For the complete documentation index, see llms.txt. Markdown versions of all docs pages are available by appending .md to any docs URL.
AgentgatewayPolicy
Use AgentgatewayPolicy to configure traffic manipulation, observability, security, and more.
Explore the configuration reference by clicking on a property name or expanding the property types. Use the in-field search bar to search for a property. The reference is also available as a table.agentgateway.dev/v1alpha1
- apiVersionstring
- kindstring
- metadataobject
- *spec
- backend
- ai
- defaults
- *fieldstring
- *valueobject
- modelAliasesobject
- overrides
- *fieldstring
- *valueobject
- prompt
- append
- *contentstring
- *rolestring
- prepend
- *contentstring
- *rolestring
- promptCaching
- cacheMessageOffsetinteger
- cacheMessagesboolean
- cacheSystemboolean
- cacheToolsboolean
- minTokensinteger
- promptGuard
- request
- bedrockGuardrails
- *identifierstring
- policies
- auth
- aws
- *secretRef
- namestring
- azure
- managedIdentity
- *clientIdstring
- *objectIdstring
- *resourceIdstring
- secretRef
- namestring
- gcp
- audiencestring
- typestring
- keystring
- location
- cookie
- *namestring
- header
- *namestring
- prefixstring
- queryParameter
- *namestring
- passthroughobject
- secretRef
- namestring
- http
- requestTimeoutstring
- versionstring
- tcp
- connectTimeoutstring
- keepalive
- intervalstring
- retriesinteger
- timestring
- tls
- alpnProtocolsstring[]
- caCertificateRefs
- namestring
- insecureSkipVerifystring
- mtlsCertificateRef
- namestring
- snistring
- verifySubjectAltNamesstring[]
- tunnel
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- *regionstring
- *versionstring
- googleModelArmor
- locationstring
- policies
- auth
- aws
- *secretRef
- namestring
- azure
- managedIdentity
- *clientIdstring
- *objectIdstring
- *resourceIdstring
- secretRef
- namestring
- gcp
- audiencestring
- typestring
- keystring
- location
- cookie
- *namestring
- header
- *namestring
- prefixstring
- queryParameter
- *namestring
- passthroughobject
- secretRef
- namestring
- http
- requestTimeoutstring
- versionstring
- tcp
- connectTimeoutstring
- keepalive
- intervalstring
- retriesinteger
- timestring
- tls
- alpnProtocolsstring[]
- caCertificateRefs
- namestring
- insecureSkipVerifystring
- mtlsCertificateRef
- namestring
- snistring
- verifySubjectAltNamesstring[]
- tunnel
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- *projectIdstring
- *templateIdstring
- openAIModeration
- modelstring
- policies
- auth
- aws
- *secretRef
- namestring
- azure
- managedIdentity
- *clientIdstring
- *objectIdstring
- *resourceIdstring
- secretRef
- namestring
- gcp
- audiencestring
- typestring
- keystring
- location
- cookie
- *namestring
- header
- *namestring
- prefixstring
- queryParameter
- *namestring
- passthroughobject
- secretRef
- namestring
- http
- requestTimeoutstring
- versionstring
- tcp
- connectTimeoutstring
- keepalive
- intervalstring
- retriesinteger
- timestring
- tls
- alpnProtocolsstring[]
- caCertificateRefs
- namestring
- insecureSkipVerifystring
- mtlsCertificateRef
- namestring
- snistring
- verifySubjectAltNamesstring[]
- tunnel
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- regex
- actionstring
- builtinsstring[]
- matchesstring[]
- response
- messagestring
- statusCodeinteger
- webhook
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- forwardHeaderMatches
- *namestring
- typestring
- *valuestring
- response
- bedrockGuardrails
- *identifierstring
- policies
- auth
- aws
- *secretRef
- namestring
- azure
- managedIdentity
- *clientIdstring
- *objectIdstring
- *resourceIdstring
- secretRef
- namestring
- gcp
- audiencestring
- typestring
- keystring
- location
- cookie
- *namestring
- header
- *namestring
- prefixstring
- queryParameter
- *namestring
- passthroughobject
- secretRef
- namestring
- http
- requestTimeoutstring
- versionstring
- tcp
- connectTimeoutstring
- keepalive
- intervalstring
- retriesinteger
- timestring
- tls
- alpnProtocolsstring[]
- caCertificateRefs
- namestring
- insecureSkipVerifystring
- mtlsCertificateRef
- namestring
- snistring
- verifySubjectAltNamesstring[]
- tunnel
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- *regionstring
- *versionstring
- googleModelArmor
- locationstring
- policies
- auth
- aws
- *secretRef
- namestring
- azure
- managedIdentity
- *clientIdstring
- *objectIdstring
- *resourceIdstring
- secretRef
- namestring
- gcp
- audiencestring
- typestring
- keystring
- location
- cookie
- *namestring
- header
- *namestring
- prefixstring
- queryParameter
- *namestring
- passthroughobject
- secretRef
- namestring
- http
- requestTimeoutstring
- versionstring
- tcp
- connectTimeoutstring
- keepalive
- intervalstring
- retriesinteger
- timestring
- tls
- alpnProtocolsstring[]
- caCertificateRefs
- namestring
- insecureSkipVerifystring
- mtlsCertificateRef
- namestring
- snistring
- verifySubjectAltNamesstring[]
- tunnel
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- *projectIdstring
- *templateIdstring
- regex
- actionstring
- builtinsstring[]
- matchesstring[]
- response
- messagestring
- statusCodeinteger
- webhook
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- forwardHeaderMatches
- *namestring
- typestring
- *valuestring
- routesobject
- transformations
- *expressionstring
- *fieldstring
- auth
- aws
- *secretRef
- namestring
- azure
- managedIdentity
- *clientIdstring
- *objectIdstring
- *resourceIdstring
- secretRef
- namestring
- gcp
- audiencestring
- typestring
- keystring
- location
- cookie
- *namestring
- header
- *namestring
- prefixstring
- queryParameter
- *namestring
- passthroughobject
- secretRef
- namestring
- health
- eviction
- consecutiveFailuresinteger
- durationstring
- healthThresholdinteger
- restoreHealthinteger
- unhealthyConditionstring
- http
- requestTimeoutstring
- versionstring
- mcp
- authentication
- audiencesstring[]
- issuerstring
- *jwks
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- cacheDurationstring
- *jwksPathstring
- modestring
- providerstring
- resourceMetadataobject
- authorization
- actionstring
- *policy
- *matchExpressionsstring[]
- tcp
- connectTimeoutstring
- keepalive
- intervalstring
- retriesinteger
- timestring
- tls
- alpnProtocolsstring[]
- caCertificateRefs
- namestring
- insecureSkipVerifystring
- mtlsCertificateRef
- namestring
- snistring
- verifySubjectAltNamesstring[]
- transformation
- request
- add
- *namestring
- *valuestring
- bodystring
- metadataobject
- removestring[]
- set
- *namestring
- *valuestring
- response
- add
- *namestring
- *valuestring
- bodystring
- metadataobject
- removestring[]
- set
- *namestring
- *valuestring
- tunnel
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- frontend
- accessLog
- attributes
- add
- *expressionstring
- *namestring
- removestring[]
- filterstring
- otlp
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- pathstring
- protocolstring
- http
- http1IdleTimeoutstring
- http1MaxHeadersinteger
- http2ConnectionWindowSizeinteger
- http2FrameSizeinteger
- http2KeepaliveIntervalstring
- http2KeepaliveTimeoutstring
- http2WindowSizeinteger
- maxBufferSizeinteger
- maxConnectionDurationstring
- metrics
- *attributes
- add
- *expressionstring
- *namestring
- networkAuthorization
- actionstring
- *policy
- *matchExpressionsstring[]
- proxyProtocol
- modestring
- versionstring
- tcp
- keepalive
- intervalstring
- retriesinteger
- timestring
- tls
- alpnProtocolsstring[]
- cipherSuitesstring[]
- handshakeTimeoutstring
- maxProtocolVersionstring
- minProtocolVersionstring
- tracing
- attributes
- add
- *expressionstring
- *namestring
- removestring[]
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- clientSamplingstring
- pathstring
- protocolstring
- randomSamplingstring
- resources
- *expressionstring
- *namestring
- targetRefs
- *groupstring
- *kindstring
- *namestring
- sectionNamestring
- targetSelectors
- *groupstring
- *kindstring
- *matchLabelsobject
- sectionNamestring
- traffic
- apiKeyAuthentication
- location
- cookie
- *namestring
- header
- *namestring
- prefixstring
- queryParameter
- *namestring
- modestring
- secretRef
- namestring
- secretSelector
- *matchLabelsobject
- authorization
- actionstring
- *policy
- *matchExpressionsstring[]
- basicAuthentication
- location
- cookie
- *namestring
- header
- *namestring
- prefixstring
- queryParameter
- *namestring
- modestring
- realmstring
- secretRef
- namestring
- usersstring[]
- cors
- allowCredentialsboolean
- allowHeadersstring[]
- allowMethodsstring[]
- allowOriginsstring[]
- exposeHeadersstring[]
- maxAgeinteger
- csrf
- additionalOriginsstring[]
- directResponse
- bodystring
- *statusinteger
- extAuth
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- failureModestring
- forwardBody
- *maxSizeinteger
- grpc
- contextExtensionsobject
- requestMetadataobject
- http
- addRequestHeadersobject
- allowedRequestHeadersstring[]
- allowedResponseHeadersstring[]
- pathstring
- redirectstring
- responseMetadataobject
- extProc
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- headerModifiers
- request
- add
- *namestring
- *valuestring
- removestring[]
- set
- *namestring
- *valuestring
- response
- add
- *namestring
- *valuestring
- removestring[]
- set
- *namestring
- *valuestring
- hostRewrite
- *modestring
- jwtAuthentication
- location
- cookie
- *namestring
- header
- *namestring
- prefixstring
- queryParameter
- *namestring
- mcp
- providerstring
- resourceMetadataobject
- modestring
- *providers
- audiencesstring[]
- *issuerstring
- *jwks
- inlinestring
- remote
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- cacheDurationstring
- *jwksPathstring
- phasestring
- rateLimit
- global
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- *descriptors
- *entries
- *expressionstring
- *namestring
- unitstring
- *domainstring
- failureModestring
- local
- burstinteger
- requestsinteger
- tokensinteger
- *unitstring
- retry
- attemptsinteger
- backoffstring
- codesinteger[]
- timeouts
- requeststring
- transformation
- request
- add
- *namestring
- *valuestring
- bodystring
- metadataobject
- removestring[]
- set
- *namestring
- *valuestring
- response
- add
- *namestring
- *valuestring
- bodystring
- metadataobject
- removestring[]
- set
- *namestring
- *valuestring
- status
- *ancestors
- *ancestorRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- sectionNamestring
- *conditions
- *lastTransitionTimestring
- *messagestring
- observedGenerationinteger
- *reasonstring
- *statusstring
- *typestring
- *controllerNamestring
apiVersion
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
kind
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
metadata
No description for this field.
spec
spec defines the desired state of AgentgatewayPolicy.
Validation
Rule
At least one of traffic, frontend, or backend must be provided.
Rule
backend.mcp may not be used with a Service target
Rule
backend.mcp may not target an AgentgatewayBackend sectionName
Rule
backend.ai may not be used with a Service target
Rule
traffic.jwtAuthentication may not be used with backend.mcp.authentication in the same policy
Rule
the 'frontend' field can only target a Gateway
Rule
the 'frontend' field can only target a Gateway
Rule
the 'traffic' field can only target a Gateway, ListenerSet, GRPCRoute, or HTTPRoute
Rule
the 'traffic' field can only target a Gateway, ListenerSet, GRPCRoute, or HTTPRoute
Rule
the 'traffic.phase=PreRouting' field can only target a Gateway or ListenerSet
Rule
the 'traffic.phase=PreRouting' field can only target a Gateway or ListenerSet
Rule
exactly one of the fields in [targetRefs targetSelectors] must be set
spec.backend
backend defines settings for how to connect to destination backends.
A backend policy can target a
(optionally, with a
port for
Gateway (optionally, with asectionName indicating the listener), ListenerSet, Route(optionally, with a
sectionName indicating the route rule), or aService or Backend (optionally, with a sectionName indicating theport for
Service, or sub-backend for Backend).Note that a backend policy applies when connecting to a specific destination backend. Targeting a higher level
resource, like
group of backends.
resource, like
Gateway, is just a way to easily apply a policy to agroup of backends.
When multiple policies are selected for a given request, they are merged on a field-level basis, but not a deep
merge. Precedence is given to more precise policies:
example, if a
policy sets
merge. Precedence is given to more precise policies:
Gateway <Listener < Route < Route Rule < Backend or Service. Forexample, if a
Gateway policy sets tcp and tls, and a Backendpolicy sets
tls, the effective policy would be tcp from theGateway, and tls from the Backend.Validation
Rule
at least one of the fields in [ai auth health http mcp tcp tls transformation tunnel] must be set
Documentation References (17)
spec.backend.ai
ai specifies settings for AI workloads. This is only applicable whenconnecting to a
Backend of type ai.Validation
Rule
at least one of the fields in [defaults modelAliases overrides prompt promptCaching promptGuard routes transformations] must be set
Documentation References (14)
spec.backend.ai.defaults
Provide defaults to merge with user input fields. If the field is already set, the field in the request is used.
Validation
Min items1
Max items64
spec.backend.ai.defaults.field
The name of the field.
Validation
Max length256
spec.backend.ai.defaults.value
The field default value, which can be any JSON Data Type.
Validation
Preserve unknown fieldstrue
spec.backend.ai.modelAliases
ModelAliases maps friendly model names to actual provider model names.
Example:
Note: This field is only applicable when using the agentgateway data plane.
Example:
{"fast": "gpt-3.5-turbo", "smart": "gpt-4-turbo"}.Note: This field is only applicable when using the agentgateway data plane.
Validation
Max properties64
spec.backend.ai.overrides
Provide overrides to merge with user input fields. If the field is already set, the field will be overwritten.
Validation
Min items1
Max items64
spec.backend.ai.overrides.field
The name of the field.
Validation
Max length256
spec.backend.ai.overrides.value
The field default value, which can be any JSON Data Type.
Validation
Preserve unknown fieldstrue
spec.backend.ai.prompt
Enrich requests sent to the LLM provider by appending and prepending system prompts. This can be configured only for
LLM providers that use the
LLM providers that use the
CHAT or CHAT_STREAMING API route type.Documentation References (3)
spec.backend.ai.prompt.append
A list of messages to be appended to the prompt sent by the client.
Documentation References (1)
spec.backend.ai.prompt.append.content
String content of the message.
Documentation References (1)
spec.backend.ai.prompt.append.role
Role of the message. The available roles depend on the backend
LLM provider model, such as
LLM provider model, such as
SYSTEM or USER in the OpenAI API.Documentation References (1)
spec.backend.ai.prompt.prepend
A list of messages to be prepended to the prompt sent by the client.
Documentation References (3)
spec.backend.ai.prompt.prepend.content
String content of the message.
Documentation References (3)
spec.backend.ai.prompt.prepend.role
Role of the message. The available roles depend on the backend
LLM provider model, such as
LLM provider model, such as
SYSTEM or USER in the OpenAI API.Documentation References (3)
spec.backend.ai.promptCaching
promptCaching enables automatic prompt caching for supportedproviders, currently AWS Bedrock.
Reduces API costs by caching static content like system prompts and tool definitions.
Only applicable for Bedrock Claude 3+ and Nova models.
Documentation References (1)
spec.backend.ai.promptCaching.cacheMessageOffset
CacheMessageOffset shifts the message cache point further back in the
conversation. 0 (default) places it at the second-to-last message.
Higher values move it N additional messages towards the start, clamped
to bounds.
conversation. 0 (default) places it at the second-to-last message.
Higher values move it N additional messages towards the start, clamped
to bounds.
Validation
Default0
Minimum0
spec.backend.ai.promptCaching.cacheMessages
CacheMessages enables caching for conversation messages.
Caches all messages in the conversation for cost savings.
Caches all messages in the conversation for cost savings.
Validation
Defaulttrue
Documentation References (1)
spec.backend.ai.promptCaching.cacheSystem
CacheSystem enables caching for system prompts.
Inserts a cache point after all system messages.
Inserts a cache point after all system messages.
Validation
Defaulttrue
Documentation References (1)
spec.backend.ai.promptCaching.cacheTools
CacheTools enables caching for tool definitions.
Inserts a cache point after all tool specifications.
Inserts a cache point after all tool specifications.
Validation
Defaultfalse
Documentation References (1)
spec.backend.ai.promptCaching.minTokens
MinTokens specifies the minimum estimated token count
before caching is enabled. Uses rough heuristic (word count × 1.3) to estimate tokens.
Bedrock requires at least 1,024 tokens for caching to be effective.
before caching is enabled. Uses rough heuristic (word count × 1.3) to estimate tokens.
Bedrock requires at least 1,024 tokens for caching to be effective.
Validation
Default1024
Minimum0
Documentation References (1)
spec.backend.ai.promptGuard
promptGuard enables adding guardrails to LLM requests and responses.Validation
Rule
at least one of the fields in [request response] must be set
spec.backend.ai.promptGuard.request
Prompt guards to apply to requests sent by the client.
Validation
Min items1
Max items8
spec.backend.ai.promptGuard.request.bedrockGuardrails
bedrockGuardrails configures AWS Bedrock Guardrails for promptguarding.
Documentation References (1)
spec.backend.ai.promptGuard.request.bedrockGuardrails.identifier
GuardrailIdentifier is the identifier of the Guardrail policy to use for the backend.
Validation
Min length1
Max length256
Documentation References (1)
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies
policies controls policies for communicating with AWS Bedrock Guardrails.
Documentation References (1)
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth
auth defines settings for managing authentication to the backend.Validation
Rule
location may only be set for key or passthrough auth
Rule
exactly one of the fields in [key secretRef passthrough aws azure gcp] must be set
Documentation References (1)
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.aws
Auth specifies an explicit AWS authentication method for the backend.
When omitted, we will try to use the default AWS SDK authentication methods.
When omitted, we will try to use the default AWS SDK authentication methods.
Documentation References (1)
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.aws.secretRef
secretRef references a Kubernetes Secret containing the AWScredentials. The
Secret must have keys accessKey, secretKey, andoptionally
sessionToken.Validation
Map typeatomic
Documentation References (1)
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.aws.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Documentation References (1)
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.azure
Azure specifies an Azure authentication method for the backend.
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.azure.managedIdentity
Details for managed identity authentication
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.azure.managedIdentity.clientId
No description for this field.
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.azure.managedIdentity.objectId
No description for this field.
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.azure.managedIdentity.resourceId
No description for this field.
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.azure.secretRef
secretRef references a Kubernetes Secret containing the Azurecredentials. The
Secret must have keys clientID, tenantID, andclientSecret.Validation
Map typeatomic
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.azure.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.gcp
Auth specifies to use a Google authentication method for the backend.
When omitted, we will try to use the default AWS SDK authentication methods.
When omitted, we will try to use the default AWS SDK authentication methods.
Validation
Rule
audience is only valid with IdToken
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.gcp.audience
audience allows explicitly configuring the aud of the ID token. Onlyvalid with
IdToken type. If not set, the aud is automaticallyderived from the backend hostname.
Validation
Min length1
Max length256
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.gcp.type
The type of token to generate. To authenticate to GCP services,
generally an
generally an
AccessToken is used. To authenticate to Cloud Run, anIdToken is used.Validation
EnumAccessToken, IdToken
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.key
key provides an inline key to use as the value of theAuthorization header. This option is the least secure; usage of aSecret is preferred.Validation
Max length2048
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.location
location controls where backend credentials are inserted.If omitted, credentials are written to the
Authorization header with the Bearer prefix.This applies to
key, secretRef, and passthrough.Validation
Rule
exactly one of the fields in [header queryParameter cookie] must be set
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.location.cookie
No description for this field.
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.location.cookie.name
No description for this field.
Validation
Min length1
Max length256
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.location.header
No description for this field.
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.location.header.name
HTTPHeaderName is the name of an HTTP header.
Valid values include:
* "Authorization"
* "Set-Cookie"
* "Set-Cookie"
Invalid values include:
- ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.location.header.prefix
No description for this field.
Validation
Min length1
Max length256
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.location.queryParameter
No description for this field.
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.location.queryParameter.name
No description for this field.
Validation
Min length1
Max length256
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.passthrough
passthrough passes through an existing token that has been sent by theclient and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.secretRef
secretRef references a Kubernetes Secret storing the key to use asthe authorization value. This must be stored in the
Authorization key.Validation
Map typeatomic
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.http
http defines settings for managing HTTP requests to the backend.
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.http.requestTimeout
requestTimeout specifies the deadline for receiving a response from the backend.
Validation
Rule
invalid duration value
Rule
requestTimeout must be at least 1ms
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.http.version
version specifies the HTTP protocol version to use when connecting tothe backend.
If not specified, the version is automatically determined:
*
Service types can specify it with appProtocol on the Serviceport.
* If traffic is identified as gRPC,
HTTP2 is used.* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS,
HTTP1 will be used. This isbecause most clients will transparently upgrade HTTPS traffic to
HTTP2, even if the backend doesn't support it.Validation
EnumHTTP1, HTTP2
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.tcp
tcp defines settings for managing TCP connections to the backend.
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.tcp.connectTimeout
connectTimeout defines the deadline for establishing a connection tothe destination.
Validation
Rule
invalid duration value
Rule
connectTimeout must be at least 100ms
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.tcp.keepalive
keepAlive defines settings for enabling TCP keepalives on theconnection.
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.tcp.keepalive.interval
interval specifies the number of seconds between keep-alive probes.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
interval must be at least 1 second
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.tcp.keepalive.retries
retries specifies the maximum number of keep-alive probes to send before dropping the connection.
If unset, this defaults to 9.
If unset, this defaults to 9.
Validation
Formatint32
Minimum1
Maximum64
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.tcp.keepalive.time
time specifies the number of seconds a connection needs to be idle before keep-alive probes start being sent.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
time must be at least 1 second
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.tls
tls defines settings for managing TLS connections to the backend.
If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to
validate the server, and the SNI will automatically be set based on the destination.
validate the server, and the SNI will automatically be set based on the destination.
Validation
Rule
insecureSkipVerify All and caCertificateRefs may not be set together
Rule
insecureSkipVerify and verifySubjectAltNames may not be set together
Rule
at most one of the fields in [verifySubjectAltNames insecureSkipVerify] may be set
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.tls.alpnProtocols
alpnProtocols sets the Application-Layer Protocol Negotiation (ALPN)value to use in the TLS handshake.
If not present, defaults to
["h2", "http/1.1"].Validation
Min items1
Max items16
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.tls.caCertificateRefs
caCertificateRefs defines the CA certificate ConfigMap to use toverify the server certificate.
If unset, the system's trusted certificates are used.
Validation
Max items1
List typeatomic
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.tls.caCertificateRefs.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.tls.insecureSkipVerify
insecureSkipVerify originates TLS but skips verification of the backend's certificate.
WARNING: This is an insecure option that should only be used if the risks are understood.
WARNING: This is an insecure option that should only be used if the risks are understood.
There are two modes:
*
*
mismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
if possible.
*
All disables all TLS verification.*
Hostname verifies the CA certificate is trusted, but ignores anymismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
verifySubjectAltNames to customize the valid hostnamesif possible.
Validation
EnumAll, Hostname
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.tls.mtlsCertificateRef
mtlsCertificateRef enables mutual TLS to the backend, using thespecified key (
tls.key) and cert (tls.crt) from the referencedSecret.An optional
server certificate. If
ca.cert field, if present, will be used to verify theserver certificate. If
caCertificateRefs is also specified, thecaCertificateRefs field takes priority.If unspecified, no client certificate will be used.
Validation
Max items1
List typeatomic
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.tls.mtlsCertificateRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.tls.sni
sni specifies the Server Name Indicator (SNI) to be used in the TLShandshake. If unset, the
SNI is automatically set based on thedestination hostname.
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Min length1
Max length253
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.tls.verifySubjectAltNames
verifySubjectAltNames specifies the Subject Alternative Names (SAN)to verify in the server certificate.
If not present, the destination hostname is automatically used.
Validation
Min items1
Max items16
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.tunnel
tunnel defines settings for managing tunnel connections (with behavior like HTTPS_PROXY) to the backend.spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.tunnel.backendRef
backendRef references the proxy server to reach.Supported types:
Service and Backend.Validation
Rule
Must have port for Service reference
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.tunnel.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.tunnel.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.tunnel.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.tunnel.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.tunnel.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
spec.backend.ai.promptGuard.request.bedrockGuardrails.region
Region is the AWS region where the guardrail is deployed (for example,
us-west-2).Validation
Min length1
Max length256
Documentation References (1)
spec.backend.ai.promptGuard.request.bedrockGuardrails.version
GuardrailVersion is the version of the Guardrail policy to use for the backend.
Validation
Min length1
Max length256
Documentation References (1)
spec.backend.ai.promptGuard.request.googleModelArmor
googleModelArmor configures Google Model Armor for prompt guarding.Documentation References (1)
spec.backend.ai.promptGuard.request.googleModelArmor.location
Location is the Google Cloud location (for example,
Defaults to
us-central1).Defaults to
us-central1 if not specified.Validation
Defaultus-central1
Min length1
Max length256
Documentation References (1)
spec.backend.ai.promptGuard.request.googleModelArmor.policies
policies controls policies for communicating with Google Model Armor.
Documentation References (1)
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth
auth defines settings for managing authentication to the backend.Validation
Rule
location may only be set for key or passthrough auth
Rule
exactly one of the fields in [key secretRef passthrough aws azure gcp] must be set
Documentation References (1)
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.aws
Auth specifies an explicit AWS authentication method for the backend.
When omitted, we will try to use the default AWS SDK authentication methods.
When omitted, we will try to use the default AWS SDK authentication methods.
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.aws.secretRef
secretRef references a Kubernetes Secret containing the AWScredentials. The
Secret must have keys accessKey, secretKey, andoptionally
sessionToken.Validation
Map typeatomic
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.aws.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.azure
Azure specifies an Azure authentication method for the backend.
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.azure.managedIdentity
Details for managed identity authentication
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.azure.managedIdentity.clientId
No description for this field.
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.azure.managedIdentity.objectId
No description for this field.
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.azure.managedIdentity.resourceId
No description for this field.
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.azure.secretRef
secretRef references a Kubernetes Secret containing the Azurecredentials. The
Secret must have keys clientID, tenantID, andclientSecret.Validation
Map typeatomic
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.azure.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.gcp
Auth specifies to use a Google authentication method for the backend.
When omitted, we will try to use the default AWS SDK authentication methods.
When omitted, we will try to use the default AWS SDK authentication methods.
Validation
Rule
audience is only valid with IdToken
Documentation References (1)
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.gcp.audience
audience allows explicitly configuring the aud of the ID token. Onlyvalid with
IdToken type. If not set, the aud is automaticallyderived from the backend hostname.
Validation
Min length1
Max length256
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.gcp.type
The type of token to generate. To authenticate to GCP services,
generally an
generally an
AccessToken is used. To authenticate to Cloud Run, anIdToken is used.Validation
EnumAccessToken, IdToken
Documentation References (1)
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.key
key provides an inline key to use as the value of theAuthorization header. This option is the least secure; usage of aSecret is preferred.Validation
Max length2048
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.location
location controls where backend credentials are inserted.If omitted, credentials are written to the
Authorization header with the Bearer prefix.This applies to
key, secretRef, and passthrough.Validation
Rule
exactly one of the fields in [header queryParameter cookie] must be set
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.location.cookie
No description for this field.
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.location.cookie.name
No description for this field.
Validation
Min length1
Max length256
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.location.header
No description for this field.
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.location.header.name
HTTPHeaderName is the name of an HTTP header.
Valid values include:
* "Authorization"
* "Set-Cookie"
* "Set-Cookie"
Invalid values include:
- ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.location.header.prefix
No description for this field.
Validation
Min length1
Max length256
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.location.queryParameter
No description for this field.
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.location.queryParameter.name
No description for this field.
Validation
Min length1
Max length256
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.passthrough
passthrough passes through an existing token that has been sent by theclient and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.secretRef
secretRef references a Kubernetes Secret storing the key to use asthe authorization value. This must be stored in the
Authorization key.Validation
Map typeatomic
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.backend.ai.promptGuard.request.googleModelArmor.policies.http
http defines settings for managing HTTP requests to the backend.
spec.backend.ai.promptGuard.request.googleModelArmor.policies.http.requestTimeout
requestTimeout specifies the deadline for receiving a response from the backend.
Validation
Rule
invalid duration value
Rule
requestTimeout must be at least 1ms
spec.backend.ai.promptGuard.request.googleModelArmor.policies.http.version
version specifies the HTTP protocol version to use when connecting tothe backend.
If not specified, the version is automatically determined:
*
Service types can specify it with appProtocol on the Serviceport.
* If traffic is identified as gRPC,
HTTP2 is used.* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS,
HTTP1 will be used. This isbecause most clients will transparently upgrade HTTPS traffic to
HTTP2, even if the backend doesn't support it.Validation
EnumHTTP1, HTTP2
spec.backend.ai.promptGuard.request.googleModelArmor.policies.tcp
tcp defines settings for managing TCP connections to the backend.
spec.backend.ai.promptGuard.request.googleModelArmor.policies.tcp.connectTimeout
connectTimeout defines the deadline for establishing a connection tothe destination.
Validation
Rule
invalid duration value
Rule
connectTimeout must be at least 100ms
spec.backend.ai.promptGuard.request.googleModelArmor.policies.tcp.keepalive
keepAlive defines settings for enabling TCP keepalives on theconnection.
spec.backend.ai.promptGuard.request.googleModelArmor.policies.tcp.keepalive.interval
interval specifies the number of seconds between keep-alive probes.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
interval must be at least 1 second
spec.backend.ai.promptGuard.request.googleModelArmor.policies.tcp.keepalive.retries
retries specifies the maximum number of keep-alive probes to send before dropping the connection.
If unset, this defaults to 9.
If unset, this defaults to 9.
Validation
Formatint32
Minimum1
Maximum64
spec.backend.ai.promptGuard.request.googleModelArmor.policies.tcp.keepalive.time
time specifies the number of seconds a connection needs to be idle before keep-alive probes start being sent.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
time must be at least 1 second
spec.backend.ai.promptGuard.request.googleModelArmor.policies.tls
tls defines settings for managing TLS connections to the backend.
If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to
validate the server, and the SNI will automatically be set based on the destination.
validate the server, and the SNI will automatically be set based on the destination.
Validation
Rule
insecureSkipVerify All and caCertificateRefs may not be set together
Rule
insecureSkipVerify and verifySubjectAltNames may not be set together
Rule
at most one of the fields in [verifySubjectAltNames insecureSkipVerify] may be set
spec.backend.ai.promptGuard.request.googleModelArmor.policies.tls.alpnProtocols
alpnProtocols sets the Application-Layer Protocol Negotiation (ALPN)value to use in the TLS handshake.
If not present, defaults to
["h2", "http/1.1"].Validation
Min items1
Max items16
spec.backend.ai.promptGuard.request.googleModelArmor.policies.tls.caCertificateRefs
caCertificateRefs defines the CA certificate ConfigMap to use toverify the server certificate.
If unset, the system's trusted certificates are used.
Validation
Max items1
List typeatomic
spec.backend.ai.promptGuard.request.googleModelArmor.policies.tls.caCertificateRefs.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.backend.ai.promptGuard.request.googleModelArmor.policies.tls.insecureSkipVerify
insecureSkipVerify originates TLS but skips verification of the backend's certificate.
WARNING: This is an insecure option that should only be used if the risks are understood.
WARNING: This is an insecure option that should only be used if the risks are understood.
There are two modes:
*
*
mismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
if possible.
*
All disables all TLS verification.*
Hostname verifies the CA certificate is trusted, but ignores anymismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
verifySubjectAltNames to customize the valid hostnamesif possible.
Validation
EnumAll, Hostname
spec.backend.ai.promptGuard.request.googleModelArmor.policies.tls.mtlsCertificateRef
mtlsCertificateRef enables mutual TLS to the backend, using thespecified key (
tls.key) and cert (tls.crt) from the referencedSecret.An optional
server certificate. If
ca.cert field, if present, will be used to verify theserver certificate. If
caCertificateRefs is also specified, thecaCertificateRefs field takes priority.If unspecified, no client certificate will be used.
Validation
Max items1
List typeatomic
spec.backend.ai.promptGuard.request.googleModelArmor.policies.tls.mtlsCertificateRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.backend.ai.promptGuard.request.googleModelArmor.policies.tls.sni
sni specifies the Server Name Indicator (SNI) to be used in the TLShandshake. If unset, the
SNI is automatically set based on thedestination hostname.
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Min length1
Max length253
spec.backend.ai.promptGuard.request.googleModelArmor.policies.tls.verifySubjectAltNames
verifySubjectAltNames specifies the Subject Alternative Names (SAN)to verify in the server certificate.
If not present, the destination hostname is automatically used.
Validation
Min items1
Max items16
spec.backend.ai.promptGuard.request.googleModelArmor.policies.tunnel
tunnel defines settings for managing tunnel connections (with behavior like HTTPS_PROXY) to the backend.spec.backend.ai.promptGuard.request.googleModelArmor.policies.tunnel.backendRef
backendRef references the proxy server to reach.Supported types:
Service and Backend.Validation
Rule
Must have port for Service reference
spec.backend.ai.promptGuard.request.googleModelArmor.policies.tunnel.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.backend.ai.promptGuard.request.googleModelArmor.policies.tunnel.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.backend.ai.promptGuard.request.googleModelArmor.policies.tunnel.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
spec.backend.ai.promptGuard.request.googleModelArmor.policies.tunnel.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.backend.ai.promptGuard.request.googleModelArmor.policies.tunnel.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
spec.backend.ai.promptGuard.request.googleModelArmor.projectId
ProjectID is the Google Cloud project ID.
Validation
Min length1
Max length256
Documentation References (1)
spec.backend.ai.promptGuard.request.googleModelArmor.templateId
TemplateID is the template ID for Google Model Armor.
Validation
Min length1
Max length256
Documentation References (1)
spec.backend.ai.promptGuard.request.openAIModeration
openAIModeration passes prompt data through the OpenAI Moderationsendpoint.
See https://developers.openai.com/api/reference/resources/moderations for more information.
Documentation References (2)
spec.backend.ai.promptGuard.request.openAIModeration.model
model specifies the moderation model to use. For example,omni-moderation.Documentation References (2)
spec.backend.ai.promptGuard.request.openAIModeration.policies
policies controls policies for communicating with OpenAI.
Documentation References (2)
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth
auth defines settings for managing authentication to the backend.Validation
Rule
location may only be set for key or passthrough auth
Rule
exactly one of the fields in [key secretRef passthrough aws azure gcp] must be set
Documentation References (2)
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.aws
Auth specifies an explicit AWS authentication method for the backend.
When omitted, we will try to use the default AWS SDK authentication methods.
When omitted, we will try to use the default AWS SDK authentication methods.
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.aws.secretRef
secretRef references a Kubernetes Secret containing the AWScredentials. The
Secret must have keys accessKey, secretKey, andoptionally
sessionToken.Validation
Map typeatomic
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.aws.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.azure
Azure specifies an Azure authentication method for the backend.
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.azure.managedIdentity
Details for managed identity authentication
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.azure.managedIdentity.clientId
No description for this field.
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.azure.managedIdentity.objectId
No description for this field.
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.azure.managedIdentity.resourceId
No description for this field.
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.azure.secretRef
secretRef references a Kubernetes Secret containing the Azurecredentials. The
Secret must have keys clientID, tenantID, andclientSecret.Validation
Map typeatomic
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.azure.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.gcp
Auth specifies to use a Google authentication method for the backend.
When omitted, we will try to use the default AWS SDK authentication methods.
When omitted, we will try to use the default AWS SDK authentication methods.
Validation
Rule
audience is only valid with IdToken
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.gcp.audience
audience allows explicitly configuring the aud of the ID token. Onlyvalid with
IdToken type. If not set, the aud is automaticallyderived from the backend hostname.
Validation
Min length1
Max length256
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.gcp.type
The type of token to generate. To authenticate to GCP services,
generally an
generally an
AccessToken is used. To authenticate to Cloud Run, anIdToken is used.Validation
EnumAccessToken, IdToken
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.key
key provides an inline key to use as the value of theAuthorization header. This option is the least secure; usage of aSecret is preferred.Validation
Max length2048
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.location
location controls where backend credentials are inserted.If omitted, credentials are written to the
Authorization header with the Bearer prefix.This applies to
key, secretRef, and passthrough.Validation
Rule
exactly one of the fields in [header queryParameter cookie] must be set
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.location.cookie
No description for this field.
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.location.cookie.name
No description for this field.
Validation
Min length1
Max length256
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.location.header
No description for this field.
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.location.header.name
HTTPHeaderName is the name of an HTTP header.
Valid values include:
* "Authorization"
* "Set-Cookie"
* "Set-Cookie"
Invalid values include:
- ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.location.header.prefix
No description for this field.
Validation
Min length1
Max length256
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.location.queryParameter
No description for this field.
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.location.queryParameter.name
No description for this field.
Validation
Min length1
Max length256
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.passthrough
passthrough passes through an existing token that has been sent by theclient and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.secretRef
secretRef references a Kubernetes Secret storing the key to use asthe authorization value. This must be stored in the
Authorization key.Validation
Map typeatomic
Documentation References (2)
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Documentation References (2)
spec.backend.ai.promptGuard.request.openAIModeration.policies.http
http defines settings for managing HTTP requests to the backend.
spec.backend.ai.promptGuard.request.openAIModeration.policies.http.requestTimeout
requestTimeout specifies the deadline for receiving a response from the backend.
Validation
Rule
invalid duration value
Rule
requestTimeout must be at least 1ms
spec.backend.ai.promptGuard.request.openAIModeration.policies.http.version
version specifies the HTTP protocol version to use when connecting tothe backend.
If not specified, the version is automatically determined:
*
Service types can specify it with appProtocol on the Serviceport.
* If traffic is identified as gRPC,
HTTP2 is used.* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS,
HTTP1 will be used. This isbecause most clients will transparently upgrade HTTPS traffic to
HTTP2, even if the backend doesn't support it.Validation
EnumHTTP1, HTTP2
spec.backend.ai.promptGuard.request.openAIModeration.policies.tcp
tcp defines settings for managing TCP connections to the backend.
spec.backend.ai.promptGuard.request.openAIModeration.policies.tcp.connectTimeout
connectTimeout defines the deadline for establishing a connection tothe destination.
Validation
Rule
invalid duration value
Rule
connectTimeout must be at least 100ms
spec.backend.ai.promptGuard.request.openAIModeration.policies.tcp.keepalive
keepAlive defines settings for enabling TCP keepalives on theconnection.
spec.backend.ai.promptGuard.request.openAIModeration.policies.tcp.keepalive.interval
interval specifies the number of seconds between keep-alive probes.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
interval must be at least 1 second
spec.backend.ai.promptGuard.request.openAIModeration.policies.tcp.keepalive.retries
retries specifies the maximum number of keep-alive probes to send before dropping the connection.
If unset, this defaults to 9.
If unset, this defaults to 9.
Validation
Formatint32
Minimum1
Maximum64
spec.backend.ai.promptGuard.request.openAIModeration.policies.tcp.keepalive.time
time specifies the number of seconds a connection needs to be idle before keep-alive probes start being sent.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
time must be at least 1 second
spec.backend.ai.promptGuard.request.openAIModeration.policies.tls
tls defines settings for managing TLS connections to the backend.
If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to
validate the server, and the SNI will automatically be set based on the destination.
validate the server, and the SNI will automatically be set based on the destination.
Validation
Rule
insecureSkipVerify All and caCertificateRefs may not be set together
Rule
insecureSkipVerify and verifySubjectAltNames may not be set together
Rule
at most one of the fields in [verifySubjectAltNames insecureSkipVerify] may be set
spec.backend.ai.promptGuard.request.openAIModeration.policies.tls.alpnProtocols
alpnProtocols sets the Application-Layer Protocol Negotiation (ALPN)value to use in the TLS handshake.
If not present, defaults to
["h2", "http/1.1"].Validation
Min items1
Max items16
spec.backend.ai.promptGuard.request.openAIModeration.policies.tls.caCertificateRefs
caCertificateRefs defines the CA certificate ConfigMap to use toverify the server certificate.
If unset, the system's trusted certificates are used.
Validation
Max items1
List typeatomic
spec.backend.ai.promptGuard.request.openAIModeration.policies.tls.caCertificateRefs.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.backend.ai.promptGuard.request.openAIModeration.policies.tls.insecureSkipVerify
insecureSkipVerify originates TLS but skips verification of the backend's certificate.
WARNING: This is an insecure option that should only be used if the risks are understood.
WARNING: This is an insecure option that should only be used if the risks are understood.
There are two modes:
*
*
mismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
if possible.
*
All disables all TLS verification.*
Hostname verifies the CA certificate is trusted, but ignores anymismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
verifySubjectAltNames to customize the valid hostnamesif possible.
Validation
EnumAll, Hostname
spec.backend.ai.promptGuard.request.openAIModeration.policies.tls.mtlsCertificateRef
mtlsCertificateRef enables mutual TLS to the backend, using thespecified key (
tls.key) and cert (tls.crt) from the referencedSecret.An optional
server certificate. If
ca.cert field, if present, will be used to verify theserver certificate. If
caCertificateRefs is also specified, thecaCertificateRefs field takes priority.If unspecified, no client certificate will be used.
Validation
Max items1
List typeatomic
spec.backend.ai.promptGuard.request.openAIModeration.policies.tls.mtlsCertificateRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.backend.ai.promptGuard.request.openAIModeration.policies.tls.sni
sni specifies the Server Name Indicator (SNI) to be used in the TLShandshake. If unset, the
SNI is automatically set based on thedestination hostname.
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Min length1
Max length253
spec.backend.ai.promptGuard.request.openAIModeration.policies.tls.verifySubjectAltNames
verifySubjectAltNames specifies the Subject Alternative Names (SAN)to verify in the server certificate.
If not present, the destination hostname is automatically used.
Validation
Min items1
Max items16
spec.backend.ai.promptGuard.request.openAIModeration.policies.tunnel
tunnel defines settings for managing tunnel connections (with behavior like HTTPS_PROXY) to the backend.spec.backend.ai.promptGuard.request.openAIModeration.policies.tunnel.backendRef
backendRef references the proxy server to reach.Supported types:
Service and Backend.Validation
Rule
Must have port for Service reference
spec.backend.ai.promptGuard.request.openAIModeration.policies.tunnel.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.backend.ai.promptGuard.request.openAIModeration.policies.tunnel.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.backend.ai.promptGuard.request.openAIModeration.policies.tunnel.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
spec.backend.ai.promptGuard.request.openAIModeration.policies.tunnel.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.backend.ai.promptGuard.request.openAIModeration.policies.tunnel.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
spec.backend.ai.promptGuard.request.regex
Regular expression (regex) matching for prompt guards and data masking.
Documentation References (3)
spec.backend.ai.promptGuard.request.regex.action
The action to take if a regex pattern is matched in a request or response.
This setting applies only to request matches.
matches are always masked by default.
Defaults to
This setting applies only to request matches.
PromptguardResponsematches are always masked by default.
Defaults to
Mask.Validation
EnumMask, Reject
DefaultMask
Documentation References (3)
spec.backend.ai.promptGuard.request.regex.builtins
A list of built-in regex patterns to match against the request or response.
Matches and built-ins are additive.
Matches and built-ins are additive.
Documentation References (2)
spec.backend.ai.promptGuard.request.regex.matches
A list of regex patterns to match against the request or response.
Matches and built-ins are additive.
Matches and built-ins are additive.
Documentation References (2)
spec.backend.ai.promptGuard.request.response
A custom response message to return to the client. If not specified, defaults to
The request was rejected due to inappropriate content.Validation
Rule
at least one of the fields in [message statusCode] must be set
Documentation References (4)
spec.backend.ai.promptGuard.request.response.message
A custom response message to return to the client. If not specified, defaults to
The request was rejected due to inappropriate content.Validation
DefaultThe request was rejected due to inappropriate content
Documentation References (4)
spec.backend.ai.promptGuard.request.response.statusCode
The status code to return to the client. Defaults to 403.
Validation
Default403
Formatint32
Minimum200
Maximum599
Documentation References (1)
spec.backend.ai.promptGuard.request.webhook
Configure a webhook to forward requests to for prompt guarding.
Documentation References (3)
spec.backend.ai.promptGuard.request.webhook.backendRef
backendRef references the webhook server to reach.
Supported types: Service and Backend.
Validation
Rule
Must have port for Service reference
Documentation References (3)
spec.backend.ai.promptGuard.request.webhook.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.backend.ai.promptGuard.request.webhook.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
Documentation References (3)
spec.backend.ai.promptGuard.request.webhook.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
Documentation References (3)
spec.backend.ai.promptGuard.request.webhook.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.backend.ai.promptGuard.request.webhook.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
Documentation References (3)
spec.backend.ai.promptGuard.request.webhook.forwardHeaderMatches
ForwardHeaderMatches defines a list of HTTP header matches that will be
used to select the headers to forward to the webhook.
Request headers are used when forwarding requests and response headers
are used when forwarding responses.
By default, no headers are forwarded.
used to select the headers to forward to the webhook.
Request headers are used when forwarding requests and response headers
are used when forwarding responses.
By default, no headers are forwarded.
spec.backend.ai.promptGuard.request.webhook.forwardHeaderMatches.name
Name is the name of the HTTP Header to be matched. Name matching MUST be
case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
If multiple entries specify equivalent header names, only the first
entry with an equivalent name MUST be considered for a match. Subsequent
entries with an equivalent header name MUST be ignored. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered
equivalent.
entry with an equivalent name MUST be considered for a match. Subsequent
entries with an equivalent header name MUST be ignored. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered
equivalent.
When a header is repeated in an HTTP request, it is
implementation-specific behavior as to how this is represented.
Generally, proxies should follow the guidance from the RFC:
https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding
processing a repeated header, with special handling for "Set-Cookie".
implementation-specific behavior as to how this is represented.
Generally, proxies should follow the guidance from the RFC:
https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding
processing a repeated header, with special handling for "Set-Cookie".
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.backend.ai.promptGuard.request.webhook.forwardHeaderMatches.type
Type specifies how to match against the value of the header.
Support: Core (Exact)
Support: Implementation-specific (RegularExpression)
Since RegularExpression HeaderMatchType has implementation-specific
conformance, implementations can support POSIX, PCRE or any other dialects
of regular expressions. Please read the implementation's documentation to
determine the supported dialect.
conformance, implementations can support POSIX, PCRE or any other dialects
of regular expressions. Please read the implementation's documentation to
determine the supported dialect.
Validation
EnumExact, RegularExpression
DefaultExact
spec.backend.ai.promptGuard.request.webhook.forwardHeaderMatches.value
Value is the value of HTTP Header to be matched.
<gateway:experimental:description>
Must consist of printable US-ASCII characters, optionally separated
by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2
</gateway:experimental:description>
<gateway:experimental:description>
Must consist of printable US-ASCII characters, optionally separated
by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2
</gateway:experimental:description>
<gateway:experimental:validation:Pattern=
^[!-~]+([\t ]?[!-~]+)*$>Validation
Min length1
Max length4096
spec.backend.ai.promptGuard.response
Prompt guards to apply to responses returned by the LLM provider.
Validation
Min items1
Max items8
spec.backend.ai.promptGuard.response.bedrockGuardrails
bedrockGuardrails configures AWS Bedrock Guardrails for promptguarding.
Documentation References (1)
spec.backend.ai.promptGuard.response.bedrockGuardrails.identifier
GuardrailIdentifier is the identifier of the Guardrail policy to use for the backend.
Validation
Min length1
Max length256
Documentation References (1)
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies
policies controls policies for communicating with AWS Bedrock Guardrails.
Documentation References (1)
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth
auth defines settings for managing authentication to the backend.Validation
Rule
location may only be set for key or passthrough auth
Rule
exactly one of the fields in [key secretRef passthrough aws azure gcp] must be set
Documentation References (1)
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.aws
Auth specifies an explicit AWS authentication method for the backend.
When omitted, we will try to use the default AWS SDK authentication methods.
When omitted, we will try to use the default AWS SDK authentication methods.
Documentation References (1)
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.aws.secretRef
secretRef references a Kubernetes Secret containing the AWScredentials. The
Secret must have keys accessKey, secretKey, andoptionally
sessionToken.Validation
Map typeatomic
Documentation References (1)
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.aws.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Documentation References (1)
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.azure
Azure specifies an Azure authentication method for the backend.
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.azure.managedIdentity
Details for managed identity authentication
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.azure.managedIdentity.clientId
No description for this field.
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.azure.managedIdentity.objectId
No description for this field.
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.azure.managedIdentity.resourceId
No description for this field.
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.azure.secretRef
secretRef references a Kubernetes Secret containing the Azurecredentials. The
Secret must have keys clientID, tenantID, andclientSecret.Validation
Map typeatomic
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.azure.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.gcp
Auth specifies to use a Google authentication method for the backend.
When omitted, we will try to use the default AWS SDK authentication methods.
When omitted, we will try to use the default AWS SDK authentication methods.
Validation
Rule
audience is only valid with IdToken
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.gcp.audience
audience allows explicitly configuring the aud of the ID token. Onlyvalid with
IdToken type. If not set, the aud is automaticallyderived from the backend hostname.
Validation
Min length1
Max length256
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.gcp.type
The type of token to generate. To authenticate to GCP services,
generally an
generally an
AccessToken is used. To authenticate to Cloud Run, anIdToken is used.Validation
EnumAccessToken, IdToken
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.key
key provides an inline key to use as the value of theAuthorization header. This option is the least secure; usage of aSecret is preferred.Validation
Max length2048
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.location
location controls where backend credentials are inserted.If omitted, credentials are written to the
Authorization header with the Bearer prefix.This applies to
key, secretRef, and passthrough.Validation
Rule
exactly one of the fields in [header queryParameter cookie] must be set
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.location.cookie
No description for this field.
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.location.cookie.name
No description for this field.
Validation
Min length1
Max length256
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.location.header
No description for this field.
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.location.header.name
HTTPHeaderName is the name of an HTTP header.
Valid values include:
* "Authorization"
* "Set-Cookie"
* "Set-Cookie"
Invalid values include:
- ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.location.header.prefix
No description for this field.
Validation
Min length1
Max length256
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.location.queryParameter
No description for this field.
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.location.queryParameter.name
No description for this field.
Validation
Min length1
Max length256
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.passthrough
passthrough passes through an existing token that has been sent by theclient and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.secretRef
secretRef references a Kubernetes Secret storing the key to use asthe authorization value. This must be stored in the
Authorization key.Validation
Map typeatomic
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.http
http defines settings for managing HTTP requests to the backend.
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.http.requestTimeout
requestTimeout specifies the deadline for receiving a response from the backend.
Validation
Rule
invalid duration value
Rule
requestTimeout must be at least 1ms
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.http.version
version specifies the HTTP protocol version to use when connecting tothe backend.
If not specified, the version is automatically determined:
*
Service types can specify it with appProtocol on the Serviceport.
* If traffic is identified as gRPC,
HTTP2 is used.* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS,
HTTP1 will be used. This isbecause most clients will transparently upgrade HTTPS traffic to
HTTP2, even if the backend doesn't support it.Validation
EnumHTTP1, HTTP2
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.tcp
tcp defines settings for managing TCP connections to the backend.
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.tcp.connectTimeout
connectTimeout defines the deadline for establishing a connection tothe destination.
Validation
Rule
invalid duration value
Rule
connectTimeout must be at least 100ms
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.tcp.keepalive
keepAlive defines settings for enabling TCP keepalives on theconnection.
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.tcp.keepalive.interval
interval specifies the number of seconds between keep-alive probes.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
interval must be at least 1 second
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.tcp.keepalive.retries
retries specifies the maximum number of keep-alive probes to send before dropping the connection.
If unset, this defaults to 9.
If unset, this defaults to 9.
Validation
Formatint32
Minimum1
Maximum64
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.tcp.keepalive.time
time specifies the number of seconds a connection needs to be idle before keep-alive probes start being sent.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
time must be at least 1 second
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.tls
tls defines settings for managing TLS connections to the backend.
If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to
validate the server, and the SNI will automatically be set based on the destination.
validate the server, and the SNI will automatically be set based on the destination.
Validation
Rule
insecureSkipVerify All and caCertificateRefs may not be set together
Rule
insecureSkipVerify and verifySubjectAltNames may not be set together
Rule
at most one of the fields in [verifySubjectAltNames insecureSkipVerify] may be set
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.tls.alpnProtocols
alpnProtocols sets the Application-Layer Protocol Negotiation (ALPN)value to use in the TLS handshake.
If not present, defaults to
["h2", "http/1.1"].Validation
Min items1
Max items16
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.tls.caCertificateRefs
caCertificateRefs defines the CA certificate ConfigMap to use toverify the server certificate.
If unset, the system's trusted certificates are used.
Validation
Max items1
List typeatomic
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.tls.caCertificateRefs.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.tls.insecureSkipVerify
insecureSkipVerify originates TLS but skips verification of the backend's certificate.
WARNING: This is an insecure option that should only be used if the risks are understood.
WARNING: This is an insecure option that should only be used if the risks are understood.
There are two modes:
*
*
mismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
if possible.
*
All disables all TLS verification.*
Hostname verifies the CA certificate is trusted, but ignores anymismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
verifySubjectAltNames to customize the valid hostnamesif possible.
Validation
EnumAll, Hostname
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.tls.mtlsCertificateRef
mtlsCertificateRef enables mutual TLS to the backend, using thespecified key (
tls.key) and cert (tls.crt) from the referencedSecret.An optional
server certificate. If
ca.cert field, if present, will be used to verify theserver certificate. If
caCertificateRefs is also specified, thecaCertificateRefs field takes priority.If unspecified, no client certificate will be used.
Validation
Max items1
List typeatomic
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.tls.mtlsCertificateRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.tls.sni
sni specifies the Server Name Indicator (SNI) to be used in the TLShandshake. If unset, the
SNI is automatically set based on thedestination hostname.
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Min length1
Max length253
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.tls.verifySubjectAltNames
verifySubjectAltNames specifies the Subject Alternative Names (SAN)to verify in the server certificate.
If not present, the destination hostname is automatically used.
Validation
Min items1
Max items16
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.tunnel
tunnel defines settings for managing tunnel connections (with behavior like HTTPS_PROXY) to the backend.spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.tunnel.backendRef
backendRef references the proxy server to reach.Supported types:
Service and Backend.Validation
Rule
Must have port for Service reference
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.tunnel.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.tunnel.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.tunnel.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.tunnel.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.tunnel.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
spec.backend.ai.promptGuard.response.bedrockGuardrails.region
Region is the AWS region where the guardrail is deployed (for example,
us-west-2).Validation
Min length1
Max length256
Documentation References (1)
spec.backend.ai.promptGuard.response.bedrockGuardrails.version
GuardrailVersion is the version of the Guardrail policy to use for the backend.
Validation
Min length1
Max length256
Documentation References (1)
spec.backend.ai.promptGuard.response.googleModelArmor
googleModelArmor configures Google Model Armor for prompt guarding.Documentation References (1)
spec.backend.ai.promptGuard.response.googleModelArmor.location
Location is the Google Cloud location (for example,
Defaults to
us-central1).Defaults to
us-central1 if not specified.Validation
Defaultus-central1
Min length1
Max length256
Documentation References (1)
spec.backend.ai.promptGuard.response.googleModelArmor.policies
policies controls policies for communicating with Google Model Armor.
Documentation References (1)
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth
auth defines settings for managing authentication to the backend.Validation
Rule
location may only be set for key or passthrough auth
Rule
exactly one of the fields in [key secretRef passthrough aws azure gcp] must be set
Documentation References (1)
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.aws
Auth specifies an explicit AWS authentication method for the backend.
When omitted, we will try to use the default AWS SDK authentication methods.
When omitted, we will try to use the default AWS SDK authentication methods.
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.aws.secretRef
secretRef references a Kubernetes Secret containing the AWScredentials. The
Secret must have keys accessKey, secretKey, andoptionally
sessionToken.Validation
Map typeatomic
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.aws.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.azure
Azure specifies an Azure authentication method for the backend.
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.azure.managedIdentity
Details for managed identity authentication
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.azure.managedIdentity.clientId
No description for this field.
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.azure.managedIdentity.objectId
No description for this field.
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.azure.managedIdentity.resourceId
No description for this field.
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.azure.secretRef
secretRef references a Kubernetes Secret containing the Azurecredentials. The
Secret must have keys clientID, tenantID, andclientSecret.Validation
Map typeatomic
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.azure.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.gcp
Auth specifies to use a Google authentication method for the backend.
When omitted, we will try to use the default AWS SDK authentication methods.
When omitted, we will try to use the default AWS SDK authentication methods.
Validation
Rule
audience is only valid with IdToken
Documentation References (1)
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.gcp.audience
audience allows explicitly configuring the aud of the ID token. Onlyvalid with
IdToken type. If not set, the aud is automaticallyderived from the backend hostname.
Validation
Min length1
Max length256
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.gcp.type
The type of token to generate. To authenticate to GCP services,
generally an
generally an
AccessToken is used. To authenticate to Cloud Run, anIdToken is used.Validation
EnumAccessToken, IdToken
Documentation References (1)
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.key
key provides an inline key to use as the value of theAuthorization header. This option is the least secure; usage of aSecret is preferred.Validation
Max length2048
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.location
location controls where backend credentials are inserted.If omitted, credentials are written to the
Authorization header with the Bearer prefix.This applies to
key, secretRef, and passthrough.Validation
Rule
exactly one of the fields in [header queryParameter cookie] must be set
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.location.cookie
No description for this field.
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.location.cookie.name
No description for this field.
Validation
Min length1
Max length256
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.location.header
No description for this field.
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.location.header.name
HTTPHeaderName is the name of an HTTP header.
Valid values include:
* "Authorization"
* "Set-Cookie"
* "Set-Cookie"
Invalid values include:
- ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.location.header.prefix
No description for this field.
Validation
Min length1
Max length256
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.location.queryParameter
No description for this field.
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.location.queryParameter.name
No description for this field.
Validation
Min length1
Max length256
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.passthrough
passthrough passes through an existing token that has been sent by theclient and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.secretRef
secretRef references a Kubernetes Secret storing the key to use asthe authorization value. This must be stored in the
Authorization key.Validation
Map typeatomic
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.backend.ai.promptGuard.response.googleModelArmor.policies.http
http defines settings for managing HTTP requests to the backend.
spec.backend.ai.promptGuard.response.googleModelArmor.policies.http.requestTimeout
requestTimeout specifies the deadline for receiving a response from the backend.
Validation
Rule
invalid duration value
Rule
requestTimeout must be at least 1ms
spec.backend.ai.promptGuard.response.googleModelArmor.policies.http.version
version specifies the HTTP protocol version to use when connecting tothe backend.
If not specified, the version is automatically determined:
*
Service types can specify it with appProtocol on the Serviceport.
* If traffic is identified as gRPC,
HTTP2 is used.* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS,
HTTP1 will be used. This isbecause most clients will transparently upgrade HTTPS traffic to
HTTP2, even if the backend doesn't support it.Validation
EnumHTTP1, HTTP2
spec.backend.ai.promptGuard.response.googleModelArmor.policies.tcp
tcp defines settings for managing TCP connections to the backend.
spec.backend.ai.promptGuard.response.googleModelArmor.policies.tcp.connectTimeout
connectTimeout defines the deadline for establishing a connection tothe destination.
Validation
Rule
invalid duration value
Rule
connectTimeout must be at least 100ms
spec.backend.ai.promptGuard.response.googleModelArmor.policies.tcp.keepalive
keepAlive defines settings for enabling TCP keepalives on theconnection.
spec.backend.ai.promptGuard.response.googleModelArmor.policies.tcp.keepalive.interval
interval specifies the number of seconds between keep-alive probes.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
interval must be at least 1 second
spec.backend.ai.promptGuard.response.googleModelArmor.policies.tcp.keepalive.retries
retries specifies the maximum number of keep-alive probes to send before dropping the connection.
If unset, this defaults to 9.
If unset, this defaults to 9.
Validation
Formatint32
Minimum1
Maximum64
spec.backend.ai.promptGuard.response.googleModelArmor.policies.tcp.keepalive.time
time specifies the number of seconds a connection needs to be idle before keep-alive probes start being sent.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
time must be at least 1 second
spec.backend.ai.promptGuard.response.googleModelArmor.policies.tls
tls defines settings for managing TLS connections to the backend.
If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to
validate the server, and the SNI will automatically be set based on the destination.
validate the server, and the SNI will automatically be set based on the destination.
Validation
Rule
insecureSkipVerify All and caCertificateRefs may not be set together
Rule
insecureSkipVerify and verifySubjectAltNames may not be set together
Rule
at most one of the fields in [verifySubjectAltNames insecureSkipVerify] may be set
spec.backend.ai.promptGuard.response.googleModelArmor.policies.tls.alpnProtocols
alpnProtocols sets the Application-Layer Protocol Negotiation (ALPN)value to use in the TLS handshake.
If not present, defaults to
["h2", "http/1.1"].Validation
Min items1
Max items16
spec.backend.ai.promptGuard.response.googleModelArmor.policies.tls.caCertificateRefs
caCertificateRefs defines the CA certificate ConfigMap to use toverify the server certificate.
If unset, the system's trusted certificates are used.
Validation
Max items1
List typeatomic
spec.backend.ai.promptGuard.response.googleModelArmor.policies.tls.caCertificateRefs.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.backend.ai.promptGuard.response.googleModelArmor.policies.tls.insecureSkipVerify
insecureSkipVerify originates TLS but skips verification of the backend's certificate.
WARNING: This is an insecure option that should only be used if the risks are understood.
WARNING: This is an insecure option that should only be used if the risks are understood.
There are two modes:
*
*
mismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
if possible.
*
All disables all TLS verification.*
Hostname verifies the CA certificate is trusted, but ignores anymismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
verifySubjectAltNames to customize the valid hostnamesif possible.
Validation
EnumAll, Hostname
spec.backend.ai.promptGuard.response.googleModelArmor.policies.tls.mtlsCertificateRef
mtlsCertificateRef enables mutual TLS to the backend, using thespecified key (
tls.key) and cert (tls.crt) from the referencedSecret.An optional
server certificate. If
ca.cert field, if present, will be used to verify theserver certificate. If
caCertificateRefs is also specified, thecaCertificateRefs field takes priority.If unspecified, no client certificate will be used.
Validation
Max items1
List typeatomic
spec.backend.ai.promptGuard.response.googleModelArmor.policies.tls.mtlsCertificateRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.backend.ai.promptGuard.response.googleModelArmor.policies.tls.sni
sni specifies the Server Name Indicator (SNI) to be used in the TLShandshake. If unset, the
SNI is automatically set based on thedestination hostname.
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Min length1
Max length253
spec.backend.ai.promptGuard.response.googleModelArmor.policies.tls.verifySubjectAltNames
verifySubjectAltNames specifies the Subject Alternative Names (SAN)to verify in the server certificate.
If not present, the destination hostname is automatically used.
Validation
Min items1
Max items16
spec.backend.ai.promptGuard.response.googleModelArmor.policies.tunnel
tunnel defines settings for managing tunnel connections (with behavior like HTTPS_PROXY) to the backend.spec.backend.ai.promptGuard.response.googleModelArmor.policies.tunnel.backendRef
backendRef references the proxy server to reach.Supported types:
Service and Backend.Validation
Rule
Must have port for Service reference
spec.backend.ai.promptGuard.response.googleModelArmor.policies.tunnel.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.backend.ai.promptGuard.response.googleModelArmor.policies.tunnel.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.backend.ai.promptGuard.response.googleModelArmor.policies.tunnel.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
spec.backend.ai.promptGuard.response.googleModelArmor.policies.tunnel.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.backend.ai.promptGuard.response.googleModelArmor.policies.tunnel.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
spec.backend.ai.promptGuard.response.googleModelArmor.projectId
ProjectID is the Google Cloud project ID.
Validation
Min length1
Max length256
Documentation References (1)
spec.backend.ai.promptGuard.response.googleModelArmor.templateId
TemplateID is the template ID for Google Model Armor.
Validation
Min length1
Max length256
Documentation References (1)
spec.backend.ai.promptGuard.response.regex
Regular expression (regex) matching for prompt guards and data masking.
Documentation References (3)
spec.backend.ai.promptGuard.response.regex.action
The action to take if a regex pattern is matched in a request or response.
This setting applies only to request matches.
matches are always masked by default.
Defaults to
This setting applies only to request matches.
PromptguardResponsematches are always masked by default.
Defaults to
Mask.Validation
EnumMask, Reject
DefaultMask
Documentation References (3)
spec.backend.ai.promptGuard.response.regex.builtins
A list of built-in regex patterns to match against the request or response.
Matches and built-ins are additive.
Matches and built-ins are additive.
Documentation References (3)
spec.backend.ai.promptGuard.response.regex.matches
A list of regex patterns to match against the request or response.
Matches and built-ins are additive.
Matches and built-ins are additive.
spec.backend.ai.promptGuard.response.response
A custom response message to return to the client. If not specified, defaults to
The response was rejected due to inappropriate content.Validation
Rule
at least one of the fields in [message statusCode] must be set
spec.backend.ai.promptGuard.response.response.message
A custom response message to return to the client. If not specified, defaults to
The request was rejected due to inappropriate content.Validation
DefaultThe request was rejected due to inappropriate content
spec.backend.ai.promptGuard.response.response.statusCode
The status code to return to the client. Defaults to 403.
Validation
Default403
Formatint32
Minimum200
Maximum599
spec.backend.ai.promptGuard.response.webhook
Configure a webhook to forward responses to for prompt guarding.
Documentation References (3)
spec.backend.ai.promptGuard.response.webhook.backendRef
backendRef references the webhook server to reach.
Supported types: Service and Backend.
Validation
Rule
Must have port for Service reference
Documentation References (3)
spec.backend.ai.promptGuard.response.webhook.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.backend.ai.promptGuard.response.webhook.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
Documentation References (3)
spec.backend.ai.promptGuard.response.webhook.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
Documentation References (3)
spec.backend.ai.promptGuard.response.webhook.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.backend.ai.promptGuard.response.webhook.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
Documentation References (3)
spec.backend.ai.promptGuard.response.webhook.forwardHeaderMatches
ForwardHeaderMatches defines a list of HTTP header matches that will be
used to select the headers to forward to the webhook.
Request headers are used when forwarding requests and response headers
are used when forwarding responses.
By default, no headers are forwarded.
used to select the headers to forward to the webhook.
Request headers are used when forwarding requests and response headers
are used when forwarding responses.
By default, no headers are forwarded.
spec.backend.ai.promptGuard.response.webhook.forwardHeaderMatches.name
Name is the name of the HTTP Header to be matched. Name matching MUST be
case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
If multiple entries specify equivalent header names, only the first
entry with an equivalent name MUST be considered for a match. Subsequent
entries with an equivalent header name MUST be ignored. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered
equivalent.
entry with an equivalent name MUST be considered for a match. Subsequent
entries with an equivalent header name MUST be ignored. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered
equivalent.
When a header is repeated in an HTTP request, it is
implementation-specific behavior as to how this is represented.
Generally, proxies should follow the guidance from the RFC:
https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding
processing a repeated header, with special handling for "Set-Cookie".
implementation-specific behavior as to how this is represented.
Generally, proxies should follow the guidance from the RFC:
https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding
processing a repeated header, with special handling for "Set-Cookie".
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.backend.ai.promptGuard.response.webhook.forwardHeaderMatches.type
Type specifies how to match against the value of the header.
Support: Core (Exact)
Support: Implementation-specific (RegularExpression)
Since RegularExpression HeaderMatchType has implementation-specific
conformance, implementations can support POSIX, PCRE or any other dialects
of regular expressions. Please read the implementation's documentation to
determine the supported dialect.
conformance, implementations can support POSIX, PCRE or any other dialects
of regular expressions. Please read the implementation's documentation to
determine the supported dialect.
Validation
EnumExact, RegularExpression
DefaultExact
spec.backend.ai.promptGuard.response.webhook.forwardHeaderMatches.value
Value is the value of HTTP Header to be matched.
<gateway:experimental:description>
Must consist of printable US-ASCII characters, optionally separated
by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2
</gateway:experimental:description>
<gateway:experimental:description>
Must consist of printable US-ASCII characters, optionally separated
by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2
</gateway:experimental:description>
<gateway:experimental:validation:Pattern=
^[!-~]+([\t ]?[!-~]+)*$>Validation
Min length1
Max length4096
spec.backend.ai.routes
routes defines how to identify the type of traffic to handle.The keys are URL path suffixes matched using ends-with comparison, for
example
"/v1/chat/completions".The special
* wildcard matches any path.If not specified, all traffic defaults to
completions type.spec.backend.ai.transformations
Provide CEL transformations to compute and set fields in the request body.
The expression result overwrites any existing value for that field.
This has a higher priority than
key.
The expression result overwrites any existing value for that field.
This has a higher priority than
overrides if both are set for the samekey.
Validation
Min items1
Max items64
Documentation References (2)
spec.backend.ai.transformations.expression
CEL expression used to compute the field value.
Validation
Min length1
Max length16384
Documentation References (2)
spec.backend.ai.transformations.field
The name of the field to set.
Validation
Max length256
Documentation References (2)
spec.backend.auth
auth defines settings for managing authentication to the backend.Validation
Rule
location may only be set for key or passthrough auth
Rule
exactly one of the fields in [key secretRef passthrough aws azure gcp] must be set
spec.backend.auth.aws
Auth specifies an explicit AWS authentication method for the backend.
When omitted, we will try to use the default AWS SDK authentication methods.
When omitted, we will try to use the default AWS SDK authentication methods.
spec.backend.auth.aws.secretRef
secretRef references a Kubernetes Secret containing the AWScredentials. The
Secret must have keys accessKey, secretKey, andoptionally
sessionToken.Validation
Map typeatomic
spec.backend.auth.aws.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.backend.auth.azure
Azure specifies an Azure authentication method for the backend.
spec.backend.auth.azure.managedIdentity
Details for managed identity authentication
spec.backend.auth.azure.managedIdentity.clientId
No description for this field.
spec.backend.auth.azure.managedIdentity.objectId
No description for this field.
spec.backend.auth.azure.managedIdentity.resourceId
No description for this field.
spec.backend.auth.azure.secretRef
secretRef references a Kubernetes Secret containing the Azurecredentials. The
Secret must have keys clientID, tenantID, andclientSecret.Validation
Map typeatomic
spec.backend.auth.azure.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.backend.auth.gcp
Auth specifies to use a Google authentication method for the backend.
When omitted, we will try to use the default AWS SDK authentication methods.
When omitted, we will try to use the default AWS SDK authentication methods.
Validation
Rule
audience is only valid with IdToken
spec.backend.auth.gcp.audience
audience allows explicitly configuring the aud of the ID token. Onlyvalid with
IdToken type. If not set, the aud is automaticallyderived from the backend hostname.
Validation
Min length1
Max length256
spec.backend.auth.gcp.type
The type of token to generate. To authenticate to GCP services,
generally an
generally an
AccessToken is used. To authenticate to Cloud Run, anIdToken is used.Validation
EnumAccessToken, IdToken
spec.backend.auth.key
key provides an inline key to use as the value of theAuthorization header. This option is the least secure; usage of aSecret is preferred.Validation
Max length2048
spec.backend.auth.location
location controls where backend credentials are inserted.If omitted, credentials are written to the
Authorization header with the Bearer prefix.This applies to
key, secretRef, and passthrough.Validation
Rule
exactly one of the fields in [header queryParameter cookie] must be set
spec.backend.auth.location.cookie
No description for this field.
spec.backend.auth.location.cookie.name
No description for this field.
Validation
Min length1
Max length256
spec.backend.auth.location.header
No description for this field.
spec.backend.auth.location.header.name
HTTPHeaderName is the name of an HTTP header.
Valid values include:
* "Authorization"
* "Set-Cookie"
* "Set-Cookie"
Invalid values include:
- ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.backend.auth.location.header.prefix
No description for this field.
Validation
Min length1
Max length256
spec.backend.auth.location.queryParameter
No description for this field.
spec.backend.auth.location.queryParameter.name
No description for this field.
Validation
Min length1
Max length256
spec.backend.auth.passthrough
passthrough passes through an existing token that has been sent by theclient and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
spec.backend.auth.secretRef
secretRef references a Kubernetes Secret storing the key to use asthe authorization value. This must be stored in the
Authorization key.Validation
Map typeatomic
spec.backend.auth.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.backend.health
health defines settings for passive and active health checking.
Documentation References (1)
spec.backend.health.eviction
Eviction defines settings for evicting unhealthy backends.
Documentation References (1)
spec.backend.health.eviction.consecutiveFailures
ConsecutiveFailures is the number of consecutive unhealthy responses required before the backend is evicted.
For example, a value of 5 means the backend must receive 5 unhealthy responses in a row before being evicted.
When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met.
When neither is set, a single unhealthy response can trigger eviction.
For example, a value of 5 means the backend must receive 5 unhealthy responses in a row before being evicted.
When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met.
When neither is set, a single unhealthy response can trigger eviction.
Validation
Formatint32
Minimum0
Documentation References (1)
spec.backend.health.eviction.duration
Duration specifies the base time a backend should be evicted after being marked unhealthy.
Subsequent evictions use multiplicative backoff (duration * times_evicted).
If all endpoints are evicted, the load balancer falls back to returning evicted endpoints
rather than failing entirely.
If unset, defaults to
Subsequent evictions use multiplicative backoff (duration * times_evicted).
If all endpoints are evicted, the load balancer falls back to returning evicted endpoints
rather than failing entirely.
If unset, defaults to
3s.Validation
Default3s
Rule
invalid duration value
Rule
evictionDuration must be at least 1 second
Documentation References (1)
spec.backend.health.eviction.healthThreshold
HealthThreshold is the EWMA (exponentially-weighted moving average) health score threshold, expressed as 0–100.
When set, a backend is only evicted if its computed health drops below this value after an unhealthy response.
For example, 50 means the backend is evicted when its EWMA health falls below 50% following failures.
Unlike consecutiveFailures (which counts consecutive failures), this uses a sliding-window average
so a single success in a stream of failures can delay eviction.
When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met.
When neither is set, a single unhealthy response triggers eviction.
When set, a backend is only evicted if its computed health drops below this value after an unhealthy response.
For example, 50 means the backend is evicted when its EWMA health falls below 50% following failures.
Unlike consecutiveFailures (which counts consecutive failures), this uses a sliding-window average
so a single success in a stream of failures can delay eviction.
When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met.
When neither is set, a single unhealthy response triggers eviction.
Validation
Formatint32
Minimum0
Maximum100
spec.backend.health.eviction.restoreHealth
RestoreHealth is the health score (0–100) assigned to a backend when it returns from eviction.
For gradual recovery, set below 100; for full recovery immediately, set 100.
If unset, the backend resumes with the health it had when evicted.
For gradual recovery, set below 100; for full recovery immediately, set 100.
If unset, the backend resumes with the health it had when evicted.
Validation
Formatint32
Minimum0
Maximum100
spec.backend.health.unhealthyCondition
UnhealthyCondition is a CEL expression that determines whether a response indicates an unhealthy backend.
When the expression evaluates to true, the backend is considered unhealthy and may be evicted.
When the expression evaluates to true, the backend is considered unhealthy and may be evicted.
For example, to evict on 5xx responses:
response.code >= 500.When unset, any 5xx response, or a connection failure, is treated as unhealthy.
This default lowers the backend's health score but does not trigger eviction on its own.
This default lowers the backend's health score but does not trigger eviction on its own.
Validation
Min length1
Max length16384
Documentation References (1)
spec.backend.http
http defines settings for managing HTTP requests to the backend.
spec.backend.http.requestTimeout
requestTimeout specifies the deadline for receiving a response from the backend.
Validation
Rule
invalid duration value
Rule
requestTimeout must be at least 1ms
spec.backend.http.version
version specifies the HTTP protocol version to use when connecting tothe backend.
If not specified, the version is automatically determined:
*
Service types can specify it with appProtocol on the Serviceport.
* If traffic is identified as gRPC,
HTTP2 is used.* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS,
HTTP1 will be used. This isbecause most clients will transparently upgrade HTTPS traffic to
HTTP2, even if the backend doesn't support it.Validation
EnumHTTP1, HTTP2
spec.backend.mcp
mcp specifies settings for MCP workloads. This is only applicable whenconnecting to a
Backend of type mcp.Validation
Rule
at least one of the fields in [authentication authorization] must be set
Documentation References (1)
spec.backend.mcp.authentication
authentication defines MCPBackend-specific authentication rules.This field is deprecated; prefer to use traffic policy
other policies such as transformation and rate limiting.
jwtAuthentication.mcp, which ensures authentication runs beforeother policies such as transformation and rate limiting.
spec.backend.mcp.authentication.audiences
audiences specifies the list of allowed audiences that are allowedaccess. This corresponds to the
aud claim([RFC 7519 §4.1.3](https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.3)).
If unset, any audience is allowed.
Validation
Min items1
Max items64
spec.backend.mcp.authentication.issuer
issuer identifies the IdP that issued the JWT. This corresponds to theiss claim ([RFC 7519 §4.1.1](https://tools.ietf.org/html/rfc7519#section-4.1.1)).Validation
Min length1
Max length256
spec.backend.mcp.authentication.jwks
jwks defines the remote JSON Web Key used to validate the signature ofthe JWT.
spec.backend.mcp.authentication.jwks.backendRef
backendRef references the remote JWKS server to reach.Supported types are
Service and static Backend. AnAgentgatewayPolicy containing backend TLS config can then be attachedto the
Service or Backend in order to set TLS options for aconnection to the remote
jwks source.Validation
Rule
Must have port for Service reference
spec.backend.mcp.authentication.jwks.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.backend.mcp.authentication.jwks.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.backend.mcp.authentication.jwks.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
spec.backend.mcp.authentication.jwks.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.backend.mcp.authentication.jwks.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
spec.backend.mcp.authentication.jwks.cacheDuration
No description for this field.
Validation
Default5m
Rule
invalid duration value
Rule
cacheDuration must be at least 5m.
spec.backend.mcp.authentication.jwks.jwksPath
Path to the IdP
jwks endpoint, relative to the root, commonly".well-known/jwks.json".Validation
Min length1
Max length2000
spec.backend.mcp.authentication.mode
mode is the validation mode for JWT authentication.Validation
EnumStrict, Optional, Permissive
DefaultStrict
spec.backend.mcp.authentication.provider
provider specifies the identity provider to use for authentication.Validation
EnumAuth0, Keycloak
spec.backend.mcp.authentication.resourceMetadata
ResourceMetadata defines the metadata to use for MCP resources.
spec.backend.mcp.authorization
authorization defines MCPBackend level authorization. Unlike authorization at the HTTP level, which will reject
unauthorized requests with a
unauthorized requests with a
403 error, this policy works at theMCPBackend level.List operations, such as
Items that do not meet the rule will be filtered.
list_tools, will have each item evaluated.Items that do not meet the rule will be filtered.
Get or call operations, such as
item and reject requests that do not meet the rule.
call_tool, will evaluate the specificitem and reject requests that do not meet the rule.
Documentation References (1)
spec.backend.mcp.authorization.action
action defines whether the rule allows, denies, or requires the request ifmatched. If unspecified, the default is
Allow.Require policies are conjunctive across merged policies: all require policies must match.
Validation
EnumAllow, Deny, Require
DefaultAllow
Documentation References (1)
spec.backend.mcp.authorization.policy
policy specifies the authorization rule to evaluate.* For
* For
* For
considered to match, making this a risky policy; prefer to use
Allow rules: any policy allows the request.* For
Require rules: all policies must match for the request to be allowed.* For
Deny rules: any matching policy denies the request. Note: a CEL expression that fails to evaluate is notconsidered to match, making this a risky policy; prefer to use
Require.The presence of at least one
With no rules, all requires are allowed.
Allow rule triggers a deny-by-default policy, requiring at least 1 match to allow.With no rules, all requires are allowed.
Documentation References (1)
spec.backend.mcp.authorization.policy.matchExpressions
MatchExpressions defines a set of conditions that must be satisfied for the rule to match.
These expressions should be in the form of a Common Expression Language
(
These expressions should be in the form of a Common Expression Language
(
CEL) expression.Validation
Min items1
Max items256
Documentation References (1)
spec.backend.tcp
tcp defines settings for managing TCP connections to the backend.
spec.backend.tcp.connectTimeout
connectTimeout defines the deadline for establishing a connection tothe destination.
Validation
Rule
invalid duration value
Rule
connectTimeout must be at least 100ms
spec.backend.tcp.keepalive
keepAlive defines settings for enabling TCP keepalives on theconnection.
spec.backend.tcp.keepalive.interval
interval specifies the number of seconds between keep-alive probes.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
interval must be at least 1 second
spec.backend.tcp.keepalive.retries
retries specifies the maximum number of keep-alive probes to send before dropping the connection.
If unset, this defaults to 9.
If unset, this defaults to 9.
Validation
Formatint32
Minimum1
Maximum64
spec.backend.tcp.keepalive.time
time specifies the number of seconds a connection needs to be idle before keep-alive probes start being sent.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
time must be at least 1 second
spec.backend.tls
tls defines settings for managing TLS connections to the backend.
If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to
validate the server, and the SNI will automatically be set based on the destination.
validate the server, and the SNI will automatically be set based on the destination.
Validation
Rule
insecureSkipVerify All and caCertificateRefs may not be set together
Rule
insecureSkipVerify and verifySubjectAltNames may not be set together
Rule
at most one of the fields in [verifySubjectAltNames insecureSkipVerify] may be set
Documentation References (1)
spec.backend.tls.alpnProtocols
alpnProtocols sets the Application-Layer Protocol Negotiation (ALPN)value to use in the TLS handshake.
If not present, defaults to
["h2", "http/1.1"].Validation
Min items1
Max items16
spec.backend.tls.caCertificateRefs
caCertificateRefs defines the CA certificate ConfigMap to use toverify the server certificate.
If unset, the system's trusted certificates are used.
Validation
Max items1
List typeatomic
spec.backend.tls.caCertificateRefs.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.backend.tls.insecureSkipVerify
insecureSkipVerify originates TLS but skips verification of the backend's certificate.
WARNING: This is an insecure option that should only be used if the risks are understood.
WARNING: This is an insecure option that should only be used if the risks are understood.
There are two modes:
*
*
mismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
if possible.
*
All disables all TLS verification.*
Hostname verifies the CA certificate is trusted, but ignores anymismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
verifySubjectAltNames to customize the valid hostnamesif possible.
Validation
EnumAll, Hostname
spec.backend.tls.mtlsCertificateRef
mtlsCertificateRef enables mutual TLS to the backend, using thespecified key (
tls.key) and cert (tls.crt) from the referencedSecret.An optional
server certificate. If
ca.cert field, if present, will be used to verify theserver certificate. If
caCertificateRefs is also specified, thecaCertificateRefs field takes priority.If unspecified, no client certificate will be used.
Validation
Max items1
List typeatomic
Documentation References (1)
spec.backend.tls.mtlsCertificateRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Documentation References (1)
spec.backend.tls.sni
sni specifies the Server Name Indicator (SNI) to be used in the TLShandshake. If unset, the
SNI is automatically set based on thedestination hostname.
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Min length1
Max length253
Documentation References (1)
spec.backend.tls.verifySubjectAltNames
verifySubjectAltNames specifies the Subject Alternative Names (SAN)to verify in the server certificate.
If not present, the destination hostname is automatically used.
Validation
Min items1
Max items16
spec.backend.transformation
transformation is used to mutate and transform requests and responses sent to and from the backend.
Validation
Rule
at least one of the fields in [request response] must be set
spec.backend.transformation.request
request is used to modify the request path.Validation
Rule
at least one of the fields in [add body metadata remove set] must be set
spec.backend.transformation.request.add
add is a list of headers to add to the request and what that valueshould be set to. If there is already a header with these values then
append the value as an extra entry.
Validation
Min items1
Max items16
List typemap
List map keysname
spec.backend.transformation.request.add.name
The name of the header to add.
Validation
Pattern^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
Rule
pseudo-headers must be one of :authority, :method, :path, :scheme, or :status
spec.backend.transformation.request.add.value
value is the CEL expression to apply to generate the output value forthe header.
Validation
Min length1
Max length16384
spec.backend.transformation.request.body
body controls manipulation of the HTTP body.Validation
Min length1
Max length16384
spec.backend.transformation.request.metadata
metadata stores CEL-evaluated values under the metadata CEL variablefor subsequent policy evaluations.
metadata is evaluated before headeror body transformations.
Validation
Min properties1
Max properties16
spec.backend.transformation.request.remove
remove is a list of header names to remove from the request orresponse.
Validation
Min items1
Max items16
List typeset
spec.backend.transformation.request.set
set is a list of headers and the value they should be set to.Validation
Min items1
Max items16
List typemap
List map keysname
spec.backend.transformation.request.set.name
The name of the header to add.
Validation
Pattern^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
Rule
pseudo-headers must be one of :authority, :method, :path, :scheme, or :status
spec.backend.transformation.request.set.value
value is the CEL expression to apply to generate the output value forthe header.
Validation
Min length1
Max length16384
spec.backend.transformation.response
response is used to modify the response path.Validation
Rule
at least one of the fields in [add body metadata remove set] must be set
spec.backend.transformation.response.add
add is a list of headers to add to the request and what that valueshould be set to. If there is already a header with these values then
append the value as an extra entry.
Validation
Min items1
Max items16
List typemap
List map keysname
spec.backend.transformation.response.add.name
The name of the header to add.
Validation
Pattern^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
Rule
pseudo-headers must be one of :authority, :method, :path, :scheme, or :status
spec.backend.transformation.response.add.value
value is the CEL expression to apply to generate the output value forthe header.
Validation
Min length1
Max length16384
spec.backend.transformation.response.body
body controls manipulation of the HTTP body.Validation
Min length1
Max length16384
spec.backend.transformation.response.metadata
metadata stores CEL-evaluated values under the metadata CEL variablefor subsequent policy evaluations.
metadata is evaluated before headeror body transformations.
Validation
Min properties1
Max properties16
spec.backend.transformation.response.remove
remove is a list of header names to remove from the request orresponse.
Validation
Min items1
Max items16
List typeset
spec.backend.transformation.response.set
set is a list of headers and the value they should be set to.Validation
Min items1
Max items16
List typemap
List map keysname
spec.backend.transformation.response.set.name
The name of the header to add.
Validation
Pattern^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
Rule
pseudo-headers must be one of :authority, :method, :path, :scheme, or :status
spec.backend.transformation.response.set.value
value is the CEL expression to apply to generate the output value forthe header.
Validation
Min length1
Max length16384
spec.backend.tunnel
tunnel defines settings for managing tunnel connections (with behavior like HTTPS_PROXY) to the backend.spec.backend.tunnel.backendRef
backendRef references the proxy server to reach.Supported types:
Service and Backend.Validation
Rule
Must have port for Service reference
spec.backend.tunnel.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.backend.tunnel.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.backend.tunnel.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
spec.backend.tunnel.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.backend.tunnel.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
spec.frontend
frontend defines settings for how to handle incoming traffic.
A frontend policy can only target a
Gateway. Listener andListenerSet are not valid targets.When multiple policies are selected for a given request, they are merged on a field-level basis, but not a deep
merge. For example, policy A sets
policy B.
merge. For example, policy A sets
tcp and tls, and policy B setstls; the effective policy would be tcp from policy A, and tls frompolicy B.
Validation
Rule
at least one of the fields in [accessLog http metrics networkAuthorization proxyProtocol tcp tls tracing] must be set
spec.frontend.accessLog
accessLog contains access logging configuration.Documentation References (2)
spec.frontend.accessLog.attributes
attributes specifies customizations to the key-value pairs that arelogged.
Validation
Rule
at least one of the fields in [add remove] must be set
Documentation References (2)
spec.frontend.accessLog.attributes.add
add specifies additional key-value pairs to be added to each entry.The value is a CEL expression. If the CEL expression fails to evaluate,
the pair will be excluded.
Validation
Min items1
Documentation References (2)
spec.frontend.accessLog.attributes.add.expression
CELExpression represents a Common Expression Language (CEL) expression.
Validation
Min length1
Max length16384
Documentation References (2)
spec.frontend.accessLog.attributes.add.name
No description for this field.
Validation
Min length1
Max length256
Documentation References (2)
spec.frontend.accessLog.attributes.remove
remove lists the default fields that should be removed. For example,http.method.Validation
Min items1
Max items32
spec.frontend.accessLog.filter
filter specifies a CEL expression that is used to filter logs. A logwill only be emitted if the expression evaluates to
true.Validation
Min length1
Max length16384
Documentation References (2)
spec.frontend.accessLog.otlp
otlp configures OTLP access log export to anOpenTelemetry-compatible backend.
Validation
Rule
path is only valid with protocol HTTP
Rule
path must start with /
spec.frontend.accessLog.otlp.backendRef
backendRef references the OTLP server to send access logs to.Supported types:
Service and AgentgatewayBackend.Validation
Rule
Must have port for Service reference
spec.frontend.accessLog.otlp.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.frontend.accessLog.otlp.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.frontend.accessLog.otlp.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
spec.frontend.accessLog.otlp.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.frontend.accessLog.otlp.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
spec.frontend.accessLog.otlp.path
path specifies the OTLP/HTTP path to use. This is only applicablewhen
protocol is HTTP. If unset, this defaults to /v1/logs.Validation
Min length1
Max length1024
spec.frontend.accessLog.otlp.protocol
protocol specifies the OTLP protocol variant to use.Validation
EnumHTTP, GRPC
DefaultGRPC
spec.frontend.http
http defines settings on managing incoming HTTP requests.
Validation
Rule
at least one of the fields in [http1IdleTimeout http1MaxHeaders http2ConnectionWindowSize http2FrameSize http2KeepaliveInterval http2KeepaliveTimeout http2WindowSize maxBufferSize maxConnectionDuration] must be set
Documentation References (4)
spec.frontend.http.http1IdleTimeout
http1IdleTimeout defines the timeout before an unused connection isclosed.
If unset, this defaults to 10 minutes.
Validation
Rule
invalid duration value
Rule
http1IdleTimeout must be at least 1 second
Documentation References (1)
spec.frontend.http.http1MaxHeaders
http1MaxHeaders defines the maximum number of headers that are allowedin
HTTP/1.1 requests.If unset, this defaults to 100.
Validation
Formatint32
Minimum1
Maximum4096
Documentation References (1)
spec.frontend.http.http2ConnectionWindowSize
http2ConnectionWindowSize indicates the initial window size forconnection-level flow control for received data.
Validation
Formatint32
Minimum1
Documentation References (1)
spec.frontend.http.http2FrameSize
http2FrameSize sets the maximum frame size to use.If unset, this defaults to
16kb.Validation
Formatint32
Minimum16384
Maximum1677215
Documentation References (1)
spec.frontend.http.http2KeepaliveInterval
No description for this field.
Validation
Rule
invalid duration value
Rule
http2KeepaliveInterval must be at least 1 second
Documentation References (1)
spec.frontend.http.http2KeepaliveTimeout
No description for this field.
Validation
Rule
invalid duration value
Rule
http2KeepaliveTimeout must be at least 1 second
Documentation References (1)
spec.frontend.http.http2WindowSize
http2WindowSize indicates the initial window size for stream-level flowcontrol for received data.
Validation
Formatint32
Minimum1
Documentation References (1)
spec.frontend.http.maxBufferSize
maxBufferSize defines the maximum HTTP body size that will be bufferedinto memory.
Bodies will only be buffered for policies which require buffering.
If unset, this defaults to
2mb.Validation
Formatint32
Minimum1
Documentation References (1)
spec.frontend.http.maxConnectionDuration
maxConnectionDuration specifies the maximum time a connection is allowed to remain open.After this duration, the connection is gracefully closed after the current in-flight request completes.
Useful for ensuring even traffic distribution behind load balancers during scaling events.
Validation
Rule
invalid duration value
Rule
maxConnectionDuration must be at least 1 second
spec.frontend.metrics
metrics contains custom Prometheus metric label configuration.CEL expressions are evaluated per-request and added as labels to all
Prometheus metrics exposed by agentgateway.
spec.frontend.metrics.attributes
attributes specifies customizations to the labels that areadded to Prometheus metrics.
Validation
Rule
at least one of the fields in [add] must be set
spec.frontend.metrics.attributes.add
add specifies additional key-value pairs to be added as custom labelsto all Prometheus metrics. The value is a CEL expression evaluated
per-request. If the CEL expression fails to evaluate, the label value
is set to "unknown".
WARNING: High-cardinality labels (e.g., per-user IDs) can significantly
increase Prometheus storage and memory usage. Prefer low-cardinality
dimensions like team or environment.
increase Prometheus storage and memory usage. Prefer low-cardinality
dimensions like team or environment.
Validation
Min items1
Max items16
List typemap
List map keysname
spec.frontend.metrics.attributes.add.expression
CELExpression represents a Common Expression Language (CEL) expression.
Validation
Min length1
Max length16384
spec.frontend.metrics.attributes.add.name
No description for this field.
Validation
Min length1
Max length256
spec.frontend.networkAuthorization
networkAuthorization defines CEL authorization on downstream network connections.
This runs before protocol handling and is intended for L4 access control,
for example using
for example using
source.address with cidr(...).containsIP(...).spec.frontend.networkAuthorization.action
action defines whether the rule allows, denies, or requires the request ifmatched. If unspecified, the default is
Allow.Require policies are conjunctive across merged policies: all require policies must match.
Validation
EnumAllow, Deny, Require
DefaultAllow
spec.frontend.networkAuthorization.policy
policy specifies the authorization rule to evaluate.* For
* For
* For
considered to match, making this a risky policy; prefer to use
Allow rules: any policy allows the request.* For
Require rules: all policies must match for the request to be allowed.* For
Deny rules: any matching policy denies the request. Note: a CEL expression that fails to evaluate is notconsidered to match, making this a risky policy; prefer to use
Require.The presence of at least one
With no rules, all requires are allowed.
Allow rule triggers a deny-by-default policy, requiring at least 1 match to allow.With no rules, all requires are allowed.
spec.frontend.networkAuthorization.policy.matchExpressions
MatchExpressions defines a set of conditions that must be satisfied for the rule to match.
These expressions should be in the form of a Common Expression Language
(
These expressions should be in the form of a Common Expression Language
(
CEL) expression.Validation
Min items1
Max items256
spec.frontend.proxyProtocol
proxyProtocol defines settings for downstream PROXY protocol handling.
If configured, incoming connections may require a PROXY header before
normal protocol handling. This can also be configured to allow both
PROXY and non-PROXY traffic on the same listener.
normal protocol handling. This can also be configured to allow both
PROXY and non-PROXY traffic on the same listener.
spec.frontend.proxyProtocol.mode
mode controls whether PROXY headers are required or optional.
If unset, this defaults to
Strict.Validation
EnumStrict, Optional
DefaultStrict
spec.frontend.proxyProtocol.version
version controls which PROXY protocol version is accepted.
If unset, this defaults to
V2.Validation
EnumV1, V2, All
DefaultV2
spec.frontend.tcp
tcp defines settings on managing incoming TCP connections.
Validation
Rule
at least one of the fields in [keepalive] must be set
Documentation References (1)
spec.frontend.tcp.keepalive
keepalive defines settings for enabling TCP keepalives on the connection.
Documentation References (1)
spec.frontend.tcp.keepalive.interval
interval specifies the number of seconds between keep-alive probes.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
interval must be at least 1 second
Documentation References (1)
spec.frontend.tcp.keepalive.retries
retries specifies the maximum number of keep-alive probes to send before dropping the connection.
If unset, this defaults to 9.
If unset, this defaults to 9.
Validation
Formatint32
Minimum1
Maximum64
Documentation References (1)
spec.frontend.tcp.keepalive.time
time specifies the number of seconds a connection needs to be idle before keep-alive probes start being sent.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
time must be at least 1 second
Documentation References (1)
spec.frontend.tls
tls defines settings on managing incoming TLS connections.
Validation
Rule
at least one of the fields in [alpnProtocols cipherSuites handshakeTimeout maxProtocolVersion minProtocolVersion] must be set
Documentation References (1)
spec.frontend.tls.alpnProtocols
alpnProtocols sets the Application-Layer Protocol Negotiation (ALPN)value to use in the TLS handshake.
If not present, defaults to
["h2", "http/1.1"].Validation
Min items1
Max items16
Documentation References (1)
spec.frontend.tls.cipherSuites
CipherSuites configures the list of cipher suites for a TLS listener.
The value is a comma-separated list of cipher suites, for example
Use this in the TLS options field of a TLS listener.
The value is a comma-separated list of cipher suites, for example
TLS13_AES_256_GCM_SHA384,TLS13_AES_128_GCM_SHA256.Use this in the TLS options field of a TLS listener.
Documentation References (1)
spec.frontend.tls.handshakeTimeout
handshakeTimeout specifies the deadline for a TLS handshake tocomplete. If unset, this defaults to
15s.Validation
Rule
invalid duration value
Rule
handshakeTimeout must be at least 100ms
Documentation References (1)
spec.frontend.tls.maxProtocolVersion
MaxTLSVersion configures the maximum TLS version to support.
Validation
Enum1.2, 1.3
Documentation References (1)
spec.frontend.tls.minProtocolVersion
MinTLSVersion configures the minimum TLS version to support.
Validation
Enum1.2, 1.3
Documentation References (1)
spec.frontend.tracing
tracing contains various settings for the OpenTelemetry tracer.Validation
Rule
path is only valid with protocol HTTP
Rule
path must start with /
Documentation References (1)
spec.frontend.tracing.attributes
attributes specifies customizations to the key-value pairs that areincluded in the trace.
Validation
Rule
at least one of the fields in [add remove] must be set
Documentation References (1)
spec.frontend.tracing.attributes.add
add specifies additional key-value pairs to be added to each entry.The value is a CEL expression. If the CEL expression fails to evaluate,
the pair will be excluded.
Validation
Min items1
Documentation References (1)
spec.frontend.tracing.attributes.add.expression
CELExpression represents a Common Expression Language (CEL) expression.
Validation
Min length1
Max length16384
Documentation References (1)
spec.frontend.tracing.attributes.add.name
No description for this field.
Validation
Min length1
Max length256
Documentation References (1)
spec.frontend.tracing.attributes.remove
remove lists the default fields that should be removed. For example,http.method.Validation
Min items1
Max items32
spec.frontend.tracing.backendRef
backendRef references the OTLP server to reach.Supported types:
Service and AgentgatewayBackend.Validation
Rule
Must have port for Service reference
Documentation References (1)
spec.frontend.tracing.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.frontend.tracing.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.frontend.tracing.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
Documentation References (1)
spec.frontend.tracing.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
Documentation References (1)
spec.frontend.tracing.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
Documentation References (1)
spec.frontend.tracing.clientSampling
clientSampling is an expression to determine the amount of clientsampling. Client sampling determines whether to initiate a new trace
span if the incoming request does have a trace already. This should
evaluate to a float between
0.0 and 1.0, or a boolean (true orfalse). If unspecified, client sampling is 100% enabled.Validation
Min length1
Max length16384
Documentation References (1)
spec.frontend.tracing.path
path specifies the OTLP path to use. This is only applicable whenprotocol is HTTP. If unset, this defaults to /v1/traces.Validation
Min length1
Max length1024
spec.frontend.tracing.protocol
protocol specifies the OTLP protocol variant to use.Validation
EnumHTTP, GRPC
DefaultGRPC
Documentation References (1)
spec.frontend.tracing.randomSampling
randomSampling is an expression to determine the amount of randomsampling. Random sampling will initiate a new trace span if the incoming
request does not have a trace initiated already. This should evaluate to
a float between
0.0 and 1.0, or a boolean (true or false). Ifunspecified, random sampling is disabled.
Validation
Min length1
Max length16384
Documentation References (1)
spec.frontend.tracing.resources
resources describes the entity producing telemetry and specifies theresources to be included in the trace.
Documentation References (1)
spec.frontend.tracing.resources.expression
CELExpression represents a Common Expression Language (CEL) expression.
Validation
Min length1
Max length16384
Documentation References (1)
spec.frontend.tracing.resources.name
No description for this field.
Validation
Min length1
Max length256
Documentation References (1)
spec.targetRefs
targetRefs specifies the target resources by reference to attach thepolicy to.
Validation
Min items1
Max items16
List typeatomic
Rule
targetRefs may only reference Gateway, HTTPRoute, GRPCRoute, ListenerSet, Service, or AgentgatewayBackend resources
Rule
Only one Kind of targetRef can be set on one policy
spec.targetRefs.group
The API group of the target resource.
For Kubernetes Gateway API resources, the group is
For Kubernetes Gateway API resources, the group is
gateway.networking.k8s.io.Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.targetRefs.kind
The API kind of the target resource, such as
Gateway or HTTPRoute.Validation
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.targetRefs.name
The name of the target resource.
Validation
Min length1
Max length253
spec.targetRefs.sectionName
The section name of the target resource.
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Min length1
Max length253
spec.targetSelectors
targetSelectors specifies the target selectors used to select resourcesto attach the policy to.
Validation
Min items1
Max items16
Rule
targetRefs may only reference Gateway, HTTPRoute, GRPCRoute, ListenerSet, Service, or AgentgatewayBackend resources
Rule
Only one Kind of targetRef can be set on one policy
spec.targetSelectors.group
The API group of the target resource.
For Kubernetes Gateway API resources, the group is
For Kubernetes Gateway API resources, the group is
gateway.networking.k8s.io.Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.targetSelectors.kind
The API kind of the target resource, such as
Gateway or HTTPRoute.Validation
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.targetSelectors.matchLabels
Label selector to select the target resource.
spec.targetSelectors.sectionName
The section name of the target resource.
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Min length1
Max length253
spec.traffic
traffic defines settings for how process traffic.
A traffic policy can target a
(optionally, with a
Gateway (optionally, with asectionName indicating the listener), ListenerSet, or Route(optionally, with a
sectionName indicating the route rule).When multiple policies are selected for a given request, they are merged on a field-level basis, but not a deep
merge. Precedence is given to more precise policies:
policy would be
merge. Precedence is given to more precise policies:
Gateway <Listener < Route < Route Rule. For example, policy A setstimeouts and retries, and policy B sets retries; the effectivepolicy would be
timeouts from policy A, and retries from policy B.Validation
Rule
phase PreRouting only supports extAuth, transformation, extProc, jwtAuthentication, basicAuthentication, and apiKeyAuthentication
Documentation References (40)
spec.traffic.apiKeyAuthentication
apiKeyAuthentication authenticates users based on a configured APIkey.
Validation
Rule
exactly one of the fields in [secretRef secretSelector] must be set
Documentation References (1)
spec.traffic.apiKeyAuthentication.location
location controls where API keys are read from.If omitted, credentials are read from the
Authorization header with the Bearer prefix.Validation
Rule
exactly one of the fields in [header queryParameter cookie] must be set
spec.traffic.apiKeyAuthentication.location.cookie
No description for this field.
spec.traffic.apiKeyAuthentication.location.cookie.name
No description for this field.
Validation
Min length1
Max length256
spec.traffic.apiKeyAuthentication.location.header
No description for this field.
spec.traffic.apiKeyAuthentication.location.header.name
HTTPHeaderName is the name of an HTTP header.
Valid values include:
* "Authorization"
* "Set-Cookie"
* "Set-Cookie"
Invalid values include:
- ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.traffic.apiKeyAuthentication.location.header.prefix
No description for this field.
Validation
Min length1
Max length256
spec.traffic.apiKeyAuthentication.location.queryParameter
No description for this field.
spec.traffic.apiKeyAuthentication.location.queryParameter.name
No description for this field.
Validation
Min length1
Max length256
spec.traffic.apiKeyAuthentication.mode
mode is the validation mode for API key authentication.Validation
EnumStrict, Optional
DefaultStrict
Documentation References (1)
spec.traffic.apiKeyAuthentication.secretRef
secretRef references a Kubernetes Secret storing a set of API keys.If there are many keys,
secretSelector can be used instead.Each entry in the
arbitrary identifier. The value can either be:
* A string representing the API key.
* A JSON object with two fields,
the API key.
with the key, which may be used by other policies. For example, you
may write an authorization policy allowing
Secret represents one API key. The key is anarbitrary identifier. The value can either be:
* A string representing the API key.
* A JSON object with two fields,
key and metadata. key containsthe API key.
metadata contains arbitrary JSON metadata associatedwith the key, which may be used by other policies. For example, you
may write an authorization policy allowing
apiKey.group == 'sales'.Example:
apiVersion: v1
kind: Secret
metadata:
name: api-key
stringData:
client1: |
{
"key": "k-123",
"metadata": {
"group": "sales",
"created_at": "2024-10-01T12:00:00Z"
}
}
client2: "k-456"Validation
Map typeatomic
Documentation References (1)
spec.traffic.apiKeyAuthentication.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Documentation References (1)
spec.traffic.apiKeyAuthentication.secretSelector
secretSelector selects multiple Secret resources containing APIkeys. If the same key is defined in multiple secrets, the behavior is
undefined.
Each entry in the
arbitrary identifier. The value can either be:
* A string representing the API key.
* A JSON object with two fields,
the API key.
with the key, which may be used by other policies. For example, you
may write an authorization policy allowing
Secret represents one API key. The key is anarbitrary identifier. The value can either be:
* A string representing the API key.
* A JSON object with two fields,
key and metadata. key containsthe API key.
metadata contains arbitrary JSON metadata associatedwith the key, which may be used by other policies. For example, you
may write an authorization policy allowing
apiKey.group == 'sales'.Example:
apiVersion: v1
kind: Secret
metadata:
name: api-key
stringData:
client1: |
{
"key": "k-123",
"metadata": {
"group": "sales",
"created_at": "2024-10-01T12:00:00Z"
}
}
client2: "k-456"Documentation References (1)
spec.traffic.apiKeyAuthentication.secretSelector.matchLabels
Label selector to select the target resource.
Documentation References (1)
spec.traffic.authorization
authorization specifies the access rules based on roles andpermissions.
If multiple authorization rules are applied across different policies (at the same, or different, attahcment points),
all rules are merged.
Documentation References (2)
spec.traffic.authorization.action
action defines whether the rule allows, denies, or requires the request ifmatched. If unspecified, the default is
Allow.Require policies are conjunctive across merged policies: all require policies must match.
Validation
EnumAllow, Deny, Require
DefaultAllow
Documentation References (2)
spec.traffic.authorization.policy
policy specifies the authorization rule to evaluate.* For
* For
* For
considered to match, making this a risky policy; prefer to use
Allow rules: any policy allows the request.* For
Require rules: all policies must match for the request to be allowed.* For
Deny rules: any matching policy denies the request. Note: a CEL expression that fails to evaluate is notconsidered to match, making this a risky policy; prefer to use
Require.The presence of at least one
With no rules, all requires are allowed.
Allow rule triggers a deny-by-default policy, requiring at least 1 match to allow.With no rules, all requires are allowed.
Documentation References (2)
spec.traffic.authorization.policy.matchExpressions
MatchExpressions defines a set of conditions that must be satisfied for the rule to match.
These expressions should be in the form of a Common Expression Language
(
These expressions should be in the form of a Common Expression Language
(
CEL) expression.Validation
Min items1
Max items256
Documentation References (2)
spec.traffic.basicAuthentication
basicAuthentication authenticates users based on the Basicauthentication scheme (RFC 7617), where a username and password are
encoded in the request.
Validation
Rule
exactly one of the fields in [users secretRef] must be set
spec.traffic.basicAuthentication.location
location controls where Basic credentials are read from.If omitted, credentials are read from the
Authorization header with the Basic prefix.Validation
Rule
exactly one of the fields in [header queryParameter cookie] must be set
spec.traffic.basicAuthentication.location.cookie
No description for this field.
spec.traffic.basicAuthentication.location.cookie.name
No description for this field.
Validation
Min length1
Max length256
spec.traffic.basicAuthentication.location.header
No description for this field.
spec.traffic.basicAuthentication.location.header.name
HTTPHeaderName is the name of an HTTP header.
Valid values include:
* "Authorization"
* "Set-Cookie"
* "Set-Cookie"
Invalid values include:
- ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.traffic.basicAuthentication.location.header.prefix
No description for this field.
Validation
Min length1
Max length256
spec.traffic.basicAuthentication.location.queryParameter
No description for this field.
spec.traffic.basicAuthentication.location.queryParameter.name
No description for this field.
Validation
Min length1
Max length256
spec.traffic.basicAuthentication.mode
mode is the validation mode for basic auth authentication.Validation
EnumStrict, Optional
DefaultStrict
spec.traffic.basicAuthentication.realm
realm specifies the realm to return in the WWW-Authenticateheader for failed authentication requests. If unset,
Restricted willbe used.
spec.traffic.basicAuthentication.secretRef
secretRef references a Kubernetes Secret storing the .htaccessfile. The
Secret must have a key named .htaccess, and should containthe complete
.htaccess file.Note: passwords should be the hash of the password, not the raw password. Use the
to generate a hash. MD5, bcrypt, crypt, and SHA-1 are supported.
htpasswd or similar commandsto generate a hash. MD5, bcrypt, crypt, and SHA-1 are supported.
Example:
apiVersion: v1
kind: Secret
metadata:
name: basic-auth
stringData:
.htaccess: |
alice:$apr1$3zSE0Abt$IuETi4l5yO87MuOrbSE4V.
bob:$apr1$Ukb5LgRD$EPY2lIfY.A54jzLELNIId/Validation
Map typeatomic
spec.traffic.basicAuthentication.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.traffic.basicAuthentication.users
users provides an inline list of username and password pairs that willbe accepted. Each entry represents one line of the
htpasswd format:https://httpd.apache.org/docs/2.4/programs/htpasswd.html.
Note: passwords should be the hash of the password, not the raw password. Use the
to generate a hash. MD5, bcrypt, crypt, and SHA-1 are supported.
htpasswd or similar commandsto generate a hash. MD5, bcrypt, crypt, and SHA-1 are supported.
Example:
users:
- "user1:$apr1$ivPt0D4C$DmRhnewfHRSrb3DQC.WHC."
- "user2:$2y$05$r3J4d3VepzFkedkd/q1vI.pBYIpSqjfN0qOARV3ScUHysatnS0cL2"Validation
Min items1
Max items256
spec.traffic.cors
cors specifies the CORS configuration for the policy.
Validation
Preserve unknown fieldstrue
Documentation References (1)
spec.traffic.cors.allowCredentials
AllowCredentials indicates whether the actual cross-origin request allows
to include credentials.
to include credentials.
When set to true, the gateway will include the
response header with value true (case-sensitive).
Access-Control-Allow-Credentialsresponse header with value true (case-sensitive).
When set to false or omitted the gateway will omit the header
behavior).
Access-Control-Allow-Credentials entirely (this is the standard CORSbehavior).
Support: Extended
spec.traffic.cors.allowHeaders
AllowHeaders indicates which HTTP request headers are supported for
accessing the requested resource.
accessing the requested resource.
Header names are not case-sensitive.
Multiple header names in the value of the
response header are separated by a comma (",").
Access-Control-Allow-Headersresponse header are separated by a comma (",").
When the
gateway must return the
which value is present in the
AllowHeaders field is configured with one or more headers, thegateway must return the
Access-Control-Allow-Headers response headerwhich value is present in the
AllowHeaders field.If any header name in the
is not included in the list of header names specified by the response
header
client side.
Access-Control-Request-Headers request headeris not included in the list of header names specified by the response
header
Access-Control-Allow-Headers, it will present an error on theclient side.
If any header name in the
does not recognize by the client, it will also occur an error on the
client side.
Access-Control-Allow-Headers response headerdoes not recognize by the client, it will also occur an error on the
client side.
A wildcard indicates that the requests with all HTTP headers are allowed.
If config contains the wildcard "*" in allowHeaders and the request is
not credentialed, the
can either use the
Access-Control-Request-Headers from the request.
If config contains the wildcard "*" in allowHeaders and the request is
not credentialed, the
Access-Control-Allow-Headers response headercan either use the
* wildcard or the value ofAccess-Control-Request-Headers from the request.
When the request is credentialed, the gateway must not specify the
wildcard in the
also the
is specified with the
HTTP headers in the value of the
header. The value of the header
the
the header
request, the gateway will omit the
response header, instead of specifying the
*wildcard in the
Access-Control-Allow-Headers response header. Whenalso the
AllowCredentials field is true and AllowHeaders fieldis specified with the
* wildcard, the gateway must specify one or moreHTTP headers in the value of the
Access-Control-Allow-Headers responseheader. The value of the header
Access-Control-Allow-Headers is same asthe
Access-Control-Request-Headers header provided by the client. Ifthe header
Access-Control-Request-Headers is not included in therequest, the gateway will omit the
Access-Control-Allow-Headersresponse header, instead of specifying the
* wildcard.Support: Extended
Validation
Max items64
List typeset
Rule
AllowHeaders cannot contain '*' alongside other methods
Documentation References (1)
spec.traffic.cors.allowMethods
AllowMethods indicates which HTTP methods are supported for accessing the
requested resource.
requested resource.
Valid values are any method defined by RFC9110, along with the special
value
value
*, which represents all HTTP methods are allowed.Method names are case-sensitive, so these values are also case-sensitive.
(See https://www.rfc-editor.org/rfc/rfc2616#section-5.1.1)
(See https://www.rfc-editor.org/rfc/rfc2616#section-5.1.1)
Multiple method names in the value of the
response header are separated by a comma (",").
Access-Control-Allow-Methodsresponse header are separated by a comma (",").
A CORS-safelisted method is a method that is
(See https://fetch.spec.whatwg.org/#cors-safelisted-method) The
CORS-safelisted methods are always allowed, regardless of whether they
are specified in the
GET, HEAD, or POST.(See https://fetch.spec.whatwg.org/#cors-safelisted-method) The
CORS-safelisted methods are always allowed, regardless of whether they
are specified in the
AllowMethods field.When the
gateway must return the
which value is present in the
AllowMethods field is configured with one or more methods, thegateway must return the
Access-Control-Allow-Methods response headerwhich value is present in the
AllowMethods field.If the HTTP method of the
is not included in the list of methods specified by the response header
side.
Access-Control-Request-Method request headeris not included in the list of methods specified by the response header
Access-Control-Allow-Methods, it will present an error on the clientside.
If config contains the wildcard "*" in allowMethods and the request is
not credentialed, the
can either use the
Access-Control-Request-Method from the request.
not credentialed, the
Access-Control-Allow-Methods response headercan either use the
* wildcard or the value ofAccess-Control-Request-Method from the request.
When the request is credentialed, the gateway must not specify the
wildcard in the
also the
specified with the
in the value of the Access-Control-Allow-Methods response header. The
value of the header
header
the gateway will omit the
instead of specifying the
*wildcard in the
Access-Control-Allow-Methods response header. Whenalso the
AllowCredentials field is true and AllowMethods fieldspecified with the
* wildcard, the gateway must specify one HTTP methodin the value of the Access-Control-Allow-Methods response header. The
value of the header
Access-Control-Allow-Methods is same as theAccess-Control-Request-Method header provided by the client. If theheader
Access-Control-Request-Method is not included in the request,the gateway will omit the
Access-Control-Allow-Methods response header,instead of specifying the
* wildcard.Support: Extended
Validation
Max items9
List typeset
Rule
AllowMethods cannot contain '*' alongside other methods
Documentation References (1)
spec.traffic.cors.allowOrigins
AllowOrigins indicates whether the response can be shared with requested
resource from the given
resource from the given
Origin.The
takes the form
Origin consists of a scheme and a host, with an optional port, andtakes the form
<scheme>://<host>(:<port>).Valid values for scheme are:
http and https.Valid values for port are any integer between 1 and 65535 (the list of
available TCP/UDP ports). Note that, if not included, port
assumed for
origins. This may affect origin matching.
available TCP/UDP ports). Note that, if not included, port
80 isassumed for
http scheme origins, and port 443 is assumed for httpsorigins. This may affect origin matching.
The host part of the origin may contain the wildcard character
wildcard characters behave as follows:
*. Thesewildcard characters behave as follows:
*
DNS labels to the left of its position. This also means that
left of its position.
* A wildcard by itself matches all hosts.
* is a greedy match to the _left_, including any number ofDNS labels to the left of its position. This also means that
* will include any number of period . characters to theleft of its position.
* A wildcard by itself matches all hosts.
An origin value that includes _only_ the
from all
* character indicates requestsfrom all
Origins are allowed.When the
means the server supports clients from multiple origins. If the request
the given
client.
AllowOrigins field is configured with multiple origins, itmeans the server supports clients from multiple origins. If the request
Origin matches the configured allowed origins, the gateway must returnthe given
Origin and sets value of the headerAccess-Control-Allow-Origin same as the Origin header provided by theclient.
The status code of a successful response to a "preflight" request is
always an OK status (i.e., 204 or 200).
always an OK status (i.e., 204 or 200).
If the request
the gateway returns 204/200 response but doesn't set the relevant
cross-origin response headers. Alternatively, the gateway responds with
403 status to the "preflight" request is denied, coupled with omitting
the CORS headers. The cross-origin request fails on the client side.
Therefore, the client doesn't attempt the actual cross-origin request.
Origin does not match the configured allowed origins,the gateway returns 204/200 response but doesn't set the relevant
cross-origin response headers. Alternatively, the gateway responds with
403 status to the "preflight" request is denied, coupled with omitting
the CORS headers. The cross-origin request fails on the client side.
Therefore, the client doesn't attempt the actual cross-origin request.
Conversely, if the request
allowed origins, the gateway sets the response header
header provided by the client.
Origin matches one of the configuredallowed origins, the gateway sets the response header
Access-Control-Allow-Origin to the same value as the Originheader provided by the client.
When config has the wildcard ("*") in allowOrigins, and the request
is not credentialed (e.g., it is a preflight request), the
wildcard as well or the Origin from the request.
is not credentialed (e.g., it is a preflight request), the
Access-Control-Allow-Origin response header either contains thewildcard as well or the Origin from the request.
When the request is credentialed, the gateway must not specify the
wildcard in the
also the
specified with the
in the value of the
instead of specifying the
the client.
*wildcard in the
Access-Control-Allow-Origin response header. Whenalso the
AllowCredentials field is true and AllowOrigins fieldspecified with the
* wildcard, the gateway must return a single originin the value of the
Access-Control-Allow-Origin response header,instead of specifying the
* wildcard. The value of the headerAccess-Control-Allow-Origin is same as the Origin header provided bythe client.
Support: Extended
Validation
Max items64
List typeset
Rule
AllowOrigins cannot contain '*' alongside other origins
Documentation References (1)
spec.traffic.cors.exposeHeaders
ExposeHeaders indicates which HTTP response headers can be exposed
to client-side scripts in response to a cross-origin request.
to client-side scripts in response to a cross-origin request.
A CORS-safelisted response header is an HTTP header in a CORS response
that it is considered safe to expose to the client scripts.
The CORS-safelisted response headers include the following headers:
(See https://fetch.spec.whatwg.org/#cors-safelisted-response-header-name)
The CORS-safelisted response headers are exposed to client by default.
that it is considered safe to expose to the client scripts.
The CORS-safelisted response headers include the following headers:
Cache-ControlContent-LanguageContent-LengthContent-TypeExpiresLast-ModifiedPragma(See https://fetch.spec.whatwg.org/#cors-safelisted-response-header-name)
The CORS-safelisted response headers are exposed to client by default.
When an HTTP header name is specified using the
this additional header will be exposed as part of the response to the
client.
ExposeHeaders field,this additional header will be exposed as part of the response to the
client.
Header names are not case-sensitive.
Multiple header names in the value of the
response header are separated by a comma (",").
Access-Control-Expose-Headersresponse header are separated by a comma (",").
A wildcard indicates that the responses with all HTTP headers are exposed
to clients. The
use
to clients. The
Access-Control-Expose-Headers response header can onlyuse
* wildcard as value when the request is not credentialed.When the
the request is credentialed, the gateway cannot use the
the
exposeHeaders config field contains the "*" wildcard andthe request is credentialed, the gateway cannot use the
* wildcard inthe
Access-Control-Expose-Headers response header.Support: Extended
Validation
Max items64
List typeset
spec.traffic.cors.maxAge
MaxAge indicates the duration (in seconds) for the client to cache the
results of a "preflight" request.
results of a "preflight" request.
The information provided by the
client until the time specified by
Access-Control-Allow-Methods andAccess-Control-Allow-Headers response headers can be cached by theclient until the time specified by
Access-Control-Max-Age elapses.The default value of
(seconds).
Access-Control-Max-Age response header is 5(seconds).
When the
header "Access-Control-Max-Age: 5" by default.
MaxAge field is unspecified, the gateway sets the responseheader "Access-Control-Max-Age: 5" by default.
Validation
Default5
Formatint32
Minimum1
Documentation References (1)
spec.traffic.csrf
csrf specifies the Cross-Site Request Forgery (CSRF) policy for this traffic policy.
The CSRF policy has the following behavior:
* Safe methods (
* Requests without
be same-origin or non-browser requests and are allowed.
* Otherwise, the
comparing the
* Safe methods (
GET, HEAD, OPTIONS) are automatically allowed.* Requests without
Sec-Fetch-Site or Origin headers are assumed tobe same-origin or non-browser requests and are allowed.
* Otherwise, the
Sec-Fetch-Site header is checked, with a fallback tocomparing the
Origin header to the Host header.Documentation References (1)
spec.traffic.csrf.additionalOrigins
additionalOrigins specifies additional source origins that will beallowed in addition to the destination origin. The
Origin consists ofa scheme and a host, with an optional port, and takes the form
<scheme>://<host>(:<port>).Validation
Min items1
Max items16
Documentation References (1)
spec.traffic.directResponse
directResponse configures the policy to send a direct response to theclient.
Documentation References (1)
spec.traffic.directResponse.body
Body defines the content to be returned in the HTTP response body.
The maximum length of the body is restricted to prevent excessively large responses.
If this field is omitted, no body is included in the response.
The maximum length of the body is restricted to prevent excessively large responses.
If this field is omitted, no body is included in the response.
Validation
Min length1
Max length4096
Documentation References (1)
spec.traffic.directResponse.status
StatusCode defines the HTTP status code to return for this route.
Validation
Formatint32
Minimum200
Maximum599
Documentation References (1)
spec.traffic.extAuth
extAuth specifies the external authentication configuration for the policy.
This controls what external server to send requests to for authentication.
This controls what external server to send requests to for authentication.
Validation
Rule
exactly one of the fields in [grpc http] must be set
Documentation References (2)
spec.traffic.extAuth.backendRef
backendRef references the External Authorization server to reach.Supported types:
Service and Backend.Validation
Rule
Must have port for Service reference
Documentation References (2)
spec.traffic.extAuth.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.traffic.extAuth.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.traffic.extAuth.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
Documentation References (2)
spec.traffic.extAuth.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
Documentation References (2)
spec.traffic.extAuth.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
Documentation References (2)
spec.traffic.extAuth.failureMode
FailureMode controls behavior when the external authorization service is
unavailable or returns an error. "FailOpen" allows the request to continue.
"FailClosed" (default) denies the request.
unavailable or returns an error. "FailOpen" allows the request to continue.
"FailClosed" (default) denies the request.
Validation
EnumFailOpen, FailClosed
spec.traffic.extAuth.forwardBody
forwardBody configures whether to include the HTTP body in the request.If enabled, the request body will be buffered.
spec.traffic.extAuth.forwardBody.maxSize
maxSize specifies, in bytes, the largest body that will be bufferedand sent to the authorization server. If the body size is larger than
maxSize, then the request will be rejected with a response.Validation
Formatint32
Minimum1
spec.traffic.extAuth.grpc
grpc specifies that the gRPC External Authorization
[protocol](https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/auth/v3/external_auth.proto) should be used.
[protocol](https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/auth/v3/external_auth.proto) should be used.
Documentation References (1)
spec.traffic.extAuth.grpc.contextExtensions
contextExtensions specifies additional arbitrary key-value pairs tosend to the authorization server in the
context_extensions field.Validation
Max properties64
spec.traffic.extAuth.grpc.requestMetadata
requestMetadata specifies metadata to be sent to the authorizationserver. This maps to the
metadata_context.filter_metadata field of therequest, and allows dynamic CEL expressions. If unset, by default the
envoy.filters.http.jwt_authn key is set if the JWT policy is used aswell, for compatibility.
Validation
Max properties64
spec.traffic.extAuth.http
http specifies that the HTTP protocol should be used for connecting tothe authorization server. The authorization server must return a
200status code, otherwise the request is considered an authorization
failure.
Documentation References (1)
spec.traffic.extAuth.http.addRequestHeaders
addRequestHeaders specifies what additional headers to add to therequest to the authorization server. While
allowedRequestHeaders justpasses the original headers through,
addRequestHeaders allows definingcustom headers based on CEL expressions.
Validation
Max properties64
spec.traffic.extAuth.http.allowedRequestHeaders
allowedRequestHeaders specifies what additional headers from the client requestwill be sent to the authorization server.
If unset, the following headers are sent by default:
Authorization.Validation
Max items64
spec.traffic.extAuth.http.allowedResponseHeaders
allowedResponseHeaders specifies what headers from the authorization responsewill be copied into the request to the backend.
Validation
Max items64
Documentation References (1)
spec.traffic.extAuth.http.path
path specifies the path to send to the authorization server. Ifunset, this defaults to the original request path.
This is a CEL expression, which allows customizing the path based on the
incoming request. For example, to add a prefix, use
"/prefix/" + request.path.Validation
Min length1
Max length16384
Documentation References (1)
spec.traffic.extAuth.http.redirect
redirect defines an optional expression to determine a path toredirect to on authorization failure. This is useful to redirect to a
sign-in page.
Validation
Min length1
Max length16384
spec.traffic.extAuth.http.responseMetadata
responseMetadata specifies what metadata fields should be constructedfrom the authorization response. These will be included under the
extauthz variable in future CEL expressions. Setting this is usefulfor things like logging usernames, without needing to include them as
headers to the backend, as
allowedResponseHeaders would.Validation
Max properties64
spec.traffic.extProc
extProc specifies the external processing configuration for the policy.
Documentation References (1)
spec.traffic.extProc.backendRef
backendRef references the External Processor server to reach.Supported types:
Service and Backend.Validation
Rule
Must have port for Service reference
Documentation References (1)
spec.traffic.extProc.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.traffic.extProc.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.traffic.extProc.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
Documentation References (1)
spec.traffic.extProc.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
Documentation References (1)
spec.traffic.extProc.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
Documentation References (1)
spec.traffic.headerModifiers
headerModifiers defines the policy to modify request and response headers.
Validation
Rule
at least one of the fields in [request response] must be set
spec.traffic.headerModifiers.request
Request modifies request headers.
spec.traffic.headerModifiers.request.add
Add adds the given header(s) (name, value) to the request
before the action. It appends to any existing values associated
with the header name.
before the action. It appends to any existing values associated
with the header name.
Input:
GET /foo HTTP/1.1
my-header: foo
GET /foo HTTP/1.1
my-header: foo
Config:
add:
- name: "my-header"
value: "bar,baz"
add:
- name: "my-header"
value: "bar,baz"
Output:
GET /foo HTTP/1.1
my-header: foo,bar,baz
GET /foo HTTP/1.1
my-header: foo,bar,baz
Validation
Max items16
List typemap
List map keysname
spec.traffic.headerModifiers.request.add.name
Name is the name of the HTTP Header to be matched. Name matching MUST be
case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
If multiple entries specify equivalent header names, the first entry with
an equivalent name MUST be considered for a match. Subsequent entries
with an equivalent header name MUST be ignored. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered
equivalent.
an equivalent name MUST be considered for a match. Subsequent entries
with an equivalent header name MUST be ignored. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered
equivalent.
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.traffic.headerModifiers.request.add.value
Value is the value of HTTP Header to be matched.
<gateway:experimental:description>
Must consist of printable US-ASCII characters, optionally separated
by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2
</gateway:experimental:description>
<gateway:experimental:description>
Must consist of printable US-ASCII characters, optionally separated
by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2
</gateway:experimental:description>
<gateway:experimental:validation:Pattern=
^[!-~]+([\t ]?[!-~]+)*$>Validation
Min length1
Max length4096
spec.traffic.headerModifiers.request.remove
Remove the given header(s) from the HTTP request before the action. The
value of Remove is a list of HTTP header names. Note that the header
names are case-insensitive (see
https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
value of Remove is a list of HTTP header names. Note that the header
names are case-insensitive (see
https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
Input:
GET /foo HTTP/1.1
my-header1: foo
my-header2: bar
my-header3: baz
GET /foo HTTP/1.1
my-header1: foo
my-header2: bar
my-header3: baz
Config:
remove: ["my-header1", "my-header3"]
remove: ["my-header1", "my-header3"]
Output:
GET /foo HTTP/1.1
my-header2: bar
GET /foo HTTP/1.1
my-header2: bar
Validation
Max items16
List typeset
spec.traffic.headerModifiers.request.set
Set overwrites the request with the given header (name, value)
before the action.
before the action.
Input:
GET /foo HTTP/1.1
my-header: foo
GET /foo HTTP/1.1
my-header: foo
Config:
set:
- name: "my-header"
value: "bar"
set:
- name: "my-header"
value: "bar"
Output:
GET /foo HTTP/1.1
my-header: bar
GET /foo HTTP/1.1
my-header: bar
Validation
Max items16
List typemap
List map keysname
spec.traffic.headerModifiers.request.set.name
Name is the name of the HTTP Header to be matched. Name matching MUST be
case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
If multiple entries specify equivalent header names, the first entry with
an equivalent name MUST be considered for a match. Subsequent entries
with an equivalent header name MUST be ignored. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered
equivalent.
an equivalent name MUST be considered for a match. Subsequent entries
with an equivalent header name MUST be ignored. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered
equivalent.
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.traffic.headerModifiers.request.set.value
Value is the value of HTTP Header to be matched.
<gateway:experimental:description>
Must consist of printable US-ASCII characters, optionally separated
by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2
</gateway:experimental:description>
<gateway:experimental:description>
Must consist of printable US-ASCII characters, optionally separated
by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2
</gateway:experimental:description>
<gateway:experimental:validation:Pattern=
^[!-~]+([\t ]?[!-~]+)*$>Validation
Min length1
Max length4096
spec.traffic.headerModifiers.response
Response modifies response headers.
spec.traffic.headerModifiers.response.add
Add adds the given header(s) (name, value) to the request
before the action. It appends to any existing values associated
with the header name.
before the action. It appends to any existing values associated
with the header name.
Input:
GET /foo HTTP/1.1
my-header: foo
GET /foo HTTP/1.1
my-header: foo
Config:
add:
- name: "my-header"
value: "bar,baz"
add:
- name: "my-header"
value: "bar,baz"
Output:
GET /foo HTTP/1.1
my-header: foo,bar,baz
GET /foo HTTP/1.1
my-header: foo,bar,baz
Validation
Max items16
List typemap
List map keysname
spec.traffic.headerModifiers.response.add.name
Name is the name of the HTTP Header to be matched. Name matching MUST be
case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
If multiple entries specify equivalent header names, the first entry with
an equivalent name MUST be considered for a match. Subsequent entries
with an equivalent header name MUST be ignored. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered
equivalent.
an equivalent name MUST be considered for a match. Subsequent entries
with an equivalent header name MUST be ignored. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered
equivalent.
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.traffic.headerModifiers.response.add.value
Value is the value of HTTP Header to be matched.
<gateway:experimental:description>
Must consist of printable US-ASCII characters, optionally separated
by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2
</gateway:experimental:description>
<gateway:experimental:description>
Must consist of printable US-ASCII characters, optionally separated
by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2
</gateway:experimental:description>
<gateway:experimental:validation:Pattern=
^[!-~]+([\t ]?[!-~]+)*$>Validation
Min length1
Max length4096
spec.traffic.headerModifiers.response.remove
Remove the given header(s) from the HTTP request before the action. The
value of Remove is a list of HTTP header names. Note that the header
names are case-insensitive (see
https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
value of Remove is a list of HTTP header names. Note that the header
names are case-insensitive (see
https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
Input:
GET /foo HTTP/1.1
my-header1: foo
my-header2: bar
my-header3: baz
GET /foo HTTP/1.1
my-header1: foo
my-header2: bar
my-header3: baz
Config:
remove: ["my-header1", "my-header3"]
remove: ["my-header1", "my-header3"]
Output:
GET /foo HTTP/1.1
my-header2: bar
GET /foo HTTP/1.1
my-header2: bar
Validation
Max items16
List typeset
spec.traffic.headerModifiers.response.set
Set overwrites the request with the given header (name, value)
before the action.
before the action.
Input:
GET /foo HTTP/1.1
my-header: foo
GET /foo HTTP/1.1
my-header: foo
Config:
set:
- name: "my-header"
value: "bar"
set:
- name: "my-header"
value: "bar"
Output:
GET /foo HTTP/1.1
my-header: bar
GET /foo HTTP/1.1
my-header: bar
Validation
Max items16
List typemap
List map keysname
spec.traffic.headerModifiers.response.set.name
Name is the name of the HTTP Header to be matched. Name matching MUST be
case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
If multiple entries specify equivalent header names, the first entry with
an equivalent name MUST be considered for a match. Subsequent entries
with an equivalent header name MUST be ignored. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered
equivalent.
an equivalent name MUST be considered for a match. Subsequent entries
with an equivalent header name MUST be ignored. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered
equivalent.
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.traffic.headerModifiers.response.set.value
Value is the value of HTTP Header to be matched.
<gateway:experimental:description>
Must consist of printable US-ASCII characters, optionally separated
by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2
</gateway:experimental:description>
<gateway:experimental:description>
Must consist of printable US-ASCII characters, optionally separated
by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2
</gateway:experimental:description>
<gateway:experimental:validation:Pattern=
^[!-~]+([\t ]?[!-~]+)*$>Validation
Min length1
Max length4096
spec.traffic.hostRewrite
hostRewrite specifies how to rewrite the Host header for requests.If the
this setting is ignored.
HTTPRoute urlRewrite filter already specifies a host rewrite,this setting is ignored.
spec.traffic.hostRewrite.mode
mode sets the hostname rewrite mode.The following may be specified:
*
*
will be passed through.
*
Auto: automatically set the Host header based on the destination.*
None: do not rewrite the Host header. The original Host headerwill be passed through.
This setting defaults to
backends.
Auto when connecting to hostname-basedBackend types, and None otherwise, for Service or IP-basedbackends.
Validation
EnumAuto, None
spec.traffic.jwtAuthentication
jwtAuthentication authenticates users based on JWT tokens.Validation
Rule
jwtAuthentication.mcp requires exactly one provider
Rule
jwtAuthentication.mcp requires mode Strict
Documentation References (5)
spec.traffic.jwtAuthentication.location
location controls where JWT credentials are read from.If omitted, credentials are read from the
Authorization header with the Bearer prefix.Validation
Rule
exactly one of the fields in [header queryParameter cookie] must be set
spec.traffic.jwtAuthentication.location.cookie
No description for this field.
spec.traffic.jwtAuthentication.location.cookie.name
No description for this field.
Validation
Min length1
Max length256
spec.traffic.jwtAuthentication.location.header
No description for this field.
spec.traffic.jwtAuthentication.location.header.name
HTTPHeaderName is the name of an HTTP header.
Valid values include:
* "Authorization"
* "Set-Cookie"
* "Set-Cookie"
Invalid values include:
- ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.traffic.jwtAuthentication.location.header.prefix
No description for this field.
Validation
Min length1
Max length256
spec.traffic.jwtAuthentication.location.queryParameter
No description for this field.
spec.traffic.jwtAuthentication.location.queryParameter.name
No description for this field.
Validation
Min length1
Max length256
spec.traffic.jwtAuthentication.mcp
mcp optionally enables MCP OAuth metadata endpoint handlingand MCP-specific authentication behavior on top of standard JWT validation.
When set, the gateway will serve the MCP OAuth metadata discovery endpoints.
Documentation References (2)
spec.traffic.jwtAuthentication.mcp.provider
provider specifies the identity provider to use for MCP authentication flows.Validation
EnumAuth0, Keycloak
Documentation References (2)
spec.traffic.jwtAuthentication.mcp.resourceMetadata
resourceMetadata defines the metadata to use for MCP resources,served at the MCP OAuth metadata endpoints.
Documentation References (2)
spec.traffic.jwtAuthentication.mode
mode is the validation mode for JWT authentication.Validation
EnumStrict, Optional, Permissive
DefaultStrict
Documentation References (5)
spec.traffic.jwtAuthentication.providers
No description for this field.
Validation
Min items1
Max items64
Documentation References (5)
spec.traffic.jwtAuthentication.providers.audiences
audiences specifies the list of allowed audiences that are allowedaccess. This corresponds to the
aud claim([RFC 7519 §4.1.3](https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.3)).
If unset, any audience is allowed.
Validation
Min items1
Max items64
Documentation References (2)
spec.traffic.jwtAuthentication.providers.issuer
issuer identifies the IdP that issued the JWT. This corresponds to theiss claim ([RFC 7519 §4.1.1](https://tools.ietf.org/html/rfc7519#section-4.1.1)).Validation
Min length1
Max length256
Documentation References (5)
spec.traffic.jwtAuthentication.providers.jwks
jwks defines the JSON Web Key Set used to validate the signature of theJWT.
Validation
Rule
exactly one of the fields in [remote inline] must be set
Documentation References (5)
spec.traffic.jwtAuthentication.providers.jwks.inline
inline specifies an inline JSON Web Key Set used to validate thesignature of the JWT.
Validation
Min length2
Max length65536
Documentation References (2)
spec.traffic.jwtAuthentication.providers.jwks.remote
remote specifies how to reach the JSON Web Key Set from a remoteaddress.
Documentation References (3)
spec.traffic.jwtAuthentication.providers.jwks.remote.backendRef
backendRef references the remote JWKS server to reach.Supported types are
Service and static Backend. AnAgentgatewayPolicy containing backend TLS config can then be attachedto the
Service or Backend in order to set TLS options for aconnection to the remote
jwks source.Validation
Rule
Must have port for Service reference
Documentation References (3)
spec.traffic.jwtAuthentication.providers.jwks.remote.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
Documentation References (1)
spec.traffic.jwtAuthentication.providers.jwks.remote.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
Documentation References (3)
spec.traffic.jwtAuthentication.providers.jwks.remote.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
Documentation References (3)
spec.traffic.jwtAuthentication.providers.jwks.remote.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
Documentation References (3)
spec.traffic.jwtAuthentication.providers.jwks.remote.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
Documentation References (3)
spec.traffic.jwtAuthentication.providers.jwks.remote.cacheDuration
No description for this field.
Validation
Default5m
Rule
invalid duration value
Rule
cacheDuration must be at least 5m.
Documentation References (1)
spec.traffic.jwtAuthentication.providers.jwks.remote.jwksPath
Path to the IdP
jwks endpoint, relative to the root, commonly".well-known/jwks.json".Validation
Min length1
Max length2000
Documentation References (3)
spec.traffic.phase
The phase to apply the traffic policy to. If the phase is
the
typically used only when a policy needs to influence the routing
decision.
PreRouting,the
targetRef must be a Gateway or a Listener. PreRouting istypically used only when a policy needs to influence the routing
decision.
Even when using
routes under that
described above.
PostRouting mode, the policy can target theGateway or Listener. This is a helper for applying the policy to allroutes under that
Gateway or Listener, and follows the merging logicdescribed above.
Note:
are independent execution phases. That is, all
merge and execute, then all
PreRouting and PostRouting rules do not merge together. Theseare independent execution phases. That is, all
PreRouting rules willmerge and execute, then all
PostRouting rules will merge and execute.If unset, this defaults to
PostRouting.Validation
EnumPreRouting, PostRouting
Documentation References (3)
spec.traffic.rateLimit
rateLimit specifies the rate limiting configuration for the policy.
This controls the rate at which requests are allowed to be processed.
This controls the rate at which requests are allowed to be processed.
Validation
Rule
at least one of the fields in [global local] must be set
spec.traffic.rateLimit.global
Global defines a global rate limiting policy using an external service.
Documentation References (3)
spec.traffic.rateLimit.global.backendRef
backendRef references the rate limit server to reach.Supported types:
Service and Backend.Validation
Rule
Must have port for Service reference
Documentation References (3)
spec.traffic.rateLimit.global.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.traffic.rateLimit.global.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
Documentation References (2)
spec.traffic.rateLimit.global.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
Documentation References (3)
spec.traffic.rateLimit.global.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
Documentation References (2)
spec.traffic.rateLimit.global.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
Documentation References (3)
spec.traffic.rateLimit.global.descriptors
descriptors define the dimensions for rate limiting. These values arepassed to the rate limit service which applies configured limits based
on them. Each descriptor represents a single rate limit rule with one or
more entries.
Validation
Min items1
Max items16
Documentation References (3)
spec.traffic.rateLimit.global.descriptors.entries
entries are the individual components that make up this descriptor.Validation
Min items1
Max items16
Documentation References (3)
spec.traffic.rateLimit.global.descriptors.entries.expression
expression is a Common Expression Language (CEL) expression thatdefines the value for the descriptor.
For example, to rate limit based on the Client IP:
source.address.See https://agentgateway.dev/docs/standalone/latest/reference/cel/ for more info.
Validation
Min length1
Max length16384
Documentation References (3)
spec.traffic.rateLimit.global.descriptors.entries.name
name specifies the name of the descriptor.Validation
Min length1
Max length64
Documentation References (3)
spec.traffic.rateLimit.global.descriptors.unit
unit defines what to use as the cost function. If unspecified,Requests is used.Validation
EnumRequests, Tokens
Documentation References (2)
spec.traffic.rateLimit.global.domain
domain specifies the domain under which this limit should apply.This is an arbitrary string that enables a rate limit server to distinguish between different applications.
Validation
Min length1
Max length256
Documentation References (3)
spec.traffic.rateLimit.global.failureMode
failureMode controls behavior when the remote rate limit service isunavailable or returns an error.
FailOpen allows the request to continue.FailClosed (default) denies the request.Validation
EnumFailOpen, FailClosed
spec.traffic.rateLimit.local
Local defines a local rate limiting policy.
Validation
Min items1
Max items16
spec.traffic.rateLimit.local.burst
burst specifies an allowance of requests above the request-per-unitthat should be allowed within a short period of time.
Validation
Formatint32
Documentation References (4)
spec.traffic.rateLimit.local.requests
requests specifies the number of HTTP requests per unit of time thatare allowed. Requests exceeding this limit will fail with a
429error.
Validation
Formatint32
Minimum1
Documentation References (5)
spec.traffic.rateLimit.local.tokens
tokens specifies the number of LLM tokens per unit of time that areallowed. Requests exceeding this limit will fail with a
429 error.Both input and output tokens are counted. However, token counts are not known until the request completes. As a
result, token-based rate limits will apply to future requests only.
result, token-based rate limits will apply to future requests only.
Validation
Formatint32
Minimum1
Documentation References (2)
spec.traffic.rateLimit.local.unit
unit specifies the unit of time that requests are limited on.Validation
EnumSeconds, Minutes, Hours
spec.traffic.retry
retry defines the policy for retrying requests.
Documentation References (2)
spec.traffic.retry.attempts
Attempts specifies the maximum number of times an individual request
from the gateway to a backend should be retried.
from the gateway to a backend should be retried.
If the maximum number of retries has been attempted without a successful
response from the backend, the Gateway MUST return an error.
response from the backend, the Gateway MUST return an error.
When this field is unspecified, the number of times to attempt to retry
a backend request is implementation-specific.
a backend request is implementation-specific.
Support: Extended
Documentation References (2)
spec.traffic.retry.backoff
Backoff specifies the minimum duration a Gateway should wait between
retry attempts and is represented in Gateway API Duration formatting.
retry attempts and is represented in Gateway API Duration formatting.
For example, setting the
100 milliseconds after timing out or receiving a response code configured
to be retriable.
rules[].retry.backoff field to the value100ms will cause a backend request to first be retried approximately100 milliseconds after timing out or receiving a response code configured
to be retriable.
An implementation MAY use an exponential or alternative backoff strategy
for subsequent retry attempts, MAY cap the maximum backoff duration to
some amount greater than the specified minimum, and MAY add arbitrary
jitter to stagger requests, as long as unsuccessful backend requests are
not retried before the configured minimum duration.
for subsequent retry attempts, MAY cap the maximum backoff duration to
some amount greater than the specified minimum, and MAY add arbitrary
jitter to stagger requests, as long as unsuccessful backend requests are
not retried before the configured minimum duration.
If a Request timeout (
route, the entire duration of the initial request and any retry attempts
MUST not exceed the Request timeout duration. If any retry attempts are
still in progress when the Request timeout duration has been reached,
these SHOULD be canceled if possible and the Gateway MUST immediately
return a timeout error.
rules[].timeouts.request) is configured on theroute, the entire duration of the initial request and any retry attempts
MUST not exceed the Request timeout duration. If any retry attempts are
still in progress when the Request timeout duration has been reached,
these SHOULD be canceled if possible and the Gateway MUST immediately
return a timeout error.
If a BackendRequest timeout (
configured on the route, any retry attempts which reach the configured
BackendRequest timeout duration without a response SHOULD be canceled if
possible and the Gateway should wait for at least the specified backoff
duration before attempting to retry the backend request again.
rules[].timeouts.backendRequest) isconfigured on the route, any retry attempts which reach the configured
BackendRequest timeout duration without a response SHOULD be canceled if
possible and the Gateway should wait for at least the specified backoff
duration before attempting to retry the backend request again.
If a BackendRequest timeout is _not_ configured on the route, retry
attempts MAY time out after an implementation default duration, or MAY
remain pending until a configured Request timeout or implementation
default duration for total request time is reached.
attempts MAY time out after an implementation default duration, or MAY
remain pending until a configured Request timeout or implementation
default duration for total request time is reached.
When this field is unspecified, the time to wait between retry attempts
is implementation-specific.
is implementation-specific.
Support: Extended
Validation
Pattern^([0-9]{1,5}(h|m|s|ms)){1,4}$
Documentation References (2)
spec.traffic.retry.codes
Codes defines the HTTP response status codes for which a backend request
should be retried.
should be retried.
Support: Extended
Validation
List typeatomic
Documentation References (2)
spec.traffic.timeouts
timeouts defines the timeouts for requests.It is applicable to
HTTPRoute resources and ignored for other targetedkinds.
Documentation References (2)
spec.traffic.timeouts.request
request specifies a timeout for an individual request from the gateway to a backend. This covers the time from when
the request first starts being sent from the gateway to when the full response has been received from the backend.
the request first starts being sent from the gateway to when the full response has been received from the backend.
Validation
Rule
invalid duration value
Rule
request must be at least 1ms
Documentation References (2)
spec.traffic.transformation
transformation is used to mutate and transform requests and responses
before forwarding them to the destination.
before forwarding them to the destination.
Validation
Rule
at least one of the fields in [request response] must be set
Documentation References (18)
spec.traffic.transformation.request
request is used to modify the request path.Validation
Rule
at least one of the fields in [add body metadata remove set] must be set
Documentation References (12)
spec.traffic.transformation.request.add
add is a list of headers to add to the request and what that valueshould be set to. If there is already a header with these values then
append the value as an extra entry.
Validation
Min items1
Max items16
List typemap
List map keysname
spec.traffic.transformation.request.add.name
The name of the header to add.
Validation
Pattern^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
Rule
pseudo-headers must be one of :authority, :method, :path, :scheme, or :status
spec.traffic.transformation.request.add.value
value is the CEL expression to apply to generate the output value forthe header.
Validation
Min length1
Max length16384
spec.traffic.transformation.request.body
body controls manipulation of the HTTP body.Validation
Min length1
Max length16384
spec.traffic.transformation.request.metadata
metadata stores CEL-evaluated values under the metadata CEL variablefor subsequent policy evaluations.
metadata is evaluated before headeror body transformations.
Validation
Min properties1
Max properties16
spec.traffic.transformation.request.remove
remove is a list of header names to remove from the request orresponse.
Validation
Min items1
Max items16
List typeset
spec.traffic.transformation.request.set
set is a list of headers and the value they should be set to.Validation
Min items1
Max items16
List typemap
List map keysname
Documentation References (7)
spec.traffic.transformation.request.set.name
The name of the header to add.
Validation
Pattern^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
Rule
pseudo-headers must be one of :authority, :method, :path, :scheme, or :status
Documentation References (7)
spec.traffic.transformation.request.set.value
value is the CEL expression to apply to generate the output value forthe header.
Validation
Min length1
Max length16384
Documentation References (7)
spec.traffic.transformation.response
response is used to modify the response path.Validation
Rule
at least one of the fields in [add body metadata remove set] must be set
spec.traffic.transformation.response.add
add is a list of headers to add to the request and what that valueshould be set to. If there is already a header with these values then
append the value as an extra entry.
Validation
Min items1
Max items16
List typemap
List map keysname
Documentation References (1)
spec.traffic.transformation.response.add.name
The name of the header to add.
Validation
Pattern^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
Rule
pseudo-headers must be one of :authority, :method, :path, :scheme, or :status
Documentation References (1)
spec.traffic.transformation.response.add.value
value is the CEL expression to apply to generate the output value forthe header.
Validation
Min length1
Max length16384
Documentation References (1)
spec.traffic.transformation.response.body
body controls manipulation of the HTTP body.Validation
Min length1
Max length16384
Documentation References (1)
spec.traffic.transformation.response.metadata
metadata stores CEL-evaluated values under the metadata CEL variablefor subsequent policy evaluations.
metadata is evaluated before headeror body transformations.
Validation
Min properties1
Max properties16
spec.traffic.transformation.response.remove
remove is a list of header names to remove from the request orresponse.
Validation
Min items1
Max items16
List typeset
Documentation References (1)
spec.traffic.transformation.response.set
set is a list of headers and the value they should be set to.Validation
Min items1
Max items16
List typemap
List map keysname
spec.traffic.transformation.response.set.name
The name of the header to add.
Validation
Pattern^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
Rule
pseudo-headers must be one of :authority, :method, :path, :scheme, or :status
spec.traffic.transformation.response.set.value
value is the CEL expression to apply to generate the output value forthe header.
Validation
Min length1
Max length16384
status
status defines the current state of AgentgatewayPolicy.
status.ancestors
Ancestors is a list of ancestor resources (usually Gateways) that are
associated with the policy, and the status of the policy with respect to
each ancestor. When this policy attaches to a parent, the controller that
manages the parent and the ancestors MUST add an entry to this list when
the controller first sees the policy and SHOULD update the entry as
appropriate when the relevant ancestor is modified.
associated with the policy, and the status of the policy with respect to
each ancestor. When this policy attaches to a parent, the controller that
manages the parent and the ancestors MUST add an entry to this list when
the controller first sees the policy and SHOULD update the entry as
appropriate when the relevant ancestor is modified.
Note that choosing the relevant ancestor is left to the Policy designers;
an important part of Policy design is designing the right object level at
which to namespace this status.
an important part of Policy design is designing the right object level at
which to namespace this status.
Note also that implementations MUST ONLY populate ancestor status for
the Ancestor resources they are responsible for. Implementations MUST
use the ControllerName field to uniquely identify the entries in this list
that they are responsible for.
the Ancestor resources they are responsible for. Implementations MUST
use the ControllerName field to uniquely identify the entries in this list
that they are responsible for.
Note that to achieve this, the list of PolicyAncestorStatus structs
MUST be treated as a map with a composite key, made up of the AncestorRef
and ControllerName fields combined.
MUST be treated as a map with a composite key, made up of the AncestorRef
and ControllerName fields combined.
A maximum of 16 ancestors will be represented in this list. An empty list
means the Policy is not relevant for any ancestors.
means the Policy is not relevant for any ancestors.
If this slice is full, implementations MUST NOT add further entries.
Instead they MUST consider the policy unimplementable and signal that
on any related resources such as the ancestor that would be referenced
here. For example, if this list was full on BackendTLSPolicy, no
additional Gateways would be able to reference the Service targeted by
the BackendTLSPolicy.
Instead they MUST consider the policy unimplementable and signal that
on any related resources such as the ancestor that would be referenced
here. For example, if this list was full on BackendTLSPolicy, no
additional Gateways would be able to reference the Service targeted by
the BackendTLSPolicy.
Validation
Max items16
List typeatomic
status.ancestors.ancestorRef
AncestorRef corresponds with a ParentRef in the spec that this
PolicyAncestorStatus struct describes the status of.
PolicyAncestorStatus struct describes the status of.
status.ancestors.ancestorRef.group
Group is the group of the referent.
When unspecified, "gateway.networking.k8s.io" is inferred.
To set the core API group (such as for a "Service" kind referent),
Group must be explicitly set to "" (empty string).
When unspecified, "gateway.networking.k8s.io" is inferred.
To set the core API group (such as for a "Service" kind referent),
Group must be explicitly set to "" (empty string).
Support: Core
Validation
Defaultgateway.networking.k8s.io
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
status.ancestors.ancestorRef.kind
Kind is kind of the referent.
There are two kinds of parent resources with "Core" support:
* Gateway (Gateway conformance profile)
* Service (Mesh conformance profile, ClusterIP Services only)
* Service (Mesh conformance profile, ClusterIP Services only)
Support for other resources is Implementation-Specific.
Validation
DefaultGateway
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
status.ancestors.ancestorRef.name
Name is the name of the referent.
Support: Core
Validation
Min length1
Max length253
status.ancestors.ancestorRef.namespace
Namespace is the namespace of the referent. When unspecified, this refers
to the local namespace of the Route.
to the local namespace of the Route.
Note that there are specific rules for ParentRefs which cross namespace
boundaries. Cross-namespace references are only valid if they are explicitly
allowed by something in the namespace they are referring to. For example:
Gateway has the AllowedRoutes field, and ReferenceGrant provides a
generic way to enable any other kind of cross-namespace reference.
boundaries. Cross-namespace references are only valid if they are explicitly
allowed by something in the namespace they are referring to. For example:
Gateway has the AllowedRoutes field, and ReferenceGrant provides a
generic way to enable any other kind of cross-namespace reference.
<gateway:experimental:description>
ParentRefs from a Route to a Service in the same namespace are "producer"
routes, which apply default routing rules to inbound connections from
any namespace to the Service.
ParentRefs from a Route to a Service in the same namespace are "producer"
routes, which apply default routing rules to inbound connections from
any namespace to the Service.
ParentRefs from a Route to a Service in a different namespace are
"consumer" routes, and these routing rules are only applied to outbound
connections originating from the same namespace as the Route, for which
the intended destination of the connections are a Service targeted as a
ParentRef of the Route.
</gateway:experimental:description>
"consumer" routes, and these routing rules are only applied to outbound
connections originating from the same namespace as the Route, for which
the intended destination of the connections are a Service targeted as a
ParentRef of the Route.
</gateway:experimental:description>
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
status.ancestors.ancestorRef.port
Port is the network port this Route targets. It can be interpreted
differently based on the type of parent resource.
differently based on the type of parent resource.
When the parent resource is a Gateway, this targets all listeners
listening on the specified port that also support this kind of Route(and
select this Route). It's not recommended to set
networking behaviors specified in a Route must apply to a specific port
as opposed to a listener(s) whose port(s) may be changed. When both Port
and SectionName are specified, the name and port of the selected listener
must match both specified values.
listening on the specified port that also support this kind of Route(and
select this Route). It's not recommended to set
Port unless thenetworking behaviors specified in a Route must apply to a specific port
as opposed to a listener(s) whose port(s) may be changed. When both Port
and SectionName are specified, the name and port of the selected listener
must match both specified values.
<gateway:experimental:description>
When the parent resource is a Service, this targets a specific port in the
Service spec. When both Port (experimental) and SectionName are specified,
the name and port of the selected port must match both specified values.
</gateway:experimental:description>
When the parent resource is a Service, this targets a specific port in the
Service spec. When both Port (experimental) and SectionName are specified,
the name and port of the selected port must match both specified values.
</gateway:experimental:description>
Implementations MAY choose to support other parent resources.
Implementations supporting other types of parent resources MUST clearly
document how/if Port is interpreted.
Implementations supporting other types of parent resources MUST clearly
document how/if Port is interpreted.
For the purpose of status, an attachment is considered successful as
long as the parent resource accepts it partially. For example, Gateway
listeners can restrict which Routes can attach to them by Route kind,
namespace, or hostname. If 1 of 2 Gateway listeners accept attachment
from the referencing Route, the Route MUST be considered successfully
attached. If no Gateway listeners accept attachment from this Route,
the Route MUST be considered detached from the Gateway.
long as the parent resource accepts it partially. For example, Gateway
listeners can restrict which Routes can attach to them by Route kind,
namespace, or hostname. If 1 of 2 Gateway listeners accept attachment
from the referencing Route, the Route MUST be considered successfully
attached. If no Gateway listeners accept attachment from this Route,
the Route MUST be considered detached from the Gateway.
Support: Extended
Validation
Formatint32
Minimum1
Maximum65535
status.ancestors.ancestorRef.sectionName
SectionName is the name of a section within the target resource. In the
following resources, SectionName is interpreted as the following:
following resources, SectionName is interpreted as the following:
* Gateway: Listener name. When both Port (experimental) and SectionName
are specified, the name and port of the selected listener must match
both specified values.
* Service: Port name. When both Port (experimental) and SectionName
are specified, the name and port of the selected listener must match
both specified values.
are specified, the name and port of the selected listener must match
both specified values.
* Service: Port name. When both Port (experimental) and SectionName
are specified, the name and port of the selected listener must match
both specified values.
Implementations MAY choose to support attaching Routes to other resources.
If that is the case, they MUST clearly document how SectionName is
interpreted.
If that is the case, they MUST clearly document how SectionName is
interpreted.
When unspecified (empty string), this will reference the entire resource.
For the purpose of status, an attachment is considered successful if at
least one section in the parent resource accepts it. For example, Gateway
listeners can restrict which Routes can attach to them by Route kind,
namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from
the referencing Route, the Route MUST be considered successfully
attached. If no Gateway listeners accept attachment from this Route, the
Route MUST be considered detached from the Gateway.
For the purpose of status, an attachment is considered successful if at
least one section in the parent resource accepts it. For example, Gateway
listeners can restrict which Routes can attach to them by Route kind,
namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from
the referencing Route, the Route MUST be considered successfully
attached. If no Gateway listeners accept attachment from this Route, the
Route MUST be considered detached from the Gateway.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Min length1
Max length253
status.ancestors.conditions
Conditions describes the status of the Policy with respect to the given Ancestor.
<gateway:util:excludeFromCRD>
Notes for implementors:
Conditions are a listType
map with a key of the
map, which means that they function like amap with a key of the
type field _in the k8s apiserver_.This means that implementations must obey some rules when updating this
section.
section.
* Implementations MUST perform a read-modify-write cycle on this field
before modifying it. That is, when modifying this field, implementations
must be confident they have fetched the most recent version of this field,
and ensure that changes they make are on that recent version.
* Implementations MUST NOT remove or reorder Conditions that they are not
directly responsible for. For example, if an implementation sees a Condition
with type
Condition.
* Implementations MUST always _merge_ changes into Conditions of the same Type,
rather than creating more than one Condition of the same Type.
* Implementations MUST always update the
Condition to the
* If the
implementation knows about, then it MUST NOT perform the update on that Condition,
but must wait for a future reconciliation and status update. (The assumption is that
the implementation's copy of the object is stale and an update will be re-triggered
if relevant.)
before modifying it. That is, when modifying this field, implementations
must be confident they have fetched the most recent version of this field,
and ensure that changes they make are on that recent version.
* Implementations MUST NOT remove or reorder Conditions that they are not
directly responsible for. For example, if an implementation sees a Condition
with type
special.io/SomeField, it MUST NOT remove, change or update thatCondition.
* Implementations MUST always _merge_ changes into Conditions of the same Type,
rather than creating more than one Condition of the same Type.
* Implementations MUST always update the
observedGeneration field of theCondition to the
metadata.generation of the Gateway at the time of update creation.* If the
observedGeneration of a Condition is _greater than_ the value theimplementation knows about, then it MUST NOT perform the update on that Condition,
but must wait for a future reconciliation and status update. (The assumption is that
the implementation's copy of the object is stale and an update will be re-triggered
if relevant.)
</gateway:util:excludeFromCRD>
Validation
Min items1
Max items8
List typemap
List map keystype
status.ancestors.conditions.lastTransitionTime
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
Validation
Formatdate-time
status.ancestors.conditions.message
message is a human readable message indicating details about the transition.
This may be an empty string.
This may be an empty string.
Validation
Max length32768
status.ancestors.conditions.observedGeneration
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
Validation
Formatint64
Minimum0
status.ancestors.conditions.reason
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
Validation
Pattern^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
Min length1
Max length1024
status.ancestors.conditions.status
status of the condition, one of True, False, Unknown.
Validation
EnumTrue, False, Unknown
status.ancestors.conditions.type
type of condition in CamelCase or in foo.example.com/CamelCase.
Validation
Pattern^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
Max length316
status.ancestors.controllerName
ControllerName is a domain/path string that indicates the name of the
controller that wrote this status. This corresponds with the
controllerName field on GatewayClass.
controller that wrote this status. This corresponds with the
controllerName field on GatewayClass.
Example: "example.net/gateway-controller".
The format of this field is DOMAIN "/" PATH, where DOMAIN and PATH are
valid Kubernetes names
(https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
valid Kubernetes names
(https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
Controllers MUST populate this field when writing status. Controllers should ensure that
entries to status populated with their ControllerName are cleaned up when they are no
longer necessary.
entries to status populated with their ControllerName are cleaned up when they are no
longer necessary.
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
Min length1
Max length253
Was this page helpful?
