For the complete documentation index, see llms.txt. Markdown versions of all docs pages are available by appending .md to any docs URL.
AgentgatewayPolicy
Use AgentgatewayPolicy to configure traffic manipulation, observability, security, and more.
Explore the configuration reference by clicking on a property name or expanding the property types. Use the in-field search bar to search for a property. The reference is also available as a table.agentgateway.dev/v1alpha1
- apiVersionstring
- kindstring
- metadataobject
- *spec
- backend
- ai
- defaults
- *fieldstring
- *valueobject
- modelAliasesobject
- overrides
- *fieldstring
- *valueobject
- prompt
- append
- *contentstring
- *rolestring
- prepend
- *contentstring
- *rolestring
- promptCaching
- cacheMessageOffsetinteger
- cacheMessagesboolean
- cacheSystemboolean
- cacheToolsboolean
- minTokensinteger
- promptGuard
- request
- bedrockGuardrails
- *identifierstring
- policies
- auth
- aws
- assumeRole
- *roleArnstring
- secretRef
- groupstring
- kindstring
- *namestring
- serviceNamestring
- azure
- managedIdentity
- *clientIdstring
- *objectIdstring
- *resourceIdstring
- secretRef
- groupstring
- kindstring
- *namestring
- gcp
- audiencestring
- secretRef
- groupstring
- kindstring
- *namestring
- typestring
- keystring
- location
- cookie
- *namestring
- header
- *namestring
- prefixstring
- queryParameter
- *namestring
- passthroughobject
- secretRef
- groupstring
- kindstring
- *namestring
- http
- requestTimeoutstring
- versionstring
- tcp
- connectTimeoutstring
- keepalive
- intervalstring
- retriesinteger
- timestring
- tls
- alpnProtocolsstring[]
- caCertificateRefs
- namestring
- insecureSkipVerifystring
- keyExchangeGroupsstring[]
- mtlsCertificateRef
- groupstring
- kindstring
- *namestring
- snistring
- verifySubjectAltNamesstring[]
- tunnel
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- *regionstring
- *versionstring
- googleModelArmor
- locationstring
- policies
- auth
- aws
- assumeRole
- *roleArnstring
- secretRef
- groupstring
- kindstring
- *namestring
- serviceNamestring
- azure
- managedIdentity
- *clientIdstring
- *objectIdstring
- *resourceIdstring
- secretRef
- groupstring
- kindstring
- *namestring
- gcp
- audiencestring
- secretRef
- groupstring
- kindstring
- *namestring
- typestring
- keystring
- location
- cookie
- *namestring
- header
- *namestring
- prefixstring
- queryParameter
- *namestring
- passthroughobject
- secretRef
- groupstring
- kindstring
- *namestring
- http
- requestTimeoutstring
- versionstring
- tcp
- connectTimeoutstring
- keepalive
- intervalstring
- retriesinteger
- timestring
- tls
- alpnProtocolsstring[]
- caCertificateRefs
- namestring
- insecureSkipVerifystring
- keyExchangeGroupsstring[]
- mtlsCertificateRef
- groupstring
- kindstring
- *namestring
- snistring
- verifySubjectAltNamesstring[]
- tunnel
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- *projectIdstring
- *templateIdstring
- openAIModeration
- modelstring
- policies
- auth
- aws
- assumeRole
- *roleArnstring
- secretRef
- groupstring
- kindstring
- *namestring
- serviceNamestring
- azure
- managedIdentity
- *clientIdstring
- *objectIdstring
- *resourceIdstring
- secretRef
- groupstring
- kindstring
- *namestring
- gcp
- audiencestring
- secretRef
- groupstring
- kindstring
- *namestring
- typestring
- keystring
- location
- cookie
- *namestring
- header
- *namestring
- prefixstring
- queryParameter
- *namestring
- passthroughobject
- secretRef
- groupstring
- kindstring
- *namestring
- http
- requestTimeoutstring
- versionstring
- tcp
- connectTimeoutstring
- keepalive
- intervalstring
- retriesinteger
- timestring
- tls
- alpnProtocolsstring[]
- caCertificateRefs
- namestring
- insecureSkipVerifystring
- keyExchangeGroupsstring[]
- mtlsCertificateRef
- groupstring
- kindstring
- *namestring
- snistring
- verifySubjectAltNamesstring[]
- tunnel
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- regex
- actionstring
- builtinsstring[]
- matchesstring[]
- response
- messagestring
- statusCodeinteger
- webhook
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- failureModestring
- forwardHeaderMatches
- *namestring
- typestring
- *valuestring
- response
- bedrockGuardrails
- *identifierstring
- policies
- auth
- aws
- assumeRole
- *roleArnstring
- secretRef
- groupstring
- kindstring
- *namestring
- serviceNamestring
- azure
- managedIdentity
- *clientIdstring
- *objectIdstring
- *resourceIdstring
- secretRef
- groupstring
- kindstring
- *namestring
- gcp
- audiencestring
- secretRef
- groupstring
- kindstring
- *namestring
- typestring
- keystring
- location
- cookie
- *namestring
- header
- *namestring
- prefixstring
- queryParameter
- *namestring
- passthroughobject
- secretRef
- groupstring
- kindstring
- *namestring
- http
- requestTimeoutstring
- versionstring
- tcp
- connectTimeoutstring
- keepalive
- intervalstring
- retriesinteger
- timestring
- tls
- alpnProtocolsstring[]
- caCertificateRefs
- namestring
- insecureSkipVerifystring
- keyExchangeGroupsstring[]
- mtlsCertificateRef
- groupstring
- kindstring
- *namestring
- snistring
- verifySubjectAltNamesstring[]
- tunnel
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- *regionstring
- *versionstring
- googleModelArmor
- locationstring
- policies
- auth
- aws
- assumeRole
- *roleArnstring
- secretRef
- groupstring
- kindstring
- *namestring
- serviceNamestring
- azure
- managedIdentity
- *clientIdstring
- *objectIdstring
- *resourceIdstring
- secretRef
- groupstring
- kindstring
- *namestring
- gcp
- audiencestring
- secretRef
- groupstring
- kindstring
- *namestring
- typestring
- keystring
- location
- cookie
- *namestring
- header
- *namestring
- prefixstring
- queryParameter
- *namestring
- passthroughobject
- secretRef
- groupstring
- kindstring
- *namestring
- http
- requestTimeoutstring
- versionstring
- tcp
- connectTimeoutstring
- keepalive
- intervalstring
- retriesinteger
- timestring
- tls
- alpnProtocolsstring[]
- caCertificateRefs
- namestring
- insecureSkipVerifystring
- keyExchangeGroupsstring[]
- mtlsCertificateRef
- groupstring
- kindstring
- *namestring
- snistring
- verifySubjectAltNamesstring[]
- tunnel
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- *projectIdstring
- *templateIdstring
- regex
- actionstring
- builtinsstring[]
- matchesstring[]
- response
- messagestring
- statusCodeinteger
- webhook
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- failureModestring
- forwardHeaderMatches
- *namestring
- typestring
- *valuestring
- routesobject
- transformations
- *expressionstring
- *fieldstring
- auth
- aws
- assumeRole
- *roleArnstring
- secretRef
- groupstring
- kindstring
- *namestring
- serviceNamestring
- azure
- managedIdentity
- *clientIdstring
- *objectIdstring
- *resourceIdstring
- secretRef
- groupstring
- kindstring
- *namestring
- gcp
- audiencestring
- secretRef
- groupstring
- kindstring
- *namestring
- typestring
- keystring
- location
- cookie
- *namestring
- header
- *namestring
- prefixstring
- queryParameter
- *namestring
- passthroughobject
- secretRef
- groupstring
- kindstring
- *namestring
- extAuth
- backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- cache
- *keystring[]
- maxEntriesinteger
- *ttlstring
- failureModestring
- forwardBody
- *maxSize
- grpc
- contextExtensionsobject
- requestMetadataobject
- http
- addRequestHeadersobject
- allowedRequestHeadersstring[]
- allowedResponseHeadersstring[]
- pathstring
- redirectstring
- responseMetadataobject
- health
- eviction
- consecutiveFailuresinteger
- durationstring
- healthThresholdinteger
- restoreHealthinteger
- unhealthyConditionstring
- http
- requestTimeoutstring
- versionstring
- mcp
- authentication
- audiencesstring[]
- clientIdstring
- issuerstring
- *jwks
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- cacheDurationstring
- *jwksPathstring
- modestring
- providerstring
- resourceMetadataobject
- authorization
- actionstring
- *policy
- *matchExpressionsstring[]
- tcp
- connectTimeoutstring
- keepalive
- intervalstring
- retriesinteger
- timestring
- tls
- alpnProtocolsstring[]
- caCertificateRefs
- namestring
- insecureSkipVerifystring
- keyExchangeGroupsstring[]
- mtlsCertificateRef
- groupstring
- kindstring
- *namestring
- snistring
- verifySubjectAltNamesstring[]
- transformation
- request
- add
- *namestring
- *valuestring
- bodystring
- metadataobject
- removestring[]
- set
- *namestring
- *valuestring
- response
- add
- *namestring
- *valuestring
- bodystring
- metadataobject
- removestring[]
- set
- *namestring
- *valuestring
- tunnel
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- frontend
- accessLog
- attributes
- add
- *expressionstring
- *namestring
- removestring[]
- filterstring
- otlp
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- pathstring
- protocolstring
- connect
- *modestring
- http
- http1HeaderCasestring
- http1IdleTimeoutstring
- http1MaxHeadersinteger
- http2ConnectionWindowSize
- http2FrameSize
- http2KeepaliveIntervalstring
- http2KeepaliveTimeoutstring
- http2MaxHeaderSize
- http2WindowSize
- maxBufferSize
- maxConnectionDurationstring
- metrics
- *attributes
- add
- *expressionstring
- *namestring
- networkAuthorization
- actionstring
- *policy
- *matchExpressionsstring[]
- proxyProtocol
- modestring
- versionstring
- tcp
- keepalive
- intervalstring
- retriesinteger
- timestring
- tls
- alpnProtocolsstring[]
- cipherSuitesstring[]
- handshakeTimeoutstring
- keyExchangeGroupsstring[]
- maxProtocolVersionstring
- minProtocolVersionstring
- tracing
- attributes
- add
- *expressionstring
- *namestring
- removestring[]
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- clientSamplingstring
- pathstring
- protocolstring
- randomSamplingstring
- resources
- *expressionstring
- *namestring
- strategy
- inheritancestring
- targetRefs
- *groupstring
- *kindstring
- *namestring
- sectionNamestring
- targetSelectors
- *groupstring
- *kindstring
- *matchLabelsobject
- sectionNamestring
- traffic
- apiKeyAuthentication
- location
- cookie
- *namestring
- expressionstring
- header
- *namestring
- prefixstring
- queryParameter
- *namestring
- modestring
- secretRef
- groupstring
- kindstring
- *namestring
- secretSelector
- *matchLabelsobject
- authorization
- actionstring
- *policy
- *matchExpressionsstring[]
- basicAuthentication
- location
- cookie
- *namestring
- expressionstring
- header
- *namestring
- prefixstring
- queryParameter
- *namestring
- modestring
- realmstring
- secretRef
- groupstring
- kindstring
- *namestring
- usersstring[]
- buffer
- request
- maxBytes
- response
- maxBytes
- cors
- allowCredentialsboolean
- allowHeadersstring[]
- allowMethodsstring[]
- allowOriginsstring[]
- exposeHeadersstring[]
- maxAgeinteger
- csrf
- additionalOriginsstring[]
- directResponse
- bodystring
- bodyExpressionstring
- conditional
- conditionstring
- *policy
- bodystring
- bodyExpressionstring
- headers
- *namestring
- *valuestring
- statusinteger
- headers
- *namestring
- *valuestring
- statusinteger
- extAuth
- backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- cache
- *keystring[]
- maxEntriesinteger
- *ttlstring
- conditional
- conditionstring
- *policy
- backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- cache
- *keystring[]
- maxEntriesinteger
- *ttlstring
- failureModestring
- forwardBody
- *maxSize
- grpc
- contextExtensionsobject
- requestMetadataobject
- http
- addRequestHeadersobject
- allowedRequestHeadersstring[]
- allowedResponseHeadersstring[]
- pathstring
- redirectstring
- responseMetadataobject
- failureModestring
- forwardBody
- *maxSize
- grpc
- contextExtensionsobject
- requestMetadataobject
- http
- addRequestHeadersobject
- allowedRequestHeadersstring[]
- allowedResponseHeadersstring[]
- pathstring
- redirectstring
- responseMetadataobject
- extProc
- backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- conditional
- conditionstring
- *policy
- backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- processingOptions
- allowModeOverrideboolean
- requestBodyModestring
- requestHeaderModestring
- requestTrailerModestring
- responseBodyModestring
- responseHeaderModestring
- responseTrailerModestring
- processingOptions
- allowModeOverrideboolean
- requestBodyModestring
- requestHeaderModestring
- requestTrailerModestring
- responseBodyModestring
- responseHeaderModestring
- responseTrailerModestring
- headerModifiers
- request
- add
- *namestring
- *valuestring
- removestring[]
- set
- *namestring
- *valuestring
- response
- add
- *namestring
- *valuestring
- removestring[]
- set
- *namestring
- *valuestring
- hostRewrite
- *modestring
- jwtAuthentication
- location
- cookie
- *namestring
- expressionstring
- header
- *namestring
- prefixstring
- queryParameter
- *namestring
- mcp
- clientIdstring
- providerstring
- resourceMetadataobject
- modestring
- *providers
- audiencesstring[]
- *issuerstring
- *jwks
- inlinestring
- remote
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- cacheDurationstring
- *jwksPathstring
- phasestring
- rateLimit
- conditional
- conditionstring
- *policy
- global
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- *descriptors
- coststring
- *entries
- *expressionstring
- *namestring
- unitstring
- *domainstring
- failureModestring
- local
- burstinteger
- requestsinteger
- tokensinteger
- *unitstring
- global
- *backendRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- *descriptors
- coststring
- *entries
- *expressionstring
- *namestring
- unitstring
- *domainstring
- failureModestring
- local
- burstinteger
- requestsinteger
- tokensinteger
- *unitstring
- retry
- attemptsinteger
- backoffstring
- codesinteger[]
- timeouts
- requeststring
- transformation
- conditional
- conditionstring
- *policy
- request
- add
- *namestring
- *valuestring
- bodystring
- metadataobject
- removestring[]
- set
- *namestring
- *valuestring
- response
- add
- *namestring
- *valuestring
- bodystring
- metadataobject
- removestring[]
- set
- *namestring
- *valuestring
- request
- add
- *namestring
- *valuestring
- bodystring
- metadataobject
- removestring[]
- set
- *namestring
- *valuestring
- response
- add
- *namestring
- *valuestring
- bodystring
- metadataobject
- removestring[]
- set
- *namestring
- *valuestring
- status
- *ancestors
- *ancestorRef
- groupstring
- kindstring
- *namestring
- namespacestring
- portinteger
- sectionNamestring
- *conditions
- *lastTransitionTimestring
- *messagestring
- observedGenerationinteger
- *reasonstring
- *statusstring
- *typestring
- *controllerNamestring
apiVersion
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
kind
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
metadata
No description for this field.
spec
Desired policy configuration.
Validation
Rule
At least one of traffic, frontend, or backend must be provided.
Rule
strategy.inheritance may only be set on traffic policies
Rule
backend.mcp may not be used with a Service target
Rule
backend.mcp may not target an AgentgatewayBackend sectionName
Rule
backend.ai may not be used with a Service target
Rule
traffic.jwtAuthentication may not be used with backend.mcp.authentication in the same policy
Rule
the 'frontend' field can only target a Gateway
Rule
the 'frontend' field can only target a Gateway
Rule
the 'traffic' field can only target a Gateway, ListenerSet, GRPCRoute, HTTPRoute, or InferencePool
Rule
the 'traffic' field can only target a Gateway, ListenerSet, GRPCRoute, HTTPRoute, or InferencePool
Rule
the 'traffic.phase=PreRouting' field can only target a Gateway or ListenerSet
Rule
the 'traffic.phase=PreRouting' field can only target a Gateway or ListenerSet
Rule
exactly one of the fields in [targetRefs targetSelectors] must be set
spec.backend
Settings for how to connect to destination backends.
A backend policy can target a
(optionally, with a
port for
Gateway (optionally, with asectionName indicating the listener), ListenerSet, Route(optionally, with a
sectionName indicating the route rule), or aService or Backend (optionally, with a sectionName indicating theport for
Service, or sub-backend for Backend).Note that a backend policy applies when connecting to a specific destination backend. Targeting a higher level
resource, like
group of backends.
resource, like
Gateway, is just a way to easily apply a policy to agroup of backends.
When multiple policies are selected for a given request, they are merged on a field-level basis, but not a deep
merge. Precedence is given to more precise policies:
example, if a
policy sets
merge. Precedence is given to more precise policies:
Gateway <Listener < Route < Route Rule < Backend or Service. Forexample, if a
Gateway policy sets tcp and tls, and a Backendpolicy sets
tls, the effective policy would be tcp from theGateway, and tls from the Backend.Validation
Rule
at least one of the fields in [ai auth extAuth health http mcp tcp tls transformation tunnel] must be set
Documentation References (17)
spec.backend.ai
Settings for AI workloads. This is only applicable when
connecting to a
connecting to a
Backend of type ai.Validation
Rule
at least one of the fields in [defaults modelAliases overrides prompt promptCaching promptGuard routes transformations] must be set
Documentation References (13)
spec.backend.ai.defaults
Defaults to merge with user input fields. If the field is already set, the field in the request is used.
Validation
Min items1
Max items64
spec.backend.ai.defaults.field
Name of the field.
Validation
Max length256
spec.backend.ai.defaults.value
Default value for the field. This can be any JSON data type.
Validation
Preserve unknown fieldstrue
spec.backend.ai.modelAliases
Maps friendly model names to actual provider model names.
Example:
Note: This field is only applicable when using the agentgateway data plane.
Example:
{"fast": "gpt-3.5-turbo", "smart": "gpt-4-turbo"}.Note: This field is only applicable when using the agentgateway data plane.
Validation
Max properties64
spec.backend.ai.overrides
Overrides to merge with user input fields. If the field is already set, the field is overwritten.
Validation
Min items1
Max items64
spec.backend.ai.overrides.field
Name of the field.
Validation
Max length256
spec.backend.ai.overrides.value
Default value for the field. This can be any JSON data type.
Validation
Preserve unknown fieldstrue
spec.backend.ai.prompt
Enriches requests sent to the LLM provider by appending and prepending system prompts. This can be configured only for
LLM providers that use the
LLM providers that use the
CHAT or CHAT_STREAMING API route type.Documentation References (3)
spec.backend.ai.prompt.append
Messages to append to the prompt sent by the client.
Documentation References (1)
spec.backend.ai.prompt.append.content
String content of the message.
Documentation References (1)
spec.backend.ai.prompt.append.role
Role of the message. The available roles depend on the backend
LLM provider model, such as
LLM provider model, such as
SYSTEM or USER in the OpenAI API.Documentation References (1)
spec.backend.ai.prompt.prepend
Messages to prepend to the prompt sent by the client.
Documentation References (3)
spec.backend.ai.prompt.prepend.content
String content of the message.
Documentation References (3)
spec.backend.ai.prompt.prepend.role
Role of the message. The available roles depend on the backend
LLM provider model, such as
LLM provider model, such as
SYSTEM or USER in the OpenAI API.Documentation References (3)
spec.backend.ai.promptCaching
Automatic prompt caching for supported
providers, currently AWS Bedrock.
Reduces API costs by caching static content like system prompts and tool definitions.
Only applicable for Bedrock Claude 3+ and Nova models.
providers, currently AWS Bedrock.
Reduces API costs by caching static content like system prompts and tool definitions.
Only applicable for Bedrock Claude 3+ and Nova models.
Documentation References (1)
spec.backend.ai.promptCaching.cacheMessageOffset
Shifts the message cache point further back in the
conversation. 0 (default) places it at the second-to-last message.
Higher values move it N additional messages towards the start, clamped
to bounds.
conversation. 0 (default) places it at the second-to-last message.
Higher values move it N additional messages towards the start, clamped
to bounds.
Validation
Default0
Minimum0
spec.backend.ai.promptCaching.cacheMessages
Enables caching for conversation messages.
Caches all messages in the conversation for cost savings.
Caches all messages in the conversation for cost savings.
Validation
Defaulttrue
Documentation References (1)
spec.backend.ai.promptCaching.cacheSystem
Enables caching for system prompts.
Inserts a cache point after all system messages.
Inserts a cache point after all system messages.
Validation
Defaulttrue
Documentation References (1)
spec.backend.ai.promptCaching.cacheTools
Enables caching for tool definitions.
Inserts a cache point after all tool specifications.
Inserts a cache point after all tool specifications.
Validation
Defaultfalse
Documentation References (1)
spec.backend.ai.promptCaching.minTokens
Minimum estimated token count
before caching is enabled. Uses rough heuristic (word count × 1.3) to estimate tokens.
Bedrock requires at least 1,024 tokens for caching to be effective.
before caching is enabled. Uses rough heuristic (word count × 1.3) to estimate tokens.
Bedrock requires at least 1,024 tokens for caching to be effective.
Validation
Default1024
Minimum0
Documentation References (1)
spec.backend.ai.promptGuard
Guardrails for LLM requests and responses.
Validation
Rule
at least one of the fields in [request response] must be set
spec.backend.ai.promptGuard.request
Prompt guards to apply to requests sent by the client.
Validation
Min items1
Max items8
spec.backend.ai.promptGuard.request.bedrockGuardrails
AWS Bedrock Guardrails settings for prompt
guarding.
guarding.
Documentation References (1)
spec.backend.ai.promptGuard.request.bedrockGuardrails.identifier
Identifier of the Guardrail policy to use for the backend.
Validation
Min length1
Max length256
Documentation References (1)
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies
Policies for communicating with AWS Bedrock Guardrails.
Documentation References (1)
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth
Settings for managing authentication to the backend.
Validation
Rule
location may only be set for key or passthrough auth
Rule
exactly one of the fields in [key secretRef passthrough aws azure gcp] must be set
Documentation References (1)
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.aws
Explicit AWS authentication method for the backend.
When omitted, default AWS SDK credential discovery is used.
When omitted, default AWS SDK credential discovery is used.
Validation
Rule
secretRef and assumeRole are mutually exclusive
Documentation References (1)
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.aws.assumeRole
AWS STS AssumeRole settings to use before signing backend requests.
Ambient AWS credentials are used as the source credentials for STS.
Ambient AWS credentials are used as the source credentials for STS.
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.aws.assumeRole.roleArn
AWS IAM role ARN to assume.
Validation
Pattern^arn:aws[a-z-]*:iam::[0-9]{12}:role/.+$
Min length1
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.aws.secretRef
Credential source, defaulting to a Kubernetes
resolver, the
optionally
Secret, containing the AWS credentials. When using the default Secretresolver, the
Secret must have keys accessKey, secretKey, andoptionally
sessionToken.Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
Documentation References (1)
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.aws.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.aws.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.aws.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
Documentation References (1)
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.aws.serviceName
AWS SigV4 signing service name, for example
backends may provide this automatically.
bedrock, bedrock-agentcore, or execute-api). If unset, typed AWSbackends may provide this automatically.
Validation
Min length1
Max length256
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.azure
Azure authentication method for the backend.
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.azure.managedIdentity
Managed identity authentication settings.
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.azure.managedIdentity.clientId
No description for this field.
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.azure.managedIdentity.objectId
No description for this field.
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.azure.managedIdentity.resourceId
No description for this field.
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.azure.secretRef
Credential source, defaulting to a Kubernetes
resolver, the
Secret, containing the Azure credentials. When using the default Secretresolver, the
Secret must have keys clientID, tenantID, andclientSecret.Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.azure.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.azure.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.azure.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.gcp
Google authentication method for the backend.
When omitted, default Google credential discovery is used.
When omitted, default Google credential discovery is used.
Validation
Rule
audience is only valid with IdToken
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.gcp.audience
Explicit
valid with
derived from the backend hostname.
aud value for the ID token. Onlyvalid with
IdToken type. If not set, the aud is automaticallyderived from the backend hostname.
Validation
Min length1
Max length256
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.gcp.secretRef
Credential source, defaulting to a Kubernetes
the default Secret resolver, this must be stored in the
key. When omitted, ambient credentials are used.
Secret, containing ADC-compatible Google credential JSON. When usingthe default Secret resolver, this must be stored in the
credentials.jsonkey. When omitted, ambient credentials are used.
Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.gcp.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.gcp.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.gcp.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.gcp.type
The type of token to generate. To authenticate to GCP services,
generally an
generally an
AccessToken is used. To authenticate to Cloud Run, anIdToken is used.Validation
EnumAccessToken, IdToken
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.key
Inline key to use as the value of the
Authorization header. This option is the least secure; usage of aSecret is preferred.Validation
Max length2048
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.location
Where backend credentials are inserted.
If omitted, credentials are written to the
This applies to
If omitted, credentials are written to the
Authorization header with the Bearer prefix.This applies to
key, secretRef, and passthrough.Validation
Rule
exactly one of the fields in [header queryParameter cookie] must be set
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.location.cookie
No description for this field.
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.location.cookie.name
No description for this field.
Validation
Min length1
Max length256
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.location.header
No description for this field.
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.location.header.name
HTTPHeaderName is the name of an HTTP header.
Valid values include:
* "Authorization"
* "Set-Cookie"
* "Set-Cookie"
Invalid values include:
- ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.location.header.prefix
No description for this field.
Validation
Min length1
Max length256
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.location.queryParameter
No description for this field.
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.location.queryParameter.name
No description for this field.
Validation
Min length1
Max length256
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.passthrough
Passes through an existing token that has been sent by the
client and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
client and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.secretRef
Credential source, defaulting to a Kubernetes
the default Secret resolver, this must be stored in the
key.
Secret, storing the key to use as the authorization value. When usingthe default Secret resolver, this must be stored in the
Authorizationkey.
Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.auth.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.http
Settings for managing HTTP requests to the backend.
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.http.requestTimeout
Deadline for receiving a response from the backend.
Validation
Rule
invalid duration value
Rule
requestTimeout must be at least 1ms
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.http.version
HTTP protocol version to use when connecting to
the backend.
If not specified, the version is automatically determined:
*
port.
* If traffic is identified as gRPC,
* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS,
because most clients will transparently upgrade HTTPS traffic to
the backend.
If not specified, the version is automatically determined:
*
Service types can specify it with appProtocol on the Serviceport.
* If traffic is identified as gRPC,
HTTP2 is used.* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS,
HTTP1 will be used. This isbecause most clients will transparently upgrade HTTPS traffic to
HTTP2, even if the backend doesn't support it.Validation
EnumHTTP1, HTTP2
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.tcp
Settings for managing TCP connections to the backend.
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.tcp.connectTimeout
Deadline for establishing a connection to
the destination.
the destination.
Validation
Rule
invalid duration value
Rule
connectTimeout must be at least 100ms
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.tcp.keepalive
Settings for enabling TCP keepalives on the
connection.
connection.
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.tcp.keepalive.interval
Time between keepalive probes.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
interval must be at least 1 second
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.tcp.keepalive.retries
Maximum number of keepalive probes to send before dropping the connection.
If unset, this defaults to 9.
If unset, this defaults to 9.
Validation
Formatint32
Minimum1
Maximum64
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.tcp.keepalive.time
Time a connection needs to be idle before keepalive probes start being sent.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
time must be at least 1 second
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.tls
Settings for managing TLS connections to the backend.
If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to
validate the server, and the SNI will automatically be set based on the destination.
validate the server, and the SNI will automatically be set based on the destination.
Validation
Rule
insecureSkipVerify All and caCertificateRefs may not be set together
Rule
insecureSkipVerify and verifySubjectAltNames may not be set together
Rule
at most one of the fields in [verifySubjectAltNames insecureSkipVerify] may be set
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.tls.alpnProtocols
Application-Layer Protocol Negotiation (
value to use in the TLS handshake.
ALPN)value to use in the TLS handshake.
If not present, defaults to
["h2", "http/1.1"].Validation
Min items1
Max items16
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.tls.caCertificateRefs
CA certificate
verify the server certificate.
If unset, the system's trusted certificates are used.
ConfigMap to use toverify the server certificate.
If unset, the system's trusted certificates are used.
Validation
Max items1
List typeatomic
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.tls.caCertificateRefs.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.tls.insecureSkipVerify
Originates TLS but skips verification of the backend's certificate.
WARNING: This is an insecure option that should only be used if the risks are understood.
WARNING: This is an insecure option that should only be used if the risks are understood.
There are two modes:
*
*
mismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
if possible.
*
All disables all TLS verification.*
Hostname verifies the CA certificate is trusted, but ignores anymismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
verifySubjectAltNames to customize the valid hostnamesif possible.
Validation
EnumAll, Hostname
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.tls.keyExchangeGroups
Ordered list of key exchange groups for a TLS connection.
For example:
For example:
X25519_MLKEM768,X25519.spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.tls.mtlsCertificateRef
Enables mutual TLS to the backend, using the
specified key (
credential source, defaulting to a Kubernetes
specified key (
tls.key) and cert (tls.crt) from the referencedcredential source, defaulting to a Kubernetes
Secret.An optional
server certificate. If
ca.cert field, if present, will be used to verify theserver certificate. If
caCertificateRefs is also specified, thecaCertificateRefs field takes priority.If unspecified, no client certificate will be used.
Validation
Max items1
List typeatomic
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.tls.mtlsCertificateRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.tls.mtlsCertificateRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.tls.mtlsCertificateRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.tls.sni
Server Name Indicator (
handshake. If unset, the
destination hostname.
SNI) to use in the TLShandshake. If unset, the
SNI is automatically set based on thedestination hostname.
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Min length1
Max length253
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.tls.verifySubjectAltNames
Subject Alternative Names (
to verify in the server certificate.
If not present, the destination hostname is automatically used.
SAN)to verify in the server certificate.
If not present, the destination hostname is automatically used.
Validation
Min items1
Max items16
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.tunnel
Settings for managing tunnel connections, with behavior like
HTTPS_PROXY, to the backend.spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.tunnel.backendRef
Proxy server to reach.
Supported types:
Supported types:
Service and Backend.Validation
Rule
Must have port for Service reference
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.tunnel.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.tunnel.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.tunnel.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.tunnel.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.backend.ai.promptGuard.request.bedrockGuardrails.policies.tunnel.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
spec.backend.ai.promptGuard.request.bedrockGuardrails.region
AWS region where the guardrail is deployed, for example
us-west-2).Validation
Min length1
Max length256
Documentation References (1)
spec.backend.ai.promptGuard.request.bedrockGuardrails.version
Version of the Guardrail policy to use for the backend.
Validation
Min length1
Max length256
Documentation References (1)
spec.backend.ai.promptGuard.request.googleModelArmor
Google Model Armor settings for prompt guarding.
Documentation References (1)
spec.backend.ai.promptGuard.request.googleModelArmor.location
Google Cloud location, for example
Defaults to
us-central1.Defaults to
us-central1 if not specified.Validation
Defaultus-central1
Min length1
Max length256
Documentation References (1)
spec.backend.ai.promptGuard.request.googleModelArmor.policies
Policies for communicating with Google Model Armor.
Documentation References (1)
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth
Settings for managing authentication to the backend.
Validation
Rule
location may only be set for key or passthrough auth
Rule
exactly one of the fields in [key secretRef passthrough aws azure gcp] must be set
Documentation References (1)
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.aws
Explicit AWS authentication method for the backend.
When omitted, default AWS SDK credential discovery is used.
When omitted, default AWS SDK credential discovery is used.
Validation
Rule
secretRef and assumeRole are mutually exclusive
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.aws.assumeRole
AWS STS AssumeRole settings to use before signing backend requests.
Ambient AWS credentials are used as the source credentials for STS.
Ambient AWS credentials are used as the source credentials for STS.
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.aws.assumeRole.roleArn
AWS IAM role ARN to assume.
Validation
Pattern^arn:aws[a-z-]*:iam::[0-9]{12}:role/.+$
Min length1
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.aws.secretRef
Credential source, defaulting to a Kubernetes
resolver, the
optionally
Secret, containing the AWS credentials. When using the default Secretresolver, the
Secret must have keys accessKey, secretKey, andoptionally
sessionToken.Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.aws.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.aws.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.aws.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.aws.serviceName
AWS SigV4 signing service name, for example
backends may provide this automatically.
bedrock, bedrock-agentcore, or execute-api). If unset, typed AWSbackends may provide this automatically.
Validation
Min length1
Max length256
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.azure
Azure authentication method for the backend.
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.azure.managedIdentity
Managed identity authentication settings.
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.azure.managedIdentity.clientId
No description for this field.
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.azure.managedIdentity.objectId
No description for this field.
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.azure.managedIdentity.resourceId
No description for this field.
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.azure.secretRef
Credential source, defaulting to a Kubernetes
resolver, the
Secret, containing the Azure credentials. When using the default Secretresolver, the
Secret must have keys clientID, tenantID, andclientSecret.Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.azure.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.azure.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.azure.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.gcp
Google authentication method for the backend.
When omitted, default Google credential discovery is used.
When omitted, default Google credential discovery is used.
Validation
Rule
audience is only valid with IdToken
Documentation References (1)
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.gcp.audience
Explicit
valid with
derived from the backend hostname.
aud value for the ID token. Onlyvalid with
IdToken type. If not set, the aud is automaticallyderived from the backend hostname.
Validation
Min length1
Max length256
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.gcp.secretRef
Credential source, defaulting to a Kubernetes
the default Secret resolver, this must be stored in the
key. When omitted, ambient credentials are used.
Secret, containing ADC-compatible Google credential JSON. When usingthe default Secret resolver, this must be stored in the
credentials.jsonkey. When omitted, ambient credentials are used.
Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.gcp.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.gcp.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.gcp.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.gcp.type
The type of token to generate. To authenticate to GCP services,
generally an
generally an
AccessToken is used. To authenticate to Cloud Run, anIdToken is used.Validation
EnumAccessToken, IdToken
Documentation References (1)
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.key
Inline key to use as the value of the
Authorization header. This option is the least secure; usage of aSecret is preferred.Validation
Max length2048
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.location
Where backend credentials are inserted.
If omitted, credentials are written to the
This applies to
If omitted, credentials are written to the
Authorization header with the Bearer prefix.This applies to
key, secretRef, and passthrough.Validation
Rule
exactly one of the fields in [header queryParameter cookie] must be set
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.location.cookie
No description for this field.
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.location.cookie.name
No description for this field.
Validation
Min length1
Max length256
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.location.header
No description for this field.
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.location.header.name
HTTPHeaderName is the name of an HTTP header.
Valid values include:
* "Authorization"
* "Set-Cookie"
* "Set-Cookie"
Invalid values include:
- ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.location.header.prefix
No description for this field.
Validation
Min length1
Max length256
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.location.queryParameter
No description for this field.
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.location.queryParameter.name
No description for this field.
Validation
Min length1
Max length256
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.passthrough
Passes through an existing token that has been sent by the
client and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
client and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.secretRef
Credential source, defaulting to a Kubernetes
the default Secret resolver, this must be stored in the
key.
Secret, storing the key to use as the authorization value. When usingthe default Secret resolver, this must be stored in the
Authorizationkey.
Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.backend.ai.promptGuard.request.googleModelArmor.policies.auth.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.backend.ai.promptGuard.request.googleModelArmor.policies.http
Settings for managing HTTP requests to the backend.
spec.backend.ai.promptGuard.request.googleModelArmor.policies.http.requestTimeout
Deadline for receiving a response from the backend.
Validation
Rule
invalid duration value
Rule
requestTimeout must be at least 1ms
spec.backend.ai.promptGuard.request.googleModelArmor.policies.http.version
HTTP protocol version to use when connecting to
the backend.
If not specified, the version is automatically determined:
*
port.
* If traffic is identified as gRPC,
* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS,
because most clients will transparently upgrade HTTPS traffic to
the backend.
If not specified, the version is automatically determined:
*
Service types can specify it with appProtocol on the Serviceport.
* If traffic is identified as gRPC,
HTTP2 is used.* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS,
HTTP1 will be used. This isbecause most clients will transparently upgrade HTTPS traffic to
HTTP2, even if the backend doesn't support it.Validation
EnumHTTP1, HTTP2
spec.backend.ai.promptGuard.request.googleModelArmor.policies.tcp
Settings for managing TCP connections to the backend.
spec.backend.ai.promptGuard.request.googleModelArmor.policies.tcp.connectTimeout
Deadline for establishing a connection to
the destination.
the destination.
Validation
Rule
invalid duration value
Rule
connectTimeout must be at least 100ms
spec.backend.ai.promptGuard.request.googleModelArmor.policies.tcp.keepalive
Settings for enabling TCP keepalives on the
connection.
connection.
spec.backend.ai.promptGuard.request.googleModelArmor.policies.tcp.keepalive.interval
Time between keepalive probes.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
interval must be at least 1 second
spec.backend.ai.promptGuard.request.googleModelArmor.policies.tcp.keepalive.retries
Maximum number of keepalive probes to send before dropping the connection.
If unset, this defaults to 9.
If unset, this defaults to 9.
Validation
Formatint32
Minimum1
Maximum64
spec.backend.ai.promptGuard.request.googleModelArmor.policies.tcp.keepalive.time
Time a connection needs to be idle before keepalive probes start being sent.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
time must be at least 1 second
spec.backend.ai.promptGuard.request.googleModelArmor.policies.tls
Settings for managing TLS connections to the backend.
If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to
validate the server, and the SNI will automatically be set based on the destination.
validate the server, and the SNI will automatically be set based on the destination.
Validation
Rule
insecureSkipVerify All and caCertificateRefs may not be set together
Rule
insecureSkipVerify and verifySubjectAltNames may not be set together
Rule
at most one of the fields in [verifySubjectAltNames insecureSkipVerify] may be set
spec.backend.ai.promptGuard.request.googleModelArmor.policies.tls.alpnProtocols
Application-Layer Protocol Negotiation (
value to use in the TLS handshake.
ALPN)value to use in the TLS handshake.
If not present, defaults to
["h2", "http/1.1"].Validation
Min items1
Max items16
spec.backend.ai.promptGuard.request.googleModelArmor.policies.tls.caCertificateRefs
CA certificate
verify the server certificate.
If unset, the system's trusted certificates are used.
ConfigMap to use toverify the server certificate.
If unset, the system's trusted certificates are used.
Validation
Max items1
List typeatomic
spec.backend.ai.promptGuard.request.googleModelArmor.policies.tls.caCertificateRefs.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.backend.ai.promptGuard.request.googleModelArmor.policies.tls.insecureSkipVerify
Originates TLS but skips verification of the backend's certificate.
WARNING: This is an insecure option that should only be used if the risks are understood.
WARNING: This is an insecure option that should only be used if the risks are understood.
There are two modes:
*
*
mismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
if possible.
*
All disables all TLS verification.*
Hostname verifies the CA certificate is trusted, but ignores anymismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
verifySubjectAltNames to customize the valid hostnamesif possible.
Validation
EnumAll, Hostname
spec.backend.ai.promptGuard.request.googleModelArmor.policies.tls.keyExchangeGroups
Ordered list of key exchange groups for a TLS connection.
For example:
For example:
X25519_MLKEM768,X25519.spec.backend.ai.promptGuard.request.googleModelArmor.policies.tls.mtlsCertificateRef
Enables mutual TLS to the backend, using the
specified key (
credential source, defaulting to a Kubernetes
specified key (
tls.key) and cert (tls.crt) from the referencedcredential source, defaulting to a Kubernetes
Secret.An optional
server certificate. If
ca.cert field, if present, will be used to verify theserver certificate. If
caCertificateRefs is also specified, thecaCertificateRefs field takes priority.If unspecified, no client certificate will be used.
Validation
Max items1
List typeatomic
spec.backend.ai.promptGuard.request.googleModelArmor.policies.tls.mtlsCertificateRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.backend.ai.promptGuard.request.googleModelArmor.policies.tls.mtlsCertificateRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.backend.ai.promptGuard.request.googleModelArmor.policies.tls.mtlsCertificateRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.backend.ai.promptGuard.request.googleModelArmor.policies.tls.sni
Server Name Indicator (
handshake. If unset, the
destination hostname.
SNI) to use in the TLShandshake. If unset, the
SNI is automatically set based on thedestination hostname.
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Min length1
Max length253
spec.backend.ai.promptGuard.request.googleModelArmor.policies.tls.verifySubjectAltNames
Subject Alternative Names (
to verify in the server certificate.
If not present, the destination hostname is automatically used.
SAN)to verify in the server certificate.
If not present, the destination hostname is automatically used.
Validation
Min items1
Max items16
spec.backend.ai.promptGuard.request.googleModelArmor.policies.tunnel
Settings for managing tunnel connections, with behavior like
HTTPS_PROXY, to the backend.spec.backend.ai.promptGuard.request.googleModelArmor.policies.tunnel.backendRef
Proxy server to reach.
Supported types:
Supported types:
Service and Backend.Validation
Rule
Must have port for Service reference
spec.backend.ai.promptGuard.request.googleModelArmor.policies.tunnel.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.backend.ai.promptGuard.request.googleModelArmor.policies.tunnel.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.backend.ai.promptGuard.request.googleModelArmor.policies.tunnel.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
spec.backend.ai.promptGuard.request.googleModelArmor.policies.tunnel.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.backend.ai.promptGuard.request.googleModelArmor.policies.tunnel.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
spec.backend.ai.promptGuard.request.googleModelArmor.projectId
Google Cloud project ID.
Validation
Min length1
Max length256
Documentation References (1)
spec.backend.ai.promptGuard.request.googleModelArmor.templateId
Template ID for Google Model Armor.
Validation
Min length1
Max length256
Documentation References (1)
spec.backend.ai.promptGuard.request.openAIModeration
Passes prompt data through the OpenAI Moderations
endpoint.
See https://developers.openai.com/api/reference/resources/moderations for more information.
endpoint.
See https://developers.openai.com/api/reference/resources/moderations for more information.
Documentation References (2)
spec.backend.ai.promptGuard.request.openAIModeration.model
Moderation model to use. For example,
omni-moderation.Documentation References (2)
spec.backend.ai.promptGuard.request.openAIModeration.policies
Policies for communicating with OpenAI.
Documentation References (2)
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth
Settings for managing authentication to the backend.
Validation
Rule
location may only be set for key or passthrough auth
Rule
exactly one of the fields in [key secretRef passthrough aws azure gcp] must be set
Documentation References (2)
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.aws
Explicit AWS authentication method for the backend.
When omitted, default AWS SDK credential discovery is used.
When omitted, default AWS SDK credential discovery is used.
Validation
Rule
secretRef and assumeRole are mutually exclusive
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.aws.assumeRole
AWS STS AssumeRole settings to use before signing backend requests.
Ambient AWS credentials are used as the source credentials for STS.
Ambient AWS credentials are used as the source credentials for STS.
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.aws.assumeRole.roleArn
AWS IAM role ARN to assume.
Validation
Pattern^arn:aws[a-z-]*:iam::[0-9]{12}:role/.+$
Min length1
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.aws.secretRef
Credential source, defaulting to a Kubernetes
resolver, the
optionally
Secret, containing the AWS credentials. When using the default Secretresolver, the
Secret must have keys accessKey, secretKey, andoptionally
sessionToken.Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.aws.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.aws.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.aws.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.aws.serviceName
AWS SigV4 signing service name, for example
backends may provide this automatically.
bedrock, bedrock-agentcore, or execute-api). If unset, typed AWSbackends may provide this automatically.
Validation
Min length1
Max length256
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.azure
Azure authentication method for the backend.
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.azure.managedIdentity
Managed identity authentication settings.
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.azure.managedIdentity.clientId
No description for this field.
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.azure.managedIdentity.objectId
No description for this field.
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.azure.managedIdentity.resourceId
No description for this field.
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.azure.secretRef
Credential source, defaulting to a Kubernetes
resolver, the
Secret, containing the Azure credentials. When using the default Secretresolver, the
Secret must have keys clientID, tenantID, andclientSecret.Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.azure.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.azure.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.azure.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.gcp
Google authentication method for the backend.
When omitted, default Google credential discovery is used.
When omitted, default Google credential discovery is used.
Validation
Rule
audience is only valid with IdToken
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.gcp.audience
Explicit
valid with
derived from the backend hostname.
aud value for the ID token. Onlyvalid with
IdToken type. If not set, the aud is automaticallyderived from the backend hostname.
Validation
Min length1
Max length256
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.gcp.secretRef
Credential source, defaulting to a Kubernetes
the default Secret resolver, this must be stored in the
key. When omitted, ambient credentials are used.
Secret, containing ADC-compatible Google credential JSON. When usingthe default Secret resolver, this must be stored in the
credentials.jsonkey. When omitted, ambient credentials are used.
Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.gcp.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.gcp.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.gcp.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.gcp.type
The type of token to generate. To authenticate to GCP services,
generally an
generally an
AccessToken is used. To authenticate to Cloud Run, anIdToken is used.Validation
EnumAccessToken, IdToken
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.key
Inline key to use as the value of the
Authorization header. This option is the least secure; usage of aSecret is preferred.Validation
Max length2048
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.location
Where backend credentials are inserted.
If omitted, credentials are written to the
This applies to
If omitted, credentials are written to the
Authorization header with the Bearer prefix.This applies to
key, secretRef, and passthrough.Validation
Rule
exactly one of the fields in [header queryParameter cookie] must be set
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.location.cookie
No description for this field.
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.location.cookie.name
No description for this field.
Validation
Min length1
Max length256
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.location.header
No description for this field.
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.location.header.name
HTTPHeaderName is the name of an HTTP header.
Valid values include:
* "Authorization"
* "Set-Cookie"
* "Set-Cookie"
Invalid values include:
- ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.location.header.prefix
No description for this field.
Validation
Min length1
Max length256
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.location.queryParameter
No description for this field.
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.location.queryParameter.name
No description for this field.
Validation
Min length1
Max length256
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.passthrough
Passes through an existing token that has been sent by the
client and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
client and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.secretRef
Credential source, defaulting to a Kubernetes
the default Secret resolver, this must be stored in the
key.
Secret, storing the key to use as the authorization value. When usingthe default Secret resolver, this must be stored in the
Authorizationkey.
Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
Documentation References (2)
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.backend.ai.promptGuard.request.openAIModeration.policies.auth.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
Documentation References (2)
spec.backend.ai.promptGuard.request.openAIModeration.policies.http
Settings for managing HTTP requests to the backend.
spec.backend.ai.promptGuard.request.openAIModeration.policies.http.requestTimeout
Deadline for receiving a response from the backend.
Validation
Rule
invalid duration value
Rule
requestTimeout must be at least 1ms
spec.backend.ai.promptGuard.request.openAIModeration.policies.http.version
HTTP protocol version to use when connecting to
the backend.
If not specified, the version is automatically determined:
*
port.
* If traffic is identified as gRPC,
* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS,
because most clients will transparently upgrade HTTPS traffic to
the backend.
If not specified, the version is automatically determined:
*
Service types can specify it with appProtocol on the Serviceport.
* If traffic is identified as gRPC,
HTTP2 is used.* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS,
HTTP1 will be used. This isbecause most clients will transparently upgrade HTTPS traffic to
HTTP2, even if the backend doesn't support it.Validation
EnumHTTP1, HTTP2
spec.backend.ai.promptGuard.request.openAIModeration.policies.tcp
Settings for managing TCP connections to the backend.
spec.backend.ai.promptGuard.request.openAIModeration.policies.tcp.connectTimeout
Deadline for establishing a connection to
the destination.
the destination.
Validation
Rule
invalid duration value
Rule
connectTimeout must be at least 100ms
spec.backend.ai.promptGuard.request.openAIModeration.policies.tcp.keepalive
Settings for enabling TCP keepalives on the
connection.
connection.
spec.backend.ai.promptGuard.request.openAIModeration.policies.tcp.keepalive.interval
Time between keepalive probes.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
interval must be at least 1 second
spec.backend.ai.promptGuard.request.openAIModeration.policies.tcp.keepalive.retries
Maximum number of keepalive probes to send before dropping the connection.
If unset, this defaults to 9.
If unset, this defaults to 9.
Validation
Formatint32
Minimum1
Maximum64
spec.backend.ai.promptGuard.request.openAIModeration.policies.tcp.keepalive.time
Time a connection needs to be idle before keepalive probes start being sent.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
time must be at least 1 second
spec.backend.ai.promptGuard.request.openAIModeration.policies.tls
Settings for managing TLS connections to the backend.
If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to
validate the server, and the SNI will automatically be set based on the destination.
validate the server, and the SNI will automatically be set based on the destination.
Validation
Rule
insecureSkipVerify All and caCertificateRefs may not be set together
Rule
insecureSkipVerify and verifySubjectAltNames may not be set together
Rule
at most one of the fields in [verifySubjectAltNames insecureSkipVerify] may be set
spec.backend.ai.promptGuard.request.openAIModeration.policies.tls.alpnProtocols
Application-Layer Protocol Negotiation (
value to use in the TLS handshake.
ALPN)value to use in the TLS handshake.
If not present, defaults to
["h2", "http/1.1"].Validation
Min items1
Max items16
spec.backend.ai.promptGuard.request.openAIModeration.policies.tls.caCertificateRefs
CA certificate
verify the server certificate.
If unset, the system's trusted certificates are used.
ConfigMap to use toverify the server certificate.
If unset, the system's trusted certificates are used.
Validation
Max items1
List typeatomic
spec.backend.ai.promptGuard.request.openAIModeration.policies.tls.caCertificateRefs.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.backend.ai.promptGuard.request.openAIModeration.policies.tls.insecureSkipVerify
Originates TLS but skips verification of the backend's certificate.
WARNING: This is an insecure option that should only be used if the risks are understood.
WARNING: This is an insecure option that should only be used if the risks are understood.
There are two modes:
*
*
mismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
if possible.
*
All disables all TLS verification.*
Hostname verifies the CA certificate is trusted, but ignores anymismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
verifySubjectAltNames to customize the valid hostnamesif possible.
Validation
EnumAll, Hostname
spec.backend.ai.promptGuard.request.openAIModeration.policies.tls.keyExchangeGroups
Ordered list of key exchange groups for a TLS connection.
For example:
For example:
X25519_MLKEM768,X25519.spec.backend.ai.promptGuard.request.openAIModeration.policies.tls.mtlsCertificateRef
Enables mutual TLS to the backend, using the
specified key (
credential source, defaulting to a Kubernetes
specified key (
tls.key) and cert (tls.crt) from the referencedcredential source, defaulting to a Kubernetes
Secret.An optional
server certificate. If
ca.cert field, if present, will be used to verify theserver certificate. If
caCertificateRefs is also specified, thecaCertificateRefs field takes priority.If unspecified, no client certificate will be used.
Validation
Max items1
List typeatomic
spec.backend.ai.promptGuard.request.openAIModeration.policies.tls.mtlsCertificateRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.backend.ai.promptGuard.request.openAIModeration.policies.tls.mtlsCertificateRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.backend.ai.promptGuard.request.openAIModeration.policies.tls.mtlsCertificateRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.backend.ai.promptGuard.request.openAIModeration.policies.tls.sni
Server Name Indicator (
handshake. If unset, the
destination hostname.
SNI) to use in the TLShandshake. If unset, the
SNI is automatically set based on thedestination hostname.
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Min length1
Max length253
spec.backend.ai.promptGuard.request.openAIModeration.policies.tls.verifySubjectAltNames
Subject Alternative Names (
to verify in the server certificate.
If not present, the destination hostname is automatically used.
SAN)to verify in the server certificate.
If not present, the destination hostname is automatically used.
Validation
Min items1
Max items16
spec.backend.ai.promptGuard.request.openAIModeration.policies.tunnel
Settings for managing tunnel connections, with behavior like
HTTPS_PROXY, to the backend.spec.backend.ai.promptGuard.request.openAIModeration.policies.tunnel.backendRef
Proxy server to reach.
Supported types:
Supported types:
Service and Backend.Validation
Rule
Must have port for Service reference
spec.backend.ai.promptGuard.request.openAIModeration.policies.tunnel.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.backend.ai.promptGuard.request.openAIModeration.policies.tunnel.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.backend.ai.promptGuard.request.openAIModeration.policies.tunnel.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
spec.backend.ai.promptGuard.request.openAIModeration.policies.tunnel.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.backend.ai.promptGuard.request.openAIModeration.policies.tunnel.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
spec.backend.ai.promptGuard.request.regex
Regular expression (regex) matching for prompt guards and data masking.
Documentation References (3)
spec.backend.ai.promptGuard.request.regex.action
The action to take if a regex pattern is matched in a request or response.
This setting applies only to request matches.
matches are always masked by default.
Defaults to
This setting applies only to request matches.
PromptguardResponsematches are always masked by default.
Defaults to
Mask.Validation
EnumMask, Reject
DefaultMask
Documentation References (3)
spec.backend.ai.promptGuard.request.regex.builtins
Built-in regex patterns to match against the request or response.
Matches and built-ins are additive.
Matches and built-ins are additive.
Documentation References (2)
spec.backend.ai.promptGuard.request.regex.matches
Regex patterns to match against the request or response.
Matches and built-ins are additive.
Matches and built-ins are additive.
Documentation References (2)
spec.backend.ai.promptGuard.request.response
Custom response message to return to the client. If not specified, defaults to
The request was rejected due to inappropriate content.Validation
Rule
at least one of the fields in [message statusCode] must be set
Documentation References (4)
spec.backend.ai.promptGuard.request.response.message
Custom response message to return to the client. If not specified, defaults to
The request was rejected due to inappropriate content.Validation
DefaultThe request was rejected due to inappropriate content
Documentation References (4)
spec.backend.ai.promptGuard.request.response.statusCode
Status code to return to the client. Defaults to 403.
Validation
Default403
Formatint32
Minimum200
Maximum599
Documentation References (1)
spec.backend.ai.promptGuard.request.webhook
Webhook that receives requests for prompt guarding.
Documentation References (2)
spec.backend.ai.promptGuard.request.webhook.backendRef
Webhook server to reach.
Supported types: Service and Backend.
Validation
Rule
Must have port for Service reference
Documentation References (2)
spec.backend.ai.promptGuard.request.webhook.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.backend.ai.promptGuard.request.webhook.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
Documentation References (2)
spec.backend.ai.promptGuard.request.webhook.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
Documentation References (2)
spec.backend.ai.promptGuard.request.webhook.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.backend.ai.promptGuard.request.webhook.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
Documentation References (2)
spec.backend.ai.promptGuard.request.webhook.failureMode
Behavior when the webhook guardrail is unavailable
or returns an error.
or returns an error.
FailOpen allows the request to continue.FailClosed (default) rejects the request.Validation
EnumFailClosed, FailOpen
spec.backend.ai.promptGuard.request.webhook.forwardHeaderMatches
HTTP header matches used to select the headers to forward to the webhook.
Request headers are used when forwarding requests and response headers
are used when forwarding responses.
By default, no headers are forwarded.
Request headers are used when forwarding requests and response headers
are used when forwarding responses.
By default, no headers are forwarded.
spec.backend.ai.promptGuard.request.webhook.forwardHeaderMatches.name
Name is the name of the HTTP Header to be matched. Name matching MUST be
case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
If multiple entries specify equivalent header names, only the first
entry with an equivalent name MUST be considered for a match. Subsequent
entries with an equivalent header name MUST be ignored. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered
equivalent.
entry with an equivalent name MUST be considered for a match. Subsequent
entries with an equivalent header name MUST be ignored. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered
equivalent.
When a header is repeated in an HTTP request, it is
implementation-specific behavior as to how this is represented.
Generally, proxies should follow the guidance from the RFC:
https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding
processing a repeated header, with special handling for "Set-Cookie".
implementation-specific behavior as to how this is represented.
Generally, proxies should follow the guidance from the RFC:
https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding
processing a repeated header, with special handling for "Set-Cookie".
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.backend.ai.promptGuard.request.webhook.forwardHeaderMatches.type
Type specifies how to match against the value of the header.
Support: Core (Exact)
Support: Implementation-specific (RegularExpression)
Since RegularExpression HeaderMatchType has implementation-specific
conformance, implementations can support POSIX, PCRE or any other dialects
of regular expressions. Please read the implementation's documentation to
determine the supported dialect.
conformance, implementations can support POSIX, PCRE or any other dialects
of regular expressions. Please read the implementation's documentation to
determine the supported dialect.
Validation
EnumExact, RegularExpression
DefaultExact
spec.backend.ai.promptGuard.request.webhook.forwardHeaderMatches.value
Value is the value of HTTP Header to be matched.
<gateway:experimental:description>
Must consist of printable US-ASCII characters, optionally separated
by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2
</gateway:experimental:description>
<gateway:experimental:description>
Must consist of printable US-ASCII characters, optionally separated
by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2
</gateway:experimental:description>
<gateway:experimental:validation:Pattern=
^[!-~]+([\t ]?[!-~]+)*$>Validation
Min length1
Max length4096
spec.backend.ai.promptGuard.response
Prompt guards to apply to responses returned by the LLM provider.
Validation
Min items1
Max items8
spec.backend.ai.promptGuard.response.bedrockGuardrails
AWS Bedrock Guardrails settings for prompt
guarding.
guarding.
Documentation References (1)
spec.backend.ai.promptGuard.response.bedrockGuardrails.identifier
Identifier of the Guardrail policy to use for the backend.
Validation
Min length1
Max length256
Documentation References (1)
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies
Policies for communicating with AWS Bedrock Guardrails.
Documentation References (1)
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth
Settings for managing authentication to the backend.
Validation
Rule
location may only be set for key or passthrough auth
Rule
exactly one of the fields in [key secretRef passthrough aws azure gcp] must be set
Documentation References (1)
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.aws
Explicit AWS authentication method for the backend.
When omitted, default AWS SDK credential discovery is used.
When omitted, default AWS SDK credential discovery is used.
Validation
Rule
secretRef and assumeRole are mutually exclusive
Documentation References (1)
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.aws.assumeRole
AWS STS AssumeRole settings to use before signing backend requests.
Ambient AWS credentials are used as the source credentials for STS.
Ambient AWS credentials are used as the source credentials for STS.
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.aws.assumeRole.roleArn
AWS IAM role ARN to assume.
Validation
Pattern^arn:aws[a-z-]*:iam::[0-9]{12}:role/.+$
Min length1
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.aws.secretRef
Credential source, defaulting to a Kubernetes
resolver, the
optionally
Secret, containing the AWS credentials. When using the default Secretresolver, the
Secret must have keys accessKey, secretKey, andoptionally
sessionToken.Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
Documentation References (1)
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.aws.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.aws.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.aws.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
Documentation References (1)
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.aws.serviceName
AWS SigV4 signing service name, for example
backends may provide this automatically.
bedrock, bedrock-agentcore, or execute-api). If unset, typed AWSbackends may provide this automatically.
Validation
Min length1
Max length256
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.azure
Azure authentication method for the backend.
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.azure.managedIdentity
Managed identity authentication settings.
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.azure.managedIdentity.clientId
No description for this field.
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.azure.managedIdentity.objectId
No description for this field.
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.azure.managedIdentity.resourceId
No description for this field.
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.azure.secretRef
Credential source, defaulting to a Kubernetes
resolver, the
Secret, containing the Azure credentials. When using the default Secretresolver, the
Secret must have keys clientID, tenantID, andclientSecret.Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.azure.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.azure.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.azure.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.gcp
Google authentication method for the backend.
When omitted, default Google credential discovery is used.
When omitted, default Google credential discovery is used.
Validation
Rule
audience is only valid with IdToken
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.gcp.audience
Explicit
valid with
derived from the backend hostname.
aud value for the ID token. Onlyvalid with
IdToken type. If not set, the aud is automaticallyderived from the backend hostname.
Validation
Min length1
Max length256
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.gcp.secretRef
Credential source, defaulting to a Kubernetes
the default Secret resolver, this must be stored in the
key. When omitted, ambient credentials are used.
Secret, containing ADC-compatible Google credential JSON. When usingthe default Secret resolver, this must be stored in the
credentials.jsonkey. When omitted, ambient credentials are used.
Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.gcp.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.gcp.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.gcp.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.gcp.type
The type of token to generate. To authenticate to GCP services,
generally an
generally an
AccessToken is used. To authenticate to Cloud Run, anIdToken is used.Validation
EnumAccessToken, IdToken
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.key
Inline key to use as the value of the
Authorization header. This option is the least secure; usage of aSecret is preferred.Validation
Max length2048
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.location
Where backend credentials are inserted.
If omitted, credentials are written to the
This applies to
If omitted, credentials are written to the
Authorization header with the Bearer prefix.This applies to
key, secretRef, and passthrough.Validation
Rule
exactly one of the fields in [header queryParameter cookie] must be set
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.location.cookie
No description for this field.
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.location.cookie.name
No description for this field.
Validation
Min length1
Max length256
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.location.header
No description for this field.
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.location.header.name
HTTPHeaderName is the name of an HTTP header.
Valid values include:
* "Authorization"
* "Set-Cookie"
* "Set-Cookie"
Invalid values include:
- ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.location.header.prefix
No description for this field.
Validation
Min length1
Max length256
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.location.queryParameter
No description for this field.
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.location.queryParameter.name
No description for this field.
Validation
Min length1
Max length256
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.passthrough
Passes through an existing token that has been sent by the
client and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
client and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.secretRef
Credential source, defaulting to a Kubernetes
the default Secret resolver, this must be stored in the
key.
Secret, storing the key to use as the authorization value. When usingthe default Secret resolver, this must be stored in the
Authorizationkey.
Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.auth.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.http
Settings for managing HTTP requests to the backend.
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.http.requestTimeout
Deadline for receiving a response from the backend.
Validation
Rule
invalid duration value
Rule
requestTimeout must be at least 1ms
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.http.version
HTTP protocol version to use when connecting to
the backend.
If not specified, the version is automatically determined:
*
port.
* If traffic is identified as gRPC,
* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS,
because most clients will transparently upgrade HTTPS traffic to
the backend.
If not specified, the version is automatically determined:
*
Service types can specify it with appProtocol on the Serviceport.
* If traffic is identified as gRPC,
HTTP2 is used.* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS,
HTTP1 will be used. This isbecause most clients will transparently upgrade HTTPS traffic to
HTTP2, even if the backend doesn't support it.Validation
EnumHTTP1, HTTP2
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.tcp
Settings for managing TCP connections to the backend.
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.tcp.connectTimeout
Deadline for establishing a connection to
the destination.
the destination.
Validation
Rule
invalid duration value
Rule
connectTimeout must be at least 100ms
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.tcp.keepalive
Settings for enabling TCP keepalives on the
connection.
connection.
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.tcp.keepalive.interval
Time between keepalive probes.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
interval must be at least 1 second
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.tcp.keepalive.retries
Maximum number of keepalive probes to send before dropping the connection.
If unset, this defaults to 9.
If unset, this defaults to 9.
Validation
Formatint32
Minimum1
Maximum64
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.tcp.keepalive.time
Time a connection needs to be idle before keepalive probes start being sent.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
time must be at least 1 second
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.tls
Settings for managing TLS connections to the backend.
If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to
validate the server, and the SNI will automatically be set based on the destination.
validate the server, and the SNI will automatically be set based on the destination.
Validation
Rule
insecureSkipVerify All and caCertificateRefs may not be set together
Rule
insecureSkipVerify and verifySubjectAltNames may not be set together
Rule
at most one of the fields in [verifySubjectAltNames insecureSkipVerify] may be set
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.tls.alpnProtocols
Application-Layer Protocol Negotiation (
value to use in the TLS handshake.
ALPN)value to use in the TLS handshake.
If not present, defaults to
["h2", "http/1.1"].Validation
Min items1
Max items16
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.tls.caCertificateRefs
CA certificate
verify the server certificate.
If unset, the system's trusted certificates are used.
ConfigMap to use toverify the server certificate.
If unset, the system's trusted certificates are used.
Validation
Max items1
List typeatomic
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.tls.caCertificateRefs.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.tls.insecureSkipVerify
Originates TLS but skips verification of the backend's certificate.
WARNING: This is an insecure option that should only be used if the risks are understood.
WARNING: This is an insecure option that should only be used if the risks are understood.
There are two modes:
*
*
mismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
if possible.
*
All disables all TLS verification.*
Hostname verifies the CA certificate is trusted, but ignores anymismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
verifySubjectAltNames to customize the valid hostnamesif possible.
Validation
EnumAll, Hostname
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.tls.keyExchangeGroups
Ordered list of key exchange groups for a TLS connection.
For example:
For example:
X25519_MLKEM768,X25519.spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.tls.mtlsCertificateRef
Enables mutual TLS to the backend, using the
specified key (
credential source, defaulting to a Kubernetes
specified key (
tls.key) and cert (tls.crt) from the referencedcredential source, defaulting to a Kubernetes
Secret.An optional
server certificate. If
ca.cert field, if present, will be used to verify theserver certificate. If
caCertificateRefs is also specified, thecaCertificateRefs field takes priority.If unspecified, no client certificate will be used.
Validation
Max items1
List typeatomic
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.tls.mtlsCertificateRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.tls.mtlsCertificateRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.tls.mtlsCertificateRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.tls.sni
Server Name Indicator (
handshake. If unset, the
destination hostname.
SNI) to use in the TLShandshake. If unset, the
SNI is automatically set based on thedestination hostname.
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Min length1
Max length253
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.tls.verifySubjectAltNames
Subject Alternative Names (
to verify in the server certificate.
If not present, the destination hostname is automatically used.
SAN)to verify in the server certificate.
If not present, the destination hostname is automatically used.
Validation
Min items1
Max items16
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.tunnel
Settings for managing tunnel connections, with behavior like
HTTPS_PROXY, to the backend.spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.tunnel.backendRef
Proxy server to reach.
Supported types:
Supported types:
Service and Backend.Validation
Rule
Must have port for Service reference
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.tunnel.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.tunnel.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.tunnel.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.tunnel.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.backend.ai.promptGuard.response.bedrockGuardrails.policies.tunnel.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
spec.backend.ai.promptGuard.response.bedrockGuardrails.region
AWS region where the guardrail is deployed, for example
us-west-2).Validation
Min length1
Max length256
Documentation References (1)
spec.backend.ai.promptGuard.response.bedrockGuardrails.version
Version of the Guardrail policy to use for the backend.
Validation
Min length1
Max length256
Documentation References (1)
spec.backend.ai.promptGuard.response.googleModelArmor
Google Model Armor settings for prompt guarding.
Documentation References (1)
spec.backend.ai.promptGuard.response.googleModelArmor.location
Google Cloud location, for example
Defaults to
us-central1.Defaults to
us-central1 if not specified.Validation
Defaultus-central1
Min length1
Max length256
Documentation References (1)
spec.backend.ai.promptGuard.response.googleModelArmor.policies
Policies for communicating with Google Model Armor.
Documentation References (1)
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth
Settings for managing authentication to the backend.
Validation
Rule
location may only be set for key or passthrough auth
Rule
exactly one of the fields in [key secretRef passthrough aws azure gcp] must be set
Documentation References (1)
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.aws
Explicit AWS authentication method for the backend.
When omitted, default AWS SDK credential discovery is used.
When omitted, default AWS SDK credential discovery is used.
Validation
Rule
secretRef and assumeRole are mutually exclusive
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.aws.assumeRole
AWS STS AssumeRole settings to use before signing backend requests.
Ambient AWS credentials are used as the source credentials for STS.
Ambient AWS credentials are used as the source credentials for STS.
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.aws.assumeRole.roleArn
AWS IAM role ARN to assume.
Validation
Pattern^arn:aws[a-z-]*:iam::[0-9]{12}:role/.+$
Min length1
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.aws.secretRef
Credential source, defaulting to a Kubernetes
resolver, the
optionally
Secret, containing the AWS credentials. When using the default Secretresolver, the
Secret must have keys accessKey, secretKey, andoptionally
sessionToken.Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.aws.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.aws.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.aws.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.aws.serviceName
AWS SigV4 signing service name, for example
backends may provide this automatically.
bedrock, bedrock-agentcore, or execute-api). If unset, typed AWSbackends may provide this automatically.
Validation
Min length1
Max length256
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.azure
Azure authentication method for the backend.
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.azure.managedIdentity
Managed identity authentication settings.
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.azure.managedIdentity.clientId
No description for this field.
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.azure.managedIdentity.objectId
No description for this field.
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.azure.managedIdentity.resourceId
No description for this field.
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.azure.secretRef
Credential source, defaulting to a Kubernetes
resolver, the
Secret, containing the Azure credentials. When using the default Secretresolver, the
Secret must have keys clientID, tenantID, andclientSecret.Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.azure.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.azure.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.azure.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.gcp
Google authentication method for the backend.
When omitted, default Google credential discovery is used.
When omitted, default Google credential discovery is used.
Validation
Rule
audience is only valid with IdToken
Documentation References (1)
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.gcp.audience
Explicit
valid with
derived from the backend hostname.
aud value for the ID token. Onlyvalid with
IdToken type. If not set, the aud is automaticallyderived from the backend hostname.
Validation
Min length1
Max length256
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.gcp.secretRef
Credential source, defaulting to a Kubernetes
the default Secret resolver, this must be stored in the
key. When omitted, ambient credentials are used.
Secret, containing ADC-compatible Google credential JSON. When usingthe default Secret resolver, this must be stored in the
credentials.jsonkey. When omitted, ambient credentials are used.
Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.gcp.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.gcp.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.gcp.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.gcp.type
The type of token to generate. To authenticate to GCP services,
generally an
generally an
AccessToken is used. To authenticate to Cloud Run, anIdToken is used.Validation
EnumAccessToken, IdToken
Documentation References (1)
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.key
Inline key to use as the value of the
Authorization header. This option is the least secure; usage of aSecret is preferred.Validation
Max length2048
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.location
Where backend credentials are inserted.
If omitted, credentials are written to the
This applies to
If omitted, credentials are written to the
Authorization header with the Bearer prefix.This applies to
key, secretRef, and passthrough.Validation
Rule
exactly one of the fields in [header queryParameter cookie] must be set
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.location.cookie
No description for this field.
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.location.cookie.name
No description for this field.
Validation
Min length1
Max length256
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.location.header
No description for this field.
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.location.header.name
HTTPHeaderName is the name of an HTTP header.
Valid values include:
* "Authorization"
* "Set-Cookie"
* "Set-Cookie"
Invalid values include:
- ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.location.header.prefix
No description for this field.
Validation
Min length1
Max length256
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.location.queryParameter
No description for this field.
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.location.queryParameter.name
No description for this field.
Validation
Min length1
Max length256
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.passthrough
Passes through an existing token that has been sent by the
client and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
client and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.secretRef
Credential source, defaulting to a Kubernetes
the default Secret resolver, this must be stored in the
key.
Secret, storing the key to use as the authorization value. When usingthe default Secret resolver, this must be stored in the
Authorizationkey.
Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.backend.ai.promptGuard.response.googleModelArmor.policies.auth.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.backend.ai.promptGuard.response.googleModelArmor.policies.http
Settings for managing HTTP requests to the backend.
spec.backend.ai.promptGuard.response.googleModelArmor.policies.http.requestTimeout
Deadline for receiving a response from the backend.
Validation
Rule
invalid duration value
Rule
requestTimeout must be at least 1ms
spec.backend.ai.promptGuard.response.googleModelArmor.policies.http.version
HTTP protocol version to use when connecting to
the backend.
If not specified, the version is automatically determined:
*
port.
* If traffic is identified as gRPC,
* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS,
because most clients will transparently upgrade HTTPS traffic to
the backend.
If not specified, the version is automatically determined:
*
Service types can specify it with appProtocol on the Serviceport.
* If traffic is identified as gRPC,
HTTP2 is used.* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS,
HTTP1 will be used. This isbecause most clients will transparently upgrade HTTPS traffic to
HTTP2, even if the backend doesn't support it.Validation
EnumHTTP1, HTTP2
spec.backend.ai.promptGuard.response.googleModelArmor.policies.tcp
Settings for managing TCP connections to the backend.
spec.backend.ai.promptGuard.response.googleModelArmor.policies.tcp.connectTimeout
Deadline for establishing a connection to
the destination.
the destination.
Validation
Rule
invalid duration value
Rule
connectTimeout must be at least 100ms
spec.backend.ai.promptGuard.response.googleModelArmor.policies.tcp.keepalive
Settings for enabling TCP keepalives on the
connection.
connection.
spec.backend.ai.promptGuard.response.googleModelArmor.policies.tcp.keepalive.interval
Time between keepalive probes.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
interval must be at least 1 second
spec.backend.ai.promptGuard.response.googleModelArmor.policies.tcp.keepalive.retries
Maximum number of keepalive probes to send before dropping the connection.
If unset, this defaults to 9.
If unset, this defaults to 9.
Validation
Formatint32
Minimum1
Maximum64
spec.backend.ai.promptGuard.response.googleModelArmor.policies.tcp.keepalive.time
Time a connection needs to be idle before keepalive probes start being sent.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
time must be at least 1 second
spec.backend.ai.promptGuard.response.googleModelArmor.policies.tls
Settings for managing TLS connections to the backend.
If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to
validate the server, and the SNI will automatically be set based on the destination.
validate the server, and the SNI will automatically be set based on the destination.
Validation
Rule
insecureSkipVerify All and caCertificateRefs may not be set together
Rule
insecureSkipVerify and verifySubjectAltNames may not be set together
Rule
at most one of the fields in [verifySubjectAltNames insecureSkipVerify] may be set
spec.backend.ai.promptGuard.response.googleModelArmor.policies.tls.alpnProtocols
Application-Layer Protocol Negotiation (
value to use in the TLS handshake.
ALPN)value to use in the TLS handshake.
If not present, defaults to
["h2", "http/1.1"].Validation
Min items1
Max items16
spec.backend.ai.promptGuard.response.googleModelArmor.policies.tls.caCertificateRefs
CA certificate
verify the server certificate.
If unset, the system's trusted certificates are used.
ConfigMap to use toverify the server certificate.
If unset, the system's trusted certificates are used.
Validation
Max items1
List typeatomic
spec.backend.ai.promptGuard.response.googleModelArmor.policies.tls.caCertificateRefs.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.backend.ai.promptGuard.response.googleModelArmor.policies.tls.insecureSkipVerify
Originates TLS but skips verification of the backend's certificate.
WARNING: This is an insecure option that should only be used if the risks are understood.
WARNING: This is an insecure option that should only be used if the risks are understood.
There are two modes:
*
*
mismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
if possible.
*
All disables all TLS verification.*
Hostname verifies the CA certificate is trusted, but ignores anymismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
verifySubjectAltNames to customize the valid hostnamesif possible.
Validation
EnumAll, Hostname
spec.backend.ai.promptGuard.response.googleModelArmor.policies.tls.keyExchangeGroups
Ordered list of key exchange groups for a TLS connection.
For example:
For example:
X25519_MLKEM768,X25519.spec.backend.ai.promptGuard.response.googleModelArmor.policies.tls.mtlsCertificateRef
Enables mutual TLS to the backend, using the
specified key (
credential source, defaulting to a Kubernetes
specified key (
tls.key) and cert (tls.crt) from the referencedcredential source, defaulting to a Kubernetes
Secret.An optional
server certificate. If
ca.cert field, if present, will be used to verify theserver certificate. If
caCertificateRefs is also specified, thecaCertificateRefs field takes priority.If unspecified, no client certificate will be used.
Validation
Max items1
List typeatomic
spec.backend.ai.promptGuard.response.googleModelArmor.policies.tls.mtlsCertificateRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.backend.ai.promptGuard.response.googleModelArmor.policies.tls.mtlsCertificateRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.backend.ai.promptGuard.response.googleModelArmor.policies.tls.mtlsCertificateRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.backend.ai.promptGuard.response.googleModelArmor.policies.tls.sni
Server Name Indicator (
handshake. If unset, the
destination hostname.
SNI) to use in the TLShandshake. If unset, the
SNI is automatically set based on thedestination hostname.
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Min length1
Max length253
spec.backend.ai.promptGuard.response.googleModelArmor.policies.tls.verifySubjectAltNames
Subject Alternative Names (
to verify in the server certificate.
If not present, the destination hostname is automatically used.
SAN)to verify in the server certificate.
If not present, the destination hostname is automatically used.
Validation
Min items1
Max items16
spec.backend.ai.promptGuard.response.googleModelArmor.policies.tunnel
Settings for managing tunnel connections, with behavior like
HTTPS_PROXY, to the backend.spec.backend.ai.promptGuard.response.googleModelArmor.policies.tunnel.backendRef
Proxy server to reach.
Supported types:
Supported types:
Service and Backend.Validation
Rule
Must have port for Service reference
spec.backend.ai.promptGuard.response.googleModelArmor.policies.tunnel.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.backend.ai.promptGuard.response.googleModelArmor.policies.tunnel.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.backend.ai.promptGuard.response.googleModelArmor.policies.tunnel.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
spec.backend.ai.promptGuard.response.googleModelArmor.policies.tunnel.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.backend.ai.promptGuard.response.googleModelArmor.policies.tunnel.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
spec.backend.ai.promptGuard.response.googleModelArmor.projectId
Google Cloud project ID.
Validation
Min length1
Max length256
Documentation References (1)
spec.backend.ai.promptGuard.response.googleModelArmor.templateId
Template ID for Google Model Armor.
Validation
Min length1
Max length256
Documentation References (1)
spec.backend.ai.promptGuard.response.regex
Regular expression (regex) matching for prompt guards and data masking.
Documentation References (2)
spec.backend.ai.promptGuard.response.regex.action
The action to take if a regex pattern is matched in a request or response.
This setting applies only to request matches.
matches are always masked by default.
Defaults to
This setting applies only to request matches.
PromptguardResponsematches are always masked by default.
Defaults to
Mask.Validation
EnumMask, Reject
DefaultMask
Documentation References (2)
spec.backend.ai.promptGuard.response.regex.builtins
Built-in regex patterns to match against the request or response.
Matches and built-ins are additive.
Matches and built-ins are additive.
Documentation References (2)
spec.backend.ai.promptGuard.response.regex.matches
Regex patterns to match against the request or response.
Matches and built-ins are additive.
Matches and built-ins are additive.
spec.backend.ai.promptGuard.response.response
Custom response message to return to the client. If not specified, defaults to
The response was rejected due to inappropriate content.Validation
Rule
at least one of the fields in [message statusCode] must be set
spec.backend.ai.promptGuard.response.response.message
Custom response message to return to the client. If not specified, defaults to
The request was rejected due to inappropriate content.Validation
DefaultThe request was rejected due to inappropriate content
spec.backend.ai.promptGuard.response.response.statusCode
Status code to return to the client. Defaults to 403.
Validation
Default403
Formatint32
Minimum200
Maximum599
spec.backend.ai.promptGuard.response.webhook
Webhook that receives responses for prompt guarding.
Documentation References (2)
spec.backend.ai.promptGuard.response.webhook.backendRef
Webhook server to reach.
Supported types: Service and Backend.
Validation
Rule
Must have port for Service reference
Documentation References (2)
spec.backend.ai.promptGuard.response.webhook.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.backend.ai.promptGuard.response.webhook.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
Documentation References (2)
spec.backend.ai.promptGuard.response.webhook.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
Documentation References (2)
spec.backend.ai.promptGuard.response.webhook.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.backend.ai.promptGuard.response.webhook.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
Documentation References (2)
spec.backend.ai.promptGuard.response.webhook.failureMode
Behavior when the webhook guardrail is unavailable
or returns an error.
or returns an error.
FailOpen allows the request to continue.FailClosed (default) rejects the request.Validation
EnumFailClosed, FailOpen
spec.backend.ai.promptGuard.response.webhook.forwardHeaderMatches
HTTP header matches used to select the headers to forward to the webhook.
Request headers are used when forwarding requests and response headers
are used when forwarding responses.
By default, no headers are forwarded.
Request headers are used when forwarding requests and response headers
are used when forwarding responses.
By default, no headers are forwarded.
spec.backend.ai.promptGuard.response.webhook.forwardHeaderMatches.name
Name is the name of the HTTP Header to be matched. Name matching MUST be
case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
If multiple entries specify equivalent header names, only the first
entry with an equivalent name MUST be considered for a match. Subsequent
entries with an equivalent header name MUST be ignored. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered
equivalent.
entry with an equivalent name MUST be considered for a match. Subsequent
entries with an equivalent header name MUST be ignored. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered
equivalent.
When a header is repeated in an HTTP request, it is
implementation-specific behavior as to how this is represented.
Generally, proxies should follow the guidance from the RFC:
https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding
processing a repeated header, with special handling for "Set-Cookie".
implementation-specific behavior as to how this is represented.
Generally, proxies should follow the guidance from the RFC:
https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding
processing a repeated header, with special handling for "Set-Cookie".
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.backend.ai.promptGuard.response.webhook.forwardHeaderMatches.type
Type specifies how to match against the value of the header.
Support: Core (Exact)
Support: Implementation-specific (RegularExpression)
Since RegularExpression HeaderMatchType has implementation-specific
conformance, implementations can support POSIX, PCRE or any other dialects
of regular expressions. Please read the implementation's documentation to
determine the supported dialect.
conformance, implementations can support POSIX, PCRE or any other dialects
of regular expressions. Please read the implementation's documentation to
determine the supported dialect.
Validation
EnumExact, RegularExpression
DefaultExact
spec.backend.ai.promptGuard.response.webhook.forwardHeaderMatches.value
Value is the value of HTTP Header to be matched.
<gateway:experimental:description>
Must consist of printable US-ASCII characters, optionally separated
by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2
</gateway:experimental:description>
<gateway:experimental:description>
Must consist of printable US-ASCII characters, optionally separated
by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2
</gateway:experimental:description>
<gateway:experimental:validation:Pattern=
^[!-~]+([\t ]?[!-~]+)*$>Validation
Min length1
Max length4096
spec.backend.ai.routes
Rules for identifying the type of traffic to handle.
The keys are URL path suffixes matched using ends-with comparison, for
example
The special
If not specified, all traffic defaults to
The keys are URL path suffixes matched using ends-with comparison, for
example
"/v1/chat/completions".The special
* wildcard matches any path.If not specified, all traffic defaults to
completions type.spec.backend.ai.transformations
CEL transformations to compute and set fields in the request body.
The expression result overwrites any existing value for that field.
This has a higher priority than
key.
The expression result overwrites any existing value for that field.
This has a higher priority than
overrides if both are set for the samekey.
Validation
Min items1
Max items64
Documentation References (2)
spec.backend.ai.transformations.expression
CEL expression used to compute the field value.
Validation
Min length1
Max length16384
Documentation References (2)
spec.backend.ai.transformations.field
Name of the field to set.
Validation
Max length256
Documentation References (2)
spec.backend.auth
Settings for managing authentication to the backend.
Validation
Rule
location may only be set for key or passthrough auth
Rule
exactly one of the fields in [key secretRef passthrough aws azure gcp] must be set
spec.backend.auth.aws
Explicit AWS authentication method for the backend.
When omitted, default AWS SDK credential discovery is used.
When omitted, default AWS SDK credential discovery is used.
Validation
Rule
secretRef and assumeRole are mutually exclusive
spec.backend.auth.aws.assumeRole
AWS STS AssumeRole settings to use before signing backend requests.
Ambient AWS credentials are used as the source credentials for STS.
Ambient AWS credentials are used as the source credentials for STS.
spec.backend.auth.aws.assumeRole.roleArn
AWS IAM role ARN to assume.
Validation
Pattern^arn:aws[a-z-]*:iam::[0-9]{12}:role/.+$
Min length1
spec.backend.auth.aws.secretRef
Credential source, defaulting to a Kubernetes
resolver, the
optionally
Secret, containing the AWS credentials. When using the default Secretresolver, the
Secret must have keys accessKey, secretKey, andoptionally
sessionToken.Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.backend.auth.aws.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.backend.auth.aws.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.backend.auth.aws.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.backend.auth.aws.serviceName
AWS SigV4 signing service name, for example
backends may provide this automatically.
bedrock, bedrock-agentcore, or execute-api). If unset, typed AWSbackends may provide this automatically.
Validation
Min length1
Max length256
spec.backend.auth.azure
Azure authentication method for the backend.
spec.backend.auth.azure.managedIdentity
Managed identity authentication settings.
spec.backend.auth.azure.managedIdentity.clientId
No description for this field.
spec.backend.auth.azure.managedIdentity.objectId
No description for this field.
spec.backend.auth.azure.managedIdentity.resourceId
No description for this field.
spec.backend.auth.azure.secretRef
Credential source, defaulting to a Kubernetes
resolver, the
Secret, containing the Azure credentials. When using the default Secretresolver, the
Secret must have keys clientID, tenantID, andclientSecret.Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.backend.auth.azure.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.backend.auth.azure.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.backend.auth.azure.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.backend.auth.gcp
Google authentication method for the backend.
When omitted, default Google credential discovery is used.
When omitted, default Google credential discovery is used.
Validation
Rule
audience is only valid with IdToken
spec.backend.auth.gcp.audience
Explicit
valid with
derived from the backend hostname.
aud value for the ID token. Onlyvalid with
IdToken type. If not set, the aud is automaticallyderived from the backend hostname.
Validation
Min length1
Max length256
spec.backend.auth.gcp.secretRef
Credential source, defaulting to a Kubernetes
the default Secret resolver, this must be stored in the
key. When omitted, ambient credentials are used.
Secret, containing ADC-compatible Google credential JSON. When usingthe default Secret resolver, this must be stored in the
credentials.jsonkey. When omitted, ambient credentials are used.
Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.backend.auth.gcp.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.backend.auth.gcp.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.backend.auth.gcp.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.backend.auth.gcp.type
The type of token to generate. To authenticate to GCP services,
generally an
generally an
AccessToken is used. To authenticate to Cloud Run, anIdToken is used.Validation
EnumAccessToken, IdToken
spec.backend.auth.key
Inline key to use as the value of the
Authorization header. This option is the least secure; usage of aSecret is preferred.Validation
Max length2048
spec.backend.auth.location
Where backend credentials are inserted.
If omitted, credentials are written to the
This applies to
If omitted, credentials are written to the
Authorization header with the Bearer prefix.This applies to
key, secretRef, and passthrough.Validation
Rule
exactly one of the fields in [header queryParameter cookie] must be set
spec.backend.auth.location.cookie
No description for this field.
spec.backend.auth.location.cookie.name
No description for this field.
Validation
Min length1
Max length256
spec.backend.auth.location.header
No description for this field.
spec.backend.auth.location.header.name
HTTPHeaderName is the name of an HTTP header.
Valid values include:
* "Authorization"
* "Set-Cookie"
* "Set-Cookie"
Invalid values include:
- ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.backend.auth.location.header.prefix
No description for this field.
Validation
Min length1
Max length256
spec.backend.auth.location.queryParameter
No description for this field.
spec.backend.auth.location.queryParameter.name
No description for this field.
Validation
Min length1
Max length256
spec.backend.auth.passthrough
Passes through an existing token that has been sent by the
client and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
client and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
spec.backend.auth.secretRef
Credential source, defaulting to a Kubernetes
the default Secret resolver, this must be stored in the
key.
Secret, storing the key to use as the authorization value. When usingthe default Secret resolver, this must be stored in the
Authorizationkey.
Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.backend.auth.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.backend.auth.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.backend.auth.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.backend.extAuth
External authentication configuration for requests
sent to this backend.
sent to this backend.
Validation
Rule
cache requires grpc
Documentation References (1)
spec.backend.extAuth.backendRef
External Authorization server to reach.
Supported types:
Service and Backend.Validation
Rule
Must have port for Service reference
Documentation References (1)
spec.backend.extAuth.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.backend.extAuth.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.backend.extAuth.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
Documentation References (1)
spec.backend.extAuth.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.backend.extAuth.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
Documentation References (1)
spec.backend.extAuth.cache
Caches gRPC authorization results.
WARNING: the safety of this feature depends on the cache key accurately
capturing every request property that the authorization service uses to
make a decision. For example, if the service returns different results
based on both path and authorization header, both must be included in
authorization result.
capturing every request property that the authorization service uses to
make a decision. For example, if the service returns different results
based on both path and authorization header, both must be included in
key; otherwise, one request may incorrectly reuse another request'sauthorization result.
If any key expression fails to evaluate or produces an unsupported value,
the request is still sent to the authorization service, but its result is
not read from or written to the cache.
the request is still sent to the authorization service, but its result is
not read from or written to the cache.
spec.backend.extAuth.cache.key
Ordered list of CEL expressions evaluated against the request
to construct the cache key.
to construct the cache key.
Validation
Min items1
Max items16
spec.backend.extAuth.cache.maxEntries
Maximum number of authorization results to keep in
the cache. If unset, this defaults to 10000.
the cache. If unset, this defaults to 10000.
Validation
Formatint32
Minimum1
spec.backend.extAuth.cache.ttl
Duration string, such as
returns the duration that cached authorization results may be reused, or a
timestamp when the cached authorization result expires. The expression is
evaluated after the authorization response has been applied to the request.
5m, or a CEL expression thatreturns the duration that cached authorization results may be reused, or a
timestamp when the cached authorization result expires. The expression is
evaluated after the authorization response has been applied to the request.
Validation
Min length1
Max length16384
spec.backend.extAuth.failureMode
Behavior when the external authorization service is
unavailable or returns an error. "FailOpen" allows the request to continue.
"FailClosed" (default) denies the request.
unavailable or returns an error. "FailOpen" allows the request to continue.
"FailClosed" (default) denies the request.
Validation
EnumFailClosed, FailOpen
spec.backend.extAuth.forwardBody
Whether to include the HTTP body in the authorization request.
If enabled, the request body will be buffered.
If enabled, the request body will be buffered.
spec.backend.extAuth.forwardBody.maxSize
Largest body, in bytes, that will be buffered
and sent to the authorization server. If the body size is larger than
and sent to the authorization server. If the body size is larger than
maxSize, then the request will be rejected with a response.Validation
Pattern^[+-]?([0-9]+(\.[0-9]*)?|\.[0-9]+)(([KMGTPE]i)|[numkMGTPE]|[eE](\+?0*([0-9]|1[0-8])|-0*[0-9]))?$
Min length1
Max length32
Int or stringtrue
Rule
value must be at least 1 byte and fit within uint32
spec.backend.extAuth.grpc
Uses the gRPC External Authorization
[protocol](https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/auth/v3/external_auth.proto) should be used.
[protocol](https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/auth/v3/external_auth.proto) should be used.
Documentation References (1)
spec.backend.extAuth.grpc.contextExtensions
Additional arbitrary key-value pairs to
send to the authorization server in the
send to the authorization server in the
context_extensions field.Validation
Max properties64
spec.backend.extAuth.grpc.requestMetadata
Metadata to send to the authorization
server. This maps to the
request, and allows dynamic CEL expressions. If unset, by default the
well, for compatibility.
server. This maps to the
metadata_context.filter_metadata field of therequest, and allows dynamic CEL expressions. If unset, by default the
envoy.filters.http.jwt_authn key is set if the JWT policy is used aswell, for compatibility.
Validation
Max properties64
spec.backend.extAuth.http
Uses HTTP to connect to
the authorization server. The authorization server must return a
status code, otherwise the request is considered an authorization
failure.
the authorization server. The authorization server must return a
200status code, otherwise the request is considered an authorization
failure.
spec.backend.extAuth.http.addRequestHeaders
Additional headers to add to the
request to the authorization server. While
passes the original headers through,
custom headers based on CEL expressions.
request to the authorization server. While
allowedRequestHeaders justpasses the original headers through,
addRequestHeaders allows definingcustom headers based on CEL expressions.
Validation
Max properties64
spec.backend.extAuth.http.allowedRequestHeaders
Additional headers from the client request that
will be sent to the authorization server.
will be sent to the authorization server.
If unset, the following headers are sent by default:
Authorization.Validation
Max items64
spec.backend.extAuth.http.allowedResponseHeaders
Headers from the authorization response that
will be copied into the request to the backend.
will be copied into the request to the backend.
Validation
Max items64
spec.backend.extAuth.http.path
Path to send to the authorization server. If
unset, this defaults to the original request path.
This is a CEL expression, which allows customizing the path based on the
incoming request. For example, to add a prefix, use
unset, this defaults to the original request path.
This is a CEL expression, which allows customizing the path based on the
incoming request. For example, to add a prefix, use
"/prefix/" + request.path.Validation
Min length1
Max length16384
spec.backend.extAuth.http.redirect
Optional expression that determines a path to
redirect to on authorization failure. This is useful to redirect to a
sign-in page.
redirect to on authorization failure. This is useful to redirect to a
sign-in page.
Validation
Min length1
Max length16384
spec.backend.extAuth.http.responseMetadata
Metadata fields to construct
from the authorization response. These will be included under the
for things like logging usernames, without needing to include them as
headers to the backend, as
from the authorization response. These will be included under the
extauthz variable in future CEL expressions. Setting this is usefulfor things like logging usernames, without needing to include them as
headers to the backend, as
allowedResponseHeaders would.Validation
Max properties64
spec.backend.health
Settings for passive and active health checking.
Documentation References (1)
spec.backend.health.eviction
Settings for evicting unhealthy backends.
Documentation References (1)
spec.backend.health.eviction.consecutiveFailures
Number of consecutive unhealthy responses required before the backend is evicted.
For example, a value of 5 means the backend must receive 5 unhealthy responses in a row before being evicted.
When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met.
When neither is set, a single unhealthy response can trigger eviction.
For example, a value of 5 means the backend must receive 5 unhealthy responses in a row before being evicted.
When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met.
When neither is set, a single unhealthy response can trigger eviction.
Validation
Formatint32
Minimum0
Documentation References (1)
spec.backend.health.eviction.duration
Base time a backend should be evicted after being marked unhealthy.
Subsequent evictions use multiplicative backoff (duration * times_evicted).
If all endpoints are evicted, the load balancer falls back to returning evicted endpoints
rather than failing entirely.
If unset, defaults to
Subsequent evictions use multiplicative backoff (duration * times_evicted).
If all endpoints are evicted, the load balancer falls back to returning evicted endpoints
rather than failing entirely.
If unset, defaults to
3s.Validation
Default3s
Rule
invalid duration value
Rule
evictionDuration must be at least 1 second
Documentation References (1)
spec.backend.health.eviction.healthThreshold
EWMA health score threshold, expressed as 0 to 100.
When set, a backend is only evicted if its computed health drops below this value after an unhealthy response.
For example, 50 means the backend is evicted when its EWMA health falls below 50% following failures.
Unlike consecutiveFailures (which counts consecutive failures), this uses a sliding-window average
so a single success in a stream of failures can delay eviction.
When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met.
When neither is set, a single unhealthy response triggers eviction.
When set, a backend is only evicted if its computed health drops below this value after an unhealthy response.
For example, 50 means the backend is evicted when its EWMA health falls below 50% following failures.
Unlike consecutiveFailures (which counts consecutive failures), this uses a sliding-window average
so a single success in a stream of failures can delay eviction.
When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met.
When neither is set, a single unhealthy response triggers eviction.
Validation
Formatint32
Minimum0
Maximum100
spec.backend.health.eviction.restoreHealth
Health score from 0 to 100 assigned to a backend when it returns from eviction.
For gradual recovery, set below 100; for full recovery immediately, set 100.
If unset, the backend resumes with the health it had when evicted.
For gradual recovery, set below 100; for full recovery immediately, set 100.
If unset, the backend resumes with the health it had when evicted.
Validation
Formatint32
Minimum0
Maximum100
spec.backend.health.unhealthyCondition
CEL expression that determines whether a response indicates an unhealthy backend.
When the expression evaluates to true, the backend is considered unhealthy and may be evicted.
When the expression evaluates to true, the backend is considered unhealthy and may be evicted.
For example, to evict on 5xx responses:
response.code >= 500.When unset, any 5xx response, or a connection failure, is treated as unhealthy.
This default lowers the backend's health score but does not trigger eviction on its own.
This default lowers the backend's health score but does not trigger eviction on its own.
Validation
Min length1
Max length16384
Documentation References (1)
spec.backend.http
Settings for managing HTTP requests to the backend.
spec.backend.http.requestTimeout
Deadline for receiving a response from the backend.
Validation
Rule
invalid duration value
Rule
requestTimeout must be at least 1ms
spec.backend.http.version
HTTP protocol version to use when connecting to
the backend.
If not specified, the version is automatically determined:
*
port.
* If traffic is identified as gRPC,
* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS,
because most clients will transparently upgrade HTTPS traffic to
the backend.
If not specified, the version is automatically determined:
*
Service types can specify it with appProtocol on the Serviceport.
* If traffic is identified as gRPC,
HTTP2 is used.* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS,
HTTP1 will be used. This isbecause most clients will transparently upgrade HTTPS traffic to
HTTP2, even if the backend doesn't support it.Validation
EnumHTTP1, HTTP2
spec.backend.mcp
Settings for MCP workloads. This is only applicable when
connecting to a
connecting to a
Backend of type mcp.Validation
Rule
at least one of the fields in [authentication authorization] must be set
Documentation References (1)
spec.backend.mcp.authentication
MCP backend-specific authentication rules.
This field is deprecated; prefer to use traffic policy
other policies such as transformation and rate limiting.
jwtAuthentication.mcp, which ensures authentication runs beforeother policies such as transformation and rate limiting.
spec.backend.mcp.authentication.audiences
Allowed audiences that are allowed
access. This corresponds to the
([RFC 7519 §4.1.3](https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.3)).
If unset, any audience is allowed.
access. This corresponds to the
aud claim([RFC 7519 §4.1.3](https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.3)).
If unset, any audience is allowed.
Validation
Min items1
Max items64
spec.backend.mcp.authentication.clientId
Client ID to use for short-circuiting Dynamic Client Registration.
If set, the gateway will not proxy registration requests to the IDP and instead return this client ID.
If set, the gateway will not proxy registration requests to the IDP and instead return this client ID.
spec.backend.mcp.authentication.issuer
IdP that issued the JWT. This corresponds to the
iss claim ([RFC 7519 §4.1.1](https://tools.ietf.org/html/rfc7519#section-4.1.1)).Validation
Min length1
Max length256
spec.backend.mcp.authentication.jwks
Remote JSON Web Key used to validate the signature of
the JWT.
the JWT.
spec.backend.mcp.authentication.jwks.backendRef
Remote JWKS server to reach.
Supported types are
to the
connection to the remote
Supported types are
Service and static Backend. AnAgentgatewayPolicy containing backend TLS config can then be attachedto the
Service or Backend in order to set TLS options for aconnection to the remote
jwks source.Validation
Rule
Must have port for Service reference
spec.backend.mcp.authentication.jwks.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.backend.mcp.authentication.jwks.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.backend.mcp.authentication.jwks.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
spec.backend.mcp.authentication.jwks.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.backend.mcp.authentication.jwks.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
spec.backend.mcp.authentication.jwks.cacheDuration
No description for this field.
Validation
Default5m
Rule
invalid duration value
Rule
cacheDuration must be at least 5m.
spec.backend.mcp.authentication.jwks.jwksPath
Path to the IdP
jwks endpoint, relative to the root, commonly".well-known/jwks.json".Validation
Min length1
Max length2000
spec.backend.mcp.authentication.mode
Validation mode for JWT authentication.
Validation
EnumOptional, Permissive, Strict
DefaultStrict
spec.backend.mcp.authentication.provider
Identity provider to use for authentication.
Validation
EnumAuth0, Keycloak, Okta
spec.backend.mcp.authentication.resourceMetadata
Metadata to use for MCP resources.
spec.backend.mcp.authorization
MCP backend authorization. Unlike authorization at the HTTP level, which rejects
unauthorized requests with a
unauthorized requests with a
403 error, this policy works at theMCPBackend level.List operations, such as
Items that do not meet the rule will be filtered.
list_tools, will have each item evaluated.Items that do not meet the rule will be filtered.
Get or call operations, such as
item and reject requests that do not meet the rule.
call_tool, will evaluate the specificitem and reject requests that do not meet the rule.
Documentation References (1)
spec.backend.mcp.authorization.action
The effect of this rule when it matches.
If unspecified, defaults to
If unspecified, defaults to
Allow.Require rules are cumulative: all require rules must match.Validation
EnumAllow, Deny, Require
DefaultAllow
Documentation References (1)
spec.backend.mcp.authorization.policy
The authorization rule to evaluate.
*
*
*
Allow: any matching allow rule allows the request.*
Require: every require rule must match for the request to be allowed.*
Deny: any matching deny rule denies the request.A CEL expression that fails to evaluate does not match. Prefer
for deny-by-default behavior.
Requirefor deny-by-default behavior.
If at least one
least one allow rule matches.
Allow rule is configured, requests are denied unless atleast one allow rule matches.
Documentation References (1)
spec.backend.mcp.authorization.policy.matchExpressions
CEL expressions that must all evaluate to true for the rule to match.
Validation
Min items1
Max items256
Documentation References (1)
spec.backend.tcp
Settings for managing TCP connections to the backend.
spec.backend.tcp.connectTimeout
Deadline for establishing a connection to
the destination.
the destination.
Validation
Rule
invalid duration value
Rule
connectTimeout must be at least 100ms
spec.backend.tcp.keepalive
Settings for enabling TCP keepalives on the
connection.
connection.
spec.backend.tcp.keepalive.interval
Time between keepalive probes.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
interval must be at least 1 second
spec.backend.tcp.keepalive.retries
Maximum number of keepalive probes to send before dropping the connection.
If unset, this defaults to 9.
If unset, this defaults to 9.
Validation
Formatint32
Minimum1
Maximum64
spec.backend.tcp.keepalive.time
Time a connection needs to be idle before keepalive probes start being sent.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
time must be at least 1 second
spec.backend.tls
Settings for managing TLS connections to the backend.
If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to
validate the server, and the SNI will automatically be set based on the destination.
validate the server, and the SNI will automatically be set based on the destination.
Validation
Rule
insecureSkipVerify All and caCertificateRefs may not be set together
Rule
insecureSkipVerify and verifySubjectAltNames may not be set together
Rule
at most one of the fields in [verifySubjectAltNames insecureSkipVerify] may be set
Documentation References (1)
spec.backend.tls.alpnProtocols
Application-Layer Protocol Negotiation (
value to use in the TLS handshake.
ALPN)value to use in the TLS handshake.
If not present, defaults to
["h2", "http/1.1"].Validation
Min items1
Max items16
spec.backend.tls.caCertificateRefs
CA certificate
verify the server certificate.
If unset, the system's trusted certificates are used.
ConfigMap to use toverify the server certificate.
If unset, the system's trusted certificates are used.
Validation
Max items1
List typeatomic
spec.backend.tls.caCertificateRefs.name
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.backend.tls.insecureSkipVerify
Originates TLS but skips verification of the backend's certificate.
WARNING: This is an insecure option that should only be used if the risks are understood.
WARNING: This is an insecure option that should only be used if the risks are understood.
There are two modes:
*
*
mismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
if possible.
*
All disables all TLS verification.*
Hostname verifies the CA certificate is trusted, but ignores anymismatch of hostname or SANs. Note that this method is still insecure;
prefer setting
verifySubjectAltNames to customize the valid hostnamesif possible.
Validation
EnumAll, Hostname
spec.backend.tls.keyExchangeGroups
Ordered list of key exchange groups for a TLS connection.
For example:
For example:
X25519_MLKEM768,X25519.spec.backend.tls.mtlsCertificateRef
Enables mutual TLS to the backend, using the
specified key (
credential source, defaulting to a Kubernetes
specified key (
tls.key) and cert (tls.crt) from the referencedcredential source, defaulting to a Kubernetes
Secret.An optional
server certificate. If
ca.cert field, if present, will be used to verify theserver certificate. If
caCertificateRefs is also specified, thecaCertificateRefs field takes priority.If unspecified, no client certificate will be used.
Validation
Max items1
List typeatomic
Documentation References (1)
spec.backend.tls.mtlsCertificateRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.backend.tls.mtlsCertificateRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.backend.tls.mtlsCertificateRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
Documentation References (1)
spec.backend.tls.sni
Server Name Indicator (
handshake. If unset, the
destination hostname.
SNI) to use in the TLShandshake. If unset, the
SNI is automatically set based on thedestination hostname.
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Min length1
Max length253
Documentation References (1)
spec.backend.tls.verifySubjectAltNames
Subject Alternative Names (
to verify in the server certificate.
If not present, the destination hostname is automatically used.
SAN)to verify in the server certificate.
If not present, the destination hostname is automatically used.
Validation
Min items1
Max items16
spec.backend.transformation
Mutates and transforms requests and responses sent to and from the backend.
Validation
Rule
at least one of the fields in [request response] must be set
spec.backend.transformation.request
Request transformation settings.
Validation
Rule
at least one of the fields in [add body metadata remove set] must be set
spec.backend.transformation.request.add
Headers to add to the request and what each value
should be set to. If there is already a header with these values then
append the value as an extra entry.
should be set to. If there is already a header with these values then
append the value as an extra entry.
Validation
Min items1
Max items16
List typemap
List map keysname
spec.backend.transformation.request.add.name
The name of the header to add.
Validation
Pattern^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
Rule
pseudo-headers must be one of :authority, :method, :path, :scheme, or :status
spec.backend.transformation.request.add.value
CEL expression that generates the output value for
the header.
the header.
Validation
Min length1
Max length16384
spec.backend.transformation.request.body
HTTP body transformation.
Validation
Min length1
Max length16384
spec.backend.transformation.request.metadata
Stores CEL-evaluated values under the
for subsequent policy evaluations.
or body transformations.
metadata CEL variablefor subsequent policy evaluations.
metadata is evaluated before headeror body transformations.
Validation
Min properties1
Max properties16
spec.backend.transformation.request.remove
Header names to remove from the request or
response.
response.
Validation
Min items1
Max items16
List typeset
spec.backend.transformation.request.set
Headers to set and the values to use.
Validation
Min items1
Max items16
List typemap
List map keysname
spec.backend.transformation.request.set.name
The name of the header to add.
Validation
Pattern^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
Rule
pseudo-headers must be one of :authority, :method, :path, :scheme, or :status
spec.backend.transformation.request.set.value
CEL expression that generates the output value for
the header.
the header.
Validation
Min length1
Max length16384
spec.backend.transformation.response
Response transformation settings.
Validation
Rule
at least one of the fields in [add body metadata remove set] must be set
spec.backend.transformation.response.add
Headers to add to the request and what each value
should be set to. If there is already a header with these values then
append the value as an extra entry.
should be set to. If there is already a header with these values then
append the value as an extra entry.
Validation
Min items1
Max items16
List typemap
List map keysname
spec.backend.transformation.response.add.name
The name of the header to add.
Validation
Pattern^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
Rule
pseudo-headers must be one of :authority, :method, :path, :scheme, or :status
spec.backend.transformation.response.add.value
CEL expression that generates the output value for
the header.
the header.
Validation
Min length1
Max length16384
spec.backend.transformation.response.body
HTTP body transformation.
Validation
Min length1
Max length16384
spec.backend.transformation.response.metadata
Stores CEL-evaluated values under the
for subsequent policy evaluations.
or body transformations.
metadata CEL variablefor subsequent policy evaluations.
metadata is evaluated before headeror body transformations.
Validation
Min properties1
Max properties16
spec.backend.transformation.response.remove
Header names to remove from the request or
response.
response.
Validation
Min items1
Max items16
List typeset
spec.backend.transformation.response.set
Headers to set and the values to use.
Validation
Min items1
Max items16
List typemap
List map keysname
spec.backend.transformation.response.set.name
The name of the header to add.
Validation
Pattern^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
Rule
pseudo-headers must be one of :authority, :method, :path, :scheme, or :status
spec.backend.transformation.response.set.value
CEL expression that generates the output value for
the header.
the header.
Validation
Min length1
Max length16384
spec.backend.tunnel
Settings for managing tunnel connections, with behavior like
HTTPS_PROXY, to the backend.spec.backend.tunnel.backendRef
Proxy server to reach.
Supported types:
Supported types:
Service and Backend.Validation
Rule
Must have port for Service reference
spec.backend.tunnel.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.backend.tunnel.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.backend.tunnel.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
spec.backend.tunnel.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.backend.tunnel.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
spec.frontend
Settings for how to handle incoming traffic.
A frontend policy can only target a
Gateway. Listener andListenerSet are not valid targets.When multiple policies are selected for a given request, they are merged on a field-level basis, but not a deep
merge. For example, policy A sets
policy B.
merge. For example, policy A sets
tcp and tls, and policy B setstls; the effective policy would be tcp from policy A, and tls frompolicy B.
Validation
Rule
at least one of the fields in [accessLog connect http metrics networkAuthorization proxyProtocol tcp tls tracing] must be set
spec.frontend.accessLog
Access logging configuration.
Documentation References (2)
spec.frontend.accessLog.attributes
Customizations to the key-value pairs that are
logged.
logged.
Validation
Rule
at least one of the fields in [add remove] must be set
Documentation References (2)
spec.frontend.accessLog.attributes.add
Additional key-value pairs to add to each entry.
The value is a CEL expression. If the CEL expression fails to evaluate,
the pair will be excluded.
The value is a CEL expression. If the CEL expression fails to evaluate,
the pair will be excluded.
Validation
Min items1
Documentation References (2)
spec.frontend.accessLog.attributes.add.expression
A Common Expression Language (CEL) expression.
Validation
Min length1
Max length16384
Documentation References (2)
spec.frontend.accessLog.attributes.add.name
No description for this field.
Validation
Min length1
Max length256
Documentation References (2)
spec.frontend.accessLog.attributes.remove
Default fields to remove. For example,
http.method.Validation
Min items1
Max items32
spec.frontend.accessLog.filter
CEL expression used to filter logs. A log
will only be emitted if the expression evaluates to
will only be emitted if the expression evaluates to
true.Validation
Min length1
Max length16384
Documentation References (2)
spec.frontend.accessLog.otlp
OTLP access log export to an
OpenTelemetry-compatible backend.
OpenTelemetry-compatible backend.
Validation
Rule
path is only valid with protocol HTTP
Rule
path must start with /
spec.frontend.accessLog.otlp.backendRef
OTLP server to send access logs to.
Supported types:
Supported types:
Service and AgentgatewayBackend.Validation
Rule
Must have port for Service reference
spec.frontend.accessLog.otlp.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.frontend.accessLog.otlp.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.frontend.accessLog.otlp.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
spec.frontend.accessLog.otlp.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.frontend.accessLog.otlp.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
spec.frontend.accessLog.otlp.path
OTLP/HTTP path to use. This is only applicable
when
when
protocol is HTTP. If unset, this defaults to /v1/logs.Validation
Min length1
Max length1024
spec.frontend.accessLog.otlp.protocol
OTLP protocol variant to use.
Validation
EnumGRPC, HTTP
DefaultGRPC
spec.frontend.connect
Settings for downstream HTTP CONNECT handling.
If unset, CONNECT requests are rejected with Method Not Allowed.
spec.frontend.connect.mode
Whether downstream CONNECT requests are accepted.
Validation
EnumDeny, Route, Tunnel
spec.frontend.http
Settings for managing incoming HTTP requests.
Validation
Rule
at least one of the fields in [http1HeaderCase http1IdleTimeout http1MaxHeaders http2ConnectionWindowSize http2FrameSize http2KeepaliveInterval http2KeepaliveTimeout http2MaxHeaderSize http2WindowSize maxBufferSize maxConnectionDuration] must be set
Documentation References (4)
spec.frontend.http.http1HeaderCase
Controls HTTP/1 request header name casing when encoding responses on the same connection.
This only applies to
HTTP/2 requests are always lower case.
This only applies to
HTTP/1. If a request is HTTP/2 in either the incoming or outgoing request, this will be ignored.HTTP/2 requests are always lower case.
Modifying the headers from other policies may result in the original case being lost.
Validation
EnumLowercase, Preserve
spec.frontend.http.http1IdleTimeout
Timeout before an unused connection is
closed.
If unset, this defaults to 10 minutes.
closed.
If unset, this defaults to 10 minutes.
Validation
Rule
invalid duration value
Rule
http1IdleTimeout must be at least 1 second
Documentation References (1)
spec.frontend.http.http1MaxHeaders
Maximum number of headers allowed
in
If unset, this defaults to 100.
in
HTTP/1.1 requests.If unset, this defaults to 100.
Validation
Formatint32
Minimum1
Maximum4096
Documentation References (1)
spec.frontend.http.http2ConnectionWindowSize
Initial window size for
connection-level flow control for received data.
connection-level flow control for received data.
Validation
Pattern^[+-]?([0-9]+(\.[0-9]*)?|\.[0-9]+)(([KMGTPE]i)|[numkMGTPE]|[eE](\+?0*([0-9]|1[0-8])|-0*[0-9]))?$
Min length1
Max length32
Int or stringtrue
Rule
value must be at least 1 byte and fit within uint32
Documentation References (1)
spec.frontend.http.http2FrameSize
Maximum frame size to use.
If unset, this defaults to
If unset, this defaults to
16kb.Validation
Pattern^[+-]?([0-9]+(\.[0-9]*)?|\.[0-9]+)(([KMGTPE]i)|[numkMGTPE]|[eE](\+?0*([0-9]|1[0-8])|-0*[0-9]))?$
Min length1
Max length32
Int or stringtrue
Rule
http2FrameSize must be at least 16384 bytes
Rule
http2FrameSize must be at most 1677215 bytes
Rule
value must be at least 1 byte and fit within uint32
Documentation References (1)
spec.frontend.http.http2KeepaliveInterval
No description for this field.
Validation
Rule
invalid duration value
Rule
http2KeepaliveInterval must be at least 1 second
Documentation References (1)
spec.frontend.http.http2KeepaliveTimeout
No description for this field.
Validation
Rule
invalid duration value
Rule
http2KeepaliveTimeout must be at least 1 second
Documentation References (1)
spec.frontend.http.http2MaxHeaderSize
Maximum aggregate size of decoded HTTP/2
request headers.
If unset, this defaults to
request headers.
If unset, this defaults to
16Ki.Validation
Pattern^[+-]?([0-9]+(\.[0-9]*)?|\.[0-9]+)(([KMGTPE]i)|[numkMGTPE]|[eE](\+?0*([0-9]|1[0-8])|-0*[0-9]))?$
Min length1
Max length32
Int or stringtrue
Rule
value must be at least 1 byte and fit within uint32
spec.frontend.http.http2WindowSize
Initial window size for stream-level flow
control for received data.
control for received data.
Validation
Pattern^[+-]?([0-9]+(\.[0-9]*)?|\.[0-9]+)(([KMGTPE]i)|[numkMGTPE]|[eE](\+?0*([0-9]|1[0-8])|-0*[0-9]))?$
Min length1
Max length32
Int or stringtrue
Rule
value must be at least 1 byte and fit within uint32
Documentation References (1)
spec.frontend.http.maxBufferSize
Maximum HTTP body size that will be buffered
into memory.
Bodies will only be buffered for policies which require buffering.
If unset, this defaults to
into memory.
Bodies will only be buffered for policies which require buffering.
If unset, this defaults to
2mb.Validation
Pattern^[+-]?([0-9]+(\.[0-9]*)?|\.[0-9]+)(([KMGTPE]i)|[numkMGTPE]|[eE](\+?0*([0-9]|1[0-8])|-0*[0-9]))?$
Min length1
Max length32
Int or stringtrue
Rule
value must be at least 1 byte and fit within uint32
Documentation References (1)
spec.frontend.http.maxConnectionDuration
Maximum time a connection is allowed to remain open.
After this duration, the connection is gracefully closed after the current in-flight request completes.
Useful for ensuring even traffic distribution behind load balancers during scaling events.
After this duration, the connection is gracefully closed after the current in-flight request completes.
Useful for ensuring even traffic distribution behind load balancers during scaling events.
Validation
Rule
invalid duration value
Rule
maxConnectionDuration must be at least 1 second
spec.frontend.metrics
Custom Prometheus metric label configuration.
CEL expressions are evaluated per-request and added as labels to all
Prometheus metrics exposed by agentgateway.
CEL expressions are evaluated per-request and added as labels to all
Prometheus metrics exposed by agentgateway.
spec.frontend.metrics.attributes
Customizations to the labels that are
added to Prometheus metrics.
added to Prometheus metrics.
Validation
Rule
at least one of the fields in [add] must be set
spec.frontend.metrics.attributes.add
Additional key-value pairs to add as custom labels
to all Prometheus metrics. The value is a CEL expression evaluated
per-request. If the CEL expression fails to evaluate, the label value
is set to "unknown".
to all Prometheus metrics. The value is a CEL expression evaluated
per-request. If the CEL expression fails to evaluate, the label value
is set to "unknown".
WARNING: High-cardinality labels (e.g., per-user IDs) can significantly
increase Prometheus storage and memory usage. Prefer low-cardinality
dimensions like team or environment.
increase Prometheus storage and memory usage. Prefer low-cardinality
dimensions like team or environment.
Validation
Min items1
Max items16
List typemap
List map keysname
spec.frontend.metrics.attributes.add.expression
A Common Expression Language (CEL) expression.
Validation
Min length1
Max length16384
spec.frontend.metrics.attributes.add.name
No description for this field.
Validation
Min length1
Max length256
spec.frontend.networkAuthorization
CEL authorization on downstream network connections.
This runs before protocol handling and is intended for L4 access control,
for example using
for example using
source.address with cidr(...).containsIP(...).spec.frontend.networkAuthorization.action
The effect of this rule when it matches.
If unspecified, defaults to
If unspecified, defaults to
Allow.Require rules are cumulative: all require rules must match.Validation
EnumAllow, Deny, Require
DefaultAllow
spec.frontend.networkAuthorization.policy
The authorization rule to evaluate.
*
*
*
Allow: any matching allow rule allows the request.*
Require: every require rule must match for the request to be allowed.*
Deny: any matching deny rule denies the request.A CEL expression that fails to evaluate does not match. Prefer
for deny-by-default behavior.
Requirefor deny-by-default behavior.
If at least one
least one allow rule matches.
Allow rule is configured, requests are denied unless atleast one allow rule matches.
spec.frontend.networkAuthorization.policy.matchExpressions
CEL expressions that must all evaluate to true for the rule to match.
Validation
Min items1
Max items256
spec.frontend.proxyProtocol
Settings for downstream PROXY protocol handling.
If configured, incoming connections may require a PROXY header before
normal protocol handling. This can also be configured to allow both
PROXY and non-PROXY traffic on the same listener.
normal protocol handling. This can also be configured to allow both
PROXY and non-PROXY traffic on the same listener.
spec.frontend.proxyProtocol.mode
Whether PROXY headers are required or optional.
If unset, this defaults to
Strict.Validation
EnumOptional, Strict
DefaultStrict
spec.frontend.proxyProtocol.version
PROXY protocol version to accept.
If unset, this defaults to
V2.Validation
EnumAll, V1, V2
DefaultV2
spec.frontend.tcp
Settings for managing incoming TCP connections.
Validation
Rule
at least one of the fields in [keepalive] must be set
Documentation References (1)
spec.frontend.tcp.keepalive
Settings for enabling TCP keepalives on the connection.
Documentation References (1)
spec.frontend.tcp.keepalive.interval
Time between keepalive probes.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
interval must be at least 1 second
Documentation References (1)
spec.frontend.tcp.keepalive.retries
Maximum number of keepalive probes to send before dropping the connection.
If unset, this defaults to 9.
If unset, this defaults to 9.
Validation
Formatint32
Minimum1
Maximum64
Documentation References (1)
spec.frontend.tcp.keepalive.time
Time a connection needs to be idle before keepalive probes start being sent.
If unset, this defaults to 180s.
If unset, this defaults to 180s.
Validation
Rule
invalid duration value
Rule
time must be at least 1 second
Documentation References (1)
spec.frontend.tls
Settings for managing incoming TLS connections.
Validation
Rule
at least one of the fields in [alpnProtocols cipherSuites handshakeTimeout keyExchangeGroups maxProtocolVersion minProtocolVersion] must be set
Documentation References (1)
spec.frontend.tls.alpnProtocols
Application-Layer Protocol Negotiation (
value to use in the TLS handshake.
ALPN)value to use in the TLS handshake.
If not present, defaults to
["h2", "http/1.1"].Validation
Min items1
Max items16
Documentation References (1)
spec.frontend.tls.cipherSuites
Cipher suites for a TLS listener.
The value is a comma-separated list of cipher suites, for example
Use this in the TLS options field of a TLS listener.
The value is a comma-separated list of cipher suites, for example
TLS13_AES_256_GCM_SHA384,TLS13_AES_128_GCM_SHA256.Use this in the TLS options field of a TLS listener.
Documentation References (1)
spec.frontend.tls.handshakeTimeout
Deadline for a TLS handshake to
complete. If unset, this defaults to
complete. If unset, this defaults to
15s.Validation
Rule
invalid duration value
Rule
handshakeTimeout must be at least 100ms
Documentation References (1)
spec.frontend.tls.keyExchangeGroups
Ordered list of key exchange groups for a TLS listener.
For example:
For example:
X25519_MLKEM768,X25519.spec.frontend.tls.maxProtocolVersion
Maximum TLS version to support.
Validation
Enum1.2, 1.3
Documentation References (1)
spec.frontend.tls.minProtocolVersion
Minimum TLS version to support.
Validation
Enum1.2, 1.3
Documentation References (1)
spec.frontend.tracing
OpenTelemetry tracing settings.
Validation
Rule
path is only valid with protocol HTTP
Rule
path must start with /
Documentation References (1)
spec.frontend.tracing.attributes
Customizations to the key-value pairs that are
included in the trace.
included in the trace.
Validation
Rule
at least one of the fields in [add remove] must be set
Documentation References (1)
spec.frontend.tracing.attributes.add
Additional key-value pairs to add to each entry.
The value is a CEL expression. If the CEL expression fails to evaluate,
the pair will be excluded.
The value is a CEL expression. If the CEL expression fails to evaluate,
the pair will be excluded.
Validation
Min items1
Documentation References (1)
spec.frontend.tracing.attributes.add.expression
A Common Expression Language (CEL) expression.
Validation
Min length1
Max length16384
Documentation References (1)
spec.frontend.tracing.attributes.add.name
No description for this field.
Validation
Min length1
Max length256
Documentation References (1)
spec.frontend.tracing.attributes.remove
Default fields to remove. For example,
http.method.Validation
Min items1
Max items32
spec.frontend.tracing.backendRef
OTLP server to reach.
Supported types:
Supported types:
Service and AgentgatewayBackend.Validation
Rule
Must have port for Service reference
Documentation References (1)
spec.frontend.tracing.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.frontend.tracing.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.frontend.tracing.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
Documentation References (1)
spec.frontend.tracing.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
Documentation References (1)
spec.frontend.tracing.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
Documentation References (1)
spec.frontend.tracing.clientSampling
Expression that determines the amount of client
sampling. Client sampling determines whether to initiate a new trace
span if the incoming request does have a trace already. This should
evaluate to a float between
sampling. Client sampling determines whether to initiate a new trace
span if the incoming request does have a trace already. This should
evaluate to a float between
0.0 and 1.0, or a boolean (true orfalse). If unspecified, client sampling is 100% enabled.Validation
Min length1
Max length16384
Documentation References (1)
spec.frontend.tracing.path
OTLP path to use. This is only applicable when
protocol is HTTP. If unset, this defaults to /v1/traces.Validation
Min length1
Max length1024
spec.frontend.tracing.protocol
OTLP protocol variant to use.
Validation
EnumGRPC, HTTP
DefaultGRPC
Documentation References (1)
spec.frontend.tracing.randomSampling
Expression that determines the amount of random
sampling. Random sampling will initiate a new trace span if the incoming
request does not have a trace initiated already. This should evaluate to
a float between
unspecified, random sampling is disabled.
sampling. Random sampling will initiate a new trace span if the incoming
request does not have a trace initiated already. This should evaluate to
a float between
0.0 and 1.0, or a boolean (true or false). Ifunspecified, random sampling is disabled.
Validation
Min length1
Max length16384
Documentation References (1)
spec.frontend.tracing.resources
Entity producing telemetry and resources
resources to be included in the trace.
resources to be included in the trace.
Documentation References (1)
spec.frontend.tracing.resources.expression
A Common Expression Language (CEL) expression.
Validation
Min length1
Max length16384
Documentation References (1)
spec.frontend.tracing.resources.name
No description for this field.
Validation
Min length1
Max length256
Documentation References (1)
spec.strategy
Policy merge and conflict resolution strategy.
Strategy settings apply to the policy object as a whole. Individual strategy fields may
only be valid for specific policy kinds; for example, inheritance is only valid when this
policy contains traffic settings.
only be valid for specific policy kinds; for example, inheritance is only valid when this
policy contains traffic settings.
spec.strategy.inheritance
Controls whether less-specific traffic policies prevent more-specific traffic policies
from contributing to the effective policy.
from contributing to the effective policy.
This field is only valid on traffic policies. Frontend and backend policy merging does not use
inheritance.
inheritance.
When unset or set to
attachment points such as routes and route rules able to override fields from less-specific
attachment points such as gateways and listeners.
In other words, this policy provides
timeout policy for the entire Gateway that is overridden by specific routes.
Default, traffic policy fields are merged by specificity, with more-specificattachment points such as routes and route rules able to override fields from less-specific
attachment points such as gateways and listeners.
In other words, this policy provides
Defaults that can be overridden. For example, you may provide a Defaulttimeout policy for the entire Gateway that is overridden by specific routes.
When set to
being included in the effective policy. This is useful when a gateway-level policy must remain
authoritative for all routes below it.
Override, this policy blocks traffic policies at more-specific attachment points frombeing included in the effective policy. This is useful when a gateway-level policy must remain
authoritative for all routes below it.
Validation
EnumDefault, Override
spec.targetRefs
Target resources to attach the
policy to.
policy to.
Validation
Min items1
Max items16
List typeatomic
Rule
targetRefs may only reference Gateway, HTTPRoute, GRPCRoute, ListenerSet, Service, AgentgatewayBackend, or InferencePool resources
Rule
Only one Kind of targetRef can be set on one policy
spec.targetRefs.group
The API group of the target resource.
For Kubernetes Gateway API resources, the group is
For Kubernetes Gateway API resources, the group is
gateway.networking.k8s.io.Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.targetRefs.kind
The API kind of the target resource, such as
Gateway or HTTPRoute.Validation
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.targetRefs.name
The name of the target resource.
Validation
Min length1
Max length253
spec.targetRefs.sectionName
The named section of the target resource.
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Min length1
Max length253
spec.targetSelectors
Target selectors used to select resources to attach the policy to.
Validation
Min items1
Max items16
Rule
targetRefs may only reference Gateway, HTTPRoute, GRPCRoute, ListenerSet, Service, AgentgatewayBackend, or InferencePool resources
Rule
Only one Kind of targetRef can be set on one policy
spec.targetSelectors.group
The API group of the target resource.
For Kubernetes Gateway API resources, the group is
For Kubernetes Gateway API resources, the group is
gateway.networking.k8s.io.Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.targetSelectors.kind
The API kind of the target resource, such as
Gateway or HTTPRoute.Validation
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.targetSelectors.matchLabels
Labels that must be present on each selected target resource.
spec.targetSelectors.sectionName
The named section of each selected target resource.
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Min length1
Max length253
spec.traffic
Settings for how to process traffic.
A traffic policy can target a
(optionally, with a
Gateway (optionally, with asectionName indicating the listener), ListenerSet, or Route(optionally, with a
sectionName indicating the route rule).When multiple policies are selected for a given request, they are merged on a field-level basis, but not a deep
merge. Precedence is given to more precise policies:
policy would be
merge. Precedence is given to more precise policies:
Gateway <Listener < Route < Route Rule. For example, policy A setstimeouts and retries, and policy B sets retries; the effectivepolicy would be
timeouts from policy A, and retries from policy B.Validation
Rule
phase PreRouting only supports extAuth, transformation, extProc, jwtAuthentication, basicAuthentication, apiKeyAuthentication and cors
Documentation References (43)
spec.traffic.apiKeyAuthentication
Authenticates users based on a configured API
key.
key.
Validation
Rule
exactly one of the fields in [secretRef secretSelector] must be set
Documentation References (1)
spec.traffic.apiKeyAuthentication.location
Where API keys are read from.
If omitted, credentials are read from the
If omitted, credentials are read from the
Authorization header with the Bearer prefix.Validation
Rule
exactly one of the fields in [header queryParameter cookie expression] must be set
spec.traffic.apiKeyAuthentication.location.cookie
No description for this field.
spec.traffic.apiKeyAuthentication.location.cookie.name
No description for this field.
Validation
Min length1
Max length256
spec.traffic.apiKeyAuthentication.location.expression
CEL expression that extracts the credential from the request.
Validation
Min length1
Max length16384
spec.traffic.apiKeyAuthentication.location.header
No description for this field.
spec.traffic.apiKeyAuthentication.location.header.name
HTTPHeaderName is the name of an HTTP header.
Valid values include:
* "Authorization"
* "Set-Cookie"
* "Set-Cookie"
Invalid values include:
- ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.traffic.apiKeyAuthentication.location.header.prefix
No description for this field.
Validation
Min length1
Max length256
spec.traffic.apiKeyAuthentication.location.queryParameter
No description for this field.
spec.traffic.apiKeyAuthentication.location.queryParameter.name
No description for this field.
Validation
Min length1
Max length256
spec.traffic.apiKeyAuthentication.mode
Validation mode for API key authentication.
Validation
EnumOptional, Permissive, Strict
DefaultStrict
Documentation References (1)
spec.traffic.apiKeyAuthentication.secretRef
Credential source, defaulting to a Kubernetes
keys,
Secret, storing a set of API keys. If there are many Secret-backedkeys,
secretSelector can be used instead.Each entry in the credential data represents one API key. The key is an
arbitrary identifier. The value can either be:
* A string representing the API key.
* A JSON object with two fields,
the API key.
with the key, which may be used by other policies. For example, you
may write an authorization policy allowing
arbitrary identifier. The value can either be:
* A string representing the API key.
* A JSON object with two fields,
key and metadata. key containsthe API key.
metadata contains arbitrary JSON metadata associatedwith the key, which may be used by other policies. For example, you
may write an authorization policy allowing
apiKey.group == 'sales'.Example:
apiVersion: v1
kind: Secret
metadata:
name: api-key
stringData:
client1: |
{
"key": "k-123",
"metadata": {
"group": "sales",
"created_at": "2024-10-01T12:00:00Z"
}
}
client2: "k-456"Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
Documentation References (1)
spec.traffic.apiKeyAuthentication.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.traffic.apiKeyAuthentication.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.traffic.apiKeyAuthentication.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
Documentation References (1)
spec.traffic.apiKeyAuthentication.secretSelector
Selects multiple Kubernetes
containing API keys. It is Secret-only; use
credential kinds. If the same key is defined in multiple secrets, the
behavior is undefined.
Secret resourcescontaining API keys. It is Secret-only; use
secretRef for othercredential kinds. If the same key is defined in multiple secrets, the
behavior is undefined.
Each entry in the
arbitrary identifier. The value can either be:
* A string representing the API key.
* A JSON object with two fields,
the API key.
with the key, which may be used by other policies. For example, you
may write an authorization policy allowing
Secret data represents one API key. The key is anarbitrary identifier. The value can either be:
* A string representing the API key.
* A JSON object with two fields,
key and metadata. key containsthe API key.
metadata contains arbitrary JSON metadata associatedwith the key, which may be used by other policies. For example, you
may write an authorization policy allowing
apiKey.group == 'sales'.Example:
apiVersion: v1
kind: Secret
metadata:
name: api-key
stringData:
client1: |
{
"key": "k-123",
"metadata": {
"group": "sales",
"created_at": "2024-10-01T12:00:00Z"
}
}
client2: "k-456"Documentation References (1)
spec.traffic.apiKeyAuthentication.secretSelector.matchLabels
Labels that must be present on each selected Secret.
Documentation References (1)
spec.traffic.authorization
Access rules based on roles and
permissions.
If multiple authorization rules are applied across different policies, at the same or different attachment points,
all rules are merged.
permissions.
If multiple authorization rules are applied across different policies, at the same or different attachment points,
all rules are merged.
Documentation References (3)
spec.traffic.authorization.action
The effect of this rule when it matches.
If unspecified, defaults to
If unspecified, defaults to
Allow.Require rules are cumulative: all require rules must match.Validation
EnumAllow, Deny, Require
DefaultAllow
Documentation References (3)
spec.traffic.authorization.policy
The authorization rule to evaluate.
*
*
*
Allow: any matching allow rule allows the request.*
Require: every require rule must match for the request to be allowed.*
Deny: any matching deny rule denies the request.A CEL expression that fails to evaluate does not match. Prefer
for deny-by-default behavior.
Requirefor deny-by-default behavior.
If at least one
least one allow rule matches.
Allow rule is configured, requests are denied unless atleast one allow rule matches.
Documentation References (3)
spec.traffic.authorization.policy.matchExpressions
CEL expressions that must all evaluate to true for the rule to match.
Validation
Min items1
Max items256
Documentation References (3)
spec.traffic.basicAuthentication
Authenticates users based on the
authentication scheme (RFC 7617), where a username and password are
encoded in the request.
Basicauthentication scheme (RFC 7617), where a username and password are
encoded in the request.
Validation
Rule
exactly one of the fields in [users secretRef] must be set
spec.traffic.basicAuthentication.location
Where Basic credentials are read from.
If omitted, credentials are read from the
If omitted, credentials are read from the
Authorization header with the Basic prefix.Validation
Rule
exactly one of the fields in [header queryParameter cookie expression] must be set
spec.traffic.basicAuthentication.location.cookie
No description for this field.
spec.traffic.basicAuthentication.location.cookie.name
No description for this field.
Validation
Min length1
Max length256
spec.traffic.basicAuthentication.location.expression
CEL expression that extracts the credential from the request.
Validation
Min length1
Max length16384
spec.traffic.basicAuthentication.location.header
No description for this field.
spec.traffic.basicAuthentication.location.header.name
HTTPHeaderName is the name of an HTTP header.
Valid values include:
* "Authorization"
* "Set-Cookie"
* "Set-Cookie"
Invalid values include:
- ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.traffic.basicAuthentication.location.header.prefix
No description for this field.
Validation
Min length1
Max length256
spec.traffic.basicAuthentication.location.queryParameter
No description for this field.
spec.traffic.basicAuthentication.location.queryParameter.name
No description for this field.
Validation
Min length1
Max length256
spec.traffic.basicAuthentication.mode
Validation mode for basic authentication.
Validation
EnumOptional, Strict
DefaultStrict
spec.traffic.basicAuthentication.realm
realm value to return in the WWW-Authenticateheader for failed authentication requests. If unset,
Restricted willbe used.
spec.traffic.basicAuthentication.secretRef
Credential source, defaulting to a Kubernetes
resolver, the
contain the complete
Secret, storing the .htaccess file. When using the default Secretresolver, the
Secret must have a key named .htaccess, and shouldcontain the complete
.htaccess file.Note: passwords should be the hash of the password, not the raw password. Use the
to generate a hash. MD5, bcrypt, crypt, and SHA-1 are supported.
htpasswd or similar commandsto generate a hash. MD5, bcrypt, crypt, and SHA-1 are supported.
Example:
apiVersion: v1
kind: Secret
metadata:
name: basic-auth
stringData:
.htaccess: |
alice:$apr1$3zSE0Abt$IuETi4l5yO87MuOrbSE4V.
bob:$apr1$Ukb5LgRD$EPY2lIfY.A54jzLELNIId/Validation
Map typeatomic
Rule
custom credential refs must set both group and kind
spec.traffic.basicAuthentication.secretRef.group
The API group of the referenced credential.
Empty selects the core API group.
Empty selects the core API group.
spec.traffic.basicAuthentication.secretRef.kind
The kind of the referenced credential.
Empty defaults to
Empty defaults to
Secret.spec.traffic.basicAuthentication.secretRef.name
The name of the referenced credential.
Validation
Min length1
Max length253
spec.traffic.basicAuthentication.users
Inline list of username and password pairs that will
be accepted. Each entry represents one line of the
https://httpd.apache.org/docs/2.4/programs/htpasswd.html.
be accepted. Each entry represents one line of the
htpasswd format:https://httpd.apache.org/docs/2.4/programs/htpasswd.html.
Note: passwords should be the hash of the password, not the raw password. Use the
to generate a hash. MD5, bcrypt, crypt, and SHA-1 are supported.
htpasswd or similar commandsto generate a hash. MD5, bcrypt, crypt, and SHA-1 are supported.
Example:
users:
- "user1:$apr1$ivPt0D4C$DmRhnewfHRSrb3DQC.WHC."
- "user2:$2y$05$r3J4d3VepzFkedkd/q1vI.pBYIpSqjfN0qOARV3ScUHysatnS0cL2"Validation
Min items1
Max items256
spec.traffic.buffer
Buffers request and response bodies. Buffered bodies are accumulated in memory
by the proxy until completion before being forwarded. This changes the proxies default behavior, which streams bodies.
by the proxy until completion before being forwarded. This changes the proxies default behavior, which streams bodies.
Warning: large bodies can lead to excessive memory usage in the proxy. Utilize with care, or with strict limits.
Validation
Rule
at least one of the fields in [request response] must be set
spec.traffic.buffer.request
Request body buffering settings.
spec.traffic.buffer.request.maxBytes
Maximum number of bytes to buffer from the request or response body.
If unset, defaults to the global proxy setting, which defaults to 2Mi.
If unset, defaults to the global proxy setting, which defaults to 2Mi.
Validation
Pattern^[+-]?([0-9]+(\.[0-9]*)?|\.[0-9]+)(([KMGTPE]i)|[numkMGTPE]|[eE](\+?0*([0-9]|1[0-8])|-0*[0-9]))?$
Min length1
Max length32
Int or stringtrue
Rule
value must be at least 1 byte and fit within uint32
spec.traffic.buffer.response
Response body buffering settings.
spec.traffic.buffer.response.maxBytes
Maximum number of bytes to buffer from the request or response body.
If unset, defaults to the global proxy setting, which defaults to 2Mi.
If unset, defaults to the global proxy setting, which defaults to 2Mi.
Validation
Pattern^[+-]?([0-9]+(\.[0-9]*)?|\.[0-9]+)(([KMGTPE]i)|[numkMGTPE]|[eE](\+?0*([0-9]|1[0-8])|-0*[0-9]))?$
Min length1
Max length32
Int or stringtrue
Rule
value must be at least 1 byte and fit within uint32
spec.traffic.cors
CORS configuration for the policy.
Validation
Preserve unknown fieldstrue
Documentation References (1)
spec.traffic.cors.allowCredentials
AllowCredentials indicates whether the actual cross-origin request allows
to include credentials.
to include credentials.
When set to true, the gateway will include the
response header with value true (case-sensitive).
Access-Control-Allow-Credentialsresponse header with value true (case-sensitive).
When set to false or omitted the gateway will omit the header
behavior).
Access-Control-Allow-Credentials entirely (this is the standard CORSbehavior).
Support: Extended
spec.traffic.cors.allowHeaders
AllowHeaders indicates which HTTP request headers are supported for
accessing the requested resource.
accessing the requested resource.
Header names are not case-sensitive.
Multiple header names in the value of the
response header are separated by a comma (",").
Access-Control-Allow-Headersresponse header are separated by a comma (",").
When the
gateway must return the
which value is present in the
AllowHeaders field is configured with one or more headers, thegateway must return the
Access-Control-Allow-Headers response headerwhich value is present in the
AllowHeaders field.If any header name in the
is not included in the list of header names specified by the response
header
client side.
Access-Control-Request-Headers request headeris not included in the list of header names specified by the response
header
Access-Control-Allow-Headers, it will present an error on theclient side.
If any header name in the
does not recognize by the client, it will also occur an error on the
client side.
Access-Control-Allow-Headers response headerdoes not recognize by the client, it will also occur an error on the
client side.
A wildcard indicates that the requests with all HTTP headers are allowed.
If config contains the wildcard "*" in allowHeaders and the request is
not credentialed, the
can either use the
Access-Control-Request-Headers from the request.
If config contains the wildcard "*" in allowHeaders and the request is
not credentialed, the
Access-Control-Allow-Headers response headercan either use the
* wildcard or the value ofAccess-Control-Request-Headers from the request.
When the request is credentialed, the gateway must not specify the
wildcard in the
also the
is specified with the
HTTP headers in the value of the
header. The value of the header
the
the header
request, the gateway will omit the
response header, instead of specifying the
*wildcard in the
Access-Control-Allow-Headers response header. Whenalso the
AllowCredentials field is true and AllowHeaders fieldis specified with the
* wildcard, the gateway must specify one or moreHTTP headers in the value of the
Access-Control-Allow-Headers responseheader. The value of the header
Access-Control-Allow-Headers is same asthe
Access-Control-Request-Headers header provided by the client. Ifthe header
Access-Control-Request-Headers is not included in therequest, the gateway will omit the
Access-Control-Allow-Headersresponse header, instead of specifying the
* wildcard.Support: Extended
Validation
Max items64
List typeset
Rule
AllowHeaders cannot contain '*' alongside other methods
Documentation References (1)
spec.traffic.cors.allowMethods
AllowMethods indicates which HTTP methods are supported for accessing the
requested resource.
requested resource.
Valid values are any method defined by RFC9110, along with the special
value
value
*, which represents all HTTP methods are allowed.Method names are case-sensitive, so these values are also case-sensitive.
(See https://www.rfc-editor.org/rfc/rfc2616#section-5.1.1)
(See https://www.rfc-editor.org/rfc/rfc2616#section-5.1.1)
Multiple method names in the value of the
response header are separated by a comma (",").
Access-Control-Allow-Methodsresponse header are separated by a comma (",").
A CORS-safelisted method is a method that is
(See https://fetch.spec.whatwg.org/#cors-safelisted-method) The
CORS-safelisted methods are always allowed, regardless of whether they
are specified in the
GET, HEAD, or POST.(See https://fetch.spec.whatwg.org/#cors-safelisted-method) The
CORS-safelisted methods are always allowed, regardless of whether they
are specified in the
AllowMethods field.When the
gateway must return the
which value is present in the
AllowMethods field is configured with one or more methods, thegateway must return the
Access-Control-Allow-Methods response headerwhich value is present in the
AllowMethods field.If the HTTP method of the
is not included in the list of methods specified by the response header
side.
Access-Control-Request-Method request headeris not included in the list of methods specified by the response header
Access-Control-Allow-Methods, it will present an error on the clientside.
If config contains the wildcard "*" in allowMethods and the request is
not credentialed, the
can either use the
Access-Control-Request-Method from the request.
not credentialed, the
Access-Control-Allow-Methods response headercan either use the
* wildcard or the value ofAccess-Control-Request-Method from the request.
When the request is credentialed, the gateway must not specify the
wildcard in the
also the
specified with the
in the value of the Access-Control-Allow-Methods response header. The
value of the header
header
the gateway will omit the
instead of specifying the
*wildcard in the
Access-Control-Allow-Methods response header. Whenalso the
AllowCredentials field is true and AllowMethods fieldspecified with the
* wildcard, the gateway must specify one HTTP methodin the value of the Access-Control-Allow-Methods response header. The
value of the header
Access-Control-Allow-Methods is same as theAccess-Control-Request-Method header provided by the client. If theheader
Access-Control-Request-Method is not included in the request,the gateway will omit the
Access-Control-Allow-Methods response header,instead of specifying the
* wildcard.Support: Extended
Validation
Max items9
List typeset
Rule
AllowMethods cannot contain '*' alongside other methods
Documentation References (1)
spec.traffic.cors.allowOrigins
AllowOrigins indicates whether the response can be shared with requested
resource from the given
resource from the given
Origin.The
takes the form
Origin consists of a scheme and a host, with an optional port, andtakes the form
<scheme>://<host>(:<port>).Valid values for scheme are:
http and https.Valid values for port are any integer between 1 and 65535 (the list of
available TCP/UDP ports). Note that, if not included, port
assumed for
origins. This may affect origin matching.
available TCP/UDP ports). Note that, if not included, port
80 isassumed for
http scheme origins, and port 443 is assumed for httpsorigins. This may affect origin matching.
The host part of the origin may contain the wildcard character
wildcard characters behave as follows:
*. Thesewildcard characters behave as follows:
*
DNS labels to the left of its position. This also means that
left of its position.
* A wildcard by itself matches all hosts.
* is a greedy match to the _left_, including any number ofDNS labels to the left of its position. This also means that
* will include any number of period . characters to theleft of its position.
* A wildcard by itself matches all hosts.
An origin value that includes _only_ the
from all
* character indicates requestsfrom all
Origins are allowed.When the
means the server supports clients from multiple origins. If the request
the given
client.
AllowOrigins field is configured with multiple origins, itmeans the server supports clients from multiple origins. If the request
Origin matches the configured allowed origins, the gateway must returnthe given
Origin and sets value of the headerAccess-Control-Allow-Origin same as the Origin header provided by theclient.
The status code of a successful response to a "preflight" request is
always an OK status (i.e., 204 or 200).
always an OK status (i.e., 204 or 200).
If the request
the gateway returns 204/200 response but doesn't set the relevant
cross-origin response headers. Alternatively, the gateway responds with
403 status to the "preflight" request is denied, coupled with omitting
the CORS headers. The cross-origin request fails on the client side.
Therefore, the client doesn't attempt the actual cross-origin request.
Origin does not match the configured allowed origins,the gateway returns 204/200 response but doesn't set the relevant
cross-origin response headers. Alternatively, the gateway responds with
403 status to the "preflight" request is denied, coupled with omitting
the CORS headers. The cross-origin request fails on the client side.
Therefore, the client doesn't attempt the actual cross-origin request.
Conversely, if the request
allowed origins, the gateway sets the response header
header provided by the client.
Origin matches one of the configuredallowed origins, the gateway sets the response header
Access-Control-Allow-Origin to the same value as the Originheader provided by the client.
When config has the wildcard ("*") in allowOrigins, and the request
is not credentialed (e.g., it is a preflight request), the
wildcard as well or the Origin from the request.
is not credentialed (e.g., it is a preflight request), the
Access-Control-Allow-Origin response header either contains thewildcard as well or the Origin from the request.
When the request is credentialed, the gateway must not specify the
wildcard in the
also the
specified with the
in the value of the
instead of specifying the
the client.
*wildcard in the
Access-Control-Allow-Origin response header. Whenalso the
AllowCredentials field is true and AllowOrigins fieldspecified with the
* wildcard, the gateway must return a single originin the value of the
Access-Control-Allow-Origin response header,instead of specifying the
* wildcard. The value of the headerAccess-Control-Allow-Origin is same as the Origin header provided bythe client.
Support: Extended
Validation
Max items64
List typeset
Rule
AllowOrigins cannot contain '*' alongside other origins
Documentation References (1)
spec.traffic.cors.exposeHeaders
ExposeHeaders indicates which HTTP response headers can be exposed
to client-side scripts in response to a cross-origin request.
to client-side scripts in response to a cross-origin request.
A CORS-safelisted response header is an HTTP header in a CORS response
that it is considered safe to expose to the client scripts.
The CORS-safelisted response headers include the following headers:
(See https://fetch.spec.whatwg.org/#cors-safelisted-response-header-name)
The CORS-safelisted response headers are exposed to client by default.
that it is considered safe to expose to the client scripts.
The CORS-safelisted response headers include the following headers:
Cache-ControlContent-LanguageContent-LengthContent-TypeExpiresLast-ModifiedPragma(See https://fetch.spec.whatwg.org/#cors-safelisted-response-header-name)
The CORS-safelisted response headers are exposed to client by default.
When an HTTP header name is specified using the
this additional header will be exposed as part of the response to the
client.
ExposeHeaders field,this additional header will be exposed as part of the response to the
client.
Header names are not case-sensitive.
Multiple header names in the value of the
response header are separated by a comma (",").
Access-Control-Expose-Headersresponse header are separated by a comma (",").
A wildcard indicates that the responses with all HTTP headers are exposed
to clients. The
use
to clients. The
Access-Control-Expose-Headers response header can onlyuse
* wildcard as value when the request is not credentialed.When the
the request is credentialed, the gateway cannot use the
the
exposeHeaders config field contains the "*" wildcard andthe request is credentialed, the gateway cannot use the
* wildcard inthe
Access-Control-Expose-Headers response header.Support: Extended
Validation
Max items64
List typeset
spec.traffic.cors.maxAge
MaxAge indicates the duration (in seconds) for the client to cache the
results of a "preflight" request.
results of a "preflight" request.
The information provided by the
client until the time specified by
Access-Control-Allow-Methods andAccess-Control-Allow-Headers response headers can be cached by theclient until the time specified by
Access-Control-Max-Age elapses.The default value of
(seconds).
Access-Control-Max-Age response header is 5(seconds).
When the
header "Access-Control-Max-Age: 5" by default.
MaxAge field is unspecified, the gateway sets the responseheader "Access-Control-Max-Age: 5" by default.
Validation
Default5
Formatint32
Minimum1
Documentation References (1)
spec.traffic.csrf
Cross-Site Request Forgery (CSRF) policy for this traffic policy.
The CSRF policy has the following behavior:
* Safe methods (
* Requests without
be same-origin or non-browser requests and are allowed.
* Otherwise, the
comparing the
* Safe methods (
GET, HEAD, OPTIONS) are automatically allowed.* Requests without
Sec-Fetch-Site or Origin headers are assumed tobe same-origin or non-browser requests and are allowed.
* Otherwise, the
Sec-Fetch-Site header is checked, with a fallback tocomparing the
Origin header to the Host header.Documentation References (1)
spec.traffic.csrf.additionalOrigins
Additional source origins that will be
allowed in addition to the destination origin. The
a scheme and a host, with an optional port, and takes the form
allowed in addition to the destination origin. The
Origin consists ofa scheme and a host, with an optional port, and takes the form
<scheme>://<host>(:<port>).Validation
Min items1
Max items16
Documentation References (1)
spec.traffic.directResponse
Sends a direct response to the
client.
client.
Validation
Rule
body and bodyExpression may not both be set
Rule
conditional cannot be set with any other field
Rule
status: Required value
Documentation References (2)
spec.traffic.directResponse.body
Content to return in the HTTP response body.
The maximum length of the body is restricted to prevent excessively large responses.
If this field is omitted, no body is included in the response.
The maximum length of the body is restricted to prevent excessively large responses.
If this field is omitted, no body is included in the response.
Validation
Min length1
Max length4096
Documentation References (1)
spec.traffic.directResponse.bodyExpression
CEL expression that produces the HTTP response body.
Strings and bytes are written directly; other values are serialized as JSON.
If this field is omitted, no expression body is included in the response.
Strings and bytes are written directly; other values are serialized as JSON.
If this field is omitted, no expression body is included in the response.
Validation
Min length1
Max length16384
spec.traffic.directResponse.conditional
Conditional policy execution. Set this or the top-level directResponse fields.
The first matching policy will be executed.
A single policy may be provided without a condition set; if so, it must be the last policy and will be the fallback
in case no conditions are met.
The first matching policy will be executed.
A single policy may be provided without a condition set; if so, it must be the last policy and will be the fallback
in case no conditions are met.
Validation
Min items1
Max items16
Rule
conditional entries without condition must be last
Documentation References (1)
spec.traffic.directResponse.conditional.condition
CEL expression that must evaluate to true for this policy to execute.
Validation
Min length1
Max length16384
Documentation References (1)
spec.traffic.directResponse.conditional.policy
Policy to apply when the condition matches.
Validation
Rule
status is required
Rule
body and bodyExpression may not both be set
Documentation References (1)
spec.traffic.directResponse.conditional.policy.body
Content to return in the HTTP response body.
The maximum length of the body is restricted to prevent excessively large responses.
If this field is omitted, no body is included in the response.
The maximum length of the body is restricted to prevent excessively large responses.
If this field is omitted, no body is included in the response.
Validation
Min length1
Max length4096
Documentation References (1)
spec.traffic.directResponse.conditional.policy.bodyExpression
CEL expression that produces the HTTP response body.
Strings and bytes are written directly; other values are serialized as JSON.
If this field is omitted, no expression body is included in the response.
Strings and bytes are written directly; other values are serialized as JSON.
If this field is omitted, no expression body is included in the response.
Validation
Min length1
Max length16384
spec.traffic.directResponse.conditional.policy.headers
Response headers to set on the direct response.
Validation
Min items1
Max items16
List typemap
List map keysname
spec.traffic.directResponse.conditional.policy.headers.name
The name of the header to set.
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.traffic.directResponse.conditional.policy.headers.value
CEL expression that generates the output value for
the header.
the header.
Validation
Min length1
Max length16384
spec.traffic.directResponse.conditional.policy.status
HTTP status code to return.
Validation
Formatint32
Minimum200
Maximum599
Documentation References (1)
spec.traffic.directResponse.headers
Response headers to set on the direct response.
Validation
Min items1
Max items16
List typemap
List map keysname
spec.traffic.directResponse.headers.name
The name of the header to set.
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.traffic.directResponse.headers.value
CEL expression that generates the output value for
the header.
the header.
Validation
Min length1
Max length16384
spec.traffic.directResponse.status
HTTP status code to return.
Validation
Formatint32
Minimum200
Maximum599
Documentation References (1)
spec.traffic.extAuth
External authentication configuration for the policy.
This selects the external server to send requests to for authentication.
This selects the external server to send requests to for authentication.
An extAuth policy can be conditionally set by nesting configuration under the
conditional field.Validation
Rule
exactly one of the fields in [grpc http] must be set
Rule
cache requires grpc
Rule
conditional cannot be set with any other field
Rule
backendRef: Required value
Documentation References (3)
spec.traffic.extAuth.backendRef
External Authorization server to reach.
Supported types:
Service and Backend.Validation
Rule
Must have port for Service reference
Documentation References (2)
spec.traffic.extAuth.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.traffic.extAuth.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.traffic.extAuth.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
Documentation References (2)
spec.traffic.extAuth.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
Documentation References (2)
spec.traffic.extAuth.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
Documentation References (2)
spec.traffic.extAuth.cache
Caches gRPC authorization results.
WARNING: the safety of this feature depends on the cache key accurately
capturing every request property that the authorization service uses to
make a decision. For example, if the service returns different results
based on both path and authorization header, both must be included in
authorization result.
capturing every request property that the authorization service uses to
make a decision. For example, if the service returns different results
based on both path and authorization header, both must be included in
key; otherwise, one request may incorrectly reuse another request'sauthorization result.
If any key expression fails to evaluate or produces an unsupported value,
the request is still sent to the authorization service, but its result is
not read from or written to the cache.
the request is still sent to the authorization service, but its result is
not read from or written to the cache.
spec.traffic.extAuth.cache.key
Ordered list of CEL expressions evaluated against the request
to construct the cache key.
to construct the cache key.
Validation
Min items1
Max items16
spec.traffic.extAuth.cache.maxEntries
Maximum number of authorization results to keep in
the cache. If unset, this defaults to 10000.
the cache. If unset, this defaults to 10000.
Validation
Formatint32
Minimum1
spec.traffic.extAuth.cache.ttl
Duration string, such as
returns the duration that cached authorization results may be reused, or a
timestamp when the cached authorization result expires. The expression is
evaluated after the authorization response has been applied to the request.
5m, or a CEL expression thatreturns the duration that cached authorization results may be reused, or a
timestamp when the cached authorization result expires. The expression is
evaluated after the authorization response has been applied to the request.
Validation
Min length1
Max length16384
spec.traffic.extAuth.conditional
Conditional policy execution. Set this or the top-level extAuth fields.
The first matching policy will be executed.
A single policy may be provided without a condition set; if so, it must be the last policy and will be the fallback
in case no conditions are met.
The first matching policy will be executed.
A single policy may be provided without a condition set; if so, it must be the last policy and will be the fallback
in case no conditions are met.
Validation
Min items1
Max items16
Rule
conditional entries without condition must be last
Documentation References (1)
spec.traffic.extAuth.conditional.condition
CEL expression that must evaluate to true for this policy to execute.
Validation
Min length1
Max length16384
Documentation References (1)
spec.traffic.extAuth.conditional.policy
Policy to apply when the condition matches.
Validation
Rule
backendRef is required
Rule
exactly one of the fields in [grpc http] must be set
Rule
cache requires grpc
Documentation References (1)
spec.traffic.extAuth.conditional.policy.backendRef
External Authorization server to reach.
Supported types:
Service and Backend.Validation
Rule
Must have port for Service reference
Documentation References (1)
spec.traffic.extAuth.conditional.policy.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.traffic.extAuth.conditional.policy.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.traffic.extAuth.conditional.policy.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
Documentation References (1)
spec.traffic.extAuth.conditional.policy.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.traffic.extAuth.conditional.policy.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
Documentation References (1)
spec.traffic.extAuth.conditional.policy.cache
Caches gRPC authorization results.
WARNING: the safety of this feature depends on the cache key accurately
capturing every request property that the authorization service uses to
make a decision. For example, if the service returns different results
based on both path and authorization header, both must be included in
authorization result.
capturing every request property that the authorization service uses to
make a decision. For example, if the service returns different results
based on both path and authorization header, both must be included in
key; otherwise, one request may incorrectly reuse another request'sauthorization result.
If any key expression fails to evaluate or produces an unsupported value,
the request is still sent to the authorization service, but its result is
not read from or written to the cache.
the request is still sent to the authorization service, but its result is
not read from or written to the cache.
spec.traffic.extAuth.conditional.policy.cache.key
Ordered list of CEL expressions evaluated against the request
to construct the cache key.
to construct the cache key.
Validation
Min items1
Max items16
spec.traffic.extAuth.conditional.policy.cache.maxEntries
Maximum number of authorization results to keep in
the cache. If unset, this defaults to 10000.
the cache. If unset, this defaults to 10000.
Validation
Formatint32
Minimum1
spec.traffic.extAuth.conditional.policy.cache.ttl
Duration string, such as
returns the duration that cached authorization results may be reused, or a
timestamp when the cached authorization result expires. The expression is
evaluated after the authorization response has been applied to the request.
5m, or a CEL expression thatreturns the duration that cached authorization results may be reused, or a
timestamp when the cached authorization result expires. The expression is
evaluated after the authorization response has been applied to the request.
Validation
Min length1
Max length16384
spec.traffic.extAuth.conditional.policy.failureMode
Behavior when the external authorization service is
unavailable or returns an error. "FailOpen" allows the request to continue.
"FailClosed" (default) denies the request.
unavailable or returns an error. "FailOpen" allows the request to continue.
"FailClosed" (default) denies the request.
Validation
EnumFailClosed, FailOpen
Documentation References (1)
spec.traffic.extAuth.conditional.policy.forwardBody
Whether to include the HTTP body in the authorization request.
If enabled, the request body will be buffered.
If enabled, the request body will be buffered.
spec.traffic.extAuth.conditional.policy.forwardBody.maxSize
Largest body, in bytes, that will be buffered
and sent to the authorization server. If the body size is larger than
and sent to the authorization server. If the body size is larger than
maxSize, then the request will be rejected with a response.Validation
Pattern^[+-]?([0-9]+(\.[0-9]*)?|\.[0-9]+)(([KMGTPE]i)|[numkMGTPE]|[eE](\+?0*([0-9]|1[0-8])|-0*[0-9]))?$
Min length1
Max length32
Int or stringtrue
Rule
value must be at least 1 byte and fit within uint32
spec.traffic.extAuth.conditional.policy.grpc
Uses the gRPC External Authorization
[protocol](https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/auth/v3/external_auth.proto) should be used.
[protocol](https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/auth/v3/external_auth.proto) should be used.
Documentation References (1)
spec.traffic.extAuth.conditional.policy.grpc.contextExtensions
Additional arbitrary key-value pairs to
send to the authorization server in the
send to the authorization server in the
context_extensions field.Validation
Max properties64
spec.traffic.extAuth.conditional.policy.grpc.requestMetadata
Metadata to send to the authorization
server. This maps to the
request, and allows dynamic CEL expressions. If unset, by default the
well, for compatibility.
server. This maps to the
metadata_context.filter_metadata field of therequest, and allows dynamic CEL expressions. If unset, by default the
envoy.filters.http.jwt_authn key is set if the JWT policy is used aswell, for compatibility.
Validation
Max properties64
spec.traffic.extAuth.conditional.policy.http
Uses HTTP to connect to
the authorization server. The authorization server must return a
status code, otherwise the request is considered an authorization
failure.
the authorization server. The authorization server must return a
200status code, otherwise the request is considered an authorization
failure.
spec.traffic.extAuth.conditional.policy.http.addRequestHeaders
Additional headers to add to the
request to the authorization server. While
passes the original headers through,
custom headers based on CEL expressions.
request to the authorization server. While
allowedRequestHeaders justpasses the original headers through,
addRequestHeaders allows definingcustom headers based on CEL expressions.
Validation
Max properties64
spec.traffic.extAuth.conditional.policy.http.allowedRequestHeaders
Additional headers from the client request that
will be sent to the authorization server.
will be sent to the authorization server.
If unset, the following headers are sent by default:
Authorization.Validation
Max items64
spec.traffic.extAuth.conditional.policy.http.allowedResponseHeaders
Headers from the authorization response that
will be copied into the request to the backend.
will be copied into the request to the backend.
Validation
Max items64
spec.traffic.extAuth.conditional.policy.http.path
Path to send to the authorization server. If
unset, this defaults to the original request path.
This is a CEL expression, which allows customizing the path based on the
incoming request. For example, to add a prefix, use
unset, this defaults to the original request path.
This is a CEL expression, which allows customizing the path based on the
incoming request. For example, to add a prefix, use
"/prefix/" + request.path.Validation
Min length1
Max length16384
spec.traffic.extAuth.conditional.policy.http.redirect
Optional expression that determines a path to
redirect to on authorization failure. This is useful to redirect to a
sign-in page.
redirect to on authorization failure. This is useful to redirect to a
sign-in page.
Validation
Min length1
Max length16384
spec.traffic.extAuth.conditional.policy.http.responseMetadata
Metadata fields to construct
from the authorization response. These will be included under the
for things like logging usernames, without needing to include them as
headers to the backend, as
from the authorization response. These will be included under the
extauthz variable in future CEL expressions. Setting this is usefulfor things like logging usernames, without needing to include them as
headers to the backend, as
allowedResponseHeaders would.Validation
Max properties64
spec.traffic.extAuth.failureMode
Behavior when the external authorization service is
unavailable or returns an error. "FailOpen" allows the request to continue.
"FailClosed" (default) denies the request.
unavailable or returns an error. "FailOpen" allows the request to continue.
"FailClosed" (default) denies the request.
Validation
EnumFailClosed, FailOpen
spec.traffic.extAuth.forwardBody
Whether to include the HTTP body in the authorization request.
If enabled, the request body will be buffered.
If enabled, the request body will be buffered.
spec.traffic.extAuth.forwardBody.maxSize
Largest body, in bytes, that will be buffered
and sent to the authorization server. If the body size is larger than
and sent to the authorization server. If the body size is larger than
maxSize, then the request will be rejected with a response.Validation
Pattern^[+-]?([0-9]+(\.[0-9]*)?|\.[0-9]+)(([KMGTPE]i)|[numkMGTPE]|[eE](\+?0*([0-9]|1[0-8])|-0*[0-9]))?$
Min length1
Max length32
Int or stringtrue
Rule
value must be at least 1 byte and fit within uint32
spec.traffic.extAuth.grpc
Uses the gRPC External Authorization
[protocol](https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/auth/v3/external_auth.proto) should be used.
[protocol](https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/auth/v3/external_auth.proto) should be used.
Documentation References (1)
spec.traffic.extAuth.grpc.contextExtensions
Additional arbitrary key-value pairs to
send to the authorization server in the
send to the authorization server in the
context_extensions field.Validation
Max properties64
spec.traffic.extAuth.grpc.requestMetadata
Metadata to send to the authorization
server. This maps to the
request, and allows dynamic CEL expressions. If unset, by default the
well, for compatibility.
server. This maps to the
metadata_context.filter_metadata field of therequest, and allows dynamic CEL expressions. If unset, by default the
envoy.filters.http.jwt_authn key is set if the JWT policy is used aswell, for compatibility.
Validation
Max properties64
spec.traffic.extAuth.http
Uses HTTP to connect to
the authorization server. The authorization server must return a
status code, otherwise the request is considered an authorization
failure.
the authorization server. The authorization server must return a
200status code, otherwise the request is considered an authorization
failure.
Documentation References (1)
spec.traffic.extAuth.http.addRequestHeaders
Additional headers to add to the
request to the authorization server. While
passes the original headers through,
custom headers based on CEL expressions.
request to the authorization server. While
allowedRequestHeaders justpasses the original headers through,
addRequestHeaders allows definingcustom headers based on CEL expressions.
Validation
Max properties64
spec.traffic.extAuth.http.allowedRequestHeaders
Additional headers from the client request that
will be sent to the authorization server.
will be sent to the authorization server.
If unset, the following headers are sent by default:
Authorization.Validation
Max items64
spec.traffic.extAuth.http.allowedResponseHeaders
Headers from the authorization response that
will be copied into the request to the backend.
will be copied into the request to the backend.
Validation
Max items64
Documentation References (1)
spec.traffic.extAuth.http.path
Path to send to the authorization server. If
unset, this defaults to the original request path.
This is a CEL expression, which allows customizing the path based on the
incoming request. For example, to add a prefix, use
unset, this defaults to the original request path.
This is a CEL expression, which allows customizing the path based on the
incoming request. For example, to add a prefix, use
"/prefix/" + request.path.Validation
Min length1
Max length16384
Documentation References (1)
spec.traffic.extAuth.http.redirect
Optional expression that determines a path to
redirect to on authorization failure. This is useful to redirect to a
sign-in page.
redirect to on authorization failure. This is useful to redirect to a
sign-in page.
Validation
Min length1
Max length16384
spec.traffic.extAuth.http.responseMetadata
Metadata fields to construct
from the authorization response. These will be included under the
for things like logging usernames, without needing to include them as
headers to the backend, as
from the authorization response. These will be included under the
extauthz variable in future CEL expressions. Setting this is usefulfor things like logging usernames, without needing to include them as
headers to the backend, as
allowedResponseHeaders would.Validation
Max properties64
spec.traffic.extProc
External processing configuration for the policy.
Validation
Rule
conditional cannot be set with any other field
Rule
backendRef: Required value
Documentation References (2)
spec.traffic.extProc.backendRef
External Processor server to reach.
Supported types:
Supported types:
Service and Backend.Validation
Rule
Must have port for Service reference
Documentation References (1)
spec.traffic.extProc.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.traffic.extProc.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.traffic.extProc.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
Documentation References (1)
spec.traffic.extProc.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
Documentation References (1)
spec.traffic.extProc.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
Documentation References (1)
spec.traffic.extProc.conditional
Conditional policy execution. Set this or the top-level extProc fields.
The first matching policy will be executed.
A single policy may be provided without a condition set; if so, it must be the last policy and will be the fallback
in case no conditions are met.
The first matching policy will be executed.
A single policy may be provided without a condition set; if so, it must be the last policy and will be the fallback
in case no conditions are met.
Validation
Min items1
Max items16
Rule
conditional entries without condition must be last
Documentation References (1)
spec.traffic.extProc.conditional.condition
CEL expression that must evaluate to true for this policy to execute.
Validation
Min length1
Max length16384
Documentation References (1)
spec.traffic.extProc.conditional.policy
Policy to apply when the condition matches.
Validation
Rule
backendRef is required
Documentation References (1)
spec.traffic.extProc.conditional.policy.backendRef
External Processor server to reach.
Supported types:
Supported types:
Service and Backend.Validation
Rule
Must have port for Service reference
Documentation References (1)
spec.traffic.extProc.conditional.policy.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.traffic.extProc.conditional.policy.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.traffic.extProc.conditional.policy.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
Documentation References (1)
spec.traffic.extProc.conditional.policy.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.traffic.extProc.conditional.policy.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
Documentation References (1)
spec.traffic.extProc.conditional.policy.processingOptions
How request and response phases are sent to ext_proc.
spec.traffic.extProc.conditional.policy.processingOptions.allowModeOverride
Allows ext_proc
subsequent request/response processing phases for this exchange. Defaults to
mode_override values from matching header responses to updatesubsequent request/response processing phases for this exchange. Defaults to
false.Validation
Defaultfalse
spec.traffic.extProc.conditional.policy.processingOptions.requestBodyMode
How request bodies are sent to the external processor.
body exceeds that limit. Defaults to
Buffered buffers the full body and returns an error if it exceeds 8KB.BufferedPartial buffers up to 8KB and sends the buffered prefix if thebody exceeds that limit. Defaults to
FullDuplexStreamed.Validation
EnumNone, Buffered, BufferedPartial, FullDuplexStreamed
DefaultFullDuplexStreamed
spec.traffic.extProc.conditional.policy.processingOptions.requestHeaderMode
Whether request headers are sent to the external processor.
Defaults to
Defaults to
Send.Validation
EnumSend, Skip
DefaultSend
spec.traffic.extProc.conditional.policy.processingOptions.requestTrailerMode
Whether request trailers are sent to the external processor.
Defaults to
Defaults to
Send.Validation
EnumSkip, Send
DefaultSend
spec.traffic.extProc.conditional.policy.processingOptions.responseBodyMode
How response bodies are sent to the external processor.
body exceeds that limit. Defaults to
Buffered buffers the full body and returns an error if it exceeds 8KB.BufferedPartial buffers up to 8KB and sends the buffered prefix if thebody exceeds that limit. Defaults to
FullDuplexStreamed.Validation
EnumNone, Buffered, BufferedPartial, FullDuplexStreamed
DefaultFullDuplexStreamed
spec.traffic.extProc.conditional.policy.processingOptions.responseHeaderMode
Whether response headers are sent to the external processor.
Defaults to
Defaults to
Send.Validation
EnumSend, Skip
DefaultSend
spec.traffic.extProc.conditional.policy.processingOptions.responseTrailerMode
Whether response trailers are sent to the external processor.
Defaults to
Defaults to
Send.Validation
EnumSkip, Send
DefaultSend
spec.traffic.extProc.processingOptions
How request and response phases are sent to ext_proc.
spec.traffic.extProc.processingOptions.allowModeOverride
Allows ext_proc
subsequent request/response processing phases for this exchange. Defaults to
mode_override values from matching header responses to updatesubsequent request/response processing phases for this exchange. Defaults to
false.Validation
Defaultfalse
spec.traffic.extProc.processingOptions.requestBodyMode
How request bodies are sent to the external processor.
body exceeds that limit. Defaults to
Buffered buffers the full body and returns an error if it exceeds 8KB.BufferedPartial buffers up to 8KB and sends the buffered prefix if thebody exceeds that limit. Defaults to
FullDuplexStreamed.Validation
EnumNone, Buffered, BufferedPartial, FullDuplexStreamed
DefaultFullDuplexStreamed
spec.traffic.extProc.processingOptions.requestHeaderMode
Whether request headers are sent to the external processor.
Defaults to
Defaults to
Send.Validation
EnumSend, Skip
DefaultSend
spec.traffic.extProc.processingOptions.requestTrailerMode
Whether request trailers are sent to the external processor.
Defaults to
Defaults to
Send.Validation
EnumSkip, Send
DefaultSend
spec.traffic.extProc.processingOptions.responseBodyMode
How response bodies are sent to the external processor.
body exceeds that limit. Defaults to
Buffered buffers the full body and returns an error if it exceeds 8KB.BufferedPartial buffers up to 8KB and sends the buffered prefix if thebody exceeds that limit. Defaults to
FullDuplexStreamed.Validation
EnumNone, Buffered, BufferedPartial, FullDuplexStreamed
DefaultFullDuplexStreamed
spec.traffic.extProc.processingOptions.responseHeaderMode
Whether response headers are sent to the external processor.
Defaults to
Defaults to
Send.Validation
EnumSend, Skip
DefaultSend
spec.traffic.extProc.processingOptions.responseTrailerMode
Whether response trailers are sent to the external processor.
Defaults to
Defaults to
Send.Validation
EnumSkip, Send
DefaultSend
spec.traffic.headerModifiers
Request and response header modification policy.
Validation
Rule
at least one of the fields in [request response] must be set
spec.traffic.headerModifiers.request
Header changes to apply before forwarding a request.
spec.traffic.headerModifiers.request.add
Add adds the given header(s) (name, value) to the request
before the action. It appends to any existing values associated
with the header name.
before the action. It appends to any existing values associated
with the header name.
Input:
GET /foo HTTP/1.1
my-header: foo
GET /foo HTTP/1.1
my-header: foo
Config:
add:
- name: "my-header"
value: "bar,baz"
add:
- name: "my-header"
value: "bar,baz"
Output:
GET /foo HTTP/1.1
my-header: foo,bar,baz
GET /foo HTTP/1.1
my-header: foo,bar,baz
Validation
Max items16
List typemap
List map keysname
spec.traffic.headerModifiers.request.add.name
Name is the name of the HTTP Header to be matched. Name matching MUST be
case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
If multiple entries specify equivalent header names, the first entry with
an equivalent name MUST be considered for a match. Subsequent entries
with an equivalent header name MUST be ignored. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered
equivalent.
an equivalent name MUST be considered for a match. Subsequent entries
with an equivalent header name MUST be ignored. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered
equivalent.
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.traffic.headerModifiers.request.add.value
Value is the value of HTTP Header to be matched.
<gateway:experimental:description>
Must consist of printable US-ASCII characters, optionally separated
by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2
</gateway:experimental:description>
<gateway:experimental:description>
Must consist of printable US-ASCII characters, optionally separated
by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2
</gateway:experimental:description>
<gateway:experimental:validation:Pattern=
^[!-~]+([\t ]?[!-~]+)*$>Validation
Min length1
Max length4096
spec.traffic.headerModifiers.request.remove
Remove the given header(s) from the HTTP request before the action. The
value of Remove is a list of HTTP header names. Note that the header
names are case-insensitive (see
https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
value of Remove is a list of HTTP header names. Note that the header
names are case-insensitive (see
https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
Input:
GET /foo HTTP/1.1
my-header1: foo
my-header2: bar
my-header3: baz
GET /foo HTTP/1.1
my-header1: foo
my-header2: bar
my-header3: baz
Config:
remove: ["my-header1", "my-header3"]
remove: ["my-header1", "my-header3"]
Output:
GET /foo HTTP/1.1
my-header2: bar
GET /foo HTTP/1.1
my-header2: bar
Validation
Max items16
List typeset
spec.traffic.headerModifiers.request.set
Set overwrites the request with the given header (name, value)
before the action.
before the action.
Input:
GET /foo HTTP/1.1
my-header: foo
GET /foo HTTP/1.1
my-header: foo
Config:
set:
- name: "my-header"
value: "bar"
set:
- name: "my-header"
value: "bar"
Output:
GET /foo HTTP/1.1
my-header: bar
GET /foo HTTP/1.1
my-header: bar
Validation
Max items16
List typemap
List map keysname
spec.traffic.headerModifiers.request.set.name
Name is the name of the HTTP Header to be matched. Name matching MUST be
case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
If multiple entries specify equivalent header names, the first entry with
an equivalent name MUST be considered for a match. Subsequent entries
with an equivalent header name MUST be ignored. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered
equivalent.
an equivalent name MUST be considered for a match. Subsequent entries
with an equivalent header name MUST be ignored. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered
equivalent.
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.traffic.headerModifiers.request.set.value
Value is the value of HTTP Header to be matched.
<gateway:experimental:description>
Must consist of printable US-ASCII characters, optionally separated
by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2
</gateway:experimental:description>
<gateway:experimental:description>
Must consist of printable US-ASCII characters, optionally separated
by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2
</gateway:experimental:description>
<gateway:experimental:validation:Pattern=
^[!-~]+([\t ]?[!-~]+)*$>Validation
Min length1
Max length4096
spec.traffic.headerModifiers.response
Header changes to apply before returning a response.
spec.traffic.headerModifiers.response.add
Add adds the given header(s) (name, value) to the request
before the action. It appends to any existing values associated
with the header name.
before the action. It appends to any existing values associated
with the header name.
Input:
GET /foo HTTP/1.1
my-header: foo
GET /foo HTTP/1.1
my-header: foo
Config:
add:
- name: "my-header"
value: "bar,baz"
add:
- name: "my-header"
value: "bar,baz"
Output:
GET /foo HTTP/1.1
my-header: foo,bar,baz
GET /foo HTTP/1.1
my-header: foo,bar,baz
Validation
Max items16
List typemap
List map keysname
spec.traffic.headerModifiers.response.add.name
Name is the name of the HTTP Header to be matched. Name matching MUST be
case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
If multiple entries specify equivalent header names, the first entry with
an equivalent name MUST be considered for a match. Subsequent entries
with an equivalent header name MUST be ignored. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered
equivalent.
an equivalent name MUST be considered for a match. Subsequent entries
with an equivalent header name MUST be ignored. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered
equivalent.
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.traffic.headerModifiers.response.add.value
Value is the value of HTTP Header to be matched.
<gateway:experimental:description>
Must consist of printable US-ASCII characters, optionally separated
by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2
</gateway:experimental:description>
<gateway:experimental:description>
Must consist of printable US-ASCII characters, optionally separated
by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2
</gateway:experimental:description>
<gateway:experimental:validation:Pattern=
^[!-~]+([\t ]?[!-~]+)*$>Validation
Min length1
Max length4096
spec.traffic.headerModifiers.response.remove
Remove the given header(s) from the HTTP request before the action. The
value of Remove is a list of HTTP header names. Note that the header
names are case-insensitive (see
https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
value of Remove is a list of HTTP header names. Note that the header
names are case-insensitive (see
https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
Input:
GET /foo HTTP/1.1
my-header1: foo
my-header2: bar
my-header3: baz
GET /foo HTTP/1.1
my-header1: foo
my-header2: bar
my-header3: baz
Config:
remove: ["my-header1", "my-header3"]
remove: ["my-header1", "my-header3"]
Output:
GET /foo HTTP/1.1
my-header2: bar
GET /foo HTTP/1.1
my-header2: bar
Validation
Max items16
List typeset
spec.traffic.headerModifiers.response.set
Set overwrites the request with the given header (name, value)
before the action.
before the action.
Input:
GET /foo HTTP/1.1
my-header: foo
GET /foo HTTP/1.1
my-header: foo
Config:
set:
- name: "my-header"
value: "bar"
set:
- name: "my-header"
value: "bar"
Output:
GET /foo HTTP/1.1
my-header: bar
GET /foo HTTP/1.1
my-header: bar
Validation
Max items16
List typemap
List map keysname
spec.traffic.headerModifiers.response.set.name
Name is the name of the HTTP Header to be matched. Name matching MUST be
case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
If multiple entries specify equivalent header names, the first entry with
an equivalent name MUST be considered for a match. Subsequent entries
with an equivalent header name MUST be ignored. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered
equivalent.
an equivalent name MUST be considered for a match. Subsequent entries
with an equivalent header name MUST be ignored. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered
equivalent.
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.traffic.headerModifiers.response.set.value
Value is the value of HTTP Header to be matched.
<gateway:experimental:description>
Must consist of printable US-ASCII characters, optionally separated
by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2
</gateway:experimental:description>
<gateway:experimental:description>
Must consist of printable US-ASCII characters, optionally separated
by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2
</gateway:experimental:description>
<gateway:experimental:validation:Pattern=
^[!-~]+([\t ]?[!-~]+)*$>Validation
Min length1
Max length4096
spec.traffic.hostRewrite
How to rewrite the
Host header for requests.If the
this setting is ignored.
HTTPRoute urlRewrite filter already specifies a host rewrite,this setting is ignored.
spec.traffic.hostRewrite.mode
Hostname rewrite mode.
The following may be specified:
*
*
will be passed through.
*
Auto: automatically set the Host header based on the destination.*
None: do not rewrite the Host header. The original Host headerwill be passed through.
This setting defaults to
backends.
Auto when connecting to hostname-basedBackend types, and None otherwise, for Service or IP-basedbackends.
Validation
EnumAuto, None
spec.traffic.jwtAuthentication
Authenticates users based on JWT tokens.
Validation
Rule
jwtAuthentication.mcp requires exactly one provider
Rule
jwtAuthentication.mcp requires mode Strict
Documentation References (4)
spec.traffic.jwtAuthentication.location
Where JWT credentials are read from.
If omitted, credentials are read from the
If omitted, credentials are read from the
Authorization header with the Bearer prefix.Validation
Rule
exactly one of the fields in [header queryParameter cookie expression] must be set
spec.traffic.jwtAuthentication.location.cookie
No description for this field.
spec.traffic.jwtAuthentication.location.cookie.name
No description for this field.
Validation
Min length1
Max length256
spec.traffic.jwtAuthentication.location.expression
CEL expression that extracts the credential from the request.
Validation
Min length1
Max length16384
spec.traffic.jwtAuthentication.location.header
No description for this field.
spec.traffic.jwtAuthentication.location.header.name
HTTPHeaderName is the name of an HTTP header.
Valid values include:
* "Authorization"
* "Set-Cookie"
* "Set-Cookie"
Invalid values include:
- ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
Validation
Pattern^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
spec.traffic.jwtAuthentication.location.header.prefix
No description for this field.
Validation
Min length1
Max length256
spec.traffic.jwtAuthentication.location.queryParameter
No description for this field.
spec.traffic.jwtAuthentication.location.queryParameter.name
No description for this field.
Validation
Min length1
Max length256
spec.traffic.jwtAuthentication.mcp
Enables MCP OAuth metadata endpoint handling
and MCP-specific authentication behavior on top of standard JWT validation.
When set, the gateway will serve the MCP OAuth metadata discovery endpoints.
and MCP-specific authentication behavior on top of standard JWT validation.
When set, the gateway will serve the MCP OAuth metadata discovery endpoints.
Documentation References (1)
spec.traffic.jwtAuthentication.mcp.clientId
Client ID to use for short-circuiting Dynamic Client Registration.
If set, the gateway will not proxy registration requests to the IDP and instead return this client ID.
If set, the gateway will not proxy registration requests to the IDP and instead return this client ID.
spec.traffic.jwtAuthentication.mcp.provider
Identity provider to use for MCP authentication flows.
Validation
EnumAuth0, Keycloak, Okta
Documentation References (1)
spec.traffic.jwtAuthentication.mcp.resourceMetadata
Metadata to use for MCP resources,
served at the MCP OAuth metadata endpoints.
served at the MCP OAuth metadata endpoints.
Documentation References (1)
spec.traffic.jwtAuthentication.mode
Validation mode for JWT authentication.
Validation
EnumOptional, Permissive, Strict
DefaultStrict
Documentation References (4)
spec.traffic.jwtAuthentication.providers
No description for this field.
Validation
Min items1
Max items64
Documentation References (4)
spec.traffic.jwtAuthentication.providers.audiences
Allowed audiences that are allowed
access. This corresponds to the
([RFC 7519 §4.1.3](https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.3)).
If unset, any audience is allowed.
access. This corresponds to the
aud claim([RFC 7519 §4.1.3](https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.3)).
If unset, any audience is allowed.
Validation
Min items1
Max items64
Documentation References (1)
spec.traffic.jwtAuthentication.providers.issuer
IdP that issued the JWT. This corresponds to the
iss claim ([RFC 7519 §4.1.1](https://tools.ietf.org/html/rfc7519#section-4.1.1)).Validation
Min length1
Max length256
Documentation References (4)
spec.traffic.jwtAuthentication.providers.jwks
JSON Web Key Set used to validate the signature of the
JWT.
JWT.
Validation
Rule
exactly one of the fields in [remote inline] must be set
Documentation References (4)
spec.traffic.jwtAuthentication.providers.jwks.inline
Inline JSON Web Key Set used to validate the
signature of the JWT.
signature of the JWT.
Validation
Min length2
Max length65536
Documentation References (2)
spec.traffic.jwtAuthentication.providers.jwks.remote
How to reach the JSON Web Key Set from a remote
address.
address.
Documentation References (2)
spec.traffic.jwtAuthentication.providers.jwks.remote.backendRef
Remote JWKS server to reach.
Supported types are
to the
connection to the remote
Supported types are
Service and static Backend. AnAgentgatewayPolicy containing backend TLS config can then be attachedto the
Service or Backend in order to set TLS options for aconnection to the remote
jwks source.Validation
Rule
Must have port for Service reference
Documentation References (2)
spec.traffic.jwtAuthentication.providers.jwks.remote.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
Documentation References (1)
spec.traffic.jwtAuthentication.providers.jwks.remote.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
Documentation References (2)
spec.traffic.jwtAuthentication.providers.jwks.remote.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
Documentation References (2)
spec.traffic.jwtAuthentication.providers.jwks.remote.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
Documentation References (2)
spec.traffic.jwtAuthentication.providers.jwks.remote.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
Documentation References (2)
spec.traffic.jwtAuthentication.providers.jwks.remote.cacheDuration
No description for this field.
Validation
Default5m
Rule
invalid duration value
Rule
cacheDuration must be at least 5m.
Documentation References (1)
spec.traffic.jwtAuthentication.providers.jwks.remote.jwksPath
Path to the IdP
jwks endpoint, relative to the root, commonly".well-known/jwks.json".Validation
Min length1
Max length2000
Documentation References (2)
spec.traffic.phase
The phase to apply the traffic policy to. If the phase is
the
typically used only when a policy needs to influence the routing
decision.
PreRouting,the
targetRef must be a Gateway or a Listener. PreRouting istypically used only when a policy needs to influence the routing
decision.
Even when using
routes under that
described above.
PostRouting mode, the policy can target theGateway or Listener. This is a helper for applying the policy to allroutes under that
Gateway or Listener, and follows the merging logicdescribed above.
Note:
are independent execution phases. That is, all
merge and execute, then all
PreRouting and PostRouting rules do not merge together. Theseare independent execution phases. That is, all
PreRouting rules willmerge and execute, then all
PostRouting rules will merge and execute.If unset, this defaults to
PostRouting.Validation
EnumPostRouting, PreRouting
Documentation References (3)
spec.traffic.rateLimit
Rate limiting configuration for the policy.
This limits the rate at which requests are processed.
This limits the rate at which requests are processed.
Validation
Rule
at least one of the fields in [conditional global local] must be set
Rule
conditional cannot be set with any other field
spec.traffic.rateLimit.conditional
Conditional policy execution. Set this or the top-level rateLimit fields.
The first matching policy will be executed.
A single policy may be provided without a condition set; if so, it must be the last policy and will be the fallback
in case no conditions are met.
The first matching policy will be executed.
A single policy may be provided without a condition set; if so, it must be the last policy and will be the fallback
in case no conditions are met.
Validation
Min items1
Max items16
Rule
conditional entries without condition must be last
Documentation References (1)
spec.traffic.rateLimit.conditional.condition
CEL expression that must evaluate to true for this policy to execute.
Validation
Min length1
Max length16384
Documentation References (1)
spec.traffic.rateLimit.conditional.policy
Policy to apply when the condition matches.
Validation
Rule
at least one of the fields in [global local] must be set
Documentation References (1)
spec.traffic.rateLimit.conditional.policy.global
Global rate limiting policy using an external service.
spec.traffic.rateLimit.conditional.policy.global.backendRef
Rate limit server to reach.
Supported types:
Supported types:
Service and Backend.Validation
Rule
Must have port for Service reference
spec.traffic.rateLimit.conditional.policy.global.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.traffic.rateLimit.conditional.policy.global.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
spec.traffic.rateLimit.conditional.policy.global.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
spec.traffic.rateLimit.conditional.policy.global.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
spec.traffic.rateLimit.conditional.policy.global.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
spec.traffic.rateLimit.conditional.policy.global.descriptors
Dimensions for rate limiting. These values are
passed to the rate limit service which applies configured limits based
on them. Each descriptor represents a single rate limit rule with one or
more entries.
passed to the rate limit service which applies configured limits based
on them. Each descriptor represents a single rate limit rule with one or
more entries.
Validation
Min items1
Max items16
spec.traffic.rateLimit.conditional.policy.global.descriptors.cost
Common Expression Language (
the cost of the request for this descriptor. If unset,
default to 1, and
CEL) expression that determinesthe cost of the request for this descriptor. If unset,
Requests costsdefault to 1, and
Tokens costs default to the total token count.Tokens cost are evaluated after the request has completed. For non-streaming requests, request, llm, andresponse fields are all available; for streaming requests, response is not available (however, all LLMattributes are in
llm). For Requests, cost is computed during the request phase.See https://agentgateway.dev/docs/standalone/latest/reference/cel/ for more info.
Validation
Min length1
Max length16384
spec.traffic.rateLimit.conditional.policy.global.descriptors.entries
Individual components that make up this descriptor.
Validation
Min items1
Max items16
spec.traffic.rateLimit.conditional.policy.global.descriptors.entries.expression
Common Expression Language (
defines the value for the descriptor.
CEL) expression thatdefines the value for the descriptor.
For example, to rate limit based on the Client IP:
source.address.See https://agentgateway.dev/docs/standalone/latest/reference/cel/ for more info.
Validation
Min length1
Max length16384
spec.traffic.rateLimit.conditional.policy.global.descriptors.entries.name
Name of the descriptor.
Validation
Min length1
Max length64
spec.traffic.rateLimit.conditional.policy.global.descriptors.unit
Cost unit. If unspecified,
Requests is used.Validation
EnumRequests, Tokens
spec.traffic.rateLimit.conditional.policy.global.domain
Domain under which this limit should apply.
This is an arbitrary string that enables a rate limit server to distinguish between different applications.
This is an arbitrary string that enables a rate limit server to distinguish between different applications.
Validation
Min length1
Max length256
spec.traffic.rateLimit.conditional.policy.global.failureMode
Behavior when the remote rate limit service is
unavailable or returns an error.
unavailable or returns an error.
FailOpen allows the request to continue.FailClosed (default) denies the request.Validation
EnumFailClosed, FailOpen
spec.traffic.rateLimit.conditional.policy.local
Local rate limiting policy.
Validation
Min items1
Max items16
Documentation References (1)
spec.traffic.rateLimit.conditional.policy.local.burst
Allowance of requests above the request-per-unit
that should be allowed within a short period of time.
that should be allowed within a short period of time.
Validation
Formatint32
spec.traffic.rateLimit.conditional.policy.local.requests
Number of HTTP requests per unit of time that
are allowed. Requests exceeding this limit will fail with a
error.
are allowed. Requests exceeding this limit will fail with a
429error.
Validation
Formatint32
Minimum1
Documentation References (1)
spec.traffic.rateLimit.conditional.policy.local.tokens
Number of LLM tokens per unit of time that are
allowed. Requests exceeding this limit will fail with a
allowed. Requests exceeding this limit will fail with a
429 error.Both input and output tokens are counted. However, token counts are not known until the request completes. As a
result, token-based rate limits will apply to future requests only.
result, token-based rate limits will apply to future requests only.
Validation
Formatint32
Minimum1
spec.traffic.rateLimit.conditional.policy.local.unit
Unit of time for the limit.
Validation
EnumHours, Minutes, Seconds
Documentation References (1)
spec.traffic.rateLimit.global
Global rate limiting policy using an external service.
Documentation References (3)
spec.traffic.rateLimit.global.backendRef
Rate limit server to reach.
Supported types:
Supported types:
Service and Backend.Validation
Rule
Must have port for Service reference
Documentation References (3)
spec.traffic.rateLimit.global.backendRef.group
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
When unspecified or empty string, core API group is inferred.
Validation
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
spec.traffic.rateLimit.global.backendRef.kind
Kind is the Kubernetes resource kind of the referent. For example
"Service".
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
Validation
DefaultService
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
Documentation References (2)
spec.traffic.rateLimit.global.backendRef.name
Name is the name of the referent.
Validation
Min length1
Max length253
Documentation References (3)
spec.traffic.rateLimit.global.backendRef.namespace
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
Documentation References (2)
spec.traffic.rateLimit.global.backendRef.port
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
Validation
Formatint32
Minimum1
Maximum65535
Documentation References (3)
spec.traffic.rateLimit.global.descriptors
Dimensions for rate limiting. These values are
passed to the rate limit service which applies configured limits based
on them. Each descriptor represents a single rate limit rule with one or
more entries.
passed to the rate limit service which applies configured limits based
on them. Each descriptor represents a single rate limit rule with one or
more entries.
Validation
Min items1
Max items16
Documentation References (3)
spec.traffic.rateLimit.global.descriptors.cost
Common Expression Language (
the cost of the request for this descriptor. If unset,
default to 1, and
CEL) expression that determinesthe cost of the request for this descriptor. If unset,
Requests costsdefault to 1, and
Tokens costs default to the total token count.Tokens cost are evaluated after the request has completed. For non-streaming requests, request, llm, andresponse fields are all available; for streaming requests, response is not available (however, all LLMattributes are in
llm). For Requests, cost is computed during the request phase.See https://agentgateway.dev/docs/standalone/latest/reference/cel/ for more info.
Validation
Min length1
Max length16384
spec.traffic.rateLimit.global.descriptors.entries
Individual components that make up this descriptor.
Validation
Min items1
Max items16
Documentation References (3)
spec.traffic.rateLimit.global.descriptors.entries.expression
Common Expression Language (
defines the value for the descriptor.
CEL) expression thatdefines the value for the descriptor.
For example, to rate limit based on the Client IP:
source.address.See https://agentgateway.dev/docs/standalone/latest/reference/cel/ for more info.
Validation
Min length1
Max length16384
Documentation References (3)
spec.traffic.rateLimit.global.descriptors.entries.name
Name of the descriptor.
Validation
Min length1
Max length64
Documentation References (3)
spec.traffic.rateLimit.global.descriptors.unit
Cost unit. If unspecified,
Requests is used.Validation
EnumRequests, Tokens
Documentation References (2)
spec.traffic.rateLimit.global.domain
Domain under which this limit should apply.
This is an arbitrary string that enables a rate limit server to distinguish between different applications.
This is an arbitrary string that enables a rate limit server to distinguish between different applications.
Validation
Min length1
Max length256
Documentation References (3)
spec.traffic.rateLimit.global.failureMode
Behavior when the remote rate limit service is
unavailable or returns an error.
unavailable or returns an error.
FailOpen allows the request to continue.FailClosed (default) denies the request.Validation
EnumFailClosed, FailOpen
spec.traffic.rateLimit.local
Local rate limiting policy.
Validation
Min items1
Max items16
spec.traffic.rateLimit.local.burst
Allowance of requests above the request-per-unit
that should be allowed within a short period of time.
that should be allowed within a short period of time.
Validation
Formatint32
Documentation References (4)
spec.traffic.rateLimit.local.requests
Number of HTTP requests per unit of time that
are allowed. Requests exceeding this limit will fail with a
error.
are allowed. Requests exceeding this limit will fail with a
429error.
Validation
Formatint32
Minimum1
spec.traffic.rateLimit.local.tokens
Number of LLM tokens per unit of time that are
allowed. Requests exceeding this limit will fail with a
allowed. Requests exceeding this limit will fail with a
429 error.Both input and output tokens are counted. However, token counts are not known until the request completes. As a
result, token-based rate limits will apply to future requests only.
result, token-based rate limits will apply to future requests only.
Validation
Formatint32
Minimum1
Documentation References (4)
spec.traffic.rateLimit.local.unit
Unit of time for the limit.
Validation
EnumHours, Minutes, Seconds
spec.traffic.retry
Retry policy.
Documentation References (2)
spec.traffic.retry.attempts
Attempts specifies the maximum number of times an individual request
from the gateway to a backend should be retried.
from the gateway to a backend should be retried.
If the maximum number of retries has been attempted without a successful
response from the backend, the Gateway MUST return an error.
response from the backend, the Gateway MUST return an error.
When this field is unspecified, the number of times to attempt to retry
a backend request is implementation-specific.
a backend request is implementation-specific.
Support: Extended
Documentation References (2)
spec.traffic.retry.backoff
Backoff specifies the minimum duration a Gateway should wait between
retry attempts and is represented in Gateway API Duration formatting.
retry attempts and is represented in Gateway API Duration formatting.
For example, setting the
100 milliseconds after timing out or receiving a response code configured
to be retriable.
rules[].retry.backoff field to the value100ms will cause a backend request to first be retried approximately100 milliseconds after timing out or receiving a response code configured
to be retriable.
An implementation MAY use an exponential or alternative backoff strategy
for subsequent retry attempts, MAY cap the maximum backoff duration to
some amount greater than the specified minimum, and MAY add arbitrary
jitter to stagger requests, as long as unsuccessful backend requests are
not retried before the configured minimum duration.
for subsequent retry attempts, MAY cap the maximum backoff duration to
some amount greater than the specified minimum, and MAY add arbitrary
jitter to stagger requests, as long as unsuccessful backend requests are
not retried before the configured minimum duration.
If a Request timeout (
route, the entire duration of the initial request and any retry attempts
MUST not exceed the Request timeout duration. If any retry attempts are
still in progress when the Request timeout duration has been reached,
these SHOULD be canceled if possible and the Gateway MUST immediately
return a timeout error.
rules[].timeouts.request) is configured on theroute, the entire duration of the initial request and any retry attempts
MUST not exceed the Request timeout duration. If any retry attempts are
still in progress when the Request timeout duration has been reached,
these SHOULD be canceled if possible and the Gateway MUST immediately
return a timeout error.
If a BackendRequest timeout (
configured on the route, any retry attempts which reach the configured
BackendRequest timeout duration without a response SHOULD be canceled if
possible and the Gateway should wait for at least the specified backoff
duration before attempting to retry the backend request again.
rules[].timeouts.backendRequest) isconfigured on the route, any retry attempts which reach the configured
BackendRequest timeout duration without a response SHOULD be canceled if
possible and the Gateway should wait for at least the specified backoff
duration before attempting to retry the backend request again.
If a BackendRequest timeout is _not_ configured on the route, retry
attempts MAY time out after an implementation default duration, or MAY
remain pending until a configured Request timeout or implementation
default duration for total request time is reached.
attempts MAY time out after an implementation default duration, or MAY
remain pending until a configured Request timeout or implementation
default duration for total request time is reached.
When this field is unspecified, the time to wait between retry attempts
is implementation-specific.
is implementation-specific.
Support: Extended
Validation
Pattern^([0-9]{1,5}(h|m|s|ms)){1,4}$
Documentation References (2)
spec.traffic.retry.codes
Codes defines the HTTP response status codes for which a backend request
should be retried.
should be retried.
Support: Extended
Validation
List typeatomic
Documentation References (2)
spec.traffic.timeouts
Request timeouts.
It is applicable to
kinds.
It is applicable to
HTTPRoute resources and ignored for other targetedkinds.
Documentation References (2)
spec.traffic.timeouts.request
Timeout for an individual request from the gateway to a backend. This covers the time from when
the request first starts being sent from the gateway to when the full response has been received from the backend.
the request first starts being sent from the gateway to when the full response has been received from the backend.
Validation
Rule
invalid duration value
Rule
request must be at least 1ms
Documentation References (2)
spec.traffic.transformation
Mutates and transforms requests and responses
before forwarding them to the destination.
before forwarding them to the destination.
Validation
Rule
at least one of the fields in [conditional request response] must be set
Rule
conditional cannot be set with any other field
Documentation References (21)
spec.traffic.transformation.conditional
Conditional policy execution. Set this or the top-level transformation fields.
The first matching policy will be executed.
A single policy may be provided without a condition set; if so, it must be the last policy and will be the fallback
in case no conditions are met.
The first matching policy will be executed.
A single policy may be provided without a condition set; if so, it must be the last policy and will be the fallback
in case no conditions are met.
Validation
Min items1
Max items16
Rule
conditional entries without condition must be last
Documentation References (1)
spec.traffic.transformation.conditional.condition
CEL expression that must evaluate to true for this policy to execute.
Validation
Min length1
Max length16384
Documentation References (1)
spec.traffic.transformation.conditional.policy
Policy to apply when the condition matches.
Validation
Rule
at least one of the fields in [request response] must be set
Documentation References (1)
spec.traffic.transformation.conditional.policy.request
Request transformation settings.
Validation
Rule
at least one of the fields in [add body metadata remove set] must be set
Documentation References (1)
spec.traffic.transformation.conditional.policy.request.add
Headers to add to the request and what each value
should be set to. If there is already a header with these values then
append the value as an extra entry.
should be set to. If there is already a header with these values then
append the value as an extra entry.
Validation
Min items1
Max items16
List typemap
List map keysname
Documentation References (1)
spec.traffic.transformation.conditional.policy.request.add.name
The name of the header to add.
Validation
Pattern^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
Rule
pseudo-headers must be one of :authority, :method, :path, :scheme, or :status
Documentation References (1)
spec.traffic.transformation.conditional.policy.request.add.value
CEL expression that generates the output value for
the header.
the header.
Validation
Min length1
Max length16384
Documentation References (1)
spec.traffic.transformation.conditional.policy.request.body
HTTP body transformation.
Validation
Min length1
Max length16384
spec.traffic.transformation.conditional.policy.request.metadata
Stores CEL-evaluated values under the
for subsequent policy evaluations.
or body transformations.
metadata CEL variablefor subsequent policy evaluations.
metadata is evaluated before headeror body transformations.
Validation
Min properties1
Max properties16
spec.traffic.transformation.conditional.policy.request.remove
Header names to remove from the request or
response.
response.
Validation
Min items1
Max items16
List typeset
spec.traffic.transformation.conditional.policy.request.set
Headers to set and the values to use.
Validation
Min items1
Max items16
List typemap
List map keysname
spec.traffic.transformation.conditional.policy.request.set.name
The name of the header to add.
Validation
Pattern^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
Rule
pseudo-headers must be one of :authority, :method, :path, :scheme, or :status
spec.traffic.transformation.conditional.policy.request.set.value
CEL expression that generates the output value for
the header.
the header.
Validation
Min length1
Max length16384
spec.traffic.transformation.conditional.policy.response
Response transformation settings.
Validation
Rule
at least one of the fields in [add body metadata remove set] must be set
spec.traffic.transformation.conditional.policy.response.add
Headers to add to the request and what each value
should be set to. If there is already a header with these values then
append the value as an extra entry.
should be set to. If there is already a header with these values then
append the value as an extra entry.
Validation
Min items1
Max items16
List typemap
List map keysname
spec.traffic.transformation.conditional.policy.response.add.name
The name of the header to add.
Validation
Pattern^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
Rule
pseudo-headers must be one of :authority, :method, :path, :scheme, or :status
spec.traffic.transformation.conditional.policy.response.add.value
CEL expression that generates the output value for
the header.
the header.
Validation
Min length1
Max length16384
spec.traffic.transformation.conditional.policy.response.body
HTTP body transformation.
Validation
Min length1
Max length16384
spec.traffic.transformation.conditional.policy.response.metadata
Stores CEL-evaluated values under the
for subsequent policy evaluations.
or body transformations.
metadata CEL variablefor subsequent policy evaluations.
metadata is evaluated before headeror body transformations.
Validation
Min properties1
Max properties16
spec.traffic.transformation.conditional.policy.response.remove
Header names to remove from the request or
response.
response.
Validation
Min items1
Max items16
List typeset
spec.traffic.transformation.conditional.policy.response.set
Headers to set and the values to use.
Validation
Min items1
Max items16
List typemap
List map keysname
spec.traffic.transformation.conditional.policy.response.set.name
The name of the header to add.
Validation
Pattern^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
Rule
pseudo-headers must be one of :authority, :method, :path, :scheme, or :status
spec.traffic.transformation.conditional.policy.response.set.value
CEL expression that generates the output value for
the header.
the header.
Validation
Min length1
Max length16384
spec.traffic.transformation.request
Request transformation settings.
Validation
Rule
at least one of the fields in [add body metadata remove set] must be set
Documentation References (13)
spec.traffic.transformation.request.add
Headers to add to the request and what each value
should be set to. If there is already a header with these values then
append the value as an extra entry.
should be set to. If there is already a header with these values then
append the value as an extra entry.
Validation
Min items1
Max items16
List typemap
List map keysname
spec.traffic.transformation.request.add.name
The name of the header to add.
Validation
Pattern^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
Rule
pseudo-headers must be one of :authority, :method, :path, :scheme, or :status
spec.traffic.transformation.request.add.value
CEL expression that generates the output value for
the header.
the header.
Validation
Min length1
Max length16384
spec.traffic.transformation.request.body
HTTP body transformation.
Validation
Min length1
Max length16384
spec.traffic.transformation.request.metadata
Stores CEL-evaluated values under the
for subsequent policy evaluations.
or body transformations.
metadata CEL variablefor subsequent policy evaluations.
metadata is evaluated before headeror body transformations.
Validation
Min properties1
Max properties16
spec.traffic.transformation.request.remove
Header names to remove from the request or
response.
response.
Validation
Min items1
Max items16
List typeset
spec.traffic.transformation.request.set
Headers to set and the values to use.
Validation
Min items1
Max items16
List typemap
List map keysname
Documentation References (8)
spec.traffic.transformation.request.set.name
The name of the header to add.
Validation
Pattern^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
Rule
pseudo-headers must be one of :authority, :method, :path, :scheme, or :status
Documentation References (8)
spec.traffic.transformation.request.set.value
CEL expression that generates the output value for
the header.
the header.
Validation
Min length1
Max length16384
Documentation References (8)
spec.traffic.transformation.response
Response transformation settings.
Validation
Rule
at least one of the fields in [add body metadata remove set] must be set
Documentation References (7)
spec.traffic.transformation.response.add
Headers to add to the request and what each value
should be set to. If there is already a header with these values then
append the value as an extra entry.
should be set to. If there is already a header with these values then
append the value as an extra entry.
Validation
Min items1
Max items16
List typemap
List map keysname
Documentation References (1)
spec.traffic.transformation.response.add.name
The name of the header to add.
Validation
Pattern^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
Rule
pseudo-headers must be one of :authority, :method, :path, :scheme, or :status
Documentation References (1)
spec.traffic.transformation.response.add.value
CEL expression that generates the output value for
the header.
the header.
Validation
Min length1
Max length16384
Documentation References (1)
spec.traffic.transformation.response.body
HTTP body transformation.
Validation
Min length1
Max length16384
Documentation References (1)
spec.traffic.transformation.response.metadata
Stores CEL-evaluated values under the
for subsequent policy evaluations.
or body transformations.
metadata CEL variablefor subsequent policy evaluations.
metadata is evaluated before headeror body transformations.
Validation
Min properties1
Max properties16
spec.traffic.transformation.response.remove
Header names to remove from the request or
response.
response.
Validation
Min items1
Max items16
List typeset
Documentation References (1)
spec.traffic.transformation.response.set
Headers to set and the values to use.
Validation
Min items1
Max items16
List typemap
List map keysname
spec.traffic.transformation.response.set.name
The name of the header to add.
Validation
Pattern^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
Min length1
Max length256
Rule
pseudo-headers must be one of :authority, :method, :path, :scheme, or :status
spec.traffic.transformation.response.set.value
CEL expression that generates the output value for
the header.
the header.
Validation
Min length1
Max length16384
status
Current policy status.
status.ancestors
Ancestors is a list of ancestor resources (usually Gateways) that are
associated with the policy, and the status of the policy with respect to
each ancestor. When this policy attaches to a parent, the controller that
manages the parent and the ancestors MUST add an entry to this list when
the controller first sees the policy and SHOULD update the entry as
appropriate when the relevant ancestor is modified.
associated with the policy, and the status of the policy with respect to
each ancestor. When this policy attaches to a parent, the controller that
manages the parent and the ancestors MUST add an entry to this list when
the controller first sees the policy and SHOULD update the entry as
appropriate when the relevant ancestor is modified.
Note that choosing the relevant ancestor is left to the Policy designers;
an important part of Policy design is designing the right object level at
which to namespace this status.
an important part of Policy design is designing the right object level at
which to namespace this status.
Note also that implementations MUST ONLY populate ancestor status for
the Ancestor resources they are responsible for. Implementations MUST
use the ControllerName field to uniquely identify the entries in this list
that they are responsible for.
the Ancestor resources they are responsible for. Implementations MUST
use the ControllerName field to uniquely identify the entries in this list
that they are responsible for.
Note that to achieve this, the list of PolicyAncestorStatus structs
MUST be treated as a map with a composite key, made up of the AncestorRef
and ControllerName fields combined.
MUST be treated as a map with a composite key, made up of the AncestorRef
and ControllerName fields combined.
A maximum of 16 ancestors will be represented in this list. An empty list
means the Policy is not relevant for any ancestors.
means the Policy is not relevant for any ancestors.
If this slice is full, implementations MUST NOT add further entries.
Instead they MUST consider the policy unimplementable and signal that
on any related resources such as the ancestor that would be referenced
here. For example, if this list was full on BackendTLSPolicy, no
additional Gateways would be able to reference the Service targeted by
the BackendTLSPolicy.
Instead they MUST consider the policy unimplementable and signal that
on any related resources such as the ancestor that would be referenced
here. For example, if this list was full on BackendTLSPolicy, no
additional Gateways would be able to reference the Service targeted by
the BackendTLSPolicy.
Validation
Max items16
List typeatomic
status.ancestors.ancestorRef
AncestorRef corresponds with a ParentRef in the spec that this
PolicyAncestorStatus struct describes the status of.
PolicyAncestorStatus struct describes the status of.
status.ancestors.ancestorRef.group
Group is the group of the referent.
When unspecified, "gateway.networking.k8s.io" is inferred.
To set the core API group (such as for a "Service" kind referent),
Group must be explicitly set to "" (empty string).
When unspecified, "gateway.networking.k8s.io" is inferred.
To set the core API group (such as for a "Service" kind referent),
Group must be explicitly set to "" (empty string).
Support: Core
Validation
Defaultgateway.networking.k8s.io
Pattern^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Max length253
status.ancestors.ancestorRef.kind
Kind is kind of the referent.
There are two kinds of parent resources with "Core" support:
* Gateway (Gateway conformance profile)
* Service (Mesh conformance profile, ClusterIP Services only)
* Service (Mesh conformance profile, ClusterIP Services only)
Support for other resources is Implementation-Specific.
Validation
DefaultGateway
Pattern^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Min length1
Max length63
status.ancestors.ancestorRef.name
Name is the name of the referent.
Support: Core
Validation
Min length1
Max length253
status.ancestors.ancestorRef.namespace
Namespace is the namespace of the referent. When unspecified, this refers
to the local namespace of the Route.
to the local namespace of the Route.
Note that there are specific rules for ParentRefs which cross namespace
boundaries. Cross-namespace references are only valid if they are explicitly
allowed by something in the namespace they are referring to. For example:
Gateway has the AllowedRoutes field, and ReferenceGrant provides a
generic way to enable any other kind of cross-namespace reference.
boundaries. Cross-namespace references are only valid if they are explicitly
allowed by something in the namespace they are referring to. For example:
Gateway has the AllowedRoutes field, and ReferenceGrant provides a
generic way to enable any other kind of cross-namespace reference.
<gateway:experimental:description>
ParentRefs from a Route to a Service in the same namespace are "producer"
routes, which apply default routing rules to inbound connections from
any namespace to the Service.
ParentRefs from a Route to a Service in the same namespace are "producer"
routes, which apply default routing rules to inbound connections from
any namespace to the Service.
ParentRefs from a Route to a Service in a different namespace are
"consumer" routes, and these routing rules are only applied to outbound
connections originating from the same namespace as the Route, for which
the intended destination of the connections are a Service targeted as a
ParentRef of the Route.
</gateway:experimental:description>
"consumer" routes, and these routing rules are only applied to outbound
connections originating from the same namespace as the Route, for which
the intended destination of the connections are a Service targeted as a
ParentRef of the Route.
</gateway:experimental:description>
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Min length1
Max length63
status.ancestors.ancestorRef.port
Port is the network port this Route targets. It can be interpreted
differently based on the type of parent resource.
differently based on the type of parent resource.
When the parent resource is a Gateway, this targets all listeners
listening on the specified port that also support this kind of Route(and
select this Route). It's not recommended to set
networking behaviors specified in a Route must apply to a specific port
as opposed to a listener(s) whose port(s) may be changed. When both Port
and SectionName are specified, the name and port of the selected listener
must match both specified values.
listening on the specified port that also support this kind of Route(and
select this Route). It's not recommended to set
Port unless thenetworking behaviors specified in a Route must apply to a specific port
as opposed to a listener(s) whose port(s) may be changed. When both Port
and SectionName are specified, the name and port of the selected listener
must match both specified values.
<gateway:experimental:description>
When the parent resource is a Service, this targets a specific port in the
Service spec. When both Port (experimental) and SectionName are specified,
the name and port of the selected port must match both specified values.
</gateway:experimental:description>
When the parent resource is a Service, this targets a specific port in the
Service spec. When both Port (experimental) and SectionName are specified,
the name and port of the selected port must match both specified values.
</gateway:experimental:description>
Implementations MAY choose to support other parent resources.
Implementations supporting other types of parent resources MUST clearly
document how/if Port is interpreted.
Implementations supporting other types of parent resources MUST clearly
document how/if Port is interpreted.
For the purpose of status, an attachment is considered successful as
long as the parent resource accepts it partially. For example, Gateway
listeners can restrict which Routes can attach to them by Route kind,
namespace, or hostname. If 1 of 2 Gateway listeners accept attachment
from the referencing Route, the Route MUST be considered successfully
attached. If no Gateway listeners accept attachment from this Route,
the Route MUST be considered detached from the Gateway.
long as the parent resource accepts it partially. For example, Gateway
listeners can restrict which Routes can attach to them by Route kind,
namespace, or hostname. If 1 of 2 Gateway listeners accept attachment
from the referencing Route, the Route MUST be considered successfully
attached. If no Gateway listeners accept attachment from this Route,
the Route MUST be considered detached from the Gateway.
Support: Extended
Validation
Formatint32
Minimum1
Maximum65535
status.ancestors.ancestorRef.sectionName
SectionName is the name of a section within the target resource. In the
following resources, SectionName is interpreted as the following:
following resources, SectionName is interpreted as the following:
* Gateway: Listener name. When both Port (experimental) and SectionName
are specified, the name and port of the selected listener must match
both specified values.
* Service: Port name. When both Port (experimental) and SectionName
are specified, the name and port of the selected listener must match
both specified values.
are specified, the name and port of the selected listener must match
both specified values.
* Service: Port name. When both Port (experimental) and SectionName
are specified, the name and port of the selected listener must match
both specified values.
Implementations MAY choose to support attaching Routes to other resources.
If that is the case, they MUST clearly document how SectionName is
interpreted.
If that is the case, they MUST clearly document how SectionName is
interpreted.
When unspecified (empty string), this will reference the entire resource.
For the purpose of status, an attachment is considered successful if at
least one section in the parent resource accepts it. For example, Gateway
listeners can restrict which Routes can attach to them by Route kind,
namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from
the referencing Route, the Route MUST be considered successfully
attached. If no Gateway listeners accept attachment from this Route, the
Route MUST be considered detached from the Gateway.
For the purpose of status, an attachment is considered successful if at
least one section in the parent resource accepts it. For example, Gateway
listeners can restrict which Routes can attach to them by Route kind,
namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from
the referencing Route, the Route MUST be considered successfully
attached. If no Gateway listeners accept attachment from this Route, the
Route MUST be considered detached from the Gateway.
Support: Core
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Min length1
Max length253
status.ancestors.conditions
Conditions describes the status of the Policy with respect to the given Ancestor.
<gateway:util:excludeFromCRD>
Notes for implementors:
Conditions are a listType
map with a key of the
map, which means that they function like amap with a key of the
type field _in the k8s apiserver_.This means that implementations must obey some rules when updating this
section.
section.
* Implementations MUST perform a read-modify-write cycle on this field
before modifying it. That is, when modifying this field, implementations
must be confident they have fetched the most recent version of this field,
and ensure that changes they make are on that recent version.
* Implementations MUST NOT remove or reorder Conditions that they are not
directly responsible for. For example, if an implementation sees a Condition
with type
Condition.
* Implementations MUST always _merge_ changes into Conditions of the same Type,
rather than creating more than one Condition of the same Type.
* Implementations MUST always update the
Condition to the
* If the
implementation knows about, then it MUST NOT perform the update on that Condition,
but must wait for a future reconciliation and status update. (The assumption is that
the implementation's copy of the object is stale and an update will be re-triggered
if relevant.)
before modifying it. That is, when modifying this field, implementations
must be confident they have fetched the most recent version of this field,
and ensure that changes they make are on that recent version.
* Implementations MUST NOT remove or reorder Conditions that they are not
directly responsible for. For example, if an implementation sees a Condition
with type
special.io/SomeField, it MUST NOT remove, change or update thatCondition.
* Implementations MUST always _merge_ changes into Conditions of the same Type,
rather than creating more than one Condition of the same Type.
* Implementations MUST always update the
observedGeneration field of theCondition to the
metadata.generation of the Gateway at the time of update creation.* If the
observedGeneration of a Condition is _greater than_ the value theimplementation knows about, then it MUST NOT perform the update on that Condition,
but must wait for a future reconciliation and status update. (The assumption is that
the implementation's copy of the object is stale and an update will be re-triggered
if relevant.)
</gateway:util:excludeFromCRD>
Validation
Min items1
Max items8
List typemap
List map keystype
status.ancestors.conditions.lastTransitionTime
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
Validation
Formatdate-time
status.ancestors.conditions.message
message is a human readable message indicating details about the transition.
This may be an empty string.
This may be an empty string.
Validation
Max length32768
status.ancestors.conditions.observedGeneration
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
Validation
Formatint64
Minimum0
status.ancestors.conditions.reason
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
Validation
Pattern^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
Min length1
Max length1024
status.ancestors.conditions.status
status of the condition, one of True, False, Unknown.
Validation
EnumTrue, False, Unknown
status.ancestors.conditions.type
type of condition in CamelCase or in foo.example.com/CamelCase.
Validation
Pattern^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
Max length316
status.ancestors.controllerName
ControllerName is a domain/path string that indicates the name of the
controller that wrote this status. This corresponds with the
controllerName field on GatewayClass.
controller that wrote this status. This corresponds with the
controllerName field on GatewayClass.
Example: "example.net/gateway-controller".
The format of this field is DOMAIN "/" PATH, where DOMAIN and PATH are
valid Kubernetes names
(https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
valid Kubernetes names
(https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
Controllers MUST populate this field when writing status. Controllers should ensure that
entries to status populated with their ControllerName are cleaned up when they are no
longer necessary.
entries to status populated with their ControllerName are cleaned up when they are no
longer necessary.
Validation
Pattern^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
Min length1
Max length253
Was this page helpful?
