"> </a> </div> <div class="docs-dropdown-li__section-items"> <a class="item item-all" href="/hub/" tabindex="-1"> <div class="item__description"> <div class="item__description-title">View all plugins</div> </div> </a> <a class="item" href="/hub/?category=ai" tabindex="-1"> <div> <img src="/assets/images/nav/hub/ai.svg" alt="AI's icon"> </div> <div class="item__description"> <div class="item__description-title">AI</div> <div class="item__description-desc">Govern, secure, and control AI traffic with multi-LLM AI Gateway plugins</div> </div> </a> <a class="item" href="/hub/?category=authentication" tabindex="-1"> <div> <img src="/assets/images/nav/hub/lock_person.svg" alt="Authentication's icon"> </div> <div class="item__description"> <div class="item__description-title">Authentication</div> <div class="item__description-desc">Protect your services with an authentication layer</div> </div> </a> <a class="item" href="/hub/?category=security" tabindex="-1"> <div> <img src="/assets/images/nav/hub/shield.svg" alt="Security's icon"> </div> <div class="item__description"> <div class="item__description-title">Security</div> <div class="item__description-desc">Protect your services with additional security layer</div> </div> </a> <a class="item" href="/hub/?category=traffic-control" tabindex="-1"> <div> <img src="/assets/images/nav/hub/route.svg" alt="Traffic Control's icon"> </div> <div class="item__description"> <div class="item__description-title">Traffic Control</div> <div class="item__description-desc">Manage, throttle and restrict inbound and outbound API traffic</div> </div> </a> <a class="item" href="/hub/?category=serverless" tabindex="-1"> <div> <img src="/assets/images/nav/hub/serverless.svg" alt="Serverless's icon"> </div> <div class="item__description"> <div class="item__description-title">Serverless</div> <div class="item__description-desc">Invoke serverless functions in combination with other plugins</div> </div> </a> <a class="item" href="/hub/?category=analytics-monitoring" tabindex="-1"> <div> <img src="/assets/images/nav/hub/bar_chart.svg" alt="Analytics &amp; Monitoring's icon"> </div> <div class="item__description"> <div class="item__description-title">Analytics &amp; Monitoring</div> <div class="item__description-desc">Visualize, inspect and monitor APIs and microservices traffic</div> </div> </a> <a class="item" href="/hub/?category=transformations" tabindex="-1"> <div> <img src="/assets/images/nav/hub/swap_horiz.svg" alt="Transformations's icon"> </div> <div class="item__description"> <div class="item__description-title">Transformations</div> <div class="item__description-desc">Transform request and responses on the fly on Kong</div> </div> </a> <a class="item" href="/hub/?category=logging" tabindex="-1"> <div> <img src="/assets/images/nav/hub/list_alt.svg" alt="Logging's icon"> </div> <div class="item__description"> <div class="item__description-title">Logging</div> <div class="item__description-desc">Log request and response data using the best transport for your infrastructure</div> </div> </a> </div> </div> </li> </div> </ul> </li> <li role="menuitem" class="main-menu-item"> <a href="https://support.konghq.com/" class="navbar-item" target="_blank" rel="noopener nofollow noreferrer ">Support</a> </li> <li role="menuitem" class="main-menu-item"> <a href="https://konghq.com/community/" class="navbar-item" target="_blank" rel="noopener noreferrer">Community</a> </li> <li role="menuitem" class="main-menu-item"> <a href="https://education.konghq.com" class="navbar-item" target="_blank" rel="noopener nofollow noreferrer ">Kong Academy</a> </li> </ul> <a id="top-cta" href="https://konghq.com/contact-sales?utm_source=docs.konghq.com" class="navbar-button" target="_blank" rel="noopener nofollow noreferrer "> Get a Demo </a> <a id="konnect-cta" href="https://konghq.com/products/kong-konnect/register?utm_medium=referral&amp;utm_source=docs&amp;utm_campaign=gateway-konnect&amp;utm_content=top-nav" class="navbar-button" target="_blank" rel="noopener nofollow noreferrer "> Start Free Trial </a> </div> <div id="navbar-menu-toggle-button" class="small-screen-button" aria-label="Toggle navigation"> <div></div> <div></div> <div></div> </div> </div> </header> <div class="page v2 " data-url="/mesh/latest/policies/meshtls/"> <div class="page--header-background page--header-background-doc"></div> <div class="container"> <header class="page-header page-header-doc"> <div class="page-header-product-version"> <div class="edition"> Kong Mesh </div> <div class="version"> 2.9.x <span>(latest)</span> </div> </div> <div class="page-header--nav"> <i class="sidebar-toggle"></i> <ul class="breadcrumbs"> <li class="breadcrumb-item"> <a href="/"> <img src="/assets/images/icons/hub-layout/icn-breadcrumbs.svg" alt="Home icon"> </a> </li> <li class="breadcrumb-item"> <a href="/mesh/latest/">Kong Mesh</a> </li> <li class="breadcrumb-item"> Policies </li> <li class="breadcrumb-item"> <a href="/mesh/latest/policies/meshtls/">MeshTLS</a> </li> </ul> <div class="github-links"> <div class="github-links--edit"> <a href="https://github.com/kumahq/kuma-website/edit/master/app/_src/policies/meshtls.md" target="_blank" rel="noopener nofollow noreferrer "> <img src="/assets/images/icons/third-party/logo-github-white.svg" alt="github-edit-page">Edit this page </a> </div> <div class="github-links--issues"> <a href="https://github.com/Kong/docs.konghq.com/issues/" target="_blank" rel="noopener nofollow noreferrer "> <img src="/assets/images/icons/documentation/icn-monitoring-white.svg" alt="report-issue">Report an issue</a> </div> </div> </div> </header> <aside class="docs-sidebar"> <i class="fa fa-times close-sidebar"></i> <div class="sidebar-title-container"> <div class="docsets-dropdown dropdown"> <button class="dropdown-button" id="module-dropdown" type="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false" tabindex="0"> <span> Kong Mesh </span> <span class="caret"></span> </button> <ul class="dropdown-menu dropdown-menu-right with-submenu" id="module-list" role="menu" aria-labelledby="module-dropdown" aria-hidden="true"> <li role="menuitem" tabindex="-1"> <a href="/gateway/latest/">Kong Gateway</a> </li> <li role="menuitem" tabindex="-1"> <a href="/konnect/">Kong Konnect</a> </li> <li role="menuitem" tabindex="-1" class="active"> <a href="/mesh/latest/" class="active">Kong Mesh</a> </li> <li role="menuitem" tabindex="-1"> <a href="/hub/?category=ai">Kong AI Gateway</a> </li> <li role="menuitem" tabindex="-1"> <a href="/hub/">Plugin Hub</a> </li> <li role="menuitem" tabindex="-1"> <a href="/deck/">decK</a> </li> <li role="menuitem" tabindex="-1"> <a href="/kubernetes-ingress-controller/latest/">Kong Ingress Controller</a> </li> <li role="menuitem" tabindex="-1"> <a href="/gateway-operator/latest/">Kong Gateway Operator</a> </li> <li> <a href="https://docs.insomnia.rest/" target="_blank" rel="noopener nofollow noreferrer ">Insomnia</a> </li> <li role="menuitem" tabindex="-1"> <a href="https://kuma.io/docs/" target="_blank" rel="noopener nofollow noreferrer ">Kuma</a> </li> <hr> <li role="menuitem" tabindex="-1"> <a href="/contributing/">Docs contribution guidelines</a> </li> </ul> </div> <div class="versions-dropdown dropdown"> <button class="dropdown-button" id="version-dropdown" type="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false" tabindex="0"> <span> Version 2.9.x <span>(latest)</span> </span> <span class="caret"></span> </button> <ul class="dropdown-menu dropdown-menu-right" id="version-list" role="menu" aria-labelledby="version-dropdown" aria-hidden="true"> <li role="menuitem" tabindex="-1"> <a href="/mesh/dev/policies/meshtls/" data-version-id="2.10.x"> <em>dev</em> </a> </li> <li class="active" role="menuitem" tabindex="-1"> <a href="/mesh/2.9.x/policies/meshtls/" class="active" data-version-id="2.9.x"> 2.9.x <em>(latest)</em> </a> </li> <li role="menuitem" tabindex="-1"> <a href="/mesh/2.8.x/" data-version-id="2.8.x"> 2.8.x </a> </li> <li role="menuitem" tabindex="-1"> <a href="/mesh/2.7.x/" data-version-id="2.7.x"> 2.7.x (LTS) </a> </li> <li role="menuitem" tabindex="-1"> <a href="/mesh/2.6.x/" data-version-id="2.6.x"> 2.6.x </a> </li> <li role="menuitem" tabindex="-1"> <a href="/mesh/2.5.x/" data-version-id="2.5.x"> 2.5.x </a> </li> <li role="menuitem" tabindex="-1"> <a href="/mesh/2.4.x/" data-version-id="2.4.x"> 2.4.x </a> </li> <li role="menuitem" tabindex="-1"> <a href="/mesh/2.3.x/" data-version-id="2.3.x"> 2.3.x </a> </li> <li role="menuitem" tabindex="-1"> <a href="/mesh/2.2.x/" data-version-id="2.2.x"> 2.2.x </a> </li> </ul> </div> </div> <ul class="sidebar-container" role="tree" aria-label="Documentation"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-1-introduction-subtree"> <img src="/assets/images/icons/documentation/icn-flag.svg" alt=""> Introduction <button class="sidebar-tree-toggle" aria-label="toggle Introduction subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-1-introduction-subtree" role="group" aria-label="Introduction"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/introduction/about-service-meshes/"> About service meshes </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/"> Overview of Kong Mesh </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/introduction/how-kong-mesh-works/"> How Kong Mesh works </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/introduction/architecture/"> Architecture </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/introduction/install/"> Install </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/introduction/concepts/"> Concepts </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/availability-stages/"> Stages of software availability </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/support-policy/"> Version support policy </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/sbom/"> Software Bill of Materials </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/vulnerability-patching-process/"> Vulnerability patching process </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/introduction/kuma-requirements/"> Mesh requirements </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/changelog/"> Release notes </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-2-quickstart-subtree"> <img src="/assets/images/icons/documentation/icn-quickstart-color.svg" alt=""> Quickstart <button class="sidebar-tree-toggle" aria-label="toggle Quickstart subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-2-quickstart-subtree" role="group" aria-label="Quickstart"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/quickstart/kubernetes-demo/"> Deploy Kong Mesh on Kubernetes </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/quickstart/universal-demo/"> Deploy Kong Mesh on Universal </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-3-kong-mesh-in-production-subtree"> <img src="/assets/images/icons/documentation/icn-deployment-color.svg" alt=""> Kong Mesh in Production <button class="sidebar-tree-toggle" aria-label="toggle Kong Mesh in Production subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-3-kong-mesh-in-production-subtree" role="group" aria-label="Kong Mesh in Production"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/production/"> Overview </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-3-2-deployment-topologies-subtree"> Deployment topologies <button class="sidebar-tree-toggle" aria-label="toggle Deployment topologies subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-3-2-deployment-topologies-subtree" role="group" aria-label="Deployment topologies"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/production/deployment/"> Overview </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/production/deployment/single-zone/"> Single-zone deployment </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/production/deployment/multi-zone/"> Multi-zone deployment </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/production/deployment/high-availability/"> High availability </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/production/use-mesh/"> Use Kong Mesh </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-3-4-control-plane-deployment-subtree"> Control plane deployment <button class="sidebar-tree-toggle" aria-label="toggle Control plane deployment subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-3-4-control-plane-deployment-subtree" role="group" aria-label="Control plane deployment"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/production/cp-deployment/license/"> Kong Mesh license </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/production/cp-deployment/single-zone/"> Deploy a single-zone control plane </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/production/cp-deployment/multi-zone/"> Deploy a multi-zone global control plane </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/production/cp-deployment/zone-ingress/"> Zone Ingress </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/production/cp-deployment/zoneegress/"> Zone Egress </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/production/cp-deployment/zoneproxy-auth/"> Configure zone proxy authentication </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/reference/kuma-cp/"> Control plane configuration reference </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/production/cp-deployment/systemd/"> Systemd </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/production/cp-deployment/kubernetes/"> Kubernetes </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/explore/cli/"> kumactl </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/production/cp-deployment/production-usage-values/"> Deploy Kong Mesh in Production with Helm </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/production/mesh/"> Configuring your Mesh and multi-tenancy </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-3-6-data-plane-configuration-subtree"> Data plane configuration <button class="sidebar-tree-toggle" aria-label="toggle Data plane configuration subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-3-6-data-plane-configuration-subtree" role="group" aria-label="Data plane configuration"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/production/dp-config/dpp/"> Data plane proxy </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/production/dp-config/dpp-on-kubernetes/"> Configure the data plane on Kubernetes </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/production/dp-config/dpp-on-universal/"> Configure the data plane on Universal </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/production/dp-config/cni/"> Configure the Kong Mesh CNI </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/production/dp-config/transparent-proxying/"> Configure transparent proxying </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/production/dp-config/ipv6/"> IPv6 support </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-3-7-secure-your-deployment-subtree"> Secure your deployment <button class="sidebar-tree-toggle" aria-label="toggle Secure your deployment subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-3-7-secure-your-deployment-subtree" role="group" aria-label="Secure your deployment"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/production/secure-deployment/secrets/"> Manage secrets </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/production/secure-deployment/api-server-auth/"> Authentication with the API server </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/production/secure-deployment/dp-auth/"> Authentication with the data plane proxy </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/production/secure-deployment/dp-membership/"> Configure data plane proxy membership </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/production/secure-deployment/certificates/"> Secure access accross services </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/features/rbac/"> Kong Mesh RBAC </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/features/fips-support/"> FIPS support </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/production/gui/"> Kong Mesh user interface </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-3-9-inspect-api-subtree"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/explore/inspect-api/"> Inspect API </a> <button class="sidebar-tree-toggle" aria-label="toggle Inspect API subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-3-9-inspect-api-subtree" role="group" aria-label="Inspect API"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/explore/inspect-api/#matched-policies"> Matched policies </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/explore/inspect-api/#affected-data-plane-proxies"> Affected data plane proxies </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/explore/inspect-api/#envoy-proxy-configuration"> Envoy proxy configuration </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-3-10-upgrades-and-tuning-subtree"> Upgrades and tuning <button class="sidebar-tree-toggle" aria-label="toggle Upgrades and tuning subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-3-10-upgrades-and-tuning-subtree" role="group" aria-label="Upgrades and tuning"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/production/upgrades-tuning/upgrades/"> Upgrade Kong Mesh </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/production/upgrades-tuning/fine-tuning/"> Performance fine-tuning </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/production/upgrades-tuning/upgrade-notes/"> Version specific upgrade notes </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-3-11-control-plane-configuration-subtree"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/documentation/configuration/"> Control Plane Configuration </a> <button class="sidebar-tree-toggle" aria-label="toggle Control Plane Configuration subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-3-11-control-plane-configuration-subtree" role="group" aria-label="Control Plane Configuration"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/documentation/configuration/#modifying-the-configuration"> Modifying the configuration </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/documentation/configuration/#inspecting-the-configuration"> Inspecting the configuration </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/documentation/configuration/#store"> Store </a> </span> </li> </ul> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-4-using-kong-mesh-subtree"> <img src="/assets/images/icons/documentation/icn-overview-color.svg" alt=""> Using Kong Mesh <button class="sidebar-tree-toggle" aria-label="toggle Using Kong Mesh subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-4-using-kong-mesh-subtree" role="group" aria-label="Using Kong Mesh"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-4-1-zero-trust-application-security-subtree"> Zero Trust &amp; Application Security <button class="sidebar-tree-toggle" aria-label="toggle Zero Trust &amp; Application Security subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-4-1-zero-trust-application-security-subtree" role="group" aria-label="Zero Trust &amp; Application Security"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/mutual-tls/"> Mutual TLS </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/external-services/"> External Service </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-4-2-resiliency-failover-subtree"> Resiliency &amp; Failover <button class="sidebar-tree-toggle" aria-label="toggle Resiliency &amp; Failover subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-4-2-resiliency-failover-subtree" role="group" aria-label="Resiliency &amp; Failover"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/documentation/health/"> Dataplane Health </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/service-health-probes/"> Service Health Probes </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-4-3-managing-incoming-traffic-with-gateways-subtree"> Managing incoming traffic with gateways <button class="sidebar-tree-toggle" aria-label="toggle Managing incoming traffic with gateways subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-4-3-managing-incoming-traffic-with-gateways-subtree" role="group" aria-label="Managing incoming traffic with gateways"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/using-mesh/managing-ingress-traffic/overview/"> How ingress works in Kuma </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/using-mesh/managing-ingress-traffic/delegated/"> Delegated gateways </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/using-mesh/managing-ingress-traffic/builtin/"> Built-in gateways </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/using-mesh/managing-ingress-traffic/builtin-k8s/"> Running built-in gateway pods on Kubernetes </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/using-mesh/managing-ingress-traffic/builtin-listeners/"> Configuring built-in listeners </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/using-mesh/managing-ingress-traffic/builtin-routes/"> Configuring built-in routes </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/using-mesh/managing-ingress-traffic/gateway-api/"> Using the Kubernetes Gateway API </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-4-4-observability-subtree"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/explore/observability/"> Observability </a> <button class="sidebar-tree-toggle" aria-label="toggle Observability subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-4-4-observability-subtree" role="group" aria-label="Observability"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/explore/observability/#demo-setup"> Demo setup </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/explore/observability/#control-plane-observability"> Control plane metrics </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/explore/observability/#configuring-prometheus"> Configuring Prometheus </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/explore/observability/#configuring-grafana"> Configuring Grafana </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/explore/observability/#configuring-datadog"> Configuring Datadog </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/explore/observability/#observability-in-multi-zone"> Observability in multi-zone </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-4-5-route-traffic-shaping-subtree"> Route &amp; Traffic shaping <button class="sidebar-tree-toggle" aria-label="toggle Route &amp; Traffic shaping subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-4-5-route-traffic-shaping-subtree" role="group" aria-label="Route &amp; Traffic shaping"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/protocol-support-in-kong-mesh/"> Protocol support in Kong Mesh </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-4-6-service-discovery-networking-subtree"> Service Discovery &amp; Networking <button class="sidebar-tree-toggle" aria-label="toggle Service Discovery &amp; Networking subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-4-6-service-discovery-networking-subtree" role="group" aria-label="Service Discovery &amp; Networking"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/networking/service-discovery/"> Service Discovery </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/networking/meshservice/"> MeshService </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/networking/meshmultizoneservice/"> MeshMultiZoneService </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/networking/hostnamegenerator/"> HostnameGenerator </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/networking/dns/"> DNS </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/networking/non-mesh-traffic/"> Non-mesh traffic </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/networking/meshexternalservice/"> MeshExternalService </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/networking/transparent-proxying/"> Transparent Proxying </a> </span> </li> </ul> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-5-policies-subtree"> <img src="/assets/images/icons/documentation/icn-documentation-small.svg" alt=""> Policies <button class="sidebar-tree-toggle" aria-label="toggle Policies subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-5-policies-subtree" role="group" aria-label="Policies"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-5-1-introduction-subtree"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/introduction/"> Introduction </a> <button class="sidebar-tree-toggle" aria-label="toggle Introduction subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-5-1-introduction-subtree" role="group" aria-label="Introduction"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/introduction/#what-is-a-policy"> What is a policy? </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/introduction/#what-do-policies-look-like"> What do policies look like? </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/introduction/#writing-a-targetref"> Writing a targetRef </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/introduction/#merging-configuration"> Merging configuration </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/introduction/#using-policies-with-meshservice-meshmultizoneservice-and-meshexternalservice"> Using policies with MeshService </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/introduction/#examples"> Examples </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/introduction/#applying-policies-in-shadow-mode"> Applying policies in shadow mode </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-5-2-meshaccesslog-subtree"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshaccesslog/"> MeshAccessLog </a> <button class="sidebar-tree-toggle" aria-label="toggle MeshAccessLog subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-5-2-meshaccesslog-subtree" role="group" aria-label="MeshAccessLog"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshaccesslog/#targetref-support-matrix"> TargetRef support matrix </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshaccesslog/#configuration"> Configuration </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshaccesslog/#examples"> Examples </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-5-3-meshcircuitbreaker-subtree"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshcircuitbreaker/"> MeshCircuitBreaker </a> <button class="sidebar-tree-toggle" aria-label="toggle MeshCircuitBreaker subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-5-3-meshcircuitbreaker-subtree" role="group" aria-label="MeshCircuitBreaker"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshcircuitbreaker/#targetref-support-matrix"> TargetRef support matrix </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshcircuitbreaker/#configuration"> Configuration </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshcircuitbreaker/#examples"> Examples </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-5-4-meshfaultinjection-subtree"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshfaultinjection/"> MeshFaultInjection </a> <button class="sidebar-tree-toggle" aria-label="toggle MeshFaultInjection subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-5-4-meshfaultinjection-subtree" role="group" aria-label="MeshFaultInjection"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshfaultinjection/#targetref-support-matrix"> TargetRef support matrix </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshfaultinjection/#configuration"> Configuration </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshfaultinjection/#examples"> Examples </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-5-5-meshhealthcheck-subtree"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshhealthcheck/"> MeshHealthCheck </a> <button class="sidebar-tree-toggle" aria-label="toggle MeshHealthCheck subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-5-5-meshhealthcheck-subtree" role="group" aria-label="MeshHealthCheck"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshhealthcheck/#targetref-support-matrix"> TargetRef support matrix </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshhealthcheck/#configuration"> Configuration </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshhealthcheck/#examples"> Examples </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-5-6-meshhttproute-subtree"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshhttproute/"> MeshHTTPRoute </a> <button class="sidebar-tree-toggle" aria-label="toggle MeshHTTPRoute subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-5-6-meshhttproute-subtree" role="group" aria-label="MeshHTTPRoute"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshhttproute/#targetref-support-matrix"> TargetRef support matrix </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshhttproute/#configuration"> Configuration </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshhttproute/#examples"> Examples </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshhttproute/#merging"> Merging </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-5-7-meshloadbalancingstrategy-subtree"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshloadbalancingstrategy/"> MeshLoadBalancingStrategy </a> <button class="sidebar-tree-toggle" aria-label="toggle MeshLoadBalancingStrategy subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-5-7-meshloadbalancingstrategy-subtree" role="group" aria-label="MeshLoadBalancingStrategy"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshloadbalancingstrategy/#targetref-support-matrix"> TargetRef support matrix </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshloadbalancingstrategy/#configuration"> Configuration </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshloadbalancingstrategy/#examples"> Examples </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-5-8-meshmetric-subtree"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshmetric/"> MeshMetric </a> <button class="sidebar-tree-toggle" aria-label="toggle MeshMetric subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-5-8-meshmetric-subtree" role="group" aria-label="MeshMetric"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshmetric/#targetref-support-matrix"> TargetRef support matrix </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshmetric/#configuration"> Configuration </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshmetric/#prometheus"> Prometheus </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshmetric/#opentelemetry"> OpenTelemetry </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshmetric/#examples"> Examples </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-5-9-meshpassthrough-subtree"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshpassthrough/"> MeshPassthrough </a> <button class="sidebar-tree-toggle" aria-label="toggle MeshPassthrough subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-5-9-meshpassthrough-subtree" role="group" aria-label="MeshPassthrough"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshpassthrough/#targetref-support-matrix"> TargetRef support matrix </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshpassthrough/#configuration"> Configuration </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshpassthrough/#examples"> Examples </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-5-10-meshproxypatch-subtree"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshproxypatch/"> MeshProxyPatch </a> <button class="sidebar-tree-toggle" aria-label="toggle MeshProxyPatch subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-5-10-meshproxypatch-subtree" role="group" aria-label="MeshProxyPatch"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshproxypatch/#targetref-support-matrix"> TargetRef support matrix </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshproxypatch/#configuration"> Configuration </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshproxypatch/#examples"> Examples </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshproxypatch/#merging"> Merging </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-5-11-meshratelimit-subtree"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshratelimit/"> MeshRateLimit </a> <button class="sidebar-tree-toggle" aria-label="toggle MeshRateLimit subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-5-11-meshratelimit-subtree" role="group" aria-label="MeshRateLimit"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshratelimit/#targetref-support-matrix"> TargetRef support matrix </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshratelimit/#configuration"> Configuration </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshratelimit/#examples"> Examples </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-5-12-meshretry-subtree"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshretry/"> MeshRetry </a> <button class="sidebar-tree-toggle" aria-label="toggle MeshRetry subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-5-12-meshretry-subtree" role="group" aria-label="MeshRetry"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshretry/#targetref-support-matrix"> TargetRef support matrix </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshretry/#configuration"> Configuration </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshretry/#examples"> Examples </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-5-13-meshtcproute-subtree"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshtcproute/"> MeshTCPRoute </a> <button class="sidebar-tree-toggle" aria-label="toggle MeshTCPRoute subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-5-13-meshtcproute-subtree" role="group" aria-label="MeshTCPRoute"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshtcproute/#targetref-support-matrix"> TargetRef support matrix </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshtcproute/#configuration"> Configuration </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshtcproute/#examples"> Examples </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshtcproute/#route-policies-with-different-types-targeting-the-same-destination"> Route policies with different types targeting the same destination </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-5-14-meshtimeout-subtree"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshtimeout/"> MeshTimeout </a> <button class="sidebar-tree-toggle" aria-label="toggle MeshTimeout subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-5-14-meshtimeout-subtree" role="group" aria-label="MeshTimeout"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshtimeout/#targetref-support-matrix"> TargetRef support matrix </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshtimeout/#configuration"> Configuration </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshtimeout/#examples"> Examples </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-5-15-meshtls-subtree"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshtls/"> MeshTLS </a> <button class="sidebar-tree-toggle" aria-label="toggle MeshTLS subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-5-15-meshtls-subtree" role="group" aria-label="MeshTLS"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshtls/#targetref-support-matrix"> TargetRef support matrix </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshtls/#configuration"> Configuration </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshtls/#examples"> Examples </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-5-16-meshtrace-subtree"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshtrace/"> MeshTrace </a> <button class="sidebar-tree-toggle" aria-label="toggle MeshTrace subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-5-16-meshtrace-subtree" role="group" aria-label="MeshTrace"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshtrace/#targetref-support-matrix"> TargetRef support matrix </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshtrace/#configuration"> Configuration </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshtrace/#examples"> Examples </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-5-17-meshtrafficpermission-subtree"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshtrafficpermission/"> MeshTrafficPermission </a> <button class="sidebar-tree-toggle" aria-label="toggle MeshTrafficPermission subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-5-17-meshtrafficpermission-subtree" role="group" aria-label="MeshTrafficPermission"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshtrafficpermission/#targetref-support-matrix"> TargetRef support matrix </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshtrafficpermission/#configuration"> Configuration </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshtrafficpermission/#examples"> Examples </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/features/meshopa/"> MeshOPA </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/features/meshglobalratelimit/"> MeshGlobalRateLimit (beta) </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-5-20-previous-policies-subtree"> Previous Policies <button class="sidebar-tree-toggle" aria-label="toggle Previous Policies subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-5-20-previous-policies-subtree" role="group" aria-label="Previous Policies"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/general-notes-about-kong-mesh-policies/"> General notes about Kong Mesh policies </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/how-kong-mesh-chooses-the-right-policy-to-apply/"> How Kong Mesh chooses the right policy to apply </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/traffic-permissions/"> Traffic Permissions </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/traffic-route/"> Traffic Route </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/traffic-metrics/"> Traffic Metrics </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/traffic-trace/"> Traffic Trace </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/traffic-log/"> Traffic Log </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/locality-aware/"> Locality-aware Load Balancing </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/fault-injection/"> Fault Injection </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/health-check/"> Health Check </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/circuit-breaker/"> Circuit Breaker </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/retry/"> Retry </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/timeout/"> Timeout </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/rate-limit/"> Rate Limit </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/virtual-outbound/"> Virtual Outbound </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/policies/meshgatewayroute/"> MeshGatewayRoute </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/features/opa/"> OPA policy </a> </span> </li> </ul> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-6-guides-subtree"> <img src="/assets/images/icons/documentation/icn-learning.svg" alt=""> Guides <button class="sidebar-tree-toggle" aria-label="toggle Guides subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-6-guides-subtree" role="group" aria-label="Guides"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/guides/federate/"> Federate zone control plane </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/guides/gateway-builtin/"> Add a builtin Gateway </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/guides/gateway-delegated/"> Add Kong as a delegated Gateway </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/guides/gateway-api/"> Kubernetes Gateway API </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/guides/otel-metrics/"> Collect Metrics with OpenTelemetry </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/guides/migration-to-the-new-policies/"> Migration to the new policies </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/guides/progressively-rolling-in-strict-mtls/"> Progressively rolling in strict MTLS </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/guides/consumer-producer-policies/"> Producer and consumer policies </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-7-enterprise-features-subtree"> <img src="/assets/images/icons/documentation/icn-enterprise-blue.svg" alt=""> Enterprise Features <button class="sidebar-tree-toggle" aria-label="toggle Enterprise Features subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-7-enterprise-features-subtree" role="group" aria-label="Enterprise Features"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/features/"> Overview </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/features/vault/"> HashiCorp Vault CA </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/features/acmpca/"> Amazon ACM Private CA </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/features/cert-manager/"> cert-manager Private CA </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/features/opa/"> OPA policy support </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/features/meshopa/"> MeshOPA </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/features/kds-auth/"> Multi-zone authentication </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/features/fips-support/"> FIPS support </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/features/ca-rotation/"> Certificate Authority rotation </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/features/rbac/"> Role-Based Access Control </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-7-11-red-hat-subtree"> Red Hat <button class="sidebar-tree-toggle" aria-label="toggle Red Hat subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-7-11-red-hat-subtree" role="group" aria-label="Red Hat"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/features/ubi-images/"> UBI Images </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/features/openshift-quickstart/"> Red Hat OpenShift Quickstart </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/features/windows/"> Windows Support </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/installation/ecs/"> ECS Support </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/features/access-audit/"> Auditing </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/features/meshglobalratelimit/"> MeshGlobalRateLimit (beta) </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/features/signed-images/"> Verify signatures for signed Kong Mesh images </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-7-17-build-provenance-subtree"> Build provenance <button class="sidebar-tree-toggle" aria-label="toggle Build provenance subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-7-17-build-provenance-subtree" role="group" aria-label="Build provenance"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/features/provenance-verification-images/"> Verify build provenance for signed Kong Mesh images </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/features/provenance-verification-binaries/"> Verify build provenance for signed Kong Mesh binaries </a> </span> </li> </ul> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-8-reference-subtree"> <img src="/assets/images/icons/documentation/icn-references-color.svg" alt=""> Reference <button class="sidebar-tree-toggle" aria-label="toggle Reference subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-8-reference-subtree" role="group" aria-label="Reference"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/reference/http-api/"> HTTP API </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/reference/kubernetes-annotations/"> Kubernetes annotations and labels </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/reference/data-collection/"> Kuma data collection </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/reference/kuma-cp/"> Control plane configuration reference </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/mesh/latest/reference/proxy-template/"> Envoy proxy template </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-9-community-subtree"> <img src="/assets/images/icons/documentation/icn-references-color.svg" alt=""> Community <button class="sidebar-tree-toggle" aria-label="toggle Community subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-9-community-subtree" role="group" aria-label="Community"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="https://kuma.io/community/" target="_blank" rel="noopener nofollow noreferrer "> Contribute to Kuma </a> </span> </li> </ul> </li> </ul> </aside> <aside class="docs-toc"> <i class="fa fa-times close-sidebar"></i> <i class="fa fa-chevron-right collapse-toc"></i> <i class="far fa-list-alt expand-toc"></i> <div id="oss-ee-toggle" data-current="Enterprise" style="display: none"> <span class="oss-ee-toggle-inner"> <img src="/assets/images/icons/icn-enterprise-black.svg" alt="enterprise-switcher-icon"> <span>Switch to <span id="switch-to-version">OSS</span></span> </span> </div> <div class="docs-toc-title"> <img src="/assets/images/icons/hub-layout/icn-on-this-page.svg" alt="On this page"><a href="#">On this page</a> </div> <ul> <li><a href="#targetref-support-matrix" class="active scroll-to">TargetRef support matrix</a></li> <li><a href="#configuration" class="scroll-to">Configuration</a></li> <li> <a href="#examples" class="scroll-to">Examples</a> <ul> <li><a href="#set-specific-tls-version-and-ciphers" class="scroll-to">Set specific TLS version and ciphers</a></li> <li><a href="#enable-strict-mode-on-specific-subset" class="scroll-to">Enable strict mode on specific subset</a></li> </ul> </li> <li><a href="#all-policy-options" class="scroll-to">All policy options</a></li> </ul> </aside> <div class="page-content-container page-content-container-doc v2 " id="documentation"> <div class="toggles "> <i class="far fa-list-alt toc-sidebar-toggle"></i> </div> <div class="page-content"> <div class="content show-anchor-links"> <h1 tabindex="-1" id="main" class="page-content-title">MeshTLS </h1> <p>This policy enables Kong Mesh to configure TLS mode, ciphers and version. Backends and default mode values are taken from <a href="/mesh/2.9.x/policies/mutual-tls/">the Mesh object</a>.</p> <h2 id="targetref-support-matrix">TargetRef support matrix</h2> <div class="tabs-component navtabs" data-tab="89841960-5430-45c4-a513-2a8609182b0f" data-tab-use-url-fragment="false"> <div role="tablist" class="tabs-component-tabs navtab-titles"> <div class="tabs-component-tab navtab-title active" role="presentation"> <a aria-controls="For-mode" aria-selected="true" href="#For-mode" class="tabs-component-tab-a" role="tab" data-slug="For-mode"> For mode </a> </div> <div class="tabs-component-tab navtab-title " role="presentation"> <a aria-controls="For-tls-ciphers/version" aria-selected="false" href="#For-tls-ciphers/version" class="tabs-component-tab-a" role="tab" data-slug="For-tls-ciphers/version"> For tls ciphers/version </a> </div> </div> <div class="tabs-component-panels navtab-contents"> <section aria-hidden="false" class="tabs-component-panel navtab-content " id="For-mode" role="tabpanel" data-panel="For-mode"> <table> <thead> <tr> <th><code class="language-plaintext highlighter-rouge">targetRef</code></th> <th>Allowed kinds</th> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">targetRef.kind</code></td> <td> <code class="language-plaintext highlighter-rouge">Mesh</code>, <code class="language-plaintext highlighter-rouge">MeshSubset</code> </td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">from[].targetRef.kind</code></td> <td><code class="language-plaintext highlighter-rouge">Mesh</code></td> </tr> </tbody> </table> </section> <section aria-hidden="true" class="tabs-component-panel navtab-content hidden" id="For-tls-ciphers/version" role="tabpanel" data-panel="For-tls-ciphers/version"> <table> <thead> <tr> <th><code class="language-plaintext highlighter-rouge">targetRef</code></th> <th>Allowed kinds</th> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">targetRef.kind</code></td> <td><code class="language-plaintext highlighter-rouge">Mesh</code></td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">from[].targetRef.kind</code></td> <td><code class="language-plaintext highlighter-rouge">Mesh</code></td> </tr> </tbody> </table> </section> </div> </div> <p>To learn more about the information in this table, see the <a href="/mesh/2.9.x/policies/introduction">matching docs</a>.</p> <h2 id="configuration">Configuration</h2> <p>The following describes the default configuration settings of the <code class="language-plaintext highlighter-rouge">MeshTLS</code> policy:</p> <ul> <li> <strong><code class="language-plaintext highlighter-rouge">tlsVersion</code></strong>: Defines TLS versions to be used by <strong>both client and server</strong>. Allowed values: <code class="language-plaintext highlighter-rouge">TLSAuto</code>, <code class="language-plaintext highlighter-rouge">TLS10</code>, <code class="language-plaintext highlighter-rouge">TLS11</code>, <code class="language-plaintext highlighter-rouge">TLS12</code>, <code class="language-plaintext highlighter-rouge">TLS13</code>.</li> <li> <strong><code class="language-plaintext highlighter-rouge">tlsCiphers</code></strong>: Defines TLS ciphers to be used by <strong>both client and server</strong>. Allowed values: <code class="language-plaintext highlighter-rouge">ECDHE-ECDSA-AES128-GCM-SHA256</code>, <code class="language-plaintext highlighter-rouge">ECDHE-ECDSA-AES256-GCM-SHA384</code>, <code class="language-plaintext highlighter-rouge">ECDHE-ECDSA-CHACHA20-POLY1305</code>, <code class="language-plaintext highlighter-rouge">ECDHE-RSA-AES128-GCM-SHA256</code>, <code class="language-plaintext highlighter-rouge">ECDHE-RSA-AES256-GCM-SHA384</code>, <code class="language-plaintext highlighter-rouge">ECDHE-RSA-CHACHA20-POLY1305</code>.</li> <li> <strong><code class="language-plaintext highlighter-rouge">mode</code></strong>: Defines the mTLS mode - <code class="language-plaintext highlighter-rouge">Permissive</code> mode encrypts outbound connections the same way as <code class="language-plaintext highlighter-rouge">Strict</code> mode, but inbound connections on the server-side accept both TLS and plaintext. Allowed values: <code class="language-plaintext highlighter-rouge">Strict</code>, <code class="language-plaintext highlighter-rouge">Permissive</code>.</li> </ul> <blockquote class="note"> <p> </p> <p>Setting the TLS version and ciphers on both the client and server makes it harder to misconfigure. If you want to try out a specific version/cipher combination, we recommend creating a <a href="/mesh/2.9.x/production/mesh/#usage">temporary mesh</a>, deploying two applications within it, and testing whether communication is working. If you have a use case for configuring a different set of allowed versions/ciphers on different workloads, we’d love to hear about it. In that case, please open an <a href="https://github.com/kumahq/kuma/issues" target="_blank" rel="noopener nofollow noreferrer ">issue</a>.</p> </blockquote> <h2 id="examples">Examples</h2> <h3 id="set-specific-tls-version-and-ciphers">Set specific TLS version and ciphers</h3> <div class="tabs-component navtabs" data-tab="e7bc1f3a-67eb-4a45-9320-8964f676f9b9" data-tab-use-url-fragment="false"> <div role="tablist" class="tabs-component-tabs navtab-titles"> <div class="tabs-component-tab navtab-title active" role="presentation"> <a aria-controls="Kubernetes" aria-selected="true" href="#Kubernetes" class="tabs-component-tab-a" role="tab" data-slug="Kubernetes"> Kubernetes </a> </div> <div class="tabs-component-tab navtab-title " role="presentation"> <a aria-controls="Universal" aria-selected="false" href="#Universal" class="tabs-component-tab-a" role="tab" data-slug="Universal"> Universal </a> </div> </div> <div class="tabs-component-panels navtab-contents"> <section aria-hidden="false" class="tabs-component-panel navtab-content " id="Kubernetes" role="tabpanel" data-panel="Kubernetes"> <div class="language-yaml highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">kuma.io/v1alpha1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">MeshTLS</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">set-version-and-ciphers</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">kong-mesh-system</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">kuma.io/mesh</span><span class="pi">:</span> <span class="s">default</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">targetRef</span><span class="pi">:</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Mesh</span> <span class="na">from</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">targetRef</span><span class="pi">:</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Mesh</span> <span class="na">default</span><span class="pi">:</span> <span class="na">tlsVersion</span><span class="pi">:</span> <span class="na">min</span><span class="pi">:</span> <span class="s">TLS13</span> <span class="na">max</span><span class="pi">:</span> <span class="s">TLS13</span> <span class="na">tlsCiphers</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">ECDHE-ECDSA-AES256-GCM-SHA384</span> </code></pre></div></div> </section> <section aria-hidden="true" class="tabs-component-panel navtab-content hidden" id="Universal" role="tabpanel" data-panel="Universal"> <div class="language-yaml highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="na">type</span><span class="pi">:</span> <span class="s">MeshTLS</span> <span class="na">name</span><span class="pi">:</span> <span class="s">set-version-and-ciphers</span> <span class="na">mesh</span><span class="pi">:</span> <span class="s">default</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">targetRef</span><span class="pi">:</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Mesh</span> <span class="na">from</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">targetRef</span><span class="pi">:</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Mesh</span> <span class="na">default</span><span class="pi">:</span> <span class="na">tlsVersion</span><span class="pi">:</span> <span class="na">min</span><span class="pi">:</span> <span class="s">TLS13</span> <span class="na">max</span><span class="pi">:</span> <span class="s">TLS13</span> <span class="na">tlsCiphers</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">ECDHE-ECDSA-AES256-GCM-SHA384</span> </code></pre></div></div> </section> </div> </div> <h3 id="enable-strict-mode-on-specific-subset">Enable strict mode on specific subset</h3> <div class="tabs-component navtabs" data-tab="4ee9bc12-6713-45e9-b930-6328117f0ce9" data-tab-use-url-fragment="false"> <div role="tablist" class="tabs-component-tabs navtab-titles"> <div class="tabs-component-tab navtab-title active" role="presentation"> <a aria-controls="Kubernetes" aria-selected="true" href="#Kubernetes" class="tabs-component-tab-a" role="tab" data-slug="Kubernetes"> Kubernetes </a> </div> <div class="tabs-component-tab navtab-title " role="presentation"> <a aria-controls="Universal" aria-selected="false" href="#Universal" class="tabs-component-tab-a" role="tab" data-slug="Universal"> Universal </a> </div> </div> <div class="tabs-component-panels navtab-contents"> <section aria-hidden="false" class="tabs-component-panel navtab-content " id="Kubernetes" role="tabpanel" data-panel="Kubernetes"> <div class="language-yaml highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">kuma.io/v1alpha1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">MeshTLS</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">strict-mode</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">kong-mesh-system</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">kuma.io/mesh</span><span class="pi">:</span> <span class="s">default</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">targetRef</span><span class="pi">:</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">MeshSubset</span> <span class="na">tags</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">redis</span> <span class="na">from</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">targetRef</span><span class="pi">:</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Mesh</span> <span class="na">default</span><span class="pi">:</span> <span class="na">mode</span><span class="pi">:</span> <span class="s">Strict</span> </code></pre></div></div> </section> <section aria-hidden="true" class="tabs-component-panel navtab-content hidden" id="Universal" role="tabpanel" data-panel="Universal"> <div class="language-yaml highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="na">type</span><span class="pi">:</span> <span class="s">MeshTLS</span> <span class="na">name</span><span class="pi">:</span> <span class="s">strict-mode</span> <span class="na">mesh</span><span class="pi">:</span> <span class="s">default</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">targetRef</span><span class="pi">:</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">MeshSubset</span> <span class="na">tags</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">redis</span> <span class="na">from</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">targetRef</span><span class="pi">:</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Mesh</span> <span class="na">default</span><span class="pi">:</span> <span class="na">mode</span><span class="pi">:</span> <span class="s">Strict</span> </code></pre></div></div> </section> </div> </div> <h2 id="all-policy-options">All policy options</h2> <div id="markdown_html"></div> <script defer src="https://cdnjs.cloudflare.com/ajax/libs/showdown/1.9.0/showdown.min.js"></script> <script defer src="https://brianwendt.github.io/json-schema-md-doc/lib/JSONSchemaMarkdown.js"></script> <script type="text/javascript"> const data = {"description":"Spec is the specification of the Kuma MeshTLS resource.","properties":{"from":{"description":"From list makes a match between clients and corresponding configurations","items":{"properties":{"default":{"description":"Default is a configuration specific to the group of clients referenced in\n'targetRef'","properties":{"mode":{"description":"Mode defines the behavior of inbound listeners with regard to traffic encryption.","enum":["Permissive","Strict"],"type":"string"},"tlsCiphers":{"description":"TlsCiphers section for providing ciphers specification.","items":{"enum":["ECDHE-ECDSA-AES128-GCM-SHA256","ECDHE-ECDSA-AES256-GCM-SHA384","ECDHE-ECDSA-CHACHA20-POLY1305","ECDHE-RSA-AES128-GCM-SHA256","ECDHE-RSA-AES256-GCM-SHA384","ECDHE-RSA-CHACHA20-POLY1305"],"type":"string"},"type":"array"},"tlsVersion":{"description":"Version section for providing version specification.","properties":{"max":{"default":"TLSAuto","description":"Max defines maximum supported version. One of `TLSAuto`, `TLS10`, `TLS11`, `TLS12`, `TLS13`.","enum":["TLSAuto","TLS10","TLS11","TLS12","TLS13"],"type":"string"},"min":{"default":"TLSAuto","description":"Min defines minimum supported version. One of `TLSAuto`, `TLS10`, `TLS11`, `TLS12`, `TLS13`.","enum":["TLSAuto","TLS10","TLS11","TLS12","TLS13"],"type":"string"}},"type":"object"}},"type":"object"},"targetRef":{"description":"TargetRef is a reference to the resource that represents a group of\nclients.","properties":{"kind":{"description":"Kind of the referenced resource","enum":["Mesh","MeshSubset","MeshGateway","MeshService","MeshExternalService","MeshMultiZoneService","MeshServiceSubset","MeshHTTPRoute"],"type":"string"},"labels":{"additionalProperties":{"type":"string"},"description":"Labels are used to select group of MeshServices that match labels. Either Labels or\nName and Namespace can be used.","type":"object"},"mesh":{"description":"Mesh is reserved for future use to identify cross mesh resources.","type":"string"},"name":{"description":"Name of the referenced resource. Can only be used with kinds: `MeshService`,\n`MeshServiceSubset` and `MeshGatewayRoute`","type":"string"},"namespace":{"description":"Namespace specifies the namespace of target resource. If empty only resources in policy namespace\nwill be targeted.","type":"string"},"proxyTypes":{"description":"ProxyTypes specifies the data plane types that are subject to the policy. When not specified,\nall data plane types are targeted by the policy.","items":{"enum":["Sidecar","Gateway"],"type":"string"},"minItems":1,"type":"array"},"sectionName":{"description":"SectionName is used to target specific section of resource.\nFor example, you can target port from MeshService.ports[] by its name. Only traffic to this port will be affected.","type":"string"},"tags":{"additionalProperties":{"type":"string"},"description":"Tags used to select a subset of proxies by tags. Can only be used with kinds\n`MeshSubset` and `MeshServiceSubset`","type":"object"}},"type":"object"}},"required":["targetRef"],"type":"object"},"type":"array"},"targetRef":{"description":"TargetRef is a reference to the resource the policy takes an effect on.\nThe resource could be either a real store object or virtual resource\ndefined in-place.","properties":{"kind":{"description":"Kind of the referenced resource","enum":["Mesh","MeshSubset","MeshGateway","MeshService","MeshExternalService","MeshMultiZoneService","MeshServiceSubset","MeshHTTPRoute"],"type":"string"},"labels":{"additionalProperties":{"type":"string"},"description":"Labels are used to select group of MeshServices that match labels. Either Labels or\nName and Namespace can be used.","type":"object"},"mesh":{"description":"Mesh is reserved for future use to identify cross mesh resources.","type":"string"},"name":{"description":"Name of the referenced resource. Can only be used with kinds: `MeshService`,\n`MeshServiceSubset` and `MeshGatewayRoute`","type":"string"},"namespace":{"description":"Namespace specifies the namespace of target resource. If empty only resources in policy namespace\nwill be targeted.","type":"string"},"proxyTypes":{"description":"ProxyTypes specifies the data plane types that are subject to the policy. When not specified,\nall data plane types are targeted by the policy.","items":{"enum":["Sidecar","Gateway"],"type":"string"},"minItems":1,"type":"array"},"sectionName":{"description":"SectionName is used to target specific section of resource.\nFor example, you can target port from MeshService.ports[] by its name. Only traffic to this port will be affected.","type":"string"},"tags":{"additionalProperties":{"type":"string"},"description":"Tags used to select a subset of proxies by tags. Can only be used with kinds\n`MeshSubset` and `MeshServiceSubset`","type":"object"}},"type":"object"}},"type":"object"}; document.addEventListener("DOMContentLoaded", function() { function removeNewlinesFromDescriptions(obj) { for (const key in obj) { if (typeof obj[key] === 'object') { // Recursively process nested objects removeNewlinesFromDescriptions(obj[key]); } else if (key === 'description' && typeof obj[key] === 'string') { // Replace newlines in description values obj[key] = obj[key].replace(/\n/g, ''); } } } // create an instance of JSONSchemaMarkdown const Doccer = new JSONSchemaMarkdown(); // don't include the path of the field in the output Doccer.writePath = function() {}; // remove new lines in description removeNewlinesFromDescriptions(data) Doccer.load(data); Doccer.generate(); const converter = new showdown.Converter(); // use the converter to make html from the markdown document.getElementById("markdown_html").innerHTML = converter.makeHtml(Doccer.markdown); }); </script> </div> </div> </div> <div id="scroll-to-top-button"> <i class="fas fa-chevron-up"></i> </div> <div class="feedback-widget-container"> <input id="feedback-widget-checkbox" type="checkbox"> <label for="feedback-widget-checkbox"> <img src="/assets/images/icons/feedback-widget.svg" alt="Feedback widget"> </label> <div class="feedback-container"> <div class="feedback-thankyou"> Thank you for your feedback. </div> <div class="feedback-comment"> <textarea id="feedback-comment-text" rows="3" placeholder="Please let us know what we can improve on this page..."></textarea> <div class="feedback-comment-buttons"> <button id="feedback-comment-button-back">Back</button> <button id="feedback-comment-button-submit" class="button-primary">Submit</button> </div> </div> <div class="feedback-options"> <div class="feedback-options-title">Was this page useful?</div> <div class="feedback-options-buttons"> <i data-feedback-result="yes" class="feedback-options-button far fa-thumbs-up"></i> <i data-feedback-result="no" class="feedback-options-button far fa-thumbs-down"></i> </div> </div> </div> </div> </div> <div id="image-modal" data-image-expand-disabled=""> <div class="image-modal-backdrop"></div> <div class="image-container"> <img src="" alt=""> <i class="fa fa-times"></i> </div> </div> <div class="modal closed" id="modal" role="dialog" aria-hidden="true" aria-labelledby="title" aria-describedby="description"> <div class="konnect-cta-card"> <div class="title"> Too much on your plate? <a href="#" class="cta-card-close modal-close" id="modal-close"> <img src="/assets/images/icons/documentation/close.svg" alt="close cta icon"> </a> </div> <div class="description"> More features, less infrastructure with Kong Konnect. 1M requests per month for free. </div> <a href="https://konghq.com/products/kong-konnect/register?utm_medium=referral&amp;utm_source=docs&amp;utm_campaign=gateway-konnect&amp;utm_campaign=right-nav-card&amp;utm_content=mesh" class="button" target="_blank" rel="noopener nofollow noreferrer "> Try it for Free </a> </div> </div> <div id="modal-open" class="modal-open"></div> <div class="modal-overlay closed" id="modal-overlay"></div> <footer class="marketing-footer--light-gray"> <section> <ul class="newsletter"> <li class="logo-wrapper"> <div class="logo"> <img src="/assets/images/logos/konglogo-light-theme-primary.svg" alt="Kong"> </div> <div class="footer-title">Powering the API world</div> <p> Increase developer productivity, security, and performance at scale with the unified platform for API management, service mesh, and ingress controller. </p> <div class="footer-form-container"> <form id="subscribe-form" method="POST" action="/assets/javascripts/subscribe.js"> <input required id="subscribe-input" type="email" name="email" placeholder="Email" aria-required="true" aria-invalid="false"> <input id="footer-form-button" type="submit" form="subscribe-form" value="Subscribe"> </form> <div id="form-response"></div> </div> </li> <li class="footer-columns"> <ul class="footer-columns-product-list"> <li> <nav> <div class="footer-category">Products</div> <ul> <li> <a href="https://konghq.com/products/kong-konnect" target="_blank" rel="noopener nofollow noreferrer ">Kong Konnect</a> </li> <li> <a href="https://konghq.com/products/kong-enterprise" target="_blank" rel="noopener nofollow noreferrer ">Kong Gateway Enterprise</a> </li> <li> <a href="https://konghq.com/products/kong-gateway" target="_blank" rel="noopener nofollow noreferrer ">Kong Gateway</a> </li> <li> <a href="https://konghq.com/products/kong-mesh" target="_blank" rel="noopener nofollow noreferrer ">Kong Mesh</a> </li> <li> <a href="https://konghq.com/products/kong-ingress-controller" target="_blank" rel="noopener nofollow noreferrer ">Kong Ingress Controller</a> </li> <li> <a href="https://insomnia.rest/" target="_blank" rel="noopener nofollow noreferrer noopener nofollow noreferrer">Kong Insomnia</a> </li> <li> <a href="https://konghq.com/product-updates" target="_blank" rel="noopener nofollow noreferrer ">Product Updates</a> </li> <li> <a href="https://konghq.com/contact-sales" target="_blank" rel="noopener nofollow noreferrer ">Get Started</a> </li> </ul> </nav> </li> <li> <nav> <div class="footer-category">Documentation</div> <ul> <li> <a href="/konnect/">Kong Konnect Docs</a> </li> <li> <a href="/gateway/latest/">Kong Gateway Docs</a> </li> <li> <a href="/gateway/latest/kong-enterprise/">Kong Gateway Enterprise Docs</a> </li> <li> <a href="/mesh/latest/">Kong Mesh Docs</a> </li> <li> <a href="https://docs.insomnia.rest/" target="_blank" rel="noopener nofollow noreferrer noopener nofollow noreferrer">Kong Insomnia Docs</a> </li> <li> <a href="/hub/">Kong Konnect Plugin Hub</a> </li> </ul> </nav> </li> <li> <nav> <div class="footer-category">Open Source</div> <ul> <li> <a href="https://konghq.com/install/#kong-community" target="_blank" rel="noopener nofollow noreferrer ">Kong Gateway</a> </li> <li> <a href="https://kuma.io/" target="_blank" rel="noopener nofollow noreferrer noopener nofollow noreferrer">Kuma</a> </li> <li> <a href="https://insomnia.rest/" target="_blank" rel="noopener nofollow noreferrer noopener nofollow noreferrer">Insomnia</a> </li> <li> <a href="https://konghq.com/community" target="_blank" rel="noopener nofollow noreferrer ">Kong Community</a> </li> </ul> </nav> </li> <li> <nav> <div class="footer-category">Company</div> <ul> <li> <a href="https://konghq.com/company/about-us" target="_blank" rel="noopener nofollow noreferrer ">About Kong</a> </li> <li> <a href="https://konghq.com/customers" target="_blank" rel="noopener nofollow noreferrer ">Customers</a> </li> <li> <a href="https://konghq.com/company/careers" target="_blank" rel="noopener nofollow noreferrer ">Careers</a> </li> <li> <a href="https://konghq.com/press-room" target="_blank" rel="noopener nofollow noreferrer ">Press</a> </li> <li> <a href="https://konghq.com/events" target="_blank" rel="noopener nofollow noreferrer ">Events</a> </li> <li> <a href="https://konghq.com/company/contact-us" target="_blank" rel="noopener nofollow noreferrer ">Contact</a> </li> </ul> </nav> </li> </ul> </li> </ul> </section> <section class="legal"> <div class="container d-flex"> <div class="social"> <div class="social-link"> <a href="https://www.facebook.com/konghq/" title="Facebook" target="_blank" rel="noopener nofollow noreferrer "><i aria-label="Facebook" class="fa fa-facebook-official" aria-hidden="true"></i></a> </div> <div class="social-link"> <a href="https://twitter.com/thekonginc" title="Twitter" target="_blank" rel="noopener nofollow noreferrer "><i aria-label="Twitter" class="fa fa-twitter" aria-hidden="true"></i></a> </div> <div class="social-link"> <a href="https://www.meetup.com/topics/kong/all/" title="Meetup" target="_blank" rel="noopener nofollow noreferrer "><i aria-label="Meetup" class="fa fa-meetup" aria-hidden="true"></i></a> </div> <div class="social-link"> <a href="https://linkedin.com/company/278819" title="LinkedIn" target="_blank" rel="noopener nofollow noreferrer "><i aria-label="GitHub" class="fa fa-linkedin" aria-hidden="true"></i></a> </div> <div class="social-link"> <a href="https://github.com/kong/kong" target="_blank" class="btn-gh" title="GitHub" rel="noopener nofollow noreferrer "> <i class="fa fa-github" aria-hidden="true" aria-label="GitHub"></i> </a> </div> </div> <ul> <li> <span class="mashape-footer-content"> <a href="https://konghq.com/legal/terms-of-use" target="_blank" rel="noopener nofollow noreferrer ">Terms</a><b>•</b> <a href="https://konghq.com/legal/privacy-policy" target="_blank" rel="noopener nofollow noreferrer ">Privacy</a><b>•</b> <a href="https://konghq.com/compliance" target="_blank" rel="noopener nofollow noreferrer ">Trust and Compliance</a> </span> </li> </ul> <div> <span>© Kong Inc. 2025  </span> </div> </div> </section> </footer> <script> var anchorForId = function (id) { var anchor = document.createElement("a"); anchor.className = "header-link"; anchor.href = "#" + id; anchor.innerHTML = "<i class=\"fa fa-link\"></i>"; anchor.title = `${id} Permalink`; return anchor; }; document.onreadystatechange = function () { if (this.readyState === "complete") { var className = ".show-anchor-links h1, .show-anchor-links h2, .show-anchor-links h3, " + ".show-anchor-links h4, .show-anchor-links h5, .show-anchor-links h6"; var headers = document.querySelectorAll(className); for (var i = 0; i < headers.length; i++) { var header = headers[i]; if (typeof header.id !== "undefined" && header.id !== "") { header.prepend(anchorForId(header.id)); } } } }; </script> <script> !function(){var i="analytics",analytics=window[i]=window[i]||[];if(!analytics.initialize)if(analytics.invoked)window.console&&console.error&&console.error("Segment snippet included twice.");else{analytics.invoked=!0;analytics.methods=["trackSubmit","trackClick","trackLink","trackForm","pageview","identify","reset","group","track","ready","alias","debug","page","screen","once","off","on","addSourceMiddleware","addIntegrationMiddleware","setAnonymousId","addDestinationMiddleware","register"];analytics.factory=function(e){return function(){if(window[i].initialized)return window[i][e].apply(window[i],arguments);var n=Array.prototype.slice.call(arguments);if(["track","screen","alias","group","page","identify"].indexOf(e)>-1){var c=document.querySelector("link[rel='canonical']");n.push({__t:"bpc",c:c&&c.getAttribute("href")||void 0,p:location.pathname,u:location.href,s:location.search,t:document.title,r:document.referrer})}n.unshift(e);analytics.push(n);return analytics}};for(var n=0;n<analytics.methods.length;n++){var key=analytics.methods[n];analytics[key]=analytics.factory(key)}analytics.load=function(key,n){var t=document.createElement("script");t.type="text/javascript";t.async=!0;t.setAttribute("data-global-segment-analytics-key",i);t.src="https://cdn.segment.com/analytics.js/v1/" + key + "/analytics.min.js";var r=document.getElementsByTagName("script")[0];r.parentNode.insertBefore(t,r);analytics._loadOptions=n};analytics._writeKey="X7EZTdbdUKQ8M6x42SHHPWiEhjsfs1EQ";;analytics.SNIPPET_VERSION="5.2.0"; analytics.load("X7EZTdbdUKQ8M6x42SHHPWiEhjsfs1EQ"); analytics.page(); }}(); </script> <div id="fb-root"></div> <script id="github-bjs" src="https://buttons.github.io/buttons.js" async defer></script> <script type="text/javascript"> var _vwo_code = (function() { var account_id = 125292, settings_tolerance = 2000, library_tolerance = 2500, use_existing_jquery = true, // DO NOT EDIT BELOW THIS LINE f = false, d = document; return { use_existing_jquery: function() { return use_existing_jquery; }, library_tolerance: function() { return library_tolerance; }, finish: function() { if (!f) { f = true; var a = d.getElementById('_vis_opt_path_hides'); if (a) a.parentNode.removeChild(a); } }, finished: function() { return f; }, load: function(a) { var b = d.createElement('script'); b.src = a; b.type = 'text/javascript'; b.innerText; b.onerror = function() { _vwo_code.finish(); }; d.getElementsByTagName('head')[0].appendChild(b); }, init: function() { settings_timer = setTimeout( '_vwo_code.finish()', settings_tolerance ); this.load( '//dev.visualwebsiteoptimizer.com/j.php?a=' + account_id + '&u=' + encodeURIComponent(d.URL) + '&r=' + Math.random() ); var a = d.createElement('style'), b = '', h = d.getElementsByTagName('head')[0]; a.setAttribute('id', '_vis_opt_path_hides'); a.setAttribute('type', 'text/css'); if (a.styleSheet) a.styleSheet.cssText = b; else a.appendChild(d.createTextNode(b)); h.appendChild(a); return settings_timer; } }; })(); _vwo_settings_timer = _vwo_code.init(); </script> <script src="https://cdn.jsdelivr.net/npm/@docsearch/js@3"></script> <script type="text/javascript"> docsearch({ appId: '05Y6TLHNFZ', apiKey: '80483bfe28d9fd036a11a6f6a06454f8', indexName: 'konghq', container: '#getkong-algolia-search-input', disableUserPersonalization: true, placeholder: 'Search the docs...', // Override selected event to allow for local environment navigation transformItems(items) { return items.map((item) => { var modifiedUrl = window.location.protocol + '//' + window.location.host + item.url.split('docs.konghq.com')[1]; return { ...item, url: modifiedUrl }; }); }, translations: { button: { buttonText: 'Search the docs..', buttonAriaLabel: 'Search the docs...' } }, resultsFooterComponent({ state }) { var facetParameters = {}; facetParameters = {"version[0]":"latest","product[0]":"Kong Mesh"}; var queryParams = new URLSearchParams(facetParameters); queryParams.set('query', state.query); return { // The HTML `tag` type: 'a', ref: undefined, constructor: undefined, key: state.query, // Its props props: { href: `/search/?${queryParams.toString()}`, target: '_blank', // Raw text rendered in the HTML element children: 'See more >' }, __v: null, }; }, searchParameters: { optionalFilters: ['product:Kong Mesh<score=1>'], facetFilters: [ 'version:latest'] } }); </script> </div> </body> </html>