{ "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { "description": "spec defines the desired state of AgentgatewayBackend.", "properties": { "ai": { "description": "ai represents a LLM backend.", "properties": { "groups": { "description": "groups specifies a list of groups in priority order where each group defines\na set of LLM providers. The priority determines the priority of the backend endpoints chosen.\nNote: provider names must be unique across all providers in all priority groups. Backend policies\nmay target a specific provider by name using targetRefs[].sectionName.\n\nExample configuration with two priority groups:\n```yaml\ngroups:\n- providers:\n - azureopenai:\n deploymentName: gpt-4o-mini\n apiVersion: 2024-02-15-preview\n endpoint: ai-gateway.openai.azure.com\n- providers:\n - azureopenai:\n deploymentName: gpt-4o-mini-2\n apiVersion: 2024-02-15-preview\n endpoint: ai-gateway-2.openai.azure.com\n policies:\n auth:\n secretRef:\n name: azure-secret\n```", "items": { "properties": { "providers": { "description": "providers specifies a list of LLM providers within this group. Each provider is treated equally in terms of priority,\nwith automatic weighting based on health.", "items": { "properties": { "anthropic": { "description": "Anthropic provider", "properties": { "model": { "description": "Optional: Override the model name, such as `gpt-4o-mini`.\nIf unset, the model name is taken from the request.", "maxLength": 256, "minLength": 1, "type": "string" } }, "type": "object", "additionalProperties": false }, "azureopenai": { "description": "Azure OpenAI provider", "properties": { "apiVersion": { "description": "The version of the Azure OpenAI API to use.\nFor more information, see the [Azure OpenAI API version reference](https://learn.microsoft.com/en-us/azure/ai-services/openai/reference#api-specs).\nIf unset, defaults to \"v1\"", "maxLength": 64, "minLength": 1, "type": "string" }, "deploymentName": { "description": "The name of the Azure OpenAI model deployment to use.\nFor more information, see the [Azure OpenAI model docs](https://learn.microsoft.com/en-us/azure/ai-services/openai/concepts/models).\nThis is required if ApiVersion is not 'v1'. For v1, the model can be set in the request.", "maxLength": 256, "minLength": 1, "type": "string" }, "endpoint": { "description": "The endpoint for the Azure OpenAI API to use, such as `my-endpoint.openai.azure.com`.\nIf the scheme is included, it is stripped.", "maxLength": 256, "minLength": 1, "type": "string" } }, "required": [ "endpoint" ], "type": "object", "x-kubernetes-validations": [ { "message": "deploymentName is required for this apiVersion", "rule": "!has(self.apiVersion) || self.apiVersion == 'v1' ? true : has(self.deploymentName)" } ], "additionalProperties": false }, "bedrock": { "description": "Bedrock provider", "properties": { "guardrail": { "description": "Guardrail configures the Guardrail policy to use for the backend. See \nIf not specified, the AWS Guardrail policy will not be used.", "properties": { "identifier": { "description": "GuardrailIdentifier is the identifier of the Guardrail policy to use for the backend.", "maxLength": 256, "minLength": 1, "type": "string" }, "version": { "description": "GuardrailVersion is the version of the Guardrail policy to use for the backend.", "maxLength": 256, "minLength": 1, "type": "string" } }, "required": [ "identifier", "version" ], "type": "object", "additionalProperties": false }, "model": { "description": "Optional: Override the model name, such as `gpt-4o-mini`.\nIf unset, the model name is taken from the request.", "maxLength": 256, "minLength": 1, "type": "string" }, "region": { "default": "us-east-1", "description": "Region is the AWS region to use for the backend.\nDefaults to us-east-1 if not specified.", "maxLength": 63, "minLength": 1, "pattern": "^[a-z0-9-]+$", "type": "string" } }, "type": "object", "additionalProperties": false }, "gemini": { "description": "Gemini provider", "properties": { "model": { "description": "Optional: Override the model name, such as `gemini-2.5-pro`.\nIf unset, the model name is taken from the request.", "maxLength": 256, "minLength": 1, "type": "string" } }, "type": "object", "additionalProperties": false }, "host": { "description": "Host specifies the hostname to send the requests to.\nIf not specified, the default hostname for the provider is used.", "maxLength": 256, "minLength": 1, "type": "string" }, "name": { "description": "Name of the provider. Policies can target this provider by name.", "maxLength": 253, "minLength": 1, "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "openai": { "description": "OpenAI provider", "properties": { "model": { "description": "Optional: Override the model name, such as `gpt-4o-mini`.\nIf unset, the model name is taken from the request.", "maxLength": 256, "minLength": 1, "type": "string" } }, "type": "object", "additionalProperties": false }, "path": { "description": "Path specifies the URL path to use for the LLM provider API requests.\nThis is useful when you need to route requests to a different API endpoint while maintaining\ncompatibility with the original provider's API structure.\nIf not specified, the default path for the provider is used.", "maxLength": 1024, "minLength": 1, "type": "string" }, "policies": { "description": "policies controls policies for communicating with this backend. Policies may also be set in AgentgatewayPolicy, or\nin the top level AgentgatewayBackend. policies are merged on a field-level basis, with order: AgentgatewayPolicy <\nAgentgatewayBackend < AgentgatewayBackend LLM provider (this field).", "properties": { "ai": { "description": "ai specifies settings for AI workloads. This is only applicable when connecting to a Backend of type 'ai'.", "properties": { "defaults": { "description": "Provide defaults to merge with user input fields. If the field is already set, the field in the request is used.", "items": { "description": "FieldDefault provides default values for specific fields in the JSON request body sent to the LLM provider.\nThese defaults are merged with the user-provided request to ensure missing fields are populated.\n\nUser input fields here refer to the fields in the JSON request body that a client sends when making a request to the LLM provider.\nDefaults set here do _not_ override those user-provided values unless you explicitly set `override` to `true`.\n\nExample: Setting a default system field for Anthropic, which does not support system role messages:\n```yaml\ndefaults:\n - field: \"system\"\n value: \"answer all questions in French\"\n\n```\n\nExample: Setting a default temperature and overriding `max_tokens`:\n```yaml\ndefaults:\n - field: \"temperature\"\n value: \"0.5\"\n - field: \"max_tokens\"\n value: \"100\"\n override: true\n\n```\n\nExample: Setting custom lists fields:\n```yaml\ndefaults:\n - field: \"custom_integer_list\"\n value: [1,2,3]\n\noverrides:\n - field: \"custom_string_list\"\n value: [\"one\",\"two\",\"three\"]\n\n```\n\nNote: The `field` values correspond to keys in the JSON request body, not fields in this CRD.", "properties": { "field": { "description": "The name of the field.", "maxLength": 256, "minLength": 1, "type": "string" }, "value": { "description": "The field default value, which can be any JSON Data Type.", "x-kubernetes-preserve-unknown-fields": true } }, "required": [ "field", "value" ], "type": "object", "additionalProperties": false }, "maxItems": 64, "minItems": 1, "type": "array" }, "modelAliases": { "additionalProperties": { "type": "string" }, "description": "ModelAliases maps friendly model names to actual provider model names.\nExample: {\"fast\": \"gpt-3.5-turbo\", \"smart\": \"gpt-4-turbo\"}\nNote: This field is only applicable when using the agentgateway data plane.", "maxProperties": 64, "type": "object" }, "overrides": { "description": "Provide overrides to merge with user input fields. If the field is already set, the field will be overwritten.", "items": { "description": "FieldDefault provides default values for specific fields in the JSON request body sent to the LLM provider.\nThese defaults are merged with the user-provided request to ensure missing fields are populated.\n\nUser input fields here refer to the fields in the JSON request body that a client sends when making a request to the LLM provider.\nDefaults set here do _not_ override those user-provided values unless you explicitly set `override` to `true`.\n\nExample: Setting a default system field for Anthropic, which does not support system role messages:\n```yaml\ndefaults:\n - field: \"system\"\n value: \"answer all questions in French\"\n\n```\n\nExample: Setting a default temperature and overriding `max_tokens`:\n```yaml\ndefaults:\n - field: \"temperature\"\n value: \"0.5\"\n - field: \"max_tokens\"\n value: \"100\"\n override: true\n\n```\n\nExample: Setting custom lists fields:\n```yaml\ndefaults:\n - field: \"custom_integer_list\"\n value: [1,2,3]\n\noverrides:\n - field: \"custom_string_list\"\n value: [\"one\",\"two\",\"three\"]\n\n```\n\nNote: The `field` values correspond to keys in the JSON request body, not fields in this CRD.", "properties": { "field": { "description": "The name of the field.", "maxLength": 256, "minLength": 1, "type": "string" }, "value": { "description": "The field default value, which can be any JSON Data Type.", "x-kubernetes-preserve-unknown-fields": true } }, "required": [ "field", "value" ], "type": "object", "additionalProperties": false }, "maxItems": 64, "minItems": 1, "type": "array" }, "prompt": { "description": "Enrich requests sent to the LLM provider by appending and prepending system prompts. This can be configured only for\nLLM providers that use the `CHAT` or `CHAT_STREAMING` API route type.", "properties": { "append": { "description": "A list of messages to be appended to the prompt sent by the client.", "items": { "description": "An entry for a message to prepend or append to each prompt.", "properties": { "content": { "description": "String content of the message.", "type": "string" }, "role": { "description": "Role of the message. The available roles depend on the backend\nLLM provider model, such as `SYSTEM` or `USER` in the OpenAI API.", "type": "string" } }, "required": [ "content", "role" ], "type": "object", "additionalProperties": false }, "type": "array" }, "prepend": { "description": "A list of messages to be prepended to the prompt sent by the client.", "items": { "description": "An entry for a message to prepend or append to each prompt.", "properties": { "content": { "description": "String content of the message.", "type": "string" }, "role": { "description": "Role of the message. The available roles depend on the backend\nLLM provider model, such as `SYSTEM` or `USER` in the OpenAI API.", "type": "string" } }, "required": [ "content", "role" ], "type": "object", "additionalProperties": false }, "type": "array" } }, "type": "object", "additionalProperties": false }, "promptCaching": { "description": "promptCaching enables automatic prompt caching for supported providers (AWS Bedrock).\nReduces API costs by caching static content like system prompts and tool definitions.\nOnly applicable for Bedrock Claude 3+ and Nova models.", "properties": { "cacheMessages": { "default": true, "description": "CacheMessages enables caching for conversation messages.\nCaches all messages in the conversation for cost savings.", "type": "boolean" }, "cacheSystem": { "default": true, "description": "CacheSystem enables caching for system prompts.\nInserts a cache point after all system messages.", "type": "boolean" }, "cacheTools": { "default": false, "description": "CacheTools enables caching for tool definitions.\nInserts a cache point after all tool specifications.", "type": "boolean" }, "minTokens": { "default": 1024, "description": "MinTokens specifies the minimum estimated token count\nbefore caching is enabled. Uses rough heuristic (word count \u00d7 1.3) to estimate tokens.\nBedrock requires at least 1,024 tokens for caching to be effective.", "minimum": 0, "type": "integer" } }, "type": "object", "additionalProperties": false }, "promptGuard": { "description": "promptGuard enables adding guardrails to LLM requests and responses.", "properties": { "request": { "description": "Prompt guards to apply to requests sent by the client.", "items": { "description": "PromptguardRequest defines the prompt guards to apply to requests sent by the client.", "properties": { "openAIModeration": { "description": "openAIModeration passes prompt data through the OpenAI Moderations endpoint.\nSee https://platform.openai.com/docs/api-reference/moderations for more information.", "properties": { "model": { "description": "model specifies the moderation model to use. For example, `omni-moderation`.", "type": "string" }, "policies": { "description": "policies controls policies for communicating with OpenAI.", "properties": { "auth": { "description": "auth defines settings for managing authentication to the backend", "properties": { "aws": { "description": "Auth specifies an explicit AWS authentication method for the backend.\nWhen omitted, we will try to use the default AWS SDK authentication methods.", "properties": { "secretRef": { "description": "SecretRef references a Kubernetes Secret containing the AWS credentials.\nThe Secret must have keys \"accessKey\", \"secretKey\", and optionally \"sessionToken\".", "properties": { "name": { "default": "", "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false } }, "required": [ "secretRef" ], "type": "object", "additionalProperties": false }, "key": { "description": "key provides an inline key to use as the value of the Authorization header.\nThis option is the least secure; usage of a Secret is preferred.", "maxLength": 2048, "type": "string" }, "passthrough": { "description": "passthrough passes through an existing token that has been sent by the client and validated. Other policies, like\nJWT and API Key authentication, will strip the original client credentials. Passthrough backend authentication\ncauses the original token to be added back into the request. If there are no client authentication policies on the\nrequest, the original token would be unchanged, so this would have no effect.", "type": "object" }, "secretRef": { "description": "secretRef references a Kubernetes secret storing the key to use the authorization value. This must be stored in the\n'Authorization' key.", "properties": { "name": { "default": "", "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false } }, "type": "object", "x-kubernetes-validations": [ { "message": "exactly one of the fields in [key secretRef passthrough aws] must be set", "rule": "[has(self.key),has(self.secretRef),has(self.passthrough),has(self.aws)].filter(x,x==true).size() == 1" } ], "additionalProperties": false }, "http": { "description": "http defines settings for managing HTTP requests to the backend.", "properties": { "requestTimeout": { "description": "requestTimeout specifies the deadline for receiving a response from the backend.", "type": "string", "x-kubernetes-validations": [ { "message": "invalid duration value", "rule": "matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')" }, { "message": "requestTimeout must be at least 1ms", "rule": "duration(self) >= duration('1ms')" } ] }, "version": { "description": "version specifies the HTTP protocol version to use when connecting to the backend.\nIf not specified, the version is automatically determined:\n* Service types can specify it with 'appProtocol' on the Service port.\n* If traffic is identified as gRPC, HTTP2 is used.\n* If the incoming traffic was plaintext HTTP, the original protocol will be used.\n* If the incoming traffic was HTTPS, HTTP1 will be used. This is because most clients will\n transparently upgrade HTTPS traffic to HTTP2, even if the backend doesn't support it", "enum": [ "HTTP1", "HTTP2" ], "type": "string" } }, "type": "object", "additionalProperties": false }, "tcp": { "description": "tcp defines settings for managing TCP connections to the backend.", "properties": { "connectTimeout": { "description": "connectTimeout defines the deadline for establishing a connection to the destination.", "type": "string", "x-kubernetes-validations": [ { "message": "invalid duration value", "rule": "matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')" }, { "message": "connectTimeout must be at least 100ms", "rule": "duration(self) >= duration('100ms')" } ] }, "keepalive": { "description": "keepAlive defines settings for enabling TCP keepalives on the connection.", "properties": { "interval": { "description": "interval specifies the number of seconds between keep-alive probes.\nIf unset, this defaults to 180s.", "type": "string", "x-kubernetes-validations": [ { "message": "invalid duration value", "rule": "matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')" }, { "message": "interval must be at least 1 second", "rule": "duration(self) >= duration('1s')" } ] }, "retries": { "description": "retries specifies the maximum number of keep-alive probes to send before dropping the connection.\nIf unset, this defaults to 9.", "format": "int32", "maximum": 64, "minimum": 1, "type": "integer" }, "time": { "description": "time specifies the number of seconds a connection needs to be idle before keep-alive probes start being sent.\nIf unset, this defaults to 180s.", "type": "string", "x-kubernetes-validations": [ { "message": "invalid duration value", "rule": "matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')" }, { "message": "time must be at least 1 second", "rule": "duration(self) >= duration('1s')" } ] } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "tls": { "description": "tls defines settings for managing TLS connections to the backend.\n\nIf this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to\nvalidate the server, and the SNI will automatically be set based on the destination.", "properties": { "alpnProtocols": { "description": "alpnProtocols sets the Application Level Protocol Negotiation (ALPN) value to use in the TLS handshake.\n\nIf not present, defaults to [\"h2\", \"http/1.1\"].", "items": { "maxLength": 64, "minLength": 1, "type": "string" }, "maxItems": 16, "minItems": 1, "type": "array" }, "caCertificateRefs": { "description": "caCertificateRefs defines the CA certificate ConfigMap to use to verify the server certificate.\nIf unset, the system's trusted certificates are used.", "items": { "description": "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace.", "properties": { "name": { "default": "", "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "maxItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" }, "insecureSkipVerify": { "description": "insecureSkipVerify originates TLS but skips verification of the backend's certificate.\nWARNING: This is an insecure option that should only be used if the risks are understood.\n\nThere are two modes:\n* All disables all TLS verification\n* Hostname verifies the CA certificate is trusted, but ignores any mismatch of hostname/SANs. Note that this method\n is still insecure; prefer setting verifySubjectAltNames to customize the valid hostnames if possible.", "enum": [ "All", "Hostname" ], "type": "string" }, "mtlsCertificateRef": { "description": "mtlsCertificateRef enables mutual TLS to the backend, using the specified key (tls.key) and cert (tls.crt) from the\nrefenced Secret.\n\nAn optional 'ca.cert' field, if present, will be used to verify the server certificate if present. If\ncaCertificateRefs is also specified, the caCertificateRefs field takes priority.\n\nIf unspecified, no client certificate will be used.", "items": { "description": "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace.", "properties": { "name": { "default": "", "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "maxItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" }, "sni": { "description": "sni specifies the Server Name Indicator (SNI) to be used in the TLS handshake. If unset, the SNI is automatically\nset based on the destination hostname.", "maxLength": 253, "minLength": 1, "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "verifySubjectAltNames": { "description": "verifySubjectAltNames specifies the Subject Alternative Names (SAN) to verify in the server certificate.\nIf not present, the destination hostname is automatically used.", "items": { "maxLength": 256, "minLength": 1, "type": "string" }, "maxItems": 16, "minItems": 1, "type": "array" } }, "type": "object", "x-kubernetes-validations": [ { "message": "insecureSkipVerify All and caCertificateRefs may not be set together", "rule": "has(self.insecureSkipVerify) && self.insecureSkipVerify == 'All' ? !has(self.caCertificateRefs) : true" }, { "message": "insecureSkipVerify and verifySubjectAltNames may not be set together", "rule": "has(self.insecureSkipVerify) ? !has(self.verifySubjectAltNames) : true" }, { "message": "at most one of the fields in [verifySubjectAltNames insecureSkipVerify] may be set", "rule": "[has(self.verifySubjectAltNames),has(self.insecureSkipVerify)].filter(x,x==true).size() <= 1" } ], "additionalProperties": false } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "regex": { "description": "Regular expression (regex) matching for prompt guards and data masking.", "properties": { "action": { "default": "Mask", "description": "The action to take if a regex pattern is matched in a request or response.\nThis setting applies only to request matches. PromptguardResponse matches are always masked by default.\nDefaults to `Mask`.", "enum": [ "Mask", "Reject" ], "type": "string" }, "builtins": { "description": "A list of built-in regex patterns to match against the request or response.\nMatches and built-ins are additive.", "items": { "description": "BuiltIn regex patterns for specific types of strings in prompts.\nFor example, if you specify `CreditCard`, any credit card numbers\nin the request or response are matched.", "enum": [ "Ssn", "CreditCard", "PhoneNumber", "Email", "CaSin" ], "type": "string" }, "type": "array" }, "matches": { "description": "A list of regex patterns to match against the request or response.\nMatches and built-ins are additive.", "items": { "maxLength": 1024, "minLength": 1, "type": "string" }, "type": "array" } }, "type": "object", "additionalProperties": false }, "response": { "description": "A custom response message to return to the client. If not specified, defaults to\n\"The request was rejected due to inappropriate content\".", "properties": { "message": { "default": "The request was rejected due to inappropriate content", "description": "A custom response message to return to the client. If not specified, defaults to\n\"The request was rejected due to inappropriate content\".", "type": "string" }, "statusCode": { "default": 403, "description": "The status code to return to the client. Defaults to 403.", "format": "int32", "maximum": 599, "minimum": 200, "type": "integer" } }, "type": "object", "x-kubernetes-validations": [ { "message": "at least one of the fields in [message statusCode] must be set", "rule": "[has(self.message),has(self.statusCode)].filter(x,x==true).size() >= 1" } ], "additionalProperties": false }, "webhook": { "description": "Configure a webhook to forward requests to for prompt guarding.", "properties": { "backendRef": { "description": "backendRef references the webhook server to reach.\n\nSupported types: Service and Backend.", "properties": { "group": { "default": "", "description": "Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred.", "maxLength": 253, "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "kind": { "default": "Service", "description": "Kind is the Kubernetes resource kind of the referent. For example\n\"Service\".\n\nDefaults to \"Service\" when not specified.\n\nExternalName services can refer to CNAME DNS records that may live\noutside of the cluster and as such are difficult to reason about in\nterms of conformance. They also may not be safe to forward to (see\nCVE-2021-25740 for more information). Implementations SHOULD NOT\nsupport ExternalName Services.\n\nSupport: Core (Services with a type other than ExternalName)\n\nSupport: Implementation-specific (Services with type ExternalName)", "maxLength": 63, "minLength": 1, "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", "type": "string" }, "name": { "description": "Name is the name of the referent.", "maxLength": 253, "minLength": 1, "type": "string" }, "namespace": { "description": "Namespace is the namespace of the backend. When unspecified, the local\nnamespace is inferred.\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\nSupport: Core", "maxLength": 63, "minLength": 1, "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" }, "port": { "description": "Port specifies the destination port number to use for this resource.\nPort is required when the referent is a Kubernetes Service. In this\ncase, the port number is the service port number, not the target port.\nFor other resources, destination port might be derived from the referent\nresource or this field.", "format": "int32", "maximum": 65535, "minimum": 1, "type": "integer" } }, "required": [ "name" ], "type": "object", "x-kubernetes-validations": [ { "message": "Must have port for Service reference", "rule": "(size(self.group) == 0 && self.kind == 'Service') ? has(self.port) : true" } ], "additionalProperties": false }, "forwardHeaderMatches": { "description": "ForwardHeaderMatches defines a list of HTTP header matches that will be\nused to select the headers to forward to the webhook.\nRequest headers are used when forwarding requests and response headers\nare used when forwarding responses.\nBy default, no headers are forwarded.", "items": { "description": "HTTPHeaderMatch describes how to select a HTTP route by matching HTTP request\nheaders.", "properties": { "name": { "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\nIf multiple entries specify equivalent header names, only the first\nentry with an equivalent name MUST be considered for a match. Subsequent\nentries with an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.\n\nWhen a header is repeated in an HTTP request, it is\nimplementation-specific behavior as to how this is represented.\nGenerally, proxies should follow the guidance from the RFC:\nhttps://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding\nprocessing a repeated header, with special handling for \"Set-Cookie\".", "maxLength": 256, "minLength": 1, "pattern": "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$", "type": "string" }, "type": { "default": "Exact", "description": "Type specifies how to match against the value of the header.\n\nSupport: Core (Exact)\n\nSupport: Implementation-specific (RegularExpression)\n\nSince RegularExpression HeaderMatchType has implementation-specific\nconformance, implementations can support POSIX, PCRE or any other dialects\nof regular expressions. Please read the implementation's documentation to\ndetermine the supported dialect.", "enum": [ "Exact", "RegularExpression" ], "type": "string" }, "value": { "description": "Value is the value of HTTP Header to be matched.", "maxLength": 4096, "minLength": 1, "type": "string" } }, "required": [ "name", "value" ], "type": "object", "additionalProperties": false }, "type": "array" } }, "required": [ "backendRef" ], "type": "object", "additionalProperties": false } }, "type": "object", "x-kubernetes-validations": [ { "message": "exactly one of the fields in [regex webhook openAIModeration] must be set", "rule": "[has(self.regex),has(self.webhook),has(self.openAIModeration)].filter(x,x==true).size() == 1" } ], "additionalProperties": false }, "maxItems": 8, "minItems": 1, "type": "array" }, "response": { "description": "Prompt guards to apply to responses returned by the LLM provider.", "items": { "description": "PromptguardResponse configures the response that the prompt guard applies to responses returned by the LLM provider.", "properties": { "regex": { "description": "Regular expression (regex) matching for prompt guards and data masking.", "properties": { "action": { "default": "Mask", "description": "The action to take if a regex pattern is matched in a request or response.\nThis setting applies only to request matches. PromptguardResponse matches are always masked by default.\nDefaults to `Mask`.", "enum": [ "Mask", "Reject" ], "type": "string" }, "builtins": { "description": "A list of built-in regex patterns to match against the request or response.\nMatches and built-ins are additive.", "items": { "description": "BuiltIn regex patterns for specific types of strings in prompts.\nFor example, if you specify `CreditCard`, any credit card numbers\nin the request or response are matched.", "enum": [ "Ssn", "CreditCard", "PhoneNumber", "Email", "CaSin" ], "type": "string" }, "type": "array" }, "matches": { "description": "A list of regex patterns to match against the request or response.\nMatches and built-ins are additive.", "items": { "maxLength": 1024, "minLength": 1, "type": "string" }, "type": "array" } }, "type": "object", "additionalProperties": false }, "response": { "description": "A custom response message to return to the client. If not specified, defaults to\n\"The response was rejected due to inappropriate content\".", "properties": { "message": { "default": "The request was rejected due to inappropriate content", "description": "A custom response message to return to the client. If not specified, defaults to\n\"The request was rejected due to inappropriate content\".", "type": "string" }, "statusCode": { "default": 403, "description": "The status code to return to the client. Defaults to 403.", "format": "int32", "maximum": 599, "minimum": 200, "type": "integer" } }, "type": "object", "x-kubernetes-validations": [ { "message": "at least one of the fields in [message statusCode] must be set", "rule": "[has(self.message),has(self.statusCode)].filter(x,x==true).size() >= 1" } ], "additionalProperties": false }, "webhook": { "description": "Configure a webhook to forward responses to for prompt guarding.", "properties": { "backendRef": { "description": "backendRef references the webhook server to reach.\n\nSupported types: Service and Backend.", "properties": { "group": { "default": "", "description": "Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred.", "maxLength": 253, "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "kind": { "default": "Service", "description": "Kind is the Kubernetes resource kind of the referent. For example\n\"Service\".\n\nDefaults to \"Service\" when not specified.\n\nExternalName services can refer to CNAME DNS records that may live\noutside of the cluster and as such are difficult to reason about in\nterms of conformance. They also may not be safe to forward to (see\nCVE-2021-25740 for more information). Implementations SHOULD NOT\nsupport ExternalName Services.\n\nSupport: Core (Services with a type other than ExternalName)\n\nSupport: Implementation-specific (Services with type ExternalName)", "maxLength": 63, "minLength": 1, "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", "type": "string" }, "name": { "description": "Name is the name of the referent.", "maxLength": 253, "minLength": 1, "type": "string" }, "namespace": { "description": "Namespace is the namespace of the backend. When unspecified, the local\nnamespace is inferred.\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\nSupport: Core", "maxLength": 63, "minLength": 1, "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" }, "port": { "description": "Port specifies the destination port number to use for this resource.\nPort is required when the referent is a Kubernetes Service. In this\ncase, the port number is the service port number, not the target port.\nFor other resources, destination port might be derived from the referent\nresource or this field.", "format": "int32", "maximum": 65535, "minimum": 1, "type": "integer" } }, "required": [ "name" ], "type": "object", "x-kubernetes-validations": [ { "message": "Must have port for Service reference", "rule": "(size(self.group) == 0 && self.kind == 'Service') ? has(self.port) : true" } ], "additionalProperties": false }, "forwardHeaderMatches": { "description": "ForwardHeaderMatches defines a list of HTTP header matches that will be\nused to select the headers to forward to the webhook.\nRequest headers are used when forwarding requests and response headers\nare used when forwarding responses.\nBy default, no headers are forwarded.", "items": { "description": "HTTPHeaderMatch describes how to select a HTTP route by matching HTTP request\nheaders.", "properties": { "name": { "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\nIf multiple entries specify equivalent header names, only the first\nentry with an equivalent name MUST be considered for a match. Subsequent\nentries with an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.\n\nWhen a header is repeated in an HTTP request, it is\nimplementation-specific behavior as to how this is represented.\nGenerally, proxies should follow the guidance from the RFC:\nhttps://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding\nprocessing a repeated header, with special handling for \"Set-Cookie\".", "maxLength": 256, "minLength": 1, "pattern": "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$", "type": "string" }, "type": { "default": "Exact", "description": "Type specifies how to match against the value of the header.\n\nSupport: Core (Exact)\n\nSupport: Implementation-specific (RegularExpression)\n\nSince RegularExpression HeaderMatchType has implementation-specific\nconformance, implementations can support POSIX, PCRE or any other dialects\nof regular expressions. Please read the implementation's documentation to\ndetermine the supported dialect.", "enum": [ "Exact", "RegularExpression" ], "type": "string" }, "value": { "description": "Value is the value of HTTP Header to be matched.", "maxLength": 4096, "minLength": 1, "type": "string" } }, "required": [ "name", "value" ], "type": "object", "additionalProperties": false }, "type": "array" } }, "required": [ "backendRef" ], "type": "object", "additionalProperties": false } }, "type": "object", "x-kubernetes-validations": [ { "message": "exactly one of the fields in [regex webhook] must be set", "rule": "[has(self.regex),has(self.webhook)].filter(x,x==true).size() == 1" } ], "additionalProperties": false }, "maxItems": 8, "minItems": 1, "type": "array" } }, "type": "object", "x-kubernetes-validations": [ { "message": "at least one of the fields in [request response] must be set", "rule": "[has(self.request),has(self.response)].filter(x,x==true).size() >= 1" } ], "additionalProperties": false }, "routes": { "additionalProperties": { "description": "RouteType specifies how the AI gateway should process incoming requests\nbased on the URL path and the API format expected.", "enum": [ "Completions", "Messages", "Models", "Passthrough", "Responses", "AnthropicTokenCount", "Embeddings" ], "type": "string" }, "description": "routes defines how to identify the type of traffic to handle.\nThe keys are URL path suffixes matched using ends-with comparison (e.g., \"/v1/chat/completions\").\nThe special \"*\" wildcard matches any path.\nIf not specified, all traffic defaults to \"completions\" type.", "type": "object" } }, "type": "object", "x-kubernetes-validations": [ { "message": "at least one of the fields in [prompt promptGuard defaults overrides modelAliases promptCaching routes] must be set", "rule": "[has(self.prompt),has(self.promptGuard),has(self.defaults),has(self.overrides),has(self.modelAliases),has(self.promptCaching),has(self.routes)].filter(x,x==true).size() >= 1" } ], "additionalProperties": false }, "auth": { "description": "auth defines settings for managing authentication to the backend", "properties": { "aws": { "description": "Auth specifies an explicit AWS authentication method for the backend.\nWhen omitted, we will try to use the default AWS SDK authentication methods.", "properties": { "secretRef": { "description": "SecretRef references a Kubernetes Secret containing the AWS credentials.\nThe Secret must have keys \"accessKey\", \"secretKey\", and optionally \"sessionToken\".", "properties": { "name": { "default": "", "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false } }, "required": [ "secretRef" ], "type": "object", "additionalProperties": false }, "key": { "description": "key provides an inline key to use as the value of the Authorization header.\nThis option is the least secure; usage of a Secret is preferred.", "maxLength": 2048, "type": "string" }, "passthrough": { "description": "passthrough passes through an existing token that has been sent by the client and validated. Other policies, like\nJWT and API Key authentication, will strip the original client credentials. Passthrough backend authentication\ncauses the original token to be added back into the request. If there are no client authentication policies on the\nrequest, the original token would be unchanged, so this would have no effect.", "type": "object" }, "secretRef": { "description": "secretRef references a Kubernetes secret storing the key to use the authorization value. This must be stored in the\n'Authorization' key.", "properties": { "name": { "default": "", "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false } }, "type": "object", "x-kubernetes-validations": [ { "message": "exactly one of the fields in [key secretRef passthrough aws] must be set", "rule": "[has(self.key),has(self.secretRef),has(self.passthrough),has(self.aws)].filter(x,x==true).size() == 1" } ], "additionalProperties": false }, "http": { "description": "http defines settings for managing HTTP requests to the backend.", "properties": { "requestTimeout": { "description": "requestTimeout specifies the deadline for receiving a response from the backend.", "type": "string", "x-kubernetes-validations": [ { "message": "invalid duration value", "rule": "matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')" }, { "message": "requestTimeout must be at least 1ms", "rule": "duration(self) >= duration('1ms')" } ] }, "version": { "description": "version specifies the HTTP protocol version to use when connecting to the backend.\nIf not specified, the version is automatically determined:\n* Service types can specify it with 'appProtocol' on the Service port.\n* If traffic is identified as gRPC, HTTP2 is used.\n* If the incoming traffic was plaintext HTTP, the original protocol will be used.\n* If the incoming traffic was HTTPS, HTTP1 will be used. This is because most clients will\n transparently upgrade HTTPS traffic to HTTP2, even if the backend doesn't support it", "enum": [ "HTTP1", "HTTP2" ], "type": "string" } }, "type": "object", "additionalProperties": false }, "tcp": { "description": "tcp defines settings for managing TCP connections to the backend.", "properties": { "connectTimeout": { "description": "connectTimeout defines the deadline for establishing a connection to the destination.", "type": "string", "x-kubernetes-validations": [ { "message": "invalid duration value", "rule": "matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')" }, { "message": "connectTimeout must be at least 100ms", "rule": "duration(self) >= duration('100ms')" } ] }, "keepalive": { "description": "keepAlive defines settings for enabling TCP keepalives on the connection.", "properties": { "interval": { "description": "interval specifies the number of seconds between keep-alive probes.\nIf unset, this defaults to 180s.", "type": "string", "x-kubernetes-validations": [ { "message": "invalid duration value", "rule": "matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')" }, { "message": "interval must be at least 1 second", "rule": "duration(self) >= duration('1s')" } ] }, "retries": { "description": "retries specifies the maximum number of keep-alive probes to send before dropping the connection.\nIf unset, this defaults to 9.", "format": "int32", "maximum": 64, "minimum": 1, "type": "integer" }, "time": { "description": "time specifies the number of seconds a connection needs to be idle before keep-alive probes start being sent.\nIf unset, this defaults to 180s.", "type": "string", "x-kubernetes-validations": [ { "message": "invalid duration value", "rule": "matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')" }, { "message": "time must be at least 1 second", "rule": "duration(self) >= duration('1s')" } ] } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "tls": { "description": "tls defines settings for managing TLS connections to the backend.\n\nIf this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to\nvalidate the server, and the SNI will automatically be set based on the destination.", "properties": { "alpnProtocols": { "description": "alpnProtocols sets the Application Level Protocol Negotiation (ALPN) value to use in the TLS handshake.\n\nIf not present, defaults to [\"h2\", \"http/1.1\"].", "items": { "maxLength": 64, "minLength": 1, "type": "string" }, "maxItems": 16, "minItems": 1, "type": "array" }, "caCertificateRefs": { "description": "caCertificateRefs defines the CA certificate ConfigMap to use to verify the server certificate.\nIf unset, the system's trusted certificates are used.", "items": { "description": "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace.", "properties": { "name": { "default": "", "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "maxItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" }, "insecureSkipVerify": { "description": "insecureSkipVerify originates TLS but skips verification of the backend's certificate.\nWARNING: This is an insecure option that should only be used if the risks are understood.\n\nThere are two modes:\n* All disables all TLS verification\n* Hostname verifies the CA certificate is trusted, but ignores any mismatch of hostname/SANs. Note that this method\n is still insecure; prefer setting verifySubjectAltNames to customize the valid hostnames if possible.", "enum": [ "All", "Hostname" ], "type": "string" }, "mtlsCertificateRef": { "description": "mtlsCertificateRef enables mutual TLS to the backend, using the specified key (tls.key) and cert (tls.crt) from the\nrefenced Secret.\n\nAn optional 'ca.cert' field, if present, will be used to verify the server certificate if present. If\ncaCertificateRefs is also specified, the caCertificateRefs field takes priority.\n\nIf unspecified, no client certificate will be used.", "items": { "description": "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace.", "properties": { "name": { "default": "", "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "maxItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" }, "sni": { "description": "sni specifies the Server Name Indicator (SNI) to be used in the TLS handshake. If unset, the SNI is automatically\nset based on the destination hostname.", "maxLength": 253, "minLength": 1, "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "verifySubjectAltNames": { "description": "verifySubjectAltNames specifies the Subject Alternative Names (SAN) to verify in the server certificate.\nIf not present, the destination hostname is automatically used.", "items": { "maxLength": 256, "minLength": 1, "type": "string" }, "maxItems": 16, "minItems": 1, "type": "array" } }, "type": "object", "x-kubernetes-validations": [ { "message": "insecureSkipVerify All and caCertificateRefs may not be set together", "rule": "has(self.insecureSkipVerify) && self.insecureSkipVerify == 'All' ? !has(self.caCertificateRefs) : true" }, { "message": "insecureSkipVerify and verifySubjectAltNames may not be set together", "rule": "has(self.insecureSkipVerify) ? !has(self.verifySubjectAltNames) : true" }, { "message": "at most one of the fields in [verifySubjectAltNames insecureSkipVerify] may be set", "rule": "[has(self.verifySubjectAltNames),has(self.insecureSkipVerify)].filter(x,x==true).size() <= 1" } ], "additionalProperties": false } }, "type": "object", "x-kubernetes-validations": [ { "message": "at least one of the fields in [tcp tls http auth ai] must be set", "rule": "[has(self.tcp),has(self.tls),has(self.http),has(self.auth),has(self.ai)].filter(x,x==true).size() >= 1" } ], "additionalProperties": false }, "port": { "description": "Port specifies the port to send the requests to.", "format": "int32", "maximum": 65535, "minimum": 1, "type": "integer" }, "vertexai": { "description": "Vertex AI provider", "properties": { "model": { "description": "Optional: Override the model name, such as `gpt-4o-mini`.\nIf unset, the model name is taken from the request.", "maxLength": 256, "minLength": 1, "type": "string" }, "projectId": { "description": "The ID of the Google Cloud Project that you use for the Vertex AI.", "maxLength": 64, "minLength": 1, "type": "string" }, "region": { "description": "The location of the Google Cloud Project that you use for the Vertex AI.", "maxLength": 64, "minLength": 1, "type": "string" } }, "required": [ "projectId", "region" ], "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "x-kubernetes-validations": [ { "message": "both host and port must be set together", "rule": "has(self.host) || has(self.port) ? has(self.host) && has(self.port) : true" }, { "message": "exactly one of the fields in [openai azureopenai anthropic gemini vertexai bedrock] must be set", "rule": "[has(self.openai),has(self.azureopenai),has(self.anthropic),has(self.gemini),has(self.vertexai),has(self.bedrock)].filter(x,x==true).size() == 1" } ], "additionalProperties": false }, "maxItems": 32, "minItems": 1, "type": "array", "x-kubernetes-validations": [ { "message": "provider names must be unique within a group", "rule": "self.all(p1, self.exists_one(p2, p1.name == p2.name))" } ] } }, "required": [ "providers" ], "type": "object", "additionalProperties": false }, "maxItems": 32, "minItems": 1, "type": "array" }, "provider": { "description": "provider specifies configuration for how to reach the configured LLM provider.", "properties": { "anthropic": { "description": "Anthropic provider", "properties": { "model": { "description": "Optional: Override the model name, such as `gpt-4o-mini`.\nIf unset, the model name is taken from the request.", "maxLength": 256, "minLength": 1, "type": "string" } }, "type": "object", "additionalProperties": false }, "azureopenai": { "description": "Azure OpenAI provider", "properties": { "apiVersion": { "description": "The version of the Azure OpenAI API to use.\nFor more information, see the [Azure OpenAI API version reference](https://learn.microsoft.com/en-us/azure/ai-services/openai/reference#api-specs).\nIf unset, defaults to \"v1\"", "maxLength": 64, "minLength": 1, "type": "string" }, "deploymentName": { "description": "The name of the Azure OpenAI model deployment to use.\nFor more information, see the [Azure OpenAI model docs](https://learn.microsoft.com/en-us/azure/ai-services/openai/concepts/models).\nThis is required if ApiVersion is not 'v1'. For v1, the model can be set in the request.", "maxLength": 256, "minLength": 1, "type": "string" }, "endpoint": { "description": "The endpoint for the Azure OpenAI API to use, such as `my-endpoint.openai.azure.com`.\nIf the scheme is included, it is stripped.", "maxLength": 256, "minLength": 1, "type": "string" } }, "required": [ "endpoint" ], "type": "object", "x-kubernetes-validations": [ { "message": "deploymentName is required for this apiVersion", "rule": "!has(self.apiVersion) || self.apiVersion == 'v1' ? true : has(self.deploymentName)" } ], "additionalProperties": false }, "bedrock": { "description": "Bedrock provider", "properties": { "guardrail": { "description": "Guardrail configures the Guardrail policy to use for the backend. See \nIf not specified, the AWS Guardrail policy will not be used.", "properties": { "identifier": { "description": "GuardrailIdentifier is the identifier of the Guardrail policy to use for the backend.", "maxLength": 256, "minLength": 1, "type": "string" }, "version": { "description": "GuardrailVersion is the version of the Guardrail policy to use for the backend.", "maxLength": 256, "minLength": 1, "type": "string" } }, "required": [ "identifier", "version" ], "type": "object", "additionalProperties": false }, "model": { "description": "Optional: Override the model name, such as `gpt-4o-mini`.\nIf unset, the model name is taken from the request.", "maxLength": 256, "minLength": 1, "type": "string" }, "region": { "default": "us-east-1", "description": "Region is the AWS region to use for the backend.\nDefaults to us-east-1 if not specified.", "maxLength": 63, "minLength": 1, "pattern": "^[a-z0-9-]+$", "type": "string" } }, "type": "object", "additionalProperties": false }, "gemini": { "description": "Gemini provider", "properties": { "model": { "description": "Optional: Override the model name, such as `gemini-2.5-pro`.\nIf unset, the model name is taken from the request.", "maxLength": 256, "minLength": 1, "type": "string" } }, "type": "object", "additionalProperties": false }, "host": { "description": "Host specifies the hostname to send the requests to.\nIf not specified, the default hostname for the provider is used.", "maxLength": 256, "minLength": 1, "type": "string" }, "openai": { "description": "OpenAI provider", "properties": { "model": { "description": "Optional: Override the model name, such as `gpt-4o-mini`.\nIf unset, the model name is taken from the request.", "maxLength": 256, "minLength": 1, "type": "string" } }, "type": "object", "additionalProperties": false }, "path": { "description": "Path specifies the URL path to use for the LLM provider API requests.\nThis is useful when you need to route requests to a different API endpoint while maintaining\ncompatibility with the original provider's API structure.\nIf not specified, the default path for the provider is used.", "maxLength": 1024, "minLength": 1, "type": "string" }, "port": { "description": "Port specifies the port to send the requests to.", "format": "int32", "maximum": 65535, "minimum": 1, "type": "integer" }, "vertexai": { "description": "Vertex AI provider", "properties": { "model": { "description": "Optional: Override the model name, such as `gpt-4o-mini`.\nIf unset, the model name is taken from the request.", "maxLength": 256, "minLength": 1, "type": "string" }, "projectId": { "description": "The ID of the Google Cloud Project that you use for the Vertex AI.", "maxLength": 64, "minLength": 1, "type": "string" }, "region": { "description": "The location of the Google Cloud Project that you use for the Vertex AI.", "maxLength": 64, "minLength": 1, "type": "string" } }, "required": [ "projectId", "region" ], "type": "object", "additionalProperties": false } }, "type": "object", "x-kubernetes-validations": [ { "message": "both host and port must be set together", "rule": "has(self.host) || has(self.port) ? has(self.host) && has(self.port) : true" }, { "message": "exactly one of the fields in [openai azureopenai anthropic gemini vertexai bedrock] must be set", "rule": "[has(self.openai),has(self.azureopenai),has(self.anthropic),has(self.gemini),has(self.vertexai),has(self.bedrock)].filter(x,x==true).size() == 1" } ], "additionalProperties": false } }, "type": "object", "x-kubernetes-validations": [ { "message": "exactly one of the fields in [provider groups] must be set", "rule": "[has(self.provider),has(self.groups)].filter(x,x==true).size() == 1" } ], "additionalProperties": false }, "dynamicForwardProxy": { "description": "dynamicForwardProxy configures the proxy to dynamically send requests to the destination based on the incoming\nrequest HTTP host header, or TLS SNI for TLS traffic.\n\nNote: this Backend type enables users to send trigger the proxy to send requests to arbitrary destinations. Proper\naccess controls must be put in place when using this backend type.", "type": "object" }, "mcp": { "description": "mcp represents an MCP backend", "properties": { "sessionRouting": { "description": "SessionRouting configures MCP session behavior for requests.\nDefaults to Stateful if not set.", "enum": [ "Stateful", "Stateless" ], "type": "string" }, "targets": { "description": "Targets is a list of MCPBackend targets to use for this backend.\nPolicies targeting MCPBackend targets must use targetRefs[].sectionName\nto select the target by name.", "items": { "description": "McpTargetSelector defines the MCPBackend target to use for this backend.", "properties": { "name": { "description": "Name of the MCPBackend target.", "maxLength": 253, "minLength": 1, "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "selector": { "description": "selector is a label selector is the selector to use to select Services.\nIf policies are needed on a per-service basis, AgentgatewayPolicy can target the desired Service.", "properties": { "namespaces": { "description": "namespace is the label selector in which namespaces Services should be selected from.\nIf unset, only the namespace of the AgentgatewayBackend is searched.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" } }, "required": [ "key", "operator" ], "type": "object", "additionalProperties": false }, "type": "array", "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "services": { "description": "services is the label selector for which Services should be selected.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" } }, "required": [ "key", "operator" ], "type": "object", "additionalProperties": false }, "type": "array", "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false } }, "type": "object", "x-kubernetes-validations": [ { "message": "at least one of the fields in [namespaces services] must be set", "rule": "[has(self.namespaces),has(self.services)].filter(x,x==true).size() >= 1" } ], "additionalProperties": false }, "static": { "description": "static configures a static MCP destination. When connecting to in-cluster Services, it is recommended to use\n'selector' instead.", "properties": { "host": { "description": "Host is the hostname or IP address of the MCPBackend target.", "maxLength": 256, "minLength": 1, "type": "string" }, "path": { "description": "Path is the URL path of the MCPBackend target endpoint.\nDefaults to \"/sse\" for SSE protocol or \"/mcp\" for StreamableHTTP protocol if not specified.", "maxLength": 1024, "minLength": 1, "type": "string" }, "policies": { "description": "policies controls policies for communicating with this backend. Policies may also be set in AgentgatewayPolicy, or\nin the top level AgentgatewayBackend. Policies are merged on a field-level basis, with order: AgentgatewayPolicy <\nAgentgatewayBackend < AgentgatewayBackend MCP (this field).", "properties": { "auth": { "description": "auth defines settings for managing authentication to the backend", "properties": { "aws": { "description": "Auth specifies an explicit AWS authentication method for the backend.\nWhen omitted, we will try to use the default AWS SDK authentication methods.", "properties": { "secretRef": { "description": "SecretRef references a Kubernetes Secret containing the AWS credentials.\nThe Secret must have keys \"accessKey\", \"secretKey\", and optionally \"sessionToken\".", "properties": { "name": { "default": "", "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false } }, "required": [ "secretRef" ], "type": "object", "additionalProperties": false }, "key": { "description": "key provides an inline key to use as the value of the Authorization header.\nThis option is the least secure; usage of a Secret is preferred.", "maxLength": 2048, "type": "string" }, "passthrough": { "description": "passthrough passes through an existing token that has been sent by the client and validated. Other policies, like\nJWT and API Key authentication, will strip the original client credentials. Passthrough backend authentication\ncauses the original token to be added back into the request. If there are no client authentication policies on the\nrequest, the original token would be unchanged, so this would have no effect.", "type": "object" }, "secretRef": { "description": "secretRef references a Kubernetes secret storing the key to use the authorization value. This must be stored in the\n'Authorization' key.", "properties": { "name": { "default": "", "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false } }, "type": "object", "x-kubernetes-validations": [ { "message": "exactly one of the fields in [key secretRef passthrough aws] must be set", "rule": "[has(self.key),has(self.secretRef),has(self.passthrough),has(self.aws)].filter(x,x==true).size() == 1" } ], "additionalProperties": false }, "http": { "description": "http defines settings for managing HTTP requests to the backend.", "properties": { "requestTimeout": { "description": "requestTimeout specifies the deadline for receiving a response from the backend.", "type": "string", "x-kubernetes-validations": [ { "message": "invalid duration value", "rule": "matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')" }, { "message": "requestTimeout must be at least 1ms", "rule": "duration(self) >= duration('1ms')" } ] }, "version": { "description": "version specifies the HTTP protocol version to use when connecting to the backend.\nIf not specified, the version is automatically determined:\n* Service types can specify it with 'appProtocol' on the Service port.\n* If traffic is identified as gRPC, HTTP2 is used.\n* If the incoming traffic was plaintext HTTP, the original protocol will be used.\n* If the incoming traffic was HTTPS, HTTP1 will be used. This is because most clients will\n transparently upgrade HTTPS traffic to HTTP2, even if the backend doesn't support it", "enum": [ "HTTP1", "HTTP2" ], "type": "string" } }, "type": "object", "additionalProperties": false }, "mcp": { "description": "mcp specifies settings for MCP workloads. This is only applicable when connecting to a Backend of type 'mcp'.", "properties": { "authentication": { "description": "authentication defines MCPBackend specific authentication rules.", "properties": { "audiences": { "description": "audiences specify the list of allowed audiences that are allowed access. This corresponds to the 'aud' claim (https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.3).\nIf unset, any audience is allowed.", "items": { "type": "string" }, "maxItems": 64, "minItems": 1, "type": "array" }, "issuer": { "description": "Issuer identifies the IdP that issued the JWT. This corresponds to the 'iss' claim (https://tools.ietf.org/html/rfc7519#section-4.1.1).", "maxLength": 256, "minLength": 1, "type": "string" }, "jwks": { "description": "jwks defines the remote JSON Web Key used to validate the signature of the JWT.", "properties": { "backendRef": { "description": "backendRef references the remote JWKS server to reach.\nSupported types are Service and (static) Backend. An AgentgatewayPolicy containing backend tls config\ncan then be attached to the service/backend in order to set tls options for a connection to the remote jwks source.", "properties": { "group": { "default": "", "description": "Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred.", "maxLength": 253, "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "kind": { "default": "Service", "description": "Kind is the Kubernetes resource kind of the referent. For example\n\"Service\".\n\nDefaults to \"Service\" when not specified.\n\nExternalName services can refer to CNAME DNS records that may live\noutside of the cluster and as such are difficult to reason about in\nterms of conformance. They also may not be safe to forward to (see\nCVE-2021-25740 for more information). Implementations SHOULD NOT\nsupport ExternalName Services.\n\nSupport: Core (Services with a type other than ExternalName)\n\nSupport: Implementation-specific (Services with type ExternalName)", "maxLength": 63, "minLength": 1, "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", "type": "string" }, "name": { "description": "Name is the name of the referent.", "maxLength": 253, "minLength": 1, "type": "string" }, "namespace": { "description": "Namespace is the namespace of the backend. When unspecified, the local\nnamespace is inferred.\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\nSupport: Core", "maxLength": 63, "minLength": 1, "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" }, "port": { "description": "Port specifies the destination port number to use for this resource.\nPort is required when the referent is a Kubernetes Service. In this\ncase, the port number is the service port number, not the target port.\nFor other resources, destination port might be derived from the referent\nresource or this field.", "format": "int32", "maximum": 65535, "minimum": 1, "type": "integer" } }, "required": [ "name" ], "type": "object", "x-kubernetes-validations": [ { "message": "Must have port for Service reference", "rule": "(size(self.group) == 0 && self.kind == 'Service') ? has(self.port) : true" } ], "additionalProperties": false }, "cacheDuration": { "default": "5m", "type": "string", "x-kubernetes-validations": [ { "message": "invalid duration value", "rule": "matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')" }, { "message": "cacheDuration must be at least 5m.", "rule": "duration(self) >= duration('5m')" } ] }, "jwksPath": { "description": "Path to IdP jwks endpoint, relative to the root, commonly \".well-known/jwks.json\".", "maxLength": 2000, "minLength": 1, "type": "string" } }, "required": [ "backendRef", "jwksPath" ], "type": "object", "additionalProperties": false }, "mode": { "description": "validation mode for JWT authentication.", "enum": [ "Strict", "Optional", "Permissive" ], "type": "string" }, "provider": { "description": "McpIDP specifies the identity provider to use for authentication", "enum": [ "Auth0", "Keycloak" ], "type": "string" }, "resourceMetadata": { "additionalProperties": { "x-kubernetes-preserve-unknown-fields": true }, "description": "ResourceMetadata defines the metadata to use for MCP resources.", "type": "object" } }, "required": [ "jwks" ], "type": "object", "additionalProperties": false }, "authorization": { "description": "authorization defines MCPBackend level authorization. Unlike authorization at the HTTP level, which will reject\nunauthorized requests with a 403 error, this policy works at the MCPBackend level.\n\nList operations, such as list_tools, will have each item evaluated. Items that do not meet the rule will be filtered.\n\nGet or call operations, such as call_tool, will evaluate the specific item and reject requests that do not meet the rule.", "properties": { "action": { "default": "Allow", "description": "Action defines whether the rule allows or denies the request if matched.\nIf unspecified, the default is \"Allow\".", "enum": [ "Allow", "Deny" ], "type": "string" }, "policy": { "description": "Policy specifies the Authorization rule to evaluate.\nA policy matches when **any** of the conditions evaluates to true.", "properties": { "matchExpressions": { "description": "MatchExpressions defines a set of conditions that must be satisfied for the rule to match.\nThese expression should be in the form of a Common Expression Language (CEL) expression.", "items": { "description": "CELExpression represents a Common Expression Language (CEL) expression.", "maxLength": 16384, "minLength": 1, "type": "string" }, "maxItems": 256, "minItems": 1, "type": "array" } }, "required": [ "matchExpressions" ], "type": "object", "additionalProperties": false } }, "required": [ "policy" ], "type": "object", "additionalProperties": false } }, "type": "object", "x-kubernetes-validations": [ { "message": "at least one of the fields in [authorization authentication] must be set", "rule": "[has(self.authorization),has(self.authentication)].filter(x,x==true).size() >= 1" } ], "additionalProperties": false }, "tcp": { "description": "tcp defines settings for managing TCP connections to the backend.", "properties": { "connectTimeout": { "description": "connectTimeout defines the deadline for establishing a connection to the destination.", "type": "string", "x-kubernetes-validations": [ { "message": "invalid duration value", "rule": "matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')" }, { "message": "connectTimeout must be at least 100ms", "rule": "duration(self) >= duration('100ms')" } ] }, "keepalive": { "description": "keepAlive defines settings for enabling TCP keepalives on the connection.", "properties": { "interval": { "description": "interval specifies the number of seconds between keep-alive probes.\nIf unset, this defaults to 180s.", "type": "string", "x-kubernetes-validations": [ { "message": "invalid duration value", "rule": "matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')" }, { "message": "interval must be at least 1 second", "rule": "duration(self) >= duration('1s')" } ] }, "retries": { "description": "retries specifies the maximum number of keep-alive probes to send before dropping the connection.\nIf unset, this defaults to 9.", "format": "int32", "maximum": 64, "minimum": 1, "type": "integer" }, "time": { "description": "time specifies the number of seconds a connection needs to be idle before keep-alive probes start being sent.\nIf unset, this defaults to 180s.", "type": "string", "x-kubernetes-validations": [ { "message": "invalid duration value", "rule": "matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')" }, { "message": "time must be at least 1 second", "rule": "duration(self) >= duration('1s')" } ] } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "tls": { "description": "tls defines settings for managing TLS connections to the backend.\n\nIf this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to\nvalidate the server, and the SNI will automatically be set based on the destination.", "properties": { "alpnProtocols": { "description": "alpnProtocols sets the Application Level Protocol Negotiation (ALPN) value to use in the TLS handshake.\n\nIf not present, defaults to [\"h2\", \"http/1.1\"].", "items": { "maxLength": 64, "minLength": 1, "type": "string" }, "maxItems": 16, "minItems": 1, "type": "array" }, "caCertificateRefs": { "description": "caCertificateRefs defines the CA certificate ConfigMap to use to verify the server certificate.\nIf unset, the system's trusted certificates are used.", "items": { "description": "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace.", "properties": { "name": { "default": "", "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "maxItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" }, "insecureSkipVerify": { "description": "insecureSkipVerify originates TLS but skips verification of the backend's certificate.\nWARNING: This is an insecure option that should only be used if the risks are understood.\n\nThere are two modes:\n* All disables all TLS verification\n* Hostname verifies the CA certificate is trusted, but ignores any mismatch of hostname/SANs. Note that this method\n is still insecure; prefer setting verifySubjectAltNames to customize the valid hostnames if possible.", "enum": [ "All", "Hostname" ], "type": "string" }, "mtlsCertificateRef": { "description": "mtlsCertificateRef enables mutual TLS to the backend, using the specified key (tls.key) and cert (tls.crt) from the\nrefenced Secret.\n\nAn optional 'ca.cert' field, if present, will be used to verify the server certificate if present. If\ncaCertificateRefs is also specified, the caCertificateRefs field takes priority.\n\nIf unspecified, no client certificate will be used.", "items": { "description": "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace.", "properties": { "name": { "default": "", "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "maxItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" }, "sni": { "description": "sni specifies the Server Name Indicator (SNI) to be used in the TLS handshake. If unset, the SNI is automatically\nset based on the destination hostname.", "maxLength": 253, "minLength": 1, "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "verifySubjectAltNames": { "description": "verifySubjectAltNames specifies the Subject Alternative Names (SAN) to verify in the server certificate.\nIf not present, the destination hostname is automatically used.", "items": { "maxLength": 256, "minLength": 1, "type": "string" }, "maxItems": 16, "minItems": 1, "type": "array" } }, "type": "object", "x-kubernetes-validations": [ { "message": "insecureSkipVerify All and caCertificateRefs may not be set together", "rule": "has(self.insecureSkipVerify) && self.insecureSkipVerify == 'All' ? !has(self.caCertificateRefs) : true" }, { "message": "insecureSkipVerify and verifySubjectAltNames may not be set together", "rule": "has(self.insecureSkipVerify) ? !has(self.verifySubjectAltNames) : true" }, { "message": "at most one of the fields in [verifySubjectAltNames insecureSkipVerify] may be set", "rule": "[has(self.verifySubjectAltNames),has(self.insecureSkipVerify)].filter(x,x==true).size() <= 1" } ], "additionalProperties": false } }, "type": "object", "x-kubernetes-validations": [ { "message": "at least one of the fields in [tcp tls http auth mcp] must be set", "rule": "[has(self.tcp),has(self.tls),has(self.http),has(self.auth),has(self.mcp)].filter(x,x==true).size() >= 1" } ], "additionalProperties": false }, "port": { "description": "Port is the port number of the MCPBackend target.", "format": "int32", "maximum": 65535, "minimum": 1, "type": "integer" }, "protocol": { "description": "Protocol is the protocol to use for the connection to the MCPBackend target.", "enum": [ "StreamableHTTP", "SSE" ], "type": "string" } }, "required": [ "host", "port" ], "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "x-kubernetes-validations": [ { "message": "exactly one of the fields in [selector static] must be set", "rule": "[has(self.selector),has(self.static)].filter(x,x==true).size() == 1" } ], "additionalProperties": false }, "maxItems": 32, "minItems": 1, "type": "array", "x-kubernetes-list-map-keys": [ "name" ], "x-kubernetes-list-type": "map", "x-kubernetes-validations": [ { "message": "target names must be unique", "rule": "self.all(t1, self.exists_one(t2, t1.name == t2.name))" } ] } }, "required": [ "targets" ], "type": "object", "additionalProperties": false }, "policies": { "description": "policies controls policies for communicating with this backend. Policies may also be set in AgentgatewayPolicy;\npolicies are merged on a field-level basis, with policies on the Backend (this field) taking precedence.", "properties": { "ai": { "description": "ai specifies settings for AI workloads. This is only applicable when connecting to a Backend of type 'ai'.", "properties": { "defaults": { "description": "Provide defaults to merge with user input fields. If the field is already set, the field in the request is used.", "items": { "description": "FieldDefault provides default values for specific fields in the JSON request body sent to the LLM provider.\nThese defaults are merged with the user-provided request to ensure missing fields are populated.\n\nUser input fields here refer to the fields in the JSON request body that a client sends when making a request to the LLM provider.\nDefaults set here do _not_ override those user-provided values unless you explicitly set `override` to `true`.\n\nExample: Setting a default system field for Anthropic, which does not support system role messages:\n```yaml\ndefaults:\n - field: \"system\"\n value: \"answer all questions in French\"\n\n```\n\nExample: Setting a default temperature and overriding `max_tokens`:\n```yaml\ndefaults:\n - field: \"temperature\"\n value: \"0.5\"\n - field: \"max_tokens\"\n value: \"100\"\n override: true\n\n```\n\nExample: Setting custom lists fields:\n```yaml\ndefaults:\n - field: \"custom_integer_list\"\n value: [1,2,3]\n\noverrides:\n - field: \"custom_string_list\"\n value: [\"one\",\"two\",\"three\"]\n\n```\n\nNote: The `field` values correspond to keys in the JSON request body, not fields in this CRD.", "properties": { "field": { "description": "The name of the field.", "maxLength": 256, "minLength": 1, "type": "string" }, "value": { "description": "The field default value, which can be any JSON Data Type.", "x-kubernetes-preserve-unknown-fields": true } }, "required": [ "field", "value" ], "type": "object", "additionalProperties": false }, "maxItems": 64, "minItems": 1, "type": "array" }, "modelAliases": { "additionalProperties": { "type": "string" }, "description": "ModelAliases maps friendly model names to actual provider model names.\nExample: {\"fast\": \"gpt-3.5-turbo\", \"smart\": \"gpt-4-turbo\"}\nNote: This field is only applicable when using the agentgateway data plane.", "maxProperties": 64, "type": "object" }, "overrides": { "description": "Provide overrides to merge with user input fields. If the field is already set, the field will be overwritten.", "items": { "description": "FieldDefault provides default values for specific fields in the JSON request body sent to the LLM provider.\nThese defaults are merged with the user-provided request to ensure missing fields are populated.\n\nUser input fields here refer to the fields in the JSON request body that a client sends when making a request to the LLM provider.\nDefaults set here do _not_ override those user-provided values unless you explicitly set `override` to `true`.\n\nExample: Setting a default system field for Anthropic, which does not support system role messages:\n```yaml\ndefaults:\n - field: \"system\"\n value: \"answer all questions in French\"\n\n```\n\nExample: Setting a default temperature and overriding `max_tokens`:\n```yaml\ndefaults:\n - field: \"temperature\"\n value: \"0.5\"\n - field: \"max_tokens\"\n value: \"100\"\n override: true\n\n```\n\nExample: Setting custom lists fields:\n```yaml\ndefaults:\n - field: \"custom_integer_list\"\n value: [1,2,3]\n\noverrides:\n - field: \"custom_string_list\"\n value: [\"one\",\"two\",\"three\"]\n\n```\n\nNote: The `field` values correspond to keys in the JSON request body, not fields in this CRD.", "properties": { "field": { "description": "The name of the field.", "maxLength": 256, "minLength": 1, "type": "string" }, "value": { "description": "The field default value, which can be any JSON Data Type.", "x-kubernetes-preserve-unknown-fields": true } }, "required": [ "field", "value" ], "type": "object", "additionalProperties": false }, "maxItems": 64, "minItems": 1, "type": "array" }, "prompt": { "description": "Enrich requests sent to the LLM provider by appending and prepending system prompts. This can be configured only for\nLLM providers that use the `CHAT` or `CHAT_STREAMING` API route type.", "properties": { "append": { "description": "A list of messages to be appended to the prompt sent by the client.", "items": { "description": "An entry for a message to prepend or append to each prompt.", "properties": { "content": { "description": "String content of the message.", "type": "string" }, "role": { "description": "Role of the message. The available roles depend on the backend\nLLM provider model, such as `SYSTEM` or `USER` in the OpenAI API.", "type": "string" } }, "required": [ "content", "role" ], "type": "object", "additionalProperties": false }, "type": "array" }, "prepend": { "description": "A list of messages to be prepended to the prompt sent by the client.", "items": { "description": "An entry for a message to prepend or append to each prompt.", "properties": { "content": { "description": "String content of the message.", "type": "string" }, "role": { "description": "Role of the message. The available roles depend on the backend\nLLM provider model, such as `SYSTEM` or `USER` in the OpenAI API.", "type": "string" } }, "required": [ "content", "role" ], "type": "object", "additionalProperties": false }, "type": "array" } }, "type": "object", "additionalProperties": false }, "promptCaching": { "description": "promptCaching enables automatic prompt caching for supported providers (AWS Bedrock).\nReduces API costs by caching static content like system prompts and tool definitions.\nOnly applicable for Bedrock Claude 3+ and Nova models.", "properties": { "cacheMessages": { "default": true, "description": "CacheMessages enables caching for conversation messages.\nCaches all messages in the conversation for cost savings.", "type": "boolean" }, "cacheSystem": { "default": true, "description": "CacheSystem enables caching for system prompts.\nInserts a cache point after all system messages.", "type": "boolean" }, "cacheTools": { "default": false, "description": "CacheTools enables caching for tool definitions.\nInserts a cache point after all tool specifications.", "type": "boolean" }, "minTokens": { "default": 1024, "description": "MinTokens specifies the minimum estimated token count\nbefore caching is enabled. Uses rough heuristic (word count \u00d7 1.3) to estimate tokens.\nBedrock requires at least 1,024 tokens for caching to be effective.", "minimum": 0, "type": "integer" } }, "type": "object", "additionalProperties": false }, "promptGuard": { "description": "promptGuard enables adding guardrails to LLM requests and responses.", "properties": { "request": { "description": "Prompt guards to apply to requests sent by the client.", "items": { "description": "PromptguardRequest defines the prompt guards to apply to requests sent by the client.", "properties": { "openAIModeration": { "description": "openAIModeration passes prompt data through the OpenAI Moderations endpoint.\nSee https://platform.openai.com/docs/api-reference/moderations for more information.", "properties": { "model": { "description": "model specifies the moderation model to use. For example, `omni-moderation`.", "type": "string" }, "policies": { "description": "policies controls policies for communicating with OpenAI.", "properties": { "auth": { "description": "auth defines settings for managing authentication to the backend", "properties": { "aws": { "description": "Auth specifies an explicit AWS authentication method for the backend.\nWhen omitted, we will try to use the default AWS SDK authentication methods.", "properties": { "secretRef": { "description": "SecretRef references a Kubernetes Secret containing the AWS credentials.\nThe Secret must have keys \"accessKey\", \"secretKey\", and optionally \"sessionToken\".", "properties": { "name": { "default": "", "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false } }, "required": [ "secretRef" ], "type": "object", "additionalProperties": false }, "key": { "description": "key provides an inline key to use as the value of the Authorization header.\nThis option is the least secure; usage of a Secret is preferred.", "maxLength": 2048, "type": "string" }, "passthrough": { "description": "passthrough passes through an existing token that has been sent by the client and validated. Other policies, like\nJWT and API Key authentication, will strip the original client credentials. Passthrough backend authentication\ncauses the original token to be added back into the request. If there are no client authentication policies on the\nrequest, the original token would be unchanged, so this would have no effect.", "type": "object" }, "secretRef": { "description": "secretRef references a Kubernetes secret storing the key to use the authorization value. This must be stored in the\n'Authorization' key.", "properties": { "name": { "default": "", "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false } }, "type": "object", "x-kubernetes-validations": [ { "message": "exactly one of the fields in [key secretRef passthrough aws] must be set", "rule": "[has(self.key),has(self.secretRef),has(self.passthrough),has(self.aws)].filter(x,x==true).size() == 1" } ], "additionalProperties": false }, "http": { "description": "http defines settings for managing HTTP requests to the backend.", "properties": { "requestTimeout": { "description": "requestTimeout specifies the deadline for receiving a response from the backend.", "type": "string", "x-kubernetes-validations": [ { "message": "invalid duration value", "rule": "matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')" }, { "message": "requestTimeout must be at least 1ms", "rule": "duration(self) >= duration('1ms')" } ] }, "version": { "description": "version specifies the HTTP protocol version to use when connecting to the backend.\nIf not specified, the version is automatically determined:\n* Service types can specify it with 'appProtocol' on the Service port.\n* If traffic is identified as gRPC, HTTP2 is used.\n* If the incoming traffic was plaintext HTTP, the original protocol will be used.\n* If the incoming traffic was HTTPS, HTTP1 will be used. This is because most clients will\n transparently upgrade HTTPS traffic to HTTP2, even if the backend doesn't support it", "enum": [ "HTTP1", "HTTP2" ], "type": "string" } }, "type": "object", "additionalProperties": false }, "tcp": { "description": "tcp defines settings for managing TCP connections to the backend.", "properties": { "connectTimeout": { "description": "connectTimeout defines the deadline for establishing a connection to the destination.", "type": "string", "x-kubernetes-validations": [ { "message": "invalid duration value", "rule": "matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')" }, { "message": "connectTimeout must be at least 100ms", "rule": "duration(self) >= duration('100ms')" } ] }, "keepalive": { "description": "keepAlive defines settings for enabling TCP keepalives on the connection.", "properties": { "interval": { "description": "interval specifies the number of seconds between keep-alive probes.\nIf unset, this defaults to 180s.", "type": "string", "x-kubernetes-validations": [ { "message": "invalid duration value", "rule": "matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')" }, { "message": "interval must be at least 1 second", "rule": "duration(self) >= duration('1s')" } ] }, "retries": { "description": "retries specifies the maximum number of keep-alive probes to send before dropping the connection.\nIf unset, this defaults to 9.", "format": "int32", "maximum": 64, "minimum": 1, "type": "integer" }, "time": { "description": "time specifies the number of seconds a connection needs to be idle before keep-alive probes start being sent.\nIf unset, this defaults to 180s.", "type": "string", "x-kubernetes-validations": [ { "message": "invalid duration value", "rule": "matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')" }, { "message": "time must be at least 1 second", "rule": "duration(self) >= duration('1s')" } ] } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "tls": { "description": "tls defines settings for managing TLS connections to the backend.\n\nIf this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to\nvalidate the server, and the SNI will automatically be set based on the destination.", "properties": { "alpnProtocols": { "description": "alpnProtocols sets the Application Level Protocol Negotiation (ALPN) value to use in the TLS handshake.\n\nIf not present, defaults to [\"h2\", \"http/1.1\"].", "items": { "maxLength": 64, "minLength": 1, "type": "string" }, "maxItems": 16, "minItems": 1, "type": "array" }, "caCertificateRefs": { "description": "caCertificateRefs defines the CA certificate ConfigMap to use to verify the server certificate.\nIf unset, the system's trusted certificates are used.", "items": { "description": "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace.", "properties": { "name": { "default": "", "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "maxItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" }, "insecureSkipVerify": { "description": "insecureSkipVerify originates TLS but skips verification of the backend's certificate.\nWARNING: This is an insecure option that should only be used if the risks are understood.\n\nThere are two modes:\n* All disables all TLS verification\n* Hostname verifies the CA certificate is trusted, but ignores any mismatch of hostname/SANs. Note that this method\n is still insecure; prefer setting verifySubjectAltNames to customize the valid hostnames if possible.", "enum": [ "All", "Hostname" ], "type": "string" }, "mtlsCertificateRef": { "description": "mtlsCertificateRef enables mutual TLS to the backend, using the specified key (tls.key) and cert (tls.crt) from the\nrefenced Secret.\n\nAn optional 'ca.cert' field, if present, will be used to verify the server certificate if present. If\ncaCertificateRefs is also specified, the caCertificateRefs field takes priority.\n\nIf unspecified, no client certificate will be used.", "items": { "description": "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace.", "properties": { "name": { "default": "", "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "maxItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" }, "sni": { "description": "sni specifies the Server Name Indicator (SNI) to be used in the TLS handshake. If unset, the SNI is automatically\nset based on the destination hostname.", "maxLength": 253, "minLength": 1, "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "verifySubjectAltNames": { "description": "verifySubjectAltNames specifies the Subject Alternative Names (SAN) to verify in the server certificate.\nIf not present, the destination hostname is automatically used.", "items": { "maxLength": 256, "minLength": 1, "type": "string" }, "maxItems": 16, "minItems": 1, "type": "array" } }, "type": "object", "x-kubernetes-validations": [ { "message": "insecureSkipVerify All and caCertificateRefs may not be set together", "rule": "has(self.insecureSkipVerify) && self.insecureSkipVerify == 'All' ? !has(self.caCertificateRefs) : true" }, { "message": "insecureSkipVerify and verifySubjectAltNames may not be set together", "rule": "has(self.insecureSkipVerify) ? !has(self.verifySubjectAltNames) : true" }, { "message": "at most one of the fields in [verifySubjectAltNames insecureSkipVerify] may be set", "rule": "[has(self.verifySubjectAltNames),has(self.insecureSkipVerify)].filter(x,x==true).size() <= 1" } ], "additionalProperties": false } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "regex": { "description": "Regular expression (regex) matching for prompt guards and data masking.", "properties": { "action": { "default": "Mask", "description": "The action to take if a regex pattern is matched in a request or response.\nThis setting applies only to request matches. PromptguardResponse matches are always masked by default.\nDefaults to `Mask`.", "enum": [ "Mask", "Reject" ], "type": "string" }, "builtins": { "description": "A list of built-in regex patterns to match against the request or response.\nMatches and built-ins are additive.", "items": { "description": "BuiltIn regex patterns for specific types of strings in prompts.\nFor example, if you specify `CreditCard`, any credit card numbers\nin the request or response are matched.", "enum": [ "Ssn", "CreditCard", "PhoneNumber", "Email", "CaSin" ], "type": "string" }, "type": "array" }, "matches": { "description": "A list of regex patterns to match against the request or response.\nMatches and built-ins are additive.", "items": { "maxLength": 1024, "minLength": 1, "type": "string" }, "type": "array" } }, "type": "object", "additionalProperties": false }, "response": { "description": "A custom response message to return to the client. If not specified, defaults to\n\"The request was rejected due to inappropriate content\".", "properties": { "message": { "default": "The request was rejected due to inappropriate content", "description": "A custom response message to return to the client. If not specified, defaults to\n\"The request was rejected due to inappropriate content\".", "type": "string" }, "statusCode": { "default": 403, "description": "The status code to return to the client. Defaults to 403.", "format": "int32", "maximum": 599, "minimum": 200, "type": "integer" } }, "type": "object", "x-kubernetes-validations": [ { "message": "at least one of the fields in [message statusCode] must be set", "rule": "[has(self.message),has(self.statusCode)].filter(x,x==true).size() >= 1" } ], "additionalProperties": false }, "webhook": { "description": "Configure a webhook to forward requests to for prompt guarding.", "properties": { "backendRef": { "description": "backendRef references the webhook server to reach.\n\nSupported types: Service and Backend.", "properties": { "group": { "default": "", "description": "Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred.", "maxLength": 253, "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "kind": { "default": "Service", "description": "Kind is the Kubernetes resource kind of the referent. For example\n\"Service\".\n\nDefaults to \"Service\" when not specified.\n\nExternalName services can refer to CNAME DNS records that may live\noutside of the cluster and as such are difficult to reason about in\nterms of conformance. They also may not be safe to forward to (see\nCVE-2021-25740 for more information). Implementations SHOULD NOT\nsupport ExternalName Services.\n\nSupport: Core (Services with a type other than ExternalName)\n\nSupport: Implementation-specific (Services with type ExternalName)", "maxLength": 63, "minLength": 1, "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", "type": "string" }, "name": { "description": "Name is the name of the referent.", "maxLength": 253, "minLength": 1, "type": "string" }, "namespace": { "description": "Namespace is the namespace of the backend. When unspecified, the local\nnamespace is inferred.\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\nSupport: Core", "maxLength": 63, "minLength": 1, "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" }, "port": { "description": "Port specifies the destination port number to use for this resource.\nPort is required when the referent is a Kubernetes Service. In this\ncase, the port number is the service port number, not the target port.\nFor other resources, destination port might be derived from the referent\nresource or this field.", "format": "int32", "maximum": 65535, "minimum": 1, "type": "integer" } }, "required": [ "name" ], "type": "object", "x-kubernetes-validations": [ { "message": "Must have port for Service reference", "rule": "(size(self.group) == 0 && self.kind == 'Service') ? has(self.port) : true" } ], "additionalProperties": false }, "forwardHeaderMatches": { "description": "ForwardHeaderMatches defines a list of HTTP header matches that will be\nused to select the headers to forward to the webhook.\nRequest headers are used when forwarding requests and response headers\nare used when forwarding responses.\nBy default, no headers are forwarded.", "items": { "description": "HTTPHeaderMatch describes how to select a HTTP route by matching HTTP request\nheaders.", "properties": { "name": { "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\nIf multiple entries specify equivalent header names, only the first\nentry with an equivalent name MUST be considered for a match. Subsequent\nentries with an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.\n\nWhen a header is repeated in an HTTP request, it is\nimplementation-specific behavior as to how this is represented.\nGenerally, proxies should follow the guidance from the RFC:\nhttps://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding\nprocessing a repeated header, with special handling for \"Set-Cookie\".", "maxLength": 256, "minLength": 1, "pattern": "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$", "type": "string" }, "type": { "default": "Exact", "description": "Type specifies how to match against the value of the header.\n\nSupport: Core (Exact)\n\nSupport: Implementation-specific (RegularExpression)\n\nSince RegularExpression HeaderMatchType has implementation-specific\nconformance, implementations can support POSIX, PCRE or any other dialects\nof regular expressions. Please read the implementation's documentation to\ndetermine the supported dialect.", "enum": [ "Exact", "RegularExpression" ], "type": "string" }, "value": { "description": "Value is the value of HTTP Header to be matched.", "maxLength": 4096, "minLength": 1, "type": "string" } }, "required": [ "name", "value" ], "type": "object", "additionalProperties": false }, "type": "array" } }, "required": [ "backendRef" ], "type": "object", "additionalProperties": false } }, "type": "object", "x-kubernetes-validations": [ { "message": "exactly one of the fields in [regex webhook openAIModeration] must be set", "rule": "[has(self.regex),has(self.webhook),has(self.openAIModeration)].filter(x,x==true).size() == 1" } ], "additionalProperties": false }, "maxItems": 8, "minItems": 1, "type": "array" }, "response": { "description": "Prompt guards to apply to responses returned by the LLM provider.", "items": { "description": "PromptguardResponse configures the response that the prompt guard applies to responses returned by the LLM provider.", "properties": { "regex": { "description": "Regular expression (regex) matching for prompt guards and data masking.", "properties": { "action": { "default": "Mask", "description": "The action to take if a regex pattern is matched in a request or response.\nThis setting applies only to request matches. PromptguardResponse matches are always masked by default.\nDefaults to `Mask`.", "enum": [ "Mask", "Reject" ], "type": "string" }, "builtins": { "description": "A list of built-in regex patterns to match against the request or response.\nMatches and built-ins are additive.", "items": { "description": "BuiltIn regex patterns for specific types of strings in prompts.\nFor example, if you specify `CreditCard`, any credit card numbers\nin the request or response are matched.", "enum": [ "Ssn", "CreditCard", "PhoneNumber", "Email", "CaSin" ], "type": "string" }, "type": "array" }, "matches": { "description": "A list of regex patterns to match against the request or response.\nMatches and built-ins are additive.", "items": { "maxLength": 1024, "minLength": 1, "type": "string" }, "type": "array" } }, "type": "object", "additionalProperties": false }, "response": { "description": "A custom response message to return to the client. If not specified, defaults to\n\"The response was rejected due to inappropriate content\".", "properties": { "message": { "default": "The request was rejected due to inappropriate content", "description": "A custom response message to return to the client. If not specified, defaults to\n\"The request was rejected due to inappropriate content\".", "type": "string" }, "statusCode": { "default": 403, "description": "The status code to return to the client. Defaults to 403.", "format": "int32", "maximum": 599, "minimum": 200, "type": "integer" } }, "type": "object", "x-kubernetes-validations": [ { "message": "at least one of the fields in [message statusCode] must be set", "rule": "[has(self.message),has(self.statusCode)].filter(x,x==true).size() >= 1" } ], "additionalProperties": false }, "webhook": { "description": "Configure a webhook to forward responses to for prompt guarding.", "properties": { "backendRef": { "description": "backendRef references the webhook server to reach.\n\nSupported types: Service and Backend.", "properties": { "group": { "default": "", "description": "Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred.", "maxLength": 253, "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "kind": { "default": "Service", "description": "Kind is the Kubernetes resource kind of the referent. For example\n\"Service\".\n\nDefaults to \"Service\" when not specified.\n\nExternalName services can refer to CNAME DNS records that may live\noutside of the cluster and as such are difficult to reason about in\nterms of conformance. They also may not be safe to forward to (see\nCVE-2021-25740 for more information). Implementations SHOULD NOT\nsupport ExternalName Services.\n\nSupport: Core (Services with a type other than ExternalName)\n\nSupport: Implementation-specific (Services with type ExternalName)", "maxLength": 63, "minLength": 1, "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", "type": "string" }, "name": { "description": "Name is the name of the referent.", "maxLength": 253, "minLength": 1, "type": "string" }, "namespace": { "description": "Namespace is the namespace of the backend. When unspecified, the local\nnamespace is inferred.\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\nSupport: Core", "maxLength": 63, "minLength": 1, "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" }, "port": { "description": "Port specifies the destination port number to use for this resource.\nPort is required when the referent is a Kubernetes Service. In this\ncase, the port number is the service port number, not the target port.\nFor other resources, destination port might be derived from the referent\nresource or this field.", "format": "int32", "maximum": 65535, "minimum": 1, "type": "integer" } }, "required": [ "name" ], "type": "object", "x-kubernetes-validations": [ { "message": "Must have port for Service reference", "rule": "(size(self.group) == 0 && self.kind == 'Service') ? has(self.port) : true" } ], "additionalProperties": false }, "forwardHeaderMatches": { "description": "ForwardHeaderMatches defines a list of HTTP header matches that will be\nused to select the headers to forward to the webhook.\nRequest headers are used when forwarding requests and response headers\nare used when forwarding responses.\nBy default, no headers are forwarded.", "items": { "description": "HTTPHeaderMatch describes how to select a HTTP route by matching HTTP request\nheaders.", "properties": { "name": { "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\nIf multiple entries specify equivalent header names, only the first\nentry with an equivalent name MUST be considered for a match. Subsequent\nentries with an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.\n\nWhen a header is repeated in an HTTP request, it is\nimplementation-specific behavior as to how this is represented.\nGenerally, proxies should follow the guidance from the RFC:\nhttps://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding\nprocessing a repeated header, with special handling for \"Set-Cookie\".", "maxLength": 256, "minLength": 1, "pattern": "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$", "type": "string" }, "type": { "default": "Exact", "description": "Type specifies how to match against the value of the header.\n\nSupport: Core (Exact)\n\nSupport: Implementation-specific (RegularExpression)\n\nSince RegularExpression HeaderMatchType has implementation-specific\nconformance, implementations can support POSIX, PCRE or any other dialects\nof regular expressions. Please read the implementation's documentation to\ndetermine the supported dialect.", "enum": [ "Exact", "RegularExpression" ], "type": "string" }, "value": { "description": "Value is the value of HTTP Header to be matched.", "maxLength": 4096, "minLength": 1, "type": "string" } }, "required": [ "name", "value" ], "type": "object", "additionalProperties": false }, "type": "array" } }, "required": [ "backendRef" ], "type": "object", "additionalProperties": false } }, "type": "object", "x-kubernetes-validations": [ { "message": "exactly one of the fields in [regex webhook] must be set", "rule": "[has(self.regex),has(self.webhook)].filter(x,x==true).size() == 1" } ], "additionalProperties": false }, "maxItems": 8, "minItems": 1, "type": "array" } }, "type": "object", "x-kubernetes-validations": [ { "message": "at least one of the fields in [request response] must be set", "rule": "[has(self.request),has(self.response)].filter(x,x==true).size() >= 1" } ], "additionalProperties": false }, "routes": { "additionalProperties": { "description": "RouteType specifies how the AI gateway should process incoming requests\nbased on the URL path and the API format expected.", "enum": [ "Completions", "Messages", "Models", "Passthrough", "Responses", "AnthropicTokenCount", "Embeddings" ], "type": "string" }, "description": "routes defines how to identify the type of traffic to handle.\nThe keys are URL path suffixes matched using ends-with comparison (e.g., \"/v1/chat/completions\").\nThe special \"*\" wildcard matches any path.\nIf not specified, all traffic defaults to \"completions\" type.", "type": "object" } }, "type": "object", "x-kubernetes-validations": [ { "message": "at least one of the fields in [prompt promptGuard defaults overrides modelAliases promptCaching routes] must be set", "rule": "[has(self.prompt),has(self.promptGuard),has(self.defaults),has(self.overrides),has(self.modelAliases),has(self.promptCaching),has(self.routes)].filter(x,x==true).size() >= 1" } ], "additionalProperties": false }, "auth": { "description": "auth defines settings for managing authentication to the backend", "properties": { "aws": { "description": "Auth specifies an explicit AWS authentication method for the backend.\nWhen omitted, we will try to use the default AWS SDK authentication methods.", "properties": { "secretRef": { "description": "SecretRef references a Kubernetes Secret containing the AWS credentials.\nThe Secret must have keys \"accessKey\", \"secretKey\", and optionally \"sessionToken\".", "properties": { "name": { "default": "", "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false } }, "required": [ "secretRef" ], "type": "object", "additionalProperties": false }, "key": { "description": "key provides an inline key to use as the value of the Authorization header.\nThis option is the least secure; usage of a Secret is preferred.", "maxLength": 2048, "type": "string" }, "passthrough": { "description": "passthrough passes through an existing token that has been sent by the client and validated. Other policies, like\nJWT and API Key authentication, will strip the original client credentials. Passthrough backend authentication\ncauses the original token to be added back into the request. If there are no client authentication policies on the\nrequest, the original token would be unchanged, so this would have no effect.", "type": "object" }, "secretRef": { "description": "secretRef references a Kubernetes secret storing the key to use the authorization value. This must be stored in the\n'Authorization' key.", "properties": { "name": { "default": "", "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false } }, "type": "object", "x-kubernetes-validations": [ { "message": "exactly one of the fields in [key secretRef passthrough aws] must be set", "rule": "[has(self.key),has(self.secretRef),has(self.passthrough),has(self.aws)].filter(x,x==true).size() == 1" } ], "additionalProperties": false }, "http": { "description": "http defines settings for managing HTTP requests to the backend.", "properties": { "requestTimeout": { "description": "requestTimeout specifies the deadline for receiving a response from the backend.", "type": "string", "x-kubernetes-validations": [ { "message": "invalid duration value", "rule": "matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')" }, { "message": "requestTimeout must be at least 1ms", "rule": "duration(self) >= duration('1ms')" } ] }, "version": { "description": "version specifies the HTTP protocol version to use when connecting to the backend.\nIf not specified, the version is automatically determined:\n* Service types can specify it with 'appProtocol' on the Service port.\n* If traffic is identified as gRPC, HTTP2 is used.\n* If the incoming traffic was plaintext HTTP, the original protocol will be used.\n* If the incoming traffic was HTTPS, HTTP1 will be used. This is because most clients will\n transparently upgrade HTTPS traffic to HTTP2, even if the backend doesn't support it", "enum": [ "HTTP1", "HTTP2" ], "type": "string" } }, "type": "object", "additionalProperties": false }, "mcp": { "description": "mcp specifies settings for MCP workloads. This is only applicable when connecting to a Backend of type 'mcp'.", "properties": { "authentication": { "description": "authentication defines MCPBackend specific authentication rules.", "properties": { "audiences": { "description": "audiences specify the list of allowed audiences that are allowed access. This corresponds to the 'aud' claim (https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.3).\nIf unset, any audience is allowed.", "items": { "type": "string" }, "maxItems": 64, "minItems": 1, "type": "array" }, "issuer": { "description": "Issuer identifies the IdP that issued the JWT. This corresponds to the 'iss' claim (https://tools.ietf.org/html/rfc7519#section-4.1.1).", "maxLength": 256, "minLength": 1, "type": "string" }, "jwks": { "description": "jwks defines the remote JSON Web Key used to validate the signature of the JWT.", "properties": { "backendRef": { "description": "backendRef references the remote JWKS server to reach.\nSupported types are Service and (static) Backend. An AgentgatewayPolicy containing backend tls config\ncan then be attached to the service/backend in order to set tls options for a connection to the remote jwks source.", "properties": { "group": { "default": "", "description": "Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred.", "maxLength": 253, "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "kind": { "default": "Service", "description": "Kind is the Kubernetes resource kind of the referent. For example\n\"Service\".\n\nDefaults to \"Service\" when not specified.\n\nExternalName services can refer to CNAME DNS records that may live\noutside of the cluster and as such are difficult to reason about in\nterms of conformance. They also may not be safe to forward to (see\nCVE-2021-25740 for more information). Implementations SHOULD NOT\nsupport ExternalName Services.\n\nSupport: Core (Services with a type other than ExternalName)\n\nSupport: Implementation-specific (Services with type ExternalName)", "maxLength": 63, "minLength": 1, "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", "type": "string" }, "name": { "description": "Name is the name of the referent.", "maxLength": 253, "minLength": 1, "type": "string" }, "namespace": { "description": "Namespace is the namespace of the backend. When unspecified, the local\nnamespace is inferred.\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\nSupport: Core", "maxLength": 63, "minLength": 1, "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" }, "port": { "description": "Port specifies the destination port number to use for this resource.\nPort is required when the referent is a Kubernetes Service. In this\ncase, the port number is the service port number, not the target port.\nFor other resources, destination port might be derived from the referent\nresource or this field.", "format": "int32", "maximum": 65535, "minimum": 1, "type": "integer" } }, "required": [ "name" ], "type": "object", "x-kubernetes-validations": [ { "message": "Must have port for Service reference", "rule": "(size(self.group) == 0 && self.kind == 'Service') ? has(self.port) : true" } ], "additionalProperties": false }, "cacheDuration": { "default": "5m", "type": "string", "x-kubernetes-validations": [ { "message": "invalid duration value", "rule": "matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')" }, { "message": "cacheDuration must be at least 5m.", "rule": "duration(self) >= duration('5m')" } ] }, "jwksPath": { "description": "Path to IdP jwks endpoint, relative to the root, commonly \".well-known/jwks.json\".", "maxLength": 2000, "minLength": 1, "type": "string" } }, "required": [ "backendRef", "jwksPath" ], "type": "object", "additionalProperties": false }, "mode": { "description": "validation mode for JWT authentication.", "enum": [ "Strict", "Optional", "Permissive" ], "type": "string" }, "provider": { "description": "McpIDP specifies the identity provider to use for authentication", "enum": [ "Auth0", "Keycloak" ], "type": "string" }, "resourceMetadata": { "additionalProperties": { "x-kubernetes-preserve-unknown-fields": true }, "description": "ResourceMetadata defines the metadata to use for MCP resources.", "type": "object" } }, "required": [ "jwks" ], "type": "object", "additionalProperties": false }, "authorization": { "description": "authorization defines MCPBackend level authorization. Unlike authorization at the HTTP level, which will reject\nunauthorized requests with a 403 error, this policy works at the MCPBackend level.\n\nList operations, such as list_tools, will have each item evaluated. Items that do not meet the rule will be filtered.\n\nGet or call operations, such as call_tool, will evaluate the specific item and reject requests that do not meet the rule.", "properties": { "action": { "default": "Allow", "description": "Action defines whether the rule allows or denies the request if matched.\nIf unspecified, the default is \"Allow\".", "enum": [ "Allow", "Deny" ], "type": "string" }, "policy": { "description": "Policy specifies the Authorization rule to evaluate.\nA policy matches when **any** of the conditions evaluates to true.", "properties": { "matchExpressions": { "description": "MatchExpressions defines a set of conditions that must be satisfied for the rule to match.\nThese expression should be in the form of a Common Expression Language (CEL) expression.", "items": { "description": "CELExpression represents a Common Expression Language (CEL) expression.", "maxLength": 16384, "minLength": 1, "type": "string" }, "maxItems": 256, "minItems": 1, "type": "array" } }, "required": [ "matchExpressions" ], "type": "object", "additionalProperties": false } }, "required": [ "policy" ], "type": "object", "additionalProperties": false } }, "type": "object", "x-kubernetes-validations": [ { "message": "at least one of the fields in [authorization authentication] must be set", "rule": "[has(self.authorization),has(self.authentication)].filter(x,x==true).size() >= 1" } ], "additionalProperties": false }, "tcp": { "description": "tcp defines settings for managing TCP connections to the backend.", "properties": { "connectTimeout": { "description": "connectTimeout defines the deadline for establishing a connection to the destination.", "type": "string", "x-kubernetes-validations": [ { "message": "invalid duration value", "rule": "matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')" }, { "message": "connectTimeout must be at least 100ms", "rule": "duration(self) >= duration('100ms')" } ] }, "keepalive": { "description": "keepAlive defines settings for enabling TCP keepalives on the connection.", "properties": { "interval": { "description": "interval specifies the number of seconds between keep-alive probes.\nIf unset, this defaults to 180s.", "type": "string", "x-kubernetes-validations": [ { "message": "invalid duration value", "rule": "matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')" }, { "message": "interval must be at least 1 second", "rule": "duration(self) >= duration('1s')" } ] }, "retries": { "description": "retries specifies the maximum number of keep-alive probes to send before dropping the connection.\nIf unset, this defaults to 9.", "format": "int32", "maximum": 64, "minimum": 1, "type": "integer" }, "time": { "description": "time specifies the number of seconds a connection needs to be idle before keep-alive probes start being sent.\nIf unset, this defaults to 180s.", "type": "string", "x-kubernetes-validations": [ { "message": "invalid duration value", "rule": "matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')" }, { "message": "time must be at least 1 second", "rule": "duration(self) >= duration('1s')" } ] } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "tls": { "description": "tls defines settings for managing TLS connections to the backend.\n\nIf this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to\nvalidate the server, and the SNI will automatically be set based on the destination.", "properties": { "alpnProtocols": { "description": "alpnProtocols sets the Application Level Protocol Negotiation (ALPN) value to use in the TLS handshake.\n\nIf not present, defaults to [\"h2\", \"http/1.1\"].", "items": { "maxLength": 64, "minLength": 1, "type": "string" }, "maxItems": 16, "minItems": 1, "type": "array" }, "caCertificateRefs": { "description": "caCertificateRefs defines the CA certificate ConfigMap to use to verify the server certificate.\nIf unset, the system's trusted certificates are used.", "items": { "description": "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace.", "properties": { "name": { "default": "", "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "maxItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" }, "insecureSkipVerify": { "description": "insecureSkipVerify originates TLS but skips verification of the backend's certificate.\nWARNING: This is an insecure option that should only be used if the risks are understood.\n\nThere are two modes:\n* All disables all TLS verification\n* Hostname verifies the CA certificate is trusted, but ignores any mismatch of hostname/SANs. Note that this method\n is still insecure; prefer setting verifySubjectAltNames to customize the valid hostnames if possible.", "enum": [ "All", "Hostname" ], "type": "string" }, "mtlsCertificateRef": { "description": "mtlsCertificateRef enables mutual TLS to the backend, using the specified key (tls.key) and cert (tls.crt) from the\nrefenced Secret.\n\nAn optional 'ca.cert' field, if present, will be used to verify the server certificate if present. If\ncaCertificateRefs is also specified, the caCertificateRefs field takes priority.\n\nIf unspecified, no client certificate will be used.", "items": { "description": "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace.", "properties": { "name": { "default": "", "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "maxItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" }, "sni": { "description": "sni specifies the Server Name Indicator (SNI) to be used in the TLS handshake. If unset, the SNI is automatically\nset based on the destination hostname.", "maxLength": 253, "minLength": 1, "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "verifySubjectAltNames": { "description": "verifySubjectAltNames specifies the Subject Alternative Names (SAN) to verify in the server certificate.\nIf not present, the destination hostname is automatically used.", "items": { "maxLength": 256, "minLength": 1, "type": "string" }, "maxItems": 16, "minItems": 1, "type": "array" } }, "type": "object", "x-kubernetes-validations": [ { "message": "insecureSkipVerify All and caCertificateRefs may not be set together", "rule": "has(self.insecureSkipVerify) && self.insecureSkipVerify == 'All' ? !has(self.caCertificateRefs) : true" }, { "message": "insecureSkipVerify and verifySubjectAltNames may not be set together", "rule": "has(self.insecureSkipVerify) ? !has(self.verifySubjectAltNames) : true" }, { "message": "at most one of the fields in [verifySubjectAltNames insecureSkipVerify] may be set", "rule": "[has(self.verifySubjectAltNames),has(self.insecureSkipVerify)].filter(x,x==true).size() <= 1" } ], "additionalProperties": false } }, "type": "object", "x-kubernetes-validations": [ { "message": "at least one of the fields in [tcp tls http auth mcp ai] must be set", "rule": "[has(self.tcp),has(self.tls),has(self.http),has(self.auth),has(self.mcp),has(self.ai)].filter(x,x==true).size() >= 1" } ], "additionalProperties": false }, "static": { "description": "static represents a static hostname.", "properties": { "host": { "description": "host to connect to.", "maxLength": 256, "minLength": 1, "type": "string" }, "port": { "description": "port to connect to.", "format": "int32", "maximum": 65535, "minimum": 1, "type": "integer" } }, "required": [ "host", "port" ], "type": "object", "additionalProperties": false } }, "type": "object", "x-kubernetes-validations": [ { "message": "AI policies require AI backend", "rule": "has(self.policies) && has(self.policies.ai) ? has(self.ai) : true" }, { "message": "MCP policies require MCP backend", "rule": "has(self.policies) && has(self.policies.mcp) ? has(self.mcp) : true" }, { "message": "exactly one of the fields in [ai static dynamicForwardProxy mcp] must be set", "rule": "[has(self.ai),has(self.static),has(self.dynamicForwardProxy),has(self.mcp)].filter(x,x==true).size() == 1" } ], "additionalProperties": false }, "status": { "description": "status defines the current state of AgentgatewayBackend.", "properties": { "conditions": { "description": "Conditions is the list of conditions for the backend.", "items": { "description": "Condition contains details for one aspect of the current state of this API Resource.", "properties": { "lastTransitionTime": { "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", "format": "date-time", "type": "string" }, "message": { "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", "maxLength": 32768, "type": "string" }, "observedGeneration": { "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", "format": "int64", "minimum": 0, "type": "integer" }, "reason": { "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", "maxLength": 1024, "minLength": 1, "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", "type": "string" }, "status": { "description": "status of the condition, one of True, False, Unknown.", "enum": [ "True", "False", "Unknown" ], "type": "string" }, "type": { "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", "maxLength": 316, "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", "type": "string" } }, "required": [ "lastTransitionTime", "message", "reason", "status", "type" ], "type": "object", "additionalProperties": false }, "maxItems": 8, "type": "array", "x-kubernetes-list-map-keys": [ "type" ], "x-kubernetes-list-type": "map" } }, "type": "object", "additionalProperties": false } }, "required": [ "spec" ], "type": "object" }