For the complete documentation index, see llms.txt. Markdown versions of all docs pages are available by appending .md to any docs URL.
AgentgatewayBackend
Use AgentgatewayBackends to configure the target services that agentgateway routes traffic to.
Explore the configuration reference by clicking on a property name or expanding the property types. Use the in-field search bar to search for a property. The reference is also available as a table.agentgateway.dev/v1alpha1
- apiVersionstring
- kindstring
- metadataobject
- *spec
- ai
- groups
- *providers
- anthropic
- modelstring
- azure
- apiVersionstring
- modelstring
- projectNamestring
- *resourceNamestring
- *resourceTypestring
- azureopenai
- apiVersionstring
- deploymentNamestring
- *endpointstring
- bedrock
- guardrail
- *identifierstring
- *versionstring
- modelstring
- regionstring
- gemini
- modelstring
- hoststring
- *namestring
- openai
- modelstring
- pathstring
- pathPrefixstring
- policies
- ai
- defaults
- *fieldstring
- *valueobject
- modelAliasesobject
- overrides
- *fieldstring
- *valueobject
- prompt
- append
- *contentstring
- *rolestring
- prepend
- *contentstring
- *rolestring
- promptCaching
- cacheMessageOffsetinteger
- cacheMessagesboolean
- cacheSystemboolean
- cacheToolsboolean
- minTokensinteger
- promptGuard
- request
- bedrockGuardrails
- *identifierstring
- policies
- auth
- aws
- *secretRef
- namestring
- azure
- managedIdentity
- *clientIdstring
- *objectIdstring
- *resourceIdstring
- secretRef
- namestring
- gcp
- audiencestring
- typestring
- keystring
- location
- cookie
- *namestring
- header
- *namestring
- prefixstring
- queryParameter
- *namestring
- passthroughobject
- secretRef
- namestring
- http
- requestTimeoutstring
- versionstring
- tcp
- connectTimeoutstring
- keepalive
- intervalstring
- retriesinteger
- timestring
- tls
- alpnProtocolsstring[]
- caCertificateRefs
- namestring
- insecureSkipVerifystring
- mtlsCertificateRef
- namestring
- snistring
- verifySubjectAltNamesstring[]
- tunnel
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- *regionstring
- *versionstring
- googleModelArmor
- locationstring
- policies
- auth
- aws
- *secretRef
- namestring
- azure
- managedIdentity
- *clientIdstring
- *objectIdstring
- *resourceIdstring
- secretRef
- namestring
- gcp
- audiencestring
- typestring
- keystring
- location
- cookie
- *namestring
- header
- *namestring
- prefixstring
- queryParameter
- *namestring
- passthroughobject
- secretRef
- namestring
- http
- requestTimeoutstring
- versionstring
- tcp
- connectTimeoutstring
- keepalive
- intervalstring
- retriesinteger
- timestring
- tls
- alpnProtocolsstring[]
- caCertificateRefs
- namestring
- insecureSkipVerifystring
- mtlsCertificateRef
- namestring
- snistring
- verifySubjectAltNamesstring[]
- tunnel
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- *projectIdstring
- *templateIdstring
- openAIModeration
- modelstring
- policies
- auth
- aws
- *secretRef
- namestring
- azure
- managedIdentity
- *clientIdstring
- *objectIdstring
- *resourceIdstring
- secretRef
- namestring
- gcp
- audiencestring
- typestring
- keystring
- location
- cookie
- *namestring
- header
- *namestring
- prefixstring
- queryParameter
- *namestring
- passthroughobject
- secretRef
- namestring
- http
- requestTimeoutstring
- versionstring
- tcp
- connectTimeoutstring
- keepalive
- intervalstring
- retriesinteger
- timestring
- tls
- alpnProtocolsstring[]
- caCertificateRefs
- namestring
- insecureSkipVerifystring
- mtlsCertificateRef
- namestring
- snistring
- verifySubjectAltNamesstring[]
- tunnel
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- regex
- actionstring
- builtinsstring[]
- matchesstring[]
- response
- messagestring
- statusCodeinteger
- webhook
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- forwardHeaderMatches
- *namestring
- typestring
- *valuestring
- response
- bedrockGuardrails
- *identifierstring
- policies
- auth
- aws
- *secretRef
- namestring
- azure
- managedIdentity
- *clientIdstring
- *objectIdstring
- *resourceIdstring
- secretRef
- namestring
- gcp
- audiencestring
- typestring
- keystring
- location
- cookie
- *namestring
- header
- *namestring
- prefixstring
- queryParameter
- *namestring
- passthroughobject
- secretRef
- namestring
- http
- requestTimeoutstring
- versionstring
- tcp
- connectTimeoutstring
- keepalive
- intervalstring
- retriesinteger
- timestring
- tls
- alpnProtocolsstring[]
- caCertificateRefs
- namestring
- insecureSkipVerifystring
- mtlsCertificateRef
- namestring
- snistring
- verifySubjectAltNamesstring[]
- tunnel
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- *regionstring
- *versionstring
- googleModelArmor
- locationstring
- policies
- auth
- aws
- *secretRef
- namestring
- azure
- managedIdentity
- *clientIdstring
- *objectIdstring
- *resourceIdstring
- secretRef
- namestring
- gcp
- audiencestring
- typestring
- keystring
- location
- cookie
- *namestring
- header
- *namestring
- prefixstring
- queryParameter
- *namestring
- passthroughobject
- secretRef
- namestring
- http
- requestTimeoutstring
- versionstring
- tcp
- connectTimeoutstring
- keepalive
- intervalstring
- retriesinteger
- timestring
- tls
- alpnProtocolsstring[]
- caCertificateRefs
- namestring
- insecureSkipVerifystring
- mtlsCertificateRef
- namestring
- snistring
- verifySubjectAltNamesstring[]
- tunnel
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- *projectIdstring
- *templateIdstring
- regex
- actionstring
- builtinsstring[]
- matchesstring[]
- response
- messagestring
- statusCodeinteger
- webhook
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- forwardHeaderMatches
- *namestring
- typestring
- *valuestring
- routesobject
- transformations
- *expressionstring
- *fieldstring
- auth
- aws
- *secretRef
- namestring
- azure
- managedIdentity
- *clientIdstring
- *objectIdstring
- *resourceIdstring
- secretRef
- namestring
- gcp
- audiencestring
- typestring
- keystring
- location
- cookie
- *namestring
- header
- *namestring
- prefixstring
- queryParameter
- *namestring
- passthroughobject
- secretRef
- namestring
- health
- eviction
- consecutiveFailuresinteger
- durationstring
- healthThresholdinteger
- restoreHealthinteger
- unhealthyConditionstring
- http
- requestTimeoutstring
- versionstring
- tcp
- connectTimeoutstring
- keepalive
- intervalstring
- retriesinteger
- timestring
- tls
- alpnProtocolsstring[]
- caCertificateRefs
- namestring
- insecureSkipVerifystring
- mtlsCertificateRef
- namestring
- snistring
- verifySubjectAltNamesstring[]
- transformation
- request
- add
- *namestring
- *valuestring
- bodystring
- metadataobject
- removestring[]
- set
- *namestring
- *valuestring
- response
- add
- *namestring
- *valuestring
- bodystring
- metadataobject
- removestring[]
- set
- *namestring
- *valuestring
- tunnel
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- portinteger
- vertexai
- modelstring
- *projectIdstring
- regionstring
- provider
- anthropic
- modelstring
- azure
- apiVersionstring
- modelstring
- projectNamestring
- *resourceNamestring
- *resourceTypestring
- azureopenai
- apiVersionstring
- deploymentNamestring
- *endpointstring
- bedrock
- guardrail
- *identifierstring
- *versionstring
- modelstring
- regionstring
- gemini
- modelstring
- hoststring
- openai
- modelstring
- pathstring
- pathPrefixstring
- portinteger
- vertexai
- modelstring
- *projectIdstring
- regionstring
- aws
- agentCore
- *agentRuntimeArnstring
- qualifierstring
- dynamicForwardProxyobject
- mcp
- failureModestring
- sessionRoutingstring
- *targets
- *namestring
- selector
- namespaces
- matchExpressions
- *keystring
- *operatorstring
- valuesstring[]
- matchLabelsobject
- services
- matchExpressions
- *keystring
- *operatorstring
- valuesstring[]
- matchLabelsobject
- static
- backendRef
- namestring
- hoststring
- pathstring
- policies
- auth
- aws
- *secretRef
- namestring
- azure
- managedIdentity
- *clientIdstring
- *objectIdstring
- *resourceIdstring
- secretRef
- namestring
- gcp
- audiencestring
- typestring
- keystring
- location
- cookie
- *namestring
- header
- *namestring
- prefixstring
- queryParameter
- *namestring
- passthroughobject
- secretRef
- namestring
- http
- requestTimeoutstring
- versionstring
- tcp
- connectTimeoutstring
- keepalive
- intervalstring
- retriesinteger
- timestring
- tls
- alpnProtocolsstring[]
- caCertificateRefs
- namestring
- insecureSkipVerifystring
- mtlsCertificateRef
- namestring
- snistring
- verifySubjectAltNamesstring[]
- tunnel
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- *portinteger
- protocolstring
- policies
- ai
- defaults
- *fieldstring
- *valueobject
- modelAliasesobject
- overrides
- *fieldstring
- *valueobject
- prompt
- append
- *contentstring
- *rolestring
- prepend
- *contentstring
- *rolestring
- promptCaching
- cacheMessageOffsetinteger
- cacheMessagesboolean
- cacheSystemboolean
- cacheToolsboolean
- minTokensinteger
- promptGuard
- request
- bedrockGuardrails
- *identifierstring
- policies
- auth
- aws
- *secretRef
- namestring
- azure
- managedIdentity
- *clientIdstring
- *objectIdstring
- *resourceIdstring
- secretRef
- namestring
- gcp
- audiencestring
- typestring
- keystring
- location
- cookie
- *namestring
- header
- *namestring
- prefixstring
- queryParameter
- *namestring
- passthroughobject
- secretRef
- namestring
- http
- requestTimeoutstring
- versionstring
- tcp
- connectTimeoutstring
- keepalive
- intervalstring
- retriesinteger
- timestring
- tls
- alpnProtocolsstring[]
- caCertificateRefs
- namestring
- insecureSkipVerifystring
- mtlsCertificateRef
- namestring
- snistring
- verifySubjectAltNamesstring[]
- tunnel
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- *regionstring
- *versionstring
- googleModelArmor
- locationstring
- policies
- auth
- aws
- *secretRef
- namestring
- azure
- managedIdentity
- *clientIdstring
- *objectIdstring
- *resourceIdstring
- secretRef
- namestring
- gcp
- audiencestring
- typestring
- keystring
- location
- cookie
- *namestring
- header
- *namestring
- prefixstring
- queryParameter
- *namestring
- passthroughobject
- secretRef
- namestring
- http
- requestTimeoutstring
- versionstring
- tcp
- connectTimeoutstring
- keepalive
- intervalstring
- retriesinteger
- timestring
- tls
- alpnProtocolsstring[]
- caCertificateRefs
- namestring
- insecureSkipVerifystring
- mtlsCertificateRef
- namestring
- snistring
- verifySubjectAltNamesstring[]
- tunnel
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- *projectIdstring
- *templateIdstring
- openAIModeration
- modelstring
- policies
- auth
- aws
- *secretRef
- namestring
- azure
- managedIdentity
- *clientIdstring
- *objectIdstring
- *resourceIdstring
- secretRef
- namestring
- gcp
- audiencestring
- typestring
- keystring
- location
- cookie
- *namestring
- header
- *namestring
- prefixstring
- queryParameter
- *namestring
- passthroughobject
- secretRef
- namestring
- http
- requestTimeoutstring
- versionstring
- tcp
- connectTimeoutstring
- keepalive
- intervalstring
- retriesinteger
- timestring
- tls
- alpnProtocolsstring[]
- caCertificateRefs
- namestring
- insecureSkipVerifystring
- mtlsCertificateRef
- namestring
- snistring
- verifySubjectAltNamesstring[]
- tunnel
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- regex
- actionstring
- builtinsstring[]
- matchesstring[]
- response
- messagestring
- statusCodeinteger
- webhook
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- forwardHeaderMatches
- *namestring
- typestring
- *valuestring
- response
- bedrockGuardrails
- *identifierstring
- policies
- auth
- aws
- *secretRef
- namestring
- azure
- managedIdentity
- *clientIdstring
- *objectIdstring
- *resourceIdstring
- secretRef
- namestring
- gcp
- audiencestring
- typestring
- keystring
- location
- cookie
- *namestring
- header
- *namestring
- prefixstring
- queryParameter
- *namestring
- passthroughobject
- secretRef
- namestring
- http
- requestTimeoutstring
- versionstring
- tcp
- connectTimeoutstring
- keepalive
- intervalstring
- retriesinteger
- timestring
- tls
- alpnProtocolsstring[]
- caCertificateRefs
- namestring
- insecureSkipVerifystring
- mtlsCertificateRef
- namestring
- snistring
- verifySubjectAltNamesstring[]
- tunnel
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- *regionstring
- *versionstring
- googleModelArmor
- locationstring
- policies
- auth
- aws
- *secretRef
- namestring
- azure
- managedIdentity
- *clientIdstring
- *objectIdstring
- *resourceIdstring
- secretRef
- namestring
- gcp
- audiencestring
- typestring
- keystring
- location
- cookie
- *namestring
- header
- *namestring
- prefixstring
- queryParameter
- *namestring
- passthroughobject
- secretRef
- namestring
- http
- requestTimeoutstring
- versionstring
- tcp
- connectTimeoutstring
- keepalive
- intervalstring
- retriesinteger
- timestring
- tls
- alpnProtocolsstring[]
- caCertificateRefs
- namestring
- insecureSkipVerifystring
- mtlsCertificateRef
- namestring
- snistring
- verifySubjectAltNamesstring[]
- tunnel
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- *projectIdstring
- *templateIdstring
- regex
- actionstring
- builtinsstring[]
- matchesstring[]
- response
- messagestring
- statusCodeinteger
- webhook
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- forwardHeaderMatches
- *namestring
- typestring
- *valuestring
- routesobject
- transformations
- *expressionstring
- *fieldstring
- auth
- aws
- *secretRef
- namestring
- azure
- managedIdentity
- *clientIdstring
- *objectIdstring
- *resourceIdstring
- secretRef
- namestring
- gcp
- audiencestring
- typestring
- keystring
- location
- cookie
- *namestring
- header
- *namestring
- prefixstring
- queryParameter
- *namestring
- passthroughobject
- secretRef
- namestring
- health
- eviction
- consecutiveFailuresinteger
- durationstring
- healthThresholdinteger
- restoreHealthinteger
- unhealthyConditionstring
- http
- requestTimeoutstring
- versionstring
- mcp
- authentication
- audiencesstring[]
- issuerstring
- *jwks
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- cacheDurationstring
- *jwksPathstring
- modestring
- providerstring
- resourceMetadataobject
- authorization
- actionstring
- *policy
- *matchExpressionsstring[]
- tcp
- connectTimeoutstring
- keepalive
- intervalstring
- retriesinteger
- timestring
- tls
- alpnProtocolsstring[]
- caCertificateRefs
- namestring
- insecureSkipVerifystring
- mtlsCertificateRef
- namestring
- snistring
- verifySubjectAltNamesstring[]
- transformation
- request
- add
- *namestring
- *valuestring
- bodystring
- metadataobject
- removestring[]
- set
- *namestring
- *valuestring
- response
- add
- *namestring
- *valuestring
- bodystring
- metadataobject
- removestring[]
- set
- *namestring
- *valuestring
- tunnel
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- static
- hoststring
- portinteger
- unixPathstring
- status
- conditions
- *lastTransitionTimestring
- *messagestring
- observedGenerationinteger
- *reasonstring
- *statusstring
- *typestring
apiVersion
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
kind
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
metadata
No description for this field.
spec
spec defines the desired state of AgentgatewayBackend.
Validation
Rule
AI policies require AI backend
Rule
MCP policies require MCP backend
Rule
exactly one of the fields in [ai static dynamicForwardProxy mcp aws] must be set
spec.ai
ai represents a LLM backend.
Validation
Rule
exactly one of the fields in [provider groups] must be set
Documentation References (21)
spec.ai.groups
groups specifies a list of groups in priority order where each groupdefines a set of LLM providers. The priority determines the priority of
the backend endpoints chosen.
Note: provider names must be unique across all providers in all priority
groups. Backend policies may target a specific provider by name using
targetRefs[].sectionName.Example configuration with two priority groups:
groups:
- providers:
- azureopenai:
deploymentName: gpt-4o-mini
apiVersion: 2024-02-15-preview
endpoint: ai-gateway.openai.azure.com
- providers:
- azureopenai:
deploymentName: gpt-4o-mini-2
apiVersion: 2024-02-15-preview
endpoint: ai-gateway-2.openai.azure.com
policies:
auth:
secretRef:
name: azure-secretValidation
Min items1
Max items8
Documentation References (2)
spec.ai.groups.providers
providers specifies a list of LLM providers within this group. Each provider is treated equally in terms of priority,
with automatic weighting based on health.
with automatic weighting based on health.
Validation
Min items1
Max items16
Rule
provider names must be unique within a group
Documentation References (2)
spec.ai.groups.providers.anthropic.model
Optional: Override the model name, such as
If unset, the model name is taken from the request.
gpt-4o-mini.If unset, the model name is taken from the request.
Validation
Min length1
Max length256
Documentation References (1)
spec.ai.groups.providers.azure
Azure provider with resource-based configuration.
Supports both Azure OpenAI and Azure AI Foundry resource types.
Supports both Azure OpenAI and Azure AI Foundry resource types.
Validation
Rule
projectName is required when resourceType is Foundry
spec.ai.groups.providers.azure.apiVersion
The version of the Azure OpenAI API to use.
If unset, defaults to
If unset, defaults to
v1.Validation
Min length1
Max length64
spec.ai.groups.providers.azure.model
Optional: Override the model name, such as
If unset, the model name is taken from the request.
gpt-4o-mini.If unset, the model name is taken from the request.
Validation
Min length1
Max length256
spec.ai.groups.providers.azure.projectName
The Foundry project name, required when
Used to construct paths: /api/projects/{projectName}/openai/v1/...
resourceType is Foundry.Used to construct paths: /api/projects/{projectName}/openai/v1/...
Validation
Min length1
Max length256
spec.ai.groups.providers.azure.resourceName
The Azure resource name used to construct the endpoint host.
For OpenAI: {resourceName}.openai.azure.com
For Foundry: {resourceName}-resource.services.ai.azure.com
For OpenAI: {resourceName}.openai.azure.com
For Foundry: {resourceName}-resource.services.ai.azure.com
Validation
Min length1
Max length256
spec.ai.groups.providers.azure.resourceType
The type of Azure endpoint. Determines the host suffix.
Validation
EnumOpenAI, Foundry
spec.ai.groups.providers.azureopenai
Azure OpenAI provider
Validation
Rule
deploymentName is required for this apiVersion
spec.ai.groups.providers.azureopenai.apiVersion
The version of the Azure OpenAI API to use.
For more information, see the [Azure OpenAI API version reference](https://learn.microsoft.com/en-us/azure/foundry/openai/reference).
If unset, defaults to
For more information, see the [Azure OpenAI API version reference](https://learn.microsoft.com/en-us/azure/foundry/openai/reference).
If unset, defaults to
v1.Validation
Min length1
Max length64
spec.ai.groups.providers.azureopenai.deploymentName
The name of the Azure OpenAI model deployment to use.
For more information, see the [Azure OpenAI model docs](https://learn.microsoft.com/en-us/azure/foundry/foundry-models/concepts/models-sold-directly-by-azure?view=foundry-classic).
This is required if
set in the request.
For more information, see the [Azure OpenAI model docs](https://learn.microsoft.com/en-us/azure/foundry/foundry-models/concepts/models-sold-directly-by-azure?view=foundry-classic).
This is required if
apiVersion is not v1. For v1, the model can beset in the request.
Validation
Min length1
Max length256
spec.ai.groups.providers.azureopenai.endpoint
The endpoint for the Azure OpenAI API to use, such as
If the scheme is included, it is stripped.
my-endpoint.openai.azure.com.If the scheme is included, it is stripped.
Validation
Min length1
Max length256
spec.ai.groups.providers.bedrock
Bedrock provider
spec.ai.groups.providers.bedrock.guardrail
guardrail configures the Guardrail policy to use for the backend. See<https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails.html>.
If not specified, the AWS Guardrail policy will not be used.
spec.ai.groups.providers.bedrock.guardrail.identifier
GuardrailIdentifier is the identifier of the Guardrail policy to use for the backend.
Validation
Min length1
Max length256
spec.ai.groups.providers.bedrock.guardrail.version
GuardrailVersion is the version of the Guardrail policy to use for the backend.
Validation
Min length1
Max length256
spec.ai.groups.providers.bedrock.model
Optional: Override the model name, such as
If unset, the model name is taken from the request.
gpt-4o-mini.If unset, the model name is taken from the request.
Validation
Min length1
Max length256
spec.ai.groups.providers.bedrock.region
Region is the AWS region to use for the backend.
Defaults to
Defaults to
us-east-1 if not specified.Validation
Defaultus-east-1
Pattern^[a-z0-9-]+$
Min length1
Max length63
spec.ai.groups.providers.gemini
Gemini provider
spec.ai.groups.providers.gemini.model
Optional: Override the model name, such as
If unset, the model name is taken from the request.
gemini-2.5-pro.If unset, the model name is taken from the request.
Validation
Min length1
Max length256
spec.ai.groups.providers.host
Host specifies the hostname to send the requests to.
If not specified, the default hostname for the provider is used.
If not specified, the default hostname for the provider is used.
Validation
Min length1
Max length256
spec.ai.groups.providers.name
Name of the provider. Policies can target this provider by name.
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Min length1
Max length253
Documentation References (2)
spec.ai.groups.providers.openai
OpenAI provider
Documentation References (2)
spec.ai.groups.providers.openai.model
Optional: Override the model name, such as
If unset, the model name is taken from the request.
gpt-4o-mini.If unset, the model name is taken from the request.
Validation
Min length1
Max length256
Documentation References (2)
spec.ai.groups.providers.path
Path specifies the URL path to use for the LLM provider API requests.
This is useful when you need to route requests to a different API endpoint while maintaining
compatibility with the original provider's API structure.
If not specified, the default path for the provider is used.
This is useful when you need to route requests to a different API endpoint while maintaining
compatibility with the original provider's API structure.
If not specified, the default path for the provider is used.
Validation
Min length1
Max length1024
spec.ai.groups.providers.pathPrefix
PathPrefix overrides the default base path prefix (e.g. "/v1") for upstream requests.
Path translation for cross-format requests still applies using this prefix.
Only supported for OpenAI and Anthropic providers.
Path translation for cross-format requests still applies using this prefix.
Only supported for OpenAI and Anthropic providers.
Validation
Min length1
Max length1024
spec.ai.groups.providers.policies
policies controls policies for communicating with this backend.Policies may also be set in
AgentgatewayPolicy, or in the top-levelAgentgatewayBackend. Policies are merged on a field-level basis, withorder:
AgentgatewayPolicy < AgentgatewayBackend < AgentgatewayBackendLLM provider (this field).
Validation
Rule
at least one of the fields in [ai auth health http tcp tls transformation tunnel] must be set
Documentation References (2)
spec.ai.groups.providers.policies.ai
ai specifies settings for AI workloads. This is only applicable whenconnecting to a
Backend of type ai.Validation
Rule
at least one of the fields in [defaults modelAliases overrides prompt promptCaching promptGuard routes transformations] must be set
spec.ai.groups.providers.policies.ai.defaults
Provide defaults to merge with user input fields. If the field is already set, the field in the request is used.
Validation
Min items1
Max items64
spec.ai.groups.providers.policies.ai.defaults.field
The name of the field.
Validation
Max length256
spec.ai.groups.providers.policies.ai.defaults.value
The field default value, which can be any JSON Data Type.
Validation
Preserve unknown fieldstrue
spec.ai.groups.providers.policies.ai.modelAliases
ModelAliases maps friendly model names to actual provider model names.
Example:
Note: This field is only applicable when using the agentgateway data plane.
Example:
{"fast": "gpt-3.5-turbo", "smart": "gpt-4-turbo"}.Note: This field is only applicable when using the agentgateway data plane.
Validation
Max properties64
spec.ai.groups.providers.policies.ai.overrides
Provide overrides to merge with user input fields. If the field is already set, the field will be overwritten.
Validation
Min items1
Max items64
spec.ai.groups.providers.policies.ai.overrides.field
The name of the field.
Validation
Max length256
spec.ai.groups.providers.policies.ai.overrides.value
The field default value, which can be any JSON Data Type.
Validation
Preserve unknown fieldstrue
spec.ai.groups.providers.policies.ai.prompt
Enrich requests sent to the LLM provider by appending and prepending system prompts. This can be configured only for
LLM providers that use the
LLM providers that use the
CHAT or CHAT_STREAMING API route type.spec.ai.groups.providers.policies.ai.prompt.append
A list of messages to be appended to the prompt sent by the client.
spec.ai.groups.providers.policies.ai.prompt.append.content
String content of the message.
spec.ai.groups.providers.policies.ai.prompt.append.role
Role of the message. The available roles depend on the backend
LLM provider model, such as
LLM provider model, such as
SYSTEM or USER in the OpenAI API.spec.ai.groups.providers.policies.ai.prompt.prepend
A list of messages to be prepended to the prompt sent by the client.
spec.ai.groups.providers.policies.ai.prompt.prepend.content
String content of the message.
spec.ai.groups.providers.policies.ai.prompt.prepend.role
Role of the message. The available roles depend on the backend
LLM provider model, such as
LLM provider model, such as
SYSTEM or USER in the OpenAI API.spec.ai.groups.providers.policies.ai.promptCaching
promptCaching enables automatic prompt caching for supportedproviders, currently AWS Bedrock.
Reduces API costs by caching static content like system prompts and tool definitions.
Only applicable for Bedrock Claude 3+ and Nova models.
spec.ai.groups.providers.policies.ai.promptCaching.cacheMessageOffset
CacheMessageOffset shifts the message cache point further back in the
conversation. 0 (default) places it at the second-to-last message.
Higher values move it N additional messages towards the start, clamped
to bounds.
conversation. 0 (default) places it at the second-to-last message.
Higher values move it N additional messages towards the start, clamped
to bounds.
Validation
Default0
Minimum0
spec.ai.groups.providers.policies.ai.promptCaching.cacheMessages
CacheMessages enables caching for conversation messages.
Caches all messages in the conversation for cost savings.
Caches all messages in the conversation for cost savings.
Validation
Defaulttrue
spec.ai.groups.providers.policies.ai.promptCaching.cacheSystem
CacheSystem enables caching for system prompts.
Inserts a cache point after all system messages.
Inserts a cache point after all system messages.
Validation
Defaulttrue
spec.ai.groups.providers.policies.ai.promptCaching.cacheTools
CacheTools enables caching for tool definitions.
Inserts a cache point after all tool specifications.
Inserts a cache point after all tool specifications.
Validation
Defaultfalse
spec.ai.groups.providers.policies.ai.promptCaching.minTokens
MinTokens specifies the minimum estimated token count
before caching is enabled. Uses rough heuristic (word count × 1.3) to estimate tokens.
Bedrock requires at least 1,024 tokens for caching to be effective.
before caching is enabled. Uses rough heuristic (word count × 1.3) to estimate tokens.
Bedrock requires at least 1,024 tokens for caching to be effective.
Validation
Default1024
Minimum0
spec.ai.groups.providers.policies.ai.promptGuard
promptGuard enables adding guardrails to LLM requests and responses.Validation
Rule
at least one of the fields in [request response] must be set
spec.ai.groups.providers.policies.ai.promptGuard.request
Prompt guards to apply to requests sent by the client.
Validation
Min items1
Max items8
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails
bedrockGuardrails configures AWS Bedrock Guardrails for promptguarding.
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.identifier
GuardrailIdentifier is the identifier of the Guardrail policy to use for the backend.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies
policies controls policies for communicating with AWS Bedrock Guardrails.
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth
auth defines settings for managing authentication to the backend.Validation
Rule
location may only be set for key or passthrough auth
Rule
exactly one of the fields in [key secretRef passthrough aws azure gcp] must be set
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.aws
Auth specifies an explicit AWS authentication method for the backend.
When omitted, we will try to use the default AWS SDK authentication methods.
When omitted, we will try to use the default AWS SDK authentication methods.
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.aws.secretRef
secretRef references a Kubernetes Secret containing the AWScredentials. The
Secret must have keys accessKey, secretKey, andoptionally
sessionToken.Validation
Map typeatomic
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.aws.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.azure
Azure specifies an Azure authentication method for the backend.
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.azure.managedIdentity
Details for managed identity authentication
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.azure.managedIdentity.clientId
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.azure.managedIdentity.objectId
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.azure.managedIdentity.resourceId
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.azure.secretRef
secretRef references a Kubernetes Secret containing the Azurecredentials. The
Secret must have keys clientID, tenantID, andclientSecret.Validation
Map typeatomic
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.azure.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.gcp
Auth specifies to use a Google authentication method for the backend.
When omitted, we will try to use the default AWS SDK authentication methods.
When omitted, we will try to use the default AWS SDK authentication methods.
Validation
Rule
audience is only valid with IdToken
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.gcp.audience
audience allows explicitly configuring the aud of the ID token. Onlyvalid with
IdToken type. If not set, the aud is automaticallyderived from the backend hostname.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.gcp.type
The type of token to generate. To authenticate to GCP services,
generally an
generally an
AccessToken is used. To authenticate to Cloud Run, anIdToken is used.Validation
EnumAccessToken, IdToken
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.key
key provides an inline key to use as the value of theAuthorization header. This option is the least secure; usage of aSecret is preferred.Validation
Max length2048
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.location
location controls where backend credentials are inserted.If omitted, credentials are written to the
Authorization header with the Bearer prefix.This applies to
key, secretRef, and passthrough.Validation
Rule
exactly one of the fields in [header queryParameter cookie] must be set
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.location.cookie
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.location.cookie.name
No description for this field.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.location.header
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.location.header.name
HTTPHeaderName is the name of an HTTP header.
Valid values include:
* "Authorization"
* "Set-Cookie"
* "Set-Cookie"
Invalid values include:
- ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.location.header.prefix
No description for this field.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.location.queryParameter
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.location.queryParameter.name
No description for this field.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.passthrough
passthrough passes through an existing token that has been sent by theclient and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.secretRef
secretRef references a Kubernetes Secret storing the key to use asthe authorization value. This must be stored in the
Authorization key.Validation
Map typeatomic
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.http
http defines settings for managing HTTP requests to the backend.
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.http.requestTimeout
requestTimeout specifies the deadline for receiving a response from the backend.
Validation
Rule
invalid duration value
Rule
requestTimeout must be at least 1ms
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.http.version
version specifies the HTTP protocol version to use when connecting tothe backend.
If not specified, the version is automatically determined:
*
Service types can specify it with appProtocol on the Serviceport.
* If traffic is identified as gRPC,
HTTP2 is used.* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS,
HTTP1 will be used. This isbecause most clients will transparently upgrade HTTPS traffic to
HTTP2, even if the backend doesn't support it.Validation
EnumHTTP1, HTTP2
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.tcp
tcp defines settings for managing TCP connections to the backend.
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.tcp.connectTimeout
connectTimeout defines the deadline for establishing a connection tothe destination.
Validation
Rule
invalid duration value
Rule
connectTimeout must be at least 100ms
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.tcp.keepalive
keepAlive defines settings for enabling TCP keepalives on theconnection.
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.tcp.keepalive.interval
interval specifies the number of seconds between keep-alive probes.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
interval must be at least 1 second
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.tcp.keepalive.retries
retries specifies the maximum number of keep-alive probes to send before dropping the connection.
If unset, this defaults to 9.
If unset, this defaults to 9.
Validation
Formatint32
Minimum1
Maximum64
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.tcp.keepalive.time
time specifies the number of seconds a connection needs to be idle before keep-alive probes start being sent.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
time must be at least 1 second
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.tls
tls defines settings for managing TLS connections to the backend.
If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to
validate the server, and the SNI will automatically be set based on the destination.
validate the server, and the SNI will automatically be set based on the destination.
Validation
Rule
insecureSkipVerify All and caCertificateRefs may not be set together
Rule
insecureSkipVerify and verifySubjectAltNames may not be set together
Rule
at most one of the fields in [verifySubjectAltNames insecureSkipVerify] may be set
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.tls.alpnProtocols
alpnProtocols sets the Application-Layer Protocol Negotiation (ALPN)value to use in the TLS handshake.
If not present, defaults to
["h2", "http/1.1"].Validation
Min items1
Max items16
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.tls.caCertificateRefs
caCertificateRefs defines the CA certificate ConfigMap to use toverify the server certificate.
If unset, the system's trusted certificates are used.
Validation
Max items1
List typeatomic
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.tls.caCertificateRefs.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.tls.insecureSkipVerify
insecureSkipVerify originates TLS but skips verification of the backend's certificate.
WARNING: This is an insecure option that should only be used if the risks are understood.
WARNING: This is an insecure option that should only be used if the risks are understood.
There are two modes:
*
*
mismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
if possible.
*
All disables all TLS verification.*
Hostname verifies the CA certificate is trusted, but ignores anymismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
verifySubjectAltNames to customize the valid hostnamesif possible.
Validation
EnumAll, Hostname
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.tls.mtlsCertificateRef
mtlsCertificateRef enables mutual TLS to the backend, using thespecified key (
tls.key) and cert (tls.crt) from the referencedSecret.An optional
server certificate. If
ca.cert field, if present, will be used to verify theserver certificate. If
caCertificateRefs is also specified, thecaCertificateRefs field takes priority.If unspecified, no client certificate will be used.
Validation
Max items1
List typeatomic
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.tls.mtlsCertificateRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.tls.sni
sni specifies the Server Name Indicator (SNI) to be used in the TLShandshake. If unset, the
SNI is automatically set based on thedestination hostname.
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Min length1
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.tls.verifySubjectAltNames
verifySubjectAltNames specifies the Subject Alternative Names (SAN)to verify in the server certificate.
If not present, the destination hostname is automatically used.
Validation
Min items1
Max items16
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.tunnel
tunnel defines settings for managing tunnel connections (with behavior like HTTPS_PROXY) to the backend.spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.tunnel.backendRef
backendRef references the proxy server to reach.Supported types:
Service and Backend.Validation
Rule
Must have port for Service reference
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.tunnel.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.tunnel.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.tunnel.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.tunnel.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.tunnel.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.region
Region is the AWS region where the guardrail is deployed (for example,
us-west-2).Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.version
GuardrailVersion is the version of the Guardrail policy to use for the backend.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor
googleModelArmor configures Google Model Armor for prompt guarding.spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.location
Location is the Google Cloud location (for example,
Defaults to
us-central1).Defaults to
us-central1 if not specified.Validation
Defaultus-central1
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies
policies controls policies for communicating with Google Model Armor.
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth
auth defines settings for managing authentication to the backend.Validation
Rule
location may only be set for key or passthrough auth
Rule
exactly one of the fields in [key secretRef passthrough aws azure gcp] must be set
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.aws
Auth specifies an explicit AWS authentication method for the backend.
When omitted, we will try to use the default AWS SDK authentication methods.
When omitted, we will try to use the default AWS SDK authentication methods.
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.aws.secretRef
secretRef references a Kubernetes Secret containing the AWScredentials. The
Secret must have keys accessKey, secretKey, andoptionally
sessionToken.Validation
Map typeatomic
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.aws.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.azure
Azure specifies an Azure authentication method for the backend.
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.azure.managedIdentity
Details for managed identity authentication
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.azure.managedIdentity.clientId
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.azure.managedIdentity.objectId
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.azure.managedIdentity.resourceId
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.azure.secretRef
secretRef references a Kubernetes Secret containing the Azurecredentials. The
Secret must have keys clientID, tenantID, andclientSecret.Validation
Map typeatomic
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.azure.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.gcp
Auth specifies to use a Google authentication method for the backend.
When omitted, we will try to use the default AWS SDK authentication methods.
When omitted, we will try to use the default AWS SDK authentication methods.
Validation
Rule
audience is only valid with IdToken
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.gcp.audience
audience allows explicitly configuring the aud of the ID token. Onlyvalid with
IdToken type. If not set, the aud is automaticallyderived from the backend hostname.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.gcp.type
The type of token to generate. To authenticate to GCP services,
generally an
generally an
AccessToken is used. To authenticate to Cloud Run, anIdToken is used.Validation
EnumAccessToken, IdToken
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.key
key provides an inline key to use as the value of theAuthorization header. This option is the least secure; usage of aSecret is preferred.Validation
Max length2048
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.location
location controls where backend credentials are inserted.If omitted, credentials are written to the
Authorization header with the Bearer prefix.This applies to
key, secretRef, and passthrough.Validation
Rule
exactly one of the fields in [header queryParameter cookie] must be set
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.location.cookie
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.location.cookie.name
No description for this field.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.location.header
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.location.header.name
HTTPHeaderName is the name of an HTTP header.
Valid values include:
* "Authorization"
* "Set-Cookie"
* "Set-Cookie"
Invalid values include:
- ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.location.header.prefix
No description for this field.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.location.queryParameter
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.location.queryParameter.name
No description for this field.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.passthrough
passthrough passes through an existing token that has been sent by theclient and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.secretRef
secretRef references a Kubernetes Secret storing the key to use asthe authorization value. This must be stored in the
Authorization key.Validation
Map typeatomic
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.http
http defines settings for managing HTTP requests to the backend.
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.http.requestTimeout
requestTimeout specifies the deadline for receiving a response from the backend.
Validation
Rule
invalid duration value
Rule
requestTimeout must be at least 1ms
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.http.version
version specifies the HTTP protocol version to use when connecting tothe backend.
If not specified, the version is automatically determined:
*
Service types can specify it with appProtocol on the Serviceport.
* If traffic is identified as gRPC,
HTTP2 is used.* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS,
HTTP1 will be used. This isbecause most clients will transparently upgrade HTTPS traffic to
HTTP2, even if the backend doesn't support it.Validation
EnumHTTP1, HTTP2
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.tcp
tcp defines settings for managing TCP connections to the backend.
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.tcp.connectTimeout
connectTimeout defines the deadline for establishing a connection tothe destination.
Validation
Rule
invalid duration value
Rule
connectTimeout must be at least 100ms
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.tcp.keepalive
keepAlive defines settings for enabling TCP keepalives on theconnection.
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.tcp.keepalive.interval
interval specifies the number of seconds between keep-alive probes.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
interval must be at least 1 second
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.tcp.keepalive.retries
retries specifies the maximum number of keep-alive probes to send before dropping the connection.
If unset, this defaults to 9.
If unset, this defaults to 9.
Validation
Formatint32
Minimum1
Maximum64
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.tcp.keepalive.time
time specifies the number of seconds a connection needs to be idle before keep-alive probes start being sent.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
time must be at least 1 second
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.tls
tls defines settings for managing TLS connections to the backend.
If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to
validate the server, and the SNI will automatically be set based on the destination.
validate the server, and the SNI will automatically be set based on the destination.
Validation
Rule
insecureSkipVerify All and caCertificateRefs may not be set together
Rule
insecureSkipVerify and verifySubjectAltNames may not be set together
Rule
at most one of the fields in [verifySubjectAltNames insecureSkipVerify] may be set
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.tls.alpnProtocols
alpnProtocols sets the Application-Layer Protocol Negotiation (ALPN)value to use in the TLS handshake.
If not present, defaults to
["h2", "http/1.1"].Validation
Min items1
Max items16
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.tls.caCertificateRefs
caCertificateRefs defines the CA certificate ConfigMap to use toverify the server certificate.
If unset, the system's trusted certificates are used.
Validation
Max items1
List typeatomic
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.tls.caCertificateRefs.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.tls.insecureSkipVerify
insecureSkipVerify originates TLS but skips verification of the backend's certificate.
WARNING: This is an insecure option that should only be used if the risks are understood.
WARNING: This is an insecure option that should only be used if the risks are understood.
There are two modes:
*
*
mismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
if possible.
*
All disables all TLS verification.*
Hostname verifies the CA certificate is trusted, but ignores anymismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
verifySubjectAltNames to customize the valid hostnamesif possible.
Validation
EnumAll, Hostname
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.tls.mtlsCertificateRef
mtlsCertificateRef enables mutual TLS to the backend, using thespecified key (
tls.key) and cert (tls.crt) from the referencedSecret.An optional
server certificate. If
ca.cert field, if present, will be used to verify theserver certificate. If
caCertificateRefs is also specified, thecaCertificateRefs field takes priority.If unspecified, no client certificate will be used.
Validation
Max items1
List typeatomic
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.tls.mtlsCertificateRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.tls.sni
sni specifies the Server Name Indicator (SNI) to be used in the TLShandshake. If unset, the
SNI is automatically set based on thedestination hostname.
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Min length1
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.tls.verifySubjectAltNames
verifySubjectAltNames specifies the Subject Alternative Names (SAN)to verify in the server certificate.
If not present, the destination hostname is automatically used.
Validation
Min items1
Max items16
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.tunnel
tunnel defines settings for managing tunnel connections (with behavior like HTTPS_PROXY) to the backend.spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.tunnel.backendRef
backendRef references the proxy server to reach.Supported types:
Service and Backend.Validation
Rule
Must have port for Service reference
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.tunnel.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.tunnel.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.tunnel.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.tunnel.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.tunnel.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.projectId
ProjectID is the Google Cloud project ID.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.templateId
TemplateID is the template ID for Google Model Armor.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration
openAIModeration passes prompt data through the OpenAI Moderationsendpoint.
See https://developers.openai.com/api/reference/resources/moderations for more information.
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.model
model specifies the moderation model to use. For example,omni-moderation.spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies
policies controls policies for communicating with OpenAI.
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth
auth defines settings for managing authentication to the backend.Validation
Rule
location may only be set for key or passthrough auth
Rule
exactly one of the fields in [key secretRef passthrough aws azure gcp] must be set
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.aws
Auth specifies an explicit AWS authentication method for the backend.
When omitted, we will try to use the default AWS SDK authentication methods.
When omitted, we will try to use the default AWS SDK authentication methods.
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.aws.secretRef
secretRef references a Kubernetes Secret containing the AWScredentials. The
Secret must have keys accessKey, secretKey, andoptionally
sessionToken.Validation
Map typeatomic
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.aws.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.azure
Azure specifies an Azure authentication method for the backend.
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.azure.managedIdentity
Details for managed identity authentication
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.azure.managedIdentity.clientId
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.azure.managedIdentity.objectId
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.azure.managedIdentity.resourceId
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.azure.secretRef
secretRef references a Kubernetes Secret containing the Azurecredentials. The
Secret must have keys clientID, tenantID, andclientSecret.Validation
Map typeatomic
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.azure.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.gcp
Auth specifies to use a Google authentication method for the backend.
When omitted, we will try to use the default AWS SDK authentication methods.
When omitted, we will try to use the default AWS SDK authentication methods.
Validation
Rule
audience is only valid with IdToken
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.gcp.audience
audience allows explicitly configuring the aud of the ID token. Onlyvalid with
IdToken type. If not set, the aud is automaticallyderived from the backend hostname.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.gcp.type
The type of token to generate. To authenticate to GCP services,
generally an
generally an
AccessToken is used. To authenticate to Cloud Run, anIdToken is used.Validation
EnumAccessToken, IdToken
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.key
key provides an inline key to use as the value of theAuthorization header. This option is the least secure; usage of aSecret is preferred.Validation
Max length2048
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.location
location controls where backend credentials are inserted.If omitted, credentials are written to the
Authorization header with the Bearer prefix.This applies to
key, secretRef, and passthrough.Validation
Rule
exactly one of the fields in [header queryParameter cookie] must be set
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.location.cookie
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.location.cookie.name
No description for this field.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.location.header
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.location.header.name
HTTPHeaderName is the name of an HTTP header.
Valid values include:
* "Authorization"
* "Set-Cookie"
* "Set-Cookie"
Invalid values include:
- ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.location.header.prefix
No description for this field.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.location.queryParameter
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.location.queryParameter.name
No description for this field.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.passthrough
passthrough passes through an existing token that has been sent by theclient and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.secretRef
secretRef references a Kubernetes Secret storing the key to use asthe authorization value. This must be stored in the
Authorization key.Validation
Map typeatomic
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.http
http defines settings for managing HTTP requests to the backend.
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.http.requestTimeout
requestTimeout specifies the deadline for receiving a response from the backend.
Validation
Rule
invalid duration value
Rule
requestTimeout must be at least 1ms
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.http.version
version specifies the HTTP protocol version to use when connecting tothe backend.
If not specified, the version is automatically determined:
*
Service types can specify it with appProtocol on the Serviceport.
* If traffic is identified as gRPC,
HTTP2 is used.* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS,
HTTP1 will be used. This isbecause most clients will transparently upgrade HTTPS traffic to
HTTP2, even if the backend doesn't support it.Validation
EnumHTTP1, HTTP2
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.tcp
tcp defines settings for managing TCP connections to the backend.
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.tcp.connectTimeout
connectTimeout defines the deadline for establishing a connection tothe destination.
Validation
Rule
invalid duration value
Rule
connectTimeout must be at least 100ms
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.tcp.keepalive
keepAlive defines settings for enabling TCP keepalives on theconnection.
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.tcp.keepalive.interval
interval specifies the number of seconds between keep-alive probes.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
interval must be at least 1 second
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.tcp.keepalive.retries
retries specifies the maximum number of keep-alive probes to send before dropping the connection.
If unset, this defaults to 9.
If unset, this defaults to 9.
Validation
Formatint32
Minimum1
Maximum64
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.tcp.keepalive.time
time specifies the number of seconds a connection needs to be idle before keep-alive probes start being sent.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
time must be at least 1 second
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.tls
tls defines settings for managing TLS connections to the backend.
If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to
validate the server, and the SNI will automatically be set based on the destination.
validate the server, and the SNI will automatically be set based on the destination.
Validation
Rule
insecureSkipVerify All and caCertificateRefs may not be set together
Rule
insecureSkipVerify and verifySubjectAltNames may not be set together
Rule
at most one of the fields in [verifySubjectAltNames insecureSkipVerify] may be set
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.tls.alpnProtocols
alpnProtocols sets the Application-Layer Protocol Negotiation (ALPN)value to use in the TLS handshake.
If not present, defaults to
["h2", "http/1.1"].Validation
Min items1
Max items16
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.tls.caCertificateRefs
caCertificateRefs defines the CA certificate ConfigMap to use toverify the server certificate.
If unset, the system's trusted certificates are used.
Validation
Max items1
List typeatomic
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.tls.caCertificateRefs.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.tls.insecureSkipVerify
insecureSkipVerify originates TLS but skips verification of the backend's certificate.
WARNING: This is an insecure option that should only be used if the risks are understood.
WARNING: This is an insecure option that should only be used if the risks are understood.
There are two modes:
*
*
mismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
if possible.
*
All disables all TLS verification.*
Hostname verifies the CA certificate is trusted, but ignores anymismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
verifySubjectAltNames to customize the valid hostnamesif possible.
Validation
EnumAll, Hostname
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.tls.mtlsCertificateRef
mtlsCertificateRef enables mutual TLS to the backend, using thespecified key (
tls.key) and cert (tls.crt) from the referencedSecret.An optional
server certificate. If
ca.cert field, if present, will be used to verify theserver certificate. If
caCertificateRefs is also specified, thecaCertificateRefs field takes priority.If unspecified, no client certificate will be used.
Validation
Max items1
List typeatomic
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.tls.mtlsCertificateRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.tls.sni
sni specifies the Server Name Indicator (SNI) to be used in the TLShandshake. If unset, the
SNI is automatically set based on thedestination hostname.
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Min length1
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.tls.verifySubjectAltNames
verifySubjectAltNames specifies the Subject Alternative Names (SAN)to verify in the server certificate.
If not present, the destination hostname is automatically used.
Validation
Min items1
Max items16
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.tunnel
tunnel defines settings for managing tunnel connections (with behavior like HTTPS_PROXY) to the backend.spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.tunnel.backendRef
backendRef references the proxy server to reach.Supported types:
Service and Backend.Validation
Rule
Must have port for Service reference
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.tunnel.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.tunnel.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.tunnel.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.tunnel.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.tunnel.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
spec.ai.groups.providers.policies.ai.promptGuard.request.regex
Regular expression (regex) matching for prompt guards and data masking.
spec.ai.groups.providers.policies.ai.promptGuard.request.regex.action
The action to take if a regex pattern is matched in a request or response.
This setting applies only to request matches.
matches are always masked by default.
Defaults to
This setting applies only to request matches.
PromptguardResponsematches are always masked by default.
Defaults to
Mask.Validation
EnumMask, Reject
DefaultMask
spec.ai.groups.providers.policies.ai.promptGuard.request.regex.builtins
A list of built-in regex patterns to match against the request or response.
Matches and built-ins are additive.
Matches and built-ins are additive.
spec.ai.groups.providers.policies.ai.promptGuard.request.regex.matches
A list of regex patterns to match against the request or response.
Matches and built-ins are additive.
Matches and built-ins are additive.
spec.ai.groups.providers.policies.ai.promptGuard.request.response
A custom response message to return to the client. If not specified, defaults to
The request was rejected due to inappropriate content.Validation
Rule
at least one of the fields in [message statusCode] must be set
spec.ai.groups.providers.policies.ai.promptGuard.request.response.message
A custom response message to return to the client. If not specified, defaults to
The request was rejected due to inappropriate content.Validation
DefaultThe request was rejected due to inappropriate content
spec.ai.groups.providers.policies.ai.promptGuard.request.response.statusCode
The status code to return to the client. Defaults to 403.
Validation
Default403
Formatint32
Minimum200
Maximum599
spec.ai.groups.providers.policies.ai.promptGuard.request.webhook
Configure a webhook to forward requests to for prompt guarding.
spec.ai.groups.providers.policies.ai.promptGuard.request.webhook.backendRef
backendRef references the webhook server to reach.
Supported types: Service and Backend.
Validation
Rule
Must have port for Service reference
spec.ai.groups.providers.policies.ai.promptGuard.request.webhook.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.request.webhook.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.ai.groups.providers.policies.ai.promptGuard.request.webhook.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.request.webhook.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.ai.groups.providers.policies.ai.promptGuard.request.webhook.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
spec.ai.groups.providers.policies.ai.promptGuard.request.webhook.forwardHeaderMatches
ForwardHeaderMatches defines a list of HTTP header matches that will be
used to select the headers to forward to the webhook.
Request headers are used when forwarding requests and response headers
are used when forwarding responses.
By default, no headers are forwarded.
used to select the headers to forward to the webhook.
Request headers are used when forwarding requests and response headers
are used when forwarding responses.
By default, no headers are forwarded.
spec.ai.groups.providers.policies.ai.promptGuard.request.webhook.forwardHeaderMatches.name
Name is the name of the HTTP Header to be matched. Name matching MUST be
case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
If multiple entries specify equivalent header names, only the first
entry with an equivalent name MUST be considered for a match. Subsequent
entries with an equivalent header name MUST be ignored. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered
equivalent.
entry with an equivalent name MUST be considered for a match. Subsequent
entries with an equivalent header name MUST be ignored. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered
equivalent.
When a header is repeated in an HTTP request, it is
implementation-specific behavior as to how this is represented.
Generally, proxies should follow the guidance from the RFC:
https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding
processing a repeated header, with special handling for "Set-Cookie".
implementation-specific behavior as to how this is represented.
Generally, proxies should follow the guidance from the RFC:
https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding
processing a repeated header, with special handling for "Set-Cookie".
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.request.webhook.forwardHeaderMatches.type
Type specifies how to match against the value of the header.
Support: Core (Exact)
Support: Implementation-specific (RegularExpression)
Since RegularExpression HeaderMatchType has implementation-specific
conformance, implementations can support POSIX, PCRE or any other dialects
of regular expressions. Please read the implementation's documentation to
determine the supported dialect.
conformance, implementations can support POSIX, PCRE or any other dialects
of regular expressions. Please read the implementation's documentation to
determine the supported dialect.
Validation
EnumExact, RegularExpression
DefaultExact
spec.ai.groups.providers.policies.ai.promptGuard.request.webhook.forwardHeaderMatches.value
Value is the value of HTTP Header to be matched.
<gateway:experimental:description>
Must consist of printable US-ASCII characters, optionally separated
by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2
</gateway:experimental:description>
<gateway:experimental:description>
Must consist of printable US-ASCII characters, optionally separated
by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2
</gateway:experimental:description>
<gateway:experimental:validation:Pattern=
^[!-~]+([\t ]?[!-~]+)*$>Validation
Min length1
Max length4096
spec.ai.groups.providers.policies.ai.promptGuard.response
Prompt guards to apply to responses returned by the LLM provider.
Validation
Min items1
Max items8
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails
bedrockGuardrails configures AWS Bedrock Guardrails for promptguarding.
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.identifier
GuardrailIdentifier is the identifier of the Guardrail policy to use for the backend.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies
policies controls policies for communicating with AWS Bedrock Guardrails.
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth
auth defines settings for managing authentication to the backend.Validation
Rule
location may only be set for key or passthrough auth
Rule
exactly one of the fields in [key secretRef passthrough aws azure gcp] must be set
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.aws
Auth specifies an explicit AWS authentication method for the backend.
When omitted, we will try to use the default AWS SDK authentication methods.
When omitted, we will try to use the default AWS SDK authentication methods.
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.aws.secretRef
secretRef references a Kubernetes Secret containing the AWScredentials. The
Secret must have keys accessKey, secretKey, andoptionally
sessionToken.Validation
Map typeatomic
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.aws.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.azure
Azure specifies an Azure authentication method for the backend.
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.azure.managedIdentity
Details for managed identity authentication
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.azure.managedIdentity.clientId
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.azure.managedIdentity.objectId
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.azure.managedIdentity.resourceId
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.azure.secretRef
secretRef references a Kubernetes Secret containing the Azurecredentials. The
Secret must have keys clientID, tenantID, andclientSecret.Validation
Map typeatomic
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.azure.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.gcp
Auth specifies to use a Google authentication method for the backend.
When omitted, we will try to use the default AWS SDK authentication methods.
When omitted, we will try to use the default AWS SDK authentication methods.
Validation
Rule
audience is only valid with IdToken
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.gcp.audience
audience allows explicitly configuring the aud of the ID token. Onlyvalid with
IdToken type. If not set, the aud is automaticallyderived from the backend hostname.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.gcp.type
The type of token to generate. To authenticate to GCP services,
generally an
generally an
AccessToken is used. To authenticate to Cloud Run, anIdToken is used.Validation
EnumAccessToken, IdToken
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.key
key provides an inline key to use as the value of theAuthorization header. This option is the least secure; usage of aSecret is preferred.Validation
Max length2048
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.location
location controls where backend credentials are inserted.If omitted, credentials are written to the
Authorization header with the Bearer prefix.This applies to
key, secretRef, and passthrough.Validation
Rule
exactly one of the fields in [header queryParameter cookie] must be set
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.location.cookie
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.location.cookie.name
No description for this field.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.location.header
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.location.header.name
HTTPHeaderName is the name of an HTTP header.
Valid values include:
* "Authorization"
* "Set-Cookie"
* "Set-Cookie"
Invalid values include:
- ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.location.header.prefix
No description for this field.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.location.queryParameter
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.location.queryParameter.name
No description for this field.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.passthrough
passthrough passes through an existing token that has been sent by theclient and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.secretRef
secretRef references a Kubernetes Secret storing the key to use asthe authorization value. This must be stored in the
Authorization key.Validation
Map typeatomic
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.http
http defines settings for managing HTTP requests to the backend.
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.http.requestTimeout
requestTimeout specifies the deadline for receiving a response from the backend.
Validation
Rule
invalid duration value
Rule
requestTimeout must be at least 1ms
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.http.version
version specifies the HTTP protocol version to use when connecting tothe backend.
If not specified, the version is automatically determined:
*
Service types can specify it with appProtocol on the Serviceport.
* If traffic is identified as gRPC,
HTTP2 is used.* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS,
HTTP1 will be used. This isbecause most clients will transparently upgrade HTTPS traffic to
HTTP2, even if the backend doesn't support it.Validation
EnumHTTP1, HTTP2
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.tcp
tcp defines settings for managing TCP connections to the backend.
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.tcp.connectTimeout
connectTimeout defines the deadline for establishing a connection tothe destination.
Validation
Rule
invalid duration value
Rule
connectTimeout must be at least 100ms
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.tcp.keepalive
keepAlive defines settings for enabling TCP keepalives on theconnection.
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.tcp.keepalive.interval
interval specifies the number of seconds between keep-alive probes.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
interval must be at least 1 second
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.tcp.keepalive.retries
retries specifies the maximum number of keep-alive probes to send before dropping the connection.
If unset, this defaults to 9.
If unset, this defaults to 9.
Validation
Formatint32
Minimum1
Maximum64
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.tcp.keepalive.time
time specifies the number of seconds a connection needs to be idle before keep-alive probes start being sent.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
time must be at least 1 second
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.tls
tls defines settings for managing TLS connections to the backend.
If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to
validate the server, and the SNI will automatically be set based on the destination.
validate the server, and the SNI will automatically be set based on the destination.
Validation
Rule
insecureSkipVerify All and caCertificateRefs may not be set together
Rule
insecureSkipVerify and verifySubjectAltNames may not be set together
Rule
at most one of the fields in [verifySubjectAltNames insecureSkipVerify] may be set
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.tls.alpnProtocols
alpnProtocols sets the Application-Layer Protocol Negotiation (ALPN)value to use in the TLS handshake.
If not present, defaults to
["h2", "http/1.1"].Validation
Min items1
Max items16
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.tls.caCertificateRefs
caCertificateRefs defines the CA certificate ConfigMap to use toverify the server certificate.
If unset, the system's trusted certificates are used.
Validation
Max items1
List typeatomic
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.tls.caCertificateRefs.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.tls.insecureSkipVerify
insecureSkipVerify originates TLS but skips verification of the backend's certificate.
WARNING: This is an insecure option that should only be used if the risks are understood.
WARNING: This is an insecure option that should only be used if the risks are understood.
There are two modes:
*
*
mismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
if possible.
*
All disables all TLS verification.*
Hostname verifies the CA certificate is trusted, but ignores anymismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
verifySubjectAltNames to customize the valid hostnamesif possible.
Validation
EnumAll, Hostname
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.tls.mtlsCertificateRef
mtlsCertificateRef enables mutual TLS to the backend, using thespecified key (
tls.key) and cert (tls.crt) from the referencedSecret.An optional
server certificate. If
ca.cert field, if present, will be used to verify theserver certificate. If
caCertificateRefs is also specified, thecaCertificateRefs field takes priority.If unspecified, no client certificate will be used.
Validation
Max items1
List typeatomic
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.tls.mtlsCertificateRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.tls.sni
sni specifies the Server Name Indicator (SNI) to be used in the TLShandshake. If unset, the
SNI is automatically set based on thedestination hostname.
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Min length1
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.tls.verifySubjectAltNames
verifySubjectAltNames specifies the Subject Alternative Names (SAN)to verify in the server certificate.
If not present, the destination hostname is automatically used.
Validation
Min items1
Max items16
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.tunnel
tunnel defines settings for managing tunnel connections (with behavior like HTTPS_PROXY) to the backend.spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.tunnel.backendRef
backendRef references the proxy server to reach.Supported types:
Service and Backend.Validation
Rule
Must have port for Service reference
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.tunnel.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.tunnel.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.tunnel.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.tunnel.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.tunnel.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.region
Region is the AWS region where the guardrail is deployed (for example,
us-west-2).Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.version
GuardrailVersion is the version of the Guardrail policy to use for the backend.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor
googleModelArmor configures Google Model Armor for prompt guarding.spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.location
Location is the Google Cloud location (for example,
Defaults to
us-central1).Defaults to
us-central1 if not specified.Validation
Defaultus-central1
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies
policies controls policies for communicating with Google Model Armor.
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth
auth defines settings for managing authentication to the backend.Validation
Rule
location may only be set for key or passthrough auth
Rule
exactly one of the fields in [key secretRef passthrough aws azure gcp] must be set
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.aws
Auth specifies an explicit AWS authentication method for the backend.
When omitted, we will try to use the default AWS SDK authentication methods.
When omitted, we will try to use the default AWS SDK authentication methods.
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.aws.secretRef
secretRef references a Kubernetes Secret containing the AWScredentials. The
Secret must have keys accessKey, secretKey, andoptionally
sessionToken.Validation
Map typeatomic
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.aws.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.azure
Azure specifies an Azure authentication method for the backend.
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.azure.managedIdentity
Details for managed identity authentication
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.azure.managedIdentity.clientId
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.azure.managedIdentity.objectId
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.azure.managedIdentity.resourceId
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.azure.secretRef
secretRef references a Kubernetes Secret containing the Azurecredentials. The
Secret must have keys clientID, tenantID, andclientSecret.Validation
Map typeatomic
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.azure.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.gcp
Auth specifies to use a Google authentication method for the backend.
When omitted, we will try to use the default AWS SDK authentication methods.
When omitted, we will try to use the default AWS SDK authentication methods.
Validation
Rule
audience is only valid with IdToken
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.gcp.audience
audience allows explicitly configuring the aud of the ID token. Onlyvalid with
IdToken type. If not set, the aud is automaticallyderived from the backend hostname.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.gcp.type
The type of token to generate. To authenticate to GCP services,
generally an
generally an
AccessToken is used. To authenticate to Cloud Run, anIdToken is used.Validation
EnumAccessToken, IdToken
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.key
key provides an inline key to use as the value of theAuthorization header. This option is the least secure; usage of aSecret is preferred.Validation
Max length2048
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.location
location controls where backend credentials are inserted.If omitted, credentials are written to the
Authorization header with the Bearer prefix.This applies to
key, secretRef, and passthrough.Validation
Rule
exactly one of the fields in [header queryParameter cookie] must be set
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.location.cookie
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.location.cookie.name
No description for this field.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.location.header
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.location.header.name
HTTPHeaderName is the name of an HTTP header.
Valid values include:
* "Authorization"
* "Set-Cookie"
* "Set-Cookie"
Invalid values include:
- ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.location.header.prefix
No description for this field.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.location.queryParameter
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.location.queryParameter.name
No description for this field.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.passthrough
passthrough passes through an existing token that has been sent by theclient and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.secretRef
secretRef references a Kubernetes Secret storing the key to use asthe authorization value. This must be stored in the
Authorization key.Validation
Map typeatomic
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.http
http defines settings for managing HTTP requests to the backend.
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.http.requestTimeout
requestTimeout specifies the deadline for receiving a response from the backend.
Validation
Rule
invalid duration value
Rule
requestTimeout must be at least 1ms
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.http.version
version specifies the HTTP protocol version to use when connecting tothe backend.
If not specified, the version is automatically determined:
*
Service types can specify it with appProtocol on the Serviceport.
* If traffic is identified as gRPC,
HTTP2 is used.* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS,
HTTP1 will be used. This isbecause most clients will transparently upgrade HTTPS traffic to
HTTP2, even if the backend doesn't support it.Validation
EnumHTTP1, HTTP2
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.tcp
tcp defines settings for managing TCP connections to the backend.
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.tcp.connectTimeout
connectTimeout defines the deadline for establishing a connection tothe destination.
Validation
Rule
invalid duration value
Rule
connectTimeout must be at least 100ms
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.tcp.keepalive
keepAlive defines settings for enabling TCP keepalives on theconnection.
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.tcp.keepalive.interval
interval specifies the number of seconds between keep-alive probes.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
interval must be at least 1 second
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.tcp.keepalive.retries
retries specifies the maximum number of keep-alive probes to send before dropping the connection.
If unset, this defaults to 9.
If unset, this defaults to 9.
Validation
Formatint32
Minimum1
Maximum64
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.tcp.keepalive.time
time specifies the number of seconds a connection needs to be idle before keep-alive probes start being sent.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
time must be at least 1 second
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.tls
tls defines settings for managing TLS connections to the backend.
If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to
validate the server, and the SNI will automatically be set based on the destination.
validate the server, and the SNI will automatically be set based on the destination.
Validation
Rule
insecureSkipVerify All and caCertificateRefs may not be set together
Rule
insecureSkipVerify and verifySubjectAltNames may not be set together
Rule
at most one of the fields in [verifySubjectAltNames insecureSkipVerify] may be set
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.tls.alpnProtocols
alpnProtocols sets the Application-Layer Protocol Negotiation (ALPN)value to use in the TLS handshake.
If not present, defaults to
["h2", "http/1.1"].Validation
Min items1
Max items16
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.tls.caCertificateRefs
caCertificateRefs defines the CA certificate ConfigMap to use toverify the server certificate.
If unset, the system's trusted certificates are used.
Validation
Max items1
List typeatomic
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.tls.caCertificateRefs.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.tls.insecureSkipVerify
insecureSkipVerify originates TLS but skips verification of the backend's certificate.
WARNING: This is an insecure option that should only be used if the risks are understood.
WARNING: This is an insecure option that should only be used if the risks are understood.
There are two modes:
*
*
mismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
if possible.
*
All disables all TLS verification.*
Hostname verifies the CA certificate is trusted, but ignores anymismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
verifySubjectAltNames to customize the valid hostnamesif possible.
Validation
EnumAll, Hostname
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.tls.mtlsCertificateRef
mtlsCertificateRef enables mutual TLS to the backend, using thespecified key (
tls.key) and cert (tls.crt) from the referencedSecret.An optional
server certificate. If
ca.cert field, if present, will be used to verify theserver certificate. If
caCertificateRefs is also specified, thecaCertificateRefs field takes priority.If unspecified, no client certificate will be used.
Validation
Max items1
List typeatomic
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.tls.mtlsCertificateRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.tls.sni
sni specifies the Server Name Indicator (SNI) to be used in the TLShandshake. If unset, the
SNI is automatically set based on thedestination hostname.
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Min length1
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.tls.verifySubjectAltNames
verifySubjectAltNames specifies the Subject Alternative Names (SAN)to verify in the server certificate.
If not present, the destination hostname is automatically used.
Validation
Min items1
Max items16
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.tunnel
tunnel defines settings for managing tunnel connections (with behavior like HTTPS_PROXY) to the backend.spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.tunnel.backendRef
backendRef references the proxy server to reach.Supported types:
Service and Backend.Validation
Rule
Must have port for Service reference
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.tunnel.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.tunnel.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.tunnel.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.tunnel.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.tunnel.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.projectId
ProjectID is the Google Cloud project ID.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.templateId
TemplateID is the template ID for Google Model Armor.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.response.regex
Regular expression (regex) matching for prompt guards and data masking.
spec.ai.groups.providers.policies.ai.promptGuard.response.regex.action
The action to take if a regex pattern is matched in a request or response.
This setting applies only to request matches.
matches are always masked by default.
Defaults to
This setting applies only to request matches.
PromptguardResponsematches are always masked by default.
Defaults to
Mask.Validation
EnumMask, Reject
DefaultMask
spec.ai.groups.providers.policies.ai.promptGuard.response.regex.builtins
A list of built-in regex patterns to match against the request or response.
Matches and built-ins are additive.
Matches and built-ins are additive.
spec.ai.groups.providers.policies.ai.promptGuard.response.regex.matches
A list of regex patterns to match against the request or response.
Matches and built-ins are additive.
Matches and built-ins are additive.
spec.ai.groups.providers.policies.ai.promptGuard.response.response
A custom response message to return to the client. If not specified, defaults to
The response was rejected due to inappropriate content.Validation
Rule
at least one of the fields in [message statusCode] must be set
spec.ai.groups.providers.policies.ai.promptGuard.response.response.message
A custom response message to return to the client. If not specified, defaults to
The request was rejected due to inappropriate content.Validation
DefaultThe request was rejected due to inappropriate content
spec.ai.groups.providers.policies.ai.promptGuard.response.response.statusCode
The status code to return to the client. Defaults to 403.
Validation
Default403
Formatint32
Minimum200
Maximum599
spec.ai.groups.providers.policies.ai.promptGuard.response.webhook
Configure a webhook to forward responses to for prompt guarding.
spec.ai.groups.providers.policies.ai.promptGuard.response.webhook.backendRef
backendRef references the webhook server to reach.
Supported types: Service and Backend.
Validation
Rule
Must have port for Service reference
spec.ai.groups.providers.policies.ai.promptGuard.response.webhook.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.response.webhook.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.ai.groups.providers.policies.ai.promptGuard.response.webhook.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.response.webhook.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.ai.groups.providers.policies.ai.promptGuard.response.webhook.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
spec.ai.groups.providers.policies.ai.promptGuard.response.webhook.forwardHeaderMatches
ForwardHeaderMatches defines a list of HTTP header matches that will be
used to select the headers to forward to the webhook.
Request headers are used when forwarding requests and response headers
are used when forwarding responses.
By default, no headers are forwarded.
used to select the headers to forward to the webhook.
Request headers are used when forwarding requests and response headers
are used when forwarding responses.
By default, no headers are forwarded.
spec.ai.groups.providers.policies.ai.promptGuard.response.webhook.forwardHeaderMatches.name
Name is the name of the HTTP Header to be matched. Name matching MUST be
case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
If multiple entries specify equivalent header names, only the first
entry with an equivalent name MUST be considered for a match. Subsequent
entries with an equivalent header name MUST be ignored. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered
equivalent.
entry with an equivalent name MUST be considered for a match. Subsequent
entries with an equivalent header name MUST be ignored. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered
equivalent.
When a header is repeated in an HTTP request, it is
implementation-specific behavior as to how this is represented.
Generally, proxies should follow the guidance from the RFC:
https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding
processing a repeated header, with special handling for "Set-Cookie".
implementation-specific behavior as to how this is represented.
Generally, proxies should follow the guidance from the RFC:
https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding
processing a repeated header, with special handling for "Set-Cookie".
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.response.webhook.forwardHeaderMatches.type
Type specifies how to match against the value of the header.
Support: Core (Exact)
Support: Implementation-specific (RegularExpression)
Since RegularExpression HeaderMatchType has implementation-specific
conformance, implementations can support POSIX, PCRE or any other dialects
of regular expressions. Please read the implementation's documentation to
determine the supported dialect.
conformance, implementations can support POSIX, PCRE or any other dialects
of regular expressions. Please read the implementation's documentation to
determine the supported dialect.
Validation
EnumExact, RegularExpression
DefaultExact
spec.ai.groups.providers.policies.ai.promptGuard.response.webhook.forwardHeaderMatches.value
Value is the value of HTTP Header to be matched.
<gateway:experimental:description>
Must consist of printable US-ASCII characters, optionally separated
by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2
</gateway:experimental:description>
<gateway:experimental:description>
Must consist of printable US-ASCII characters, optionally separated
by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2
</gateway:experimental:description>
<gateway:experimental:validation:Pattern=
^[!-~]+([\t ]?[!-~]+)*$>Validation
Min length1
Max length4096
spec.ai.groups.providers.policies.ai.routes
routes defines how to identify the type of traffic to handle.The keys are URL path suffixes matched using ends-with comparison, for
example
"/v1/chat/completions".The special
* wildcard matches any path.If not specified, all traffic defaults to
completions type.spec.ai.groups.providers.policies.ai.transformations
Provide CEL transformations to compute and set fields in the request body.
The expression result overwrites any existing value for that field.
This has a higher priority than
key.
The expression result overwrites any existing value for that field.
This has a higher priority than
overrides if both are set for the samekey.
Validation
Min items1
Max items64
spec.ai.groups.providers.policies.ai.transformations.expression
CEL expression used to compute the field value.
Validation
Min length1
Max length16384
spec.ai.groups.providers.policies.ai.transformations.field
The name of the field to set.
Validation
Max length256
spec.ai.groups.providers.policies.auth
auth defines settings for managing authentication to the backend.Validation
Rule
location may only be set for key or passthrough auth
Rule
exactly one of the fields in [key secretRef passthrough aws azure gcp] must be set
Documentation References (2)
spec.ai.groups.providers.policies.auth.aws
Auth specifies an explicit AWS authentication method for the backend.
When omitted, we will try to use the default AWS SDK authentication methods.
When omitted, we will try to use the default AWS SDK authentication methods.
spec.ai.groups.providers.policies.auth.aws.secretRef
secretRef references a Kubernetes Secret containing the AWScredentials. The
Secret must have keys accessKey, secretKey, andoptionally
sessionToken.Validation
Map typeatomic
spec.ai.groups.providers.policies.auth.aws.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.ai.groups.providers.policies.auth.azure
Azure specifies an Azure authentication method for the backend.
spec.ai.groups.providers.policies.auth.azure.managedIdentity
Details for managed identity authentication
spec.ai.groups.providers.policies.auth.azure.managedIdentity.clientId
No description for this field.
spec.ai.groups.providers.policies.auth.azure.managedIdentity.objectId
No description for this field.
spec.ai.groups.providers.policies.auth.azure.managedIdentity.resourceId
No description for this field.
spec.ai.groups.providers.policies.auth.azure.secretRef
secretRef references a Kubernetes Secret containing the Azurecredentials. The
Secret must have keys clientID, tenantID, andclientSecret.Validation
Map typeatomic
spec.ai.groups.providers.policies.auth.azure.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.ai.groups.providers.policies.auth.gcp
Auth specifies to use a Google authentication method for the backend.
When omitted, we will try to use the default AWS SDK authentication methods.
When omitted, we will try to use the default AWS SDK authentication methods.
Validation
Rule
audience is only valid with IdToken
spec.ai.groups.providers.policies.auth.gcp.audience
audience allows explicitly configuring the aud of the ID token. Onlyvalid with
IdToken type. If not set, the aud is automaticallyderived from the backend hostname.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.auth.gcp.type
The type of token to generate. To authenticate to GCP services,
generally an
generally an
AccessToken is used. To authenticate to Cloud Run, anIdToken is used.Validation
EnumAccessToken, IdToken
spec.ai.groups.providers.policies.auth.key
key provides an inline key to use as the value of theAuthorization header. This option is the least secure; usage of aSecret is preferred.Validation
Max length2048
spec.ai.groups.providers.policies.auth.location
location controls where backend credentials are inserted.If omitted, credentials are written to the
Authorization header with the Bearer prefix.This applies to
key, secretRef, and passthrough.Validation
Rule
exactly one of the fields in [header queryParameter cookie] must be set
spec.ai.groups.providers.policies.auth.location.cookie
No description for this field.
spec.ai.groups.providers.policies.auth.location.cookie.name
No description for this field.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.auth.location.header
No description for this field.
spec.ai.groups.providers.policies.auth.location.header.name
HTTPHeaderName is the name of an HTTP header.
Valid values include:
* "Authorization"
* "Set-Cookie"
* "Set-Cookie"
Invalid values include:
- ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.ai.groups.providers.policies.auth.location.header.prefix
No description for this field.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.auth.location.queryParameter
No description for this field.
spec.ai.groups.providers.policies.auth.location.queryParameter.name
No description for this field.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.auth.passthrough
passthrough passes through an existing token that has been sent by theclient and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
spec.ai.groups.providers.policies.auth.secretRef
secretRef references a Kubernetes Secret storing the key to use asthe authorization value. This must be stored in the
Authorization key.Validation
Map typeatomic
Documentation References (2)
spec.ai.groups.providers.policies.auth.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Documentation References (2)
spec.ai.groups.providers.policies.health
health defines settings for passive and active health checking.
spec.ai.groups.providers.policies.health.eviction
Eviction defines settings for evicting unhealthy backends.
spec.ai.groups.providers.policies.health.eviction.consecutiveFailures
ConsecutiveFailures is the number of consecutive unhealthy responses required before the backend is evicted.
For example, a value of 5 means the backend must receive 5 unhealthy responses in a row before being evicted.
When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met.
When neither is set, a single unhealthy response can trigger eviction.
For example, a value of 5 means the backend must receive 5 unhealthy responses in a row before being evicted.
When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met.
When neither is set, a single unhealthy response can trigger eviction.
Validation
Formatint32
Minimum0
spec.ai.groups.providers.policies.health.eviction.duration
Duration specifies the base time a backend should be evicted after being marked unhealthy.
Subsequent evictions use multiplicative backoff (duration * times_evicted).
If all endpoints are evicted, the load balancer falls back to returning evicted endpoints
rather than failing entirely.
If unset, defaults to
Subsequent evictions use multiplicative backoff (duration * times_evicted).
If all endpoints are evicted, the load balancer falls back to returning evicted endpoints
rather than failing entirely.
If unset, defaults to
3s.Validation
Default3s
Rule
invalid duration value
Rule
evictionDuration must be at least 1 second
spec.ai.groups.providers.policies.health.eviction.healthThreshold
HealthThreshold is the EWMA (exponentially-weighted moving average) health score threshold, expressed as 0–100.
When set, a backend is only evicted if its computed health drops below this value after an unhealthy response.
For example, 50 means the backend is evicted when its EWMA health falls below 50% following failures.
Unlike consecutiveFailures (which counts consecutive failures), this uses a sliding-window average
so a single success in a stream of failures can delay eviction.
When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met.
When neither is set, a single unhealthy response triggers eviction.
When set, a backend is only evicted if its computed health drops below this value after an unhealthy response.
For example, 50 means the backend is evicted when its EWMA health falls below 50% following failures.
Unlike consecutiveFailures (which counts consecutive failures), this uses a sliding-window average
so a single success in a stream of failures can delay eviction.
When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met.
When neither is set, a single unhealthy response triggers eviction.
Validation
Formatint32
Minimum0
Maximum100
spec.ai.groups.providers.policies.health.eviction.restoreHealth
RestoreHealth is the health score (0–100) assigned to a backend when it returns from eviction.
For gradual recovery, set below 100; for full recovery immediately, set 100.
If unset, the backend resumes with the health it had when evicted.
For gradual recovery, set below 100; for full recovery immediately, set 100.
If unset, the backend resumes with the health it had when evicted.
Validation
Formatint32
Minimum0
Maximum100
spec.ai.groups.providers.policies.health.unhealthyCondition
UnhealthyCondition is a CEL expression that determines whether a response indicates an unhealthy backend.
When the expression evaluates to true, the backend is considered unhealthy and may be evicted.
When the expression evaluates to true, the backend is considered unhealthy and may be evicted.
For example, to evict on 5xx responses:
response.code >= 500.When unset, any 5xx response, or a connection failure, is treated as unhealthy.
This default lowers the backend's health score but does not trigger eviction on its own.
This default lowers the backend's health score but does not trigger eviction on its own.
Validation
Min length1
Max length16384
spec.ai.groups.providers.policies.http
http defines settings for managing HTTP requests to the backend.
spec.ai.groups.providers.policies.http.requestTimeout
requestTimeout specifies the deadline for receiving a response from the backend.
Validation
Rule
invalid duration value
Rule
requestTimeout must be at least 1ms
spec.ai.groups.providers.policies.http.version
version specifies the HTTP protocol version to use when connecting tothe backend.
If not specified, the version is automatically determined:
*
Service types can specify it with appProtocol on the Serviceport.
* If traffic is identified as gRPC,
HTTP2 is used.* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS,
HTTP1 will be used. This isbecause most clients will transparently upgrade HTTPS traffic to
HTTP2, even if the backend doesn't support it.Validation
EnumHTTP1, HTTP2
spec.ai.groups.providers.policies.tcp
tcp defines settings for managing TCP connections to the backend.
spec.ai.groups.providers.policies.tcp.connectTimeout
connectTimeout defines the deadline for establishing a connection tothe destination.
Validation
Rule
invalid duration value
Rule
connectTimeout must be at least 100ms
spec.ai.groups.providers.policies.tcp.keepalive
keepAlive defines settings for enabling TCP keepalives on theconnection.
spec.ai.groups.providers.policies.tcp.keepalive.interval
interval specifies the number of seconds between keep-alive probes.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
interval must be at least 1 second
spec.ai.groups.providers.policies.tcp.keepalive.retries
retries specifies the maximum number of keep-alive probes to send before dropping the connection.
If unset, this defaults to 9.
If unset, this defaults to 9.
Validation
Formatint32
Minimum1
Maximum64
spec.ai.groups.providers.policies.tcp.keepalive.time
time specifies the number of seconds a connection needs to be idle before keep-alive probes start being sent.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
time must be at least 1 second
spec.ai.groups.providers.policies.tls
tls defines settings for managing TLS connections to the backend.
If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to
validate the server, and the SNI will automatically be set based on the destination.
validate the server, and the SNI will automatically be set based on the destination.
Validation
Rule
insecureSkipVerify All and caCertificateRefs may not be set together
Rule
insecureSkipVerify and verifySubjectAltNames may not be set together
Rule
at most one of the fields in [verifySubjectAltNames insecureSkipVerify] may be set
spec.ai.groups.providers.policies.tls.alpnProtocols
alpnProtocols sets the Application-Layer Protocol Negotiation (ALPN)value to use in the TLS handshake.
If not present, defaults to
["h2", "http/1.1"].Validation
Min items1
Max items16
spec.ai.groups.providers.policies.tls.caCertificateRefs
caCertificateRefs defines the CA certificate ConfigMap to use toverify the server certificate.
If unset, the system's trusted certificates are used.
Validation
Max items1
List typeatomic
spec.ai.groups.providers.policies.tls.caCertificateRefs.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.ai.groups.providers.policies.tls.insecureSkipVerify
insecureSkipVerify originates TLS but skips verification of the backend's certificate.
WARNING: This is an insecure option that should only be used if the risks are understood.
WARNING: This is an insecure option that should only be used if the risks are understood.
There are two modes:
*
*
mismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
if possible.
*
All disables all TLS verification.*
Hostname verifies the CA certificate is trusted, but ignores anymismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
verifySubjectAltNames to customize the valid hostnamesif possible.
Validation
EnumAll, Hostname
spec.ai.groups.providers.policies.tls.mtlsCertificateRef
mtlsCertificateRef enables mutual TLS to the backend, using thespecified key (
tls.key) and cert (tls.crt) from the referencedSecret.An optional
server certificate. If
ca.cert field, if present, will be used to verify theserver certificate. If
caCertificateRefs is also specified, thecaCertificateRefs field takes priority.If unspecified, no client certificate will be used.
Validation
Max items1
List typeatomic
spec.ai.groups.providers.policies.tls.mtlsCertificateRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.ai.groups.providers.policies.tls.sni
sni specifies the Server Name Indicator (SNI) to be used in the TLShandshake. If unset, the
SNI is automatically set based on thedestination hostname.
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Min length1
Max length253
spec.ai.groups.providers.policies.tls.verifySubjectAltNames
verifySubjectAltNames specifies the Subject Alternative Names (SAN)to verify in the server certificate.
If not present, the destination hostname is automatically used.
Validation
Min items1
Max items16
spec.ai.groups.providers.policies.transformation
transformation is used to mutate and transform requests and responses sent to and from the backend.
Validation
Rule
at least one of the fields in [request response] must be set
spec.ai.groups.providers.policies.transformation.request
request is used to modify the request path.Validation
Rule
at least one of the fields in [add body metadata remove set] must be set
spec.ai.groups.providers.policies.transformation.request.add
add is a list of headers to add to the request and what that valueshould be set to. If there is already a header with these values then
append the value as an extra entry.
Validation
Min items1
Max items16
List typemap
List map keysname
spec.ai.groups.providers.policies.transformation.request.add.name
The name of the header to add.
Validation
Pattern^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
Rule
pseudo-headers must be one of :authority, :method, :path, :scheme, or :status
spec.ai.groups.providers.policies.transformation.request.add.value
value is the CEL expression to apply to generate the output value forthe header.
Validation
Min length1
Max length16384
spec.ai.groups.providers.policies.transformation.request.body
body controls manipulation of the HTTP body.Validation
Min length1
Max length16384
spec.ai.groups.providers.policies.transformation.request.metadata
metadata stores CEL-evaluated values under the metadata CEL variablefor subsequent policy evaluations.
metadata is evaluated before headeror body transformations.
Validation
Min properties1
Max properties16
spec.ai.groups.providers.policies.transformation.request.remove
remove is a list of header names to remove from the request orresponse.
Validation
Min items1
Max items16
List typeset
spec.ai.groups.providers.policies.transformation.request.set
set is a list of headers and the value they should be set to.Validation
Min items1
Max items16
List typemap
List map keysname
spec.ai.groups.providers.policies.transformation.request.set.name
The name of the header to add.
Validation
Pattern^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
Rule
pseudo-headers must be one of :authority, :method, :path, :scheme, or :status
spec.ai.groups.providers.policies.transformation.request.set.value
value is the CEL expression to apply to generate the output value forthe header.
Validation
Min length1
Max length16384
spec.ai.groups.providers.policies.transformation.response
response is used to modify the response path.Validation
Rule
at least one of the fields in [add body metadata remove set] must be set
spec.ai.groups.providers.policies.transformation.response.add
add is a list of headers to add to the request and what that valueshould be set to. If there is already a header with these values then
append the value as an extra entry.
Validation
Min items1
Max items16
List typemap
List map keysname
spec.ai.groups.providers.policies.transformation.response.add.name
The name of the header to add.
Validation
Pattern^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
Rule
pseudo-headers must be one of :authority, :method, :path, :scheme, or :status
spec.ai.groups.providers.policies.transformation.response.add.value
value is the CEL expression to apply to generate the output value forthe header.
Validation
Min length1
Max length16384
spec.ai.groups.providers.policies.transformation.response.body
body controls manipulation of the HTTP body.Validation
Min length1
Max length16384
spec.ai.groups.providers.policies.transformation.response.metadata
metadata stores CEL-evaluated values under the metadata CEL variablefor subsequent policy evaluations.
metadata is evaluated before headeror body transformations.
Validation
Min properties1
Max properties16
spec.ai.groups.providers.policies.transformation.response.remove
remove is a list of header names to remove from the request orresponse.
Validation
Min items1
Max items16
List typeset
spec.ai.groups.providers.policies.transformation.response.set
set is a list of headers and the value they should be set to.Validation
Min items1
Max items16
List typemap
List map keysname
spec.ai.groups.providers.policies.transformation.response.set.name
The name of the header to add.
Validation
Pattern^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
Rule
pseudo-headers must be one of :authority, :method, :path, :scheme, or :status
spec.ai.groups.providers.policies.transformation.response.set.value
value is the CEL expression to apply to generate the output value forthe header.
Validation
Min length1
Max length16384
spec.ai.groups.providers.policies.tunnel
tunnel defines settings for managing tunnel connections (with behavior like HTTPS_PROXY) to the backend.spec.ai.groups.providers.policies.tunnel.backendRef
backendRef references the proxy server to reach.Supported types:
Service and Backend.Validation
Rule
Must have port for Service reference
spec.ai.groups.providers.policies.tunnel.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.ai.groups.providers.policies.tunnel.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.ai.groups.providers.policies.tunnel.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
spec.ai.groups.providers.policies.tunnel.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.ai.groups.providers.policies.tunnel.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
spec.ai.groups.providers.port
Port specifies the port to send the requests to.
Validation
Formatint32
Minimum1
Maximum65535
spec.ai.groups.providers.vertexai
Vertex AI provider
spec.ai.groups.providers.vertexai.model
Optional: Override the model name, such as
If unset, the model name is taken from the request.
gpt-4o-mini.If unset, the model name is taken from the request.
Validation
Min length1
Max length256
spec.ai.groups.providers.vertexai.projectId
The ID of the Google Cloud Project that you use for the Vertex AI.
Validation
Min length1
Max length64
spec.ai.groups.providers.vertexai.region
The location of the Google Cloud Project that you use for the Vertex AI.
Defaults to
Defaults to
global if not specified.Validation
Defaultglobal
Min length1
Max length64
spec.ai.provider
provider specifies configuration for how to reach the configured LLMprovider.
Validation
Rule
both host and port must be set together
Rule
path and pathPrefix are mutually exclusive
Rule
pathPrefix requires host to be set
Rule
exactly one of the fields in [openai azureopenai azure anthropic gemini vertexai bedrock] must be set
Documentation References (18)
spec.ai.provider.anthropic.model
Optional: Override the model name, such as
If unset, the model name is taken from the request.
gpt-4o-mini.If unset, the model name is taken from the request.
Validation
Min length1
Max length256
Documentation References (1)
spec.ai.provider.azure
Azure provider with resource-based configuration.
Supports both Azure OpenAI and Azure AI Foundry resource types.
Supports both Azure OpenAI and Azure AI Foundry resource types.
Validation
Rule
projectName is required when resourceType is Foundry
Documentation References (1)
spec.ai.provider.azure.apiVersion
The version of the Azure OpenAI API to use.
If unset, defaults to
If unset, defaults to
v1.Validation
Min length1
Max length64
spec.ai.provider.azure.model
Optional: Override the model name, such as
If unset, the model name is taken from the request.
gpt-4o-mini.If unset, the model name is taken from the request.
Validation
Min length1
Max length256
Documentation References (1)
spec.ai.provider.azure.projectName
The Foundry project name, required when
Used to construct paths: /api/projects/{projectName}/openai/v1/...
resourceType is Foundry.Used to construct paths: /api/projects/{projectName}/openai/v1/...
Validation
Min length1
Max length256
Documentation References (1)
spec.ai.provider.azure.resourceName
The Azure resource name used to construct the endpoint host.
For OpenAI: {resourceName}.openai.azure.com
For Foundry: {resourceName}-resource.services.ai.azure.com
For OpenAI: {resourceName}.openai.azure.com
For Foundry: {resourceName}-resource.services.ai.azure.com
Validation
Min length1
Max length256
Documentation References (1)
spec.ai.provider.azure.resourceType
The type of Azure endpoint. Determines the host suffix.
Validation
EnumOpenAI, Foundry
Documentation References (1)
spec.ai.provider.azureopenai
Azure OpenAI provider
Validation
Rule
deploymentName is required for this apiVersion
Documentation References (2)
spec.ai.provider.azureopenai.apiVersion
The version of the Azure OpenAI API to use.
For more information, see the [Azure OpenAI API version reference](https://learn.microsoft.com/en-us/azure/foundry/openai/reference).
If unset, defaults to
For more information, see the [Azure OpenAI API version reference](https://learn.microsoft.com/en-us/azure/foundry/openai/reference).
If unset, defaults to
v1.Validation
Min length1
Max length64
Documentation References (2)
spec.ai.provider.azureopenai.deploymentName
The name of the Azure OpenAI model deployment to use.
For more information, see the [Azure OpenAI model docs](https://learn.microsoft.com/en-us/azure/foundry/foundry-models/concepts/models-sold-directly-by-azure?view=foundry-classic).
This is required if
set in the request.
For more information, see the [Azure OpenAI model docs](https://learn.microsoft.com/en-us/azure/foundry/foundry-models/concepts/models-sold-directly-by-azure?view=foundry-classic).
This is required if
apiVersion is not v1. For v1, the model can beset in the request.
Validation
Min length1
Max length256
Documentation References (2)
spec.ai.provider.azureopenai.endpoint
The endpoint for the Azure OpenAI API to use, such as
If the scheme is included, it is stripped.
my-endpoint.openai.azure.com.If the scheme is included, it is stripped.
Validation
Min length1
Max length256
Documentation References (2)
spec.ai.provider.bedrock.guardrail
guardrail configures the Guardrail policy to use for the backend. See<https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails.html>.
If not specified, the AWS Guardrail policy will not be used.
spec.ai.provider.bedrock.guardrail.identifier
GuardrailIdentifier is the identifier of the Guardrail policy to use for the backend.
Validation
Min length1
Max length256
spec.ai.provider.bedrock.guardrail.version
GuardrailVersion is the version of the Guardrail policy to use for the backend.
Validation
Min length1
Max length256
spec.ai.provider.bedrock.model
Optional: Override the model name, such as
If unset, the model name is taken from the request.
gpt-4o-mini.If unset, the model name is taken from the request.
Validation
Min length1
Max length256
Documentation References (1)
spec.ai.provider.bedrock.region
Region is the AWS region to use for the backend.
Defaults to
Defaults to
us-east-1 if not specified.Validation
Defaultus-east-1
Pattern^[a-z0-9-]+$
Min length1
Max length63
Documentation References (1)
spec.ai.provider.gemini.model
Optional: Override the model name, such as
If unset, the model name is taken from the request.
gemini-2.5-pro.If unset, the model name is taken from the request.
Validation
Min length1
Max length256
Documentation References (2)
spec.ai.provider.host
Host specifies the hostname to send the requests to.
If not specified, the default hostname for the provider is used.
If not specified, the default hostname for the provider is used.
Validation
Min length1
Max length256
Documentation References (3)
spec.ai.provider.openai
OpenAI provider
spec.ai.provider.openai.model
Optional: Override the model name, such as
If unset, the model name is taken from the request.
gpt-4o-mini.If unset, the model name is taken from the request.
Validation
Min length1
Max length256
spec.ai.provider.path
Path specifies the URL path to use for the LLM provider API requests.
This is useful when you need to route requests to a different API endpoint while maintaining
compatibility with the original provider's API structure.
If not specified, the default path for the provider is used.
This is useful when you need to route requests to a different API endpoint while maintaining
compatibility with the original provider's API structure.
If not specified, the default path for the provider is used.
Validation
Min length1
Max length1024
Documentation References (1)
spec.ai.provider.pathPrefix
PathPrefix overrides the default base path prefix (e.g. "/v1") for upstream requests.
Path translation for cross-format requests still applies using this prefix.
Only supported for OpenAI and Anthropic providers.
Path translation for cross-format requests still applies using this prefix.
Only supported for OpenAI and Anthropic providers.
Validation
Min length1
Max length1024
spec.ai.provider.port
Port specifies the port to send the requests to.
Validation
Formatint32
Minimum1
Maximum65535
Documentation References (3)
spec.ai.provider.vertexai.model
Optional: Override the model name, such as
If unset, the model name is taken from the request.
gpt-4o-mini.If unset, the model name is taken from the request.
Validation
Min length1
Max length256
Documentation References (1)
spec.ai.provider.vertexai.projectId
The ID of the Google Cloud Project that you use for the Vertex AI.
Validation
Min length1
Max length64
Documentation References (1)
spec.ai.provider.vertexai.region
The location of the Google Cloud Project that you use for the Vertex AI.
Defaults to
Defaults to
global if not specified.Validation
Defaultglobal
Min length1
Max length64
Documentation References (1)
spec.aws
aws represents an AWS service backend (AgentCore, etc.).
Validation
Rule
exactly one of the fields in [agentCore] must be set
spec.aws.agentCore
agentCore configures Amazon Bedrock AgentCore as a backend.
spec.aws.agentCore.agentRuntimeArn
agentRuntimeArn is the ARN of the AgentCore runtime.
spec.aws.agentCore.qualifier
qualifier optionally specifies the alias or version qualifier.
spec.dynamicForwardProxy
dynamicForwardProxy configures the proxy to dynamically send requests to the destination based on the incoming
request HTTP host header, or TLS SNI for TLS traffic.
request HTTP host header, or TLS SNI for TLS traffic.
Note: this Backend type enables users to send trigger the proxy to send requests to arbitrary destinations. Proper
access controls must be put in place when using this backend type.
access controls must be put in place when using this backend type.
Documentation References (1)
spec.mcp
mcp represents an MCP backend
Documentation References (6)
spec.mcp.failureMode
failureMode controls behavior when MCP targets fail to initialize orbecome unavailable at runtime.
FailOpen skips failed targets andcontinues serving from healthy ones.
FailClosed (default) fails theentire session if any target fails.
Validation
EnumFailOpen, FailClosed
spec.mcp.sessionRouting
sessionRouting configures MCP session behavior for requests.Defaults to
Stateful if not set.Validation
EnumStateful, Stateless
Documentation References (1)
spec.mcp.targets
targets is a list of MCP targets to use for this backend. Policiestargeting MCP targets must use
targetRefs[].sectionName to selectthe target by name.
Validation
Min items1
Max items32
List typemap
List map keysname
Rule
target names must be unique
Documentation References (6)
spec.mcp.targets.name
Name of the MCP target.
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Min length1
Max length253
Documentation References (6)
spec.mcp.targets.selector
selector is the label selector used to select Service resources.If policies are needed on a per-service basis,
AgentgatewayPolicy cantarget the desired
Service.Validation
Rule
at least one of the fields in [namespaces services] must be set
Documentation References (3)
spec.mcp.targets.selector.namespaces
namespace is the label selector for namespaces that Serviceresources should be selected from. If unset, only the namespace of the
AgentgatewayBackend is searched.Validation
Map typeatomic
spec.mcp.targets.selector.namespaces.matchExpressions
matchExpressions is a list of label selector requirements. The requirements are ANDed.
Validation
List typeatomic
spec.mcp.targets.selector.namespaces.matchExpressions.key
key is the label key that the selector applies to.
spec.mcp.targets.selector.namespaces.matchExpressions.operator
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
Valid operators are In, NotIn, Exists and DoesNotExist.
spec.mcp.targets.selector.namespaces.matchExpressions.values
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
Validation
List typeatomic
spec.mcp.targets.selector.namespaces.matchLabels
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
spec.mcp.targets.selector.services
services is the label selector for which Service resources should beselected.
Validation
Map typeatomic
Documentation References (3)
spec.mcp.targets.selector.services.matchExpressions
matchExpressions is a list of label selector requirements. The requirements are ANDed.
Validation
List typeatomic
spec.mcp.targets.selector.services.matchExpressions.key
key is the label key that the selector applies to.
spec.mcp.targets.selector.services.matchExpressions.operator
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
Valid operators are In, NotIn, Exists and DoesNotExist.
spec.mcp.targets.selector.services.matchExpressions.values
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
Validation
List typeatomic
spec.mcp.targets.selector.services.matchLabels
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
Documentation References (3)
spec.mcp.targets.static
static configures a static MCP destination. When connecting toin-cluster
Service resources, it is recommended to use selectorinstead.
Validation
Rule
mcp target policies may not be used with backendRef
Rule
exactly one of the fields in [host backendRef] must be set
Documentation References (5)
spec.mcp.targets.static.backendRef
backendRef references a namespace-local Service resource by name.When set, this replaces
host only; port, path, and protocolremain configured on this target.
Validation
Map typeatomic
spec.mcp.targets.static.backendRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.mcp.targets.static.host
Host is the hostname or IP address of the MCP target.
Validation
Min length1
Max length256
Documentation References (5)
spec.mcp.targets.static.path
Path is the URL path of the MCP target endpoint.
Defaults to
Defaults to
"/sse" for the SSE protocol or "/mcp" for theStreamableHTTP protocol if not specified.Validation
Min length1
Max length1024
Documentation References (1)
spec.mcp.targets.static.policies
policies controls policies for communicating with this backend.Policies may also be set in
AgentgatewayPolicy, or in the top-levelAgentgatewayBackend. Policies are merged on a field-level basis, withorder:
AgentgatewayPolicy < AgentgatewayBackend < AgentgatewayBackend MCP (this field).This field may only be used with host-based static targets, not
backendRef.Documentation References (1)
spec.mcp.targets.static.policies.auth
auth defines settings for managing authentication to the backend.Validation
Rule
location may only be set for key or passthrough auth
Rule
exactly one of the fields in [key secretRef passthrough aws azure gcp] must be set
spec.mcp.targets.static.policies.auth.aws
Auth specifies an explicit AWS authentication method for the backend.
When omitted, we will try to use the default AWS SDK authentication methods.
When omitted, we will try to use the default AWS SDK authentication methods.
spec.mcp.targets.static.policies.auth.aws.secretRef
secretRef references a Kubernetes Secret containing the AWScredentials. The
Secret must have keys accessKey, secretKey, andoptionally
sessionToken.Validation
Map typeatomic
spec.mcp.targets.static.policies.auth.aws.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.mcp.targets.static.policies.auth.azure
Azure specifies an Azure authentication method for the backend.
spec.mcp.targets.static.policies.auth.azure.managedIdentity
Details for managed identity authentication
spec.mcp.targets.static.policies.auth.azure.managedIdentity.clientId
No description for this field.
spec.mcp.targets.static.policies.auth.azure.managedIdentity.objectId
No description for this field.
spec.mcp.targets.static.policies.auth.azure.managedIdentity.resourceId
No description for this field.
spec.mcp.targets.static.policies.auth.azure.secretRef
secretRef references a Kubernetes Secret containing the Azurecredentials. The
Secret must have keys clientID, tenantID, andclientSecret.Validation
Map typeatomic
spec.mcp.targets.static.policies.auth.azure.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.mcp.targets.static.policies.auth.gcp
Auth specifies to use a Google authentication method for the backend.
When omitted, we will try to use the default AWS SDK authentication methods.
When omitted, we will try to use the default AWS SDK authentication methods.
Validation
Rule
audience is only valid with IdToken
spec.mcp.targets.static.policies.auth.gcp.audience
audience allows explicitly configuring the aud of the ID token. Onlyvalid with
IdToken type. If not set, the aud is automaticallyderived from the backend hostname.
Validation
Min length1
Max length256
spec.mcp.targets.static.policies.auth.gcp.type
The type of token to generate. To authenticate to GCP services,
generally an
generally an
AccessToken is used. To authenticate to Cloud Run, anIdToken is used.Validation
EnumAccessToken, IdToken
spec.mcp.targets.static.policies.auth.key
key provides an inline key to use as the value of theAuthorization header. This option is the least secure; usage of aSecret is preferred.Validation
Max length2048
spec.mcp.targets.static.policies.auth.location
location controls where backend credentials are inserted.If omitted, credentials are written to the
Authorization header with the Bearer prefix.This applies to
key, secretRef, and passthrough.Validation
Rule
exactly one of the fields in [header queryParameter cookie] must be set
spec.mcp.targets.static.policies.auth.location.cookie
No description for this field.
spec.mcp.targets.static.policies.auth.location.cookie.name
No description for this field.
Validation
Min length1
Max length256
spec.mcp.targets.static.policies.auth.location.header
No description for this field.
spec.mcp.targets.static.policies.auth.location.header.name
HTTPHeaderName is the name of an HTTP header.
Valid values include:
* "Authorization"
* "Set-Cookie"
* "Set-Cookie"
Invalid values include:
- ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.mcp.targets.static.policies.auth.location.header.prefix
No description for this field.
Validation
Min length1
Max length256
spec.mcp.targets.static.policies.auth.location.queryParameter
No description for this field.
spec.mcp.targets.static.policies.auth.location.queryParameter.name
No description for this field.
Validation
Min length1
Max length256
spec.mcp.targets.static.policies.auth.passthrough
passthrough passes through an existing token that has been sent by theclient and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
spec.mcp.targets.static.policies.auth.secretRef
secretRef references a Kubernetes Secret storing the key to use asthe authorization value. This must be stored in the
Authorization key.Validation
Map typeatomic
spec.mcp.targets.static.policies.auth.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.mcp.targets.static.policies.http
http defines settings for managing HTTP requests to the backend.
spec.mcp.targets.static.policies.http.requestTimeout
requestTimeout specifies the deadline for receiving a response from the backend.
Validation
Rule
invalid duration value
Rule
requestTimeout must be at least 1ms
spec.mcp.targets.static.policies.http.version
version specifies the HTTP protocol version to use when connecting tothe backend.
If not specified, the version is automatically determined:
*
Service types can specify it with appProtocol on the Serviceport.
* If traffic is identified as gRPC,
HTTP2 is used.* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS,
HTTP1 will be used. This isbecause most clients will transparently upgrade HTTPS traffic to
HTTP2, even if the backend doesn't support it.Validation
EnumHTTP1, HTTP2
spec.mcp.targets.static.policies.tcp
tcp defines settings for managing TCP connections to the backend.
spec.mcp.targets.static.policies.tcp.connectTimeout
connectTimeout defines the deadline for establishing a connection tothe destination.
Validation
Rule
invalid duration value
Rule
connectTimeout must be at least 100ms
spec.mcp.targets.static.policies.tcp.keepalive
keepAlive defines settings for enabling TCP keepalives on theconnection.
spec.mcp.targets.static.policies.tcp.keepalive.interval
interval specifies the number of seconds between keep-alive probes.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
interval must be at least 1 second
spec.mcp.targets.static.policies.tcp.keepalive.retries
retries specifies the maximum number of keep-alive probes to send before dropping the connection.
If unset, this defaults to 9.
If unset, this defaults to 9.
Validation
Formatint32
Minimum1
Maximum64
spec.mcp.targets.static.policies.tcp.keepalive.time
time specifies the number of seconds a connection needs to be idle before keep-alive probes start being sent.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
time must be at least 1 second
spec.mcp.targets.static.policies.tls
tls defines settings for managing TLS connections to the backend.
If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to
validate the server, and the SNI will automatically be set based on the destination.
validate the server, and the SNI will automatically be set based on the destination.
Validation
Rule
insecureSkipVerify All and caCertificateRefs may not be set together
Rule
insecureSkipVerify and verifySubjectAltNames may not be set together
Rule
at most one of the fields in [verifySubjectAltNames insecureSkipVerify] may be set
Documentation References (1)
spec.mcp.targets.static.policies.tls.alpnProtocols
alpnProtocols sets the Application-Layer Protocol Negotiation (ALPN)value to use in the TLS handshake.
If not present, defaults to
["h2", "http/1.1"].Validation
Min items1
Max items16
spec.mcp.targets.static.policies.tls.caCertificateRefs
caCertificateRefs defines the CA certificate ConfigMap to use toverify the server certificate.
If unset, the system's trusted certificates are used.
Validation
Max items1
List typeatomic
spec.mcp.targets.static.policies.tls.caCertificateRefs.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.mcp.targets.static.policies.tls.insecureSkipVerify
insecureSkipVerify originates TLS but skips verification of the backend's certificate.
WARNING: This is an insecure option that should only be used if the risks are understood.
WARNING: This is an insecure option that should only be used if the risks are understood.
There are two modes:
*
*
mismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
if possible.
*
All disables all TLS verification.*
Hostname verifies the CA certificate is trusted, but ignores anymismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
verifySubjectAltNames to customize the valid hostnamesif possible.
Validation
EnumAll, Hostname
spec.mcp.targets.static.policies.tls.mtlsCertificateRef
mtlsCertificateRef enables mutual TLS to the backend, using thespecified key (
tls.key) and cert (tls.crt) from the referencedSecret.An optional
server certificate. If
ca.cert field, if present, will be used to verify theserver certificate. If
caCertificateRefs is also specified, thecaCertificateRefs field takes priority.If unspecified, no client certificate will be used.
Validation
Max items1
List typeatomic
spec.mcp.targets.static.policies.tls.mtlsCertificateRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.mcp.targets.static.policies.tls.sni
sni specifies the Server Name Indicator (SNI) to be used in the TLShandshake. If unset, the
SNI is automatically set based on thedestination hostname.
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Min length1
Max length253
Documentation References (1)
spec.mcp.targets.static.policies.tls.verifySubjectAltNames
verifySubjectAltNames specifies the Subject Alternative Names (SAN)to verify in the server certificate.
If not present, the destination hostname is automatically used.
Validation
Min items1
Max items16
spec.mcp.targets.static.policies.tunnel
tunnel defines settings for managing tunnel connections (with behavior like HTTPS_PROXY) to the backend.spec.mcp.targets.static.policies.tunnel.backendRef
backendRef references the proxy server to reach.Supported types:
Service and Backend.Validation
Rule
Must have port for Service reference
spec.mcp.targets.static.policies.tunnel.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.mcp.targets.static.policies.tunnel.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.mcp.targets.static.policies.tunnel.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
spec.mcp.targets.static.policies.tunnel.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.mcp.targets.static.policies.tunnel.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
spec.mcp.targets.static.port
Port is the port number of the MCP target.
Validation
Formatint32
Minimum1
Maximum65535
Documentation References (5)
spec.mcp.targets.static.protocol
Protocol is the protocol to use for the connection to the MCP
target.
target.
Validation
EnumStreamableHTTP, SSE
Documentation References (4)
spec.policies
policies controls policies for communicating with this backend. Policies may also be set in AgentgatewayPolicy;
policies are merged on a field-level basis, with policies on the Backend (this field) taking precedence.
policies are merged on a field-level basis, with policies on the Backend (this field) taking precedence.
Validation
Rule
at least one of the fields in [ai auth health http mcp tcp tls transformation tunnel] must be set
Documentation References (15)
spec.policies.ai
ai specifies settings for AI workloads. This is only applicable whenconnecting to a
Backend of type ai.Validation
Rule
at least one of the fields in [defaults modelAliases overrides prompt promptCaching promptGuard routes transformations] must be set
Documentation References (3)
spec.policies.ai.defaults
Provide defaults to merge with user input fields. If the field is already set, the field in the request is used.
Validation
Min items1
Max items64
spec.policies.ai.defaults.field
The name of the field.
Validation
Max length256
spec.policies.ai.defaults.value
The field default value, which can be any JSON Data Type.
Validation
Preserve unknown fieldstrue
spec.policies.ai.modelAliases
ModelAliases maps friendly model names to actual provider model names.
Example:
Note: This field is only applicable when using the agentgateway data plane.
Example:
{"fast": "gpt-3.5-turbo", "smart": "gpt-4-turbo"}.Note: This field is only applicable when using the agentgateway data plane.
Validation
Max properties64
Documentation References (1)
spec.policies.ai.overrides
Provide overrides to merge with user input fields. If the field is already set, the field will be overwritten.
Validation
Min items1
Max items64
spec.policies.ai.overrides.field
The name of the field.
Validation
Max length256
spec.policies.ai.overrides.value
The field default value, which can be any JSON Data Type.
Validation
Preserve unknown fieldstrue
spec.policies.ai.prompt
Enrich requests sent to the LLM provider by appending and prepending system prompts. This can be configured only for
LLM providers that use the
LLM providers that use the
CHAT or CHAT_STREAMING API route type.spec.policies.ai.prompt.append
A list of messages to be appended to the prompt sent by the client.
spec.policies.ai.prompt.append.content
String content of the message.
spec.policies.ai.prompt.append.role
Role of the message. The available roles depend on the backend
LLM provider model, such as
LLM provider model, such as
SYSTEM or USER in the OpenAI API.spec.policies.ai.prompt.prepend
A list of messages to be prepended to the prompt sent by the client.
spec.policies.ai.prompt.prepend.content
String content of the message.
spec.policies.ai.prompt.prepend.role
Role of the message. The available roles depend on the backend
LLM provider model, such as
LLM provider model, such as
SYSTEM or USER in the OpenAI API.spec.policies.ai.promptCaching
promptCaching enables automatic prompt caching for supportedproviders, currently AWS Bedrock.
Reduces API costs by caching static content like system prompts and tool definitions.
Only applicable for Bedrock Claude 3+ and Nova models.
spec.policies.ai.promptCaching.cacheMessageOffset
CacheMessageOffset shifts the message cache point further back in the
conversation. 0 (default) places it at the second-to-last message.
Higher values move it N additional messages towards the start, clamped
to bounds.
conversation. 0 (default) places it at the second-to-last message.
Higher values move it N additional messages towards the start, clamped
to bounds.
Validation
Default0
Minimum0
spec.policies.ai.promptCaching.cacheMessages
CacheMessages enables caching for conversation messages.
Caches all messages in the conversation for cost savings.
Caches all messages in the conversation for cost savings.
Validation
Defaulttrue
spec.policies.ai.promptCaching.cacheSystem
CacheSystem enables caching for system prompts.
Inserts a cache point after all system messages.
Inserts a cache point after all system messages.
Validation
Defaulttrue
spec.policies.ai.promptCaching.cacheTools
CacheTools enables caching for tool definitions.
Inserts a cache point after all tool specifications.
Inserts a cache point after all tool specifications.
Validation
Defaultfalse
spec.policies.ai.promptCaching.minTokens
MinTokens specifies the minimum estimated token count
before caching is enabled. Uses rough heuristic (word count × 1.3) to estimate tokens.
Bedrock requires at least 1,024 tokens for caching to be effective.
before caching is enabled. Uses rough heuristic (word count × 1.3) to estimate tokens.
Bedrock requires at least 1,024 tokens for caching to be effective.
Validation
Default1024
Minimum0
spec.policies.ai.promptGuard
promptGuard enables adding guardrails to LLM requests and responses.Validation
Rule
at least one of the fields in [request response] must be set
spec.policies.ai.promptGuard.request
Prompt guards to apply to requests sent by the client.
Validation
Min items1
Max items8
spec.policies.ai.promptGuard.request.bedrockGuardrails
bedrockGuardrails configures AWS Bedrock Guardrails for promptguarding.
spec.policies.ai.promptGuard.request.bedrockGuardrails.identifier
GuardrailIdentifier is the identifier of the Guardrail policy to use for the backend.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies
policies controls policies for communicating with AWS Bedrock Guardrails.
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth
auth defines settings for managing authentication to the backend.Validation
Rule
location may only be set for key or passthrough auth
Rule
exactly one of the fields in [key secretRef passthrough aws azure gcp] must be set
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.aws
Auth specifies an explicit AWS authentication method for the backend.
When omitted, we will try to use the default AWS SDK authentication methods.
When omitted, we will try to use the default AWS SDK authentication methods.
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.aws.secretRef
secretRef references a Kubernetes Secret containing the AWScredentials. The
Secret must have keys accessKey, secretKey, andoptionally
sessionToken.Validation
Map typeatomic
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.aws.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.azure
Azure specifies an Azure authentication method for the backend.
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.azure.managedIdentity
Details for managed identity authentication
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.azure.managedIdentity.clientId
No description for this field.
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.azure.managedIdentity.objectId
No description for this field.
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.azure.managedIdentity.resourceId
No description for this field.
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.azure.secretRef
secretRef references a Kubernetes Secret containing the Azurecredentials. The
Secret must have keys clientID, tenantID, andclientSecret.Validation
Map typeatomic
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.azure.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.gcp
Auth specifies to use a Google authentication method for the backend.
When omitted, we will try to use the default AWS SDK authentication methods.
When omitted, we will try to use the default AWS SDK authentication methods.
Validation
Rule
audience is only valid with IdToken
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.gcp.audience
audience allows explicitly configuring the aud of the ID token. Onlyvalid with
IdToken type. If not set, the aud is automaticallyderived from the backend hostname.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.gcp.type
The type of token to generate. To authenticate to GCP services,
generally an
generally an
AccessToken is used. To authenticate to Cloud Run, anIdToken is used.Validation
EnumAccessToken, IdToken
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.key
key provides an inline key to use as the value of theAuthorization header. This option is the least secure; usage of aSecret is preferred.Validation
Max length2048
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.location
location controls where backend credentials are inserted.If omitted, credentials are written to the
Authorization header with the Bearer prefix.This applies to
key, secretRef, and passthrough.Validation
Rule
exactly one of the fields in [header queryParameter cookie] must be set
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.location.cookie
No description for this field.
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.location.cookie.name
No description for this field.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.location.header
No description for this field.
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.location.header.name
HTTPHeaderName is the name of an HTTP header.
Valid values include:
* "Authorization"
* "Set-Cookie"
* "Set-Cookie"
Invalid values include:
- ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.location.header.prefix
No description for this field.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.location.queryParameter
No description for this field.
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.location.queryParameter.name
No description for this field.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.passthrough
passthrough passes through an existing token that has been sent by theclient and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.secretRef
secretRef references a Kubernetes Secret storing the key to use asthe authorization value. This must be stored in the
Authorization key.Validation
Map typeatomic
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.http
http defines settings for managing HTTP requests to the backend.
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.http.requestTimeout
requestTimeout specifies the deadline for receiving a response from the backend.
Validation
Rule
invalid duration value
Rule
requestTimeout must be at least 1ms
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.http.version
version specifies the HTTP protocol version to use when connecting tothe backend.
If not specified, the version is automatically determined:
*
Service types can specify it with appProtocol on the Serviceport.
* If traffic is identified as gRPC,
HTTP2 is used.* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS,
HTTP1 will be used. This isbecause most clients will transparently upgrade HTTPS traffic to
HTTP2, even if the backend doesn't support it.Validation
EnumHTTP1, HTTP2
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.tcp
tcp defines settings for managing TCP connections to the backend.
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.tcp.connectTimeout
connectTimeout defines the deadline for establishing a connection tothe destination.
Validation
Rule
invalid duration value
Rule
connectTimeout must be at least 100ms
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.tcp.keepalive
keepAlive defines settings for enabling TCP keepalives on theconnection.
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.tcp.keepalive.interval
interval specifies the number of seconds between keep-alive probes.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
interval must be at least 1 second
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.tcp.keepalive.retries
retries specifies the maximum number of keep-alive probes to send before dropping the connection.
If unset, this defaults to 9.
If unset, this defaults to 9.
Validation
Formatint32
Minimum1
Maximum64
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.tcp.keepalive.time
time specifies the number of seconds a connection needs to be idle before keep-alive probes start being sent.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
time must be at least 1 second
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.tls
tls defines settings for managing TLS connections to the backend.
If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to
validate the server, and the SNI will automatically be set based on the destination.
validate the server, and the SNI will automatically be set based on the destination.
Validation
Rule
insecureSkipVerify All and caCertificateRefs may not be set together
Rule
insecureSkipVerify and verifySubjectAltNames may not be set together
Rule
at most one of the fields in [verifySubjectAltNames insecureSkipVerify] may be set
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.tls.alpnProtocols
alpnProtocols sets the Application-Layer Protocol Negotiation (ALPN)value to use in the TLS handshake.
If not present, defaults to
["h2", "http/1.1"].Validation
Min items1
Max items16
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.tls.caCertificateRefs
caCertificateRefs defines the CA certificate ConfigMap to use toverify the server certificate.
If unset, the system's trusted certificates are used.
Validation
Max items1
List typeatomic
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.tls.caCertificateRefs.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.tls.insecureSkipVerify
insecureSkipVerify originates TLS but skips verification of the backend's certificate.
WARNING: This is an insecure option that should only be used if the risks are understood.
WARNING: This is an insecure option that should only be used if the risks are understood.
There are two modes:
*
*
mismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
if possible.
*
All disables all TLS verification.*
Hostname verifies the CA certificate is trusted, but ignores anymismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
verifySubjectAltNames to customize the valid hostnamesif possible.
Validation
EnumAll, Hostname
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.tls.mtlsCertificateRef
mtlsCertificateRef enables mutual TLS to the backend, using thespecified key (
tls.key) and cert (tls.crt) from the referencedSecret.An optional
server certificate. If
ca.cert field, if present, will be used to verify theserver certificate. If
caCertificateRefs is also specified, thecaCertificateRefs field takes priority.If unspecified, no client certificate will be used.
Validation
Max items1
List typeatomic
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.tls.mtlsCertificateRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.tls.sni
sni specifies the Server Name Indicator (SNI) to be used in the TLShandshake. If unset, the
SNI is automatically set based on thedestination hostname.
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Min length1
Max length253
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.tls.verifySubjectAltNames
verifySubjectAltNames specifies the Subject Alternative Names (SAN)to verify in the server certificate.
If not present, the destination hostname is automatically used.
Validation
Min items1
Max items16
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.tunnel
tunnel defines settings for managing tunnel connections (with behavior like HTTPS_PROXY) to the backend.spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.tunnel.backendRef
backendRef references the proxy server to reach.Supported types:
Service and Backend.Validation
Rule
Must have port for Service reference
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.tunnel.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.tunnel.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.tunnel.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.tunnel.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.tunnel.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
spec.policies.ai.promptGuard.request.bedrockGuardrails.region
Region is the AWS region where the guardrail is deployed (for example,
us-west-2).Validation
Min length1
Max length256
spec.policies.ai.promptGuard.request.bedrockGuardrails.version
GuardrailVersion is the version of the Guardrail policy to use for the backend.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.request.googleModelArmor
googleModelArmor configures Google Model Armor for prompt guarding.spec.policies.ai.promptGuard.request.googleModelArmor.location
Location is the Google Cloud location (for example,
Defaults to
us-central1).Defaults to
us-central1 if not specified.Validation
Defaultus-central1
Min length1
Max length256
spec.policies.ai.promptGuard.request.googleModelArmor.policies
policies controls policies for communicating with Google Model Armor.
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth
auth defines settings for managing authentication to the backend.Validation
Rule
location may only be set for key or passthrough auth
Rule
exactly one of the fields in [key secretRef passthrough aws azure gcp] must be set
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.aws
Auth specifies an explicit AWS authentication method for the backend.
When omitted, we will try to use the default AWS SDK authentication methods.
When omitted, we will try to use the default AWS SDK authentication methods.
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.aws.secretRef
secretRef references a Kubernetes Secret containing the AWScredentials. The
Secret must have keys accessKey, secretKey, andoptionally
sessionToken.Validation
Map typeatomic
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.aws.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.azure
Azure specifies an Azure authentication method for the backend.
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.azure.managedIdentity
Details for managed identity authentication
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.azure.managedIdentity.clientId
No description for this field.
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.azure.managedIdentity.objectId
No description for this field.
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.azure.managedIdentity.resourceId
No description for this field.
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.azure.secretRef
secretRef references a Kubernetes Secret containing the Azurecredentials. The
Secret must have keys clientID, tenantID, andclientSecret.Validation
Map typeatomic
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.azure.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.gcp
Auth specifies to use a Google authentication method for the backend.
When omitted, we will try to use the default AWS SDK authentication methods.
When omitted, we will try to use the default AWS SDK authentication methods.
Validation
Rule
audience is only valid with IdToken
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.gcp.audience
audience allows explicitly configuring the aud of the ID token. Onlyvalid with
IdToken type. If not set, the aud is automaticallyderived from the backend hostname.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.gcp.type
The type of token to generate. To authenticate to GCP services,
generally an
generally an
AccessToken is used. To authenticate to Cloud Run, anIdToken is used.Validation
EnumAccessToken, IdToken
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.key
key provides an inline key to use as the value of theAuthorization header. This option is the least secure; usage of aSecret is preferred.Validation
Max length2048
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.location
location controls where backend credentials are inserted.If omitted, credentials are written to the
Authorization header with the Bearer prefix.This applies to
key, secretRef, and passthrough.Validation
Rule
exactly one of the fields in [header queryParameter cookie] must be set
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.location.cookie
No description for this field.
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.location.cookie.name
No description for this field.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.location.header
No description for this field.
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.location.header.name
HTTPHeaderName is the name of an HTTP header.
Valid values include:
* "Authorization"
* "Set-Cookie"
* "Set-Cookie"
Invalid values include:
- ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.location.header.prefix
No description for this field.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.location.queryParameter
No description for this field.
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.location.queryParameter.name
No description for this field.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.passthrough
passthrough passes through an existing token that has been sent by theclient and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.secretRef
secretRef references a Kubernetes Secret storing the key to use asthe authorization value. This must be stored in the
Authorization key.Validation
Map typeatomic
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.policies.ai.promptGuard.request.googleModelArmor.policies.http
http defines settings for managing HTTP requests to the backend.
spec.policies.ai.promptGuard.request.googleModelArmor.policies.http.requestTimeout
requestTimeout specifies the deadline for receiving a response from the backend.
Validation
Rule
invalid duration value
Rule
requestTimeout must be at least 1ms
spec.policies.ai.promptGuard.request.googleModelArmor.policies.http.version
version specifies the HTTP protocol version to use when connecting tothe backend.
If not specified, the version is automatically determined:
*
Service types can specify it with appProtocol on the Serviceport.
* If traffic is identified as gRPC,
HTTP2 is used.* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS,
HTTP1 will be used. This isbecause most clients will transparently upgrade HTTPS traffic to
HTTP2, even if the backend doesn't support it.Validation
EnumHTTP1, HTTP2
spec.policies.ai.promptGuard.request.googleModelArmor.policies.tcp
tcp defines settings for managing TCP connections to the backend.
spec.policies.ai.promptGuard.request.googleModelArmor.policies.tcp.connectTimeout
connectTimeout defines the deadline for establishing a connection tothe destination.
Validation
Rule
invalid duration value
Rule
connectTimeout must be at least 100ms
spec.policies.ai.promptGuard.request.googleModelArmor.policies.tcp.keepalive
keepAlive defines settings for enabling TCP keepalives on theconnection.
spec.policies.ai.promptGuard.request.googleModelArmor.policies.tcp.keepalive.interval
interval specifies the number of seconds between keep-alive probes.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
interval must be at least 1 second
spec.policies.ai.promptGuard.request.googleModelArmor.policies.tcp.keepalive.retries
retries specifies the maximum number of keep-alive probes to send before dropping the connection.
If unset, this defaults to 9.
If unset, this defaults to 9.
Validation
Formatint32
Minimum1
Maximum64
spec.policies.ai.promptGuard.request.googleModelArmor.policies.tcp.keepalive.time
time specifies the number of seconds a connection needs to be idle before keep-alive probes start being sent.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
time must be at least 1 second
spec.policies.ai.promptGuard.request.googleModelArmor.policies.tls
tls defines settings for managing TLS connections to the backend.
If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to
validate the server, and the SNI will automatically be set based on the destination.
validate the server, and the SNI will automatically be set based on the destination.
Validation
Rule
insecureSkipVerify All and caCertificateRefs may not be set together
Rule
insecureSkipVerify and verifySubjectAltNames may not be set together
Rule
at most one of the fields in [verifySubjectAltNames insecureSkipVerify] may be set
spec.policies.ai.promptGuard.request.googleModelArmor.policies.tls.alpnProtocols
alpnProtocols sets the Application-Layer Protocol Negotiation (ALPN)value to use in the TLS handshake.
If not present, defaults to
["h2", "http/1.1"].Validation
Min items1
Max items16
spec.policies.ai.promptGuard.request.googleModelArmor.policies.tls.caCertificateRefs
caCertificateRefs defines the CA certificate ConfigMap to use toverify the server certificate.
If unset, the system's trusted certificates are used.
Validation
Max items1
List typeatomic
spec.policies.ai.promptGuard.request.googleModelArmor.policies.tls.caCertificateRefs.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.policies.ai.promptGuard.request.googleModelArmor.policies.tls.insecureSkipVerify
insecureSkipVerify originates TLS but skips verification of the backend's certificate.
WARNING: This is an insecure option that should only be used if the risks are understood.
WARNING: This is an insecure option that should only be used if the risks are understood.
There are two modes:
*
*
mismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
if possible.
*
All disables all TLS verification.*
Hostname verifies the CA certificate is trusted, but ignores anymismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
verifySubjectAltNames to customize the valid hostnamesif possible.
Validation
EnumAll, Hostname
spec.policies.ai.promptGuard.request.googleModelArmor.policies.tls.mtlsCertificateRef
mtlsCertificateRef enables mutual TLS to the backend, using thespecified key (
tls.key) and cert (tls.crt) from the referencedSecret.An optional
server certificate. If
ca.cert field, if present, will be used to verify theserver certificate. If
caCertificateRefs is also specified, thecaCertificateRefs field takes priority.If unspecified, no client certificate will be used.
Validation
Max items1
List typeatomic
spec.policies.ai.promptGuard.request.googleModelArmor.policies.tls.mtlsCertificateRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.policies.ai.promptGuard.request.googleModelArmor.policies.tls.sni
sni specifies the Server Name Indicator (SNI) to be used in the TLShandshake. If unset, the
SNI is automatically set based on thedestination hostname.
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Min length1
Max length253
spec.policies.ai.promptGuard.request.googleModelArmor.policies.tls.verifySubjectAltNames
verifySubjectAltNames specifies the Subject Alternative Names (SAN)to verify in the server certificate.
If not present, the destination hostname is automatically used.
Validation
Min items1
Max items16
spec.policies.ai.promptGuard.request.googleModelArmor.policies.tunnel
tunnel defines settings for managing tunnel connections (with behavior like HTTPS_PROXY) to the backend.spec.policies.ai.promptGuard.request.googleModelArmor.policies.tunnel.backendRef
backendRef references the proxy server to reach.Supported types:
Service and Backend.Validation
Rule
Must have port for Service reference
spec.policies.ai.promptGuard.request.googleModelArmor.policies.tunnel.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.policies.ai.promptGuard.request.googleModelArmor.policies.tunnel.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.policies.ai.promptGuard.request.googleModelArmor.policies.tunnel.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
spec.policies.ai.promptGuard.request.googleModelArmor.policies.tunnel.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.policies.ai.promptGuard.request.googleModelArmor.policies.tunnel.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
spec.policies.ai.promptGuard.request.googleModelArmor.projectId
ProjectID is the Google Cloud project ID.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.request.googleModelArmor.templateId
TemplateID is the template ID for Google Model Armor.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.request.openAIModeration
openAIModeration passes prompt data through the OpenAI Moderationsendpoint.
See https://developers.openai.com/api/reference/resources/moderations for more information.
spec.policies.ai.promptGuard.request.openAIModeration.model
model specifies the moderation model to use. For example,omni-moderation.spec.policies.ai.promptGuard.request.openAIModeration.policies
policies controls policies for communicating with OpenAI.
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth
auth defines settings for managing authentication to the backend.Validation
Rule
location may only be set for key or passthrough auth
Rule
exactly one of the fields in [key secretRef passthrough aws azure gcp] must be set
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.aws
Auth specifies an explicit AWS authentication method for the backend.
When omitted, we will try to use the default AWS SDK authentication methods.
When omitted, we will try to use the default AWS SDK authentication methods.
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.aws.secretRef
secretRef references a Kubernetes Secret containing the AWScredentials. The
Secret must have keys accessKey, secretKey, andoptionally
sessionToken.Validation
Map typeatomic
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.aws.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.azure
Azure specifies an Azure authentication method for the backend.
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.azure.managedIdentity
Details for managed identity authentication
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.azure.managedIdentity.clientId
No description for this field.
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.azure.managedIdentity.objectId
No description for this field.
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.azure.managedIdentity.resourceId
No description for this field.
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.azure.secretRef
secretRef references a Kubernetes Secret containing the Azurecredentials. The
Secret must have keys clientID, tenantID, andclientSecret.Validation
Map typeatomic
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.azure.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.gcp
Auth specifies to use a Google authentication method for the backend.
When omitted, we will try to use the default AWS SDK authentication methods.
When omitted, we will try to use the default AWS SDK authentication methods.
Validation
Rule
audience is only valid with IdToken
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.gcp.audience
audience allows explicitly configuring the aud of the ID token. Onlyvalid with
IdToken type. If not set, the aud is automaticallyderived from the backend hostname.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.gcp.type
The type of token to generate. To authenticate to GCP services,
generally an
generally an
AccessToken is used. To authenticate to Cloud Run, anIdToken is used.Validation
EnumAccessToken, IdToken
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.key
key provides an inline key to use as the value of theAuthorization header. This option is the least secure; usage of aSecret is preferred.Validation
Max length2048
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.location
location controls where backend credentials are inserted.If omitted, credentials are written to the
Authorization header with the Bearer prefix.This applies to
key, secretRef, and passthrough.Validation
Rule
exactly one of the fields in [header queryParameter cookie] must be set
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.location.cookie
No description for this field.
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.location.cookie.name
No description for this field.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.location.header
No description for this field.
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.location.header.name
HTTPHeaderName is the name of an HTTP header.
Valid values include:
* "Authorization"
* "Set-Cookie"
* "Set-Cookie"
Invalid values include:
- ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.location.header.prefix
No description for this field.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.location.queryParameter
No description for this field.
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.location.queryParameter.name
No description for this field.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.passthrough
passthrough passes through an existing token that has been sent by theclient and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.secretRef
secretRef references a Kubernetes Secret storing the key to use asthe authorization value. This must be stored in the
Authorization key.Validation
Map typeatomic
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.policies.ai.promptGuard.request.openAIModeration.policies.http
http defines settings for managing HTTP requests to the backend.
spec.policies.ai.promptGuard.request.openAIModeration.policies.http.requestTimeout
requestTimeout specifies the deadline for receiving a response from the backend.
Validation
Rule
invalid duration value
Rule
requestTimeout must be at least 1ms
spec.policies.ai.promptGuard.request.openAIModeration.policies.http.version
version specifies the HTTP protocol version to use when connecting tothe backend.
If not specified, the version is automatically determined:
*
Service types can specify it with appProtocol on the Serviceport.
* If traffic is identified as gRPC,
HTTP2 is used.* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS,
HTTP1 will be used. This isbecause most clients will transparently upgrade HTTPS traffic to
HTTP2, even if the backend doesn't support it.Validation
EnumHTTP1, HTTP2
spec.policies.ai.promptGuard.request.openAIModeration.policies.tcp
tcp defines settings for managing TCP connections to the backend.
spec.policies.ai.promptGuard.request.openAIModeration.policies.tcp.connectTimeout
connectTimeout defines the deadline for establishing a connection tothe destination.
Validation
Rule
invalid duration value
Rule
connectTimeout must be at least 100ms
spec.policies.ai.promptGuard.request.openAIModeration.policies.tcp.keepalive
keepAlive defines settings for enabling TCP keepalives on theconnection.
spec.policies.ai.promptGuard.request.openAIModeration.policies.tcp.keepalive.interval
interval specifies the number of seconds between keep-alive probes.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
interval must be at least 1 second
spec.policies.ai.promptGuard.request.openAIModeration.policies.tcp.keepalive.retries
retries specifies the maximum number of keep-alive probes to send before dropping the connection.
If unset, this defaults to 9.
If unset, this defaults to 9.
Validation
Formatint32
Minimum1
Maximum64
spec.policies.ai.promptGuard.request.openAIModeration.policies.tcp.keepalive.time
time specifies the number of seconds a connection needs to be idle before keep-alive probes start being sent.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
time must be at least 1 second
spec.policies.ai.promptGuard.request.openAIModeration.policies.tls
tls defines settings for managing TLS connections to the backend.
If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to
validate the server, and the SNI will automatically be set based on the destination.
validate the server, and the SNI will automatically be set based on the destination.
Validation
Rule
insecureSkipVerify All and caCertificateRefs may not be set together
Rule
insecureSkipVerify and verifySubjectAltNames may not be set together
Rule
at most one of the fields in [verifySubjectAltNames insecureSkipVerify] may be set
spec.policies.ai.promptGuard.request.openAIModeration.policies.tls.alpnProtocols
alpnProtocols sets the Application-Layer Protocol Negotiation (ALPN)value to use in the TLS handshake.
If not present, defaults to
["h2", "http/1.1"].Validation
Min items1
Max items16
spec.policies.ai.promptGuard.request.openAIModeration.policies.tls.caCertificateRefs
caCertificateRefs defines the CA certificate ConfigMap to use toverify the server certificate.
If unset, the system's trusted certificates are used.
Validation
Max items1
List typeatomic
spec.policies.ai.promptGuard.request.openAIModeration.policies.tls.caCertificateRefs.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.policies.ai.promptGuard.request.openAIModeration.policies.tls.insecureSkipVerify
insecureSkipVerify originates TLS but skips verification of the backend's certificate.
WARNING: This is an insecure option that should only be used if the risks are understood.
WARNING: This is an insecure option that should only be used if the risks are understood.
There are two modes:
*
*
mismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
if possible.
*
All disables all TLS verification.*
Hostname verifies the CA certificate is trusted, but ignores anymismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
verifySubjectAltNames to customize the valid hostnamesif possible.
Validation
EnumAll, Hostname
spec.policies.ai.promptGuard.request.openAIModeration.policies.tls.mtlsCertificateRef
mtlsCertificateRef enables mutual TLS to the backend, using thespecified key (
tls.key) and cert (tls.crt) from the referencedSecret.An optional
server certificate. If
ca.cert field, if present, will be used to verify theserver certificate. If
caCertificateRefs is also specified, thecaCertificateRefs field takes priority.If unspecified, no client certificate will be used.
Validation
Max items1
List typeatomic
spec.policies.ai.promptGuard.request.openAIModeration.policies.tls.mtlsCertificateRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.policies.ai.promptGuard.request.openAIModeration.policies.tls.sni
sni specifies the Server Name Indicator (SNI) to be used in the TLShandshake. If unset, the
SNI is automatically set based on thedestination hostname.
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Min length1
Max length253
spec.policies.ai.promptGuard.request.openAIModeration.policies.tls.verifySubjectAltNames
verifySubjectAltNames specifies the Subject Alternative Names (SAN)to verify in the server certificate.
If not present, the destination hostname is automatically used.
Validation
Min items1
Max items16
spec.policies.ai.promptGuard.request.openAIModeration.policies.tunnel
tunnel defines settings for managing tunnel connections (with behavior like HTTPS_PROXY) to the backend.spec.policies.ai.promptGuard.request.openAIModeration.policies.tunnel.backendRef
backendRef references the proxy server to reach.Supported types:
Service and Backend.Validation
Rule
Must have port for Service reference
spec.policies.ai.promptGuard.request.openAIModeration.policies.tunnel.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.policies.ai.promptGuard.request.openAIModeration.policies.tunnel.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.policies.ai.promptGuard.request.openAIModeration.policies.tunnel.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
spec.policies.ai.promptGuard.request.openAIModeration.policies.tunnel.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.policies.ai.promptGuard.request.openAIModeration.policies.tunnel.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
spec.policies.ai.promptGuard.request.regex
Regular expression (regex) matching for prompt guards and data masking.
spec.policies.ai.promptGuard.request.regex.action
The action to take if a regex pattern is matched in a request or response.
This setting applies only to request matches.
matches are always masked by default.
Defaults to
This setting applies only to request matches.
PromptguardResponsematches are always masked by default.
Defaults to
Mask.Validation
EnumMask, Reject
DefaultMask
spec.policies.ai.promptGuard.request.regex.builtins
A list of built-in regex patterns to match against the request or response.
Matches and built-ins are additive.
Matches and built-ins are additive.
spec.policies.ai.promptGuard.request.regex.matches
A list of regex patterns to match against the request or response.
Matches and built-ins are additive.
Matches and built-ins are additive.
spec.policies.ai.promptGuard.request.response
A custom response message to return to the client. If not specified, defaults to
The request was rejected due to inappropriate content.Validation
Rule
at least one of the fields in [message statusCode] must be set
spec.policies.ai.promptGuard.request.response.message
A custom response message to return to the client. If not specified, defaults to
The request was rejected due to inappropriate content.Validation
DefaultThe request was rejected due to inappropriate content
spec.policies.ai.promptGuard.request.response.statusCode
The status code to return to the client. Defaults to 403.
Validation
Default403
Formatint32
Minimum200
Maximum599
spec.policies.ai.promptGuard.request.webhook
Configure a webhook to forward requests to for prompt guarding.
spec.policies.ai.promptGuard.request.webhook.backendRef
backendRef references the webhook server to reach.
Supported types: Service and Backend.
Validation
Rule
Must have port for Service reference
spec.policies.ai.promptGuard.request.webhook.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.policies.ai.promptGuard.request.webhook.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.policies.ai.promptGuard.request.webhook.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
spec.policies.ai.promptGuard.request.webhook.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.policies.ai.promptGuard.request.webhook.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
spec.policies.ai.promptGuard.request.webhook.forwardHeaderMatches
ForwardHeaderMatches defines a list of HTTP header matches that will be
used to select the headers to forward to the webhook.
Request headers are used when forwarding requests and response headers
are used when forwarding responses.
By default, no headers are forwarded.
used to select the headers to forward to the webhook.
Request headers are used when forwarding requests and response headers
are used when forwarding responses.
By default, no headers are forwarded.
spec.policies.ai.promptGuard.request.webhook.forwardHeaderMatches.name
Name is the name of the HTTP Header to be matched. Name matching MUST be
case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
If multiple entries specify equivalent header names, only the first
entry with an equivalent name MUST be considered for a match. Subsequent
entries with an equivalent header name MUST be ignored. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered
equivalent.
entry with an equivalent name MUST be considered for a match. Subsequent
entries with an equivalent header name MUST be ignored. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered
equivalent.
When a header is repeated in an HTTP request, it is
implementation-specific behavior as to how this is represented.
Generally, proxies should follow the guidance from the RFC:
https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding
processing a repeated header, with special handling for "Set-Cookie".
implementation-specific behavior as to how this is represented.
Generally, proxies should follow the guidance from the RFC:
https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding
processing a repeated header, with special handling for "Set-Cookie".
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.policies.ai.promptGuard.request.webhook.forwardHeaderMatches.type
Type specifies how to match against the value of the header.
Support: Core (Exact)
Support: Implementation-specific (RegularExpression)
Since RegularExpression HeaderMatchType has implementation-specific
conformance, implementations can support POSIX, PCRE or any other dialects
of regular expressions. Please read the implementation's documentation to
determine the supported dialect.
conformance, implementations can support POSIX, PCRE or any other dialects
of regular expressions. Please read the implementation's documentation to
determine the supported dialect.
Validation
EnumExact, RegularExpression
DefaultExact
spec.policies.ai.promptGuard.request.webhook.forwardHeaderMatches.value
Value is the value of HTTP Header to be matched.
<gateway:experimental:description>
Must consist of printable US-ASCII characters, optionally separated
by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2
</gateway:experimental:description>
<gateway:experimental:description>
Must consist of printable US-ASCII characters, optionally separated
by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2
</gateway:experimental:description>
<gateway:experimental:validation:Pattern=
^[!-~]+([\t ]?[!-~]+)*$>Validation
Min length1
Max length4096
spec.policies.ai.promptGuard.response
Prompt guards to apply to responses returned by the LLM provider.
Validation
Min items1
Max items8
spec.policies.ai.promptGuard.response.bedrockGuardrails
bedrockGuardrails configures AWS Bedrock Guardrails for promptguarding.
spec.policies.ai.promptGuard.response.bedrockGuardrails.identifier
GuardrailIdentifier is the identifier of the Guardrail policy to use for the backend.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies
policies controls policies for communicating with AWS Bedrock Guardrails.
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth
auth defines settings for managing authentication to the backend.Validation
Rule
location may only be set for key or passthrough auth
Rule
exactly one of the fields in [key secretRef passthrough aws azure gcp] must be set
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.aws
Auth specifies an explicit AWS authentication method for the backend.
When omitted, we will try to use the default AWS SDK authentication methods.
When omitted, we will try to use the default AWS SDK authentication methods.
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.aws.secretRef
secretRef references a Kubernetes Secret containing the AWScredentials. The
Secret must have keys accessKey, secretKey, andoptionally
sessionToken.Validation
Map typeatomic
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.aws.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.azure
Azure specifies an Azure authentication method for the backend.
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.azure.managedIdentity
Details for managed identity authentication
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.azure.managedIdentity.clientId
No description for this field.
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.azure.managedIdentity.objectId
No description for this field.
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.azure.managedIdentity.resourceId
No description for this field.
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.azure.secretRef
secretRef references a Kubernetes Secret containing the Azurecredentials. The
Secret must have keys clientID, tenantID, andclientSecret.Validation
Map typeatomic
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.azure.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.gcp
Auth specifies to use a Google authentication method for the backend.
When omitted, we will try to use the default AWS SDK authentication methods.
When omitted, we will try to use the default AWS SDK authentication methods.
Validation
Rule
audience is only valid with IdToken
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.gcp.audience
audience allows explicitly configuring the aud of the ID token. Onlyvalid with
IdToken type. If not set, the aud is automaticallyderived from the backend hostname.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.gcp.type
The type of token to generate. To authenticate to GCP services,
generally an
generally an
AccessToken is used. To authenticate to Cloud Run, anIdToken is used.Validation
EnumAccessToken, IdToken
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.key
key provides an inline key to use as the value of theAuthorization header. This option is the least secure; usage of aSecret is preferred.Validation
Max length2048
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.location
location controls where backend credentials are inserted.If omitted, credentials are written to the
Authorization header with the Bearer prefix.This applies to
key, secretRef, and passthrough.Validation
Rule
exactly one of the fields in [header queryParameter cookie] must be set
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.location.cookie
No description for this field.
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.location.cookie.name
No description for this field.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.location.header
No description for this field.
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.location.header.name
HTTPHeaderName is the name of an HTTP header.
Valid values include:
* "Authorization"
* "Set-Cookie"
* "Set-Cookie"
Invalid values include:
- ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.location.header.prefix
No description for this field.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.location.queryParameter
No description for this field.
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.location.queryParameter.name
No description for this field.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.passthrough
passthrough passes through an existing token that has been sent by theclient and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.secretRef
secretRef references a Kubernetes Secret storing the key to use asthe authorization value. This must be stored in the
Authorization key.Validation
Map typeatomic
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.http
http defines settings for managing HTTP requests to the backend.
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.http.requestTimeout
requestTimeout specifies the deadline for receiving a response from the backend.
Validation
Rule
invalid duration value
Rule
requestTimeout must be at least 1ms
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.http.version
version specifies the HTTP protocol version to use when connecting tothe backend.
If not specified, the version is automatically determined:
*
Service types can specify it with appProtocol on the Serviceport.
* If traffic is identified as gRPC,
HTTP2 is used.* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS,
HTTP1 will be used. This isbecause most clients will transparently upgrade HTTPS traffic to
HTTP2, even if the backend doesn't support it.Validation
EnumHTTP1, HTTP2
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.tcp
tcp defines settings for managing TCP connections to the backend.
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.tcp.connectTimeout
connectTimeout defines the deadline for establishing a connection tothe destination.
Validation
Rule
invalid duration value
Rule
connectTimeout must be at least 100ms
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.tcp.keepalive
keepAlive defines settings for enabling TCP keepalives on theconnection.
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.tcp.keepalive.interval
interval specifies the number of seconds between keep-alive probes.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
interval must be at least 1 second
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.tcp.keepalive.retries
retries specifies the maximum number of keep-alive probes to send before dropping the connection.
If unset, this defaults to 9.
If unset, this defaults to 9.
Validation
Formatint32
Minimum1
Maximum64
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.tcp.keepalive.time
time specifies the number of seconds a connection needs to be idle before keep-alive probes start being sent.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
time must be at least 1 second
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.tls
tls defines settings for managing TLS connections to the backend.
If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to
validate the server, and the SNI will automatically be set based on the destination.
validate the server, and the SNI will automatically be set based on the destination.
Validation
Rule
insecureSkipVerify All and caCertificateRefs may not be set together
Rule
insecureSkipVerify and verifySubjectAltNames may not be set together
Rule
at most one of the fields in [verifySubjectAltNames insecureSkipVerify] may be set
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.tls.alpnProtocols
alpnProtocols sets the Application-Layer Protocol Negotiation (ALPN)value to use in the TLS handshake.
If not present, defaults to
["h2", "http/1.1"].Validation
Min items1
Max items16
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.tls.caCertificateRefs
caCertificateRefs defines the CA certificate ConfigMap to use toverify the server certificate.
If unset, the system's trusted certificates are used.
Validation
Max items1
List typeatomic
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.tls.caCertificateRefs.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.tls.insecureSkipVerify
insecureSkipVerify originates TLS but skips verification of the backend's certificate.
WARNING: This is an insecure option that should only be used if the risks are understood.
WARNING: This is an insecure option that should only be used if the risks are understood.
There are two modes:
*
*
mismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
if possible.
*
All disables all TLS verification.*
Hostname verifies the CA certificate is trusted, but ignores anymismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
verifySubjectAltNames to customize the valid hostnamesif possible.
Validation
EnumAll, Hostname
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.tls.mtlsCertificateRef
mtlsCertificateRef enables mutual TLS to the backend, using thespecified key (
tls.key) and cert (tls.crt) from the referencedSecret.An optional
server certificate. If
ca.cert field, if present, will be used to verify theserver certificate. If
caCertificateRefs is also specified, thecaCertificateRefs field takes priority.If unspecified, no client certificate will be used.
Validation
Max items1
List typeatomic
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.tls.mtlsCertificateRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.tls.sni
sni specifies the Server Name Indicator (SNI) to be used in the TLShandshake. If unset, the
SNI is automatically set based on thedestination hostname.
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Min length1
Max length253
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.tls.verifySubjectAltNames
verifySubjectAltNames specifies the Subject Alternative Names (SAN)to verify in the server certificate.
If not present, the destination hostname is automatically used.
Validation
Min items1
Max items16
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.tunnel
tunnel defines settings for managing tunnel connections (with behavior like HTTPS_PROXY) to the backend.spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.tunnel.backendRef
backendRef references the proxy server to reach.Supported types:
Service and Backend.Validation
Rule
Must have port for Service reference
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.tunnel.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.tunnel.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.tunnel.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.tunnel.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.tunnel.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
spec.policies.ai.promptGuard.response.bedrockGuardrails.region
Region is the AWS region where the guardrail is deployed (for example,
us-west-2).Validation
Min length1
Max length256
spec.policies.ai.promptGuard.response.bedrockGuardrails.version
GuardrailVersion is the version of the Guardrail policy to use for the backend.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.response.googleModelArmor
googleModelArmor configures Google Model Armor for prompt guarding.spec.policies.ai.promptGuard.response.googleModelArmor.location
Location is the Google Cloud location (for example,
Defaults to
us-central1).Defaults to
us-central1 if not specified.Validation
Defaultus-central1
Min length1
Max length256
spec.policies.ai.promptGuard.response.googleModelArmor.policies
policies controls policies for communicating with Google Model Armor.
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth
auth defines settings for managing authentication to the backend.Validation
Rule
location may only be set for key or passthrough auth
Rule
exactly one of the fields in [key secretRef passthrough aws azure gcp] must be set
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.aws
Auth specifies an explicit AWS authentication method for the backend.
When omitted, we will try to use the default AWS SDK authentication methods.
When omitted, we will try to use the default AWS SDK authentication methods.
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.aws.secretRef
secretRef references a Kubernetes Secret containing the AWScredentials. The
Secret must have keys accessKey, secretKey, andoptionally
sessionToken.Validation
Map typeatomic
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.aws.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.azure
Azure specifies an Azure authentication method for the backend.
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.azure.managedIdentity
Details for managed identity authentication
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.azure.managedIdentity.clientId
No description for this field.
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.azure.managedIdentity.objectId
No description for this field.
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.azure.managedIdentity.resourceId
No description for this field.
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.azure.secretRef
secretRef references a Kubernetes Secret containing the Azurecredentials. The
Secret must have keys clientID, tenantID, andclientSecret.Validation
Map typeatomic
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.azure.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.gcp
Auth specifies to use a Google authentication method for the backend.
When omitted, we will try to use the default AWS SDK authentication methods.
When omitted, we will try to use the default AWS SDK authentication methods.
Validation
Rule
audience is only valid with IdToken
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.gcp.audience
audience allows explicitly configuring the aud of the ID token. Onlyvalid with
IdToken type. If not set, the aud is automaticallyderived from the backend hostname.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.gcp.type
The type of token to generate. To authenticate to GCP services,
generally an
generally an
AccessToken is used. To authenticate to Cloud Run, anIdToken is used.Validation
EnumAccessToken, IdToken
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.key
key provides an inline key to use as the value of theAuthorization header. This option is the least secure; usage of aSecret is preferred.Validation
Max length2048
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.location
location controls where backend credentials are inserted.If omitted, credentials are written to the
Authorization header with the Bearer prefix.This applies to
key, secretRef, and passthrough.Validation
Rule
exactly one of the fields in [header queryParameter cookie] must be set
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.location.cookie
No description for this field.
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.location.cookie.name
No description for this field.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.location.header
No description for this field.
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.location.header.name
HTTPHeaderName is the name of an HTTP header.
Valid values include:
* "Authorization"
* "Set-Cookie"
* "Set-Cookie"
Invalid values include:
- ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.location.header.prefix
No description for this field.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.location.queryParameter
No description for this field.
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.location.queryParameter.name
No description for this field.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.passthrough
passthrough passes through an existing token that has been sent by theclient and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.secretRef
secretRef references a Kubernetes Secret storing the key to use asthe authorization value. This must be stored in the
Authorization key.Validation
Map typeatomic
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.policies.ai.promptGuard.response.googleModelArmor.policies.http
http defines settings for managing HTTP requests to the backend.
spec.policies.ai.promptGuard.response.googleModelArmor.policies.http.requestTimeout
requestTimeout specifies the deadline for receiving a response from the backend.
Validation
Rule
invalid duration value
Rule
requestTimeout must be at least 1ms
spec.policies.ai.promptGuard.response.googleModelArmor.policies.http.version
version specifies the HTTP protocol version to use when connecting tothe backend.
If not specified, the version is automatically determined:
*
Service types can specify it with appProtocol on the Serviceport.
* If traffic is identified as gRPC,
HTTP2 is used.* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS,
HTTP1 will be used. This isbecause most clients will transparently upgrade HTTPS traffic to
HTTP2, even if the backend doesn't support it.Validation
EnumHTTP1, HTTP2
spec.policies.ai.promptGuard.response.googleModelArmor.policies.tcp
tcp defines settings for managing TCP connections to the backend.
spec.policies.ai.promptGuard.response.googleModelArmor.policies.tcp.connectTimeout
connectTimeout defines the deadline for establishing a connection tothe destination.
Validation
Rule
invalid duration value
Rule
connectTimeout must be at least 100ms
spec.policies.ai.promptGuard.response.googleModelArmor.policies.tcp.keepalive
keepAlive defines settings for enabling TCP keepalives on theconnection.
spec.policies.ai.promptGuard.response.googleModelArmor.policies.tcp.keepalive.interval
interval specifies the number of seconds between keep-alive probes.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
interval must be at least 1 second
spec.policies.ai.promptGuard.response.googleModelArmor.policies.tcp.keepalive.retries
retries specifies the maximum number of keep-alive probes to send before dropping the connection.
If unset, this defaults to 9.
If unset, this defaults to 9.
Validation
Formatint32
Minimum1
Maximum64
spec.policies.ai.promptGuard.response.googleModelArmor.policies.tcp.keepalive.time
time specifies the number of seconds a connection needs to be idle before keep-alive probes start being sent.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
time must be at least 1 second
spec.policies.ai.promptGuard.response.googleModelArmor.policies.tls
tls defines settings for managing TLS connections to the backend.
If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to
validate the server, and the SNI will automatically be set based on the destination.
validate the server, and the SNI will automatically be set based on the destination.
Validation
Rule
insecureSkipVerify All and caCertificateRefs may not be set together
Rule
insecureSkipVerify and verifySubjectAltNames may not be set together
Rule
at most one of the fields in [verifySubjectAltNames insecureSkipVerify] may be set
spec.policies.ai.promptGuard.response.googleModelArmor.policies.tls.alpnProtocols
alpnProtocols sets the Application-Layer Protocol Negotiation (ALPN)value to use in the TLS handshake.
If not present, defaults to
["h2", "http/1.1"].Validation
Min items1
Max items16
spec.policies.ai.promptGuard.response.googleModelArmor.policies.tls.caCertificateRefs
caCertificateRefs defines the CA certificate ConfigMap to use toverify the server certificate.
If unset, the system's trusted certificates are used.
Validation
Max items1
List typeatomic
spec.policies.ai.promptGuard.response.googleModelArmor.policies.tls.caCertificateRefs.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.policies.ai.promptGuard.response.googleModelArmor.policies.tls.insecureSkipVerify
insecureSkipVerify originates TLS but skips verification of the backend's certificate.
WARNING: This is an insecure option that should only be used if the risks are understood.
WARNING: This is an insecure option that should only be used if the risks are understood.
There are two modes:
*
*
mismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
if possible.
*
All disables all TLS verification.*
Hostname verifies the CA certificate is trusted, but ignores anymismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
verifySubjectAltNames to customize the valid hostnamesif possible.
Validation
EnumAll, Hostname
spec.policies.ai.promptGuard.response.googleModelArmor.policies.tls.mtlsCertificateRef
mtlsCertificateRef enables mutual TLS to the backend, using thespecified key (
tls.key) and cert (tls.crt) from the referencedSecret.An optional
server certificate. If
ca.cert field, if present, will be used to verify theserver certificate. If
caCertificateRefs is also specified, thecaCertificateRefs field takes priority.If unspecified, no client certificate will be used.
Validation
Max items1
List typeatomic
spec.policies.ai.promptGuard.response.googleModelArmor.policies.tls.mtlsCertificateRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.policies.ai.promptGuard.response.googleModelArmor.policies.tls.sni
sni specifies the Server Name Indicator (SNI) to be used in the TLShandshake. If unset, the
SNI is automatically set based on thedestination hostname.
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Min length1
Max length253
spec.policies.ai.promptGuard.response.googleModelArmor.policies.tls.verifySubjectAltNames
verifySubjectAltNames specifies the Subject Alternative Names (SAN)to verify in the server certificate.
If not present, the destination hostname is automatically used.
Validation
Min items1
Max items16
spec.policies.ai.promptGuard.response.googleModelArmor.policies.tunnel
tunnel defines settings for managing tunnel connections (with behavior like HTTPS_PROXY) to the backend.spec.policies.ai.promptGuard.response.googleModelArmor.policies.tunnel.backendRef
backendRef references the proxy server to reach.Supported types:
Service and Backend.Validation
Rule
Must have port for Service reference
spec.policies.ai.promptGuard.response.googleModelArmor.policies.tunnel.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.policies.ai.promptGuard.response.googleModelArmor.policies.tunnel.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.policies.ai.promptGuard.response.googleModelArmor.policies.tunnel.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
spec.policies.ai.promptGuard.response.googleModelArmor.policies.tunnel.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.policies.ai.promptGuard.response.googleModelArmor.policies.tunnel.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
spec.policies.ai.promptGuard.response.googleModelArmor.projectId
ProjectID is the Google Cloud project ID.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.response.googleModelArmor.templateId
TemplateID is the template ID for Google Model Armor.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.response.regex
Regular expression (regex) matching for prompt guards and data masking.
spec.policies.ai.promptGuard.response.regex.action
The action to take if a regex pattern is matched in a request or response.
This setting applies only to request matches.
matches are always masked by default.
Defaults to
This setting applies only to request matches.
PromptguardResponsematches are always masked by default.
Defaults to
Mask.Validation
EnumMask, Reject
DefaultMask
spec.policies.ai.promptGuard.response.regex.builtins
A list of built-in regex patterns to match against the request or response.
Matches and built-ins are additive.
Matches and built-ins are additive.
spec.policies.ai.promptGuard.response.regex.matches
A list of regex patterns to match against the request or response.
Matches and built-ins are additive.
Matches and built-ins are additive.
spec.policies.ai.promptGuard.response.response
A custom response message to return to the client. If not specified, defaults to
The response was rejected due to inappropriate content.Validation
Rule
at least one of the fields in [message statusCode] must be set
spec.policies.ai.promptGuard.response.response.message
A custom response message to return to the client. If not specified, defaults to
The request was rejected due to inappropriate content.Validation
DefaultThe request was rejected due to inappropriate content
spec.policies.ai.promptGuard.response.response.statusCode
The status code to return to the client. Defaults to 403.
Validation
Default403
Formatint32
Minimum200
Maximum599
spec.policies.ai.promptGuard.response.webhook
Configure a webhook to forward responses to for prompt guarding.
spec.policies.ai.promptGuard.response.webhook.backendRef
backendRef references the webhook server to reach.
Supported types: Service and Backend.
Validation
Rule
Must have port for Service reference
spec.policies.ai.promptGuard.response.webhook.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.policies.ai.promptGuard.response.webhook.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.policies.ai.promptGuard.response.webhook.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
spec.policies.ai.promptGuard.response.webhook.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.policies.ai.promptGuard.response.webhook.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
spec.policies.ai.promptGuard.response.webhook.forwardHeaderMatches
ForwardHeaderMatches defines a list of HTTP header matches that will be
used to select the headers to forward to the webhook.
Request headers are used when forwarding requests and response headers
are used when forwarding responses.
By default, no headers are forwarded.
used to select the headers to forward to the webhook.
Request headers are used when forwarding requests and response headers
are used when forwarding responses.
By default, no headers are forwarded.
spec.policies.ai.promptGuard.response.webhook.forwardHeaderMatches.name
Name is the name of the HTTP Header to be matched. Name matching MUST be
case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
If multiple entries specify equivalent header names, only the first
entry with an equivalent name MUST be considered for a match. Subsequent
entries with an equivalent header name MUST be ignored. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered
equivalent.
entry with an equivalent name MUST be considered for a match. Subsequent
entries with an equivalent header name MUST be ignored. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered
equivalent.
When a header is repeated in an HTTP request, it is
implementation-specific behavior as to how this is represented.
Generally, proxies should follow the guidance from the RFC:
https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding
processing a repeated header, with special handling for "Set-Cookie".
implementation-specific behavior as to how this is represented.
Generally, proxies should follow the guidance from the RFC:
https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding
processing a repeated header, with special handling for "Set-Cookie".
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.policies.ai.promptGuard.response.webhook.forwardHeaderMatches.type
Type specifies how to match against the value of the header.
Support: Core (Exact)
Support: Implementation-specific (RegularExpression)
Since RegularExpression HeaderMatchType has implementation-specific
conformance, implementations can support POSIX, PCRE or any other dialects
of regular expressions. Please read the implementation's documentation to
determine the supported dialect.
conformance, implementations can support POSIX, PCRE or any other dialects
of regular expressions. Please read the implementation's documentation to
determine the supported dialect.
Validation
EnumExact, RegularExpression
DefaultExact
spec.policies.ai.promptGuard.response.webhook.forwardHeaderMatches.value
Value is the value of HTTP Header to be matched.
<gateway:experimental:description>
Must consist of printable US-ASCII characters, optionally separated
by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2
</gateway:experimental:description>
<gateway:experimental:description>
Must consist of printable US-ASCII characters, optionally separated
by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2
</gateway:experimental:description>
<gateway:experimental:validation:Pattern=
^[!-~]+([\t ]?[!-~]+)*$>Validation
Min length1
Max length4096
spec.policies.ai.routes
routes defines how to identify the type of traffic to handle.The keys are URL path suffixes matched using ends-with comparison, for
example
"/v1/chat/completions".The special
* wildcard matches any path.If not specified, all traffic defaults to
completions type.Documentation References (2)
spec.policies.ai.transformations
Provide CEL transformations to compute and set fields in the request body.
The expression result overwrites any existing value for that field.
This has a higher priority than
key.
The expression result overwrites any existing value for that field.
This has a higher priority than
overrides if both are set for the samekey.
Validation
Min items1
Max items64
spec.policies.ai.transformations.expression
CEL expression used to compute the field value.
Validation
Min length1
Max length16384
spec.policies.ai.transformations.field
The name of the field to set.
Validation
Max length256
spec.policies.auth
auth defines settings for managing authentication to the backend.Validation
Rule
location may only be set for key or passthrough auth
Rule
exactly one of the fields in [key secretRef passthrough aws azure gcp] must be set
Documentation References (15)
spec.policies.auth.aws
Auth specifies an explicit AWS authentication method for the backend.
When omitted, we will try to use the default AWS SDK authentication methods.
When omitted, we will try to use the default AWS SDK authentication methods.
Documentation References (1)
spec.policies.auth.aws.secretRef
secretRef references a Kubernetes Secret containing the AWScredentials. The
Secret must have keys accessKey, secretKey, andoptionally
sessionToken.Validation
Map typeatomic
Documentation References (1)
spec.policies.auth.aws.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Documentation References (1)
spec.policies.auth.azure
Azure specifies an Azure authentication method for the backend.
spec.policies.auth.azure.managedIdentity
Details for managed identity authentication
spec.policies.auth.azure.managedIdentity.clientId
No description for this field.
spec.policies.auth.azure.managedIdentity.objectId
No description for this field.
spec.policies.auth.azure.managedIdentity.resourceId
No description for this field.
spec.policies.auth.azure.secretRef
secretRef references a Kubernetes Secret containing the Azurecredentials. The
Secret must have keys clientID, tenantID, andclientSecret.Validation
Map typeatomic
spec.policies.auth.azure.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.policies.auth.gcp
Auth specifies to use a Google authentication method for the backend.
When omitted, we will try to use the default AWS SDK authentication methods.
When omitted, we will try to use the default AWS SDK authentication methods.
Validation
Rule
audience is only valid with IdToken
spec.policies.auth.gcp.audience
audience allows explicitly configuring the aud of the ID token. Onlyvalid with
IdToken type. If not set, the aud is automaticallyderived from the backend hostname.
Validation
Min length1
Max length256
spec.policies.auth.gcp.type
The type of token to generate. To authenticate to GCP services,
generally an
generally an
AccessToken is used. To authenticate to Cloud Run, anIdToken is used.Validation
EnumAccessToken, IdToken
spec.policies.auth.key
key provides an inline key to use as the value of theAuthorization header. This option is the least secure; usage of aSecret is preferred.Validation
Max length2048
Documentation References (1)
spec.policies.auth.location
location controls where backend credentials are inserted.If omitted, credentials are written to the
Authorization header with the Bearer prefix.This applies to
key, secretRef, and passthrough.Validation
Rule
exactly one of the fields in [header queryParameter cookie] must be set
spec.policies.auth.location.cookie
No description for this field.
spec.policies.auth.location.cookie.name
No description for this field.
Validation
Min length1
Max length256
spec.policies.auth.location.header
No description for this field.
spec.policies.auth.location.header.name
HTTPHeaderName is the name of an HTTP header.
Valid values include:
* "Authorization"
* "Set-Cookie"
* "Set-Cookie"
Invalid values include:
- ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.policies.auth.location.header.prefix
No description for this field.
Validation
Min length1
Max length256
spec.policies.auth.location.queryParameter
No description for this field.
spec.policies.auth.location.queryParameter.name
No description for this field.
Validation
Min length1
Max length256
spec.policies.auth.passthrough
passthrough passes through an existing token that has been sent by theclient and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
Documentation References (1)
spec.policies.auth.secretRef
secretRef references a Kubernetes Secret storing the key to use asthe authorization value. This must be stored in the
Authorization key.Validation
Map typeatomic
Documentation References (14)
spec.policies.auth.secretRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Documentation References (14)
spec.policies.health
health defines settings for passive and active health checking.
spec.policies.health.eviction
Eviction defines settings for evicting unhealthy backends.
spec.policies.health.eviction.consecutiveFailures
ConsecutiveFailures is the number of consecutive unhealthy responses required before the backend is evicted.
For example, a value of 5 means the backend must receive 5 unhealthy responses in a row before being evicted.
When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met.
When neither is set, a single unhealthy response can trigger eviction.
For example, a value of 5 means the backend must receive 5 unhealthy responses in a row before being evicted.
When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met.
When neither is set, a single unhealthy response can trigger eviction.
Validation
Formatint32
Minimum0
spec.policies.health.eviction.duration
Duration specifies the base time a backend should be evicted after being marked unhealthy.
Subsequent evictions use multiplicative backoff (duration * times_evicted).
If all endpoints are evicted, the load balancer falls back to returning evicted endpoints
rather than failing entirely.
If unset, defaults to
Subsequent evictions use multiplicative backoff (duration * times_evicted).
If all endpoints are evicted, the load balancer falls back to returning evicted endpoints
rather than failing entirely.
If unset, defaults to
3s.Validation
Default3s
Rule
invalid duration value
Rule
evictionDuration must be at least 1 second
spec.policies.health.eviction.healthThreshold
HealthThreshold is the EWMA (exponentially-weighted moving average) health score threshold, expressed as 0–100.
When set, a backend is only evicted if its computed health drops below this value after an unhealthy response.
For example, 50 means the backend is evicted when its EWMA health falls below 50% following failures.
Unlike consecutiveFailures (which counts consecutive failures), this uses a sliding-window average
so a single success in a stream of failures can delay eviction.
When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met.
When neither is set, a single unhealthy response triggers eviction.
When set, a backend is only evicted if its computed health drops below this value after an unhealthy response.
For example, 50 means the backend is evicted when its EWMA health falls below 50% following failures.
Unlike consecutiveFailures (which counts consecutive failures), this uses a sliding-window average
so a single success in a stream of failures can delay eviction.
When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met.
When neither is set, a single unhealthy response triggers eviction.
Validation
Formatint32
Minimum0
Maximum100
spec.policies.health.eviction.restoreHealth
RestoreHealth is the health score (0–100) assigned to a backend when it returns from eviction.
For gradual recovery, set below 100; for full recovery immediately, set 100.
If unset, the backend resumes with the health it had when evicted.
For gradual recovery, set below 100; for full recovery immediately, set 100.
If unset, the backend resumes with the health it had when evicted.
Validation
Formatint32
Minimum0
Maximum100
spec.policies.health.unhealthyCondition
UnhealthyCondition is a CEL expression that determines whether a response indicates an unhealthy backend.
When the expression evaluates to true, the backend is considered unhealthy and may be evicted.
When the expression evaluates to true, the backend is considered unhealthy and may be evicted.
For example, to evict on 5xx responses:
response.code >= 500.When unset, any 5xx response, or a connection failure, is treated as unhealthy.
This default lowers the backend's health score but does not trigger eviction on its own.
This default lowers the backend's health score but does not trigger eviction on its own.
Validation
Min length1
Max length16384
spec.policies.http
http defines settings for managing HTTP requests to the backend.
spec.policies.http.requestTimeout
requestTimeout specifies the deadline for receiving a response from the backend.
Validation
Rule
invalid duration value
Rule
requestTimeout must be at least 1ms
spec.policies.http.version
version specifies the HTTP protocol version to use when connecting tothe backend.
If not specified, the version is automatically determined:
*
Service types can specify it with appProtocol on the Serviceport.
* If traffic is identified as gRPC,
HTTP2 is used.* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS,
HTTP1 will be used. This isbecause most clients will transparently upgrade HTTPS traffic to
HTTP2, even if the backend doesn't support it.Validation
EnumHTTP1, HTTP2
spec.policies.mcp
mcp specifies settings for MCP workloads. This is only applicable whenconnecting to a
Backend of type mcp.Validation
Rule
at least one of the fields in [authentication authorization] must be set
spec.policies.mcp.authentication
authentication defines MCPBackend-specific authentication rules.This field is deprecated; prefer to use traffic policy
other policies such as transformation and rate limiting.
jwtAuthentication.mcp, which ensures authentication runs beforeother policies such as transformation and rate limiting.
spec.policies.mcp.authentication.audiences
audiences specifies the list of allowed audiences that are allowedaccess. This corresponds to the
aud claim([RFC 7519 §4.1.3](https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.3)).
If unset, any audience is allowed.
Validation
Min items1
Max items64
spec.policies.mcp.authentication.issuer
issuer identifies the IdP that issued the JWT. This corresponds to theiss claim ([RFC 7519 §4.1.1](https://tools.ietf.org/html/rfc7519#section-4.1.1)).Validation
Min length1
Max length256
spec.policies.mcp.authentication.jwks
jwks defines the remote JSON Web Key used to validate the signature ofthe JWT.
spec.policies.mcp.authentication.jwks.backendRef
backendRef references the remote JWKS server to reach.Supported types are
Service and static Backend. AnAgentgatewayPolicy containing backend TLS config can then be attachedto the
Service or Backend in order to set TLS options for aconnection to the remote
jwks source.Validation
Rule
Must have port for Service reference
spec.policies.mcp.authentication.jwks.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.policies.mcp.authentication.jwks.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.policies.mcp.authentication.jwks.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
spec.policies.mcp.authentication.jwks.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.policies.mcp.authentication.jwks.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
spec.policies.mcp.authentication.jwks.cacheDuration
No description for this field.
Validation
Default5m
Rule
invalid duration value
Rule
cacheDuration must be at least 5m.
spec.policies.mcp.authentication.jwks.jwksPath
Path to the IdP
jwks endpoint, relative to the root, commonly".well-known/jwks.json".Validation
Min length1
Max length2000
spec.policies.mcp.authentication.mode
mode is the validation mode for JWT authentication.Validation
EnumStrict, Optional, Permissive
DefaultStrict
spec.policies.mcp.authentication.provider
provider specifies the identity provider to use for authentication.Validation
EnumAuth0, Keycloak
spec.policies.mcp.authentication.resourceMetadata
ResourceMetadata defines the metadata to use for MCP resources.
spec.policies.mcp.authorization
authorization defines MCPBackend level authorization. Unlike authorization at the HTTP level, which will reject
unauthorized requests with a
unauthorized requests with a
403 error, this policy works at theMCPBackend level.List operations, such as
Items that do not meet the rule will be filtered.
list_tools, will have each item evaluated.Items that do not meet the rule will be filtered.
Get or call operations, such as
item and reject requests that do not meet the rule.
call_tool, will evaluate the specificitem and reject requests that do not meet the rule.
spec.policies.mcp.authorization.action
action defines whether the rule allows, denies, or requires the request ifmatched. If unspecified, the default is
Allow.Require policies are conjunctive across merged policies: all require policies must match.
Validation
EnumAllow, Deny, Require
DefaultAllow
spec.policies.mcp.authorization.policy
policy specifies the authorization rule to evaluate.* For
* For
* For
considered to match, making this a risky policy; prefer to use
Allow rules: any policy allows the request.* For
Require rules: all policies must match for the request to be allowed.* For
Deny rules: any matching policy denies the request. Note: a CEL expression that fails to evaluate is notconsidered to match, making this a risky policy; prefer to use
Require.The presence of at least one
With no rules, all requires are allowed.
Allow rule triggers a deny-by-default policy, requiring at least 1 match to allow.With no rules, all requires are allowed.
spec.policies.mcp.authorization.policy.matchExpressions
MatchExpressions defines a set of conditions that must be satisfied for the rule to match.
These expressions should be in the form of a Common Expression Language
(
These expressions should be in the form of a Common Expression Language
(
CEL) expression.Validation
Min items1
Max items256
spec.policies.tcp
tcp defines settings for managing TCP connections to the backend.
spec.policies.tcp.connectTimeout
connectTimeout defines the deadline for establishing a connection tothe destination.
Validation
Rule
invalid duration value
Rule
connectTimeout must be at least 100ms
spec.policies.tcp.keepalive
keepAlive defines settings for enabling TCP keepalives on theconnection.
spec.policies.tcp.keepalive.interval
interval specifies the number of seconds between keep-alive probes.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
interval must be at least 1 second
spec.policies.tcp.keepalive.retries
retries specifies the maximum number of keep-alive probes to send before dropping the connection.
If unset, this defaults to 9.
If unset, this defaults to 9.
Validation
Formatint32
Minimum1
Maximum64
spec.policies.tcp.keepalive.time
time specifies the number of seconds a connection needs to be idle before keep-alive probes start being sent.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
time must be at least 1 second
spec.policies.tls
tls defines settings for managing TLS connections to the backend.
If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to
validate the server, and the SNI will automatically be set based on the destination.
validate the server, and the SNI will automatically be set based on the destination.
Validation
Rule
insecureSkipVerify All and caCertificateRefs may not be set together
Rule
insecureSkipVerify and verifySubjectAltNames may not be set together
Rule
at most one of the fields in [verifySubjectAltNames insecureSkipVerify] may be set
Documentation References (1)
spec.policies.tls.alpnProtocols
alpnProtocols sets the Application-Layer Protocol Negotiation (ALPN)value to use in the TLS handshake.
If not present, defaults to
["h2", "http/1.1"].Validation
Min items1
Max items16
spec.policies.tls.caCertificateRefs
caCertificateRefs defines the CA certificate ConfigMap to use toverify the server certificate.
If unset, the system's trusted certificates are used.
Validation
Max items1
List typeatomic
spec.policies.tls.caCertificateRefs.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.policies.tls.insecureSkipVerify
insecureSkipVerify originates TLS but skips verification of the backend's certificate.
WARNING: This is an insecure option that should only be used if the risks are understood.
WARNING: This is an insecure option that should only be used if the risks are understood.
There are two modes:
*
*
mismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
if possible.
*
All disables all TLS verification.*
Hostname verifies the CA certificate is trusted, but ignores anymismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
verifySubjectAltNames to customize the valid hostnamesif possible.
Validation
EnumAll, Hostname
spec.policies.tls.mtlsCertificateRef
mtlsCertificateRef enables mutual TLS to the backend, using thespecified key (
tls.key) and cert (tls.crt) from the referencedSecret.An optional
server certificate. If
ca.cert field, if present, will be used to verify theserver certificate. If
caCertificateRefs is also specified, thecaCertificateRefs field takes priority.If unspecified, no client certificate will be used.
Validation
Max items1
List typeatomic
spec.policies.tls.mtlsCertificateRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.policies.tls.sni
sni specifies the Server Name Indicator (SNI) to be used in the TLShandshake. If unset, the
SNI is automatically set based on thedestination hostname.
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Min length1
Max length253
Documentation References (1)
spec.policies.tls.verifySubjectAltNames
verifySubjectAltNames specifies the Subject Alternative Names (SAN)to verify in the server certificate.
If not present, the destination hostname is automatically used.
Validation
Min items1
Max items16
spec.policies.transformation
transformation is used to mutate and transform requests and responses sent to and from the backend.
Validation
Rule
at least one of the fields in [request response] must be set
spec.policies.transformation.request
request is used to modify the request path.Validation
Rule
at least one of the fields in [add body metadata remove set] must be set
spec.policies.transformation.request.add
add is a list of headers to add to the request and what that valueshould be set to. If there is already a header with these values then
append the value as an extra entry.
Validation
Min items1
Max items16
List typemap
List map keysname
spec.policies.transformation.request.add.name
The name of the header to add.
Validation
Pattern^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
Rule
pseudo-headers must be one of :authority, :method, :path, :scheme, or :status
spec.policies.transformation.request.add.value
value is the CEL expression to apply to generate the output value forthe header.
Validation
Min length1
Max length16384
spec.policies.transformation.request.body
body controls manipulation of the HTTP body.Validation
Min length1
Max length16384
spec.policies.transformation.request.metadata
metadata stores CEL-evaluated values under the metadata CEL variablefor subsequent policy evaluations.
metadata is evaluated before headeror body transformations.
Validation
Min properties1
Max properties16
spec.policies.transformation.request.remove
remove is a list of header names to remove from the request orresponse.
Validation
Min items1
Max items16
List typeset
spec.policies.transformation.request.set
set is a list of headers and the value they should be set to.Validation
Min items1
Max items16
List typemap
List map keysname
spec.policies.transformation.request.set.name
The name of the header to add.
Validation
Pattern^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
Rule
pseudo-headers must be one of :authority, :method, :path, :scheme, or :status
spec.policies.transformation.request.set.value
value is the CEL expression to apply to generate the output value forthe header.
Validation
Min length1
Max length16384
spec.policies.transformation.response
response is used to modify the response path.Validation
Rule
at least one of the fields in [add body metadata remove set] must be set
spec.policies.transformation.response.add
add is a list of headers to add to the request and what that valueshould be set to. If there is already a header with these values then
append the value as an extra entry.
Validation
Min items1
Max items16
List typemap
List map keysname
spec.policies.transformation.response.add.name
The name of the header to add.
Validation
Pattern^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
Rule
pseudo-headers must be one of :authority, :method, :path, :scheme, or :status
spec.policies.transformation.response.add.value
value is the CEL expression to apply to generate the output value forthe header.
Validation
Min length1
Max length16384
spec.policies.transformation.response.body
body controls manipulation of the HTTP body.Validation
Min length1
Max length16384
spec.policies.transformation.response.metadata
metadata stores CEL-evaluated values under the metadata CEL variablefor subsequent policy evaluations.
metadata is evaluated before headeror body transformations.
Validation
Min properties1
Max properties16
spec.policies.transformation.response.remove
remove is a list of header names to remove from the request orresponse.
Validation
Min items1
Max items16
List typeset
spec.policies.transformation.response.set
set is a list of headers and the value they should be set to.Validation
Min items1
Max items16
List typemap
List map keysname
spec.policies.transformation.response.set.name
The name of the header to add.
Validation
Pattern^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
Rule
pseudo-headers must be one of :authority, :method, :path, :scheme, or :status
spec.policies.transformation.response.set.value
value is the CEL expression to apply to generate the output value forthe header.
Validation
Min length1
Max length16384
spec.policies.tunnel
tunnel defines settings for managing tunnel connections (with behavior like HTTPS_PROXY) to the backend.spec.policies.tunnel.backendRef
backendRef references the proxy server to reach.Supported types:
Service and Backend.Validation
Rule
Must have port for Service reference
spec.policies.tunnel.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.policies.tunnel.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.policies.tunnel.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
spec.policies.tunnel.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.policies.tunnel.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
spec.static
static represents a static hostname.
Validation
Rule
must specify either unixPath or both host and port
Rule
unixPath and host/port are mutually exclusive
Documentation References (3)
spec.static.host
host to connect to (for TCP backends).
Validation
Min length1
Max length256
Documentation References (3)
spec.static.port
port to connect to (for TCP backends).
Validation
Formatint32
Minimum1
Maximum65535
Documentation References (3)
spec.static.unixPath
unixPath is the filesystem path to a Unix Domain Socket. The gateway pod
must share a volume with the target (e.g., via emptyDir sidecar pattern).
Mutually exclusive with host/port.
must share a volume with the target (e.g., via emptyDir sidecar pattern).
Mutually exclusive with host/port.
Validation
Min length1
status
status defines the current state of AgentgatewayBackend.
status.conditions
Conditions is the list of conditions for the backend.
Validation
Max items8
List typemap
List map keystype
status.conditions.lastTransitionTime
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
Validation
Formatdate-time
status.conditions.message
message is a human readable message indicating details about the transition.
This may be an empty string.
This may be an empty string.
Validation
Max length32768
status.conditions.observedGeneration
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
Validation
Formatint64
Minimum0
status.conditions.reason
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
Validation
Pattern^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
Min length1
Max length1024
status.conditions.status
status of the condition, one of True, False, Unknown.
Validation
EnumTrue, False, Unknown
status.conditions.type
type of condition in CamelCase or in foo.example.com/CamelCase.
Validation
Pattern^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
Max length316
Was this page helpful?
