> For the complete documentation index, see [llms.txt](/docs/llms.txt). Markdown versions of all docs pages are available by appending .md to any docs URL.

# CEL-based RBAC

Use Common Language Expressions (CEL) expressions to secure access to AI resources.

## About CEL-based RBAC

Agentgateway proxies use CEL expressions to match requests or responses on specific parameters, such as a request header or source address. If the request matches the condition, it is allowed. Requests that do not match any of the conditions are denied.

For an overview of supported CEL expressions, see the [agentgateway docs](https://agentgateway.dev/docs/standalone/latest/reference/cel/).

## Before you begin

[Install and set up an agentgateway proxy](https://agentgateway.dev/docs/kubernetes/latest/quickstart/install).

## Set up access to Gemini

Configure access to an LLM provider such as Gemini. You can use any other LLM provider, an MCP server, or an agent to try out CEL-based RBAC.

1. Save your Gemini API key as an environment variable. To retrieve your API key, [log in to the Google AI Studio and select **API Keys**](https://aistudio.google.com/app/apikey).
   
   ```bash
   export GOOGLE_KEY=<your-api-key>
   ```
2. Create a secret to authenticate to Google.
   
   ```yaml
   kubectl apply -f - <<EOF
   apiVersion: v1
   kind: Secret
   metadata:
     name: google-secret
     namespace: agentgateway-system
   type: Opaque
   stringData:
     Authorization: $GOOGLE_KEY
   EOF
   ```
3. Create an AgentgatewayBackend resource to configure an LLM provider that references the AI API key secret.
   
   ```yaml
   kubectl apply -f- <<EOF
   apiVersion: agentgateway.dev/v1alpha1
   kind: AgentgatewayBackend
   metadata:
     name: google
     namespace: agentgateway-system
   spec:
     ai:
       provider:
         gemini:
           model: gemini-2.5-flash-lite
     policies:
       auth:
         secretRef:
           name: google-secret
   EOF
   ```
   
   Review the following table to understand this configuration. For more information, see the [API reference](https://agentgateway.dev/docs/kubernetes/latest/reference/api/#aibackend).
   
   | Setting              | Description                                                                                                                                                                                  |
   |----------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
   | `ai.provider.gemini` | Define the Gemini provider.                                                                                                                                                                  |
   | `gemini.model`       | The model to use to generate responses. In this example, you use the `gemini-2.5-flash-lite` model. For more models, see the [Google AI docs](https://ai.google.dev/gemini-api/docs/models). |
   | `policies.auth`      | The authentication token to use to authenticate to the LLM provider. The example refers to the secret that you created in the previous step.                                                 |
4. Create an HTTPRoute resource that routes incoming traffic to the AgentgatewayBackend. The following example sets up a route. Note that agentgateway automatically rewrites the endpoint to the appropriate chat completion endpoint of the LLM provider for you, based on the LLM provider that you set up in the AgentgatewayBackend resource.
   
   **Option: tabs-tab-tabs-09-0**
   
   ```yaml
   kubectl apply -f- <<EOF
   apiVersion: gateway.networking.k8s.io/v1
   kind: HTTPRoute
   metadata:
     name: google
     namespace: agentgateway-system
   spec:
     parentRefs:
       - name: agentgateway-proxy
         namespace: agentgateway-system
     rules:
     - backendRefs:
       - name: google
         namespace: agentgateway-system
         group: agentgateway.dev
         kind: AgentgatewayBackend
   EOF
   ```
   
   **Option: tabs-tab-tabs-09-1**
   
   ```yaml
   kubectl apply -f- <<EOF
   apiVersion: gateway.networking.k8s.io/v1
   kind: HTTPRoute
   metadata:
     name: google
     namespace: agentgateway-system
   spec:
     parentRefs:
       - name: agentgateway-proxy
         namespace: agentgateway-system
     rules:
     - matches:
       - path:
           type: PathPrefix
           value: /v1/chat/completions
       backendRefs:
       - name: google
         namespace: agentgateway-system
         group: agentgateway.dev
         kind: AgentgatewayBackend
   EOF
   ```
   
   **Option: tabs-tab-tabs-09-2**
   
   ```yaml
   kubectl apply -f- <<EOF
   apiVersion: gateway.networking.k8s.io/v1
   kind: HTTPRoute
   metadata:
     name: google
     namespace: agentgateway-system
   spec:
     parentRefs:
       - name: agentgateway-proxy
         namespace: agentgateway-system
     rules:
     - matches:
       - path:
           type: PathPrefix
           value: /gemini
       backendRefs:
       - name: google
         namespace: agentgateway-system
         group: agentgateway.dev
         kind: AgentgatewayBackend
   EOF
   ```
5. Send a request to the LLM provider API along the route that you previously created. Verify that the request succeeds and that you get back a response from the API.
   
   **Option: tabs-tab-tabs-10-0**
   
   **Cloud Provider LoadBalancer**:
   
   ```sh
   curl "$INGRESS_GW_ADDRESS/v1beta/openai/chat/completions" -H content-type:application/json  -d '{
     "model": "",
     "messages": [
      {"role": "user", "content": "Explain how AI works in simple terms."}
    ]
   }' | jq
   ```
   
   **Localhost**:
   
   ```sh
   curl "localhost:8080/v1beta/openai/chat/completions" -H content-type:application/json  -d '{
     "model": "",
     "messages": [
      {"role": "user", "content": "Explain how AI works in simple terms."}
    ]
   }' | jq
   ```
   
   **Option: tabs-tab-tabs-10-1**
   
   **Cloud Provider LoadBalancer**:
   
   ```sh
   curl "$INGRESS_GW_ADDRESS/v1/chat/completions" -H content-type:application/json  -d '{
     "model": "",
     "messages": [
      {"role": "user", "content": "Explain how AI works in simple terms."}
    ]
   }' | jq
   ```
   
   **Localhost**:
   
   ```sh
   curl "localhost:8080/v1/chat/completions" -H content-type:application/json  -d '{
     "model": "",
     "messages": [
      {"role": "user", "content": "Explain how AI works in simple terms."}
    ]
   }' | jq
   ```
   
   **Option: tabs-tab-tabs-10-2**
   
   **Cloud Provider LoadBalancer**:
   
   ```sh
   curl "$INGRESS_GW_ADDRESS/gemini" -H content-type:application/json  -d '{
     "model": "",
     "messages": [
      {"role": "user", "content": "Explain how AI works in simple terms."}
    ]
   }' | jq
   ```
   
   **Localhost**:
   
   ```sh
   curl "localhost:8080/gemini" -H content-type:application/json  -d '{
     "model": "",
     "messages": [
      {"role": "user", "content": "Explain how AI works in simple terms."}
    ]
   }' | jq
   ```
   
   Example output:
   
   ```json
   {"id":"aGLEaMjbLp6p_uMPopeAoAc",
   "choices":
     [{"index":0,"message":{
         "content":"Imagine teaching a dog a trick.  You show it what to do, reward it when it's right, and correct it when it's wrong.  Eventually, the dog learns.\n\nAI is similar.  We \"teach\" computers by showing them lots of examples.  For example, to recognize cats in pictures, we show it thousands of pictures of cats, labeling each one \"cat.\"  The AI learns patterns in these pictures - things like pointy ears, whiskers, and furry bodies - and eventually, it can identify a cat in a new picture it's never seen before.\n\nThis learning process uses math and algorithms (like a secret code of instructions) to find patterns and make predictions.  Some AI is more like a dog learning tricks (learning from examples), and some is more like following a very detailed recipe (following pre-programmed rules).\n\nSo, in short: AI is about teaching computers to learn from data and make decisions or predictions, just like we teach dogs tricks.\n",
         "role":"assistant"
         },
      "finish_reason":"stop"
      }],
    "created":1757700714,
    "model":"gemini-1.5-flash-latest",
    "object":"chat.completion",
    "usage":{
        "prompt_tokens":8,
        "completion_tokens":205,
        "total_tokens":213
        }
   }
   ```

## Set up RBAC permissions

1. Create an AgentgatewayPolicy with your CEL rules. The following example allows requests with the `x-llm: gemini` header.
   
   ```yaml
   kubectl apply -f- <<EOF
   apiVersion: agentgateway.dev/v1alpha1
   kind: AgentgatewayPolicy
   metadata:
     name: rbac-policy
     namespace: agentgateway-system
   spec:
     targetRefs:
       - group: gateway.networking.k8s.io
         kind: HTTPRoute
         name: google
     traffic: 
       authorization: 
         action: Allow
         policy: 
           matchExpressions:
             - "request.headers['x-llm'] == 'gemini'"
   EOF
   ```
2. Send a request to the LLM provider API without the `llm` header. Verify that the request is denied with a 403 HTTP response code.
   
   **Option: tabs-tab-tabs-06-0**
   
   ```sh
   curl -vik "$INGRESS_GW_ADDRESS:80/gemini" -H content-type:application/json  -d '{
     "model": "",
     "messages": [
      {"role": "user", "content": "Explain how AI works in simple terms."}
    ]
   }'
   ```
   
   **Option: tabs-tab-tabs-06-1**
   
   ```sh
   curl -vik "localhost:8080/gemini" -H content-type:application/json  -d '{
     "model": "",
     "messages": [
      {"role": "user", "content": "Explain how AI works in simple terms."}
    ]
   }'
   ```
   
   Example output:
   
   ```console
   * upload completely sent off: 109 bytes
   < HTTP/1.1 403 Forbidden
   HTTP/1.1 403 Forbidden
   < content-type: text/plain
   content-type: text/plain
   < content-length: 20
   content-length: 20
   < 
   
   * Connection #0 to host localhost left intact
   authorization failed
   ```
3. Send another request to the LLM provider. This time, you include the `llm` header. Verify that the request succeeds with a 200 HTTP response code.
   
   **Option: tabs-tab-tabs-07-0**
   
   ```sh
   curl -vik "$INGRESS_GW_ADDRESS:80/gemini" \
     -H "content-type: application/json" \
     -H "x-llm: gemini" -d '{
     "model": "",
     "messages": [
      {"role": "user", "content": "Explain how AI works in simple terms."}
    ]
   }'
   ```
   
   **Option: tabs-tab-tabs-07-1**
   
   ```sh
   curl -vik "localhost:8080/gemini" \
     -H "content-type: application/json" \
     -H "x-llm: gemini" -d '{
     "model": "",
     "messages": [
      {"role": "user", "content": "Explain how AI works in simple terms."}
    ]
   }'
   ```

## Cleanup

You can remove the resources that you created in this guide.

```shell
kubectl delete AgentgatewayPolicy rbac-policy -n agentgateway-system
kubectl delete httproute google -n agentgateway-system
kubectl delete AgentgatewayBackend google -n agentgateway-system
kubectl delete secret google-secret -n agentgateway-system
```