For the complete documentation index, see llms.txt. Markdown versions of all docs pages are available by appending .md to any docs URL.
AgentgatewayBackend
Use AgentgatewayBackends to configure the target services that agentgateway routes traffic to.
Explore the configuration reference by clicking on a property name or expanding the property types. Use the in-field search bar to search for a property. The reference is also available as a table.agentgateway.dev/v1alpha1
- apiVersionstring
- kindstring
- metadataobject
- *spec
- a2a
- *hoststring
- *portinteger
- ai
- groups
- *providers
- anthropic
- modelstring
- azure
- apiVersionstring
- modelstring
- projectNamestring
- *resourceNamestring
- *resourceTypestring
- azureopenai
- apiVersionstring
- deploymentNamestring
- *endpointstring
- bedrock
- guardrail
- *identifierstring
- *versionstring
- modelstring
- regionstring
- custom
- backendRef
- groupstring
- kindstring
- *namestring
- portinteger
- *formats
- pathstring
- *typestring
- modelstring
- gemini
- modelstring
- hoststring
- *namestring
- openai
- modelstring
- pathstring
- pathPrefixstring
- policies
- ai
- defaults
- *fieldstring
- *valueobject
- modelAliasesobject
- overrides
- *fieldstring
- *valueobject
- prompt
- append
- *contentstring
- *rolestring
- prepend
- *contentstring
- *rolestring
- promptCaching
- cacheMessageOffsetinteger
- cacheMessagesboolean
- cacheSystemboolean
- cacheToolsboolean
- minTokensinteger
- promptGuard
- request
- bedrockGuardrails
- *identifierstring
- policies
- auth
- aws
- assumeRole
- *roleArnstring
- secretRef
- groupstring
- kindstring
- *namestring
- serviceNamestring
- azure
- managedIdentity
- *clientIdstring
- *objectIdstring
- *resourceIdstring
- secretRef
- groupstring
- kindstring
- *namestring
- gcp
- audiencestring
- secretRef
- groupstring
- kindstring
- *namestring
- typestring
- keystring
- location
- cookie
- *namestring
- header
- *namestring
- prefixstring
- queryParameter
- *namestring
- passthroughobject
- secretRef
- groupstring
- kindstring
- *namestring
- http
- requestTimeoutstring
- versionstring
- tcp
- connectTimeoutstring
- keepalive
- intervalstring
- retriesinteger
- timestring
- tls
- alpnProtocolsstring[]
- caCertificateRefs
- namestring
- insecureSkipVerifystring
- keyExchangeGroupsstring[]
- mtlsCertificateRef
- groupstring
- kindstring
- *namestring
- snistring
- verifySubjectAltNamesstring[]
- tunnel
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- *regionstring
- *versionstring
- googleModelArmor
- locationstring
- policies
- auth
- aws
- assumeRole
- *roleArnstring
- secretRef
- groupstring
- kindstring
- *namestring
- serviceNamestring
- azure
- managedIdentity
- *clientIdstring
- *objectIdstring
- *resourceIdstring
- secretRef
- groupstring
- kindstring
- *namestring
- gcp
- audiencestring
- secretRef
- groupstring
- kindstring
- *namestring
- typestring
- keystring
- location
- cookie
- *namestring
- header
- *namestring
- prefixstring
- queryParameter
- *namestring
- passthroughobject
- secretRef
- groupstring
- kindstring
- *namestring
- http
- requestTimeoutstring
- versionstring
- tcp
- connectTimeoutstring
- keepalive
- intervalstring
- retriesinteger
- timestring
- tls
- alpnProtocolsstring[]
- caCertificateRefs
- namestring
- insecureSkipVerifystring
- keyExchangeGroupsstring[]
- mtlsCertificateRef
- groupstring
- kindstring
- *namestring
- snistring
- verifySubjectAltNamesstring[]
- tunnel
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- *projectIdstring
- *templateIdstring
- openAIModeration
- modelstring
- policies
- auth
- aws
- assumeRole
- *roleArnstring
- secretRef
- groupstring
- kindstring
- *namestring
- serviceNamestring
- azure
- managedIdentity
- *clientIdstring
- *objectIdstring
- *resourceIdstring
- secretRef
- groupstring
- kindstring
- *namestring
- gcp
- audiencestring
- secretRef
- groupstring
- kindstring
- *namestring
- typestring
- keystring
- location
- cookie
- *namestring
- header
- *namestring
- prefixstring
- queryParameter
- *namestring
- passthroughobject
- secretRef
- groupstring
- kindstring
- *namestring
- http
- requestTimeoutstring
- versionstring
- tcp
- connectTimeoutstring
- keepalive
- intervalstring
- retriesinteger
- timestring
- tls
- alpnProtocolsstring[]
- caCertificateRefs
- namestring
- insecureSkipVerifystring
- keyExchangeGroupsstring[]
- mtlsCertificateRef
- groupstring
- kindstring
- *namestring
- snistring
- verifySubjectAltNamesstring[]
- tunnel
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- regex
- actionstring
- builtinsstring[]
- matchesstring[]
- response
- messagestring
- statusCodeinteger
- webhook
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- failureModestring
- forwardHeaderMatches
- *namestring
- typestring
- *valuestring
- response
- bedrockGuardrails
- *identifierstring
- policies
- auth
- aws
- assumeRole
- *roleArnstring
- secretRef
- groupstring
- kindstring
- *namestring
- serviceNamestring
- azure
- managedIdentity
- *clientIdstring
- *objectIdstring
- *resourceIdstring
- secretRef
- groupstring
- kindstring
- *namestring
- gcp
- audiencestring
- secretRef
- groupstring
- kindstring
- *namestring
- typestring
- keystring
- location
- cookie
- *namestring
- header
- *namestring
- prefixstring
- queryParameter
- *namestring
- passthroughobject
- secretRef
- groupstring
- kindstring
- *namestring
- http
- requestTimeoutstring
- versionstring
- tcp
- connectTimeoutstring
- keepalive
- intervalstring
- retriesinteger
- timestring
- tls
- alpnProtocolsstring[]
- caCertificateRefs
- namestring
- insecureSkipVerifystring
- keyExchangeGroupsstring[]
- mtlsCertificateRef
- groupstring
- kindstring
- *namestring
- snistring
- verifySubjectAltNamesstring[]
- tunnel
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- *regionstring
- *versionstring
- googleModelArmor
- locationstring
- policies
- auth
- aws
- assumeRole
- *roleArnstring
- secretRef
- groupstring
- kindstring
- *namestring
- serviceNamestring
- azure
- managedIdentity
- *clientIdstring
- *objectIdstring
- *resourceIdstring
- secretRef
- groupstring
- kindstring
- *namestring
- gcp
- audiencestring
- secretRef
- groupstring
- kindstring
- *namestring
- typestring
- keystring
- location
- cookie
- *namestring
- header
- *namestring
- prefixstring
- queryParameter
- *namestring
- passthroughobject
- secretRef
- groupstring
- kindstring
- *namestring
- http
- requestTimeoutstring
- versionstring
- tcp
- connectTimeoutstring
- keepalive
- intervalstring
- retriesinteger
- timestring
- tls
- alpnProtocolsstring[]
- caCertificateRefs
- namestring
- insecureSkipVerifystring
- keyExchangeGroupsstring[]
- mtlsCertificateRef
- groupstring
- kindstring
- *namestring
- snistring
- verifySubjectAltNamesstring[]
- tunnel
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- *projectIdstring
- *templateIdstring
- regex
- actionstring
- builtinsstring[]
- matchesstring[]
- response
- messagestring
- statusCodeinteger
- webhook
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- failureModestring
- forwardHeaderMatches
- *namestring
- typestring
- *valuestring
- routesobject
- transformations
- *expressionstring
- *fieldstring
- auth
- aws
- assumeRole
- *roleArnstring
- secretRef
- groupstring
- kindstring
- *namestring
- serviceNamestring
- azure
- managedIdentity
- *clientIdstring
- *objectIdstring
- *resourceIdstring
- secretRef
- groupstring
- kindstring
- *namestring
- gcp
- audiencestring
- secretRef
- groupstring
- kindstring
- *namestring
- typestring
- keystring
- location
- cookie
- *namestring
- header
- *namestring
- prefixstring
- queryParameter
- *namestring
- passthroughobject
- secretRef
- groupstring
- kindstring
- *namestring
- health
- eviction
- consecutiveFailuresinteger
- durationstring
- healthThresholdinteger
- restoreHealthinteger
- unhealthyConditionstring
- http
- requestTimeoutstring
- versionstring
- tcp
- connectTimeoutstring
- keepalive
- intervalstring
- retriesinteger
- timestring
- tls
- alpnProtocolsstring[]
- caCertificateRefs
- namestring
- insecureSkipVerifystring
- keyExchangeGroupsstring[]
- mtlsCertificateRef
- groupstring
- kindstring
- *namestring
- snistring
- verifySubjectAltNamesstring[]
- transformation
- request
- add
- *namestring
- *valuestring
- bodystring
- metadataobject
- removestring[]
- set
- *namestring
- *valuestring
- response
- add
- *namestring
- *valuestring
- bodystring
- metadataobject
- removestring[]
- set
- *namestring
- *valuestring
- tunnel
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- portinteger
- vertexai
- modelstring
- *projectIdstring
- regionstring
- provider
- anthropic
- modelstring
- azure
- apiVersionstring
- modelstring
- projectNamestring
- *resourceNamestring
- *resourceTypestring
- azureopenai
- apiVersionstring
- deploymentNamestring
- *endpointstring
- bedrock
- guardrail
- *identifierstring
- *versionstring
- modelstring
- regionstring
- custom
- backendRef
- groupstring
- kindstring
- *namestring
- portinteger
- *formats
- pathstring
- *typestring
- modelstring
- gemini
- modelstring
- hoststring
- openai
- modelstring
- pathstring
- pathPrefixstring
- portinteger
- vertexai
- modelstring
- *projectIdstring
- regionstring
- aws
- agentCore
- *agentRuntimeArnstring
- qualifierstring
- dynamicForwardProxyobject
- mcp
- failureModestring
- sessionRoutingstring
- *targets
- *namestring
- selector
- namespaces
- matchExpressions
- *keystring
- *operatorstring
- valuesstring[]
- matchLabelsobject
- services
- matchExpressions
- *keystring
- *operatorstring
- valuesstring[]
- matchLabelsobject
- static
- backendRef
- namestring
- hoststring
- pathstring
- policies
- auth
- aws
- assumeRole
- *roleArnstring
- secretRef
- groupstring
- kindstring
- *namestring
- serviceNamestring
- azure
- managedIdentity
- *clientIdstring
- *objectIdstring
- *resourceIdstring
- secretRef
- groupstring
- kindstring
- *namestring
- gcp
- audiencestring
- secretRef
- groupstring
- kindstring
- *namestring
- typestring
- keystring
- location
- cookie
- *namestring
- header
- *namestring
- prefixstring
- queryParameter
- *namestring
- passthroughobject
- secretRef
- groupstring
- kindstring
- *namestring
- http
- requestTimeoutstring
- versionstring
- tcp
- connectTimeoutstring
- keepalive
- intervalstring
- retriesinteger
- timestring
- tls
- alpnProtocolsstring[]
- caCertificateRefs
- namestring
- insecureSkipVerifystring
- keyExchangeGroupsstring[]
- mtlsCertificateRef
- groupstring
- kindstring
- *namestring
- snistring
- verifySubjectAltNamesstring[]
- tunnel
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- *portinteger
- protocolstring
- policies
- ai
- defaults
- *fieldstring
- *valueobject
- modelAliasesobject
- overrides
- *fieldstring
- *valueobject
- prompt
- append
- *contentstring
- *rolestring
- prepend
- *contentstring
- *rolestring
- promptCaching
- cacheMessageOffsetinteger
- cacheMessagesboolean
- cacheSystemboolean
- cacheToolsboolean
- minTokensinteger
- promptGuard
- request
- bedrockGuardrails
- *identifierstring
- policies
- auth
- aws
- assumeRole
- *roleArnstring
- secretRef
- groupstring
- kindstring
- *namestring
- serviceNamestring
- azure
- managedIdentity
- *clientIdstring
- *objectIdstring
- *resourceIdstring
- secretRef
- groupstring
- kindstring
- *namestring
- gcp
- audiencestring
- secretRef
- groupstring
- kindstring
- *namestring
- typestring
- keystring
- location
- cookie
- *namestring
- header
- *namestring
- prefixstring
- queryParameter
- *namestring
- passthroughobject
- secretRef
- groupstring
- kindstring
- *namestring
- http
- requestTimeoutstring
- versionstring
- tcp
- connectTimeoutstring
- keepalive
- intervalstring
- retriesinteger
- timestring
- tls
- alpnProtocolsstring[]
- caCertificateRefs
- namestring
- insecureSkipVerifystring
- keyExchangeGroupsstring[]
- mtlsCertificateRef
- groupstring
- kindstring
- *namestring
- snistring
- verifySubjectAltNamesstring[]
- tunnel
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- *regionstring
- *versionstring
- googleModelArmor
- locationstring
- policies
- auth
- aws
- assumeRole
- *roleArnstring
- secretRef
- groupstring
- kindstring
- *namestring
- serviceNamestring
- azure
- managedIdentity
- *clientIdstring
- *objectIdstring
- *resourceIdstring
- secretRef
- groupstring
- kindstring
- *namestring
- gcp
- audiencestring
- secretRef
- groupstring
- kindstring
- *namestring
- typestring
- keystring
- location
- cookie
- *namestring
- header
- *namestring
- prefixstring
- queryParameter
- *namestring
- passthroughobject
- secretRef
- groupstring
- kindstring
- *namestring
- http
- requestTimeoutstring
- versionstring
- tcp
- connectTimeoutstring
- keepalive
- intervalstring
- retriesinteger
- timestring
- tls
- alpnProtocolsstring[]
- caCertificateRefs
- namestring
- insecureSkipVerifystring
- keyExchangeGroupsstring[]
- mtlsCertificateRef
- groupstring
- kindstring
- *namestring
- snistring
- verifySubjectAltNamesstring[]
- tunnel
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- *projectIdstring
- *templateIdstring
- openAIModeration
- modelstring
- policies
- auth
- aws
- assumeRole
- *roleArnstring
- secretRef
- groupstring
- kindstring
- *namestring
- serviceNamestring
- azure
- managedIdentity
- *clientIdstring
- *objectIdstring
- *resourceIdstring
- secretRef
- groupstring
- kindstring
- *namestring
- gcp
- audiencestring
- secretRef
- groupstring
- kindstring
- *namestring
- typestring
- keystring
- location
- cookie
- *namestring
- header
- *namestring
- prefixstring
- queryParameter
- *namestring
- passthroughobject
- secretRef
- groupstring
- kindstring
- *namestring
- http
- requestTimeoutstring
- versionstring
- tcp
- connectTimeoutstring
- keepalive
- intervalstring
- retriesinteger
- timestring
- tls
- alpnProtocolsstring[]
- caCertificateRefs
- namestring
- insecureSkipVerifystring
- keyExchangeGroupsstring[]
- mtlsCertificateRef
- groupstring
- kindstring
- *namestring
- snistring
- verifySubjectAltNamesstring[]
- tunnel
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- regex
- actionstring
- builtinsstring[]
- matchesstring[]
- response
- messagestring
- statusCodeinteger
- webhook
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- failureModestring
- forwardHeaderMatches
- *namestring
- typestring
- *valuestring
- response
- bedrockGuardrails
- *identifierstring
- policies
- auth
- aws
- assumeRole
- *roleArnstring
- secretRef
- groupstring
- kindstring
- *namestring
- serviceNamestring
- azure
- managedIdentity
- *clientIdstring
- *objectIdstring
- *resourceIdstring
- secretRef
- groupstring
- kindstring
- *namestring
- gcp
- audiencestring
- secretRef
- groupstring
- kindstring
- *namestring
- typestring
- keystring
- location
- cookie
- *namestring
- header
- *namestring
- prefixstring
- queryParameter
- *namestring
- passthroughobject
- secretRef
- groupstring
- kindstring
- *namestring
- http
- requestTimeoutstring
- versionstring
- tcp
- connectTimeoutstring
- keepalive
- intervalstring
- retriesinteger
- timestring
- tls
- alpnProtocolsstring[]
- caCertificateRefs
- namestring
- insecureSkipVerifystring
- keyExchangeGroupsstring[]
- mtlsCertificateRef
- groupstring
- kindstring
- *namestring
- snistring
- verifySubjectAltNamesstring[]
- tunnel
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- *regionstring
- *versionstring
- googleModelArmor
- locationstring
- policies
- auth
- aws
- assumeRole
- *roleArnstring
- secretRef
- groupstring
- kindstring
- *namestring
- serviceNamestring
- azure
- managedIdentity
- *clientIdstring
- *objectIdstring
- *resourceIdstring
- secretRef
- groupstring
- kindstring
- *namestring
- gcp
- audiencestring
- secretRef
- groupstring
- kindstring
- *namestring
- typestring
- keystring
- location
- cookie
- *namestring
- header
- *namestring
- prefixstring
- queryParameter
- *namestring
- passthroughobject
- secretRef
- groupstring
- kindstring
- *namestring
- http
- requestTimeoutstring
- versionstring
- tcp
- connectTimeoutstring
- keepalive
- intervalstring
- retriesinteger
- timestring
- tls
- alpnProtocolsstring[]
- caCertificateRefs
- namestring
- insecureSkipVerifystring
- keyExchangeGroupsstring[]
- mtlsCertificateRef
- groupstring
- kindstring
- *namestring
- snistring
- verifySubjectAltNamesstring[]
- tunnel
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- *projectIdstring
- *templateIdstring
- regex
- actionstring
- builtinsstring[]
- matchesstring[]
- response
- messagestring
- statusCodeinteger
- webhook
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- failureModestring
- forwardHeaderMatches
- *namestring
- typestring
- *valuestring
- routesobject
- transformations
- *expressionstring
- *fieldstring
- auth
- aws
- assumeRole
- *roleArnstring
- secretRef
- groupstring
- kindstring
- *namestring
- serviceNamestring
- azure
- managedIdentity
- *clientIdstring
- *objectIdstring
- *resourceIdstring
- secretRef
- groupstring
- kindstring
- *namestring
- gcp
- audiencestring
- secretRef
- groupstring
- kindstring
- *namestring
- typestring
- keystring
- location
- cookie
- *namestring
- header
- *namestring
- prefixstring
- queryParameter
- *namestring
- passthroughobject
- secretRef
- groupstring
- kindstring
- *namestring
- extAuth
- backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- cache
- *keystring[]
- maxEntriesinteger
- *ttlstring
- failureModestring
- forwardBody
- *maxSize
- grpc
- contextExtensionsobject
- requestMetadataobject
- http
- addRequestHeadersobject
- allowedRequestHeadersstring[]
- allowedResponseHeadersstring[]
- pathstring
- redirectstring
- responseMetadataobject
- health
- eviction
- consecutiveFailuresinteger
- durationstring
- healthThresholdinteger
- restoreHealthinteger
- unhealthyConditionstring
- http
- requestTimeoutstring
- versionstring
- mcp
- authentication
- audiencesstring[]
- clientIdstring
- issuerstring
- *jwks
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- cacheDurationstring
- *jwksPathstring
- modestring
- providerstring
- resourceMetadataobject
- authorization
- actionstring
- *policy
- *matchExpressionsstring[]
- tcp
- connectTimeoutstring
- keepalive
- intervalstring
- retriesinteger
- timestring
- tls
- alpnProtocolsstring[]
- caCertificateRefs
- namestring
- insecureSkipVerifystring
- keyExchangeGroupsstring[]
- mtlsCertificateRef
- groupstring
- kindstring
- *namestring
- snistring
- verifySubjectAltNamesstring[]
- transformation
- request
- add
- *namestring
- *valuestring
- bodystring
- metadataobject
- removestring[]
- set
- *namestring
- *valuestring
- response
- add
- *namestring
- *valuestring
- bodystring
- metadataobject
- removestring[]
- set
- *namestring
- *valuestring
- tunnel
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- static
- hoststring
- portinteger
- unixPathstring
- status
- conditions
- *lastTransitionTimestring
- *messagestring
- observedGenerationinteger
- *reasonstring
- *statusstring
- *typestring
apiVersion
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
kind
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
metadata
No description for this field.
spec
Desired backend configuration.
Validation
Rule
AI policies require AI backend
Rule
MCP policies require MCP backend
Rule
exactly one of the fields in [ai static dynamicForwardProxy mcp aws a2a] must be set
spec.a2a
A2A backend.
spec.a2a.host
Hostname or IP address of the A2A backend.
Validation
Min length1
Max length256
spec.a2a.port
Port number of the A2A backend.
Validation
Formatint32
Minimum1
Maximum65535
spec.ai
LLM backend.
Validation
Rule
exactly one of the fields in [provider groups] must be set
Documentation References (23)
spec.ai.groups
Groups in priority order, where each group
defines a set of LLM providers. The priority determines the priority of
the backend endpoints chosen.
Note: provider names must be unique across all providers in all priority
groups. Backend policies may target a specific provider by name using
defines a set of LLM providers. The priority determines the priority of
the backend endpoints chosen.
Note: provider names must be unique across all providers in all priority
groups. Backend policies may target a specific provider by name using
targetRefs[].sectionName.Example configuration with two priority groups:
groups:
- providers:
- azureopenai:
deploymentName: gpt-4o-mini
apiVersion: 2024-02-15-preview
endpoint: ai-gateway.openai.azure.com
- providers:
- azureopenai:
deploymentName: gpt-4o-mini-2
apiVersion: 2024-02-15-preview
endpoint: ai-gateway-2.openai.azure.com
policies:
auth:
secretRef:
name: azure-secretValidation
Min items1
Max items8
Documentation References (2)
spec.ai.groups.providers
LLM providers within this group. Each provider is treated equally in terms of priority,
with automatic weighting based on health.
with automatic weighting based on health.
Validation
Min items1
Max items16
Rule
provider names must be unique within a group
Documentation References (2)
spec.ai.groups.providers.anthropic
Anthropic provider settings.
Documentation References (1)
spec.ai.groups.providers.anthropic.model
Model name override, such as
If unset, the model name is taken from the request.
gpt-4o-mini.If unset, the model name is taken from the request.
Validation
Min length1
Max length256
Documentation References (1)
spec.ai.groups.providers.azure
Azure provider with resource-based configuration.
Supports both Azure OpenAI and Azure AI Foundry resource types.
Supports both Azure OpenAI and Azure AI Foundry resource types.
Validation
Rule
projectName is required when resourceType is Foundry
spec.ai.groups.providers.azure.apiVersion
The version of the Azure OpenAI API to use.
If unset, defaults to
If unset, defaults to
v1.Validation
Min length1
Max length64
spec.ai.groups.providers.azure.model
Model name override, such as
If unset, the model name is taken from the request.
gpt-4o-mini.If unset, the model name is taken from the request.
Validation
Min length1
Max length256
spec.ai.groups.providers.azure.projectName
The Foundry project name, required when
Used to construct paths: /api/projects/{projectName}/openai/v1/...
resourceType is Foundry.Used to construct paths: /api/projects/{projectName}/openai/v1/...
Validation
Min length1
Max length256
spec.ai.groups.providers.azure.resourceName
The Azure resource name used to construct the endpoint host.
For OpenAI: {resourceName}.openai.azure.com
For Foundry: {resourceName}.services.ai.azure.com
Note: when the Azure portal "Foundry legacy" template was used, the
generated resource name may end in "-resource" (e.g. "myproject-resource");
that suffix is part of the resource name as the user configured it, not
part of the hostname suffix agentgateway should append.
For OpenAI: {resourceName}.openai.azure.com
For Foundry: {resourceName}.services.ai.azure.com
Note: when the Azure portal "Foundry legacy" template was used, the
generated resource name may end in "-resource" (e.g. "myproject-resource");
that suffix is part of the resource name as the user configured it, not
part of the hostname suffix agentgateway should append.
Validation
Min length1
Max length256
spec.ai.groups.providers.azure.resourceType
The type of Azure endpoint. Determines the host suffix.
Validation
EnumFoundry, OpenAI
spec.ai.groups.providers.azureopenai
Azure OpenAI provider settings.
Validation
Rule
deploymentName is required for this apiVersion
spec.ai.groups.providers.azureopenai.apiVersion
The version of the Azure OpenAI API to use.
For more information, see the [Azure OpenAI API version reference](https://learn.microsoft.com/en-us/azure/foundry/openai/reference).
If unset, defaults to
For more information, see the [Azure OpenAI API version reference](https://learn.microsoft.com/en-us/azure/foundry/openai/reference).
If unset, defaults to
v1.Validation
Min length1
Max length64
spec.ai.groups.providers.azureopenai.deploymentName
The name of the Azure OpenAI model deployment to use.
For more information, see the [Azure OpenAI model docs](https://learn.microsoft.com/en-us/azure/foundry/foundry-models/concepts/models-sold-directly-by-azure?view=foundry-classic).
This is required if
set in the request.
For more information, see the [Azure OpenAI model docs](https://learn.microsoft.com/en-us/azure/foundry/foundry-models/concepts/models-sold-directly-by-azure?view=foundry-classic).
This is required if
apiVersion is not v1. For v1, the model can beset in the request.
Validation
Min length1
Max length256
spec.ai.groups.providers.azureopenai.endpoint
The endpoint for the Azure OpenAI API to use, such as
If the scheme is included, it is stripped.
my-endpoint.openai.azure.com.If the scheme is included, it is stripped.
Validation
Min length1
Max length256
spec.ai.groups.providers.bedrock
Bedrock provider settings.
spec.ai.groups.providers.bedrock.guardrail
Guardrail policy to use for the backend. See
<https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails.html>.
If not specified, the AWS Guardrail policy will not be used.
<https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails.html>.
If not specified, the AWS Guardrail policy will not be used.
spec.ai.groups.providers.bedrock.guardrail.identifier
Identifier of the Guardrail policy to use for the backend.
Validation
Min length1
Max length256
spec.ai.groups.providers.bedrock.guardrail.version
Version of the Guardrail policy to use for the backend.
Validation
Min length1
Max length256
spec.ai.groups.providers.bedrock.model
Model name override, such as
If unset, the model name is taken from the request.
gpt-4o-mini.If unset, the model name is taken from the request.
Validation
Min length1
Max length256
spec.ai.groups.providers.bedrock.region
AWS region to use for the backend.
Defaults to
Defaults to
us-east-1 if not specified.Validation
Defaultus-east-1
Pattern^[a-z0-9-]+$
Min length1
Max length63
spec.ai.groups.providers.custom
Custom provider configures a non-managed or self-hosted LLM provider.
Use this when the provider target and API formats should be declared
explicitly instead of inferred from a managed provider such as OpenAI or
Anthropic.
Use this when the provider target and API formats should be declared
explicitly instead of inferred from a managed provider such as OpenAI or
Anthropic.
Validation
Rule
custom provider backendRef may target only Service or InferencePool
spec.ai.groups.providers.custom.backendRef
Kubernetes backend that serves this provider.
If unset, host and port must be set on the parent provider.
backendRef may target only a namespace-local Service or InferencePool.If unset, host and port must be set on the parent provider.
Validation
Rule
Must have port for Service reference
spec.ai.groups.providers.custom.backendRef.group
API group of the referenced resource. For example,
When unspecified or empty string, core API group is inferred.
gateway.networking.k8s.io.When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.ai.groups.providers.custom.backendRef.kind
Kind of the referenced resource. For example,
Defaults to "Service" when not specified.
Service.Defaults to "Service" when not specified.
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.ai.groups.providers.custom.backendRef.name
Name of the referenced resource.
Validation
Min length1
Max length253
spec.ai.groups.providers.custom.backendRef.port
Destination port number to use for this resource.
Required when the referenced resource is a Kubernetes Service.
Required when the referenced resource is a Kubernetes Service.
Validation
Formatint32
Minimum1
Maximum65535
spec.ai.groups.providers.custom.formats
Provider-native API formats this provider supports.
Validation
Min items1
Max items6
List typemap
List map keystype
spec.ai.groups.providers.custom.formats.path
Default upstream path override for this format.
If unset, agentgateway uses the default path for the format.
If unset, agentgateway uses the default path for the format.
Validation
Min length1
Max length1024
spec.ai.groups.providers.custom.formats.type
Provider-native API format.
Validation
EnumAnthropicTokenCount, Completions, Embeddings, Messages, Realtime, Rerank, Responses
spec.ai.groups.providers.custom.model
Model name override, such as
If unset, the model name is taken from the request.
gpt-oss.If unset, the model name is taken from the request.
Validation
Min length1
Max length256
spec.ai.groups.providers.gemini
Gemini provider settings.
spec.ai.groups.providers.gemini.model
Model name override, such as
If unset, the model name is taken from the request.
gemini-2.5-pro.If unset, the model name is taken from the request.
Validation
Min length1
Max length256
spec.ai.groups.providers.host
Hostname to send requests to.
For custom providers without backendRef, host and port specify the target.
For managed providers, host and port override the provider default.
For custom providers without backendRef, host and port specify the target.
For managed providers, host and port override the provider default.
Validation
Min length1
Max length256
spec.ai.groups.providers.name
Name of the provider. Policies can target this provider by name.
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Min length1
Max length253
Documentation References (2)
spec.ai.groups.providers.openai
OpenAI provider settings.
Documentation References (2)
spec.ai.groups.providers.openai.model
Model name override, such as
If unset, the model name is taken from the request.
gpt-4o-mini.If unset, the model name is taken from the request.
Validation
Min length1
Max length256
Documentation References (2)
spec.ai.groups.providers.path
URL path to use for LLM provider API requests.
This is useful when you need to route requests to a different API endpoint while maintaining
compatibility with the original provider's API structure.
If not specified, the default path for the provider is used.
This is useful when you need to route requests to a different API endpoint while maintaining
compatibility with the original provider's API structure.
If not specified, the default path for the provider is used.
Validation
Min length1
Max length1024
spec.ai.groups.providers.pathPrefix
Overrides the default base path prefix, such as
Path translation for cross-format requests still applies using this prefix.
Only supported for OpenAI and Anthropic providers.
/v1, for upstream requests.Path translation for cross-format requests still applies using this prefix.
Only supported for OpenAI and Anthropic providers.
Validation
Min length1
Max length1024
spec.ai.groups.providers.policies
Policies for communicating with this backend.
Policies may also be set in
order:
LLM provider (this field).
Policies may also be set in
AgentgatewayPolicy, or in the top-levelAgentgatewayBackend. Policies are merged on a field-level basis, withorder:
AgentgatewayPolicy < AgentgatewayBackend < AgentgatewayBackendLLM provider (this field).
Validation
Rule
at least one of the fields in [ai auth health http tcp tls transformation tunnel] must be set
Documentation References (2)
spec.ai.groups.providers.policies.ai
Settings for AI workloads. This is only applicable when
connecting to a
connecting to a
Backend of type ai.Validation
Rule
at least one of the fields in [defaults modelAliases overrides prompt promptCaching promptGuard routes transformations] must be set
spec.ai.groups.providers.policies.ai.defaults
Defaults to merge with user input fields. If the field is already set, the field in the request is used.
Validation
Min items1
Max items64
spec.ai.groups.providers.policies.ai.defaults.field
Name of the field.
Validation
Max length256
spec.ai.groups.providers.policies.ai.defaults.value
Default value for the field. This can be any JSON data type.
Validation
Preserve unknown fieldstrue
spec.ai.groups.providers.policies.ai.modelAliases
Maps friendly model names to actual provider model names.
Example:
Note: This field is only applicable when using the agentgateway data plane.
Example:
{"fast": "gpt-3.5-turbo", "smart": "gpt-4-turbo"}.Note: This field is only applicable when using the agentgateway data plane.
Validation
Max properties64
spec.ai.groups.providers.policies.ai.overrides
Overrides to merge with user input fields. If the field is already set, the field is overwritten.
Validation
Min items1
Max items64
spec.ai.groups.providers.policies.ai.overrides.field
Name of the field.
Validation
Max length256
spec.ai.groups.providers.policies.ai.overrides.value
Default value for the field. This can be any JSON data type.
Validation
Preserve unknown fieldstrue
spec.ai.groups.providers.policies.ai.prompt
Enriches requests sent to the LLM provider by appending and prepending system prompts. This can be configured only for
LLM providers that use the
LLM providers that use the
CHAT or CHAT_STREAMING API route type.spec.ai.groups.providers.policies.ai.prompt.append
Messages to append to the prompt sent by the client.
spec.ai.groups.providers.policies.ai.prompt.append.content
String content of the message.
spec.ai.groups.providers.policies.ai.prompt.append.role
Role of the message. The available roles depend on the backend
LLM provider model, such as
LLM provider model, such as
SYSTEM or USER in the OpenAI API.spec.ai.groups.providers.policies.ai.prompt.prepend
Messages to prepend to the prompt sent by the client.
spec.ai.groups.providers.policies.ai.prompt.prepend.content
String content of the message.
spec.ai.groups.providers.policies.ai.prompt.prepend.role
Role of the message. The available roles depend on the backend
LLM provider model, such as
LLM provider model, such as
SYSTEM or USER in the OpenAI API.spec.ai.groups.providers.policies.ai.promptCaching
Automatic prompt caching for supported
providers, currently AWS Bedrock.
Reduces API costs by caching static content like system prompts and tool definitions.
Only applicable for Bedrock Claude 3+ and Nova models.
providers, currently AWS Bedrock.
Reduces API costs by caching static content like system prompts and tool definitions.
Only applicable for Bedrock Claude 3+ and Nova models.
spec.ai.groups.providers.policies.ai.promptCaching.cacheMessageOffset
Shifts the message cache point further back in the
conversation. 0 (default) places it at the second-to-last message.
Higher values move it N additional messages towards the start, clamped
to bounds.
conversation. 0 (default) places it at the second-to-last message.
Higher values move it N additional messages towards the start, clamped
to bounds.
Validation
Default0
Minimum0
spec.ai.groups.providers.policies.ai.promptCaching.cacheMessages
Enables caching for conversation messages.
Caches all messages in the conversation for cost savings.
Caches all messages in the conversation for cost savings.
Validation
Defaulttrue
spec.ai.groups.providers.policies.ai.promptCaching.cacheSystem
Enables caching for system prompts.
Inserts a cache point after all system messages.
Inserts a cache point after all system messages.
Validation
Defaulttrue
spec.ai.groups.providers.policies.ai.promptCaching.cacheTools
Enables caching for tool definitions.
Inserts a cache point after all tool specifications.
Inserts a cache point after all tool specifications.
Validation
Defaultfalse
spec.ai.groups.providers.policies.ai.promptCaching.minTokens
Minimum estimated token count
before caching is enabled. Uses rough heuristic (word count × 1.3) to estimate tokens.
Bedrock requires at least 1,024 tokens for caching to be effective.
before caching is enabled. Uses rough heuristic (word count × 1.3) to estimate tokens.
Bedrock requires at least 1,024 tokens for caching to be effective.
Validation
Default1024
Minimum0
spec.ai.groups.providers.policies.ai.promptGuard
Guardrails for LLM requests and responses.
Validation
Rule
at least one of the fields in [request response] must be set
spec.ai.groups.providers.policies.ai.promptGuard.request
Prompt guards to apply to requests sent by the client.
Validation
Min items1
Max items8
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails
AWS Bedrock Guardrails settings for prompt
guarding.
guarding.
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.identifier
Identifier of the Guardrail policy to use for the backend.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies
Policies for communicating with AWS Bedrock Guardrails.
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth
Settings for managing authentication to the backend.
Validation
Rule
location may only be set for key or passthrough auth
Rule
exactly one of the fields in [key secretRef passthrough aws azure gcp] must be set
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.aws
Explicit AWS authentication method for the backend.
When omitted, default AWS SDK credential discovery is used.
When omitted, default AWS SDK credential discovery is used.
Validation
Rule
secretRef and assumeRole are mutually exclusive
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.aws.assumeRole
AWS STS AssumeRole settings to use before signing backend requests.
Ambient AWS credentials are used as the source credentials for STS.
Ambient AWS credentials are used as the source credentials for STS.
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.aws.assumeRole.roleArn
AWS IAM role ARN to assume.
Validation
Pattern^arn:aws[a-z-]*:iam::[0-9]{12}:role/.+$
Min length1
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.aws.secretRef
Credential source, defaulting to a Kubernetes
resolver, the
optionally
Secret, containing the AWS credentials. When using the default Secretresolver, the
Secret must have keys accessKey, secretKey, andoptionally
sessionToken.Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.aws.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.aws.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.aws.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.aws.serviceName
AWS SigV4 signing service name, for example
backends may provide this automatically.
bedrock, bedrock-agentcore, or execute-api). If unset, typed AWSbackends may provide this automatically.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.azure
Azure authentication method for the backend.
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.azure.managedIdentity
Managed identity authentication settings.
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.azure.managedIdentity.clientId
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.azure.managedIdentity.objectId
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.azure.managedIdentity.resourceId
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.azure.secretRef
Credential source, defaulting to a Kubernetes
resolver, the
Secret, containing the Azure credentials. When using the default Secretresolver, the
Secret must have keys clientID, tenantID, andclientSecret.Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.azure.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.azure.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.azure.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.gcp
Google authentication method for the backend.
When omitted, default Google credential discovery is used.
When omitted, default Google credential discovery is used.
Validation
Rule
audience is only valid with IdToken
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.gcp.audience
Explicit
valid with
derived from the backend hostname.
aud value for the ID token. Onlyvalid with
IdToken type. If not set, the aud is automaticallyderived from the backend hostname.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.gcp.secretRef
Credential source, defaulting to a Kubernetes
the default Secret resolver, this must be stored in the
key. When omitted, ambient credentials are used.
Secret, containing ADC-compatible Google credential JSON. When usingthe default Secret resolver, this must be stored in the
credentials.jsonkey. When omitted, ambient credentials are used.
Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.gcp.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.gcp.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.gcp.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.gcp.type
The type of token to generate. To authenticate to GCP services,
generally an
generally an
AccessToken is used. To authenticate to Cloud Run, anIdToken is used.Validation
EnumAccessToken, IdToken
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.key
Inline key to use as the value of the
Authorization header. This option is the least secure; usage of aSecret is preferred.Validation
Max length2048
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.location
Where backend credentials are inserted.
If omitted, credentials are written to the
This applies to
If omitted, credentials are written to the
Authorization header with the Bearer prefix.This applies to
key, secretRef, and passthrough.Validation
Rule
exactly one of the fields in [header queryParameter cookie] must be set
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.location.cookie
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.location.cookie.name
No description for this field.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.location.header
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.location.header.name
HTTPHeaderName is the name of an HTTP header.
Valid values include:
* "Authorization"
* "Set-Cookie"
* "Set-Cookie"
Invalid values include:
- ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.location.header.prefix
No description for this field.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.location.queryParameter
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.location.queryParameter.name
No description for this field.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.passthrough
Passes through an existing token that has been sent by the
client and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
client and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.secretRef
Credential source, defaulting to a Kubernetes
the default Secret resolver, this must be stored in the
key.
Secret, storing the key to use as the authorization value. When usingthe default Secret resolver, this must be stored in the
Authorizationkey.
Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.http
Settings for managing HTTP requests to the backend.
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.http.requestTimeout
Deadline for receiving a response from the backend.
Validation
Rule
invalid duration value
Rule
requestTimeout must be at least 1ms
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.http.version
HTTP protocol version to use when connecting to
the backend.
If not specified, the version is automatically determined:
*
port.
* If traffic is identified as gRPC,
* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS,
because most clients will transparently upgrade HTTPS traffic to
the backend.
If not specified, the version is automatically determined:
*
Service types can specify it with appProtocol on the Serviceport.
* If traffic is identified as gRPC,
HTTP2 is used.* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS,
HTTP1 will be used. This isbecause most clients will transparently upgrade HTTPS traffic to
HTTP2, even if the backend doesn't support it.Validation
EnumHTTP1, HTTP2
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.tcp
Settings for managing TCP connections to the backend.
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.tcp.connectTimeout
Deadline for establishing a connection to
the destination.
the destination.
Validation
Rule
invalid duration value
Rule
connectTimeout must be at least 100ms
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.tcp.keepalive
Settings for enabling TCP keepalives on the
connection.
connection.
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.tcp.keepalive.interval
Time between keepalive probes.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
interval must be at least 1 second
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.tcp.keepalive.retries
Maximum number of keepalive probes to send before dropping the connection.
If unset, this defaults to 9.
If unset, this defaults to 9.
Validation
Formatint32
Minimum1
Maximum64
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.tcp.keepalive.time
Time a connection needs to be idle before keepalive probes start being sent.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
time must be at least 1 second
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.tls
Settings for managing TLS connections to the backend.
If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to
validate the server, and the SNI will automatically be set based on the destination.
validate the server, and the SNI will automatically be set based on the destination.
Validation
Rule
insecureSkipVerify All and caCertificateRefs may not be set together
Rule
insecureSkipVerify and verifySubjectAltNames may not be set together
Rule
at most one of the fields in [verifySubjectAltNames insecureSkipVerify] may be set
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.tls.alpnProtocols
Application-Layer Protocol Negotiation (
value to use in the TLS handshake.
ALPN)value to use in the TLS handshake.
If not present, defaults to
["h2", "http/1.1"].Validation
Min items1
Max items16
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.tls.caCertificateRefs
CA certificate
verify the server certificate.
If unset, the system's trusted certificates are used.
ConfigMap to use toverify the server certificate.
If unset, the system's trusted certificates are used.
Validation
Max items1
List typeatomic
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.tls.caCertificateRefs.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.tls.insecureSkipVerify
Originates TLS but skips verification of the backend's certificate.
WARNING: This is an insecure option that should only be used if the risks are understood.
WARNING: This is an insecure option that should only be used if the risks are understood.
There are two modes:
*
*
mismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
if possible.
*
All disables all TLS verification.*
Hostname verifies the CA certificate is trusted, but ignores anymismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
verifySubjectAltNames to customize the valid hostnamesif possible.
Validation
EnumAll, Hostname
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.tls.keyExchangeGroups
Ordered list of key exchange groups for a TLS connection.
For example:
For example:
X25519_MLKEM768,X25519.spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.tls.mtlsCertificateRef
Enables mutual TLS to the backend, using the
specified key (
credential source, defaulting to a Kubernetes
specified key (
tls.key) and cert (tls.crt) from the referencedcredential source, defaulting to a Kubernetes
Secret.An optional
server certificate. If
ca.cert field, if present, will be used to verify theserver certificate. If
caCertificateRefs is also specified, thecaCertificateRefs field takes priority.If unspecified, no client certificate will be used.
Validation
Max items1
List typeatomic
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.tls.mtlsCertificateRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.tls.mtlsCertificateRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.tls.mtlsCertificateRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.tls.sni
Server Name Indicator (
handshake. If unset, the
destination hostname.
SNI) to use in the TLShandshake. If unset, the
SNI is automatically set based on thedestination hostname.
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Min length1
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.tls.verifySubjectAltNames
Subject Alternative Names (
to verify in the server certificate.
If not present, the destination hostname is automatically used.
SAN)to verify in the server certificate.
If not present, the destination hostname is automatically used.
Validation
Min items1
Max items16
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.tunnel
Settings for managing tunnel connections, with behavior like
HTTPS_PROXY, to the backend.spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.tunnel.backendRef
Proxy server to reach.
Supported types:
Supported types:
Service and Backend.Validation
Rule
Must have port for Service reference
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.tunnel.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.tunnel.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.tunnel.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.tunnel.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.policies.tunnel.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.region
AWS region where the guardrail is deployed, for example
us-west-2).Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.request.bedrockGuardrails.version
Version of the Guardrail policy to use for the backend.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor
Google Model Armor settings for prompt guarding.
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.location
Google Cloud location, for example
Defaults to
us-central1.Defaults to
us-central1 if not specified.Validation
Defaultus-central1
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies
Policies for communicating with Google Model Armor.
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth
Settings for managing authentication to the backend.
Validation
Rule
location may only be set for key or passthrough auth
Rule
exactly one of the fields in [key secretRef passthrough aws azure gcp] must be set
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.aws
Explicit AWS authentication method for the backend.
When omitted, default AWS SDK credential discovery is used.
When omitted, default AWS SDK credential discovery is used.
Validation
Rule
secretRef and assumeRole are mutually exclusive
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.aws.assumeRole
AWS STS AssumeRole settings to use before signing backend requests.
Ambient AWS credentials are used as the source credentials for STS.
Ambient AWS credentials are used as the source credentials for STS.
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.aws.assumeRole.roleArn
AWS IAM role ARN to assume.
Validation
Pattern^arn:aws[a-z-]*:iam::[0-9]{12}:role/.+$
Min length1
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.aws.secretRef
Credential source, defaulting to a Kubernetes
resolver, the
optionally
Secret, containing the AWS credentials. When using the default Secretresolver, the
Secret must have keys accessKey, secretKey, andoptionally
sessionToken.Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.aws.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.aws.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.aws.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.aws.serviceName
AWS SigV4 signing service name, for example
backends may provide this automatically.
bedrock, bedrock-agentcore, or execute-api). If unset, typed AWSbackends may provide this automatically.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.azure
Azure authentication method for the backend.
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.azure.managedIdentity
Managed identity authentication settings.
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.azure.managedIdentity.clientId
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.azure.managedIdentity.objectId
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.azure.managedIdentity.resourceId
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.azure.secretRef
Credential source, defaulting to a Kubernetes
resolver, the
Secret, containing the Azure credentials. When using the default Secretresolver, the
Secret must have keys clientID, tenantID, andclientSecret.Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.azure.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.azure.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.azure.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.gcp
Google authentication method for the backend.
When omitted, default Google credential discovery is used.
When omitted, default Google credential discovery is used.
Validation
Rule
audience is only valid with IdToken
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.gcp.audience
Explicit
valid with
derived from the backend hostname.
aud value for the ID token. Onlyvalid with
IdToken type. If not set, the aud is automaticallyderived from the backend hostname.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.gcp.secretRef
Credential source, defaulting to a Kubernetes
the default Secret resolver, this must be stored in the
key. When omitted, ambient credentials are used.
Secret, containing ADC-compatible Google credential JSON. When usingthe default Secret resolver, this must be stored in the
credentials.jsonkey. When omitted, ambient credentials are used.
Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.gcp.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.gcp.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.gcp.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.gcp.type
The type of token to generate. To authenticate to GCP services,
generally an
generally an
AccessToken is used. To authenticate to Cloud Run, anIdToken is used.Validation
EnumAccessToken, IdToken
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.key
Inline key to use as the value of the
Authorization header. This option is the least secure; usage of aSecret is preferred.Validation
Max length2048
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.location
Where backend credentials are inserted.
If omitted, credentials are written to the
This applies to
If omitted, credentials are written to the
Authorization header with the Bearer prefix.This applies to
key, secretRef, and passthrough.Validation
Rule
exactly one of the fields in [header queryParameter cookie] must be set
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.location.cookie
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.location.cookie.name
No description for this field.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.location.header
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.location.header.name
HTTPHeaderName is the name of an HTTP header.
Valid values include:
* "Authorization"
* "Set-Cookie"
* "Set-Cookie"
Invalid values include:
- ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.location.header.prefix
No description for this field.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.location.queryParameter
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.location.queryParameter.name
No description for this field.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.passthrough
Passes through an existing token that has been sent by the
client and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
client and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.secretRef
Credential source, defaulting to a Kubernetes
the default Secret resolver, this must be stored in the
key.
Secret, storing the key to use as the authorization value. When usingthe default Secret resolver, this must be stored in the
Authorizationkey.
Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.auth.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.http
Settings for managing HTTP requests to the backend.
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.http.requestTimeout
Deadline for receiving a response from the backend.
Validation
Rule
invalid duration value
Rule
requestTimeout must be at least 1ms
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.http.version
HTTP protocol version to use when connecting to
the backend.
If not specified, the version is automatically determined:
*
port.
* If traffic is identified as gRPC,
* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS,
because most clients will transparently upgrade HTTPS traffic to
the backend.
If not specified, the version is automatically determined:
*
Service types can specify it with appProtocol on the Serviceport.
* If traffic is identified as gRPC,
HTTP2 is used.* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS,
HTTP1 will be used. This isbecause most clients will transparently upgrade HTTPS traffic to
HTTP2, even if the backend doesn't support it.Validation
EnumHTTP1, HTTP2
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.tcp
Settings for managing TCP connections to the backend.
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.tcp.connectTimeout
Deadline for establishing a connection to
the destination.
the destination.
Validation
Rule
invalid duration value
Rule
connectTimeout must be at least 100ms
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.tcp.keepalive
Settings for enabling TCP keepalives on the
connection.
connection.
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.tcp.keepalive.interval
Time between keepalive probes.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
interval must be at least 1 second
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.tcp.keepalive.retries
Maximum number of keepalive probes to send before dropping the connection.
If unset, this defaults to 9.
If unset, this defaults to 9.
Validation
Formatint32
Minimum1
Maximum64
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.tcp.keepalive.time
Time a connection needs to be idle before keepalive probes start being sent.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
time must be at least 1 second
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.tls
Settings for managing TLS connections to the backend.
If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to
validate the server, and the SNI will automatically be set based on the destination.
validate the server, and the SNI will automatically be set based on the destination.
Validation
Rule
insecureSkipVerify All and caCertificateRefs may not be set together
Rule
insecureSkipVerify and verifySubjectAltNames may not be set together
Rule
at most one of the fields in [verifySubjectAltNames insecureSkipVerify] may be set
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.tls.alpnProtocols
Application-Layer Protocol Negotiation (
value to use in the TLS handshake.
ALPN)value to use in the TLS handshake.
If not present, defaults to
["h2", "http/1.1"].Validation
Min items1
Max items16
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.tls.caCertificateRefs
CA certificate
verify the server certificate.
If unset, the system's trusted certificates are used.
ConfigMap to use toverify the server certificate.
If unset, the system's trusted certificates are used.
Validation
Max items1
List typeatomic
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.tls.caCertificateRefs.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.tls.insecureSkipVerify
Originates TLS but skips verification of the backend's certificate.
WARNING: This is an insecure option that should only be used if the risks are understood.
WARNING: This is an insecure option that should only be used if the risks are understood.
There are two modes:
*
*
mismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
if possible.
*
All disables all TLS verification.*
Hostname verifies the CA certificate is trusted, but ignores anymismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
verifySubjectAltNames to customize the valid hostnamesif possible.
Validation
EnumAll, Hostname
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.tls.keyExchangeGroups
Ordered list of key exchange groups for a TLS connection.
For example:
For example:
X25519_MLKEM768,X25519.spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.tls.mtlsCertificateRef
Enables mutual TLS to the backend, using the
specified key (
credential source, defaulting to a Kubernetes
specified key (
tls.key) and cert (tls.crt) from the referencedcredential source, defaulting to a Kubernetes
Secret.An optional
server certificate. If
ca.cert field, if present, will be used to verify theserver certificate. If
caCertificateRefs is also specified, thecaCertificateRefs field takes priority.If unspecified, no client certificate will be used.
Validation
Max items1
List typeatomic
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.tls.mtlsCertificateRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.tls.mtlsCertificateRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.tls.mtlsCertificateRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.tls.sni
Server Name Indicator (
handshake. If unset, the
destination hostname.
SNI) to use in the TLShandshake. If unset, the
SNI is automatically set based on thedestination hostname.
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Min length1
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.tls.verifySubjectAltNames
Subject Alternative Names (
to verify in the server certificate.
If not present, the destination hostname is automatically used.
SAN)to verify in the server certificate.
If not present, the destination hostname is automatically used.
Validation
Min items1
Max items16
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.tunnel
Settings for managing tunnel connections, with behavior like
HTTPS_PROXY, to the backend.spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.tunnel.backendRef
Proxy server to reach.
Supported types:
Supported types:
Service and Backend.Validation
Rule
Must have port for Service reference
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.tunnel.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.tunnel.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.tunnel.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.tunnel.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.policies.tunnel.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.projectId
Google Cloud project ID.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.request.googleModelArmor.templateId
Template ID for Google Model Armor.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration
Passes prompt data through the OpenAI Moderations
endpoint.
See https://developers.openai.com/api/reference/resources/moderations for more information.
endpoint.
See https://developers.openai.com/api/reference/resources/moderations for more information.
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.model
Moderation model to use. For example,
omni-moderation.spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies
Policies for communicating with OpenAI.
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth
Settings for managing authentication to the backend.
Validation
Rule
location may only be set for key or passthrough auth
Rule
exactly one of the fields in [key secretRef passthrough aws azure gcp] must be set
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.aws
Explicit AWS authentication method for the backend.
When omitted, default AWS SDK credential discovery is used.
When omitted, default AWS SDK credential discovery is used.
Validation
Rule
secretRef and assumeRole are mutually exclusive
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.aws.assumeRole
AWS STS AssumeRole settings to use before signing backend requests.
Ambient AWS credentials are used as the source credentials for STS.
Ambient AWS credentials are used as the source credentials for STS.
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.aws.assumeRole.roleArn
AWS IAM role ARN to assume.
Validation
Pattern^arn:aws[a-z-]*:iam::[0-9]{12}:role/.+$
Min length1
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.aws.secretRef
Credential source, defaulting to a Kubernetes
resolver, the
optionally
Secret, containing the AWS credentials. When using the default Secretresolver, the
Secret must have keys accessKey, secretKey, andoptionally
sessionToken.Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.aws.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.aws.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.aws.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.aws.serviceName
AWS SigV4 signing service name, for example
backends may provide this automatically.
bedrock, bedrock-agentcore, or execute-api). If unset, typed AWSbackends may provide this automatically.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.azure
Azure authentication method for the backend.
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.azure.managedIdentity
Managed identity authentication settings.
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.azure.managedIdentity.clientId
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.azure.managedIdentity.objectId
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.azure.managedIdentity.resourceId
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.azure.secretRef
Credential source, defaulting to a Kubernetes
resolver, the
Secret, containing the Azure credentials. When using the default Secretresolver, the
Secret must have keys clientID, tenantID, andclientSecret.Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.azure.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.azure.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.azure.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.gcp
Google authentication method for the backend.
When omitted, default Google credential discovery is used.
When omitted, default Google credential discovery is used.
Validation
Rule
audience is only valid with IdToken
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.gcp.audience
Explicit
valid with
derived from the backend hostname.
aud value for the ID token. Onlyvalid with
IdToken type. If not set, the aud is automaticallyderived from the backend hostname.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.gcp.secretRef
Credential source, defaulting to a Kubernetes
the default Secret resolver, this must be stored in the
key. When omitted, ambient credentials are used.
Secret, containing ADC-compatible Google credential JSON. When usingthe default Secret resolver, this must be stored in the
credentials.jsonkey. When omitted, ambient credentials are used.
Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.gcp.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.gcp.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.gcp.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.gcp.type
The type of token to generate. To authenticate to GCP services,
generally an
generally an
AccessToken is used. To authenticate to Cloud Run, anIdToken is used.Validation
EnumAccessToken, IdToken
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.key
Inline key to use as the value of the
Authorization header. This option is the least secure; usage of aSecret is preferred.Validation
Max length2048
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.location
Where backend credentials are inserted.
If omitted, credentials are written to the
This applies to
If omitted, credentials are written to the
Authorization header with the Bearer prefix.This applies to
key, secretRef, and passthrough.Validation
Rule
exactly one of the fields in [header queryParameter cookie] must be set
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.location.cookie
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.location.cookie.name
No description for this field.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.location.header
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.location.header.name
HTTPHeaderName is the name of an HTTP header.
Valid values include:
* "Authorization"
* "Set-Cookie"
* "Set-Cookie"
Invalid values include:
- ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.location.header.prefix
No description for this field.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.location.queryParameter
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.location.queryParameter.name
No description for this field.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.passthrough
Passes through an existing token that has been sent by the
client and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
client and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.secretRef
Credential source, defaulting to a Kubernetes
the default Secret resolver, this must be stored in the
key.
Secret, storing the key to use as the authorization value. When usingthe default Secret resolver, this must be stored in the
Authorizationkey.
Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.auth.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.http
Settings for managing HTTP requests to the backend.
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.http.requestTimeout
Deadline for receiving a response from the backend.
Validation
Rule
invalid duration value
Rule
requestTimeout must be at least 1ms
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.http.version
HTTP protocol version to use when connecting to
the backend.
If not specified, the version is automatically determined:
*
port.
* If traffic is identified as gRPC,
* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS,
because most clients will transparently upgrade HTTPS traffic to
the backend.
If not specified, the version is automatically determined:
*
Service types can specify it with appProtocol on the Serviceport.
* If traffic is identified as gRPC,
HTTP2 is used.* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS,
HTTP1 will be used. This isbecause most clients will transparently upgrade HTTPS traffic to
HTTP2, even if the backend doesn't support it.Validation
EnumHTTP1, HTTP2
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.tcp
Settings for managing TCP connections to the backend.
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.tcp.connectTimeout
Deadline for establishing a connection to
the destination.
the destination.
Validation
Rule
invalid duration value
Rule
connectTimeout must be at least 100ms
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.tcp.keepalive
Settings for enabling TCP keepalives on the
connection.
connection.
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.tcp.keepalive.interval
Time between keepalive probes.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
interval must be at least 1 second
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.tcp.keepalive.retries
Maximum number of keepalive probes to send before dropping the connection.
If unset, this defaults to 9.
If unset, this defaults to 9.
Validation
Formatint32
Minimum1
Maximum64
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.tcp.keepalive.time
Time a connection needs to be idle before keepalive probes start being sent.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
time must be at least 1 second
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.tls
Settings for managing TLS connections to the backend.
If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to
validate the server, and the SNI will automatically be set based on the destination.
validate the server, and the SNI will automatically be set based on the destination.
Validation
Rule
insecureSkipVerify All and caCertificateRefs may not be set together
Rule
insecureSkipVerify and verifySubjectAltNames may not be set together
Rule
at most one of the fields in [verifySubjectAltNames insecureSkipVerify] may be set
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.tls.alpnProtocols
Application-Layer Protocol Negotiation (
value to use in the TLS handshake.
ALPN)value to use in the TLS handshake.
If not present, defaults to
["h2", "http/1.1"].Validation
Min items1
Max items16
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.tls.caCertificateRefs
CA certificate
verify the server certificate.
If unset, the system's trusted certificates are used.
ConfigMap to use toverify the server certificate.
If unset, the system's trusted certificates are used.
Validation
Max items1
List typeatomic
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.tls.caCertificateRefs.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.tls.insecureSkipVerify
Originates TLS but skips verification of the backend's certificate.
WARNING: This is an insecure option that should only be used if the risks are understood.
WARNING: This is an insecure option that should only be used if the risks are understood.
There are two modes:
*
*
mismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
if possible.
*
All disables all TLS verification.*
Hostname verifies the CA certificate is trusted, but ignores anymismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
verifySubjectAltNames to customize the valid hostnamesif possible.
Validation
EnumAll, Hostname
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.tls.keyExchangeGroups
Ordered list of key exchange groups for a TLS connection.
For example:
For example:
X25519_MLKEM768,X25519.spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.tls.mtlsCertificateRef
Enables mutual TLS to the backend, using the
specified key (
credential source, defaulting to a Kubernetes
specified key (
tls.key) and cert (tls.crt) from the referencedcredential source, defaulting to a Kubernetes
Secret.An optional
server certificate. If
ca.cert field, if present, will be used to verify theserver certificate. If
caCertificateRefs is also specified, thecaCertificateRefs field takes priority.If unspecified, no client certificate will be used.
Validation
Max items1
List typeatomic
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.tls.mtlsCertificateRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.tls.mtlsCertificateRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.tls.mtlsCertificateRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.tls.sni
Server Name Indicator (
handshake. If unset, the
destination hostname.
SNI) to use in the TLShandshake. If unset, the
SNI is automatically set based on thedestination hostname.
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Min length1
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.tls.verifySubjectAltNames
Subject Alternative Names (
to verify in the server certificate.
If not present, the destination hostname is automatically used.
SAN)to verify in the server certificate.
If not present, the destination hostname is automatically used.
Validation
Min items1
Max items16
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.tunnel
Settings for managing tunnel connections, with behavior like
HTTPS_PROXY, to the backend.spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.tunnel.backendRef
Proxy server to reach.
Supported types:
Supported types:
Service and Backend.Validation
Rule
Must have port for Service reference
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.tunnel.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.tunnel.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.tunnel.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.tunnel.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.ai.groups.providers.policies.ai.promptGuard.request.openAIModeration.policies.tunnel.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
spec.ai.groups.providers.policies.ai.promptGuard.request.regex
Regular expression (regex) matching for prompt guards and data masking.
spec.ai.groups.providers.policies.ai.promptGuard.request.regex.action
The action to take if a regex pattern is matched in a request or response.
This setting applies only to request matches.
matches are always masked by default.
Defaults to
This setting applies only to request matches.
PromptguardResponsematches are always masked by default.
Defaults to
Mask.Validation
EnumMask, Reject
DefaultMask
spec.ai.groups.providers.policies.ai.promptGuard.request.regex.builtins
Built-in regex patterns to match against the request or response.
Matches and built-ins are additive.
Matches and built-ins are additive.
spec.ai.groups.providers.policies.ai.promptGuard.request.regex.matches
Regex patterns to match against the request or response.
Matches and built-ins are additive.
Matches and built-ins are additive.
spec.ai.groups.providers.policies.ai.promptGuard.request.response
Custom response message to return to the client. If not specified, defaults to
The request was rejected due to inappropriate content.Validation
Rule
at least one of the fields in [message statusCode] must be set
spec.ai.groups.providers.policies.ai.promptGuard.request.response.message
Custom response message to return to the client. If not specified, defaults to
The request was rejected due to inappropriate content.Validation
DefaultThe request was rejected due to inappropriate content
spec.ai.groups.providers.policies.ai.promptGuard.request.response.statusCode
Status code to return to the client. Defaults to 403.
Validation
Default403
Formatint32
Minimum200
Maximum599
spec.ai.groups.providers.policies.ai.promptGuard.request.webhook
Webhook that receives requests for prompt guarding.
spec.ai.groups.providers.policies.ai.promptGuard.request.webhook.backendRef
Webhook server to reach.
Supported types: Service and Backend.
Validation
Rule
Must have port for Service reference
spec.ai.groups.providers.policies.ai.promptGuard.request.webhook.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.request.webhook.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.ai.groups.providers.policies.ai.promptGuard.request.webhook.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.request.webhook.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.ai.groups.providers.policies.ai.promptGuard.request.webhook.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
spec.ai.groups.providers.policies.ai.promptGuard.request.webhook.failureMode
Behavior when the webhook guardrail is unavailable
or returns an error.
or returns an error.
FailOpen allows the request to continue.FailClosed (default) rejects the request.Validation
EnumFailClosed, FailOpen
spec.ai.groups.providers.policies.ai.promptGuard.request.webhook.forwardHeaderMatches
HTTP header matches used to select the headers to forward to the webhook.
Request headers are used when forwarding requests and response headers
are used when forwarding responses.
By default, no headers are forwarded.
Request headers are used when forwarding requests and response headers
are used when forwarding responses.
By default, no headers are forwarded.
spec.ai.groups.providers.policies.ai.promptGuard.request.webhook.forwardHeaderMatches.name
Name is the name of the HTTP Header to be matched. Name matching MUST be
case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
If multiple entries specify equivalent header names, only the first
entry with an equivalent name MUST be considered for a match. Subsequent
entries with an equivalent header name MUST be ignored. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered
equivalent.
entry with an equivalent name MUST be considered for a match. Subsequent
entries with an equivalent header name MUST be ignored. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered
equivalent.
When a header is repeated in an HTTP request, it is
implementation-specific behavior as to how this is represented.
Generally, proxies should follow the guidance from the RFC:
https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding
processing a repeated header, with special handling for "Set-Cookie".
implementation-specific behavior as to how this is represented.
Generally, proxies should follow the guidance from the RFC:
https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding
processing a repeated header, with special handling for "Set-Cookie".
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.request.webhook.forwardHeaderMatches.type
Type specifies how to match against the value of the header.
Support: Core (Exact)
Support: Implementation-specific (RegularExpression)
Since RegularExpression HeaderMatchType has implementation-specific
conformance, implementations can support POSIX, PCRE or any other dialects
of regular expressions. Please read the implementation's documentation to
determine the supported dialect.
conformance, implementations can support POSIX, PCRE or any other dialects
of regular expressions. Please read the implementation's documentation to
determine the supported dialect.
Validation
EnumExact, RegularExpression
DefaultExact
spec.ai.groups.providers.policies.ai.promptGuard.request.webhook.forwardHeaderMatches.value
Value is the value of HTTP Header to be matched.
<gateway:experimental:description>
Must consist of printable US-ASCII characters, optionally separated
by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2
</gateway:experimental:description>
<gateway:experimental:description>
Must consist of printable US-ASCII characters, optionally separated
by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2
</gateway:experimental:description>
<gateway:experimental:validation:Pattern=
^[!-~]+([\t ]?[!-~]+)*$>Validation
Min length1
Max length4096
spec.ai.groups.providers.policies.ai.promptGuard.response
Prompt guards to apply to responses returned by the LLM provider.
Validation
Min items1
Max items8
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails
AWS Bedrock Guardrails settings for prompt
guarding.
guarding.
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.identifier
Identifier of the Guardrail policy to use for the backend.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies
Policies for communicating with AWS Bedrock Guardrails.
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth
Settings for managing authentication to the backend.
Validation
Rule
location may only be set for key or passthrough auth
Rule
exactly one of the fields in [key secretRef passthrough aws azure gcp] must be set
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.aws
Explicit AWS authentication method for the backend.
When omitted, default AWS SDK credential discovery is used.
When omitted, default AWS SDK credential discovery is used.
Validation
Rule
secretRef and assumeRole are mutually exclusive
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.aws.assumeRole
AWS STS AssumeRole settings to use before signing backend requests.
Ambient AWS credentials are used as the source credentials for STS.
Ambient AWS credentials are used as the source credentials for STS.
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.aws.assumeRole.roleArn
AWS IAM role ARN to assume.
Validation
Pattern^arn:aws[a-z-]*:iam::[0-9]{12}:role/.+$
Min length1
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.aws.secretRef
Credential source, defaulting to a Kubernetes
resolver, the
optionally
Secret, containing the AWS credentials. When using the default Secretresolver, the
Secret must have keys accessKey, secretKey, andoptionally
sessionToken.Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.aws.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.aws.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.aws.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.aws.serviceName
AWS SigV4 signing service name, for example
backends may provide this automatically.
bedrock, bedrock-agentcore, or execute-api). If unset, typed AWSbackends may provide this automatically.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.azure
Azure authentication method for the backend.
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.azure.managedIdentity
Managed identity authentication settings.
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.azure.managedIdentity.clientId
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.azure.managedIdentity.objectId
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.azure.managedIdentity.resourceId
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.azure.secretRef
Credential source, defaulting to a Kubernetes
resolver, the
Secret, containing the Azure credentials. When using the default Secretresolver, the
Secret must have keys clientID, tenantID, andclientSecret.Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.azure.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.azure.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.azure.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.gcp
Google authentication method for the backend.
When omitted, default Google credential discovery is used.
When omitted, default Google credential discovery is used.
Validation
Rule
audience is only valid with IdToken
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.gcp.audience
Explicit
valid with
derived from the backend hostname.
aud value for the ID token. Onlyvalid with
IdToken type. If not set, the aud is automaticallyderived from the backend hostname.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.gcp.secretRef
Credential source, defaulting to a Kubernetes
the default Secret resolver, this must be stored in the
key. When omitted, ambient credentials are used.
Secret, containing ADC-compatible Google credential JSON. When usingthe default Secret resolver, this must be stored in the
credentials.jsonkey. When omitted, ambient credentials are used.
Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.gcp.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.gcp.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.gcp.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.gcp.type
The type of token to generate. To authenticate to GCP services,
generally an
generally an
AccessToken is used. To authenticate to Cloud Run, anIdToken is used.Validation
EnumAccessToken, IdToken
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.key
Inline key to use as the value of the
Authorization header. This option is the least secure; usage of aSecret is preferred.Validation
Max length2048
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.location
Where backend credentials are inserted.
If omitted, credentials are written to the
This applies to
If omitted, credentials are written to the
Authorization header with the Bearer prefix.This applies to
key, secretRef, and passthrough.Validation
Rule
exactly one of the fields in [header queryParameter cookie] must be set
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.location.cookie
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.location.cookie.name
No description for this field.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.location.header
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.location.header.name
HTTPHeaderName is the name of an HTTP header.
Valid values include:
* "Authorization"
* "Set-Cookie"
* "Set-Cookie"
Invalid values include:
- ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.location.header.prefix
No description for this field.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.location.queryParameter
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.location.queryParameter.name
No description for this field.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.passthrough
Passes through an existing token that has been sent by the
client and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
client and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.secretRef
Credential source, defaulting to a Kubernetes
the default Secret resolver, this must be stored in the
key.
Secret, storing the key to use as the authorization value. When usingthe default Secret resolver, this must be stored in the
Authorizationkey.
Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.http
Settings for managing HTTP requests to the backend.
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.http.requestTimeout
Deadline for receiving a response from the backend.
Validation
Rule
invalid duration value
Rule
requestTimeout must be at least 1ms
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.http.version
HTTP protocol version to use when connecting to
the backend.
If not specified, the version is automatically determined:
*
port.
* If traffic is identified as gRPC,
* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS,
because most clients will transparently upgrade HTTPS traffic to
the backend.
If not specified, the version is automatically determined:
*
Service types can specify it with appProtocol on the Serviceport.
* If traffic is identified as gRPC,
HTTP2 is used.* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS,
HTTP1 will be used. This isbecause most clients will transparently upgrade HTTPS traffic to
HTTP2, even if the backend doesn't support it.Validation
EnumHTTP1, HTTP2
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.tcp
Settings for managing TCP connections to the backend.
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.tcp.connectTimeout
Deadline for establishing a connection to
the destination.
the destination.
Validation
Rule
invalid duration value
Rule
connectTimeout must be at least 100ms
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.tcp.keepalive
Settings for enabling TCP keepalives on the
connection.
connection.
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.tcp.keepalive.interval
Time between keepalive probes.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
interval must be at least 1 second
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.tcp.keepalive.retries
Maximum number of keepalive probes to send before dropping the connection.
If unset, this defaults to 9.
If unset, this defaults to 9.
Validation
Formatint32
Minimum1
Maximum64
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.tcp.keepalive.time
Time a connection needs to be idle before keepalive probes start being sent.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
time must be at least 1 second
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.tls
Settings for managing TLS connections to the backend.
If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to
validate the server, and the SNI will automatically be set based on the destination.
validate the server, and the SNI will automatically be set based on the destination.
Validation
Rule
insecureSkipVerify All and caCertificateRefs may not be set together
Rule
insecureSkipVerify and verifySubjectAltNames may not be set together
Rule
at most one of the fields in [verifySubjectAltNames insecureSkipVerify] may be set
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.tls.alpnProtocols
Application-Layer Protocol Negotiation (
value to use in the TLS handshake.
ALPN)value to use in the TLS handshake.
If not present, defaults to
["h2", "http/1.1"].Validation
Min items1
Max items16
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.tls.caCertificateRefs
CA certificate
verify the server certificate.
If unset, the system's trusted certificates are used.
ConfigMap to use toverify the server certificate.
If unset, the system's trusted certificates are used.
Validation
Max items1
List typeatomic
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.tls.caCertificateRefs.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.tls.insecureSkipVerify
Originates TLS but skips verification of the backend's certificate.
WARNING: This is an insecure option that should only be used if the risks are understood.
WARNING: This is an insecure option that should only be used if the risks are understood.
There are two modes:
*
*
mismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
if possible.
*
All disables all TLS verification.*
Hostname verifies the CA certificate is trusted, but ignores anymismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
verifySubjectAltNames to customize the valid hostnamesif possible.
Validation
EnumAll, Hostname
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.tls.keyExchangeGroups
Ordered list of key exchange groups for a TLS connection.
For example:
For example:
X25519_MLKEM768,X25519.spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.tls.mtlsCertificateRef
Enables mutual TLS to the backend, using the
specified key (
credential source, defaulting to a Kubernetes
specified key (
tls.key) and cert (tls.crt) from the referencedcredential source, defaulting to a Kubernetes
Secret.An optional
server certificate. If
ca.cert field, if present, will be used to verify theserver certificate. If
caCertificateRefs is also specified, thecaCertificateRefs field takes priority.If unspecified, no client certificate will be used.
Validation
Max items1
List typeatomic
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.tls.mtlsCertificateRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.tls.mtlsCertificateRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.tls.mtlsCertificateRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.tls.sni
Server Name Indicator (
handshake. If unset, the
destination hostname.
SNI) to use in the TLShandshake. If unset, the
SNI is automatically set based on thedestination hostname.
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Min length1
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.tls.verifySubjectAltNames
Subject Alternative Names (
to verify in the server certificate.
If not present, the destination hostname is automatically used.
SAN)to verify in the server certificate.
If not present, the destination hostname is automatically used.
Validation
Min items1
Max items16
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.tunnel
Settings for managing tunnel connections, with behavior like
HTTPS_PROXY, to the backend.spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.tunnel.backendRef
Proxy server to reach.
Supported types:
Supported types:
Service and Backend.Validation
Rule
Must have port for Service reference
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.tunnel.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.tunnel.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.tunnel.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.tunnel.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.policies.tunnel.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.region
AWS region where the guardrail is deployed, for example
us-west-2).Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.response.bedrockGuardrails.version
Version of the Guardrail policy to use for the backend.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor
Google Model Armor settings for prompt guarding.
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.location
Google Cloud location, for example
Defaults to
us-central1.Defaults to
us-central1 if not specified.Validation
Defaultus-central1
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies
Policies for communicating with Google Model Armor.
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth
Settings for managing authentication to the backend.
Validation
Rule
location may only be set for key or passthrough auth
Rule
exactly one of the fields in [key secretRef passthrough aws azure gcp] must be set
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.aws
Explicit AWS authentication method for the backend.
When omitted, default AWS SDK credential discovery is used.
When omitted, default AWS SDK credential discovery is used.
Validation
Rule
secretRef and assumeRole are mutually exclusive
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.aws.assumeRole
AWS STS AssumeRole settings to use before signing backend requests.
Ambient AWS credentials are used as the source credentials for STS.
Ambient AWS credentials are used as the source credentials for STS.
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.aws.assumeRole.roleArn
AWS IAM role ARN to assume.
Validation
Pattern^arn:aws[a-z-]*:iam::[0-9]{12}:role/.+$
Min length1
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.aws.secretRef
Credential source, defaulting to a Kubernetes
resolver, the
optionally
Secret, containing the AWS credentials. When using the default Secretresolver, the
Secret must have keys accessKey, secretKey, andoptionally
sessionToken.Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.aws.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.aws.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.aws.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.aws.serviceName
AWS SigV4 signing service name, for example
backends may provide this automatically.
bedrock, bedrock-agentcore, or execute-api). If unset, typed AWSbackends may provide this automatically.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.azure
Azure authentication method for the backend.
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.azure.managedIdentity
Managed identity authentication settings.
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.azure.managedIdentity.clientId
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.azure.managedIdentity.objectId
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.azure.managedIdentity.resourceId
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.azure.secretRef
Credential source, defaulting to a Kubernetes
resolver, the
Secret, containing the Azure credentials. When using the default Secretresolver, the
Secret must have keys clientID, tenantID, andclientSecret.Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.azure.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.azure.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.azure.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.gcp
Google authentication method for the backend.
When omitted, default Google credential discovery is used.
When omitted, default Google credential discovery is used.
Validation
Rule
audience is only valid with IdToken
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.gcp.audience
Explicit
valid with
derived from the backend hostname.
aud value for the ID token. Onlyvalid with
IdToken type. If not set, the aud is automaticallyderived from the backend hostname.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.gcp.secretRef
Credential source, defaulting to a Kubernetes
the default Secret resolver, this must be stored in the
key. When omitted, ambient credentials are used.
Secret, containing ADC-compatible Google credential JSON. When usingthe default Secret resolver, this must be stored in the
credentials.jsonkey. When omitted, ambient credentials are used.
Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.gcp.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.gcp.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.gcp.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.gcp.type
The type of token to generate. To authenticate to GCP services,
generally an
generally an
AccessToken is used. To authenticate to Cloud Run, anIdToken is used.Validation
EnumAccessToken, IdToken
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.key
Inline key to use as the value of the
Authorization header. This option is the least secure; usage of aSecret is preferred.Validation
Max length2048
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.location
Where backend credentials are inserted.
If omitted, credentials are written to the
This applies to
If omitted, credentials are written to the
Authorization header with the Bearer prefix.This applies to
key, secretRef, and passthrough.Validation
Rule
exactly one of the fields in [header queryParameter cookie] must be set
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.location.cookie
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.location.cookie.name
No description for this field.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.location.header
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.location.header.name
HTTPHeaderName is the name of an HTTP header.
Valid values include:
* "Authorization"
* "Set-Cookie"
* "Set-Cookie"
Invalid values include:
- ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.location.header.prefix
No description for this field.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.location.queryParameter
No description for this field.
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.location.queryParameter.name
No description for this field.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.passthrough
Passes through an existing token that has been sent by the
client and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
client and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.secretRef
Credential source, defaulting to a Kubernetes
the default Secret resolver, this must be stored in the
key.
Secret, storing the key to use as the authorization value. When usingthe default Secret resolver, this must be stored in the
Authorizationkey.
Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.auth.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.http
Settings for managing HTTP requests to the backend.
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.http.requestTimeout
Deadline for receiving a response from the backend.
Validation
Rule
invalid duration value
Rule
requestTimeout must be at least 1ms
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.http.version
HTTP protocol version to use when connecting to
the backend.
If not specified, the version is automatically determined:
*
port.
* If traffic is identified as gRPC,
* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS,
because most clients will transparently upgrade HTTPS traffic to
the backend.
If not specified, the version is automatically determined:
*
Service types can specify it with appProtocol on the Serviceport.
* If traffic is identified as gRPC,
HTTP2 is used.* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS,
HTTP1 will be used. This isbecause most clients will transparently upgrade HTTPS traffic to
HTTP2, even if the backend doesn't support it.Validation
EnumHTTP1, HTTP2
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.tcp
Settings for managing TCP connections to the backend.
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.tcp.connectTimeout
Deadline for establishing a connection to
the destination.
the destination.
Validation
Rule
invalid duration value
Rule
connectTimeout must be at least 100ms
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.tcp.keepalive
Settings for enabling TCP keepalives on the
connection.
connection.
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.tcp.keepalive.interval
Time between keepalive probes.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
interval must be at least 1 second
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.tcp.keepalive.retries
Maximum number of keepalive probes to send before dropping the connection.
If unset, this defaults to 9.
If unset, this defaults to 9.
Validation
Formatint32
Minimum1
Maximum64
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.tcp.keepalive.time
Time a connection needs to be idle before keepalive probes start being sent.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
time must be at least 1 second
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.tls
Settings for managing TLS connections to the backend.
If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to
validate the server, and the SNI will automatically be set based on the destination.
validate the server, and the SNI will automatically be set based on the destination.
Validation
Rule
insecureSkipVerify All and caCertificateRefs may not be set together
Rule
insecureSkipVerify and verifySubjectAltNames may not be set together
Rule
at most one of the fields in [verifySubjectAltNames insecureSkipVerify] may be set
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.tls.alpnProtocols
Application-Layer Protocol Negotiation (
value to use in the TLS handshake.
ALPN)value to use in the TLS handshake.
If not present, defaults to
["h2", "http/1.1"].Validation
Min items1
Max items16
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.tls.caCertificateRefs
CA certificate
verify the server certificate.
If unset, the system's trusted certificates are used.
ConfigMap to use toverify the server certificate.
If unset, the system's trusted certificates are used.
Validation
Max items1
List typeatomic
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.tls.caCertificateRefs.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.tls.insecureSkipVerify
Originates TLS but skips verification of the backend's certificate.
WARNING: This is an insecure option that should only be used if the risks are understood.
WARNING: This is an insecure option that should only be used if the risks are understood.
There are two modes:
*
*
mismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
if possible.
*
All disables all TLS verification.*
Hostname verifies the CA certificate is trusted, but ignores anymismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
verifySubjectAltNames to customize the valid hostnamesif possible.
Validation
EnumAll, Hostname
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.tls.keyExchangeGroups
Ordered list of key exchange groups for a TLS connection.
For example:
For example:
X25519_MLKEM768,X25519.spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.tls.mtlsCertificateRef
Enables mutual TLS to the backend, using the
specified key (
credential source, defaulting to a Kubernetes
specified key (
tls.key) and cert (tls.crt) from the referencedcredential source, defaulting to a Kubernetes
Secret.An optional
server certificate. If
ca.cert field, if present, will be used to verify theserver certificate. If
caCertificateRefs is also specified, thecaCertificateRefs field takes priority.If unspecified, no client certificate will be used.
Validation
Max items1
List typeatomic
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.tls.mtlsCertificateRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.tls.mtlsCertificateRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.tls.mtlsCertificateRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.tls.sni
Server Name Indicator (
handshake. If unset, the
destination hostname.
SNI) to use in the TLShandshake. If unset, the
SNI is automatically set based on thedestination hostname.
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Min length1
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.tls.verifySubjectAltNames
Subject Alternative Names (
to verify in the server certificate.
If not present, the destination hostname is automatically used.
SAN)to verify in the server certificate.
If not present, the destination hostname is automatically used.
Validation
Min items1
Max items16
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.tunnel
Settings for managing tunnel connections, with behavior like
HTTPS_PROXY, to the backend.spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.tunnel.backendRef
Proxy server to reach.
Supported types:
Supported types:
Service and Backend.Validation
Rule
Must have port for Service reference
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.tunnel.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.tunnel.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.tunnel.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.tunnel.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.policies.tunnel.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.projectId
Google Cloud project ID.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.response.googleModelArmor.templateId
Template ID for Google Model Armor.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.response.regex
Regular expression (regex) matching for prompt guards and data masking.
spec.ai.groups.providers.policies.ai.promptGuard.response.regex.action
The action to take if a regex pattern is matched in a request or response.
This setting applies only to request matches.
matches are always masked by default.
Defaults to
This setting applies only to request matches.
PromptguardResponsematches are always masked by default.
Defaults to
Mask.Validation
EnumMask, Reject
DefaultMask
spec.ai.groups.providers.policies.ai.promptGuard.response.regex.builtins
Built-in regex patterns to match against the request or response.
Matches and built-ins are additive.
Matches and built-ins are additive.
spec.ai.groups.providers.policies.ai.promptGuard.response.regex.matches
Regex patterns to match against the request or response.
Matches and built-ins are additive.
Matches and built-ins are additive.
spec.ai.groups.providers.policies.ai.promptGuard.response.response
Custom response message to return to the client. If not specified, defaults to
The response was rejected due to inappropriate content.Validation
Rule
at least one of the fields in [message statusCode] must be set
spec.ai.groups.providers.policies.ai.promptGuard.response.response.message
Custom response message to return to the client. If not specified, defaults to
The request was rejected due to inappropriate content.Validation
DefaultThe request was rejected due to inappropriate content
spec.ai.groups.providers.policies.ai.promptGuard.response.response.statusCode
Status code to return to the client. Defaults to 403.
Validation
Default403
Formatint32
Minimum200
Maximum599
spec.ai.groups.providers.policies.ai.promptGuard.response.webhook
Webhook that receives responses for prompt guarding.
spec.ai.groups.providers.policies.ai.promptGuard.response.webhook.backendRef
Webhook server to reach.
Supported types: Service and Backend.
Validation
Rule
Must have port for Service reference
spec.ai.groups.providers.policies.ai.promptGuard.response.webhook.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.response.webhook.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.ai.groups.providers.policies.ai.promptGuard.response.webhook.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
spec.ai.groups.providers.policies.ai.promptGuard.response.webhook.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.ai.groups.providers.policies.ai.promptGuard.response.webhook.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
spec.ai.groups.providers.policies.ai.promptGuard.response.webhook.failureMode
Behavior when the webhook guardrail is unavailable
or returns an error.
or returns an error.
FailOpen allows the request to continue.FailClosed (default) rejects the request.Validation
EnumFailClosed, FailOpen
spec.ai.groups.providers.policies.ai.promptGuard.response.webhook.forwardHeaderMatches
HTTP header matches used to select the headers to forward to the webhook.
Request headers are used when forwarding requests and response headers
are used when forwarding responses.
By default, no headers are forwarded.
Request headers are used when forwarding requests and response headers
are used when forwarding responses.
By default, no headers are forwarded.
spec.ai.groups.providers.policies.ai.promptGuard.response.webhook.forwardHeaderMatches.name
Name is the name of the HTTP Header to be matched. Name matching MUST be
case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
If multiple entries specify equivalent header names, only the first
entry with an equivalent name MUST be considered for a match. Subsequent
entries with an equivalent header name MUST be ignored. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered
equivalent.
entry with an equivalent name MUST be considered for a match. Subsequent
entries with an equivalent header name MUST be ignored. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered
equivalent.
When a header is repeated in an HTTP request, it is
implementation-specific behavior as to how this is represented.
Generally, proxies should follow the guidance from the RFC:
https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding
processing a repeated header, with special handling for "Set-Cookie".
implementation-specific behavior as to how this is represented.
Generally, proxies should follow the guidance from the RFC:
https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding
processing a repeated header, with special handling for "Set-Cookie".
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.ai.groups.providers.policies.ai.promptGuard.response.webhook.forwardHeaderMatches.type
Type specifies how to match against the value of the header.
Support: Core (Exact)
Support: Implementation-specific (RegularExpression)
Since RegularExpression HeaderMatchType has implementation-specific
conformance, implementations can support POSIX, PCRE or any other dialects
of regular expressions. Please read the implementation's documentation to
determine the supported dialect.
conformance, implementations can support POSIX, PCRE or any other dialects
of regular expressions. Please read the implementation's documentation to
determine the supported dialect.
Validation
EnumExact, RegularExpression
DefaultExact
spec.ai.groups.providers.policies.ai.promptGuard.response.webhook.forwardHeaderMatches.value
Value is the value of HTTP Header to be matched.
<gateway:experimental:description>
Must consist of printable US-ASCII characters, optionally separated
by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2
</gateway:experimental:description>
<gateway:experimental:description>
Must consist of printable US-ASCII characters, optionally separated
by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2
</gateway:experimental:description>
<gateway:experimental:validation:Pattern=
^[!-~]+([\t ]?[!-~]+)*$>Validation
Min length1
Max length4096
spec.ai.groups.providers.policies.ai.routes
Rules for identifying the type of traffic to handle.
The keys are URL path suffixes matched using ends-with comparison, for
example
The special
If not specified, all traffic defaults to
The keys are URL path suffixes matched using ends-with comparison, for
example
"/v1/chat/completions".The special
* wildcard matches any path.If not specified, all traffic defaults to
completions type.spec.ai.groups.providers.policies.ai.transformations
CEL transformations to compute and set fields in the request body.
The expression result overwrites any existing value for that field.
This has a higher priority than
key.
The expression result overwrites any existing value for that field.
This has a higher priority than
overrides if both are set for the samekey.
Validation
Min items1
Max items64
spec.ai.groups.providers.policies.ai.transformations.expression
CEL expression used to compute the field value.
Validation
Min length1
Max length16384
spec.ai.groups.providers.policies.ai.transformations.field
Name of the field to set.
Validation
Max length256
spec.ai.groups.providers.policies.auth
Settings for managing authentication to the backend.
Validation
Rule
location may only be set for key or passthrough auth
Rule
exactly one of the fields in [key secretRef passthrough aws azure gcp] must be set
Documentation References (2)
spec.ai.groups.providers.policies.auth.aws
Explicit AWS authentication method for the backend.
When omitted, default AWS SDK credential discovery is used.
When omitted, default AWS SDK credential discovery is used.
Validation
Rule
secretRef and assumeRole are mutually exclusive
spec.ai.groups.providers.policies.auth.aws.assumeRole
AWS STS AssumeRole settings to use before signing backend requests.
Ambient AWS credentials are used as the source credentials for STS.
Ambient AWS credentials are used as the source credentials for STS.
spec.ai.groups.providers.policies.auth.aws.assumeRole.roleArn
AWS IAM role ARN to assume.
Validation
Pattern^arn:aws[a-z-]*:iam::[0-9]{12}:role/.+$
Min length1
spec.ai.groups.providers.policies.auth.aws.secretRef
Credential source, defaulting to a Kubernetes
resolver, the
optionally
Secret, containing the AWS credentials. When using the default Secretresolver, the
Secret must have keys accessKey, secretKey, andoptionally
sessionToken.Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.ai.groups.providers.policies.auth.aws.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.ai.groups.providers.policies.auth.aws.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.ai.groups.providers.policies.auth.aws.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.ai.groups.providers.policies.auth.aws.serviceName
AWS SigV4 signing service name, for example
backends may provide this automatically.
bedrock, bedrock-agentcore, or execute-api). If unset, typed AWSbackends may provide this automatically.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.auth.azure
Azure authentication method for the backend.
spec.ai.groups.providers.policies.auth.azure.managedIdentity
Managed identity authentication settings.
spec.ai.groups.providers.policies.auth.azure.managedIdentity.clientId
No description for this field.
spec.ai.groups.providers.policies.auth.azure.managedIdentity.objectId
No description for this field.
spec.ai.groups.providers.policies.auth.azure.managedIdentity.resourceId
No description for this field.
spec.ai.groups.providers.policies.auth.azure.secretRef
Credential source, defaulting to a Kubernetes
resolver, the
Secret, containing the Azure credentials. When using the default Secretresolver, the
Secret must have keys clientID, tenantID, andclientSecret.Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.ai.groups.providers.policies.auth.azure.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.ai.groups.providers.policies.auth.azure.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.ai.groups.providers.policies.auth.azure.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.ai.groups.providers.policies.auth.gcp
Google authentication method for the backend.
When omitted, default Google credential discovery is used.
When omitted, default Google credential discovery is used.
Validation
Rule
audience is only valid with IdToken
spec.ai.groups.providers.policies.auth.gcp.audience
Explicit
valid with
derived from the backend hostname.
aud value for the ID token. Onlyvalid with
IdToken type. If not set, the aud is automaticallyderived from the backend hostname.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.auth.gcp.secretRef
Credential source, defaulting to a Kubernetes
the default Secret resolver, this must be stored in the
key. When omitted, ambient credentials are used.
Secret, containing ADC-compatible Google credential JSON. When usingthe default Secret resolver, this must be stored in the
credentials.jsonkey. When omitted, ambient credentials are used.
Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.ai.groups.providers.policies.auth.gcp.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.ai.groups.providers.policies.auth.gcp.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.ai.groups.providers.policies.auth.gcp.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.ai.groups.providers.policies.auth.gcp.type
The type of token to generate. To authenticate to GCP services,
generally an
generally an
AccessToken is used. To authenticate to Cloud Run, anIdToken is used.Validation
EnumAccessToken, IdToken
spec.ai.groups.providers.policies.auth.key
Inline key to use as the value of the
Authorization header. This option is the least secure; usage of aSecret is preferred.Validation
Max length2048
spec.ai.groups.providers.policies.auth.location
Where backend credentials are inserted.
If omitted, credentials are written to the
This applies to
If omitted, credentials are written to the
Authorization header with the Bearer prefix.This applies to
key, secretRef, and passthrough.Validation
Rule
exactly one of the fields in [header queryParameter cookie] must be set
spec.ai.groups.providers.policies.auth.location.cookie
No description for this field.
spec.ai.groups.providers.policies.auth.location.cookie.name
No description for this field.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.auth.location.header
No description for this field.
spec.ai.groups.providers.policies.auth.location.header.name
HTTPHeaderName is the name of an HTTP header.
Valid values include:
* "Authorization"
* "Set-Cookie"
* "Set-Cookie"
Invalid values include:
- ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.ai.groups.providers.policies.auth.location.header.prefix
No description for this field.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.auth.location.queryParameter
No description for this field.
spec.ai.groups.providers.policies.auth.location.queryParameter.name
No description for this field.
Validation
Min length1
Max length256
spec.ai.groups.providers.policies.auth.passthrough
Passes through an existing token that has been sent by the
client and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
client and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
spec.ai.groups.providers.policies.auth.secretRef
Credential source, defaulting to a Kubernetes
the default Secret resolver, this must be stored in the
key.
Secret, storing the key to use as the authorization value. When usingthe default Secret resolver, this must be stored in the
Authorizationkey.
Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
Documentation References (2)
spec.ai.groups.providers.policies.auth.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.ai.groups.providers.policies.auth.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.ai.groups.providers.policies.auth.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
Documentation References (2)
spec.ai.groups.providers.policies.health
Settings for passive and active health checking.
spec.ai.groups.providers.policies.health.eviction
Settings for evicting unhealthy backends.
spec.ai.groups.providers.policies.health.eviction.consecutiveFailures
Number of consecutive unhealthy responses required before the backend is evicted.
For example, a value of 5 means the backend must receive 5 unhealthy responses in a row before being evicted.
When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met.
When neither is set, a single unhealthy response can trigger eviction.
For example, a value of 5 means the backend must receive 5 unhealthy responses in a row before being evicted.
When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met.
When neither is set, a single unhealthy response can trigger eviction.
Validation
Formatint32
Minimum0
spec.ai.groups.providers.policies.health.eviction.duration
Base time a backend should be evicted after being marked unhealthy.
Subsequent evictions use multiplicative backoff (duration * times_evicted).
If all endpoints are evicted, the load balancer falls back to returning evicted endpoints
rather than failing entirely.
If unset, defaults to
Subsequent evictions use multiplicative backoff (duration * times_evicted).
If all endpoints are evicted, the load balancer falls back to returning evicted endpoints
rather than failing entirely.
If unset, defaults to
3s.Validation
Default3s
Rule
invalid duration value
Rule
evictionDuration must be at least 1 second
spec.ai.groups.providers.policies.health.eviction.healthThreshold
EWMA health score threshold, expressed as 0 to 100.
When set, a backend is only evicted if its computed health drops below this value after an unhealthy response.
For example, 50 means the backend is evicted when its EWMA health falls below 50% following failures.
Unlike consecutiveFailures (which counts consecutive failures), this uses a sliding-window average
so a single success in a stream of failures can delay eviction.
When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met.
When neither is set, a single unhealthy response triggers eviction.
When set, a backend is only evicted if its computed health drops below this value after an unhealthy response.
For example, 50 means the backend is evicted when its EWMA health falls below 50% following failures.
Unlike consecutiveFailures (which counts consecutive failures), this uses a sliding-window average
so a single success in a stream of failures can delay eviction.
When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met.
When neither is set, a single unhealthy response triggers eviction.
Validation
Formatint32
Minimum0
Maximum100
spec.ai.groups.providers.policies.health.eviction.restoreHealth
Health score from 0 to 100 assigned to a backend when it returns from eviction.
For gradual recovery, set below 100; for full recovery immediately, set 100.
If unset, the backend resumes with the health it had when evicted.
For gradual recovery, set below 100; for full recovery immediately, set 100.
If unset, the backend resumes with the health it had when evicted.
Validation
Formatint32
Minimum0
Maximum100
spec.ai.groups.providers.policies.health.unhealthyCondition
CEL expression that determines whether a response indicates an unhealthy backend.
When the expression evaluates to true, the backend is considered unhealthy and may be evicted.
When the expression evaluates to true, the backend is considered unhealthy and may be evicted.
For example, to evict on 5xx responses:
response.code >= 500.When unset, any 5xx response, or a connection failure, is treated as unhealthy.
This default lowers the backend's health score but does not trigger eviction on its own.
This default lowers the backend's health score but does not trigger eviction on its own.
Validation
Min length1
Max length16384
spec.ai.groups.providers.policies.http
Settings for managing HTTP requests to the backend.
spec.ai.groups.providers.policies.http.requestTimeout
Deadline for receiving a response from the backend.
Validation
Rule
invalid duration value
Rule
requestTimeout must be at least 1ms
spec.ai.groups.providers.policies.http.version
HTTP protocol version to use when connecting to
the backend.
If not specified, the version is automatically determined:
*
port.
* If traffic is identified as gRPC,
* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS,
because most clients will transparently upgrade HTTPS traffic to
the backend.
If not specified, the version is automatically determined:
*
Service types can specify it with appProtocol on the Serviceport.
* If traffic is identified as gRPC,
HTTP2 is used.* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS,
HTTP1 will be used. This isbecause most clients will transparently upgrade HTTPS traffic to
HTTP2, even if the backend doesn't support it.Validation
EnumHTTP1, HTTP2
spec.ai.groups.providers.policies.tcp
Settings for managing TCP connections to the backend.
spec.ai.groups.providers.policies.tcp.connectTimeout
Deadline for establishing a connection to
the destination.
the destination.
Validation
Rule
invalid duration value
Rule
connectTimeout must be at least 100ms
spec.ai.groups.providers.policies.tcp.keepalive
Settings for enabling TCP keepalives on the
connection.
connection.
spec.ai.groups.providers.policies.tcp.keepalive.interval
Time between keepalive probes.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
interval must be at least 1 second
spec.ai.groups.providers.policies.tcp.keepalive.retries
Maximum number of keepalive probes to send before dropping the connection.
If unset, this defaults to 9.
If unset, this defaults to 9.
Validation
Formatint32
Minimum1
Maximum64
spec.ai.groups.providers.policies.tcp.keepalive.time
Time a connection needs to be idle before keepalive probes start being sent.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
time must be at least 1 second
spec.ai.groups.providers.policies.tls
Settings for managing TLS connections to the backend.
If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to
validate the server, and the SNI will automatically be set based on the destination.
validate the server, and the SNI will automatically be set based on the destination.
Validation
Rule
insecureSkipVerify All and caCertificateRefs may not be set together
Rule
insecureSkipVerify and verifySubjectAltNames may not be set together
Rule
at most one of the fields in [verifySubjectAltNames insecureSkipVerify] may be set
spec.ai.groups.providers.policies.tls.alpnProtocols
Application-Layer Protocol Negotiation (
value to use in the TLS handshake.
ALPN)value to use in the TLS handshake.
If not present, defaults to
["h2", "http/1.1"].Validation
Min items1
Max items16
spec.ai.groups.providers.policies.tls.caCertificateRefs
CA certificate
verify the server certificate.
If unset, the system's trusted certificates are used.
ConfigMap to use toverify the server certificate.
If unset, the system's trusted certificates are used.
Validation
Max items1
List typeatomic
spec.ai.groups.providers.policies.tls.caCertificateRefs.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.ai.groups.providers.policies.tls.insecureSkipVerify
Originates TLS but skips verification of the backend's certificate.
WARNING: This is an insecure option that should only be used if the risks are understood.
WARNING: This is an insecure option that should only be used if the risks are understood.
There are two modes:
*
*
mismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
if possible.
*
All disables all TLS verification.*
Hostname verifies the CA certificate is trusted, but ignores anymismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
verifySubjectAltNames to customize the valid hostnamesif possible.
Validation
EnumAll, Hostname
spec.ai.groups.providers.policies.tls.keyExchangeGroups
Ordered list of key exchange groups for a TLS connection.
For example:
For example:
X25519_MLKEM768,X25519.spec.ai.groups.providers.policies.tls.mtlsCertificateRef
Enables mutual TLS to the backend, using the
specified key (
credential source, defaulting to a Kubernetes
specified key (
tls.key) and cert (tls.crt) from the referencedcredential source, defaulting to a Kubernetes
Secret.An optional
server certificate. If
ca.cert field, if present, will be used to verify theserver certificate. If
caCertificateRefs is also specified, thecaCertificateRefs field takes priority.If unspecified, no client certificate will be used.
Validation
Max items1
List typeatomic
spec.ai.groups.providers.policies.tls.mtlsCertificateRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.ai.groups.providers.policies.tls.mtlsCertificateRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.ai.groups.providers.policies.tls.mtlsCertificateRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.ai.groups.providers.policies.tls.sni
Server Name Indicator (
handshake. If unset, the
destination hostname.
SNI) to use in the TLShandshake. If unset, the
SNI is automatically set based on thedestination hostname.
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Min length1
Max length253
spec.ai.groups.providers.policies.tls.verifySubjectAltNames
Subject Alternative Names (
to verify in the server certificate.
If not present, the destination hostname is automatically used.
SAN)to verify in the server certificate.
If not present, the destination hostname is automatically used.
Validation
Min items1
Max items16
spec.ai.groups.providers.policies.transformation
Mutates and transforms requests and responses sent to and from the backend.
Validation
Rule
at least one of the fields in [request response] must be set
spec.ai.groups.providers.policies.transformation.request
Request transformation settings.
Validation
Rule
at least one of the fields in [add body metadata remove set] must be set
spec.ai.groups.providers.policies.transformation.request.add
Headers to add to the request and what each value
should be set to. If there is already a header with these values then
append the value as an extra entry.
should be set to. If there is already a header with these values then
append the value as an extra entry.
Validation
Min items1
Max items16
List typemap
List map keysname
spec.ai.groups.providers.policies.transformation.request.add.name
The name of the header to add.
Validation
Pattern^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
Rule
pseudo-headers must be one of :authority, :method, :path, :scheme, or :status
spec.ai.groups.providers.policies.transformation.request.add.value
CEL expression that generates the output value for
the header.
the header.
Validation
Min length1
Max length16384
spec.ai.groups.providers.policies.transformation.request.body
HTTP body transformation.
Validation
Min length1
Max length16384
spec.ai.groups.providers.policies.transformation.request.metadata
Stores CEL-evaluated values under the
for subsequent policy evaluations.
or body transformations.
metadata CEL variablefor subsequent policy evaluations.
metadata is evaluated before headeror body transformations.
Validation
Min properties1
Max properties16
spec.ai.groups.providers.policies.transformation.request.remove
Header names to remove from the request or
response.
response.
Validation
Min items1
Max items16
List typeset
spec.ai.groups.providers.policies.transformation.request.set
Headers to set and the values to use.
Validation
Min items1
Max items16
List typemap
List map keysname
spec.ai.groups.providers.policies.transformation.request.set.name
The name of the header to add.
Validation
Pattern^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
Rule
pseudo-headers must be one of :authority, :method, :path, :scheme, or :status
spec.ai.groups.providers.policies.transformation.request.set.value
CEL expression that generates the output value for
the header.
the header.
Validation
Min length1
Max length16384
spec.ai.groups.providers.policies.transformation.response
Response transformation settings.
Validation
Rule
at least one of the fields in [add body metadata remove set] must be set
spec.ai.groups.providers.policies.transformation.response.add
Headers to add to the request and what each value
should be set to. If there is already a header with these values then
append the value as an extra entry.
should be set to. If there is already a header with these values then
append the value as an extra entry.
Validation
Min items1
Max items16
List typemap
List map keysname
spec.ai.groups.providers.policies.transformation.response.add.name
The name of the header to add.
Validation
Pattern^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
Rule
pseudo-headers must be one of :authority, :method, :path, :scheme, or :status
spec.ai.groups.providers.policies.transformation.response.add.value
CEL expression that generates the output value for
the header.
the header.
Validation
Min length1
Max length16384
spec.ai.groups.providers.policies.transformation.response.body
HTTP body transformation.
Validation
Min length1
Max length16384
spec.ai.groups.providers.policies.transformation.response.metadata
Stores CEL-evaluated values under the
for subsequent policy evaluations.
or body transformations.
metadata CEL variablefor subsequent policy evaluations.
metadata is evaluated before headeror body transformations.
Validation
Min properties1
Max properties16
spec.ai.groups.providers.policies.transformation.response.remove
Header names to remove from the request or
response.
response.
Validation
Min items1
Max items16
List typeset
spec.ai.groups.providers.policies.transformation.response.set
Headers to set and the values to use.
Validation
Min items1
Max items16
List typemap
List map keysname
spec.ai.groups.providers.policies.transformation.response.set.name
The name of the header to add.
Validation
Pattern^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
Rule
pseudo-headers must be one of :authority, :method, :path, :scheme, or :status
spec.ai.groups.providers.policies.transformation.response.set.value
CEL expression that generates the output value for
the header.
the header.
Validation
Min length1
Max length16384
spec.ai.groups.providers.policies.tunnel
Settings for managing tunnel connections, with behavior like
HTTPS_PROXY, to the backend.spec.ai.groups.providers.policies.tunnel.backendRef
Proxy server to reach.
Supported types:
Supported types:
Service and Backend.Validation
Rule
Must have port for Service reference
spec.ai.groups.providers.policies.tunnel.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.ai.groups.providers.policies.tunnel.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.ai.groups.providers.policies.tunnel.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
spec.ai.groups.providers.policies.tunnel.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.ai.groups.providers.policies.tunnel.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
spec.ai.groups.providers.port
Port to send requests to.
Validation
Formatint32
Minimum1
Maximum65535
spec.ai.groups.providers.vertexai
Vertex AI provider settings.
spec.ai.groups.providers.vertexai.model
Model name override, such as
If unset, the model name is taken from the request.
gpt-4o-mini.If unset, the model name is taken from the request.
Validation
Min length1
Max length256
spec.ai.groups.providers.vertexai.projectId
The ID of the Google Cloud Project that you use for the Vertex AI.
Validation
Min length1
Max length64
spec.ai.groups.providers.vertexai.region
The location of the Google Cloud Project that you use for the Vertex AI.
Defaults to
Defaults to
global if not specified.Validation
Defaultglobal
Min length1
Max length64
spec.ai.provider
Configuration for how to reach the configured LLM
provider.
provider.
Validation
Rule
both host and port must be set together
Rule
custom providers must specify exactly one of backendRef or host and port
Rule
path and pathPrefix are mutually exclusive
Rule
path, pathPrefix, and custom format paths are mutually exclusive
Rule
pathPrefix requires host to be set
Rule
exactly one of the fields in [openai azureopenai azure anthropic gemini vertexai bedrock custom] must be set
Documentation References (20)
spec.ai.provider.anthropic
Anthropic provider settings.
Documentation References (1)
spec.ai.provider.anthropic.model
Model name override, such as
If unset, the model name is taken from the request.
gpt-4o-mini.If unset, the model name is taken from the request.
Validation
Min length1
Max length256
Documentation References (1)
spec.ai.provider.azure
Azure provider with resource-based configuration.
Supports both Azure OpenAI and Azure AI Foundry resource types.
Supports both Azure OpenAI and Azure AI Foundry resource types.
Validation
Rule
projectName is required when resourceType is Foundry
Documentation References (1)
spec.ai.provider.azure.apiVersion
The version of the Azure OpenAI API to use.
If unset, defaults to
If unset, defaults to
v1.Validation
Min length1
Max length64
spec.ai.provider.azure.model
Model name override, such as
If unset, the model name is taken from the request.
gpt-4o-mini.If unset, the model name is taken from the request.
Validation
Min length1
Max length256
Documentation References (1)
spec.ai.provider.azure.projectName
The Foundry project name, required when
Used to construct paths: /api/projects/{projectName}/openai/v1/...
resourceType is Foundry.Used to construct paths: /api/projects/{projectName}/openai/v1/...
Validation
Min length1
Max length256
Documentation References (1)
spec.ai.provider.azure.resourceName
The Azure resource name used to construct the endpoint host.
For OpenAI: {resourceName}.openai.azure.com
For Foundry: {resourceName}.services.ai.azure.com
Note: when the Azure portal "Foundry legacy" template was used, the
generated resource name may end in "-resource" (e.g. "myproject-resource");
that suffix is part of the resource name as the user configured it, not
part of the hostname suffix agentgateway should append.
For OpenAI: {resourceName}.openai.azure.com
For Foundry: {resourceName}.services.ai.azure.com
Note: when the Azure portal "Foundry legacy" template was used, the
generated resource name may end in "-resource" (e.g. "myproject-resource");
that suffix is part of the resource name as the user configured it, not
part of the hostname suffix agentgateway should append.
Validation
Min length1
Max length256
Documentation References (1)
spec.ai.provider.azure.resourceType
The type of Azure endpoint. Determines the host suffix.
Validation
EnumFoundry, OpenAI
Documentation References (1)
spec.ai.provider.azureopenai
Azure OpenAI provider settings.
Validation
Rule
deploymentName is required for this apiVersion
Documentation References (1)
spec.ai.provider.azureopenai.apiVersion
The version of the Azure OpenAI API to use.
For more information, see the [Azure OpenAI API version reference](https://learn.microsoft.com/en-us/azure/foundry/openai/reference).
If unset, defaults to
For more information, see the [Azure OpenAI API version reference](https://learn.microsoft.com/en-us/azure/foundry/openai/reference).
If unset, defaults to
v1.Validation
Min length1
Max length64
Documentation References (1)
spec.ai.provider.azureopenai.deploymentName
The name of the Azure OpenAI model deployment to use.
For more information, see the [Azure OpenAI model docs](https://learn.microsoft.com/en-us/azure/foundry/foundry-models/concepts/models-sold-directly-by-azure?view=foundry-classic).
This is required if
set in the request.
For more information, see the [Azure OpenAI model docs](https://learn.microsoft.com/en-us/azure/foundry/foundry-models/concepts/models-sold-directly-by-azure?view=foundry-classic).
This is required if
apiVersion is not v1. For v1, the model can beset in the request.
Validation
Min length1
Max length256
Documentation References (1)
spec.ai.provider.azureopenai.endpoint
The endpoint for the Azure OpenAI API to use, such as
If the scheme is included, it is stripped.
my-endpoint.openai.azure.com.If the scheme is included, it is stripped.
Validation
Min length1
Max length256
Documentation References (1)
spec.ai.provider.bedrock.guardrail
Guardrail policy to use for the backend. See
<https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails.html>.
If not specified, the AWS Guardrail policy will not be used.
<https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails.html>.
If not specified, the AWS Guardrail policy will not be used.
spec.ai.provider.bedrock.guardrail.identifier
Identifier of the Guardrail policy to use for the backend.
Validation
Min length1
Max length256
spec.ai.provider.bedrock.guardrail.version
Version of the Guardrail policy to use for the backend.
Validation
Min length1
Max length256
spec.ai.provider.bedrock.model
Model name override, such as
If unset, the model name is taken from the request.
gpt-4o-mini.If unset, the model name is taken from the request.
Validation
Min length1
Max length256
Documentation References (1)
spec.ai.provider.bedrock.region
AWS region to use for the backend.
Defaults to
Defaults to
us-east-1 if not specified.Validation
Defaultus-east-1
Pattern^[a-z0-9-]+$
Min length1
Max length63
Documentation References (1)
spec.ai.provider.custom
Custom provider configures a non-managed or self-hosted LLM provider.
Use this when the provider target and API formats should be declared
explicitly instead of inferred from a managed provider such as OpenAI or
Anthropic.
Use this when the provider target and API formats should be declared
explicitly instead of inferred from a managed provider such as OpenAI or
Anthropic.
Validation
Rule
custom provider backendRef may target only Service or InferencePool
Documentation References (2)
spec.ai.provider.custom.backendRef
Kubernetes backend that serves this provider.
If unset, host and port must be set on the parent provider.
backendRef may target only a namespace-local Service or InferencePool.If unset, host and port must be set on the parent provider.
Validation
Rule
Must have port for Service reference
Documentation References (2)
spec.ai.provider.custom.backendRef.group
API group of the referenced resource. For example,
When unspecified or empty string, core API group is inferred.
gateway.networking.k8s.io.When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
Documentation References (2)
spec.ai.provider.custom.backendRef.kind
Kind of the referenced resource. For example,
Defaults to "Service" when not specified.
Service.Defaults to "Service" when not specified.
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
Documentation References (2)
spec.ai.provider.custom.backendRef.name
Name of the referenced resource.
Validation
Min length1
Max length253
Documentation References (2)
spec.ai.provider.custom.backendRef.port
Destination port number to use for this resource.
Required when the referenced resource is a Kubernetes Service.
Required when the referenced resource is a Kubernetes Service.
Validation
Formatint32
Minimum1
Maximum65535
Documentation References (1)
spec.ai.provider.custom.formats
Provider-native API formats this provider supports.
Validation
Min items1
Max items6
List typemap
List map keystype
Documentation References (2)
spec.ai.provider.custom.formats.path
Default upstream path override for this format.
If unset, agentgateway uses the default path for the format.
If unset, agentgateway uses the default path for the format.
Validation
Min length1
Max length1024
Documentation References (2)
spec.ai.provider.custom.formats.type
Provider-native API format.
Validation
EnumAnthropicTokenCount, Completions, Embeddings, Messages, Realtime, Rerank, Responses
Documentation References (2)
spec.ai.provider.custom.model
Model name override, such as
If unset, the model name is taken from the request.
gpt-oss.If unset, the model name is taken from the request.
Validation
Min length1
Max length256
Documentation References (2)
spec.ai.provider.gemini
Gemini provider settings.
Documentation References (2)
spec.ai.provider.gemini.model
Model name override, such as
If unset, the model name is taken from the request.
gemini-2.5-pro.If unset, the model name is taken from the request.
Validation
Min length1
Max length256
Documentation References (2)
spec.ai.provider.host
Hostname to send requests to.
For custom providers without backendRef, host and port specify the target.
For managed providers, host and port override the provider default.
For custom providers without backendRef, host and port specify the target.
For managed providers, host and port override the provider default.
Validation
Min length1
Max length256
spec.ai.provider.openai
OpenAI provider settings.
spec.ai.provider.openai.model
Model name override, such as
If unset, the model name is taken from the request.
gpt-4o-mini.If unset, the model name is taken from the request.
Validation
Min length1
Max length256
spec.ai.provider.path
URL path to use for LLM provider API requests.
This is useful when you need to route requests to a different API endpoint while maintaining
compatibility with the original provider's API structure.
If not specified, the default path for the provider is used.
This is useful when you need to route requests to a different API endpoint while maintaining
compatibility with the original provider's API structure.
If not specified, the default path for the provider is used.
Validation
Min length1
Max length1024
Documentation References (2)
spec.ai.provider.pathPrefix
Overrides the default base path prefix, such as
Path translation for cross-format requests still applies using this prefix.
Only supported for OpenAI and Anthropic providers.
/v1, for upstream requests.Path translation for cross-format requests still applies using this prefix.
Only supported for OpenAI and Anthropic providers.
Validation
Min length1
Max length1024
Documentation References (1)
spec.ai.provider.port
Port to send requests to.
Validation
Formatint32
Minimum1
Maximum65535
spec.ai.provider.vertexai
Vertex AI provider settings.
Documentation References (1)
spec.ai.provider.vertexai.model
Model name override, such as
If unset, the model name is taken from the request.
gpt-4o-mini.If unset, the model name is taken from the request.
Validation
Min length1
Max length256
Documentation References (1)
spec.ai.provider.vertexai.projectId
The ID of the Google Cloud Project that you use for the Vertex AI.
Validation
Min length1
Max length64
Documentation References (1)
spec.ai.provider.vertexai.region
The location of the Google Cloud Project that you use for the Vertex AI.
Defaults to
Defaults to
global if not specified.Validation
Defaultglobal
Min length1
Max length64
Documentation References (1)
spec.aws
AWS service backend, such as AgentCore.
Validation
Rule
exactly one of the fields in [agentCore] must be set
spec.aws.agentCore
Amazon Bedrock AgentCore backend settings.
spec.aws.agentCore.agentRuntimeArn
ARN of the AgentCore runtime.
spec.aws.agentCore.qualifier
Alias or version qualifier.
spec.dynamicForwardProxy
Dynamically sends requests to the destination based on the incoming
request HTTP host header, or TLS SNI for TLS traffic.
request HTTP host header, or TLS SNI for TLS traffic.
Warning: this backend type can send requests to arbitrary destinations. Proper
access controls must be put in place when using this backend type.
access controls must be put in place when using this backend type.
Documentation References (1)
spec.mcp
MCP backend.
Documentation References (6)
spec.mcp.failureMode
Behavior when MCP targets fail to initialize or
become unavailable at runtime.
continues serving from healthy ones.
entire session if any target fails.
become unavailable at runtime.
FailOpen skips failed targets andcontinues serving from healthy ones.
FailClosed (default) fails theentire session if any target fails.
Validation
EnumFailClosed, FailOpen
spec.mcp.sessionRouting
MCP session routing behavior.
Defaults to
Defaults to
Stateful if not set.Validation
EnumStateful, Stateless
Documentation References (1)
spec.mcp.targets
MCP targets to use for this backend. Policies
targeting MCP targets must use
the target by name.
targeting MCP targets must use
targetRefs[].sectionName to selectthe target by name.
Validation
Min items1
Max items32
List typemap
List map keysname
Rule
target names must be unique
Documentation References (6)
spec.mcp.targets.name
Name of the MCP target.
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Min length1
Max length253
Documentation References (6)
spec.mcp.targets.selector
Label selector used to select
If policies are needed on a per-service basis,
target the desired
Service resources.If policies are needed on a per-service basis,
AgentgatewayPolicy cantarget the desired
Service.Validation
Rule
at least one of the fields in [namespaces services] must be set
Documentation References (3)
spec.mcp.targets.selector.namespaces
namespace is the label selector for namespaces that Serviceresources should be selected from. If unset, only the namespace of the
AgentgatewayBackend is searched.Validation
Map typeatomic
spec.mcp.targets.selector.namespaces.matchExpressions
matchExpressions is a list of label selector requirements. The requirements are ANDed.
Validation
List typeatomic
spec.mcp.targets.selector.namespaces.matchExpressions.key
key is the label key that the selector applies to.
spec.mcp.targets.selector.namespaces.matchExpressions.operator
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
Valid operators are In, NotIn, Exists and DoesNotExist.
spec.mcp.targets.selector.namespaces.matchExpressions.values
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
Validation
List typeatomic
spec.mcp.targets.selector.namespaces.matchLabels
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
spec.mcp.targets.selector.services
services is the label selector for which Service resources should beselected.
Validation
Map typeatomic
Documentation References (3)
spec.mcp.targets.selector.services.matchExpressions
matchExpressions is a list of label selector requirements. The requirements are ANDed.
Validation
List typeatomic
spec.mcp.targets.selector.services.matchExpressions.key
key is the label key that the selector applies to.
spec.mcp.targets.selector.services.matchExpressions.operator
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
Valid operators are In, NotIn, Exists and DoesNotExist.
spec.mcp.targets.selector.services.matchExpressions.values
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
Validation
List typeatomic
spec.mcp.targets.selector.services.matchLabels
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
Documentation References (3)
spec.mcp.targets.static
Static MCP destination. When connecting to
in-cluster
instead.
in-cluster
Service resources, it is recommended to use selectorinstead.
Validation
Rule
mcp target policies may not be used with backendRef
Rule
exactly one of the fields in [host backendRef] must be set
Documentation References (5)
spec.mcp.targets.static.backendRef
Namespace-local
When set, this replaces
remain configured on this target.
Service resource by name.When set, this replaces
host only; port, path, and protocolremain configured on this target.
Validation
Map typeatomic
Documentation References (2)
spec.mcp.targets.static.backendRef.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Documentation References (2)
spec.mcp.targets.static.host
Hostname or IP address of the MCP target.
Validation
Min length1
Max length256
Documentation References (5)
spec.mcp.targets.static.path
URL path of the MCP target endpoint.
Defaults to
Defaults to
"/sse" for the SSE protocol or "/mcp" for theStreamableHTTP protocol if not specified.Validation
Min length1
Max length1024
Documentation References (1)
spec.mcp.targets.static.policies
Policies for communicating with this backend.
Policies may also be set in
order:
This field may only be used with host-based static targets, not
Policies may also be set in
AgentgatewayPolicy, or in the top-levelAgentgatewayBackend. Policies are merged on a field-level basis, withorder:
AgentgatewayPolicy < AgentgatewayBackend < AgentgatewayBackend MCP (this field).This field may only be used with host-based static targets, not
backendRef.Documentation References (1)
spec.mcp.targets.static.policies.auth
Settings for managing authentication to the backend.
Validation
Rule
location may only be set for key or passthrough auth
Rule
exactly one of the fields in [key secretRef passthrough aws azure gcp] must be set
spec.mcp.targets.static.policies.auth.aws
Explicit AWS authentication method for the backend.
When omitted, default AWS SDK credential discovery is used.
When omitted, default AWS SDK credential discovery is used.
Validation
Rule
secretRef and assumeRole are mutually exclusive
spec.mcp.targets.static.policies.auth.aws.assumeRole
AWS STS AssumeRole settings to use before signing backend requests.
Ambient AWS credentials are used as the source credentials for STS.
Ambient AWS credentials are used as the source credentials for STS.
spec.mcp.targets.static.policies.auth.aws.assumeRole.roleArn
AWS IAM role ARN to assume.
Validation
Pattern^arn:aws[a-z-]*:iam::[0-9]{12}:role/.+$
Min length1
spec.mcp.targets.static.policies.auth.aws.secretRef
Credential source, defaulting to a Kubernetes
resolver, the
optionally
Secret, containing the AWS credentials. When using the default Secretresolver, the
Secret must have keys accessKey, secretKey, andoptionally
sessionToken.Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.mcp.targets.static.policies.auth.aws.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.mcp.targets.static.policies.auth.aws.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.mcp.targets.static.policies.auth.aws.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.mcp.targets.static.policies.auth.aws.serviceName
AWS SigV4 signing service name, for example
backends may provide this automatically.
bedrock, bedrock-agentcore, or execute-api). If unset, typed AWSbackends may provide this automatically.
Validation
Min length1
Max length256
spec.mcp.targets.static.policies.auth.azure
Azure authentication method for the backend.
spec.mcp.targets.static.policies.auth.azure.managedIdentity
Managed identity authentication settings.
spec.mcp.targets.static.policies.auth.azure.managedIdentity.clientId
No description for this field.
spec.mcp.targets.static.policies.auth.azure.managedIdentity.objectId
No description for this field.
spec.mcp.targets.static.policies.auth.azure.managedIdentity.resourceId
No description for this field.
spec.mcp.targets.static.policies.auth.azure.secretRef
Credential source, defaulting to a Kubernetes
resolver, the
Secret, containing the Azure credentials. When using the default Secretresolver, the
Secret must have keys clientID, tenantID, andclientSecret.Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.mcp.targets.static.policies.auth.azure.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.mcp.targets.static.policies.auth.azure.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.mcp.targets.static.policies.auth.azure.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.mcp.targets.static.policies.auth.gcp
Google authentication method for the backend.
When omitted, default Google credential discovery is used.
When omitted, default Google credential discovery is used.
Validation
Rule
audience is only valid with IdToken
spec.mcp.targets.static.policies.auth.gcp.audience
Explicit
valid with
derived from the backend hostname.
aud value for the ID token. Onlyvalid with
IdToken type. If not set, the aud is automaticallyderived from the backend hostname.
Validation
Min length1
Max length256
spec.mcp.targets.static.policies.auth.gcp.secretRef
Credential source, defaulting to a Kubernetes
the default Secret resolver, this must be stored in the
key. When omitted, ambient credentials are used.
Secret, containing ADC-compatible Google credential JSON. When usingthe default Secret resolver, this must be stored in the
credentials.jsonkey. When omitted, ambient credentials are used.
Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.mcp.targets.static.policies.auth.gcp.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.mcp.targets.static.policies.auth.gcp.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.mcp.targets.static.policies.auth.gcp.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.mcp.targets.static.policies.auth.gcp.type
The type of token to generate. To authenticate to GCP services,
generally an
generally an
AccessToken is used. To authenticate to Cloud Run, anIdToken is used.Validation
EnumAccessToken, IdToken
spec.mcp.targets.static.policies.auth.key
Inline key to use as the value of the
Authorization header. This option is the least secure; usage of aSecret is preferred.Validation
Max length2048
spec.mcp.targets.static.policies.auth.location
Where backend credentials are inserted.
If omitted, credentials are written to the
This applies to
If omitted, credentials are written to the
Authorization header with the Bearer prefix.This applies to
key, secretRef, and passthrough.Validation
Rule
exactly one of the fields in [header queryParameter cookie] must be set
spec.mcp.targets.static.policies.auth.location.cookie
No description for this field.
spec.mcp.targets.static.policies.auth.location.cookie.name
No description for this field.
Validation
Min length1
Max length256
spec.mcp.targets.static.policies.auth.location.header
No description for this field.
spec.mcp.targets.static.policies.auth.location.header.name
HTTPHeaderName is the name of an HTTP header.
Valid values include:
* "Authorization"
* "Set-Cookie"
* "Set-Cookie"
Invalid values include:
- ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.mcp.targets.static.policies.auth.location.header.prefix
No description for this field.
Validation
Min length1
Max length256
spec.mcp.targets.static.policies.auth.location.queryParameter
No description for this field.
spec.mcp.targets.static.policies.auth.location.queryParameter.name
No description for this field.
Validation
Min length1
Max length256
spec.mcp.targets.static.policies.auth.passthrough
Passes through an existing token that has been sent by the
client and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
client and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
spec.mcp.targets.static.policies.auth.secretRef
Credential source, defaulting to a Kubernetes
the default Secret resolver, this must be stored in the
key.
Secret, storing the key to use as the authorization value. When usingthe default Secret resolver, this must be stored in the
Authorizationkey.
Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.mcp.targets.static.policies.auth.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.mcp.targets.static.policies.auth.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.mcp.targets.static.policies.auth.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.mcp.targets.static.policies.http
Settings for managing HTTP requests to the backend.
spec.mcp.targets.static.policies.http.requestTimeout
Deadline for receiving a response from the backend.
Validation
Rule
invalid duration value
Rule
requestTimeout must be at least 1ms
spec.mcp.targets.static.policies.http.version
HTTP protocol version to use when connecting to
the backend.
If not specified, the version is automatically determined:
*
port.
* If traffic is identified as gRPC,
* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS,
because most clients will transparently upgrade HTTPS traffic to
the backend.
If not specified, the version is automatically determined:
*
Service types can specify it with appProtocol on the Serviceport.
* If traffic is identified as gRPC,
HTTP2 is used.* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS,
HTTP1 will be used. This isbecause most clients will transparently upgrade HTTPS traffic to
HTTP2, even if the backend doesn't support it.Validation
EnumHTTP1, HTTP2
spec.mcp.targets.static.policies.tcp
Settings for managing TCP connections to the backend.
spec.mcp.targets.static.policies.tcp.connectTimeout
Deadline for establishing a connection to
the destination.
the destination.
Validation
Rule
invalid duration value
Rule
connectTimeout must be at least 100ms
spec.mcp.targets.static.policies.tcp.keepalive
Settings for enabling TCP keepalives on the
connection.
connection.
spec.mcp.targets.static.policies.tcp.keepalive.interval
Time between keepalive probes.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
interval must be at least 1 second
spec.mcp.targets.static.policies.tcp.keepalive.retries
Maximum number of keepalive probes to send before dropping the connection.
If unset, this defaults to 9.
If unset, this defaults to 9.
Validation
Formatint32
Minimum1
Maximum64
spec.mcp.targets.static.policies.tcp.keepalive.time
Time a connection needs to be idle before keepalive probes start being sent.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
time must be at least 1 second
spec.mcp.targets.static.policies.tls
Settings for managing TLS connections to the backend.
If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to
validate the server, and the SNI will automatically be set based on the destination.
validate the server, and the SNI will automatically be set based on the destination.
Validation
Rule
insecureSkipVerify All and caCertificateRefs may not be set together
Rule
insecureSkipVerify and verifySubjectAltNames may not be set together
Rule
at most one of the fields in [verifySubjectAltNames insecureSkipVerify] may be set
Documentation References (1)
spec.mcp.targets.static.policies.tls.alpnProtocols
Application-Layer Protocol Negotiation (
value to use in the TLS handshake.
ALPN)value to use in the TLS handshake.
If not present, defaults to
["h2", "http/1.1"].Validation
Min items1
Max items16
spec.mcp.targets.static.policies.tls.caCertificateRefs
CA certificate
verify the server certificate.
If unset, the system's trusted certificates are used.
ConfigMap to use toverify the server certificate.
If unset, the system's trusted certificates are used.
Validation
Max items1
List typeatomic
spec.mcp.targets.static.policies.tls.caCertificateRefs.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.mcp.targets.static.policies.tls.insecureSkipVerify
Originates TLS but skips verification of the backend's certificate.
WARNING: This is an insecure option that should only be used if the risks are understood.
WARNING: This is an insecure option that should only be used if the risks are understood.
There are two modes:
*
*
mismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
if possible.
*
All disables all TLS verification.*
Hostname verifies the CA certificate is trusted, but ignores anymismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
verifySubjectAltNames to customize the valid hostnamesif possible.
Validation
EnumAll, Hostname
spec.mcp.targets.static.policies.tls.keyExchangeGroups
Ordered list of key exchange groups for a TLS connection.
For example:
For example:
X25519_MLKEM768,X25519.spec.mcp.targets.static.policies.tls.mtlsCertificateRef
Enables mutual TLS to the backend, using the
specified key (
credential source, defaulting to a Kubernetes
specified key (
tls.key) and cert (tls.crt) from the referencedcredential source, defaulting to a Kubernetes
Secret.An optional
server certificate. If
ca.cert field, if present, will be used to verify theserver certificate. If
caCertificateRefs is also specified, thecaCertificateRefs field takes priority.If unspecified, no client certificate will be used.
Validation
Max items1
List typeatomic
spec.mcp.targets.static.policies.tls.mtlsCertificateRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.mcp.targets.static.policies.tls.mtlsCertificateRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.mcp.targets.static.policies.tls.mtlsCertificateRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.mcp.targets.static.policies.tls.sni
Server Name Indicator (
handshake. If unset, the
destination hostname.
SNI) to use in the TLShandshake. If unset, the
SNI is automatically set based on thedestination hostname.
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Min length1
Max length253
Documentation References (1)
spec.mcp.targets.static.policies.tls.verifySubjectAltNames
Subject Alternative Names (
to verify in the server certificate.
If not present, the destination hostname is automatically used.
SAN)to verify in the server certificate.
If not present, the destination hostname is automatically used.
Validation
Min items1
Max items16
spec.mcp.targets.static.policies.tunnel
Settings for managing tunnel connections, with behavior like
HTTPS_PROXY, to the backend.spec.mcp.targets.static.policies.tunnel.backendRef
Proxy server to reach.
Supported types:
Supported types:
Service and Backend.Validation
Rule
Must have port for Service reference
spec.mcp.targets.static.policies.tunnel.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.mcp.targets.static.policies.tunnel.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.mcp.targets.static.policies.tunnel.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
spec.mcp.targets.static.policies.tunnel.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.mcp.targets.static.policies.tunnel.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
spec.mcp.targets.static.port
Port number of the MCP target.
Validation
Formatint32
Minimum1
Maximum65535
Documentation References (5)
spec.mcp.targets.static.protocol
Protocol to use for the connection to the MCP
target.
target.
Validation
EnumSSE, StreamableHTTP
Documentation References (4)
spec.policies
Policies for communicating with this backend. Policies may also be set
with AgentgatewayPolicy. Backend policies take precedence over policy
resources when they set the same field.
with AgentgatewayPolicy. Backend policies take precedence over policy
resources when they set the same field.
Validation
Rule
at least one of the fields in [ai auth extAuth health http mcp tcp tls transformation tunnel] must be set
spec.policies.ai
Settings for AI workloads. This is only applicable when
connecting to a
connecting to a
Backend of type ai.Validation
Rule
at least one of the fields in [defaults modelAliases overrides prompt promptCaching promptGuard routes transformations] must be set
Documentation References (3)
spec.policies.ai.defaults
Defaults to merge with user input fields. If the field is already set, the field in the request is used.
Validation
Min items1
Max items64
spec.policies.ai.defaults.field
Name of the field.
Validation
Max length256
spec.policies.ai.defaults.value
Default value for the field. This can be any JSON data type.
Validation
Preserve unknown fieldstrue
spec.policies.ai.modelAliases
Maps friendly model names to actual provider model names.
Example:
Note: This field is only applicable when using the agentgateway data plane.
Example:
{"fast": "gpt-3.5-turbo", "smart": "gpt-4-turbo"}.Note: This field is only applicable when using the agentgateway data plane.
Validation
Max properties64
Documentation References (1)
spec.policies.ai.overrides
Overrides to merge with user input fields. If the field is already set, the field is overwritten.
Validation
Min items1
Max items64
spec.policies.ai.overrides.field
Name of the field.
Validation
Max length256
spec.policies.ai.overrides.value
Default value for the field. This can be any JSON data type.
Validation
Preserve unknown fieldstrue
spec.policies.ai.prompt
Enriches requests sent to the LLM provider by appending and prepending system prompts. This can be configured only for
LLM providers that use the
LLM providers that use the
CHAT or CHAT_STREAMING API route type.spec.policies.ai.prompt.append
Messages to append to the prompt sent by the client.
spec.policies.ai.prompt.append.content
String content of the message.
spec.policies.ai.prompt.append.role
Role of the message. The available roles depend on the backend
LLM provider model, such as
LLM provider model, such as
SYSTEM or USER in the OpenAI API.spec.policies.ai.prompt.prepend
Messages to prepend to the prompt sent by the client.
spec.policies.ai.prompt.prepend.content
String content of the message.
spec.policies.ai.prompt.prepend.role
Role of the message. The available roles depend on the backend
LLM provider model, such as
LLM provider model, such as
SYSTEM or USER in the OpenAI API.spec.policies.ai.promptCaching
Automatic prompt caching for supported
providers, currently AWS Bedrock.
Reduces API costs by caching static content like system prompts and tool definitions.
Only applicable for Bedrock Claude 3+ and Nova models.
providers, currently AWS Bedrock.
Reduces API costs by caching static content like system prompts and tool definitions.
Only applicable for Bedrock Claude 3+ and Nova models.
spec.policies.ai.promptCaching.cacheMessageOffset
Shifts the message cache point further back in the
conversation. 0 (default) places it at the second-to-last message.
Higher values move it N additional messages towards the start, clamped
to bounds.
conversation. 0 (default) places it at the second-to-last message.
Higher values move it N additional messages towards the start, clamped
to bounds.
Validation
Default0
Minimum0
spec.policies.ai.promptCaching.cacheMessages
Enables caching for conversation messages.
Caches all messages in the conversation for cost savings.
Caches all messages in the conversation for cost savings.
Validation
Defaulttrue
spec.policies.ai.promptCaching.cacheSystem
Enables caching for system prompts.
Inserts a cache point after all system messages.
Inserts a cache point after all system messages.
Validation
Defaulttrue
spec.policies.ai.promptCaching.cacheTools
Enables caching for tool definitions.
Inserts a cache point after all tool specifications.
Inserts a cache point after all tool specifications.
Validation
Defaultfalse
spec.policies.ai.promptCaching.minTokens
Minimum estimated token count
before caching is enabled. Uses rough heuristic (word count × 1.3) to estimate tokens.
Bedrock requires at least 1,024 tokens for caching to be effective.
before caching is enabled. Uses rough heuristic (word count × 1.3) to estimate tokens.
Bedrock requires at least 1,024 tokens for caching to be effective.
Validation
Default1024
Minimum0
spec.policies.ai.promptGuard
Guardrails for LLM requests and responses.
Validation
Rule
at least one of the fields in [request response] must be set
spec.policies.ai.promptGuard.request
Prompt guards to apply to requests sent by the client.
Validation
Min items1
Max items8
spec.policies.ai.promptGuard.request.bedrockGuardrails
AWS Bedrock Guardrails settings for prompt
guarding.
guarding.
spec.policies.ai.promptGuard.request.bedrockGuardrails.identifier
Identifier of the Guardrail policy to use for the backend.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies
Policies for communicating with AWS Bedrock Guardrails.
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth
Settings for managing authentication to the backend.
Validation
Rule
location may only be set for key or passthrough auth
Rule
exactly one of the fields in [key secretRef passthrough aws azure gcp] must be set
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.aws
Explicit AWS authentication method for the backend.
When omitted, default AWS SDK credential discovery is used.
When omitted, default AWS SDK credential discovery is used.
Validation
Rule
secretRef and assumeRole are mutually exclusive
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.aws.assumeRole
AWS STS AssumeRole settings to use before signing backend requests.
Ambient AWS credentials are used as the source credentials for STS.
Ambient AWS credentials are used as the source credentials for STS.
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.aws.assumeRole.roleArn
AWS IAM role ARN to assume.
Validation
Pattern^arn:aws[a-z-]*:iam::[0-9]{12}:role/.+$
Min length1
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.aws.secretRef
Credential source, defaulting to a Kubernetes
resolver, the
optionally
Secret, containing the AWS credentials. When using the default Secretresolver, the
Secret must have keys accessKey, secretKey, andoptionally
sessionToken.Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.aws.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.aws.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.aws.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.aws.serviceName
AWS SigV4 signing service name, for example
backends may provide this automatically.
bedrock, bedrock-agentcore, or execute-api). If unset, typed AWSbackends may provide this automatically.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.azure
Azure authentication method for the backend.
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.azure.managedIdentity
Managed identity authentication settings.
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.azure.managedIdentity.clientId
No description for this field.
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.azure.managedIdentity.objectId
No description for this field.
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.azure.managedIdentity.resourceId
No description for this field.
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.azure.secretRef
Credential source, defaulting to a Kubernetes
resolver, the
Secret, containing the Azure credentials. When using the default Secretresolver, the
Secret must have keys clientID, tenantID, andclientSecret.Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.azure.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.azure.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.azure.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.gcp
Google authentication method for the backend.
When omitted, default Google credential discovery is used.
When omitted, default Google credential discovery is used.
Validation
Rule
audience is only valid with IdToken
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.gcp.audience
Explicit
valid with
derived from the backend hostname.
aud value for the ID token. Onlyvalid with
IdToken type. If not set, the aud is automaticallyderived from the backend hostname.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.gcp.secretRef
Credential source, defaulting to a Kubernetes
the default Secret resolver, this must be stored in the
key. When omitted, ambient credentials are used.
Secret, containing ADC-compatible Google credential JSON. When usingthe default Secret resolver, this must be stored in the
credentials.jsonkey. When omitted, ambient credentials are used.
Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.gcp.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.gcp.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.gcp.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.gcp.type
The type of token to generate. To authenticate to GCP services,
generally an
generally an
AccessToken is used. To authenticate to Cloud Run, anIdToken is used.Validation
EnumAccessToken, IdToken
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.key
Inline key to use as the value of the
Authorization header. This option is the least secure; usage of aSecret is preferred.Validation
Max length2048
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.location
Where backend credentials are inserted.
If omitted, credentials are written to the
This applies to
If omitted, credentials are written to the
Authorization header with the Bearer prefix.This applies to
key, secretRef, and passthrough.Validation
Rule
exactly one of the fields in [header queryParameter cookie] must be set
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.location.cookie
No description for this field.
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.location.cookie.name
No description for this field.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.location.header
No description for this field.
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.location.header.name
HTTPHeaderName is the name of an HTTP header.
Valid values include:
* "Authorization"
* "Set-Cookie"
* "Set-Cookie"
Invalid values include:
- ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.location.header.prefix
No description for this field.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.location.queryParameter
No description for this field.
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.location.queryParameter.name
No description for this field.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.passthrough
Passes through an existing token that has been sent by the
client and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
client and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.secretRef
Credential source, defaulting to a Kubernetes
the default Secret resolver, this must be stored in the
key.
Secret, storing the key to use as the authorization value. When usingthe default Secret resolver, this must be stored in the
Authorizationkey.
Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.auth.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.http
Settings for managing HTTP requests to the backend.
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.http.requestTimeout
Deadline for receiving a response from the backend.
Validation
Rule
invalid duration value
Rule
requestTimeout must be at least 1ms
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.http.version
HTTP protocol version to use when connecting to
the backend.
If not specified, the version is automatically determined:
*
port.
* If traffic is identified as gRPC,
* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS,
because most clients will transparently upgrade HTTPS traffic to
the backend.
If not specified, the version is automatically determined:
*
Service types can specify it with appProtocol on the Serviceport.
* If traffic is identified as gRPC,
HTTP2 is used.* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS,
HTTP1 will be used. This isbecause most clients will transparently upgrade HTTPS traffic to
HTTP2, even if the backend doesn't support it.Validation
EnumHTTP1, HTTP2
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.tcp
Settings for managing TCP connections to the backend.
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.tcp.connectTimeout
Deadline for establishing a connection to
the destination.
the destination.
Validation
Rule
invalid duration value
Rule
connectTimeout must be at least 100ms
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.tcp.keepalive
Settings for enabling TCP keepalives on the
connection.
connection.
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.tcp.keepalive.interval
Time between keepalive probes.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
interval must be at least 1 second
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.tcp.keepalive.retries
Maximum number of keepalive probes to send before dropping the connection.
If unset, this defaults to 9.
If unset, this defaults to 9.
Validation
Formatint32
Minimum1
Maximum64
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.tcp.keepalive.time
Time a connection needs to be idle before keepalive probes start being sent.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
time must be at least 1 second
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.tls
Settings for managing TLS connections to the backend.
If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to
validate the server, and the SNI will automatically be set based on the destination.
validate the server, and the SNI will automatically be set based on the destination.
Validation
Rule
insecureSkipVerify All and caCertificateRefs may not be set together
Rule
insecureSkipVerify and verifySubjectAltNames may not be set together
Rule
at most one of the fields in [verifySubjectAltNames insecureSkipVerify] may be set
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.tls.alpnProtocols
Application-Layer Protocol Negotiation (
value to use in the TLS handshake.
ALPN)value to use in the TLS handshake.
If not present, defaults to
["h2", "http/1.1"].Validation
Min items1
Max items16
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.tls.caCertificateRefs
CA certificate
verify the server certificate.
If unset, the system's trusted certificates are used.
ConfigMap to use toverify the server certificate.
If unset, the system's trusted certificates are used.
Validation
Max items1
List typeatomic
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.tls.caCertificateRefs.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.tls.insecureSkipVerify
Originates TLS but skips verification of the backend's certificate.
WARNING: This is an insecure option that should only be used if the risks are understood.
WARNING: This is an insecure option that should only be used if the risks are understood.
There are two modes:
*
*
mismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
if possible.
*
All disables all TLS verification.*
Hostname verifies the CA certificate is trusted, but ignores anymismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
verifySubjectAltNames to customize the valid hostnamesif possible.
Validation
EnumAll, Hostname
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.tls.keyExchangeGroups
Ordered list of key exchange groups for a TLS connection.
For example:
For example:
X25519_MLKEM768,X25519.spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.tls.mtlsCertificateRef
Enables mutual TLS to the backend, using the
specified key (
credential source, defaulting to a Kubernetes
specified key (
tls.key) and cert (tls.crt) from the referencedcredential source, defaulting to a Kubernetes
Secret.An optional
server certificate. If
ca.cert field, if present, will be used to verify theserver certificate. If
caCertificateRefs is also specified, thecaCertificateRefs field takes priority.If unspecified, no client certificate will be used.
Validation
Max items1
List typeatomic
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.tls.mtlsCertificateRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.tls.mtlsCertificateRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.tls.mtlsCertificateRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.tls.sni
Server Name Indicator (
handshake. If unset, the
destination hostname.
SNI) to use in the TLShandshake. If unset, the
SNI is automatically set based on thedestination hostname.
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Min length1
Max length253
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.tls.verifySubjectAltNames
Subject Alternative Names (
to verify in the server certificate.
If not present, the destination hostname is automatically used.
SAN)to verify in the server certificate.
If not present, the destination hostname is automatically used.
Validation
Min items1
Max items16
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.tunnel
Settings for managing tunnel connections, with behavior like
HTTPS_PROXY, to the backend.spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.tunnel.backendRef
Proxy server to reach.
Supported types:
Supported types:
Service and Backend.Validation
Rule
Must have port for Service reference
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.tunnel.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.tunnel.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.tunnel.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.tunnel.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.policies.ai.promptGuard.request.bedrockGuardrails.policies.tunnel.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
spec.policies.ai.promptGuard.request.bedrockGuardrails.region
AWS region where the guardrail is deployed, for example
us-west-2).Validation
Min length1
Max length256
spec.policies.ai.promptGuard.request.bedrockGuardrails.version
Version of the Guardrail policy to use for the backend.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.request.googleModelArmor
Google Model Armor settings for prompt guarding.
spec.policies.ai.promptGuard.request.googleModelArmor.location
Google Cloud location, for example
Defaults to
us-central1.Defaults to
us-central1 if not specified.Validation
Defaultus-central1
Min length1
Max length256
spec.policies.ai.promptGuard.request.googleModelArmor.policies
Policies for communicating with Google Model Armor.
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth
Settings for managing authentication to the backend.
Validation
Rule
location may only be set for key or passthrough auth
Rule
exactly one of the fields in [key secretRef passthrough aws azure gcp] must be set
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.aws
Explicit AWS authentication method for the backend.
When omitted, default AWS SDK credential discovery is used.
When omitted, default AWS SDK credential discovery is used.
Validation
Rule
secretRef and assumeRole are mutually exclusive
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.aws.assumeRole
AWS STS AssumeRole settings to use before signing backend requests.
Ambient AWS credentials are used as the source credentials for STS.
Ambient AWS credentials are used as the source credentials for STS.
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.aws.assumeRole.roleArn
AWS IAM role ARN to assume.
Validation
Pattern^arn:aws[a-z-]*:iam::[0-9]{12}:role/.+$
Min length1
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.aws.secretRef
Credential source, defaulting to a Kubernetes
resolver, the
optionally
Secret, containing the AWS credentials. When using the default Secretresolver, the
Secret must have keys accessKey, secretKey, andoptionally
sessionToken.Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.aws.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.aws.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.aws.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.aws.serviceName
AWS SigV4 signing service name, for example
backends may provide this automatically.
bedrock, bedrock-agentcore, or execute-api). If unset, typed AWSbackends may provide this automatically.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.azure
Azure authentication method for the backend.
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.azure.managedIdentity
Managed identity authentication settings.
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.azure.managedIdentity.clientId
No description for this field.
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.azure.managedIdentity.objectId
No description for this field.
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.azure.managedIdentity.resourceId
No description for this field.
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.azure.secretRef
Credential source, defaulting to a Kubernetes
resolver, the
Secret, containing the Azure credentials. When using the default Secretresolver, the
Secret must have keys clientID, tenantID, andclientSecret.Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.azure.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.azure.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.azure.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.gcp
Google authentication method for the backend.
When omitted, default Google credential discovery is used.
When omitted, default Google credential discovery is used.
Validation
Rule
audience is only valid with IdToken
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.gcp.audience
Explicit
valid with
derived from the backend hostname.
aud value for the ID token. Onlyvalid with
IdToken type. If not set, the aud is automaticallyderived from the backend hostname.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.gcp.secretRef
Credential source, defaulting to a Kubernetes
the default Secret resolver, this must be stored in the
key. When omitted, ambient credentials are used.
Secret, containing ADC-compatible Google credential JSON. When usingthe default Secret resolver, this must be stored in the
credentials.jsonkey. When omitted, ambient credentials are used.
Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.gcp.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.gcp.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.gcp.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.gcp.type
The type of token to generate. To authenticate to GCP services,
generally an
generally an
AccessToken is used. To authenticate to Cloud Run, anIdToken is used.Validation
EnumAccessToken, IdToken
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.key
Inline key to use as the value of the
Authorization header. This option is the least secure; usage of aSecret is preferred.Validation
Max length2048
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.location
Where backend credentials are inserted.
If omitted, credentials are written to the
This applies to
If omitted, credentials are written to the
Authorization header with the Bearer prefix.This applies to
key, secretRef, and passthrough.Validation
Rule
exactly one of the fields in [header queryParameter cookie] must be set
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.location.cookie
No description for this field.
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.location.cookie.name
No description for this field.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.location.header
No description for this field.
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.location.header.name
HTTPHeaderName is the name of an HTTP header.
Valid values include:
* "Authorization"
* "Set-Cookie"
* "Set-Cookie"
Invalid values include:
- ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.location.header.prefix
No description for this field.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.location.queryParameter
No description for this field.
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.location.queryParameter.name
No description for this field.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.passthrough
Passes through an existing token that has been sent by the
client and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
client and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.secretRef
Credential source, defaulting to a Kubernetes
the default Secret resolver, this must be stored in the
key.
Secret, storing the key to use as the authorization value. When usingthe default Secret resolver, this must be stored in the
Authorizationkey.
Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.policies.ai.promptGuard.request.googleModelArmor.policies.auth.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.policies.ai.promptGuard.request.googleModelArmor.policies.http
Settings for managing HTTP requests to the backend.
spec.policies.ai.promptGuard.request.googleModelArmor.policies.http.requestTimeout
Deadline for receiving a response from the backend.
Validation
Rule
invalid duration value
Rule
requestTimeout must be at least 1ms
spec.policies.ai.promptGuard.request.googleModelArmor.policies.http.version
HTTP protocol version to use when connecting to
the backend.
If not specified, the version is automatically determined:
*
port.
* If traffic is identified as gRPC,
* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS,
because most clients will transparently upgrade HTTPS traffic to
the backend.
If not specified, the version is automatically determined:
*
Service types can specify it with appProtocol on the Serviceport.
* If traffic is identified as gRPC,
HTTP2 is used.* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS,
HTTP1 will be used. This isbecause most clients will transparently upgrade HTTPS traffic to
HTTP2, even if the backend doesn't support it.Validation
EnumHTTP1, HTTP2
spec.policies.ai.promptGuard.request.googleModelArmor.policies.tcp
Settings for managing TCP connections to the backend.
spec.policies.ai.promptGuard.request.googleModelArmor.policies.tcp.connectTimeout
Deadline for establishing a connection to
the destination.
the destination.
Validation
Rule
invalid duration value
Rule
connectTimeout must be at least 100ms
spec.policies.ai.promptGuard.request.googleModelArmor.policies.tcp.keepalive
Settings for enabling TCP keepalives on the
connection.
connection.
spec.policies.ai.promptGuard.request.googleModelArmor.policies.tcp.keepalive.interval
Time between keepalive probes.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
interval must be at least 1 second
spec.policies.ai.promptGuard.request.googleModelArmor.policies.tcp.keepalive.retries
Maximum number of keepalive probes to send before dropping the connection.
If unset, this defaults to 9.
If unset, this defaults to 9.
Validation
Formatint32
Minimum1
Maximum64
spec.policies.ai.promptGuard.request.googleModelArmor.policies.tcp.keepalive.time
Time a connection needs to be idle before keepalive probes start being sent.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
time must be at least 1 second
spec.policies.ai.promptGuard.request.googleModelArmor.policies.tls
Settings for managing TLS connections to the backend.
If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to
validate the server, and the SNI will automatically be set based on the destination.
validate the server, and the SNI will automatically be set based on the destination.
Validation
Rule
insecureSkipVerify All and caCertificateRefs may not be set together
Rule
insecureSkipVerify and verifySubjectAltNames may not be set together
Rule
at most one of the fields in [verifySubjectAltNames insecureSkipVerify] may be set
spec.policies.ai.promptGuard.request.googleModelArmor.policies.tls.alpnProtocols
Application-Layer Protocol Negotiation (
value to use in the TLS handshake.
ALPN)value to use in the TLS handshake.
If not present, defaults to
["h2", "http/1.1"].Validation
Min items1
Max items16
spec.policies.ai.promptGuard.request.googleModelArmor.policies.tls.caCertificateRefs
CA certificate
verify the server certificate.
If unset, the system's trusted certificates are used.
ConfigMap to use toverify the server certificate.
If unset, the system's trusted certificates are used.
Validation
Max items1
List typeatomic
spec.policies.ai.promptGuard.request.googleModelArmor.policies.tls.caCertificateRefs.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.policies.ai.promptGuard.request.googleModelArmor.policies.tls.insecureSkipVerify
Originates TLS but skips verification of the backend's certificate.
WARNING: This is an insecure option that should only be used if the risks are understood.
WARNING: This is an insecure option that should only be used if the risks are understood.
There are two modes:
*
*
mismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
if possible.
*
All disables all TLS verification.*
Hostname verifies the CA certificate is trusted, but ignores anymismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
verifySubjectAltNames to customize the valid hostnamesif possible.
Validation
EnumAll, Hostname
spec.policies.ai.promptGuard.request.googleModelArmor.policies.tls.keyExchangeGroups
Ordered list of key exchange groups for a TLS connection.
For example:
For example:
X25519_MLKEM768,X25519.spec.policies.ai.promptGuard.request.googleModelArmor.policies.tls.mtlsCertificateRef
Enables mutual TLS to the backend, using the
specified key (
credential source, defaulting to a Kubernetes
specified key (
tls.key) and cert (tls.crt) from the referencedcredential source, defaulting to a Kubernetes
Secret.An optional
server certificate. If
ca.cert field, if present, will be used to verify theserver certificate. If
caCertificateRefs is also specified, thecaCertificateRefs field takes priority.If unspecified, no client certificate will be used.
Validation
Max items1
List typeatomic
spec.policies.ai.promptGuard.request.googleModelArmor.policies.tls.mtlsCertificateRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.policies.ai.promptGuard.request.googleModelArmor.policies.tls.mtlsCertificateRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.policies.ai.promptGuard.request.googleModelArmor.policies.tls.mtlsCertificateRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.policies.ai.promptGuard.request.googleModelArmor.policies.tls.sni
Server Name Indicator (
handshake. If unset, the
destination hostname.
SNI) to use in the TLShandshake. If unset, the
SNI is automatically set based on thedestination hostname.
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Min length1
Max length253
spec.policies.ai.promptGuard.request.googleModelArmor.policies.tls.verifySubjectAltNames
Subject Alternative Names (
to verify in the server certificate.
If not present, the destination hostname is automatically used.
SAN)to verify in the server certificate.
If not present, the destination hostname is automatically used.
Validation
Min items1
Max items16
spec.policies.ai.promptGuard.request.googleModelArmor.policies.tunnel
Settings for managing tunnel connections, with behavior like
HTTPS_PROXY, to the backend.spec.policies.ai.promptGuard.request.googleModelArmor.policies.tunnel.backendRef
Proxy server to reach.
Supported types:
Supported types:
Service and Backend.Validation
Rule
Must have port for Service reference
spec.policies.ai.promptGuard.request.googleModelArmor.policies.tunnel.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.policies.ai.promptGuard.request.googleModelArmor.policies.tunnel.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.policies.ai.promptGuard.request.googleModelArmor.policies.tunnel.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
spec.policies.ai.promptGuard.request.googleModelArmor.policies.tunnel.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.policies.ai.promptGuard.request.googleModelArmor.policies.tunnel.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
spec.policies.ai.promptGuard.request.googleModelArmor.projectId
Google Cloud project ID.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.request.googleModelArmor.templateId
Template ID for Google Model Armor.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.request.openAIModeration
Passes prompt data through the OpenAI Moderations
endpoint.
See https://developers.openai.com/api/reference/resources/moderations for more information.
endpoint.
See https://developers.openai.com/api/reference/resources/moderations for more information.
spec.policies.ai.promptGuard.request.openAIModeration.model
Moderation model to use. For example,
omni-moderation.spec.policies.ai.promptGuard.request.openAIModeration.policies
Policies for communicating with OpenAI.
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth
Settings for managing authentication to the backend.
Validation
Rule
location may only be set for key or passthrough auth
Rule
exactly one of the fields in [key secretRef passthrough aws azure gcp] must be set
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.aws
Explicit AWS authentication method for the backend.
When omitted, default AWS SDK credential discovery is used.
When omitted, default AWS SDK credential discovery is used.
Validation
Rule
secretRef and assumeRole are mutually exclusive
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.aws.assumeRole
AWS STS AssumeRole settings to use before signing backend requests.
Ambient AWS credentials are used as the source credentials for STS.
Ambient AWS credentials are used as the source credentials for STS.
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.aws.assumeRole.roleArn
AWS IAM role ARN to assume.
Validation
Pattern^arn:aws[a-z-]*:iam::[0-9]{12}:role/.+$
Min length1
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.aws.secretRef
Credential source, defaulting to a Kubernetes
resolver, the
optionally
Secret, containing the AWS credentials. When using the default Secretresolver, the
Secret must have keys accessKey, secretKey, andoptionally
sessionToken.Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.aws.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.aws.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.aws.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.aws.serviceName
AWS SigV4 signing service name, for example
backends may provide this automatically.
bedrock, bedrock-agentcore, or execute-api). If unset, typed AWSbackends may provide this automatically.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.azure
Azure authentication method for the backend.
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.azure.managedIdentity
Managed identity authentication settings.
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.azure.managedIdentity.clientId
No description for this field.
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.azure.managedIdentity.objectId
No description for this field.
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.azure.managedIdentity.resourceId
No description for this field.
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.azure.secretRef
Credential source, defaulting to a Kubernetes
resolver, the
Secret, containing the Azure credentials. When using the default Secretresolver, the
Secret must have keys clientID, tenantID, andclientSecret.Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.azure.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.azure.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.azure.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.gcp
Google authentication method for the backend.
When omitted, default Google credential discovery is used.
When omitted, default Google credential discovery is used.
Validation
Rule
audience is only valid with IdToken
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.gcp.audience
Explicit
valid with
derived from the backend hostname.
aud value for the ID token. Onlyvalid with
IdToken type. If not set, the aud is automaticallyderived from the backend hostname.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.gcp.secretRef
Credential source, defaulting to a Kubernetes
the default Secret resolver, this must be stored in the
key. When omitted, ambient credentials are used.
Secret, containing ADC-compatible Google credential JSON. When usingthe default Secret resolver, this must be stored in the
credentials.jsonkey. When omitted, ambient credentials are used.
Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.gcp.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.gcp.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.gcp.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.gcp.type
The type of token to generate. To authenticate to GCP services,
generally an
generally an
AccessToken is used. To authenticate to Cloud Run, anIdToken is used.Validation
EnumAccessToken, IdToken
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.key
Inline key to use as the value of the
Authorization header. This option is the least secure; usage of aSecret is preferred.Validation
Max length2048
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.location
Where backend credentials are inserted.
If omitted, credentials are written to the
This applies to
If omitted, credentials are written to the
Authorization header with the Bearer prefix.This applies to
key, secretRef, and passthrough.Validation
Rule
exactly one of the fields in [header queryParameter cookie] must be set
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.location.cookie
No description for this field.
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.location.cookie.name
No description for this field.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.location.header
No description for this field.
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.location.header.name
HTTPHeaderName is the name of an HTTP header.
Valid values include:
* "Authorization"
* "Set-Cookie"
* "Set-Cookie"
Invalid values include:
- ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.location.header.prefix
No description for this field.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.location.queryParameter
No description for this field.
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.location.queryParameter.name
No description for this field.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.passthrough
Passes through an existing token that has been sent by the
client and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
client and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.secretRef
Credential source, defaulting to a Kubernetes
the default Secret resolver, this must be stored in the
key.
Secret, storing the key to use as the authorization value. When usingthe default Secret resolver, this must be stored in the
Authorizationkey.
Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.policies.ai.promptGuard.request.openAIModeration.policies.auth.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.policies.ai.promptGuard.request.openAIModeration.policies.http
Settings for managing HTTP requests to the backend.
spec.policies.ai.promptGuard.request.openAIModeration.policies.http.requestTimeout
Deadline for receiving a response from the backend.
Validation
Rule
invalid duration value
Rule
requestTimeout must be at least 1ms
spec.policies.ai.promptGuard.request.openAIModeration.policies.http.version
HTTP protocol version to use when connecting to
the backend.
If not specified, the version is automatically determined:
*
port.
* If traffic is identified as gRPC,
* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS,
because most clients will transparently upgrade HTTPS traffic to
the backend.
If not specified, the version is automatically determined:
*
Service types can specify it with appProtocol on the Serviceport.
* If traffic is identified as gRPC,
HTTP2 is used.* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS,
HTTP1 will be used. This isbecause most clients will transparently upgrade HTTPS traffic to
HTTP2, even if the backend doesn't support it.Validation
EnumHTTP1, HTTP2
spec.policies.ai.promptGuard.request.openAIModeration.policies.tcp
Settings for managing TCP connections to the backend.
spec.policies.ai.promptGuard.request.openAIModeration.policies.tcp.connectTimeout
Deadline for establishing a connection to
the destination.
the destination.
Validation
Rule
invalid duration value
Rule
connectTimeout must be at least 100ms
spec.policies.ai.promptGuard.request.openAIModeration.policies.tcp.keepalive
Settings for enabling TCP keepalives on the
connection.
connection.
spec.policies.ai.promptGuard.request.openAIModeration.policies.tcp.keepalive.interval
Time between keepalive probes.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
interval must be at least 1 second
spec.policies.ai.promptGuard.request.openAIModeration.policies.tcp.keepalive.retries
Maximum number of keepalive probes to send before dropping the connection.
If unset, this defaults to 9.
If unset, this defaults to 9.
Validation
Formatint32
Minimum1
Maximum64
spec.policies.ai.promptGuard.request.openAIModeration.policies.tcp.keepalive.time
Time a connection needs to be idle before keepalive probes start being sent.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
time must be at least 1 second
spec.policies.ai.promptGuard.request.openAIModeration.policies.tls
Settings for managing TLS connections to the backend.
If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to
validate the server, and the SNI will automatically be set based on the destination.
validate the server, and the SNI will automatically be set based on the destination.
Validation
Rule
insecureSkipVerify All and caCertificateRefs may not be set together
Rule
insecureSkipVerify and verifySubjectAltNames may not be set together
Rule
at most one of the fields in [verifySubjectAltNames insecureSkipVerify] may be set
spec.policies.ai.promptGuard.request.openAIModeration.policies.tls.alpnProtocols
Application-Layer Protocol Negotiation (
value to use in the TLS handshake.
ALPN)value to use in the TLS handshake.
If not present, defaults to
["h2", "http/1.1"].Validation
Min items1
Max items16
spec.policies.ai.promptGuard.request.openAIModeration.policies.tls.caCertificateRefs
CA certificate
verify the server certificate.
If unset, the system's trusted certificates are used.
ConfigMap to use toverify the server certificate.
If unset, the system's trusted certificates are used.
Validation
Max items1
List typeatomic
spec.policies.ai.promptGuard.request.openAIModeration.policies.tls.caCertificateRefs.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.policies.ai.promptGuard.request.openAIModeration.policies.tls.insecureSkipVerify
Originates TLS but skips verification of the backend's certificate.
WARNING: This is an insecure option that should only be used if the risks are understood.
WARNING: This is an insecure option that should only be used if the risks are understood.
There are two modes:
*
*
mismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
if possible.
*
All disables all TLS verification.*
Hostname verifies the CA certificate is trusted, but ignores anymismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
verifySubjectAltNames to customize the valid hostnamesif possible.
Validation
EnumAll, Hostname
spec.policies.ai.promptGuard.request.openAIModeration.policies.tls.keyExchangeGroups
Ordered list of key exchange groups for a TLS connection.
For example:
For example:
X25519_MLKEM768,X25519.spec.policies.ai.promptGuard.request.openAIModeration.policies.tls.mtlsCertificateRef
Enables mutual TLS to the backend, using the
specified key (
credential source, defaulting to a Kubernetes
specified key (
tls.key) and cert (tls.crt) from the referencedcredential source, defaulting to a Kubernetes
Secret.An optional
server certificate. If
ca.cert field, if present, will be used to verify theserver certificate. If
caCertificateRefs is also specified, thecaCertificateRefs field takes priority.If unspecified, no client certificate will be used.
Validation
Max items1
List typeatomic
spec.policies.ai.promptGuard.request.openAIModeration.policies.tls.mtlsCertificateRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.policies.ai.promptGuard.request.openAIModeration.policies.tls.mtlsCertificateRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.policies.ai.promptGuard.request.openAIModeration.policies.tls.mtlsCertificateRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.policies.ai.promptGuard.request.openAIModeration.policies.tls.sni
Server Name Indicator (
handshake. If unset, the
destination hostname.
SNI) to use in the TLShandshake. If unset, the
SNI is automatically set based on thedestination hostname.
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Min length1
Max length253
spec.policies.ai.promptGuard.request.openAIModeration.policies.tls.verifySubjectAltNames
Subject Alternative Names (
to verify in the server certificate.
If not present, the destination hostname is automatically used.
SAN)to verify in the server certificate.
If not present, the destination hostname is automatically used.
Validation
Min items1
Max items16
spec.policies.ai.promptGuard.request.openAIModeration.policies.tunnel
Settings for managing tunnel connections, with behavior like
HTTPS_PROXY, to the backend.spec.policies.ai.promptGuard.request.openAIModeration.policies.tunnel.backendRef
Proxy server to reach.
Supported types:
Supported types:
Service and Backend.Validation
Rule
Must have port for Service reference
spec.policies.ai.promptGuard.request.openAIModeration.policies.tunnel.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.policies.ai.promptGuard.request.openAIModeration.policies.tunnel.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.policies.ai.promptGuard.request.openAIModeration.policies.tunnel.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
spec.policies.ai.promptGuard.request.openAIModeration.policies.tunnel.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.policies.ai.promptGuard.request.openAIModeration.policies.tunnel.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
spec.policies.ai.promptGuard.request.regex
Regular expression (regex) matching for prompt guards and data masking.
spec.policies.ai.promptGuard.request.regex.action
The action to take if a regex pattern is matched in a request or response.
This setting applies only to request matches.
matches are always masked by default.
Defaults to
This setting applies only to request matches.
PromptguardResponsematches are always masked by default.
Defaults to
Mask.Validation
EnumMask, Reject
DefaultMask
spec.policies.ai.promptGuard.request.regex.builtins
Built-in regex patterns to match against the request or response.
Matches and built-ins are additive.
Matches and built-ins are additive.
spec.policies.ai.promptGuard.request.regex.matches
Regex patterns to match against the request or response.
Matches and built-ins are additive.
Matches and built-ins are additive.
spec.policies.ai.promptGuard.request.response
Custom response message to return to the client. If not specified, defaults to
The request was rejected due to inappropriate content.Validation
Rule
at least one of the fields in [message statusCode] must be set
spec.policies.ai.promptGuard.request.response.message
Custom response message to return to the client. If not specified, defaults to
The request was rejected due to inappropriate content.Validation
DefaultThe request was rejected due to inappropriate content
spec.policies.ai.promptGuard.request.response.statusCode
Status code to return to the client. Defaults to 403.
Validation
Default403
Formatint32
Minimum200
Maximum599
spec.policies.ai.promptGuard.request.webhook
Webhook that receives requests for prompt guarding.
spec.policies.ai.promptGuard.request.webhook.backendRef
Webhook server to reach.
Supported types: Service and Backend.
Validation
Rule
Must have port for Service reference
spec.policies.ai.promptGuard.request.webhook.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.policies.ai.promptGuard.request.webhook.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.policies.ai.promptGuard.request.webhook.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
spec.policies.ai.promptGuard.request.webhook.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.policies.ai.promptGuard.request.webhook.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
spec.policies.ai.promptGuard.request.webhook.failureMode
Behavior when the webhook guardrail is unavailable
or returns an error.
or returns an error.
FailOpen allows the request to continue.FailClosed (default) rejects the request.Validation
EnumFailClosed, FailOpen
spec.policies.ai.promptGuard.request.webhook.forwardHeaderMatches
HTTP header matches used to select the headers to forward to the webhook.
Request headers are used when forwarding requests and response headers
are used when forwarding responses.
By default, no headers are forwarded.
Request headers are used when forwarding requests and response headers
are used when forwarding responses.
By default, no headers are forwarded.
spec.policies.ai.promptGuard.request.webhook.forwardHeaderMatches.name
Name is the name of the HTTP Header to be matched. Name matching MUST be
case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
If multiple entries specify equivalent header names, only the first
entry with an equivalent name MUST be considered for a match. Subsequent
entries with an equivalent header name MUST be ignored. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered
equivalent.
entry with an equivalent name MUST be considered for a match. Subsequent
entries with an equivalent header name MUST be ignored. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered
equivalent.
When a header is repeated in an HTTP request, it is
implementation-specific behavior as to how this is represented.
Generally, proxies should follow the guidance from the RFC:
https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding
processing a repeated header, with special handling for "Set-Cookie".
implementation-specific behavior as to how this is represented.
Generally, proxies should follow the guidance from the RFC:
https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding
processing a repeated header, with special handling for "Set-Cookie".
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.policies.ai.promptGuard.request.webhook.forwardHeaderMatches.type
Type specifies how to match against the value of the header.
Support: Core (Exact)
Support: Implementation-specific (RegularExpression)
Since RegularExpression HeaderMatchType has implementation-specific
conformance, implementations can support POSIX, PCRE or any other dialects
of regular expressions. Please read the implementation's documentation to
determine the supported dialect.
conformance, implementations can support POSIX, PCRE or any other dialects
of regular expressions. Please read the implementation's documentation to
determine the supported dialect.
Validation
EnumExact, RegularExpression
DefaultExact
spec.policies.ai.promptGuard.request.webhook.forwardHeaderMatches.value
Value is the value of HTTP Header to be matched.
<gateway:experimental:description>
Must consist of printable US-ASCII characters, optionally separated
by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2
</gateway:experimental:description>
<gateway:experimental:description>
Must consist of printable US-ASCII characters, optionally separated
by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2
</gateway:experimental:description>
<gateway:experimental:validation:Pattern=
^[!-~]+([\t ]?[!-~]+)*$>Validation
Min length1
Max length4096
spec.policies.ai.promptGuard.response
Prompt guards to apply to responses returned by the LLM provider.
Validation
Min items1
Max items8
spec.policies.ai.promptGuard.response.bedrockGuardrails
AWS Bedrock Guardrails settings for prompt
guarding.
guarding.
spec.policies.ai.promptGuard.response.bedrockGuardrails.identifier
Identifier of the Guardrail policy to use for the backend.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies
Policies for communicating with AWS Bedrock Guardrails.
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth
Settings for managing authentication to the backend.
Validation
Rule
location may only be set for key or passthrough auth
Rule
exactly one of the fields in [key secretRef passthrough aws azure gcp] must be set
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.aws
Explicit AWS authentication method for the backend.
When omitted, default AWS SDK credential discovery is used.
When omitted, default AWS SDK credential discovery is used.
Validation
Rule
secretRef and assumeRole are mutually exclusive
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.aws.assumeRole
AWS STS AssumeRole settings to use before signing backend requests.
Ambient AWS credentials are used as the source credentials for STS.
Ambient AWS credentials are used as the source credentials for STS.
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.aws.assumeRole.roleArn
AWS IAM role ARN to assume.
Validation
Pattern^arn:aws[a-z-]*:iam::[0-9]{12}:role/.+$
Min length1
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.aws.secretRef
Credential source, defaulting to a Kubernetes
resolver, the
optionally
Secret, containing the AWS credentials. When using the default Secretresolver, the
Secret must have keys accessKey, secretKey, andoptionally
sessionToken.Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.aws.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.aws.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.aws.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.aws.serviceName
AWS SigV4 signing service name, for example
backends may provide this automatically.
bedrock, bedrock-agentcore, or execute-api). If unset, typed AWSbackends may provide this automatically.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.azure
Azure authentication method for the backend.
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.azure.managedIdentity
Managed identity authentication settings.
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.azure.managedIdentity.clientId
No description for this field.
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.azure.managedIdentity.objectId
No description for this field.
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.azure.managedIdentity.resourceId
No description for this field.
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.azure.secretRef
Credential source, defaulting to a Kubernetes
resolver, the
Secret, containing the Azure credentials. When using the default Secretresolver, the
Secret must have keys clientID, tenantID, andclientSecret.Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.azure.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.azure.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.azure.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.gcp
Google authentication method for the backend.
When omitted, default Google credential discovery is used.
When omitted, default Google credential discovery is used.
Validation
Rule
audience is only valid with IdToken
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.gcp.audience
Explicit
valid with
derived from the backend hostname.
aud value for the ID token. Onlyvalid with
IdToken type. If not set, the aud is automaticallyderived from the backend hostname.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.gcp.secretRef
Credential source, defaulting to a Kubernetes
the default Secret resolver, this must be stored in the
key. When omitted, ambient credentials are used.
Secret, containing ADC-compatible Google credential JSON. When usingthe default Secret resolver, this must be stored in the
credentials.jsonkey. When omitted, ambient credentials are used.
Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.gcp.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.gcp.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.gcp.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.gcp.type
The type of token to generate. To authenticate to GCP services,
generally an
generally an
AccessToken is used. To authenticate to Cloud Run, anIdToken is used.Validation
EnumAccessToken, IdToken
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.key
Inline key to use as the value of the
Authorization header. This option is the least secure; usage of aSecret is preferred.Validation
Max length2048
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.location
Where backend credentials are inserted.
If omitted, credentials are written to the
This applies to
If omitted, credentials are written to the
Authorization header with the Bearer prefix.This applies to
key, secretRef, and passthrough.Validation
Rule
exactly one of the fields in [header queryParameter cookie] must be set
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.location.cookie
No description for this field.
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.location.cookie.name
No description for this field.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.location.header
No description for this field.
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.location.header.name
HTTPHeaderName is the name of an HTTP header.
Valid values include:
* "Authorization"
* "Set-Cookie"
* "Set-Cookie"
Invalid values include:
- ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.location.header.prefix
No description for this field.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.location.queryParameter
No description for this field.
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.location.queryParameter.name
No description for this field.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.passthrough
Passes through an existing token that has been sent by the
client and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
client and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.secretRef
Credential source, defaulting to a Kubernetes
the default Secret resolver, this must be stored in the
key.
Secret, storing the key to use as the authorization value. When usingthe default Secret resolver, this must be stored in the
Authorizationkey.
Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.auth.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.http
Settings for managing HTTP requests to the backend.
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.http.requestTimeout
Deadline for receiving a response from the backend.
Validation
Rule
invalid duration value
Rule
requestTimeout must be at least 1ms
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.http.version
HTTP protocol version to use when connecting to
the backend.
If not specified, the version is automatically determined:
*
port.
* If traffic is identified as gRPC,
* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS,
because most clients will transparently upgrade HTTPS traffic to
the backend.
If not specified, the version is automatically determined:
*
Service types can specify it with appProtocol on the Serviceport.
* If traffic is identified as gRPC,
HTTP2 is used.* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS,
HTTP1 will be used. This isbecause most clients will transparently upgrade HTTPS traffic to
HTTP2, even if the backend doesn't support it.Validation
EnumHTTP1, HTTP2
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.tcp
Settings for managing TCP connections to the backend.
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.tcp.connectTimeout
Deadline for establishing a connection to
the destination.
the destination.
Validation
Rule
invalid duration value
Rule
connectTimeout must be at least 100ms
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.tcp.keepalive
Settings for enabling TCP keepalives on the
connection.
connection.
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.tcp.keepalive.interval
Time between keepalive probes.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
interval must be at least 1 second
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.tcp.keepalive.retries
Maximum number of keepalive probes to send before dropping the connection.
If unset, this defaults to 9.
If unset, this defaults to 9.
Validation
Formatint32
Minimum1
Maximum64
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.tcp.keepalive.time
Time a connection needs to be idle before keepalive probes start being sent.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
time must be at least 1 second
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.tls
Settings for managing TLS connections to the backend.
If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to
validate the server, and the SNI will automatically be set based on the destination.
validate the server, and the SNI will automatically be set based on the destination.
Validation
Rule
insecureSkipVerify All and caCertificateRefs may not be set together
Rule
insecureSkipVerify and verifySubjectAltNames may not be set together
Rule
at most one of the fields in [verifySubjectAltNames insecureSkipVerify] may be set
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.tls.alpnProtocols
Application-Layer Protocol Negotiation (
value to use in the TLS handshake.
ALPN)value to use in the TLS handshake.
If not present, defaults to
["h2", "http/1.1"].Validation
Min items1
Max items16
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.tls.caCertificateRefs
CA certificate
verify the server certificate.
If unset, the system's trusted certificates are used.
ConfigMap to use toverify the server certificate.
If unset, the system's trusted certificates are used.
Validation
Max items1
List typeatomic
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.tls.caCertificateRefs.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.tls.insecureSkipVerify
Originates TLS but skips verification of the backend's certificate.
WARNING: This is an insecure option that should only be used if the risks are understood.
WARNING: This is an insecure option that should only be used if the risks are understood.
There are two modes:
*
*
mismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
if possible.
*
All disables all TLS verification.*
Hostname verifies the CA certificate is trusted, but ignores anymismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
verifySubjectAltNames to customize the valid hostnamesif possible.
Validation
EnumAll, Hostname
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.tls.keyExchangeGroups
Ordered list of key exchange groups for a TLS connection.
For example:
For example:
X25519_MLKEM768,X25519.spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.tls.mtlsCertificateRef
Enables mutual TLS to the backend, using the
specified key (
credential source, defaulting to a Kubernetes
specified key (
tls.key) and cert (tls.crt) from the referencedcredential source, defaulting to a Kubernetes
Secret.An optional
server certificate. If
ca.cert field, if present, will be used to verify theserver certificate. If
caCertificateRefs is also specified, thecaCertificateRefs field takes priority.If unspecified, no client certificate will be used.
Validation
Max items1
List typeatomic
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.tls.mtlsCertificateRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.tls.mtlsCertificateRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.tls.mtlsCertificateRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.tls.sni
Server Name Indicator (
handshake. If unset, the
destination hostname.
SNI) to use in the TLShandshake. If unset, the
SNI is automatically set based on thedestination hostname.
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Min length1
Max length253
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.tls.verifySubjectAltNames
Subject Alternative Names (
to verify in the server certificate.
If not present, the destination hostname is automatically used.
SAN)to verify in the server certificate.
If not present, the destination hostname is automatically used.
Validation
Min items1
Max items16
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.tunnel
Settings for managing tunnel connections, with behavior like
HTTPS_PROXY, to the backend.spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.tunnel.backendRef
Proxy server to reach.
Supported types:
Supported types:
Service and Backend.Validation
Rule
Must have port for Service reference
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.tunnel.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.tunnel.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.tunnel.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.tunnel.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.policies.ai.promptGuard.response.bedrockGuardrails.policies.tunnel.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
spec.policies.ai.promptGuard.response.bedrockGuardrails.region
AWS region where the guardrail is deployed, for example
us-west-2).Validation
Min length1
Max length256
spec.policies.ai.promptGuard.response.bedrockGuardrails.version
Version of the Guardrail policy to use for the backend.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.response.googleModelArmor
Google Model Armor settings for prompt guarding.
spec.policies.ai.promptGuard.response.googleModelArmor.location
Google Cloud location, for example
Defaults to
us-central1.Defaults to
us-central1 if not specified.Validation
Defaultus-central1
Min length1
Max length256
spec.policies.ai.promptGuard.response.googleModelArmor.policies
Policies for communicating with Google Model Armor.
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth
Settings for managing authentication to the backend.
Validation
Rule
location may only be set for key or passthrough auth
Rule
exactly one of the fields in [key secretRef passthrough aws azure gcp] must be set
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.aws
Explicit AWS authentication method for the backend.
When omitted, default AWS SDK credential discovery is used.
When omitted, default AWS SDK credential discovery is used.
Validation
Rule
secretRef and assumeRole are mutually exclusive
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.aws.assumeRole
AWS STS AssumeRole settings to use before signing backend requests.
Ambient AWS credentials are used as the source credentials for STS.
Ambient AWS credentials are used as the source credentials for STS.
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.aws.assumeRole.roleArn
AWS IAM role ARN to assume.
Validation
Pattern^arn:aws[a-z-]*:iam::[0-9]{12}:role/.+$
Min length1
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.aws.secretRef
Credential source, defaulting to a Kubernetes
resolver, the
optionally
Secret, containing the AWS credentials. When using the default Secretresolver, the
Secret must have keys accessKey, secretKey, andoptionally
sessionToken.Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.aws.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.aws.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.aws.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.aws.serviceName
AWS SigV4 signing service name, for example
backends may provide this automatically.
bedrock, bedrock-agentcore, or execute-api). If unset, typed AWSbackends may provide this automatically.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.azure
Azure authentication method for the backend.
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.azure.managedIdentity
Managed identity authentication settings.
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.azure.managedIdentity.clientId
No description for this field.
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.azure.managedIdentity.objectId
No description for this field.
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.azure.managedIdentity.resourceId
No description for this field.
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.azure.secretRef
Credential source, defaulting to a Kubernetes
resolver, the
Secret, containing the Azure credentials. When using the default Secretresolver, the
Secret must have keys clientID, tenantID, andclientSecret.Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.azure.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.azure.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.azure.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.gcp
Google authentication method for the backend.
When omitted, default Google credential discovery is used.
When omitted, default Google credential discovery is used.
Validation
Rule
audience is only valid with IdToken
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.gcp.audience
Explicit
valid with
derived from the backend hostname.
aud value for the ID token. Onlyvalid with
IdToken type. If not set, the aud is automaticallyderived from the backend hostname.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.gcp.secretRef
Credential source, defaulting to a Kubernetes
the default Secret resolver, this must be stored in the
key. When omitted, ambient credentials are used.
Secret, containing ADC-compatible Google credential JSON. When usingthe default Secret resolver, this must be stored in the
credentials.jsonkey. When omitted, ambient credentials are used.
Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.gcp.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.gcp.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.gcp.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.gcp.type
The type of token to generate. To authenticate to GCP services,
generally an
generally an
AccessToken is used. To authenticate to Cloud Run, anIdToken is used.Validation
EnumAccessToken, IdToken
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.key
Inline key to use as the value of the
Authorization header. This option is the least secure; usage of aSecret is preferred.Validation
Max length2048
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.location
Where backend credentials are inserted.
If omitted, credentials are written to the
This applies to
If omitted, credentials are written to the
Authorization header with the Bearer prefix.This applies to
key, secretRef, and passthrough.Validation
Rule
exactly one of the fields in [header queryParameter cookie] must be set
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.location.cookie
No description for this field.
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.location.cookie.name
No description for this field.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.location.header
No description for this field.
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.location.header.name
HTTPHeaderName is the name of an HTTP header.
Valid values include:
* "Authorization"
* "Set-Cookie"
* "Set-Cookie"
Invalid values include:
- ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.location.header.prefix
No description for this field.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.location.queryParameter
No description for this field.
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.location.queryParameter.name
No description for this field.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.passthrough
Passes through an existing token that has been sent by the
client and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
client and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.secretRef
Credential source, defaulting to a Kubernetes
the default Secret resolver, this must be stored in the
key.
Secret, storing the key to use as the authorization value. When usingthe default Secret resolver, this must be stored in the
Authorizationkey.
Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.policies.ai.promptGuard.response.googleModelArmor.policies.auth.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.policies.ai.promptGuard.response.googleModelArmor.policies.http
Settings for managing HTTP requests to the backend.
spec.policies.ai.promptGuard.response.googleModelArmor.policies.http.requestTimeout
Deadline for receiving a response from the backend.
Validation
Rule
invalid duration value
Rule
requestTimeout must be at least 1ms
spec.policies.ai.promptGuard.response.googleModelArmor.policies.http.version
HTTP protocol version to use when connecting to
the backend.
If not specified, the version is automatically determined:
*
port.
* If traffic is identified as gRPC,
* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS,
because most clients will transparently upgrade HTTPS traffic to
the backend.
If not specified, the version is automatically determined:
*
Service types can specify it with appProtocol on the Serviceport.
* If traffic is identified as gRPC,
HTTP2 is used.* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS,
HTTP1 will be used. This isbecause most clients will transparently upgrade HTTPS traffic to
HTTP2, even if the backend doesn't support it.Validation
EnumHTTP1, HTTP2
spec.policies.ai.promptGuard.response.googleModelArmor.policies.tcp
Settings for managing TCP connections to the backend.
spec.policies.ai.promptGuard.response.googleModelArmor.policies.tcp.connectTimeout
Deadline for establishing a connection to
the destination.
the destination.
Validation
Rule
invalid duration value
Rule
connectTimeout must be at least 100ms
spec.policies.ai.promptGuard.response.googleModelArmor.policies.tcp.keepalive
Settings for enabling TCP keepalives on the
connection.
connection.
spec.policies.ai.promptGuard.response.googleModelArmor.policies.tcp.keepalive.interval
Time between keepalive probes.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
interval must be at least 1 second
spec.policies.ai.promptGuard.response.googleModelArmor.policies.tcp.keepalive.retries
Maximum number of keepalive probes to send before dropping the connection.
If unset, this defaults to 9.
If unset, this defaults to 9.
Validation
Formatint32
Minimum1
Maximum64
spec.policies.ai.promptGuard.response.googleModelArmor.policies.tcp.keepalive.time
Time a connection needs to be idle before keepalive probes start being sent.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
time must be at least 1 second
spec.policies.ai.promptGuard.response.googleModelArmor.policies.tls
Settings for managing TLS connections to the backend.
If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to
validate the server, and the SNI will automatically be set based on the destination.
validate the server, and the SNI will automatically be set based on the destination.
Validation
Rule
insecureSkipVerify All and caCertificateRefs may not be set together
Rule
insecureSkipVerify and verifySubjectAltNames may not be set together
Rule
at most one of the fields in [verifySubjectAltNames insecureSkipVerify] may be set
spec.policies.ai.promptGuard.response.googleModelArmor.policies.tls.alpnProtocols
Application-Layer Protocol Negotiation (
value to use in the TLS handshake.
ALPN)value to use in the TLS handshake.
If not present, defaults to
["h2", "http/1.1"].Validation
Min items1
Max items16
spec.policies.ai.promptGuard.response.googleModelArmor.policies.tls.caCertificateRefs
CA certificate
verify the server certificate.
If unset, the system's trusted certificates are used.
ConfigMap to use toverify the server certificate.
If unset, the system's trusted certificates are used.
Validation
Max items1
List typeatomic
spec.policies.ai.promptGuard.response.googleModelArmor.policies.tls.caCertificateRefs.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.policies.ai.promptGuard.response.googleModelArmor.policies.tls.insecureSkipVerify
Originates TLS but skips verification of the backend's certificate.
WARNING: This is an insecure option that should only be used if the risks are understood.
WARNING: This is an insecure option that should only be used if the risks are understood.
There are two modes:
*
*
mismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
if possible.
*
All disables all TLS verification.*
Hostname verifies the CA certificate is trusted, but ignores anymismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
verifySubjectAltNames to customize the valid hostnamesif possible.
Validation
EnumAll, Hostname
spec.policies.ai.promptGuard.response.googleModelArmor.policies.tls.keyExchangeGroups
Ordered list of key exchange groups for a TLS connection.
For example:
For example:
X25519_MLKEM768,X25519.spec.policies.ai.promptGuard.response.googleModelArmor.policies.tls.mtlsCertificateRef
Enables mutual TLS to the backend, using the
specified key (
credential source, defaulting to a Kubernetes
specified key (
tls.key) and cert (tls.crt) from the referencedcredential source, defaulting to a Kubernetes
Secret.An optional
server certificate. If
ca.cert field, if present, will be used to verify theserver certificate. If
caCertificateRefs is also specified, thecaCertificateRefs field takes priority.If unspecified, no client certificate will be used.
Validation
Max items1
List typeatomic
spec.policies.ai.promptGuard.response.googleModelArmor.policies.tls.mtlsCertificateRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.policies.ai.promptGuard.response.googleModelArmor.policies.tls.mtlsCertificateRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.policies.ai.promptGuard.response.googleModelArmor.policies.tls.mtlsCertificateRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.policies.ai.promptGuard.response.googleModelArmor.policies.tls.sni
Server Name Indicator (
handshake. If unset, the
destination hostname.
SNI) to use in the TLShandshake. If unset, the
SNI is automatically set based on thedestination hostname.
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Min length1
Max length253
spec.policies.ai.promptGuard.response.googleModelArmor.policies.tls.verifySubjectAltNames
Subject Alternative Names (
to verify in the server certificate.
If not present, the destination hostname is automatically used.
SAN)to verify in the server certificate.
If not present, the destination hostname is automatically used.
Validation
Min items1
Max items16
spec.policies.ai.promptGuard.response.googleModelArmor.policies.tunnel
Settings for managing tunnel connections, with behavior like
HTTPS_PROXY, to the backend.spec.policies.ai.promptGuard.response.googleModelArmor.policies.tunnel.backendRef
Proxy server to reach.
Supported types:
Supported types:
Service and Backend.Validation
Rule
Must have port for Service reference
spec.policies.ai.promptGuard.response.googleModelArmor.policies.tunnel.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.policies.ai.promptGuard.response.googleModelArmor.policies.tunnel.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.policies.ai.promptGuard.response.googleModelArmor.policies.tunnel.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
spec.policies.ai.promptGuard.response.googleModelArmor.policies.tunnel.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.policies.ai.promptGuard.response.googleModelArmor.policies.tunnel.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
spec.policies.ai.promptGuard.response.googleModelArmor.projectId
Google Cloud project ID.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.response.googleModelArmor.templateId
Template ID for Google Model Armor.
Validation
Min length1
Max length256
spec.policies.ai.promptGuard.response.regex
Regular expression (regex) matching for prompt guards and data masking.
spec.policies.ai.promptGuard.response.regex.action
The action to take if a regex pattern is matched in a request or response.
This setting applies only to request matches.
matches are always masked by default.
Defaults to
This setting applies only to request matches.
PromptguardResponsematches are always masked by default.
Defaults to
Mask.Validation
EnumMask, Reject
DefaultMask
spec.policies.ai.promptGuard.response.regex.builtins
Built-in regex patterns to match against the request or response.
Matches and built-ins are additive.
Matches and built-ins are additive.
spec.policies.ai.promptGuard.response.regex.matches
Regex patterns to match against the request or response.
Matches and built-ins are additive.
Matches and built-ins are additive.
spec.policies.ai.promptGuard.response.response
Custom response message to return to the client. If not specified, defaults to
The response was rejected due to inappropriate content.Validation
Rule
at least one of the fields in [message statusCode] must be set
spec.policies.ai.promptGuard.response.response.message
Custom response message to return to the client. If not specified, defaults to
The request was rejected due to inappropriate content.Validation
DefaultThe request was rejected due to inappropriate content
spec.policies.ai.promptGuard.response.response.statusCode
Status code to return to the client. Defaults to 403.
Validation
Default403
Formatint32
Minimum200
Maximum599
spec.policies.ai.promptGuard.response.webhook
Webhook that receives responses for prompt guarding.
spec.policies.ai.promptGuard.response.webhook.backendRef
Webhook server to reach.
Supported types: Service and Backend.
Validation
Rule
Must have port for Service reference
spec.policies.ai.promptGuard.response.webhook.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.policies.ai.promptGuard.response.webhook.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.policies.ai.promptGuard.response.webhook.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
spec.policies.ai.promptGuard.response.webhook.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.policies.ai.promptGuard.response.webhook.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
spec.policies.ai.promptGuard.response.webhook.failureMode
Behavior when the webhook guardrail is unavailable
or returns an error.
or returns an error.
FailOpen allows the request to continue.FailClosed (default) rejects the request.Validation
EnumFailClosed, FailOpen
spec.policies.ai.promptGuard.response.webhook.forwardHeaderMatches
HTTP header matches used to select the headers to forward to the webhook.
Request headers are used when forwarding requests and response headers
are used when forwarding responses.
By default, no headers are forwarded.
Request headers are used when forwarding requests and response headers
are used when forwarding responses.
By default, no headers are forwarded.
spec.policies.ai.promptGuard.response.webhook.forwardHeaderMatches.name
Name is the name of the HTTP Header to be matched. Name matching MUST be
case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
If multiple entries specify equivalent header names, only the first
entry with an equivalent name MUST be considered for a match. Subsequent
entries with an equivalent header name MUST be ignored. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered
equivalent.
entry with an equivalent name MUST be considered for a match. Subsequent
entries with an equivalent header name MUST be ignored. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered
equivalent.
When a header is repeated in an HTTP request, it is
implementation-specific behavior as to how this is represented.
Generally, proxies should follow the guidance from the RFC:
https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding
processing a repeated header, with special handling for "Set-Cookie".
implementation-specific behavior as to how this is represented.
Generally, proxies should follow the guidance from the RFC:
https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding
processing a repeated header, with special handling for "Set-Cookie".
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.policies.ai.promptGuard.response.webhook.forwardHeaderMatches.type
Type specifies how to match against the value of the header.
Support: Core (Exact)
Support: Implementation-specific (RegularExpression)
Since RegularExpression HeaderMatchType has implementation-specific
conformance, implementations can support POSIX, PCRE or any other dialects
of regular expressions. Please read the implementation's documentation to
determine the supported dialect.
conformance, implementations can support POSIX, PCRE or any other dialects
of regular expressions. Please read the implementation's documentation to
determine the supported dialect.
Validation
EnumExact, RegularExpression
DefaultExact
spec.policies.ai.promptGuard.response.webhook.forwardHeaderMatches.value
Value is the value of HTTP Header to be matched.
<gateway:experimental:description>
Must consist of printable US-ASCII characters, optionally separated
by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2
</gateway:experimental:description>
<gateway:experimental:description>
Must consist of printable US-ASCII characters, optionally separated
by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2
</gateway:experimental:description>
<gateway:experimental:validation:Pattern=
^[!-~]+([\t ]?[!-~]+)*$>Validation
Min length1
Max length4096
spec.policies.ai.routes
Rules for identifying the type of traffic to handle.
The keys are URL path suffixes matched using ends-with comparison, for
example
The special
If not specified, all traffic defaults to
The keys are URL path suffixes matched using ends-with comparison, for
example
"/v1/chat/completions".The special
* wildcard matches any path.If not specified, all traffic defaults to
completions type.Documentation References (2)
spec.policies.ai.transformations
CEL transformations to compute and set fields in the request body.
The expression result overwrites any existing value for that field.
This has a higher priority than
key.
The expression result overwrites any existing value for that field.
This has a higher priority than
overrides if both are set for the samekey.
Validation
Min items1
Max items64
spec.policies.ai.transformations.expression
CEL expression used to compute the field value.
Validation
Min length1
Max length16384
spec.policies.ai.transformations.field
Name of the field to set.
Validation
Max length256
spec.policies.auth
Settings for managing authentication to the backend.
Validation
Rule
location may only be set for key or passthrough auth
Rule
exactly one of the fields in [key secretRef passthrough aws azure gcp] must be set
spec.policies.auth.aws
Explicit AWS authentication method for the backend.
When omitted, default AWS SDK credential discovery is used.
When omitted, default AWS SDK credential discovery is used.
Validation
Rule
secretRef and assumeRole are mutually exclusive
Documentation References (2)
spec.policies.auth.aws.assumeRole
AWS STS AssumeRole settings to use before signing backend requests.
Ambient AWS credentials are used as the source credentials for STS.
Ambient AWS credentials are used as the source credentials for STS.
spec.policies.auth.aws.assumeRole.roleArn
AWS IAM role ARN to assume.
Validation
Pattern^arn:aws[a-z-]*:iam::[0-9]{12}:role/.+$
Min length1
spec.policies.auth.aws.secretRef
Credential source, defaulting to a Kubernetes
resolver, the
optionally
Secret, containing the AWS credentials. When using the default Secretresolver, the
Secret must have keys accessKey, secretKey, andoptionally
sessionToken.Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
Documentation References (2)
spec.policies.auth.aws.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.policies.auth.aws.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.policies.auth.aws.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
Documentation References (2)
spec.policies.auth.aws.serviceName
AWS SigV4 signing service name, for example
backends may provide this automatically.
bedrock, bedrock-agentcore, or execute-api). If unset, typed AWSbackends may provide this automatically.
Validation
Min length1
Max length256
Documentation References (1)
spec.policies.auth.azure
Azure authentication method for the backend.
spec.policies.auth.azure.managedIdentity
Managed identity authentication settings.
spec.policies.auth.azure.managedIdentity.clientId
No description for this field.
spec.policies.auth.azure.managedIdentity.objectId
No description for this field.
spec.policies.auth.azure.managedIdentity.resourceId
No description for this field.
spec.policies.auth.azure.secretRef
Credential source, defaulting to a Kubernetes
resolver, the
Secret, containing the Azure credentials. When using the default Secretresolver, the
Secret must have keys clientID, tenantID, andclientSecret.Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.policies.auth.azure.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.policies.auth.azure.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.policies.auth.azure.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.policies.auth.gcp
Google authentication method for the backend.
When omitted, default Google credential discovery is used.
When omitted, default Google credential discovery is used.
Validation
Rule
audience is only valid with IdToken
spec.policies.auth.gcp.audience
Explicit
valid with
derived from the backend hostname.
aud value for the ID token. Onlyvalid with
IdToken type. If not set, the aud is automaticallyderived from the backend hostname.
Validation
Min length1
Max length256
spec.policies.auth.gcp.secretRef
Credential source, defaulting to a Kubernetes
the default Secret resolver, this must be stored in the
key. When omitted, ambient credentials are used.
Secret, containing ADC-compatible Google credential JSON. When usingthe default Secret resolver, this must be stored in the
credentials.jsonkey. When omitted, ambient credentials are used.
Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.policies.auth.gcp.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.policies.auth.gcp.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.policies.auth.gcp.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.policies.auth.gcp.type
The type of token to generate. To authenticate to GCP services,
generally an
generally an
AccessToken is used. To authenticate to Cloud Run, anIdToken is used.Validation
EnumAccessToken, IdToken
spec.policies.auth.key
Inline key to use as the value of the
Authorization header. This option is the least secure; usage of aSecret is preferred.Validation
Max length2048
Documentation References (1)
spec.policies.auth.location
Where backend credentials are inserted.
If omitted, credentials are written to the
This applies to
If omitted, credentials are written to the
Authorization header with the Bearer prefix.This applies to
key, secretRef, and passthrough.Validation
Rule
exactly one of the fields in [header queryParameter cookie] must be set
spec.policies.auth.location.cookie
No description for this field.
spec.policies.auth.location.cookie.name
No description for this field.
Validation
Min length1
Max length256
spec.policies.auth.location.header
No description for this field.
spec.policies.auth.location.header.name
HTTPHeaderName is the name of an HTTP header.
Valid values include:
* "Authorization"
* "Set-Cookie"
* "Set-Cookie"
Invalid values include:
- ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.policies.auth.location.header.prefix
No description for this field.
Validation
Min length1
Max length256
spec.policies.auth.location.queryParameter
No description for this field.
spec.policies.auth.location.queryParameter.name
No description for this field.
Validation
Min length1
Max length256
spec.policies.auth.passthrough
Passes through an existing token that has been sent by the
client and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
client and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
Documentation References (1)
spec.policies.auth.secretRef
Credential source, defaulting to a Kubernetes
the default Secret resolver, this must be stored in the
key.
Secret, storing the key to use as the authorization value. When usingthe default Secret resolver, this must be stored in the
Authorizationkey.
Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.policies.auth.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.policies.auth.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.policies.auth.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.policies.extAuth
External authentication configuration for requests
sent to this backend.
sent to this backend.
Validation
Rule
cache requires grpc
spec.policies.extAuth.backendRef
External Authorization server to reach.
Supported types:
Service and Backend.Validation
Rule
Must have port for Service reference
spec.policies.extAuth.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.policies.extAuth.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.policies.extAuth.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
spec.policies.extAuth.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.policies.extAuth.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
spec.policies.extAuth.cache
Caches gRPC authorization results.
WARNING: the safety of this feature depends on the cache key accurately
capturing every request property that the authorization service uses to
make a decision. For example, if the service returns different results
based on both path and authorization header, both must be included in
authorization result.
capturing every request property that the authorization service uses to
make a decision. For example, if the service returns different results
based on both path and authorization header, both must be included in
key; otherwise, one request may incorrectly reuse another request'sauthorization result.
If any key expression fails to evaluate or produces an unsupported value,
the request is still sent to the authorization service, but its result is
not read from or written to the cache.
the request is still sent to the authorization service, but its result is
not read from or written to the cache.
spec.policies.extAuth.cache.key
Ordered list of CEL expressions evaluated against the request
to construct the cache key.
to construct the cache key.
Validation
Min items1
Max items16
spec.policies.extAuth.cache.maxEntries
Maximum number of authorization results to keep in
the cache. If unset, this defaults to 10000.
the cache. If unset, this defaults to 10000.
Validation
Formatint32
Minimum1
spec.policies.extAuth.cache.ttl
Duration string, such as
returns the duration that cached authorization results may be reused, or a
timestamp when the cached authorization result expires. The expression is
evaluated after the authorization response has been applied to the request.
5m, or a CEL expression thatreturns the duration that cached authorization results may be reused, or a
timestamp when the cached authorization result expires. The expression is
evaluated after the authorization response has been applied to the request.
Validation
Min length1
Max length16384
spec.policies.extAuth.failureMode
Behavior when the external authorization service is
unavailable or returns an error. "FailOpen" allows the request to continue.
"FailClosed" (default) denies the request.
unavailable or returns an error. "FailOpen" allows the request to continue.
"FailClosed" (default) denies the request.
Validation
EnumFailClosed, FailOpen
spec.policies.extAuth.forwardBody
Whether to include the HTTP body in the authorization request.
If enabled, the request body will be buffered.
If enabled, the request body will be buffered.
spec.policies.extAuth.forwardBody.maxSize
Largest body, in bytes, that will be buffered
and sent to the authorization server. If the body size is larger than
and sent to the authorization server. If the body size is larger than
maxSize, then the request will be rejected with a response.Validation
Pattern^[+-]?([0-9]+(\.[0-9]*)?|\.[0-9]+)(([KMGTPE]i)|[numkMGTPE]|[eE](\+?0*([0-9]|1[0-8])|-0*[0-9]))?$
Min length1
Max length32
Int or stringtrue
Rule
value must be at least 1 byte and fit within uint32
spec.policies.extAuth.grpc
Uses the gRPC External Authorization
[protocol](https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/auth/v3/external_auth.proto) should be used.
[protocol](https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/auth/v3/external_auth.proto) should be used.
spec.policies.extAuth.grpc.contextExtensions
Additional arbitrary key-value pairs to
send to the authorization server in the
send to the authorization server in the
context_extensions field.Validation
Max properties64
spec.policies.extAuth.grpc.requestMetadata
Metadata to send to the authorization
server. This maps to the
request, and allows dynamic CEL expressions. If unset, by default the
well, for compatibility.
server. This maps to the
metadata_context.filter_metadata field of therequest, and allows dynamic CEL expressions. If unset, by default the
envoy.filters.http.jwt_authn key is set if the JWT policy is used aswell, for compatibility.
Validation
Max properties64
spec.policies.extAuth.http
Uses HTTP to connect to
the authorization server. The authorization server must return a
status code, otherwise the request is considered an authorization
failure.
the authorization server. The authorization server must return a
200status code, otherwise the request is considered an authorization
failure.
spec.policies.extAuth.http.addRequestHeaders
Additional headers to add to the
request to the authorization server. While
passes the original headers through,
custom headers based on CEL expressions.
request to the authorization server. While
allowedRequestHeaders justpasses the original headers through,
addRequestHeaders allows definingcustom headers based on CEL expressions.
Validation
Max properties64
spec.policies.extAuth.http.allowedRequestHeaders
Additional headers from the client request that
will be sent to the authorization server.
will be sent to the authorization server.
If unset, the following headers are sent by default:
Authorization.Validation
Max items64
spec.policies.extAuth.http.allowedResponseHeaders
Headers from the authorization response that
will be copied into the request to the backend.
will be copied into the request to the backend.
Validation
Max items64
spec.policies.extAuth.http.path
Path to send to the authorization server. If
unset, this defaults to the original request path.
This is a CEL expression, which allows customizing the path based on the
incoming request. For example, to add a prefix, use
unset, this defaults to the original request path.
This is a CEL expression, which allows customizing the path based on the
incoming request. For example, to add a prefix, use
"/prefix/" + request.path.Validation
Min length1
Max length16384
spec.policies.extAuth.http.redirect
Optional expression that determines a path to
redirect to on authorization failure. This is useful to redirect to a
sign-in page.
redirect to on authorization failure. This is useful to redirect to a
sign-in page.
Validation
Min length1
Max length16384
spec.policies.extAuth.http.responseMetadata
Metadata fields to construct
from the authorization response. These will be included under the
for things like logging usernames, without needing to include them as
headers to the backend, as
from the authorization response. These will be included under the
extauthz variable in future CEL expressions. Setting this is usefulfor things like logging usernames, without needing to include them as
headers to the backend, as
allowedResponseHeaders would.Validation
Max properties64
spec.policies.health
Settings for passive and active health checking.
spec.policies.health.eviction
Settings for evicting unhealthy backends.
spec.policies.health.eviction.consecutiveFailures
Number of consecutive unhealthy responses required before the backend is evicted.
For example, a value of 5 means the backend must receive 5 unhealthy responses in a row before being evicted.
When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met.
When neither is set, a single unhealthy response can trigger eviction.
For example, a value of 5 means the backend must receive 5 unhealthy responses in a row before being evicted.
When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met.
When neither is set, a single unhealthy response can trigger eviction.
Validation
Formatint32
Minimum0
spec.policies.health.eviction.duration
Base time a backend should be evicted after being marked unhealthy.
Subsequent evictions use multiplicative backoff (duration * times_evicted).
If all endpoints are evicted, the load balancer falls back to returning evicted endpoints
rather than failing entirely.
If unset, defaults to
Subsequent evictions use multiplicative backoff (duration * times_evicted).
If all endpoints are evicted, the load balancer falls back to returning evicted endpoints
rather than failing entirely.
If unset, defaults to
3s.Validation
Default3s
Rule
invalid duration value
Rule
evictionDuration must be at least 1 second
spec.policies.health.eviction.healthThreshold
EWMA health score threshold, expressed as 0 to 100.
When set, a backend is only evicted if its computed health drops below this value after an unhealthy response.
For example, 50 means the backend is evicted when its EWMA health falls below 50% following failures.
Unlike consecutiveFailures (which counts consecutive failures), this uses a sliding-window average
so a single success in a stream of failures can delay eviction.
When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met.
When neither is set, a single unhealthy response triggers eviction.
When set, a backend is only evicted if its computed health drops below this value after an unhealthy response.
For example, 50 means the backend is evicted when its EWMA health falls below 50% following failures.
Unlike consecutiveFailures (which counts consecutive failures), this uses a sliding-window average
so a single success in a stream of failures can delay eviction.
When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met.
When neither is set, a single unhealthy response triggers eviction.
Validation
Formatint32
Minimum0
Maximum100
spec.policies.health.eviction.restoreHealth
Health score from 0 to 100 assigned to a backend when it returns from eviction.
For gradual recovery, set below 100; for full recovery immediately, set 100.
If unset, the backend resumes with the health it had when evicted.
For gradual recovery, set below 100; for full recovery immediately, set 100.
If unset, the backend resumes with the health it had when evicted.
Validation
Formatint32
Minimum0
Maximum100
spec.policies.health.unhealthyCondition
CEL expression that determines whether a response indicates an unhealthy backend.
When the expression evaluates to true, the backend is considered unhealthy and may be evicted.
When the expression evaluates to true, the backend is considered unhealthy and may be evicted.
For example, to evict on 5xx responses:
response.code >= 500.When unset, any 5xx response, or a connection failure, is treated as unhealthy.
This default lowers the backend's health score but does not trigger eviction on its own.
This default lowers the backend's health score but does not trigger eviction on its own.
Validation
Min length1
Max length16384
spec.policies.http
Settings for managing HTTP requests to the backend.
spec.policies.http.requestTimeout
Deadline for receiving a response from the backend.
Validation
Rule
invalid duration value
Rule
requestTimeout must be at least 1ms
spec.policies.http.version
HTTP protocol version to use when connecting to
the backend.
If not specified, the version is automatically determined:
*
port.
* If traffic is identified as gRPC,
* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS,
because most clients will transparently upgrade HTTPS traffic to
the backend.
If not specified, the version is automatically determined:
*
Service types can specify it with appProtocol on the Serviceport.
* If traffic is identified as gRPC,
HTTP2 is used.* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS,
HTTP1 will be used. This isbecause most clients will transparently upgrade HTTPS traffic to
HTTP2, even if the backend doesn't support it.Validation
EnumHTTP1, HTTP2
spec.policies.mcp
Settings for MCP workloads. This is only applicable when
connecting to a
connecting to a
Backend of type mcp.Validation
Rule
at least one of the fields in [authentication authorization] must be set
spec.policies.mcp.authentication
MCP backend-specific authentication rules.
This field is deprecated; prefer to use traffic policy
other policies such as transformation and rate limiting.
jwtAuthentication.mcp, which ensures authentication runs beforeother policies such as transformation and rate limiting.
spec.policies.mcp.authentication.audiences
Allowed audiences that are allowed
access. This corresponds to the
([RFC 7519 §4.1.3](https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.3)).
If unset, any audience is allowed.
access. This corresponds to the
aud claim([RFC 7519 §4.1.3](https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.3)).
If unset, any audience is allowed.
Validation
Min items1
Max items64
spec.policies.mcp.authentication.clientId
Client ID to use for short-circuiting Dynamic Client Registration.
If set, the gateway will not proxy registration requests to the IDP and instead return this client ID.
If set, the gateway will not proxy registration requests to the IDP and instead return this client ID.
spec.policies.mcp.authentication.issuer
IdP that issued the JWT. This corresponds to the
iss claim ([RFC 7519 §4.1.1](https://tools.ietf.org/html/rfc7519#section-4.1.1)).Validation
Min length1
Max length256
spec.policies.mcp.authentication.jwks
Remote JSON Web Key used to validate the signature of
the JWT.
the JWT.
spec.policies.mcp.authentication.jwks.backendRef
Remote JWKS server to reach.
Supported types are
to the
connection to the remote
Supported types are
Service and static Backend. AnAgentgatewayPolicy containing backend TLS config can then be attachedto the
Service or Backend in order to set TLS options for aconnection to the remote
jwks source.Validation
Rule
Must have port for Service reference
spec.policies.mcp.authentication.jwks.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.policies.mcp.authentication.jwks.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.policies.mcp.authentication.jwks.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
spec.policies.mcp.authentication.jwks.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.policies.mcp.authentication.jwks.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
spec.policies.mcp.authentication.jwks.cacheDuration
No description for this field.
Validation
Default5m
Rule
invalid duration value
Rule
cacheDuration must be at least 5m.
spec.policies.mcp.authentication.jwks.jwksPath
Path to the IdP
jwks endpoint, relative to the root, commonly".well-known/jwks.json".Validation
Min length1
Max length2000
spec.policies.mcp.authentication.mode
Validation mode for JWT authentication.
Validation
EnumOptional, Permissive, Strict
DefaultStrict
spec.policies.mcp.authentication.provider
Identity provider to use for authentication.
Validation
EnumAuth0, Keycloak, Okta
spec.policies.mcp.authentication.resourceMetadata
Metadata to use for MCP resources.
spec.policies.mcp.authorization
MCP backend authorization. Unlike authorization at the HTTP level, which rejects
unauthorized requests with a
unauthorized requests with a
403 error, this policy works at theMCPBackend level.List operations, such as
Items that do not meet the rule will be filtered.
list_tools, will have each item evaluated.Items that do not meet the rule will be filtered.
Get or call operations, such as
item and reject requests that do not meet the rule.
call_tool, will evaluate the specificitem and reject requests that do not meet the rule.
spec.policies.mcp.authorization.action
The effect of this rule when it matches.
If unspecified, defaults to
If unspecified, defaults to
Allow.Require rules are cumulative: all require rules must match.Validation
EnumAllow, Deny, Require
DefaultAllow
spec.policies.mcp.authorization.policy
The authorization rule to evaluate.
*
*
*
Allow: any matching allow rule allows the request.*
Require: every require rule must match for the request to be allowed.*
Deny: any matching deny rule denies the request.A CEL expression that fails to evaluate does not match. Prefer
for deny-by-default behavior.
Requirefor deny-by-default behavior.
If at least one
least one allow rule matches.
Allow rule is configured, requests are denied unless atleast one allow rule matches.
spec.policies.mcp.authorization.policy.matchExpressions
CEL expressions that must all evaluate to true for the rule to match.
Validation
Min items1
Max items256
spec.policies.tcp
Settings for managing TCP connections to the backend.
spec.policies.tcp.connectTimeout
Deadline for establishing a connection to
the destination.
the destination.
Validation
Rule
invalid duration value
Rule
connectTimeout must be at least 100ms
spec.policies.tcp.keepalive
Settings for enabling TCP keepalives on the
connection.
connection.
spec.policies.tcp.keepalive.interval
Time between keepalive probes.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
interval must be at least 1 second
spec.policies.tcp.keepalive.retries
Maximum number of keepalive probes to send before dropping the connection.
If unset, this defaults to 9.
If unset, this defaults to 9.
Validation
Formatint32
Minimum1
Maximum64
spec.policies.tcp.keepalive.time
Time a connection needs to be idle before keepalive probes start being sent.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
time must be at least 1 second
spec.policies.tls
Settings for managing TLS connections to the backend.
If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to
validate the server, and the SNI will automatically be set based on the destination.
validate the server, and the SNI will automatically be set based on the destination.
Validation
Rule
insecureSkipVerify All and caCertificateRefs may not be set together
Rule
insecureSkipVerify and verifySubjectAltNames may not be set together
Rule
at most one of the fields in [verifySubjectAltNames insecureSkipVerify] may be set
Documentation References (1)
spec.policies.tls.alpnProtocols
Application-Layer Protocol Negotiation (
value to use in the TLS handshake.
ALPN)value to use in the TLS handshake.
If not present, defaults to
["h2", "http/1.1"].Validation
Min items1
Max items16
spec.policies.tls.caCertificateRefs
CA certificate
verify the server certificate.
If unset, the system's trusted certificates are used.
ConfigMap to use toverify the server certificate.
If unset, the system's trusted certificates are used.
Validation
Max items1
List typeatomic
spec.policies.tls.caCertificateRefs.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.policies.tls.insecureSkipVerify
Originates TLS but skips verification of the backend's certificate.
WARNING: This is an insecure option that should only be used if the risks are understood.
WARNING: This is an insecure option that should only be used if the risks are understood.
There are two modes:
*
*
mismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
if possible.
*
All disables all TLS verification.*
Hostname verifies the CA certificate is trusted, but ignores anymismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
verifySubjectAltNames to customize the valid hostnamesif possible.
Validation
EnumAll, Hostname
spec.policies.tls.keyExchangeGroups
Ordered list of key exchange groups for a TLS connection.
For example:
For example:
X25519_MLKEM768,X25519.spec.policies.tls.mtlsCertificateRef
Enables mutual TLS to the backend, using the
specified key (
credential source, defaulting to a Kubernetes
specified key (
tls.key) and cert (tls.crt) from the referencedcredential source, defaulting to a Kubernetes
Secret.An optional
server certificate. If
ca.cert field, if present, will be used to verify theserver certificate. If
caCertificateRefs is also specified, thecaCertificateRefs field takes priority.If unspecified, no client certificate will be used.
Validation
Max items1
List typeatomic
spec.policies.tls.mtlsCertificateRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.policies.tls.mtlsCertificateRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.policies.tls.mtlsCertificateRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.policies.tls.sni
Server Name Indicator (
handshake. If unset, the
destination hostname.
SNI) to use in the TLShandshake. If unset, the
SNI is automatically set based on thedestination hostname.
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Min length1
Max length253
Documentation References (1)
spec.policies.tls.verifySubjectAltNames
Subject Alternative Names (
to verify in the server certificate.
If not present, the destination hostname is automatically used.
SAN)to verify in the server certificate.
If not present, the destination hostname is automatically used.
Validation
Min items1
Max items16
spec.policies.transformation
Mutates and transforms requests and responses sent to and from the backend.
Validation
Rule
at least one of the fields in [request response] must be set
spec.policies.transformation.request
Request transformation settings.
Validation
Rule
at least one of the fields in [add body metadata remove set] must be set
spec.policies.transformation.request.add
Headers to add to the request and what each value
should be set to. If there is already a header with these values then
append the value as an extra entry.
should be set to. If there is already a header with these values then
append the value as an extra entry.
Validation
Min items1
Max items16
List typemap
List map keysname
spec.policies.transformation.request.add.name
The name of the header to add.
Validation
Pattern^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
Rule
pseudo-headers must be one of :authority, :method, :path, :scheme, or :status
spec.policies.transformation.request.add.value
CEL expression that generates the output value for
the header.
the header.
Validation
Min length1
Max length16384
spec.policies.transformation.request.body
HTTP body transformation.
Validation
Min length1
Max length16384
spec.policies.transformation.request.metadata
Stores CEL-evaluated values under the
for subsequent policy evaluations.
or body transformations.
metadata CEL variablefor subsequent policy evaluations.
metadata is evaluated before headeror body transformations.
Validation
Min properties1
Max properties16
spec.policies.transformation.request.remove
Header names to remove from the request or
response.
response.
Validation
Min items1
Max items16
List typeset
spec.policies.transformation.request.set
Headers to set and the values to use.
Validation
Min items1
Max items16
List typemap
List map keysname
spec.policies.transformation.request.set.name
The name of the header to add.
Validation
Pattern^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
Rule
pseudo-headers must be one of :authority, :method, :path, :scheme, or :status
spec.policies.transformation.request.set.value
CEL expression that generates the output value for
the header.
the header.
Validation
Min length1
Max length16384
spec.policies.transformation.response
Response transformation settings.
Validation
Rule
at least one of the fields in [add body metadata remove set] must be set
spec.policies.transformation.response.add
Headers to add to the request and what each value
should be set to. If there is already a header with these values then
append the value as an extra entry.
should be set to. If there is already a header with these values then
append the value as an extra entry.
Validation
Min items1
Max items16
List typemap
List map keysname
spec.policies.transformation.response.add.name
The name of the header to add.
Validation
Pattern^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
Rule
pseudo-headers must be one of :authority, :method, :path, :scheme, or :status
spec.policies.transformation.response.add.value
CEL expression that generates the output value for
the header.
the header.
Validation
Min length1
Max length16384
spec.policies.transformation.response.body
HTTP body transformation.
Validation
Min length1
Max length16384
spec.policies.transformation.response.metadata
Stores CEL-evaluated values under the
for subsequent policy evaluations.
or body transformations.
metadata CEL variablefor subsequent policy evaluations.
metadata is evaluated before headeror body transformations.
Validation
Min properties1
Max properties16
spec.policies.transformation.response.remove
Header names to remove from the request or
response.
response.
Validation
Min items1
Max items16
List typeset
spec.policies.transformation.response.set
Headers to set and the values to use.
Validation
Min items1
Max items16
List typemap
List map keysname
spec.policies.transformation.response.set.name
The name of the header to add.
Validation
Pattern^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
Rule
pseudo-headers must be one of :authority, :method, :path, :scheme, or :status
spec.policies.transformation.response.set.value
CEL expression that generates the output value for
the header.
the header.
Validation
Min length1
Max length16384
spec.policies.tunnel
Settings for managing tunnel connections, with behavior like
HTTPS_PROXY, to the backend.spec.policies.tunnel.backendRef
Proxy server to reach.
Supported types:
Supported types:
Service and Backend.Validation
Rule
Must have port for Service reference
spec.policies.tunnel.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.policies.tunnel.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.policies.tunnel.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
spec.policies.tunnel.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.policies.tunnel.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
spec.static
Static hostname, IP address, or Unix Domain Socket backend.
Validation
Rule
must specify either unixPath or both host and port
Rule
unixPath and host/port are mutually exclusive
Documentation References (3)
spec.static.host
Host to connect to for TCP backends.
Validation
Min length1
Max length256
Documentation References (3)
spec.static.port
Port to connect to for TCP backends.
Validation
Formatint32
Minimum1
Maximum65535
Documentation References (3)
spec.static.unixPath
Filesystem path to a Unix Domain Socket. The gateway pod
must share a volume with the target (e.g., via emptyDir sidecar pattern).
Mutually exclusive with host/port.
must share a volume with the target (e.g., via emptyDir sidecar pattern).
Mutually exclusive with host/port.
Validation
Min length1
status
Current backend status.
status.conditions
Current condition state for the backend.
Validation
Max items8
List typemap
List map keystype
status.conditions.lastTransitionTime
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
Validation
Formatdate-time
status.conditions.message
message is a human readable message indicating details about the transition.
This may be an empty string.
This may be an empty string.
Validation
Max length32768
status.conditions.observedGeneration
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
Validation
Formatint64
Minimum0
status.conditions.reason
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
Validation
Pattern^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
Min length1
Max length1024
status.conditions.status
status of the condition, one of True, False, Unknown.
Validation
EnumTrue, False, Unknown
status.conditions.type
type of condition in CamelCase or in foo.example.com/CamelCase.
Validation
Pattern^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
Max length316
Was this page helpful?
