Connection to Upstream to gRPC service from kong proxy expects TLS

Hello all,

Have a question on connection to Upstream gRPC service from kong proxy.

I have the following setup:

client --> Kong API GW* --> gRPC Service A* <--> gRPC Service B*

* - Kuma Mesh with mutual TLS enabled.

Kong version: 3.3
Kuma version: 2.3.2


  1. gRPC Service A ↔ gRPC Service B communication works fine with grpc or grpcs, that is TLS is enabled or disabled.
  2. client → Kong API GW → gRPC Service A works only if gRPC Service A is TLS enabled, otherwise results in TLS Protocol Error.


  1. As the Kong API Gateway is part of the Kuma Mesh with mutual TLS enabled, we would like to run the gRPC service A in non-TLS mode to avoid double TLS handshake. Is there a way to disable TLS for the upstream connection from Kong Proxy to gRPC service A?


This is resolved with the label addition on the Service resource: grpc