--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.20.0 labels: app: agentgateway app.kubernetes.io/name: agentgateway name: agentgatewaybackends.agentgateway.dev spec: group: agentgateway.dev names: categories: - agentgateway kind: AgentgatewayBackend listKind: AgentgatewayBackendList plural: agentgatewaybackends shortNames: - agbe singular: agentgatewaybackend scope: Namespaced versions: - additionalPrinterColumns: - description: Backend configuration acceptance status jsonPath: .status.conditions[?(@.type=='Accepted')].status name: Accepted type: string - description: The age of the backend. jsonPath: .metadata.creationTimestamp name: Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: spec defines the desired state of AgentgatewayBackend. properties: ai: description: ai represents a LLM backend. properties: groups: description: "`groups` specifies a list of groups in priority order where each group defines a set of LLM providers. The priority determines the priority of the backend endpoints chosen. Note: provider names must be unique across all providers in all priority groups. Backend policies may target a specific provider by name using `targetRefs[].sectionName`. Example configuration with two priority groups: groups: - providers: \ - azureopenai: deploymentName: gpt-4o-mini apiVersion: 2024-02-15-preview endpoint: ai-gateway.openai.azure.com - providers: - azureopenai: deploymentName: gpt-4o-mini-2 \ apiVersion: 2024-02-15-preview endpoint: ai-gateway-2.openai.azure.com \ policies: auth: secretRef: name: azure-secret" items: properties: providers: description: |- providers specifies a list of LLM providers within this group. Each provider is treated equally in terms of priority, with automatic weighting based on health. items: properties: anthropic: description: Anthropic provider properties: model: description: |- Optional: Override the model name, such as `gpt-4o-mini`. If unset, the model name is taken from the request. maxLength: 256 minLength: 1 type: string type: object azureopenai: description: Azure OpenAI provider properties: apiVersion: description: |- The version of the Azure OpenAI API to use. For more information, see the [Azure OpenAI API version reference](https://learn.microsoft.com/en-us/azure/ai-foundry/?view=foundry-classicreference#api-specs). If unset, defaults to `v1`. maxLength: 64 minLength: 1 type: string deploymentName: description: |- The name of the Azure OpenAI model deployment to use. For more information, see the [Azure OpenAI model docs](https://learn.microsoft.com/en-us/azure/ai-foundry/foundry-models/concepts/models-sold-directly-by-azure?view=foundry-classic). This is required if `apiVersion` is not `v1`. For `v1`, the model can be set in the request. maxLength: 256 minLength: 1 type: string endpoint: description: |- The endpoint for the Azure OpenAI API to use, such as `my-endpoint.openai.azure.com`. If the scheme is included, it is stripped. maxLength: 256 minLength: 1 type: string required: - endpoint type: object x-kubernetes-validations: - message: deploymentName is required for this apiVersion rule: '!has(self.apiVersion) || self.apiVersion == ''v1'' ? true : has(self.deploymentName)' bedrock: description: Bedrock provider properties: guardrail: description: |- `guardrail` configures the Guardrail policy to use for the backend. See . If not specified, the AWS Guardrail policy will not be used. properties: identifier: description: GuardrailIdentifier is the identifier of the Guardrail policy to use for the backend. maxLength: 256 minLength: 1 type: string version: description: GuardrailVersion is the version of the Guardrail policy to use for the backend. maxLength: 256 minLength: 1 type: string required: - identifier - version type: object model: description: |- Optional: Override the model name, such as `gpt-4o-mini`. If unset, the model name is taken from the request. maxLength: 256 minLength: 1 type: string region: default: us-east-1 description: |- Region is the AWS region to use for the backend. Defaults to `us-east-1` if not specified. maxLength: 63 minLength: 1 pattern: ^[a-z0-9-]+$ type: string type: object gemini: description: Gemini provider properties: model: description: |- Optional: Override the model name, such as `gemini-2.5-pro`. If unset, the model name is taken from the request. maxLength: 256 minLength: 1 type: string type: object host: description: |- Host specifies the hostname to send the requests to. If not specified, the default hostname for the provider is used. maxLength: 256 minLength: 1 type: string name: description: Name of the provider. Policies can target this provider by name. maxLength: 253 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string openai: description: OpenAI provider properties: model: description: |- Optional: Override the model name, such as `gpt-4o-mini`. If unset, the model name is taken from the request. maxLength: 256 minLength: 1 type: string type: object path: description: |- Path specifies the URL path to use for the LLM provider API requests. This is useful when you need to route requests to a different API endpoint while maintaining compatibility with the original provider's API structure. If not specified, the default path for the provider is used. maxLength: 1024 minLength: 1 type: string pathPrefix: description: |- PathPrefix overrides the default base path prefix (e.g. "/v1") for upstream requests. Path translation for cross-format requests still applies using this prefix. Only supported for OpenAI and Anthropic providers. maxLength: 1024 minLength: 1 type: string policies: description: |- `policies` controls policies for communicating with this backend. Policies may also be set in `AgentgatewayPolicy`, or in the top-level `AgentgatewayBackend`. Policies are merged on a field-level basis, with order: `AgentgatewayPolicy` < `AgentgatewayBackend` < `AgentgatewayBackend` LLM provider (this field). properties: ai: description: |- `ai` specifies settings for AI workloads. This is only applicable when connecting to a `Backend` of type `ai`. properties: defaults: description: Provide defaults to merge with user input fields. If the field is already set, the field in the request is used. items: description: "FieldDefault provides default values for specific fields in the JSON request body sent to the LLM provider. These defaults are merged with the user-provided request to ensure missing fields are populated. User input fields here refer to the fields in the JSON request body that a client sends when making a request to the LLM provider. Defaults set here do _not_ override those user-provided values unless you explicitly set `override` to `true`. Example: Setting a default system field for Anthropic, which does not support system role messages: defaults: \ - field: \"system\" value: \"answer all questions in French\" Example: Setting a default temperature and overriding `max_tokens`: defaults: - field: \"temperature\" value: \"0.5\" \ - field: \"max_tokens\" value: \"100\" override: true Example: Setting custom lists fields: defaults: \ - field: \"custom_integer_list\" \ value: [1,2,3] overrides: \ - field: \"custom_string_list\" \ value: [\"one\",\"two\",\"three\"] Note: The `field` values correspond to keys in the JSON request body, not fields in this CRD." properties: field: allOf: - minLength: 1 - minLength: 1 description: The name of the field. maxLength: 256 type: string value: description: The field default value, which can be any JSON Data Type. x-kubernetes-preserve-unknown-fields: true required: - field - value type: object maxItems: 64 minItems: 1 type: array modelAliases: additionalProperties: type: string description: |- ModelAliases maps friendly model names to actual provider model names. Example: `{"fast": "gpt-3.5-turbo", "smart": "gpt-4-turbo"}`. Note: This field is only applicable when using the agentgateway data plane. maxProperties: 64 type: object overrides: description: Provide overrides to merge with user input fields. If the field is already set, the field will be overwritten. items: description: "FieldDefault provides default values for specific fields in the JSON request body sent to the LLM provider. These defaults are merged with the user-provided request to ensure missing fields are populated. User input fields here refer to the fields in the JSON request body that a client sends when making a request to the LLM provider. Defaults set here do _not_ override those user-provided values unless you explicitly set `override` to `true`. Example: Setting a default system field for Anthropic, which does not support system role messages: defaults: \ - field: \"system\" value: \"answer all questions in French\" Example: Setting a default temperature and overriding `max_tokens`: defaults: - field: \"temperature\" value: \"0.5\" \ - field: \"max_tokens\" value: \"100\" override: true Example: Setting custom lists fields: defaults: \ - field: \"custom_integer_list\" \ value: [1,2,3] overrides: \ - field: \"custom_string_list\" \ value: [\"one\",\"two\",\"three\"] Note: The `field` values correspond to keys in the JSON request body, not fields in this CRD." properties: field: allOf: - minLength: 1 - minLength: 1 description: The name of the field. maxLength: 256 type: string value: description: The field default value, which can be any JSON Data Type. x-kubernetes-preserve-unknown-fields: true required: - field - value type: object maxItems: 64 minItems: 1 type: array prompt: description: |- Enrich requests sent to the LLM provider by appending and prepending system prompts. This can be configured only for LLM providers that use the `CHAT` or `CHAT_STREAMING` API route type. properties: append: description: A list of messages to be appended to the prompt sent by the client. items: description: An entry for a message to prepend or append to each prompt. properties: content: description: String content of the message. type: string role: description: |- Role of the message. The available roles depend on the backend LLM provider model, such as `SYSTEM` or `USER` in the OpenAI API. type: string required: - content - role type: object type: array prepend: description: A list of messages to be prepended to the prompt sent by the client. items: description: An entry for a message to prepend or append to each prompt. properties: content: description: String content of the message. type: string role: description: |- Role of the message. The available roles depend on the backend LLM provider model, such as `SYSTEM` or `USER` in the OpenAI API. type: string required: - content - role type: object type: array type: object promptCaching: description: |- `promptCaching` enables automatic prompt caching for supported providers, currently AWS Bedrock. Reduces API costs by caching static content like system prompts and tool definitions. Only applicable for Bedrock Claude 3+ and Nova models. properties: cacheMessages: default: true description: |- CacheMessages enables caching for conversation messages. Caches all messages in the conversation for cost savings. type: boolean cacheSystem: default: true description: |- CacheSystem enables caching for system prompts. Inserts a cache point after all system messages. type: boolean cacheTools: default: false description: |- CacheTools enables caching for tool definitions. Inserts a cache point after all tool specifications. type: boolean minTokens: default: 1024 description: |- MinTokens specifies the minimum estimated token count before caching is enabled. Uses rough heuristic (word count × 1.3) to estimate tokens. Bedrock requires at least 1,024 tokens for caching to be effective. minimum: 0 type: integer type: object promptGuard: description: '`promptGuard` enables adding guardrails to LLM requests and responses.' properties: request: description: Prompt guards to apply to requests sent by the client. items: description: PromptguardRequest defines the prompt guards to apply to requests sent by the client. properties: bedrockGuardrails: description: |- `bedrockGuardrails` configures AWS Bedrock Guardrails for prompt guarding. properties: identifier: description: GuardrailIdentifier is the identifier of the Guardrail policy to use for the backend. maxLength: 256 minLength: 1 type: string policies: description: policies controls policies for communicating with AWS Bedrock Guardrails. properties: auth: description: '`auth` defines settings for managing authentication to the backend.' properties: aws: description: |- Auth specifies an explicit AWS authentication method for the backend. When omitted, we will try to use the default AWS SDK authentication methods. properties: secretRef: description: |- `secretRef` references a Kubernetes `Secret` containing the AWS credentials. The `Secret` must have keys `accessKey`, `secretKey`, and optionally `sessionToken`. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic required: - secretRef type: object azure: description: Azure specifies an Azure authentication method for the backend. properties: managedIdentity: description: Details for managed identity authentication properties: clientId: type: string objectId: type: string resourceId: type: string required: - clientId - objectId - resourceId type: object secretRef: description: |- `secretRef` references a Kubernetes `Secret` containing the Azure credentials. The `Secret` must have keys `clientId`, `tenantId`, and `clientSecret`. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic type: object gcp: description: |- Auth specifies to use a Google authentication method for the backend. When omitted, we will try to use the default AWS SDK authentication methods. properties: audience: description: |- `audience` allows explicitly configuring the `aud` of the ID token. Only valid with `IdToken` type. If not set, the `aud` is automatically derived from the backend hostname. maxLength: 256 minLength: 1 type: string type: description: |- The type of token to generate. To authenticate to GCP services, generally an `AccessToken` is used. To authenticate to Cloud Run, an `IdToken` is used. enum: - AccessToken - IdToken type: string type: object x-kubernetes-validations: - message: audience is only valid with IdToken rule: 'has(self.audience) ? self.type == ''IdToken'' : true' key: description: |- `key` provides an inline key to use as the value of the `Authorization` header. This option is the least secure; usage of a `Secret` is preferred. maxLength: 2048 type: string passthrough: description: |- `passthrough` passes through an existing token that has been sent by the client and validated. Other policies, like JWT and API key authentication, will strip the original client credentials. Passthrough backend authentication causes the original token to be added back into the request. If there are no client authentication policies on the request, the original token would be unchanged, so this would have no effect. type: object secretRef: description: |- `secretRef` references a Kubernetes `Secret` storing the key to use as the authorization value. This must be stored in the `Authorization` key. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic type: object x-kubernetes-validations: - message: exactly one of the fields in [key secretRef passthrough aws azure gcp] must be set rule: '[has(self.key),has(self.secretRef),has(self.passthrough),has(self.aws),has(self.azure),has(self.gcp)].filter(x,x==true).size() == 1' health: description: health defines settings for passive and active health checking. properties: eviction: description: Eviction defines settings for evicting unhealthy backends. properties: consecutiveFailures: description: |- ConsecutiveFailures is the number of consecutive unhealthy responses required before the backend is evicted. For example, a value of 5 means the backend must receive 5 unhealthy responses in a row before being evicted. When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met. When neither is set, a single unhealthy response can trigger eviction. format: int32 minimum: 0 type: integer duration: default: 3s description: |- Duration specifies the base time a backend should be evicted after being marked unhealthy. Subsequent evictions use multiplicative backoff (duration * times_evicted). If all endpoints are evicted, the load balancer falls back to returning evicted endpoints rather than failing entirely. If unset, defaults to `3s`. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: evictionDuration must be at least 1 second rule: duration(self) >= duration('1s') healthThreshold: description: |- HealthThreshold is the EWMA (exponentially-weighted moving average) health score threshold, expressed as 0–100. When set, a backend is only evicted if its computed health drops below this value after an unhealthy response. For example, 50 means the backend is evicted when its EWMA health falls below 50% following failures. Unlike consecutiveFailures (which counts consecutive failures), this uses a sliding-window average so a single success in a stream of failures can delay eviction. When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met. When neither is set, a single unhealthy response triggers eviction. format: int32 maximum: 100 minimum: 0 type: integer restoreHealth: description: |- RestoreHealth is the health score (0–100) assigned to a backend when it returns from eviction. For gradual recovery, set below 100; for full recovery immediately, set 100. If unset, the backend resumes with the health it had when evicted. format: int32 maximum: 100 minimum: 0 type: integer type: object unhealthyCondition: description: |- UnhealthyCondition is a CEL expression that determines whether a response indicates an unhealthy backend. When the expression evaluates to true, the backend is considered unhealthy and may be evicted. For example, to evict on 5xx responses: `response.code >= 500`. When unset, any 5xx response, or a connection failure, is treated as unhealthy. This default lowers the backend's health score but does not trigger eviction on its own. maxLength: 16384 minLength: 1 type: string type: object http: description: http defines settings for managing HTTP requests to the backend. properties: requestTimeout: description: requestTimeout specifies the deadline for receiving a response from the backend. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: requestTimeout must be at least 1ms rule: duration(self) >= duration('1ms') version: description: |- `version` specifies the HTTP protocol version to use when connecting to the backend. If not specified, the version is automatically determined: * `Service` types can specify it with `appProtocol` on the `Service` port. * If traffic is identified as gRPC, `HTTP2` is used. * If the incoming traffic was plaintext HTTP, the original protocol will be used. * If the incoming traffic was HTTPS, `HTTP1` will be used. This is because most clients will transparently upgrade HTTPS traffic to `HTTP2`, even if the backend doesn't support it. enum: - HTTP1 - HTTP2 type: string type: object tcp: description: tcp defines settings for managing TCP connections to the backend. properties: connectTimeout: description: |- `connectTimeout` defines the deadline for establishing a connection to the destination. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: connectTimeout must be at least 100ms rule: duration(self) >= duration('100ms') keepalive: description: |- `keepAlive` defines settings for enabling TCP keepalives on the connection. properties: interval: description: |- interval specifies the number of seconds between keep-alive probes. If unset, this defaults to 180s. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: interval must be at least 1 second rule: duration(self) >= duration('1s') retries: description: |- retries specifies the maximum number of keep-alive probes to send before dropping the connection. If unset, this defaults to 9. format: int32 maximum: 64 minimum: 1 type: integer time: description: |- time specifies the number of seconds a connection needs to be idle before keep-alive probes start being sent. If unset, this defaults to 180s. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: time must be at least 1 second rule: duration(self) >= duration('1s') type: object type: object tls: description: |- tls defines settings for managing TLS connections to the backend. If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to validate the server, and the SNI will automatically be set based on the destination. properties: alpnProtocols: description: |- `alpnProtocols` sets the Application-Layer Protocol Negotiation (`ALPN`) value to use in the TLS handshake. If not present, defaults to `["h2", "http/1.1"]`. items: maxLength: 64 minLength: 1 type: string maxItems: 16 minItems: 1 type: array caCertificateRefs: description: |- `caCertificateRefs` defines the CA certificate `ConfigMap` to use to verify the server certificate. If unset, the system's trusted certificates are used. items: description: |- LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic maxItems: 1 type: array x-kubernetes-list-type: atomic insecureSkipVerify: description: |- insecureSkipVerify originates TLS but skips verification of the backend's certificate. WARNING: This is an insecure option that should only be used if the risks are understood. There are two modes: * `All` disables all TLS verification. * `Hostname` verifies the CA certificate is trusted, but ignores any mismatch of hostname or SANs. Note that this method is still insecure; prefer setting `verifySubjectAltNames` to customize the valid hostnames if possible. enum: - All - Hostname type: string mtlsCertificateRef: description: |- `mtlsCertificateRef` enables mutual TLS to the backend, using the specified key (`tls.key`) and cert (`tls.crt`) from the referenced `Secret`. An optional `ca.cert` field, if present, will be used to verify the server certificate. If `caCertificateRefs` is also specified, the `caCertificateRefs` field takes priority. If unspecified, no client certificate will be used. items: description: |- LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic maxItems: 1 type: array x-kubernetes-list-type: atomic sni: description: |- `sni` specifies the Server Name Indicator (`SNI`) to be used in the TLS handshake. If unset, the `SNI` is automatically set based on the destination hostname. maxLength: 253 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string verifySubjectAltNames: description: |- `verifySubjectAltNames` specifies the Subject Alternative Names (`SAN`) to verify in the server certificate. If not present, the destination hostname is automatically used. items: maxLength: 256 minLength: 1 type: string maxItems: 16 minItems: 1 type: array type: object x-kubernetes-validations: - message: insecureSkipVerify All and caCertificateRefs may not be set together rule: 'has(self.insecureSkipVerify) && self.insecureSkipVerify == ''All'' ? !has(self.caCertificateRefs) : true' - message: insecureSkipVerify and verifySubjectAltNames may not be set together rule: 'has(self.insecureSkipVerify) ? !has(self.verifySubjectAltNames) : true' - message: at most one of the fields in [verifySubjectAltNames insecureSkipVerify] may be set rule: '[has(self.verifySubjectAltNames),has(self.insecureSkipVerify)].filter(x,x==true).size() <= 1' transformation: description: transformation is used to mutate and transform requests and responses sent to and from the backend. properties: request: description: '`request` is used to modify the request path.' properties: add: description: |- `add` is a list of headers to add to the request and what that value should be set to. If there is already a header with these values then append the value as an extra entry. items: properties: name: description: The name of the header to add. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' value: description: |- `value` is the CEL expression to apply to generate the output value for the header. maxLength: 16384 minLength: 1 type: string required: - name - value type: object maxItems: 16 minItems: 1 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map body: description: '`body` controls manipulation of the HTTP body.' maxLength: 16384 minLength: 1 type: string metadata: additionalProperties: description: CELExpression represents a Common Expression Language (CEL) expression. maxLength: 16384 minLength: 1 type: string description: |- `metadata` stores CEL-evaluated values under the `metadata` CEL variable for subsequent policy evaluations. `metadata` is evaluated before header or body transformations. maxProperties: 16 minProperties: 1 type: object remove: description: |- `remove` is a list of header names to remove from the request or response. items: description: An HTTP Header Name. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' maxItems: 16 minItems: 1 type: array x-kubernetes-list-type: set set: description: '`set` is a list of headers and the value they should be set to.' items: properties: name: description: The name of the header to add. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' value: description: |- `value` is the CEL expression to apply to generate the output value for the header. maxLength: 16384 minLength: 1 type: string required: - name - value type: object maxItems: 16 minItems: 1 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map type: object x-kubernetes-validations: - message: at least one of the fields in [add body metadata remove set] must be set rule: '[has(self.add),has(self.body),has(self.metadata),has(self.remove),has(self.set)].filter(x,x==true).size() >= 1' response: description: '`response` is used to modify the response path.' properties: add: description: |- `add` is a list of headers to add to the request and what that value should be set to. If there is already a header with these values then append the value as an extra entry. items: properties: name: description: The name of the header to add. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' value: description: |- `value` is the CEL expression to apply to generate the output value for the header. maxLength: 16384 minLength: 1 type: string required: - name - value type: object maxItems: 16 minItems: 1 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map body: description: '`body` controls manipulation of the HTTP body.' maxLength: 16384 minLength: 1 type: string metadata: additionalProperties: description: CELExpression represents a Common Expression Language (CEL) expression. maxLength: 16384 minLength: 1 type: string description: |- `metadata` stores CEL-evaluated values under the `metadata` CEL variable for subsequent policy evaluations. `metadata` is evaluated before header or body transformations. maxProperties: 16 minProperties: 1 type: object remove: description: |- `remove` is a list of header names to remove from the request or response. items: description: An HTTP Header Name. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' maxItems: 16 minItems: 1 type: array x-kubernetes-list-type: set set: description: '`set` is a list of headers and the value they should be set to.' items: properties: name: description: The name of the header to add. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' value: description: |- `value` is the CEL expression to apply to generate the output value for the header. maxLength: 16384 minLength: 1 type: string required: - name - value type: object maxItems: 16 minItems: 1 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map type: object x-kubernetes-validations: - message: at least one of the fields in [add body metadata remove set] must be set rule: '[has(self.add),has(self.body),has(self.metadata),has(self.remove),has(self.set)].filter(x,x==true).size() >= 1' type: object x-kubernetes-validations: - message: at least one of the fields in [request response] must be set rule: '[has(self.request),has(self.response)].filter(x,x==true).size() >= 1' tunnel: description: '`tunnel` defines settings for managing tunnel connections (with behavior like `HTTPS_PROXY`) to the backend.' properties: backendRef: description: |- `backendRef` references the proxy server to reach. Supported types: `Service` and `Backend`. properties: group: default: "" description: |- Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred. maxLength: 253 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string kind: default: Service description: |- Kind is the Kubernetes resource kind of the referent. For example "Service". Defaults to "Service" when not specified. ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. Support: Core (Services with a type other than ExternalName) Support: Implementation-specific (Services with type ExternalName) maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ type: string name: description: Name is the name of the referent. maxLength: 253 minLength: 1 type: string namespace: description: |- Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. Support: Core maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string port: description: |- Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field. format: int32 maximum: 65535 minimum: 1 type: integer required: - name type: object x-kubernetes-validations: - message: Must have port for Service reference rule: '(size(self.group) == 0 && self.kind == ''Service'') ? has(self.port) : true' required: - backendRef type: object type: object region: description: |- Region is the AWS region where the guardrail is deployed (for example, `us-west-2`). maxLength: 256 minLength: 1 type: string version: description: GuardrailVersion is the version of the Guardrail policy to use for the backend. maxLength: 256 minLength: 1 type: string required: - identifier - region - version type: object googleModelArmor: description: '`googleModelArmor` configures Google Model Armor for prompt guarding.' properties: location: default: us-central1 description: |- Location is the Google Cloud location (for example, `us-central1`). Defaults to `us-central1` if not specified. maxLength: 256 minLength: 1 type: string policies: description: policies controls policies for communicating with Google Model Armor. properties: auth: description: '`auth` defines settings for managing authentication to the backend.' properties: aws: description: |- Auth specifies an explicit AWS authentication method for the backend. When omitted, we will try to use the default AWS SDK authentication methods. properties: secretRef: description: |- `secretRef` references a Kubernetes `Secret` containing the AWS credentials. The `Secret` must have keys `accessKey`, `secretKey`, and optionally `sessionToken`. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic required: - secretRef type: object azure: description: Azure specifies an Azure authentication method for the backend. properties: managedIdentity: description: Details for managed identity authentication properties: clientId: type: string objectId: type: string resourceId: type: string required: - clientId - objectId - resourceId type: object secretRef: description: |- `secretRef` references a Kubernetes `Secret` containing the Azure credentials. The `Secret` must have keys `clientId`, `tenantId`, and `clientSecret`. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic type: object gcp: description: |- Auth specifies to use a Google authentication method for the backend. When omitted, we will try to use the default AWS SDK authentication methods. properties: audience: description: |- `audience` allows explicitly configuring the `aud` of the ID token. Only valid with `IdToken` type. If not set, the `aud` is automatically derived from the backend hostname. maxLength: 256 minLength: 1 type: string type: description: |- The type of token to generate. To authenticate to GCP services, generally an `AccessToken` is used. To authenticate to Cloud Run, an `IdToken` is used. enum: - AccessToken - IdToken type: string type: object x-kubernetes-validations: - message: audience is only valid with IdToken rule: 'has(self.audience) ? self.type == ''IdToken'' : true' key: description: |- `key` provides an inline key to use as the value of the `Authorization` header. This option is the least secure; usage of a `Secret` is preferred. maxLength: 2048 type: string passthrough: description: |- `passthrough` passes through an existing token that has been sent by the client and validated. Other policies, like JWT and API key authentication, will strip the original client credentials. Passthrough backend authentication causes the original token to be added back into the request. If there are no client authentication policies on the request, the original token would be unchanged, so this would have no effect. type: object secretRef: description: |- `secretRef` references a Kubernetes `Secret` storing the key to use as the authorization value. This must be stored in the `Authorization` key. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic type: object x-kubernetes-validations: - message: exactly one of the fields in [key secretRef passthrough aws azure gcp] must be set rule: '[has(self.key),has(self.secretRef),has(self.passthrough),has(self.aws),has(self.azure),has(self.gcp)].filter(x,x==true).size() == 1' health: description: health defines settings for passive and active health checking. properties: eviction: description: Eviction defines settings for evicting unhealthy backends. properties: consecutiveFailures: description: |- ConsecutiveFailures is the number of consecutive unhealthy responses required before the backend is evicted. For example, a value of 5 means the backend must receive 5 unhealthy responses in a row before being evicted. When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met. When neither is set, a single unhealthy response can trigger eviction. format: int32 minimum: 0 type: integer duration: default: 3s description: |- Duration specifies the base time a backend should be evicted after being marked unhealthy. Subsequent evictions use multiplicative backoff (duration * times_evicted). If all endpoints are evicted, the load balancer falls back to returning evicted endpoints rather than failing entirely. If unset, defaults to `3s`. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: evictionDuration must be at least 1 second rule: duration(self) >= duration('1s') healthThreshold: description: |- HealthThreshold is the EWMA (exponentially-weighted moving average) health score threshold, expressed as 0–100. When set, a backend is only evicted if its computed health drops below this value after an unhealthy response. For example, 50 means the backend is evicted when its EWMA health falls below 50% following failures. Unlike consecutiveFailures (which counts consecutive failures), this uses a sliding-window average so a single success in a stream of failures can delay eviction. When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met. When neither is set, a single unhealthy response triggers eviction. format: int32 maximum: 100 minimum: 0 type: integer restoreHealth: description: |- RestoreHealth is the health score (0–100) assigned to a backend when it returns from eviction. For gradual recovery, set below 100; for full recovery immediately, set 100. If unset, the backend resumes with the health it had when evicted. format: int32 maximum: 100 minimum: 0 type: integer type: object unhealthyCondition: description: |- UnhealthyCondition is a CEL expression that determines whether a response indicates an unhealthy backend. When the expression evaluates to true, the backend is considered unhealthy and may be evicted. For example, to evict on 5xx responses: `response.code >= 500`. When unset, any 5xx response, or a connection failure, is treated as unhealthy. This default lowers the backend's health score but does not trigger eviction on its own. maxLength: 16384 minLength: 1 type: string type: object http: description: http defines settings for managing HTTP requests to the backend. properties: requestTimeout: description: requestTimeout specifies the deadline for receiving a response from the backend. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: requestTimeout must be at least 1ms rule: duration(self) >= duration('1ms') version: description: |- `version` specifies the HTTP protocol version to use when connecting to the backend. If not specified, the version is automatically determined: * `Service` types can specify it with `appProtocol` on the `Service` port. * If traffic is identified as gRPC, `HTTP2` is used. * If the incoming traffic was plaintext HTTP, the original protocol will be used. * If the incoming traffic was HTTPS, `HTTP1` will be used. This is because most clients will transparently upgrade HTTPS traffic to `HTTP2`, even if the backend doesn't support it. enum: - HTTP1 - HTTP2 type: string type: object tcp: description: tcp defines settings for managing TCP connections to the backend. properties: connectTimeout: description: |- `connectTimeout` defines the deadline for establishing a connection to the destination. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: connectTimeout must be at least 100ms rule: duration(self) >= duration('100ms') keepalive: description: |- `keepAlive` defines settings for enabling TCP keepalives on the connection. properties: interval: description: |- interval specifies the number of seconds between keep-alive probes. If unset, this defaults to 180s. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: interval must be at least 1 second rule: duration(self) >= duration('1s') retries: description: |- retries specifies the maximum number of keep-alive probes to send before dropping the connection. If unset, this defaults to 9. format: int32 maximum: 64 minimum: 1 type: integer time: description: |- time specifies the number of seconds a connection needs to be idle before keep-alive probes start being sent. If unset, this defaults to 180s. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: time must be at least 1 second rule: duration(self) >= duration('1s') type: object type: object tls: description: |- tls defines settings for managing TLS connections to the backend. If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to validate the server, and the SNI will automatically be set based on the destination. properties: alpnProtocols: description: |- `alpnProtocols` sets the Application-Layer Protocol Negotiation (`ALPN`) value to use in the TLS handshake. If not present, defaults to `["h2", "http/1.1"]`. items: maxLength: 64 minLength: 1 type: string maxItems: 16 minItems: 1 type: array caCertificateRefs: description: |- `caCertificateRefs` defines the CA certificate `ConfigMap` to use to verify the server certificate. If unset, the system's trusted certificates are used. items: description: |- LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic maxItems: 1 type: array x-kubernetes-list-type: atomic insecureSkipVerify: description: |- insecureSkipVerify originates TLS but skips verification of the backend's certificate. WARNING: This is an insecure option that should only be used if the risks are understood. There are two modes: * `All` disables all TLS verification. * `Hostname` verifies the CA certificate is trusted, but ignores any mismatch of hostname or SANs. Note that this method is still insecure; prefer setting `verifySubjectAltNames` to customize the valid hostnames if possible. enum: - All - Hostname type: string mtlsCertificateRef: description: |- `mtlsCertificateRef` enables mutual TLS to the backend, using the specified key (`tls.key`) and cert (`tls.crt`) from the referenced `Secret`. An optional `ca.cert` field, if present, will be used to verify the server certificate. If `caCertificateRefs` is also specified, the `caCertificateRefs` field takes priority. If unspecified, no client certificate will be used. items: description: |- LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic maxItems: 1 type: array x-kubernetes-list-type: atomic sni: description: |- `sni` specifies the Server Name Indicator (`SNI`) to be used in the TLS handshake. If unset, the `SNI` is automatically set based on the destination hostname. maxLength: 253 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string verifySubjectAltNames: description: |- `verifySubjectAltNames` specifies the Subject Alternative Names (`SAN`) to verify in the server certificate. If not present, the destination hostname is automatically used. items: maxLength: 256 minLength: 1 type: string maxItems: 16 minItems: 1 type: array type: object x-kubernetes-validations: - message: insecureSkipVerify All and caCertificateRefs may not be set together rule: 'has(self.insecureSkipVerify) && self.insecureSkipVerify == ''All'' ? !has(self.caCertificateRefs) : true' - message: insecureSkipVerify and verifySubjectAltNames may not be set together rule: 'has(self.insecureSkipVerify) ? !has(self.verifySubjectAltNames) : true' - message: at most one of the fields in [verifySubjectAltNames insecureSkipVerify] may be set rule: '[has(self.verifySubjectAltNames),has(self.insecureSkipVerify)].filter(x,x==true).size() <= 1' transformation: description: transformation is used to mutate and transform requests and responses sent to and from the backend. properties: request: description: '`request` is used to modify the request path.' properties: add: description: |- `add` is a list of headers to add to the request and what that value should be set to. If there is already a header with these values then append the value as an extra entry. items: properties: name: description: The name of the header to add. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' value: description: |- `value` is the CEL expression to apply to generate the output value for the header. maxLength: 16384 minLength: 1 type: string required: - name - value type: object maxItems: 16 minItems: 1 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map body: description: '`body` controls manipulation of the HTTP body.' maxLength: 16384 minLength: 1 type: string metadata: additionalProperties: description: CELExpression represents a Common Expression Language (CEL) expression. maxLength: 16384 minLength: 1 type: string description: |- `metadata` stores CEL-evaluated values under the `metadata` CEL variable for subsequent policy evaluations. `metadata` is evaluated before header or body transformations. maxProperties: 16 minProperties: 1 type: object remove: description: |- `remove` is a list of header names to remove from the request or response. items: description: An HTTP Header Name. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' maxItems: 16 minItems: 1 type: array x-kubernetes-list-type: set set: description: '`set` is a list of headers and the value they should be set to.' items: properties: name: description: The name of the header to add. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' value: description: |- `value` is the CEL expression to apply to generate the output value for the header. maxLength: 16384 minLength: 1 type: string required: - name - value type: object maxItems: 16 minItems: 1 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map type: object x-kubernetes-validations: - message: at least one of the fields in [add body metadata remove set] must be set rule: '[has(self.add),has(self.body),has(self.metadata),has(self.remove),has(self.set)].filter(x,x==true).size() >= 1' response: description: '`response` is used to modify the response path.' properties: add: description: |- `add` is a list of headers to add to the request and what that value should be set to. If there is already a header with these values then append the value as an extra entry. items: properties: name: description: The name of the header to add. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' value: description: |- `value` is the CEL expression to apply to generate the output value for the header. maxLength: 16384 minLength: 1 type: string required: - name - value type: object maxItems: 16 minItems: 1 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map body: description: '`body` controls manipulation of the HTTP body.' maxLength: 16384 minLength: 1 type: string metadata: additionalProperties: description: CELExpression represents a Common Expression Language (CEL) expression. maxLength: 16384 minLength: 1 type: string description: |- `metadata` stores CEL-evaluated values under the `metadata` CEL variable for subsequent policy evaluations. `metadata` is evaluated before header or body transformations. maxProperties: 16 minProperties: 1 type: object remove: description: |- `remove` is a list of header names to remove from the request or response. items: description: An HTTP Header Name. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' maxItems: 16 minItems: 1 type: array x-kubernetes-list-type: set set: description: '`set` is a list of headers and the value they should be set to.' items: properties: name: description: The name of the header to add. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' value: description: |- `value` is the CEL expression to apply to generate the output value for the header. maxLength: 16384 minLength: 1 type: string required: - name - value type: object maxItems: 16 minItems: 1 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map type: object x-kubernetes-validations: - message: at least one of the fields in [add body metadata remove set] must be set rule: '[has(self.add),has(self.body),has(self.metadata),has(self.remove),has(self.set)].filter(x,x==true).size() >= 1' type: object x-kubernetes-validations: - message: at least one of the fields in [request response] must be set rule: '[has(self.request),has(self.response)].filter(x,x==true).size() >= 1' tunnel: description: '`tunnel` defines settings for managing tunnel connections (with behavior like `HTTPS_PROXY`) to the backend.' properties: backendRef: description: |- `backendRef` references the proxy server to reach. Supported types: `Service` and `Backend`. properties: group: default: "" description: |- Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred. maxLength: 253 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string kind: default: Service description: |- Kind is the Kubernetes resource kind of the referent. For example "Service". Defaults to "Service" when not specified. ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. Support: Core (Services with a type other than ExternalName) Support: Implementation-specific (Services with type ExternalName) maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ type: string name: description: Name is the name of the referent. maxLength: 253 minLength: 1 type: string namespace: description: |- Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. Support: Core maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string port: description: |- Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field. format: int32 maximum: 65535 minimum: 1 type: integer required: - name type: object x-kubernetes-validations: - message: Must have port for Service reference rule: '(size(self.group) == 0 && self.kind == ''Service'') ? has(self.port) : true' required: - backendRef type: object type: object projectId: description: ProjectID is the Google Cloud project ID. maxLength: 256 minLength: 1 type: string templateId: description: TemplateID is the template ID for Google Model Armor. maxLength: 256 minLength: 1 type: string required: - projectId - templateId type: object openAIModeration: description: |- `openAIModeration` passes prompt data through the OpenAI Moderations endpoint. See https://developers.openai.com/api/reference/resources/moderations for more information. properties: model: description: |- `model` specifies the moderation model to use. For example, `omni-moderation`. type: string policies: description: policies controls policies for communicating with OpenAI. properties: auth: description: '`auth` defines settings for managing authentication to the backend.' properties: aws: description: |- Auth specifies an explicit AWS authentication method for the backend. When omitted, we will try to use the default AWS SDK authentication methods. properties: secretRef: description: |- `secretRef` references a Kubernetes `Secret` containing the AWS credentials. The `Secret` must have keys `accessKey`, `secretKey`, and optionally `sessionToken`. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic required: - secretRef type: object azure: description: Azure specifies an Azure authentication method for the backend. properties: managedIdentity: description: Details for managed identity authentication properties: clientId: type: string objectId: type: string resourceId: type: string required: - clientId - objectId - resourceId type: object secretRef: description: |- `secretRef` references a Kubernetes `Secret` containing the Azure credentials. The `Secret` must have keys `clientId`, `tenantId`, and `clientSecret`. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic type: object gcp: description: |- Auth specifies to use a Google authentication method for the backend. When omitted, we will try to use the default AWS SDK authentication methods. properties: audience: description: |- `audience` allows explicitly configuring the `aud` of the ID token. Only valid with `IdToken` type. If not set, the `aud` is automatically derived from the backend hostname. maxLength: 256 minLength: 1 type: string type: description: |- The type of token to generate. To authenticate to GCP services, generally an `AccessToken` is used. To authenticate to Cloud Run, an `IdToken` is used. enum: - AccessToken - IdToken type: string type: object x-kubernetes-validations: - message: audience is only valid with IdToken rule: 'has(self.audience) ? self.type == ''IdToken'' : true' key: description: |- `key` provides an inline key to use as the value of the `Authorization` header. This option is the least secure; usage of a `Secret` is preferred. maxLength: 2048 type: string passthrough: description: |- `passthrough` passes through an existing token that has been sent by the client and validated. Other policies, like JWT and API key authentication, will strip the original client credentials. Passthrough backend authentication causes the original token to be added back into the request. If there are no client authentication policies on the request, the original token would be unchanged, so this would have no effect. type: object secretRef: description: |- `secretRef` references a Kubernetes `Secret` storing the key to use as the authorization value. This must be stored in the `Authorization` key. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic type: object x-kubernetes-validations: - message: exactly one of the fields in [key secretRef passthrough aws azure gcp] must be set rule: '[has(self.key),has(self.secretRef),has(self.passthrough),has(self.aws),has(self.azure),has(self.gcp)].filter(x,x==true).size() == 1' health: description: health defines settings for passive and active health checking. properties: eviction: description: Eviction defines settings for evicting unhealthy backends. properties: consecutiveFailures: description: |- ConsecutiveFailures is the number of consecutive unhealthy responses required before the backend is evicted. For example, a value of 5 means the backend must receive 5 unhealthy responses in a row before being evicted. When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met. When neither is set, a single unhealthy response can trigger eviction. format: int32 minimum: 0 type: integer duration: default: 3s description: |- Duration specifies the base time a backend should be evicted after being marked unhealthy. Subsequent evictions use multiplicative backoff (duration * times_evicted). If all endpoints are evicted, the load balancer falls back to returning evicted endpoints rather than failing entirely. If unset, defaults to `3s`. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: evictionDuration must be at least 1 second rule: duration(self) >= duration('1s') healthThreshold: description: |- HealthThreshold is the EWMA (exponentially-weighted moving average) health score threshold, expressed as 0–100. When set, a backend is only evicted if its computed health drops below this value after an unhealthy response. For example, 50 means the backend is evicted when its EWMA health falls below 50% following failures. Unlike consecutiveFailures (which counts consecutive failures), this uses a sliding-window average so a single success in a stream of failures can delay eviction. When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met. When neither is set, a single unhealthy response triggers eviction. format: int32 maximum: 100 minimum: 0 type: integer restoreHealth: description: |- RestoreHealth is the health score (0–100) assigned to a backend when it returns from eviction. For gradual recovery, set below 100; for full recovery immediately, set 100. If unset, the backend resumes with the health it had when evicted. format: int32 maximum: 100 minimum: 0 type: integer type: object unhealthyCondition: description: |- UnhealthyCondition is a CEL expression that determines whether a response indicates an unhealthy backend. When the expression evaluates to true, the backend is considered unhealthy and may be evicted. For example, to evict on 5xx responses: `response.code >= 500`. When unset, any 5xx response, or a connection failure, is treated as unhealthy. This default lowers the backend's health score but does not trigger eviction on its own. maxLength: 16384 minLength: 1 type: string type: object http: description: http defines settings for managing HTTP requests to the backend. properties: requestTimeout: description: requestTimeout specifies the deadline for receiving a response from the backend. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: requestTimeout must be at least 1ms rule: duration(self) >= duration('1ms') version: description: |- `version` specifies the HTTP protocol version to use when connecting to the backend. If not specified, the version is automatically determined: * `Service` types can specify it with `appProtocol` on the `Service` port. * If traffic is identified as gRPC, `HTTP2` is used. * If the incoming traffic was plaintext HTTP, the original protocol will be used. * If the incoming traffic was HTTPS, `HTTP1` will be used. This is because most clients will transparently upgrade HTTPS traffic to `HTTP2`, even if the backend doesn't support it. enum: - HTTP1 - HTTP2 type: string type: object tcp: description: tcp defines settings for managing TCP connections to the backend. properties: connectTimeout: description: |- `connectTimeout` defines the deadline for establishing a connection to the destination. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: connectTimeout must be at least 100ms rule: duration(self) >= duration('100ms') keepalive: description: |- `keepAlive` defines settings for enabling TCP keepalives on the connection. properties: interval: description: |- interval specifies the number of seconds between keep-alive probes. If unset, this defaults to 180s. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: interval must be at least 1 second rule: duration(self) >= duration('1s') retries: description: |- retries specifies the maximum number of keep-alive probes to send before dropping the connection. If unset, this defaults to 9. format: int32 maximum: 64 minimum: 1 type: integer time: description: |- time specifies the number of seconds a connection needs to be idle before keep-alive probes start being sent. If unset, this defaults to 180s. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: time must be at least 1 second rule: duration(self) >= duration('1s') type: object type: object tls: description: |- tls defines settings for managing TLS connections to the backend. If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to validate the server, and the SNI will automatically be set based on the destination. properties: alpnProtocols: description: |- `alpnProtocols` sets the Application-Layer Protocol Negotiation (`ALPN`) value to use in the TLS handshake. If not present, defaults to `["h2", "http/1.1"]`. items: maxLength: 64 minLength: 1 type: string maxItems: 16 minItems: 1 type: array caCertificateRefs: description: |- `caCertificateRefs` defines the CA certificate `ConfigMap` to use to verify the server certificate. If unset, the system's trusted certificates are used. items: description: |- LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic maxItems: 1 type: array x-kubernetes-list-type: atomic insecureSkipVerify: description: |- insecureSkipVerify originates TLS but skips verification of the backend's certificate. WARNING: This is an insecure option that should only be used if the risks are understood. There are two modes: * `All` disables all TLS verification. * `Hostname` verifies the CA certificate is trusted, but ignores any mismatch of hostname or SANs. Note that this method is still insecure; prefer setting `verifySubjectAltNames` to customize the valid hostnames if possible. enum: - All - Hostname type: string mtlsCertificateRef: description: |- `mtlsCertificateRef` enables mutual TLS to the backend, using the specified key (`tls.key`) and cert (`tls.crt`) from the referenced `Secret`. An optional `ca.cert` field, if present, will be used to verify the server certificate. If `caCertificateRefs` is also specified, the `caCertificateRefs` field takes priority. If unspecified, no client certificate will be used. items: description: |- LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic maxItems: 1 type: array x-kubernetes-list-type: atomic sni: description: |- `sni` specifies the Server Name Indicator (`SNI`) to be used in the TLS handshake. If unset, the `SNI` is automatically set based on the destination hostname. maxLength: 253 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string verifySubjectAltNames: description: |- `verifySubjectAltNames` specifies the Subject Alternative Names (`SAN`) to verify in the server certificate. If not present, the destination hostname is automatically used. items: maxLength: 256 minLength: 1 type: string maxItems: 16 minItems: 1 type: array type: object x-kubernetes-validations: - message: insecureSkipVerify All and caCertificateRefs may not be set together rule: 'has(self.insecureSkipVerify) && self.insecureSkipVerify == ''All'' ? !has(self.caCertificateRefs) : true' - message: insecureSkipVerify and verifySubjectAltNames may not be set together rule: 'has(self.insecureSkipVerify) ? !has(self.verifySubjectAltNames) : true' - message: at most one of the fields in [verifySubjectAltNames insecureSkipVerify] may be set rule: '[has(self.verifySubjectAltNames),has(self.insecureSkipVerify)].filter(x,x==true).size() <= 1' transformation: description: transformation is used to mutate and transform requests and responses sent to and from the backend. properties: request: description: '`request` is used to modify the request path.' properties: add: description: |- `add` is a list of headers to add to the request and what that value should be set to. If there is already a header with these values then append the value as an extra entry. items: properties: name: description: The name of the header to add. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' value: description: |- `value` is the CEL expression to apply to generate the output value for the header. maxLength: 16384 minLength: 1 type: string required: - name - value type: object maxItems: 16 minItems: 1 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map body: description: '`body` controls manipulation of the HTTP body.' maxLength: 16384 minLength: 1 type: string metadata: additionalProperties: description: CELExpression represents a Common Expression Language (CEL) expression. maxLength: 16384 minLength: 1 type: string description: |- `metadata` stores CEL-evaluated values under the `metadata` CEL variable for subsequent policy evaluations. `metadata` is evaluated before header or body transformations. maxProperties: 16 minProperties: 1 type: object remove: description: |- `remove` is a list of header names to remove from the request or response. items: description: An HTTP Header Name. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' maxItems: 16 minItems: 1 type: array x-kubernetes-list-type: set set: description: '`set` is a list of headers and the value they should be set to.' items: properties: name: description: The name of the header to add. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' value: description: |- `value` is the CEL expression to apply to generate the output value for the header. maxLength: 16384 minLength: 1 type: string required: - name - value type: object maxItems: 16 minItems: 1 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map type: object x-kubernetes-validations: - message: at least one of the fields in [add body metadata remove set] must be set rule: '[has(self.add),has(self.body),has(self.metadata),has(self.remove),has(self.set)].filter(x,x==true).size() >= 1' response: description: '`response` is used to modify the response path.' properties: add: description: |- `add` is a list of headers to add to the request and what that value should be set to. If there is already a header with these values then append the value as an extra entry. items: properties: name: description: The name of the header to add. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' value: description: |- `value` is the CEL expression to apply to generate the output value for the header. maxLength: 16384 minLength: 1 type: string required: - name - value type: object maxItems: 16 minItems: 1 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map body: description: '`body` controls manipulation of the HTTP body.' maxLength: 16384 minLength: 1 type: string metadata: additionalProperties: description: CELExpression represents a Common Expression Language (CEL) expression. maxLength: 16384 minLength: 1 type: string description: |- `metadata` stores CEL-evaluated values under the `metadata` CEL variable for subsequent policy evaluations. `metadata` is evaluated before header or body transformations. maxProperties: 16 minProperties: 1 type: object remove: description: |- `remove` is a list of header names to remove from the request or response. items: description: An HTTP Header Name. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' maxItems: 16 minItems: 1 type: array x-kubernetes-list-type: set set: description: '`set` is a list of headers and the value they should be set to.' items: properties: name: description: The name of the header to add. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' value: description: |- `value` is the CEL expression to apply to generate the output value for the header. maxLength: 16384 minLength: 1 type: string required: - name - value type: object maxItems: 16 minItems: 1 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map type: object x-kubernetes-validations: - message: at least one of the fields in [add body metadata remove set] must be set rule: '[has(self.add),has(self.body),has(self.metadata),has(self.remove),has(self.set)].filter(x,x==true).size() >= 1' type: object x-kubernetes-validations: - message: at least one of the fields in [request response] must be set rule: '[has(self.request),has(self.response)].filter(x,x==true).size() >= 1' tunnel: description: '`tunnel` defines settings for managing tunnel connections (with behavior like `HTTPS_PROXY`) to the backend.' properties: backendRef: description: |- `backendRef` references the proxy server to reach. Supported types: `Service` and `Backend`. properties: group: default: "" description: |- Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred. maxLength: 253 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string kind: default: Service description: |- Kind is the Kubernetes resource kind of the referent. For example "Service". Defaults to "Service" when not specified. ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. Support: Core (Services with a type other than ExternalName) Support: Implementation-specific (Services with type ExternalName) maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ type: string name: description: Name is the name of the referent. maxLength: 253 minLength: 1 type: string namespace: description: |- Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. Support: Core maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string port: description: |- Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field. format: int32 maximum: 65535 minimum: 1 type: integer required: - name type: object x-kubernetes-validations: - message: Must have port for Service reference rule: '(size(self.group) == 0 && self.kind == ''Service'') ? has(self.port) : true' required: - backendRef type: object type: object type: object regex: description: Regular expression (regex) matching for prompt guards and data masking. properties: action: default: Mask description: |- The action to take if a regex pattern is matched in a request or response. This setting applies only to request matches. `PromptguardResponse` matches are always masked by default. Defaults to `Mask`. enum: - Mask - Reject type: string builtins: description: |- A list of built-in regex patterns to match against the request or response. Matches and built-ins are additive. items: description: |- Built-in regex patterns for specific types of strings in prompts. For example, if you specify `CreditCard`, any credit card numbers in the request or response are matched. enum: - Ssn - CreditCard - PhoneNumber - Email - CaSin type: string type: array matches: description: |- A list of regex patterns to match against the request or response. Matches and built-ins are additive. items: maxLength: 1024 minLength: 1 type: string type: array type: object response: description: |- A custom response message to return to the client. If not specified, defaults to `The request was rejected due to inappropriate content`. properties: message: default: The request was rejected due to inappropriate content description: |- A custom response message to return to the client. If not specified, defaults to `The request was rejected due to inappropriate content`. type: string statusCode: default: 403 description: The status code to return to the client. Defaults to 403. format: int32 maximum: 599 minimum: 200 type: integer type: object x-kubernetes-validations: - message: at least one of the fields in [message statusCode] must be set rule: '[has(self.message),has(self.statusCode)].filter(x,x==true).size() >= 1' webhook: description: Configure a webhook to forward requests to for prompt guarding. properties: backendRef: description: |- backendRef references the webhook server to reach. Supported types: Service and Backend. properties: group: default: "" description: |- Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred. maxLength: 253 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string kind: default: Service description: |- Kind is the Kubernetes resource kind of the referent. For example "Service". Defaults to "Service" when not specified. ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. Support: Core (Services with a type other than ExternalName) Support: Implementation-specific (Services with type ExternalName) maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ type: string name: description: Name is the name of the referent. maxLength: 253 minLength: 1 type: string namespace: description: |- Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. Support: Core maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string port: description: |- Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field. format: int32 maximum: 65535 minimum: 1 type: integer required: - name type: object x-kubernetes-validations: - message: Must have port for Service reference rule: '(size(self.group) == 0 && self.kind == ''Service'') ? has(self.port) : true' forwardHeaderMatches: description: |- ForwardHeaderMatches defines a list of HTTP header matches that will be used to select the headers to forward to the webhook. Request headers are used when forwarding requests and response headers are used when forwarding responses. By default, no headers are forwarded. items: description: |- HTTPHeaderMatch describes how to select a HTTP route by matching HTTP request headers. properties: name: description: |- Name is the name of the HTTP Header to be matched. Name matching MUST be case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). If multiple entries specify equivalent header names, only the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, "foo" and "Foo" are considered equivalent. When a header is repeated in an HTTP request, it is implementation-specific behavior as to how this is represented. Generally, proxies should follow the guidance from the RFC: https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding processing a repeated header, with special handling for "Set-Cookie". maxLength: 256 minLength: 1 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string type: default: Exact description: |- Type specifies how to match against the value of the header. Support: Core (Exact) Support: Implementation-specific (RegularExpression) Since RegularExpression HeaderMatchType has implementation-specific conformance, implementations can support POSIX, PCRE or any other dialects of regular expressions. Please read the implementation's documentation to determine the supported dialect. enum: - Exact - RegularExpression type: string value: description: |- Value is the value of HTTP Header to be matched. Must consist of printable US-ASCII characters, optionally separated by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2 maxLength: 4096 minLength: 1 type: string required: - name - value type: object type: array required: - backendRef type: object type: object x-kubernetes-validations: - message: exactly one of the fields in [regex webhook openAIModeration bedrockGuardrails googleModelArmor] must be set rule: '[has(self.regex),has(self.webhook),has(self.openAIModeration),has(self.bedrockGuardrails),has(self.googleModelArmor)].filter(x,x==true).size() == 1' maxItems: 8 minItems: 1 type: array response: description: Prompt guards to apply to responses returned by the LLM provider. items: description: PromptguardResponse configures the response that the prompt guard applies to responses returned by the LLM provider. properties: bedrockGuardrails: description: |- `bedrockGuardrails` configures AWS Bedrock Guardrails for prompt guarding. properties: identifier: description: GuardrailIdentifier is the identifier of the Guardrail policy to use for the backend. maxLength: 256 minLength: 1 type: string policies: description: policies controls policies for communicating with AWS Bedrock Guardrails. properties: auth: description: '`auth` defines settings for managing authentication to the backend.' properties: aws: description: |- Auth specifies an explicit AWS authentication method for the backend. When omitted, we will try to use the default AWS SDK authentication methods. properties: secretRef: description: |- `secretRef` references a Kubernetes `Secret` containing the AWS credentials. The `Secret` must have keys `accessKey`, `secretKey`, and optionally `sessionToken`. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic required: - secretRef type: object azure: description: Azure specifies an Azure authentication method for the backend. properties: managedIdentity: description: Details for managed identity authentication properties: clientId: type: string objectId: type: string resourceId: type: string required: - clientId - objectId - resourceId type: object secretRef: description: |- `secretRef` references a Kubernetes `Secret` containing the Azure credentials. The `Secret` must have keys `clientId`, `tenantId`, and `clientSecret`. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic type: object gcp: description: |- Auth specifies to use a Google authentication method for the backend. When omitted, we will try to use the default AWS SDK authentication methods. properties: audience: description: |- `audience` allows explicitly configuring the `aud` of the ID token. Only valid with `IdToken` type. If not set, the `aud` is automatically derived from the backend hostname. maxLength: 256 minLength: 1 type: string type: description: |- The type of token to generate. To authenticate to GCP services, generally an `AccessToken` is used. To authenticate to Cloud Run, an `IdToken` is used. enum: - AccessToken - IdToken type: string type: object x-kubernetes-validations: - message: audience is only valid with IdToken rule: 'has(self.audience) ? self.type == ''IdToken'' : true' key: description: |- `key` provides an inline key to use as the value of the `Authorization` header. This option is the least secure; usage of a `Secret` is preferred. maxLength: 2048 type: string passthrough: description: |- `passthrough` passes through an existing token that has been sent by the client and validated. Other policies, like JWT and API key authentication, will strip the original client credentials. Passthrough backend authentication causes the original token to be added back into the request. If there are no client authentication policies on the request, the original token would be unchanged, so this would have no effect. type: object secretRef: description: |- `secretRef` references a Kubernetes `Secret` storing the key to use as the authorization value. This must be stored in the `Authorization` key. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic type: object x-kubernetes-validations: - message: exactly one of the fields in [key secretRef passthrough aws azure gcp] must be set rule: '[has(self.key),has(self.secretRef),has(self.passthrough),has(self.aws),has(self.azure),has(self.gcp)].filter(x,x==true).size() == 1' health: description: health defines settings for passive and active health checking. properties: eviction: description: Eviction defines settings for evicting unhealthy backends. properties: consecutiveFailures: description: |- ConsecutiveFailures is the number of consecutive unhealthy responses required before the backend is evicted. For example, a value of 5 means the backend must receive 5 unhealthy responses in a row before being evicted. When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met. When neither is set, a single unhealthy response can trigger eviction. format: int32 minimum: 0 type: integer duration: default: 3s description: |- Duration specifies the base time a backend should be evicted after being marked unhealthy. Subsequent evictions use multiplicative backoff (duration * times_evicted). If all endpoints are evicted, the load balancer falls back to returning evicted endpoints rather than failing entirely. If unset, defaults to `3s`. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: evictionDuration must be at least 1 second rule: duration(self) >= duration('1s') healthThreshold: description: |- HealthThreshold is the EWMA (exponentially-weighted moving average) health score threshold, expressed as 0–100. When set, a backend is only evicted if its computed health drops below this value after an unhealthy response. For example, 50 means the backend is evicted when its EWMA health falls below 50% following failures. Unlike consecutiveFailures (which counts consecutive failures), this uses a sliding-window average so a single success in a stream of failures can delay eviction. When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met. When neither is set, a single unhealthy response triggers eviction. format: int32 maximum: 100 minimum: 0 type: integer restoreHealth: description: |- RestoreHealth is the health score (0–100) assigned to a backend when it returns from eviction. For gradual recovery, set below 100; for full recovery immediately, set 100. If unset, the backend resumes with the health it had when evicted. format: int32 maximum: 100 minimum: 0 type: integer type: object unhealthyCondition: description: |- UnhealthyCondition is a CEL expression that determines whether a response indicates an unhealthy backend. When the expression evaluates to true, the backend is considered unhealthy and may be evicted. For example, to evict on 5xx responses: `response.code >= 500`. When unset, any 5xx response, or a connection failure, is treated as unhealthy. This default lowers the backend's health score but does not trigger eviction on its own. maxLength: 16384 minLength: 1 type: string type: object http: description: http defines settings for managing HTTP requests to the backend. properties: requestTimeout: description: requestTimeout specifies the deadline for receiving a response from the backend. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: requestTimeout must be at least 1ms rule: duration(self) >= duration('1ms') version: description: |- `version` specifies the HTTP protocol version to use when connecting to the backend. If not specified, the version is automatically determined: * `Service` types can specify it with `appProtocol` on the `Service` port. * If traffic is identified as gRPC, `HTTP2` is used. * If the incoming traffic was plaintext HTTP, the original protocol will be used. * If the incoming traffic was HTTPS, `HTTP1` will be used. This is because most clients will transparently upgrade HTTPS traffic to `HTTP2`, even if the backend doesn't support it. enum: - HTTP1 - HTTP2 type: string type: object tcp: description: tcp defines settings for managing TCP connections to the backend. properties: connectTimeout: description: |- `connectTimeout` defines the deadline for establishing a connection to the destination. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: connectTimeout must be at least 100ms rule: duration(self) >= duration('100ms') keepalive: description: |- `keepAlive` defines settings for enabling TCP keepalives on the connection. properties: interval: description: |- interval specifies the number of seconds between keep-alive probes. If unset, this defaults to 180s. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: interval must be at least 1 second rule: duration(self) >= duration('1s') retries: description: |- retries specifies the maximum number of keep-alive probes to send before dropping the connection. If unset, this defaults to 9. format: int32 maximum: 64 minimum: 1 type: integer time: description: |- time specifies the number of seconds a connection needs to be idle before keep-alive probes start being sent. If unset, this defaults to 180s. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: time must be at least 1 second rule: duration(self) >= duration('1s') type: object type: object tls: description: |- tls defines settings for managing TLS connections to the backend. If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to validate the server, and the SNI will automatically be set based on the destination. properties: alpnProtocols: description: |- `alpnProtocols` sets the Application-Layer Protocol Negotiation (`ALPN`) value to use in the TLS handshake. If not present, defaults to `["h2", "http/1.1"]`. items: maxLength: 64 minLength: 1 type: string maxItems: 16 minItems: 1 type: array caCertificateRefs: description: |- `caCertificateRefs` defines the CA certificate `ConfigMap` to use to verify the server certificate. If unset, the system's trusted certificates are used. items: description: |- LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic maxItems: 1 type: array x-kubernetes-list-type: atomic insecureSkipVerify: description: |- insecureSkipVerify originates TLS but skips verification of the backend's certificate. WARNING: This is an insecure option that should only be used if the risks are understood. There are two modes: * `All` disables all TLS verification. * `Hostname` verifies the CA certificate is trusted, but ignores any mismatch of hostname or SANs. Note that this method is still insecure; prefer setting `verifySubjectAltNames` to customize the valid hostnames if possible. enum: - All - Hostname type: string mtlsCertificateRef: description: |- `mtlsCertificateRef` enables mutual TLS to the backend, using the specified key (`tls.key`) and cert (`tls.crt`) from the referenced `Secret`. An optional `ca.cert` field, if present, will be used to verify the server certificate. If `caCertificateRefs` is also specified, the `caCertificateRefs` field takes priority. If unspecified, no client certificate will be used. items: description: |- LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic maxItems: 1 type: array x-kubernetes-list-type: atomic sni: description: |- `sni` specifies the Server Name Indicator (`SNI`) to be used in the TLS handshake. If unset, the `SNI` is automatically set based on the destination hostname. maxLength: 253 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string verifySubjectAltNames: description: |- `verifySubjectAltNames` specifies the Subject Alternative Names (`SAN`) to verify in the server certificate. If not present, the destination hostname is automatically used. items: maxLength: 256 minLength: 1 type: string maxItems: 16 minItems: 1 type: array type: object x-kubernetes-validations: - message: insecureSkipVerify All and caCertificateRefs may not be set together rule: 'has(self.insecureSkipVerify) && self.insecureSkipVerify == ''All'' ? !has(self.caCertificateRefs) : true' - message: insecureSkipVerify and verifySubjectAltNames may not be set together rule: 'has(self.insecureSkipVerify) ? !has(self.verifySubjectAltNames) : true' - message: at most one of the fields in [verifySubjectAltNames insecureSkipVerify] may be set rule: '[has(self.verifySubjectAltNames),has(self.insecureSkipVerify)].filter(x,x==true).size() <= 1' transformation: description: transformation is used to mutate and transform requests and responses sent to and from the backend. properties: request: description: '`request` is used to modify the request path.' properties: add: description: |- `add` is a list of headers to add to the request and what that value should be set to. If there is already a header with these values then append the value as an extra entry. items: properties: name: description: The name of the header to add. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' value: description: |- `value` is the CEL expression to apply to generate the output value for the header. maxLength: 16384 minLength: 1 type: string required: - name - value type: object maxItems: 16 minItems: 1 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map body: description: '`body` controls manipulation of the HTTP body.' maxLength: 16384 minLength: 1 type: string metadata: additionalProperties: description: CELExpression represents a Common Expression Language (CEL) expression. maxLength: 16384 minLength: 1 type: string description: |- `metadata` stores CEL-evaluated values under the `metadata` CEL variable for subsequent policy evaluations. `metadata` is evaluated before header or body transformations. maxProperties: 16 minProperties: 1 type: object remove: description: |- `remove` is a list of header names to remove from the request or response. items: description: An HTTP Header Name. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' maxItems: 16 minItems: 1 type: array x-kubernetes-list-type: set set: description: '`set` is a list of headers and the value they should be set to.' items: properties: name: description: The name of the header to add. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' value: description: |- `value` is the CEL expression to apply to generate the output value for the header. maxLength: 16384 minLength: 1 type: string required: - name - value type: object maxItems: 16 minItems: 1 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map type: object x-kubernetes-validations: - message: at least one of the fields in [add body metadata remove set] must be set rule: '[has(self.add),has(self.body),has(self.metadata),has(self.remove),has(self.set)].filter(x,x==true).size() >= 1' response: description: '`response` is used to modify the response path.' properties: add: description: |- `add` is a list of headers to add to the request and what that value should be set to. If there is already a header with these values then append the value as an extra entry. items: properties: name: description: The name of the header to add. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' value: description: |- `value` is the CEL expression to apply to generate the output value for the header. maxLength: 16384 minLength: 1 type: string required: - name - value type: object maxItems: 16 minItems: 1 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map body: description: '`body` controls manipulation of the HTTP body.' maxLength: 16384 minLength: 1 type: string metadata: additionalProperties: description: CELExpression represents a Common Expression Language (CEL) expression. maxLength: 16384 minLength: 1 type: string description: |- `metadata` stores CEL-evaluated values under the `metadata` CEL variable for subsequent policy evaluations. `metadata` is evaluated before header or body transformations. maxProperties: 16 minProperties: 1 type: object remove: description: |- `remove` is a list of header names to remove from the request or response. items: description: An HTTP Header Name. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' maxItems: 16 minItems: 1 type: array x-kubernetes-list-type: set set: description: '`set` is a list of headers and the value they should be set to.' items: properties: name: description: The name of the header to add. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' value: description: |- `value` is the CEL expression to apply to generate the output value for the header. maxLength: 16384 minLength: 1 type: string required: - name - value type: object maxItems: 16 minItems: 1 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map type: object x-kubernetes-validations: - message: at least one of the fields in [add body metadata remove set] must be set rule: '[has(self.add),has(self.body),has(self.metadata),has(self.remove),has(self.set)].filter(x,x==true).size() >= 1' type: object x-kubernetes-validations: - message: at least one of the fields in [request response] must be set rule: '[has(self.request),has(self.response)].filter(x,x==true).size() >= 1' tunnel: description: '`tunnel` defines settings for managing tunnel connections (with behavior like `HTTPS_PROXY`) to the backend.' properties: backendRef: description: |- `backendRef` references the proxy server to reach. Supported types: `Service` and `Backend`. properties: group: default: "" description: |- Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred. maxLength: 253 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string kind: default: Service description: |- Kind is the Kubernetes resource kind of the referent. For example "Service". Defaults to "Service" when not specified. ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. Support: Core (Services with a type other than ExternalName) Support: Implementation-specific (Services with type ExternalName) maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ type: string name: description: Name is the name of the referent. maxLength: 253 minLength: 1 type: string namespace: description: |- Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. Support: Core maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string port: description: |- Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field. format: int32 maximum: 65535 minimum: 1 type: integer required: - name type: object x-kubernetes-validations: - message: Must have port for Service reference rule: '(size(self.group) == 0 && self.kind == ''Service'') ? has(self.port) : true' required: - backendRef type: object type: object region: description: |- Region is the AWS region where the guardrail is deployed (for example, `us-west-2`). maxLength: 256 minLength: 1 type: string version: description: GuardrailVersion is the version of the Guardrail policy to use for the backend. maxLength: 256 minLength: 1 type: string required: - identifier - region - version type: object googleModelArmor: description: '`googleModelArmor` configures Google Model Armor for prompt guarding.' properties: location: default: us-central1 description: |- Location is the Google Cloud location (for example, `us-central1`). Defaults to `us-central1` if not specified. maxLength: 256 minLength: 1 type: string policies: description: policies controls policies for communicating with Google Model Armor. properties: auth: description: '`auth` defines settings for managing authentication to the backend.' properties: aws: description: |- Auth specifies an explicit AWS authentication method for the backend. When omitted, we will try to use the default AWS SDK authentication methods. properties: secretRef: description: |- `secretRef` references a Kubernetes `Secret` containing the AWS credentials. The `Secret` must have keys `accessKey`, `secretKey`, and optionally `sessionToken`. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic required: - secretRef type: object azure: description: Azure specifies an Azure authentication method for the backend. properties: managedIdentity: description: Details for managed identity authentication properties: clientId: type: string objectId: type: string resourceId: type: string required: - clientId - objectId - resourceId type: object secretRef: description: |- `secretRef` references a Kubernetes `Secret` containing the Azure credentials. The `Secret` must have keys `clientId`, `tenantId`, and `clientSecret`. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic type: object gcp: description: |- Auth specifies to use a Google authentication method for the backend. When omitted, we will try to use the default AWS SDK authentication methods. properties: audience: description: |- `audience` allows explicitly configuring the `aud` of the ID token. Only valid with `IdToken` type. If not set, the `aud` is automatically derived from the backend hostname. maxLength: 256 minLength: 1 type: string type: description: |- The type of token to generate. To authenticate to GCP services, generally an `AccessToken` is used. To authenticate to Cloud Run, an `IdToken` is used. enum: - AccessToken - IdToken type: string type: object x-kubernetes-validations: - message: audience is only valid with IdToken rule: 'has(self.audience) ? self.type == ''IdToken'' : true' key: description: |- `key` provides an inline key to use as the value of the `Authorization` header. This option is the least secure; usage of a `Secret` is preferred. maxLength: 2048 type: string passthrough: description: |- `passthrough` passes through an existing token that has been sent by the client and validated. Other policies, like JWT and API key authentication, will strip the original client credentials. Passthrough backend authentication causes the original token to be added back into the request. If there are no client authentication policies on the request, the original token would be unchanged, so this would have no effect. type: object secretRef: description: |- `secretRef` references a Kubernetes `Secret` storing the key to use as the authorization value. This must be stored in the `Authorization` key. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic type: object x-kubernetes-validations: - message: exactly one of the fields in [key secretRef passthrough aws azure gcp] must be set rule: '[has(self.key),has(self.secretRef),has(self.passthrough),has(self.aws),has(self.azure),has(self.gcp)].filter(x,x==true).size() == 1' health: description: health defines settings for passive and active health checking. properties: eviction: description: Eviction defines settings for evicting unhealthy backends. properties: consecutiveFailures: description: |- ConsecutiveFailures is the number of consecutive unhealthy responses required before the backend is evicted. For example, a value of 5 means the backend must receive 5 unhealthy responses in a row before being evicted. When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met. When neither is set, a single unhealthy response can trigger eviction. format: int32 minimum: 0 type: integer duration: default: 3s description: |- Duration specifies the base time a backend should be evicted after being marked unhealthy. Subsequent evictions use multiplicative backoff (duration * times_evicted). If all endpoints are evicted, the load balancer falls back to returning evicted endpoints rather than failing entirely. If unset, defaults to `3s`. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: evictionDuration must be at least 1 second rule: duration(self) >= duration('1s') healthThreshold: description: |- HealthThreshold is the EWMA (exponentially-weighted moving average) health score threshold, expressed as 0–100. When set, a backend is only evicted if its computed health drops below this value after an unhealthy response. For example, 50 means the backend is evicted when its EWMA health falls below 50% following failures. Unlike consecutiveFailures (which counts consecutive failures), this uses a sliding-window average so a single success in a stream of failures can delay eviction. When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met. When neither is set, a single unhealthy response triggers eviction. format: int32 maximum: 100 minimum: 0 type: integer restoreHealth: description: |- RestoreHealth is the health score (0–100) assigned to a backend when it returns from eviction. For gradual recovery, set below 100; for full recovery immediately, set 100. If unset, the backend resumes with the health it had when evicted. format: int32 maximum: 100 minimum: 0 type: integer type: object unhealthyCondition: description: |- UnhealthyCondition is a CEL expression that determines whether a response indicates an unhealthy backend. When the expression evaluates to true, the backend is considered unhealthy and may be evicted. For example, to evict on 5xx responses: `response.code >= 500`. When unset, any 5xx response, or a connection failure, is treated as unhealthy. This default lowers the backend's health score but does not trigger eviction on its own. maxLength: 16384 minLength: 1 type: string type: object http: description: http defines settings for managing HTTP requests to the backend. properties: requestTimeout: description: requestTimeout specifies the deadline for receiving a response from the backend. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: requestTimeout must be at least 1ms rule: duration(self) >= duration('1ms') version: description: |- `version` specifies the HTTP protocol version to use when connecting to the backend. If not specified, the version is automatically determined: * `Service` types can specify it with `appProtocol` on the `Service` port. * If traffic is identified as gRPC, `HTTP2` is used. * If the incoming traffic was plaintext HTTP, the original protocol will be used. * If the incoming traffic was HTTPS, `HTTP1` will be used. This is because most clients will transparently upgrade HTTPS traffic to `HTTP2`, even if the backend doesn't support it. enum: - HTTP1 - HTTP2 type: string type: object tcp: description: tcp defines settings for managing TCP connections to the backend. properties: connectTimeout: description: |- `connectTimeout` defines the deadline for establishing a connection to the destination. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: connectTimeout must be at least 100ms rule: duration(self) >= duration('100ms') keepalive: description: |- `keepAlive` defines settings for enabling TCP keepalives on the connection. properties: interval: description: |- interval specifies the number of seconds between keep-alive probes. If unset, this defaults to 180s. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: interval must be at least 1 second rule: duration(self) >= duration('1s') retries: description: |- retries specifies the maximum number of keep-alive probes to send before dropping the connection. If unset, this defaults to 9. format: int32 maximum: 64 minimum: 1 type: integer time: description: |- time specifies the number of seconds a connection needs to be idle before keep-alive probes start being sent. If unset, this defaults to 180s. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: time must be at least 1 second rule: duration(self) >= duration('1s') type: object type: object tls: description: |- tls defines settings for managing TLS connections to the backend. If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to validate the server, and the SNI will automatically be set based on the destination. properties: alpnProtocols: description: |- `alpnProtocols` sets the Application-Layer Protocol Negotiation (`ALPN`) value to use in the TLS handshake. If not present, defaults to `["h2", "http/1.1"]`. items: maxLength: 64 minLength: 1 type: string maxItems: 16 minItems: 1 type: array caCertificateRefs: description: |- `caCertificateRefs` defines the CA certificate `ConfigMap` to use to verify the server certificate. If unset, the system's trusted certificates are used. items: description: |- LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic maxItems: 1 type: array x-kubernetes-list-type: atomic insecureSkipVerify: description: |- insecureSkipVerify originates TLS but skips verification of the backend's certificate. WARNING: This is an insecure option that should only be used if the risks are understood. There are two modes: * `All` disables all TLS verification. * `Hostname` verifies the CA certificate is trusted, but ignores any mismatch of hostname or SANs. Note that this method is still insecure; prefer setting `verifySubjectAltNames` to customize the valid hostnames if possible. enum: - All - Hostname type: string mtlsCertificateRef: description: |- `mtlsCertificateRef` enables mutual TLS to the backend, using the specified key (`tls.key`) and cert (`tls.crt`) from the referenced `Secret`. An optional `ca.cert` field, if present, will be used to verify the server certificate. If `caCertificateRefs` is also specified, the `caCertificateRefs` field takes priority. If unspecified, no client certificate will be used. items: description: |- LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic maxItems: 1 type: array x-kubernetes-list-type: atomic sni: description: |- `sni` specifies the Server Name Indicator (`SNI`) to be used in the TLS handshake. If unset, the `SNI` is automatically set based on the destination hostname. maxLength: 253 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string verifySubjectAltNames: description: |- `verifySubjectAltNames` specifies the Subject Alternative Names (`SAN`) to verify in the server certificate. If not present, the destination hostname is automatically used. items: maxLength: 256 minLength: 1 type: string maxItems: 16 minItems: 1 type: array type: object x-kubernetes-validations: - message: insecureSkipVerify All and caCertificateRefs may not be set together rule: 'has(self.insecureSkipVerify) && self.insecureSkipVerify == ''All'' ? !has(self.caCertificateRefs) : true' - message: insecureSkipVerify and verifySubjectAltNames may not be set together rule: 'has(self.insecureSkipVerify) ? !has(self.verifySubjectAltNames) : true' - message: at most one of the fields in [verifySubjectAltNames insecureSkipVerify] may be set rule: '[has(self.verifySubjectAltNames),has(self.insecureSkipVerify)].filter(x,x==true).size() <= 1' transformation: description: transformation is used to mutate and transform requests and responses sent to and from the backend. properties: request: description: '`request` is used to modify the request path.' properties: add: description: |- `add` is a list of headers to add to the request and what that value should be set to. If there is already a header with these values then append the value as an extra entry. items: properties: name: description: The name of the header to add. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' value: description: |- `value` is the CEL expression to apply to generate the output value for the header. maxLength: 16384 minLength: 1 type: string required: - name - value type: object maxItems: 16 minItems: 1 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map body: description: '`body` controls manipulation of the HTTP body.' maxLength: 16384 minLength: 1 type: string metadata: additionalProperties: description: CELExpression represents a Common Expression Language (CEL) expression. maxLength: 16384 minLength: 1 type: string description: |- `metadata` stores CEL-evaluated values under the `metadata` CEL variable for subsequent policy evaluations. `metadata` is evaluated before header or body transformations. maxProperties: 16 minProperties: 1 type: object remove: description: |- `remove` is a list of header names to remove from the request or response. items: description: An HTTP Header Name. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' maxItems: 16 minItems: 1 type: array x-kubernetes-list-type: set set: description: '`set` is a list of headers and the value they should be set to.' items: properties: name: description: The name of the header to add. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' value: description: |- `value` is the CEL expression to apply to generate the output value for the header. maxLength: 16384 minLength: 1 type: string required: - name - value type: object maxItems: 16 minItems: 1 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map type: object x-kubernetes-validations: - message: at least one of the fields in [add body metadata remove set] must be set rule: '[has(self.add),has(self.body),has(self.metadata),has(self.remove),has(self.set)].filter(x,x==true).size() >= 1' response: description: '`response` is used to modify the response path.' properties: add: description: |- `add` is a list of headers to add to the request and what that value should be set to. If there is already a header with these values then append the value as an extra entry. items: properties: name: description: The name of the header to add. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' value: description: |- `value` is the CEL expression to apply to generate the output value for the header. maxLength: 16384 minLength: 1 type: string required: - name - value type: object maxItems: 16 minItems: 1 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map body: description: '`body` controls manipulation of the HTTP body.' maxLength: 16384 minLength: 1 type: string metadata: additionalProperties: description: CELExpression represents a Common Expression Language (CEL) expression. maxLength: 16384 minLength: 1 type: string description: |- `metadata` stores CEL-evaluated values under the `metadata` CEL variable for subsequent policy evaluations. `metadata` is evaluated before header or body transformations. maxProperties: 16 minProperties: 1 type: object remove: description: |- `remove` is a list of header names to remove from the request or response. items: description: An HTTP Header Name. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' maxItems: 16 minItems: 1 type: array x-kubernetes-list-type: set set: description: '`set` is a list of headers and the value they should be set to.' items: properties: name: description: The name of the header to add. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' value: description: |- `value` is the CEL expression to apply to generate the output value for the header. maxLength: 16384 minLength: 1 type: string required: - name - value type: object maxItems: 16 minItems: 1 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map type: object x-kubernetes-validations: - message: at least one of the fields in [add body metadata remove set] must be set rule: '[has(self.add),has(self.body),has(self.metadata),has(self.remove),has(self.set)].filter(x,x==true).size() >= 1' type: object x-kubernetes-validations: - message: at least one of the fields in [request response] must be set rule: '[has(self.request),has(self.response)].filter(x,x==true).size() >= 1' tunnel: description: '`tunnel` defines settings for managing tunnel connections (with behavior like `HTTPS_PROXY`) to the backend.' properties: backendRef: description: |- `backendRef` references the proxy server to reach. Supported types: `Service` and `Backend`. properties: group: default: "" description: |- Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred. maxLength: 253 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string kind: default: Service description: |- Kind is the Kubernetes resource kind of the referent. For example "Service". Defaults to "Service" when not specified. ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. Support: Core (Services with a type other than ExternalName) Support: Implementation-specific (Services with type ExternalName) maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ type: string name: description: Name is the name of the referent. maxLength: 253 minLength: 1 type: string namespace: description: |- Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. Support: Core maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string port: description: |- Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field. format: int32 maximum: 65535 minimum: 1 type: integer required: - name type: object x-kubernetes-validations: - message: Must have port for Service reference rule: '(size(self.group) == 0 && self.kind == ''Service'') ? has(self.port) : true' required: - backendRef type: object type: object projectId: description: ProjectID is the Google Cloud project ID. maxLength: 256 minLength: 1 type: string templateId: description: TemplateID is the template ID for Google Model Armor. maxLength: 256 minLength: 1 type: string required: - projectId - templateId type: object regex: description: Regular expression (regex) matching for prompt guards and data masking. properties: action: default: Mask description: |- The action to take if a regex pattern is matched in a request or response. This setting applies only to request matches. `PromptguardResponse` matches are always masked by default. Defaults to `Mask`. enum: - Mask - Reject type: string builtins: description: |- A list of built-in regex patterns to match against the request or response. Matches and built-ins are additive. items: description: |- Built-in regex patterns for specific types of strings in prompts. For example, if you specify `CreditCard`, any credit card numbers in the request or response are matched. enum: - Ssn - CreditCard - PhoneNumber - Email - CaSin type: string type: array matches: description: |- A list of regex patterns to match against the request or response. Matches and built-ins are additive. items: maxLength: 1024 minLength: 1 type: string type: array type: object response: description: |- A custom response message to return to the client. If not specified, defaults to `The response was rejected due to inappropriate content`. properties: message: default: The request was rejected due to inappropriate content description: |- A custom response message to return to the client. If not specified, defaults to `The request was rejected due to inappropriate content`. type: string statusCode: default: 403 description: The status code to return to the client. Defaults to 403. format: int32 maximum: 599 minimum: 200 type: integer type: object x-kubernetes-validations: - message: at least one of the fields in [message statusCode] must be set rule: '[has(self.message),has(self.statusCode)].filter(x,x==true).size() >= 1' webhook: description: Configure a webhook to forward responses to for prompt guarding. properties: backendRef: description: |- backendRef references the webhook server to reach. Supported types: Service and Backend. properties: group: default: "" description: |- Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred. maxLength: 253 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string kind: default: Service description: |- Kind is the Kubernetes resource kind of the referent. For example "Service". Defaults to "Service" when not specified. ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. Support: Core (Services with a type other than ExternalName) Support: Implementation-specific (Services with type ExternalName) maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ type: string name: description: Name is the name of the referent. maxLength: 253 minLength: 1 type: string namespace: description: |- Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. Support: Core maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string port: description: |- Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field. format: int32 maximum: 65535 minimum: 1 type: integer required: - name type: object x-kubernetes-validations: - message: Must have port for Service reference rule: '(size(self.group) == 0 && self.kind == ''Service'') ? has(self.port) : true' forwardHeaderMatches: description: |- ForwardHeaderMatches defines a list of HTTP header matches that will be used to select the headers to forward to the webhook. Request headers are used when forwarding requests and response headers are used when forwarding responses. By default, no headers are forwarded. items: description: |- HTTPHeaderMatch describes how to select a HTTP route by matching HTTP request headers. properties: name: description: |- Name is the name of the HTTP Header to be matched. Name matching MUST be case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). If multiple entries specify equivalent header names, only the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, "foo" and "Foo" are considered equivalent. When a header is repeated in an HTTP request, it is implementation-specific behavior as to how this is represented. Generally, proxies should follow the guidance from the RFC: https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding processing a repeated header, with special handling for "Set-Cookie". maxLength: 256 minLength: 1 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string type: default: Exact description: |- Type specifies how to match against the value of the header. Support: Core (Exact) Support: Implementation-specific (RegularExpression) Since RegularExpression HeaderMatchType has implementation-specific conformance, implementations can support POSIX, PCRE or any other dialects of regular expressions. Please read the implementation's documentation to determine the supported dialect. enum: - Exact - RegularExpression type: string value: description: |- Value is the value of HTTP Header to be matched. Must consist of printable US-ASCII characters, optionally separated by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2 maxLength: 4096 minLength: 1 type: string required: - name - value type: object type: array required: - backendRef type: object type: object x-kubernetes-validations: - message: exactly one of the fields in [regex webhook bedrockGuardrails googleModelArmor] must be set rule: '[has(self.regex),has(self.webhook),has(self.bedrockGuardrails),has(self.googleModelArmor)].filter(x,x==true).size() == 1' maxItems: 8 minItems: 1 type: array type: object x-kubernetes-validations: - message: at least one of the fields in [request response] must be set rule: '[has(self.request),has(self.response)].filter(x,x==true).size() >= 1' routes: additionalProperties: description: |- RouteType specifies how the AI gateway should process incoming requests based on the URL path and the API format expected. enum: - Completions - Messages - Models - Passthrough - Detect - Responses - AnthropicTokenCount - Embeddings - Realtime type: string description: |- `routes` defines how to identify the type of traffic to handle. The keys are URL path suffixes matched using ends-with comparison, for example `"/v1/chat/completions"`. The special `*` wildcard matches any path. If not specified, all traffic defaults to `completions` type. type: object transformations: description: |- Provide CEL transformations to compute and set fields in the request body. The expression result overwrites any existing value for that field. This has a higher priority than `overrides` if both are set for the same key. items: description: |- FieldTransformation maps a request JSON field to a CEL expression string. The expression is evaluated against the current request body and its result is assigned to the configured field. properties: expression: description: CEL expression used to compute the field value. maxLength: 16384 minLength: 1 type: string field: allOf: - minLength: 1 - minLength: 1 description: The name of the field to set. maxLength: 256 type: string required: - expression - field type: object maxItems: 64 minItems: 1 type: array type: object x-kubernetes-validations: - message: at least one of the fields in [defaults modelAliases overrides prompt promptCaching promptGuard routes transformations] must be set rule: '[has(self.defaults),has(self.modelAliases),has(self.overrides),has(self.prompt),has(self.promptCaching),has(self.promptGuard),has(self.routes),has(self.transformations)].filter(x,x==true).size() >= 1' auth: description: '`auth` defines settings for managing authentication to the backend.' properties: aws: description: |- Auth specifies an explicit AWS authentication method for the backend. When omitted, we will try to use the default AWS SDK authentication methods. properties: secretRef: description: |- `secretRef` references a Kubernetes `Secret` containing the AWS credentials. The `Secret` must have keys `accessKey`, `secretKey`, and optionally `sessionToken`. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic required: - secretRef type: object azure: description: Azure specifies an Azure authentication method for the backend. properties: managedIdentity: description: Details for managed identity authentication properties: clientId: type: string objectId: type: string resourceId: type: string required: - clientId - objectId - resourceId type: object secretRef: description: |- `secretRef` references a Kubernetes `Secret` containing the Azure credentials. The `Secret` must have keys `clientId`, `tenantId`, and `clientSecret`. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic type: object gcp: description: |- Auth specifies to use a Google authentication method for the backend. When omitted, we will try to use the default AWS SDK authentication methods. properties: audience: description: |- `audience` allows explicitly configuring the `aud` of the ID token. Only valid with `IdToken` type. If not set, the `aud` is automatically derived from the backend hostname. maxLength: 256 minLength: 1 type: string type: description: |- The type of token to generate. To authenticate to GCP services, generally an `AccessToken` is used. To authenticate to Cloud Run, an `IdToken` is used. enum: - AccessToken - IdToken type: string type: object x-kubernetes-validations: - message: audience is only valid with IdToken rule: 'has(self.audience) ? self.type == ''IdToken'' : true' key: description: |- `key` provides an inline key to use as the value of the `Authorization` header. This option is the least secure; usage of a `Secret` is preferred. maxLength: 2048 type: string passthrough: description: |- `passthrough` passes through an existing token that has been sent by the client and validated. Other policies, like JWT and API key authentication, will strip the original client credentials. Passthrough backend authentication causes the original token to be added back into the request. If there are no client authentication policies on the request, the original token would be unchanged, so this would have no effect. type: object secretRef: description: |- `secretRef` references a Kubernetes `Secret` storing the key to use as the authorization value. This must be stored in the `Authorization` key. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic type: object x-kubernetes-validations: - message: exactly one of the fields in [key secretRef passthrough aws azure gcp] must be set rule: '[has(self.key),has(self.secretRef),has(self.passthrough),has(self.aws),has(self.azure),has(self.gcp)].filter(x,x==true).size() == 1' health: description: health defines settings for passive and active health checking. properties: eviction: description: Eviction defines settings for evicting unhealthy backends. properties: consecutiveFailures: description: |- ConsecutiveFailures is the number of consecutive unhealthy responses required before the backend is evicted. For example, a value of 5 means the backend must receive 5 unhealthy responses in a row before being evicted. When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met. When neither is set, a single unhealthy response can trigger eviction. format: int32 minimum: 0 type: integer duration: default: 3s description: |- Duration specifies the base time a backend should be evicted after being marked unhealthy. Subsequent evictions use multiplicative backoff (duration * times_evicted). If all endpoints are evicted, the load balancer falls back to returning evicted endpoints rather than failing entirely. If unset, defaults to `3s`. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: evictionDuration must be at least 1 second rule: duration(self) >= duration('1s') healthThreshold: description: |- HealthThreshold is the EWMA (exponentially-weighted moving average) health score threshold, expressed as 0–100. When set, a backend is only evicted if its computed health drops below this value after an unhealthy response. For example, 50 means the backend is evicted when its EWMA health falls below 50% following failures. Unlike consecutiveFailures (which counts consecutive failures), this uses a sliding-window average so a single success in a stream of failures can delay eviction. When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met. When neither is set, a single unhealthy response triggers eviction. format: int32 maximum: 100 minimum: 0 type: integer restoreHealth: description: |- RestoreHealth is the health score (0–100) assigned to a backend when it returns from eviction. For gradual recovery, set below 100; for full recovery immediately, set 100. If unset, the backend resumes with the health it had when evicted. format: int32 maximum: 100 minimum: 0 type: integer type: object unhealthyCondition: description: |- UnhealthyCondition is a CEL expression that determines whether a response indicates an unhealthy backend. When the expression evaluates to true, the backend is considered unhealthy and may be evicted. For example, to evict on 5xx responses: `response.code >= 500`. When unset, any 5xx response, or a connection failure, is treated as unhealthy. This default lowers the backend's health score but does not trigger eviction on its own. maxLength: 16384 minLength: 1 type: string type: object http: description: http defines settings for managing HTTP requests to the backend. properties: requestTimeout: description: requestTimeout specifies the deadline for receiving a response from the backend. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: requestTimeout must be at least 1ms rule: duration(self) >= duration('1ms') version: description: |- `version` specifies the HTTP protocol version to use when connecting to the backend. If not specified, the version is automatically determined: * `Service` types can specify it with `appProtocol` on the `Service` port. * If traffic is identified as gRPC, `HTTP2` is used. * If the incoming traffic was plaintext HTTP, the original protocol will be used. * If the incoming traffic was HTTPS, `HTTP1` will be used. This is because most clients will transparently upgrade HTTPS traffic to `HTTP2`, even if the backend doesn't support it. enum: - HTTP1 - HTTP2 type: string type: object tcp: description: tcp defines settings for managing TCP connections to the backend. properties: connectTimeout: description: |- `connectTimeout` defines the deadline for establishing a connection to the destination. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: connectTimeout must be at least 100ms rule: duration(self) >= duration('100ms') keepalive: description: |- `keepAlive` defines settings for enabling TCP keepalives on the connection. properties: interval: description: |- interval specifies the number of seconds between keep-alive probes. If unset, this defaults to 180s. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: interval must be at least 1 second rule: duration(self) >= duration('1s') retries: description: |- retries specifies the maximum number of keep-alive probes to send before dropping the connection. If unset, this defaults to 9. format: int32 maximum: 64 minimum: 1 type: integer time: description: |- time specifies the number of seconds a connection needs to be idle before keep-alive probes start being sent. If unset, this defaults to 180s. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: time must be at least 1 second rule: duration(self) >= duration('1s') type: object type: object tls: description: |- tls defines settings for managing TLS connections to the backend. If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to validate the server, and the SNI will automatically be set based on the destination. properties: alpnProtocols: description: |- `alpnProtocols` sets the Application-Layer Protocol Negotiation (`ALPN`) value to use in the TLS handshake. If not present, defaults to `["h2", "http/1.1"]`. items: maxLength: 64 minLength: 1 type: string maxItems: 16 minItems: 1 type: array caCertificateRefs: description: |- `caCertificateRefs` defines the CA certificate `ConfigMap` to use to verify the server certificate. If unset, the system's trusted certificates are used. items: description: |- LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic maxItems: 1 type: array x-kubernetes-list-type: atomic insecureSkipVerify: description: |- insecureSkipVerify originates TLS but skips verification of the backend's certificate. WARNING: This is an insecure option that should only be used if the risks are understood. There are two modes: * `All` disables all TLS verification. * `Hostname` verifies the CA certificate is trusted, but ignores any mismatch of hostname or SANs. Note that this method is still insecure; prefer setting `verifySubjectAltNames` to customize the valid hostnames if possible. enum: - All - Hostname type: string mtlsCertificateRef: description: |- `mtlsCertificateRef` enables mutual TLS to the backend, using the specified key (`tls.key`) and cert (`tls.crt`) from the referenced `Secret`. An optional `ca.cert` field, if present, will be used to verify the server certificate. If `caCertificateRefs` is also specified, the `caCertificateRefs` field takes priority. If unspecified, no client certificate will be used. items: description: |- LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic maxItems: 1 type: array x-kubernetes-list-type: atomic sni: description: |- `sni` specifies the Server Name Indicator (`SNI`) to be used in the TLS handshake. If unset, the `SNI` is automatically set based on the destination hostname. maxLength: 253 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string verifySubjectAltNames: description: |- `verifySubjectAltNames` specifies the Subject Alternative Names (`SAN`) to verify in the server certificate. If not present, the destination hostname is automatically used. items: maxLength: 256 minLength: 1 type: string maxItems: 16 minItems: 1 type: array type: object x-kubernetes-validations: - message: insecureSkipVerify All and caCertificateRefs may not be set together rule: 'has(self.insecureSkipVerify) && self.insecureSkipVerify == ''All'' ? !has(self.caCertificateRefs) : true' - message: insecureSkipVerify and verifySubjectAltNames may not be set together rule: 'has(self.insecureSkipVerify) ? !has(self.verifySubjectAltNames) : true' - message: at most one of the fields in [verifySubjectAltNames insecureSkipVerify] may be set rule: '[has(self.verifySubjectAltNames),has(self.insecureSkipVerify)].filter(x,x==true).size() <= 1' transformation: description: transformation is used to mutate and transform requests and responses sent to and from the backend. properties: request: description: '`request` is used to modify the request path.' properties: add: description: |- `add` is a list of headers to add to the request and what that value should be set to. If there is already a header with these values then append the value as an extra entry. items: properties: name: description: The name of the header to add. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' value: description: |- `value` is the CEL expression to apply to generate the output value for the header. maxLength: 16384 minLength: 1 type: string required: - name - value type: object maxItems: 16 minItems: 1 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map body: description: '`body` controls manipulation of the HTTP body.' maxLength: 16384 minLength: 1 type: string metadata: additionalProperties: description: CELExpression represents a Common Expression Language (CEL) expression. maxLength: 16384 minLength: 1 type: string description: |- `metadata` stores CEL-evaluated values under the `metadata` CEL variable for subsequent policy evaluations. `metadata` is evaluated before header or body transformations. maxProperties: 16 minProperties: 1 type: object remove: description: |- `remove` is a list of header names to remove from the request or response. items: description: An HTTP Header Name. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' maxItems: 16 minItems: 1 type: array x-kubernetes-list-type: set set: description: '`set` is a list of headers and the value they should be set to.' items: properties: name: description: The name of the header to add. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' value: description: |- `value` is the CEL expression to apply to generate the output value for the header. maxLength: 16384 minLength: 1 type: string required: - name - value type: object maxItems: 16 minItems: 1 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map type: object x-kubernetes-validations: - message: at least one of the fields in [add body metadata remove set] must be set rule: '[has(self.add),has(self.body),has(self.metadata),has(self.remove),has(self.set)].filter(x,x==true).size() >= 1' response: description: '`response` is used to modify the response path.' properties: add: description: |- `add` is a list of headers to add to the request and what that value should be set to. If there is already a header with these values then append the value as an extra entry. items: properties: name: description: The name of the header to add. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' value: description: |- `value` is the CEL expression to apply to generate the output value for the header. maxLength: 16384 minLength: 1 type: string required: - name - value type: object maxItems: 16 minItems: 1 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map body: description: '`body` controls manipulation of the HTTP body.' maxLength: 16384 minLength: 1 type: string metadata: additionalProperties: description: CELExpression represents a Common Expression Language (CEL) expression. maxLength: 16384 minLength: 1 type: string description: |- `metadata` stores CEL-evaluated values under the `metadata` CEL variable for subsequent policy evaluations. `metadata` is evaluated before header or body transformations. maxProperties: 16 minProperties: 1 type: object remove: description: |- `remove` is a list of header names to remove from the request or response. items: description: An HTTP Header Name. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' maxItems: 16 minItems: 1 type: array x-kubernetes-list-type: set set: description: '`set` is a list of headers and the value they should be set to.' items: properties: name: description: The name of the header to add. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' value: description: |- `value` is the CEL expression to apply to generate the output value for the header. maxLength: 16384 minLength: 1 type: string required: - name - value type: object maxItems: 16 minItems: 1 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map type: object x-kubernetes-validations: - message: at least one of the fields in [add body metadata remove set] must be set rule: '[has(self.add),has(self.body),has(self.metadata),has(self.remove),has(self.set)].filter(x,x==true).size() >= 1' type: object x-kubernetes-validations: - message: at least one of the fields in [request response] must be set rule: '[has(self.request),has(self.response)].filter(x,x==true).size() >= 1' tunnel: description: '`tunnel` defines settings for managing tunnel connections (with behavior like `HTTPS_PROXY`) to the backend.' properties: backendRef: description: |- `backendRef` references the proxy server to reach. Supported types: `Service` and `Backend`. properties: group: default: "" description: |- Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred. maxLength: 253 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string kind: default: Service description: |- Kind is the Kubernetes resource kind of the referent. For example "Service". Defaults to "Service" when not specified. ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. Support: Core (Services with a type other than ExternalName) Support: Implementation-specific (Services with type ExternalName) maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ type: string name: description: Name is the name of the referent. maxLength: 253 minLength: 1 type: string namespace: description: |- Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. Support: Core maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string port: description: |- Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field. format: int32 maximum: 65535 minimum: 1 type: integer required: - name type: object x-kubernetes-validations: - message: Must have port for Service reference rule: '(size(self.group) == 0 && self.kind == ''Service'') ? has(self.port) : true' required: - backendRef type: object type: object x-kubernetes-validations: - message: at least one of the fields in [ai auth health http tcp tls transformation tunnel] must be set rule: '[has(self.ai),has(self.auth),has(self.health),has(self.http),has(self.tcp),has(self.tls),has(self.transformation),has(self.tunnel)].filter(x,x==true).size() >= 1' port: description: Port specifies the port to send the requests to. format: int32 maximum: 65535 minimum: 1 type: integer vertexai: description: Vertex AI provider properties: model: description: |- Optional: Override the model name, such as `gpt-4o-mini`. If unset, the model name is taken from the request. maxLength: 256 minLength: 1 type: string projectId: description: The ID of the Google Cloud Project that you use for the Vertex AI. maxLength: 64 minLength: 1 type: string region: default: global description: |- The location of the Google Cloud Project that you use for the Vertex AI. Defaults to `global` if not specified. maxLength: 64 minLength: 1 type: string required: - projectId type: object required: - name type: object x-kubernetes-validations: - message: both host and port must be set together rule: 'has(self.host) || has(self.port) ? has(self.host) && has(self.port) : true' - message: path and pathPrefix are mutually exclusive rule: '!(has(self.path) && has(self.pathPrefix))' - message: pathPrefix requires host to be set rule: 'has(self.pathPrefix) ? has(self.host) : true' - message: exactly one of the fields in [openai azureopenai anthropic gemini vertexai bedrock] must be set rule: '[has(self.openai),has(self.azureopenai),has(self.anthropic),has(self.gemini),has(self.vertexai),has(self.bedrock)].filter(x,x==true).size() == 1' maxItems: 16 minItems: 1 type: array x-kubernetes-validations: - message: provider names must be unique within a group rule: self.all(p1, self.exists_one(p2, p1.name == p2.name)) required: - providers type: object maxItems: 8 minItems: 1 type: array provider: description: |- `provider` specifies configuration for how to reach the configured LLM provider. properties: anthropic: description: Anthropic provider properties: model: description: |- Optional: Override the model name, such as `gpt-4o-mini`. If unset, the model name is taken from the request. maxLength: 256 minLength: 1 type: string type: object azureopenai: description: Azure OpenAI provider properties: apiVersion: description: |- The version of the Azure OpenAI API to use. For more information, see the [Azure OpenAI API version reference](https://learn.microsoft.com/en-us/azure/ai-foundry/?view=foundry-classicreference#api-specs). If unset, defaults to `v1`. maxLength: 64 minLength: 1 type: string deploymentName: description: |- The name of the Azure OpenAI model deployment to use. For more information, see the [Azure OpenAI model docs](https://learn.microsoft.com/en-us/azure/ai-foundry/foundry-models/concepts/models-sold-directly-by-azure?view=foundry-classic). This is required if `apiVersion` is not `v1`. For `v1`, the model can be set in the request. maxLength: 256 minLength: 1 type: string endpoint: description: |- The endpoint for the Azure OpenAI API to use, such as `my-endpoint.openai.azure.com`. If the scheme is included, it is stripped. maxLength: 256 minLength: 1 type: string required: - endpoint type: object x-kubernetes-validations: - message: deploymentName is required for this apiVersion rule: '!has(self.apiVersion) || self.apiVersion == ''v1'' ? true : has(self.deploymentName)' bedrock: description: Bedrock provider properties: guardrail: description: |- `guardrail` configures the Guardrail policy to use for the backend. See . If not specified, the AWS Guardrail policy will not be used. properties: identifier: description: GuardrailIdentifier is the identifier of the Guardrail policy to use for the backend. maxLength: 256 minLength: 1 type: string version: description: GuardrailVersion is the version of the Guardrail policy to use for the backend. maxLength: 256 minLength: 1 type: string required: - identifier - version type: object model: description: |- Optional: Override the model name, such as `gpt-4o-mini`. If unset, the model name is taken from the request. maxLength: 256 minLength: 1 type: string region: default: us-east-1 description: |- Region is the AWS region to use for the backend. Defaults to `us-east-1` if not specified. maxLength: 63 minLength: 1 pattern: ^[a-z0-9-]+$ type: string type: object gemini: description: Gemini provider properties: model: description: |- Optional: Override the model name, such as `gemini-2.5-pro`. If unset, the model name is taken from the request. maxLength: 256 minLength: 1 type: string type: object host: description: |- Host specifies the hostname to send the requests to. If not specified, the default hostname for the provider is used. maxLength: 256 minLength: 1 type: string openai: description: OpenAI provider properties: model: description: |- Optional: Override the model name, such as `gpt-4o-mini`. If unset, the model name is taken from the request. maxLength: 256 minLength: 1 type: string type: object path: description: |- Path specifies the URL path to use for the LLM provider API requests. This is useful when you need to route requests to a different API endpoint while maintaining compatibility with the original provider's API structure. If not specified, the default path for the provider is used. maxLength: 1024 minLength: 1 type: string pathPrefix: description: |- PathPrefix overrides the default base path prefix (e.g. "/v1") for upstream requests. Path translation for cross-format requests still applies using this prefix. Only supported for OpenAI and Anthropic providers. maxLength: 1024 minLength: 1 type: string port: description: Port specifies the port to send the requests to. format: int32 maximum: 65535 minimum: 1 type: integer vertexai: description: Vertex AI provider properties: model: description: |- Optional: Override the model name, such as `gpt-4o-mini`. If unset, the model name is taken from the request. maxLength: 256 minLength: 1 type: string projectId: description: The ID of the Google Cloud Project that you use for the Vertex AI. maxLength: 64 minLength: 1 type: string region: default: global description: |- The location of the Google Cloud Project that you use for the Vertex AI. Defaults to `global` if not specified. maxLength: 64 minLength: 1 type: string required: - projectId type: object type: object x-kubernetes-validations: - message: both host and port must be set together rule: 'has(self.host) || has(self.port) ? has(self.host) && has(self.port) : true' - message: path and pathPrefix are mutually exclusive rule: '!(has(self.path) && has(self.pathPrefix))' - message: pathPrefix requires host to be set rule: 'has(self.pathPrefix) ? has(self.host) : true' - message: exactly one of the fields in [openai azureopenai anthropic gemini vertexai bedrock] must be set rule: '[has(self.openai),has(self.azureopenai),has(self.anthropic),has(self.gemini),has(self.vertexai),has(self.bedrock)].filter(x,x==true).size() == 1' type: object x-kubernetes-validations: - message: exactly one of the fields in [provider groups] must be set rule: '[has(self.provider),has(self.groups)].filter(x,x==true).size() == 1' aws: description: aws represents an AWS service backend (AgentCore, etc.). properties: agentCore: description: agentCore configures Amazon Bedrock AgentCore as a backend. properties: agentRuntimeArn: description: agentRuntimeArn is the ARN of the AgentCore runtime. type: string qualifier: description: qualifier optionally specifies the alias or version qualifier. type: string required: - agentRuntimeArn type: object type: object x-kubernetes-validations: - message: exactly one of the fields in [agentCore] must be set rule: '[has(self.agentCore)].filter(x,x==true).size() == 1' dynamicForwardProxy: description: |- dynamicForwardProxy configures the proxy to dynamically send requests to the destination based on the incoming request HTTP host header, or TLS SNI for TLS traffic. Note: this Backend type enables users to send trigger the proxy to send requests to arbitrary destinations. Proper access controls must be put in place when using this backend type. type: object mcp: description: mcp represents an MCP backend properties: failureMode: description: |- `failureMode` controls behavior when MCP targets fail to initialize or become unavailable at runtime. `FailOpen` skips failed targets and continues serving from healthy ones. `FailClosed` (default) fails the entire session if any target fails. enum: - FailOpen - FailClosed type: string sessionRouting: description: |- `sessionRouting` configures MCP session behavior for requests. Defaults to `Stateful` if not set. enum: - Stateful - Stateless type: string targets: description: |- `targets` is a list of MCP targets to use for this backend. Policies targeting MCP targets must use `targetRefs[].sectionName` to select the target by name. items: description: McpTargetSelector defines the MCPBackend target to use for this backend. properties: name: description: Name of the MCP target. maxLength: 253 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string selector: description: |- `selector` is the label selector used to select `Service` resources. If policies are needed on a per-service basis, `AgentgatewayPolicy` can target the desired `Service`. properties: namespaces: description: |- `namespace` is the label selector for namespaces that `Service` resources should be selected from. If unset, only the namespace of the `AgentgatewayBackend` is searched. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: |- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: description: |- operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: description: |- values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic services: description: |- `services` is the label selector for which `Service` resources should be selected. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: |- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: description: |- operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: description: |- values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic type: object x-kubernetes-validations: - message: at least one of the fields in [namespaces services] must be set rule: '[has(self.namespaces),has(self.services)].filter(x,x==true).size() >= 1' static: description: |- `static` configures a static MCP destination. When connecting to in-cluster `Service` resources, it is recommended to use `selector` instead. properties: backendRef: description: |- `backendRef` references a namespace-local `Service` resource by name. When set, this replaces `host` only; `port`, `path`, and `protocol` remain configured on this target. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic host: description: Host is the hostname or IP address of the MCP target. maxLength: 256 minLength: 1 type: string path: description: |- Path is the URL path of the MCP target endpoint. Defaults to `"/sse"` for the `SSE` protocol or `"/mcp"` for the `StreamableHTTP` protocol if not specified. maxLength: 1024 minLength: 1 type: string policies: description: |- `policies` controls policies for communicating with this backend. Policies may also be set in `AgentgatewayPolicy`, or in the top-level `AgentgatewayBackend`. Policies are merged on a field-level basis, with order: `AgentgatewayPolicy` < `AgentgatewayBackend` < `AgentgatewayBackend` MCP (this field). This field may only be used with host-based static targets, not `backendRef`. properties: auth: description: '`auth` defines settings for managing authentication to the backend.' properties: aws: description: |- Auth specifies an explicit AWS authentication method for the backend. When omitted, we will try to use the default AWS SDK authentication methods. properties: secretRef: description: |- `secretRef` references a Kubernetes `Secret` containing the AWS credentials. The `Secret` must have keys `accessKey`, `secretKey`, and optionally `sessionToken`. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic required: - secretRef type: object azure: description: Azure specifies an Azure authentication method for the backend. properties: managedIdentity: description: Details for managed identity authentication properties: clientId: type: string objectId: type: string resourceId: type: string required: - clientId - objectId - resourceId type: object secretRef: description: |- `secretRef` references a Kubernetes `Secret` containing the Azure credentials. The `Secret` must have keys `clientId`, `tenantId`, and `clientSecret`. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic type: object gcp: description: |- Auth specifies to use a Google authentication method for the backend. When omitted, we will try to use the default AWS SDK authentication methods. properties: audience: description: |- `audience` allows explicitly configuring the `aud` of the ID token. Only valid with `IdToken` type. If not set, the `aud` is automatically derived from the backend hostname. maxLength: 256 minLength: 1 type: string type: description: |- The type of token to generate. To authenticate to GCP services, generally an `AccessToken` is used. To authenticate to Cloud Run, an `IdToken` is used. enum: - AccessToken - IdToken type: string type: object x-kubernetes-validations: - message: audience is only valid with IdToken rule: 'has(self.audience) ? self.type == ''IdToken'' : true' key: description: |- `key` provides an inline key to use as the value of the `Authorization` header. This option is the least secure; usage of a `Secret` is preferred. maxLength: 2048 type: string passthrough: description: |- `passthrough` passes through an existing token that has been sent by the client and validated. Other policies, like JWT and API key authentication, will strip the original client credentials. Passthrough backend authentication causes the original token to be added back into the request. If there are no client authentication policies on the request, the original token would be unchanged, so this would have no effect. type: object secretRef: description: |- `secretRef` references a Kubernetes `Secret` storing the key to use as the authorization value. This must be stored in the `Authorization` key. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic type: object x-kubernetes-validations: - message: exactly one of the fields in [key secretRef passthrough aws azure gcp] must be set rule: '[has(self.key),has(self.secretRef),has(self.passthrough),has(self.aws),has(self.azure),has(self.gcp)].filter(x,x==true).size() == 1' health: description: health defines settings for passive and active health checking. properties: eviction: description: Eviction defines settings for evicting unhealthy backends. properties: consecutiveFailures: description: |- ConsecutiveFailures is the number of consecutive unhealthy responses required before the backend is evicted. For example, a value of 5 means the backend must receive 5 unhealthy responses in a row before being evicted. When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met. When neither is set, a single unhealthy response can trigger eviction. format: int32 minimum: 0 type: integer duration: default: 3s description: |- Duration specifies the base time a backend should be evicted after being marked unhealthy. Subsequent evictions use multiplicative backoff (duration * times_evicted). If all endpoints are evicted, the load balancer falls back to returning evicted endpoints rather than failing entirely. If unset, defaults to `3s`. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: evictionDuration must be at least 1 second rule: duration(self) >= duration('1s') healthThreshold: description: |- HealthThreshold is the EWMA (exponentially-weighted moving average) health score threshold, expressed as 0–100. When set, a backend is only evicted if its computed health drops below this value after an unhealthy response. For example, 50 means the backend is evicted when its EWMA health falls below 50% following failures. Unlike consecutiveFailures (which counts consecutive failures), this uses a sliding-window average so a single success in a stream of failures can delay eviction. When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met. When neither is set, a single unhealthy response triggers eviction. format: int32 maximum: 100 minimum: 0 type: integer restoreHealth: description: |- RestoreHealth is the health score (0–100) assigned to a backend when it returns from eviction. For gradual recovery, set below 100; for full recovery immediately, set 100. If unset, the backend resumes with the health it had when evicted. format: int32 maximum: 100 minimum: 0 type: integer type: object unhealthyCondition: description: |- UnhealthyCondition is a CEL expression that determines whether a response indicates an unhealthy backend. When the expression evaluates to true, the backend is considered unhealthy and may be evicted. For example, to evict on 5xx responses: `response.code >= 500`. When unset, any 5xx response, or a connection failure, is treated as unhealthy. This default lowers the backend's health score but does not trigger eviction on its own. maxLength: 16384 minLength: 1 type: string type: object http: description: http defines settings for managing HTTP requests to the backend. properties: requestTimeout: description: requestTimeout specifies the deadline for receiving a response from the backend. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: requestTimeout must be at least 1ms rule: duration(self) >= duration('1ms') version: description: |- `version` specifies the HTTP protocol version to use when connecting to the backend. If not specified, the version is automatically determined: * `Service` types can specify it with `appProtocol` on the `Service` port. * If traffic is identified as gRPC, `HTTP2` is used. * If the incoming traffic was plaintext HTTP, the original protocol will be used. * If the incoming traffic was HTTPS, `HTTP1` will be used. This is because most clients will transparently upgrade HTTPS traffic to `HTTP2`, even if the backend doesn't support it. enum: - HTTP1 - HTTP2 type: string type: object tcp: description: tcp defines settings for managing TCP connections to the backend. properties: connectTimeout: description: |- `connectTimeout` defines the deadline for establishing a connection to the destination. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: connectTimeout must be at least 100ms rule: duration(self) >= duration('100ms') keepalive: description: |- `keepAlive` defines settings for enabling TCP keepalives on the connection. properties: interval: description: |- interval specifies the number of seconds between keep-alive probes. If unset, this defaults to 180s. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: interval must be at least 1 second rule: duration(self) >= duration('1s') retries: description: |- retries specifies the maximum number of keep-alive probes to send before dropping the connection. If unset, this defaults to 9. format: int32 maximum: 64 minimum: 1 type: integer time: description: |- time specifies the number of seconds a connection needs to be idle before keep-alive probes start being sent. If unset, this defaults to 180s. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: time must be at least 1 second rule: duration(self) >= duration('1s') type: object type: object tls: description: |- tls defines settings for managing TLS connections to the backend. If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to validate the server, and the SNI will automatically be set based on the destination. properties: alpnProtocols: description: |- `alpnProtocols` sets the Application-Layer Protocol Negotiation (`ALPN`) value to use in the TLS handshake. If not present, defaults to `["h2", "http/1.1"]`. items: maxLength: 64 minLength: 1 type: string maxItems: 16 minItems: 1 type: array caCertificateRefs: description: |- `caCertificateRefs` defines the CA certificate `ConfigMap` to use to verify the server certificate. If unset, the system's trusted certificates are used. items: description: |- LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic maxItems: 1 type: array x-kubernetes-list-type: atomic insecureSkipVerify: description: |- insecureSkipVerify originates TLS but skips verification of the backend's certificate. WARNING: This is an insecure option that should only be used if the risks are understood. There are two modes: * `All` disables all TLS verification. * `Hostname` verifies the CA certificate is trusted, but ignores any mismatch of hostname or SANs. Note that this method is still insecure; prefer setting `verifySubjectAltNames` to customize the valid hostnames if possible. enum: - All - Hostname type: string mtlsCertificateRef: description: |- `mtlsCertificateRef` enables mutual TLS to the backend, using the specified key (`tls.key`) and cert (`tls.crt`) from the referenced `Secret`. An optional `ca.cert` field, if present, will be used to verify the server certificate. If `caCertificateRefs` is also specified, the `caCertificateRefs` field takes priority. If unspecified, no client certificate will be used. items: description: |- LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic maxItems: 1 type: array x-kubernetes-list-type: atomic sni: description: |- `sni` specifies the Server Name Indicator (`SNI`) to be used in the TLS handshake. If unset, the `SNI` is automatically set based on the destination hostname. maxLength: 253 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string verifySubjectAltNames: description: |- `verifySubjectAltNames` specifies the Subject Alternative Names (`SAN`) to verify in the server certificate. If not present, the destination hostname is automatically used. items: maxLength: 256 minLength: 1 type: string maxItems: 16 minItems: 1 type: array type: object x-kubernetes-validations: - message: insecureSkipVerify All and caCertificateRefs may not be set together rule: 'has(self.insecureSkipVerify) && self.insecureSkipVerify == ''All'' ? !has(self.caCertificateRefs) : true' - message: insecureSkipVerify and verifySubjectAltNames may not be set together rule: 'has(self.insecureSkipVerify) ? !has(self.verifySubjectAltNames) : true' - message: at most one of the fields in [verifySubjectAltNames insecureSkipVerify] may be set rule: '[has(self.verifySubjectAltNames),has(self.insecureSkipVerify)].filter(x,x==true).size() <= 1' transformation: description: transformation is used to mutate and transform requests and responses sent to and from the backend. properties: request: description: '`request` is used to modify the request path.' properties: add: description: |- `add` is a list of headers to add to the request and what that value should be set to. If there is already a header with these values then append the value as an extra entry. items: properties: name: description: The name of the header to add. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' value: description: |- `value` is the CEL expression to apply to generate the output value for the header. maxLength: 16384 minLength: 1 type: string required: - name - value type: object maxItems: 16 minItems: 1 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map body: description: '`body` controls manipulation of the HTTP body.' maxLength: 16384 minLength: 1 type: string metadata: additionalProperties: description: CELExpression represents a Common Expression Language (CEL) expression. maxLength: 16384 minLength: 1 type: string description: |- `metadata` stores CEL-evaluated values under the `metadata` CEL variable for subsequent policy evaluations. `metadata` is evaluated before header or body transformations. maxProperties: 16 minProperties: 1 type: object remove: description: |- `remove` is a list of header names to remove from the request or response. items: description: An HTTP Header Name. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' maxItems: 16 minItems: 1 type: array x-kubernetes-list-type: set set: description: '`set` is a list of headers and the value they should be set to.' items: properties: name: description: The name of the header to add. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' value: description: |- `value` is the CEL expression to apply to generate the output value for the header. maxLength: 16384 minLength: 1 type: string required: - name - value type: object maxItems: 16 minItems: 1 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map type: object x-kubernetes-validations: - message: at least one of the fields in [add body metadata remove set] must be set rule: '[has(self.add),has(self.body),has(self.metadata),has(self.remove),has(self.set)].filter(x,x==true).size() >= 1' response: description: '`response` is used to modify the response path.' properties: add: description: |- `add` is a list of headers to add to the request and what that value should be set to. If there is already a header with these values then append the value as an extra entry. items: properties: name: description: The name of the header to add. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' value: description: |- `value` is the CEL expression to apply to generate the output value for the header. maxLength: 16384 minLength: 1 type: string required: - name - value type: object maxItems: 16 minItems: 1 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map body: description: '`body` controls manipulation of the HTTP body.' maxLength: 16384 minLength: 1 type: string metadata: additionalProperties: description: CELExpression represents a Common Expression Language (CEL) expression. maxLength: 16384 minLength: 1 type: string description: |- `metadata` stores CEL-evaluated values under the `metadata` CEL variable for subsequent policy evaluations. `metadata` is evaluated before header or body transformations. maxProperties: 16 minProperties: 1 type: object remove: description: |- `remove` is a list of header names to remove from the request or response. items: description: An HTTP Header Name. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' maxItems: 16 minItems: 1 type: array x-kubernetes-list-type: set set: description: '`set` is a list of headers and the value they should be set to.' items: properties: name: description: The name of the header to add. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' value: description: |- `value` is the CEL expression to apply to generate the output value for the header. maxLength: 16384 minLength: 1 type: string required: - name - value type: object maxItems: 16 minItems: 1 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map type: object x-kubernetes-validations: - message: at least one of the fields in [add body metadata remove set] must be set rule: '[has(self.add),has(self.body),has(self.metadata),has(self.remove),has(self.set)].filter(x,x==true).size() >= 1' type: object x-kubernetes-validations: - message: at least one of the fields in [request response] must be set rule: '[has(self.request),has(self.response)].filter(x,x==true).size() >= 1' tunnel: description: '`tunnel` defines settings for managing tunnel connections (with behavior like `HTTPS_PROXY`) to the backend.' properties: backendRef: description: |- `backendRef` references the proxy server to reach. Supported types: `Service` and `Backend`. properties: group: default: "" description: |- Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred. maxLength: 253 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string kind: default: Service description: |- Kind is the Kubernetes resource kind of the referent. For example "Service". Defaults to "Service" when not specified. ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. Support: Core (Services with a type other than ExternalName) Support: Implementation-specific (Services with type ExternalName) maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ type: string name: description: Name is the name of the referent. maxLength: 253 minLength: 1 type: string namespace: description: |- Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. Support: Core maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string port: description: |- Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field. format: int32 maximum: 65535 minimum: 1 type: integer required: - name type: object x-kubernetes-validations: - message: Must have port for Service reference rule: '(size(self.group) == 0 && self.kind == ''Service'') ? has(self.port) : true' required: - backendRef type: object type: object port: description: Port is the port number of the MCP target. format: int32 maximum: 65535 minimum: 1 type: integer protocol: description: |- Protocol is the protocol to use for the connection to the MCP target. enum: - StreamableHTTP - SSE type: string required: - port type: object x-kubernetes-validations: - message: mcp target policies may not be used with backendRef rule: '!has(self.backendRef) || !has(self.policies)' - message: exactly one of the fields in [host backendRef] must be set rule: '[has(self.host),has(self.backendRef)].filter(x,x==true).size() == 1' required: - name type: object x-kubernetes-validations: - message: exactly one of the fields in [selector static] must be set rule: '[has(self.selector),has(self.static)].filter(x,x==true).size() == 1' maxItems: 32 minItems: 1 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map x-kubernetes-validations: - message: target names must be unique rule: self.all(t1, self.exists_one(t2, t1.name == t2.name)) required: - targets type: object policies: description: |- policies controls policies for communicating with this backend. Policies may also be set in AgentgatewayPolicy; policies are merged on a field-level basis, with policies on the Backend (this field) taking precedence. properties: ai: description: |- `ai` specifies settings for AI workloads. This is only applicable when connecting to a `Backend` of type `ai`. properties: defaults: description: Provide defaults to merge with user input fields. If the field is already set, the field in the request is used. items: description: "FieldDefault provides default values for specific fields in the JSON request body sent to the LLM provider. These defaults are merged with the user-provided request to ensure missing fields are populated. User input fields here refer to the fields in the JSON request body that a client sends when making a request to the LLM provider. Defaults set here do _not_ override those user-provided values unless you explicitly set `override` to `true`. Example: Setting a default system field for Anthropic, which does not support system role messages: defaults: - field: \"system\" value: \"answer all questions in French\" Example: Setting a default temperature and overriding `max_tokens`: defaults: - field: \"temperature\" value: \"0.5\" - field: \"max_tokens\" \ value: \"100\" override: true Example: Setting custom lists fields: defaults: - field: \"custom_integer_list\" \ value: [1,2,3] overrides: - field: \"custom_string_list\" \ value: [\"one\",\"two\",\"three\"] Note: The `field` values correspond to keys in the JSON request body, not fields in this CRD." properties: field: allOf: - minLength: 1 - minLength: 1 description: The name of the field. maxLength: 256 type: string value: description: The field default value, which can be any JSON Data Type. x-kubernetes-preserve-unknown-fields: true required: - field - value type: object maxItems: 64 minItems: 1 type: array modelAliases: additionalProperties: type: string description: |- ModelAliases maps friendly model names to actual provider model names. Example: `{"fast": "gpt-3.5-turbo", "smart": "gpt-4-turbo"}`. Note: This field is only applicable when using the agentgateway data plane. maxProperties: 64 type: object overrides: description: Provide overrides to merge with user input fields. If the field is already set, the field will be overwritten. items: description: "FieldDefault provides default values for specific fields in the JSON request body sent to the LLM provider. These defaults are merged with the user-provided request to ensure missing fields are populated. User input fields here refer to the fields in the JSON request body that a client sends when making a request to the LLM provider. Defaults set here do _not_ override those user-provided values unless you explicitly set `override` to `true`. Example: Setting a default system field for Anthropic, which does not support system role messages: defaults: - field: \"system\" value: \"answer all questions in French\" Example: Setting a default temperature and overriding `max_tokens`: defaults: - field: \"temperature\" value: \"0.5\" - field: \"max_tokens\" \ value: \"100\" override: true Example: Setting custom lists fields: defaults: - field: \"custom_integer_list\" \ value: [1,2,3] overrides: - field: \"custom_string_list\" \ value: [\"one\",\"two\",\"three\"] Note: The `field` values correspond to keys in the JSON request body, not fields in this CRD." properties: field: allOf: - minLength: 1 - minLength: 1 description: The name of the field. maxLength: 256 type: string value: description: The field default value, which can be any JSON Data Type. x-kubernetes-preserve-unknown-fields: true required: - field - value type: object maxItems: 64 minItems: 1 type: array prompt: description: |- Enrich requests sent to the LLM provider by appending and prepending system prompts. This can be configured only for LLM providers that use the `CHAT` or `CHAT_STREAMING` API route type. properties: append: description: A list of messages to be appended to the prompt sent by the client. items: description: An entry for a message to prepend or append to each prompt. properties: content: description: String content of the message. type: string role: description: |- Role of the message. The available roles depend on the backend LLM provider model, such as `SYSTEM` or `USER` in the OpenAI API. type: string required: - content - role type: object type: array prepend: description: A list of messages to be prepended to the prompt sent by the client. items: description: An entry for a message to prepend or append to each prompt. properties: content: description: String content of the message. type: string role: description: |- Role of the message. The available roles depend on the backend LLM provider model, such as `SYSTEM` or `USER` in the OpenAI API. type: string required: - content - role type: object type: array type: object promptCaching: description: |- `promptCaching` enables automatic prompt caching for supported providers, currently AWS Bedrock. Reduces API costs by caching static content like system prompts and tool definitions. Only applicable for Bedrock Claude 3+ and Nova models. properties: cacheMessages: default: true description: |- CacheMessages enables caching for conversation messages. Caches all messages in the conversation for cost savings. type: boolean cacheSystem: default: true description: |- CacheSystem enables caching for system prompts. Inserts a cache point after all system messages. type: boolean cacheTools: default: false description: |- CacheTools enables caching for tool definitions. Inserts a cache point after all tool specifications. type: boolean minTokens: default: 1024 description: |- MinTokens specifies the minimum estimated token count before caching is enabled. Uses rough heuristic (word count × 1.3) to estimate tokens. Bedrock requires at least 1,024 tokens for caching to be effective. minimum: 0 type: integer type: object promptGuard: description: '`promptGuard` enables adding guardrails to LLM requests and responses.' properties: request: description: Prompt guards to apply to requests sent by the client. items: description: PromptguardRequest defines the prompt guards to apply to requests sent by the client. properties: bedrockGuardrails: description: |- `bedrockGuardrails` configures AWS Bedrock Guardrails for prompt guarding. properties: identifier: description: GuardrailIdentifier is the identifier of the Guardrail policy to use for the backend. maxLength: 256 minLength: 1 type: string policies: description: policies controls policies for communicating with AWS Bedrock Guardrails. properties: auth: description: '`auth` defines settings for managing authentication to the backend.' properties: aws: description: |- Auth specifies an explicit AWS authentication method for the backend. When omitted, we will try to use the default AWS SDK authentication methods. properties: secretRef: description: |- `secretRef` references a Kubernetes `Secret` containing the AWS credentials. The `Secret` must have keys `accessKey`, `secretKey`, and optionally `sessionToken`. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic required: - secretRef type: object azure: description: Azure specifies an Azure authentication method for the backend. properties: managedIdentity: description: Details for managed identity authentication properties: clientId: type: string objectId: type: string resourceId: type: string required: - clientId - objectId - resourceId type: object secretRef: description: |- `secretRef` references a Kubernetes `Secret` containing the Azure credentials. The `Secret` must have keys `clientId`, `tenantId`, and `clientSecret`. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic type: object gcp: description: |- Auth specifies to use a Google authentication method for the backend. When omitted, we will try to use the default AWS SDK authentication methods. properties: audience: description: |- `audience` allows explicitly configuring the `aud` of the ID token. Only valid with `IdToken` type. If not set, the `aud` is automatically derived from the backend hostname. maxLength: 256 minLength: 1 type: string type: description: |- The type of token to generate. To authenticate to GCP services, generally an `AccessToken` is used. To authenticate to Cloud Run, an `IdToken` is used. enum: - AccessToken - IdToken type: string type: object x-kubernetes-validations: - message: audience is only valid with IdToken rule: 'has(self.audience) ? self.type == ''IdToken'' : true' key: description: |- `key` provides an inline key to use as the value of the `Authorization` header. This option is the least secure; usage of a `Secret` is preferred. maxLength: 2048 type: string passthrough: description: |- `passthrough` passes through an existing token that has been sent by the client and validated. Other policies, like JWT and API key authentication, will strip the original client credentials. Passthrough backend authentication causes the original token to be added back into the request. If there are no client authentication policies on the request, the original token would be unchanged, so this would have no effect. type: object secretRef: description: |- `secretRef` references a Kubernetes `Secret` storing the key to use as the authorization value. This must be stored in the `Authorization` key. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic type: object x-kubernetes-validations: - message: exactly one of the fields in [key secretRef passthrough aws azure gcp] must be set rule: '[has(self.key),has(self.secretRef),has(self.passthrough),has(self.aws),has(self.azure),has(self.gcp)].filter(x,x==true).size() == 1' health: description: health defines settings for passive and active health checking. properties: eviction: description: Eviction defines settings for evicting unhealthy backends. properties: consecutiveFailures: description: |- ConsecutiveFailures is the number of consecutive unhealthy responses required before the backend is evicted. For example, a value of 5 means the backend must receive 5 unhealthy responses in a row before being evicted. When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met. When neither is set, a single unhealthy response can trigger eviction. format: int32 minimum: 0 type: integer duration: default: 3s description: |- Duration specifies the base time a backend should be evicted after being marked unhealthy. Subsequent evictions use multiplicative backoff (duration * times_evicted). If all endpoints are evicted, the load balancer falls back to returning evicted endpoints rather than failing entirely. If unset, defaults to `3s`. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: evictionDuration must be at least 1 second rule: duration(self) >= duration('1s') healthThreshold: description: |- HealthThreshold is the EWMA (exponentially-weighted moving average) health score threshold, expressed as 0–100. When set, a backend is only evicted if its computed health drops below this value after an unhealthy response. For example, 50 means the backend is evicted when its EWMA health falls below 50% following failures. Unlike consecutiveFailures (which counts consecutive failures), this uses a sliding-window average so a single success in a stream of failures can delay eviction. When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met. When neither is set, a single unhealthy response triggers eviction. format: int32 maximum: 100 minimum: 0 type: integer restoreHealth: description: |- RestoreHealth is the health score (0–100) assigned to a backend when it returns from eviction. For gradual recovery, set below 100; for full recovery immediately, set 100. If unset, the backend resumes with the health it had when evicted. format: int32 maximum: 100 minimum: 0 type: integer type: object unhealthyCondition: description: |- UnhealthyCondition is a CEL expression that determines whether a response indicates an unhealthy backend. When the expression evaluates to true, the backend is considered unhealthy and may be evicted. For example, to evict on 5xx responses: `response.code >= 500`. When unset, any 5xx response, or a connection failure, is treated as unhealthy. This default lowers the backend's health score but does not trigger eviction on its own. maxLength: 16384 minLength: 1 type: string type: object http: description: http defines settings for managing HTTP requests to the backend. properties: requestTimeout: description: requestTimeout specifies the deadline for receiving a response from the backend. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: requestTimeout must be at least 1ms rule: duration(self) >= duration('1ms') version: description: |- `version` specifies the HTTP protocol version to use when connecting to the backend. If not specified, the version is automatically determined: * `Service` types can specify it with `appProtocol` on the `Service` port. * If traffic is identified as gRPC, `HTTP2` is used. * If the incoming traffic was plaintext HTTP, the original protocol will be used. * If the incoming traffic was HTTPS, `HTTP1` will be used. This is because most clients will transparently upgrade HTTPS traffic to `HTTP2`, even if the backend doesn't support it. enum: - HTTP1 - HTTP2 type: string type: object tcp: description: tcp defines settings for managing TCP connections to the backend. properties: connectTimeout: description: |- `connectTimeout` defines the deadline for establishing a connection to the destination. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: connectTimeout must be at least 100ms rule: duration(self) >= duration('100ms') keepalive: description: |- `keepAlive` defines settings for enabling TCP keepalives on the connection. properties: interval: description: |- interval specifies the number of seconds between keep-alive probes. If unset, this defaults to 180s. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: interval must be at least 1 second rule: duration(self) >= duration('1s') retries: description: |- retries specifies the maximum number of keep-alive probes to send before dropping the connection. If unset, this defaults to 9. format: int32 maximum: 64 minimum: 1 type: integer time: description: |- time specifies the number of seconds a connection needs to be idle before keep-alive probes start being sent. If unset, this defaults to 180s. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: time must be at least 1 second rule: duration(self) >= duration('1s') type: object type: object tls: description: |- tls defines settings for managing TLS connections to the backend. If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to validate the server, and the SNI will automatically be set based on the destination. properties: alpnProtocols: description: |- `alpnProtocols` sets the Application-Layer Protocol Negotiation (`ALPN`) value to use in the TLS handshake. If not present, defaults to `["h2", "http/1.1"]`. items: maxLength: 64 minLength: 1 type: string maxItems: 16 minItems: 1 type: array caCertificateRefs: description: |- `caCertificateRefs` defines the CA certificate `ConfigMap` to use to verify the server certificate. If unset, the system's trusted certificates are used. items: description: |- LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic maxItems: 1 type: array x-kubernetes-list-type: atomic insecureSkipVerify: description: |- insecureSkipVerify originates TLS but skips verification of the backend's certificate. WARNING: This is an insecure option that should only be used if the risks are understood. There are two modes: * `All` disables all TLS verification. * `Hostname` verifies the CA certificate is trusted, but ignores any mismatch of hostname or SANs. Note that this method is still insecure; prefer setting `verifySubjectAltNames` to customize the valid hostnames if possible. enum: - All - Hostname type: string mtlsCertificateRef: description: |- `mtlsCertificateRef` enables mutual TLS to the backend, using the specified key (`tls.key`) and cert (`tls.crt`) from the referenced `Secret`. An optional `ca.cert` field, if present, will be used to verify the server certificate. If `caCertificateRefs` is also specified, the `caCertificateRefs` field takes priority. If unspecified, no client certificate will be used. items: description: |- LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic maxItems: 1 type: array x-kubernetes-list-type: atomic sni: description: |- `sni` specifies the Server Name Indicator (`SNI`) to be used in the TLS handshake. If unset, the `SNI` is automatically set based on the destination hostname. maxLength: 253 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string verifySubjectAltNames: description: |- `verifySubjectAltNames` specifies the Subject Alternative Names (`SAN`) to verify in the server certificate. If not present, the destination hostname is automatically used. items: maxLength: 256 minLength: 1 type: string maxItems: 16 minItems: 1 type: array type: object x-kubernetes-validations: - message: insecureSkipVerify All and caCertificateRefs may not be set together rule: 'has(self.insecureSkipVerify) && self.insecureSkipVerify == ''All'' ? !has(self.caCertificateRefs) : true' - message: insecureSkipVerify and verifySubjectAltNames may not be set together rule: 'has(self.insecureSkipVerify) ? !has(self.verifySubjectAltNames) : true' - message: at most one of the fields in [verifySubjectAltNames insecureSkipVerify] may be set rule: '[has(self.verifySubjectAltNames),has(self.insecureSkipVerify)].filter(x,x==true).size() <= 1' transformation: description: transformation is used to mutate and transform requests and responses sent to and from the backend. properties: request: description: '`request` is used to modify the request path.' properties: add: description: |- `add` is a list of headers to add to the request and what that value should be set to. If there is already a header with these values then append the value as an extra entry. items: properties: name: description: The name of the header to add. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' value: description: |- `value` is the CEL expression to apply to generate the output value for the header. maxLength: 16384 minLength: 1 type: string required: - name - value type: object maxItems: 16 minItems: 1 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map body: description: '`body` controls manipulation of the HTTP body.' maxLength: 16384 minLength: 1 type: string metadata: additionalProperties: description: CELExpression represents a Common Expression Language (CEL) expression. maxLength: 16384 minLength: 1 type: string description: |- `metadata` stores CEL-evaluated values under the `metadata` CEL variable for subsequent policy evaluations. `metadata` is evaluated before header or body transformations. maxProperties: 16 minProperties: 1 type: object remove: description: |- `remove` is a list of header names to remove from the request or response. items: description: An HTTP Header Name. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' maxItems: 16 minItems: 1 type: array x-kubernetes-list-type: set set: description: '`set` is a list of headers and the value they should be set to.' items: properties: name: description: The name of the header to add. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' value: description: |- `value` is the CEL expression to apply to generate the output value for the header. maxLength: 16384 minLength: 1 type: string required: - name - value type: object maxItems: 16 minItems: 1 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map type: object x-kubernetes-validations: - message: at least one of the fields in [add body metadata remove set] must be set rule: '[has(self.add),has(self.body),has(self.metadata),has(self.remove),has(self.set)].filter(x,x==true).size() >= 1' response: description: '`response` is used to modify the response path.' properties: add: description: |- `add` is a list of headers to add to the request and what that value should be set to. If there is already a header with these values then append the value as an extra entry. items: properties: name: description: The name of the header to add. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' value: description: |- `value` is the CEL expression to apply to generate the output value for the header. maxLength: 16384 minLength: 1 type: string required: - name - value type: object maxItems: 16 minItems: 1 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map body: description: '`body` controls manipulation of the HTTP body.' maxLength: 16384 minLength: 1 type: string metadata: additionalProperties: description: CELExpression represents a Common Expression Language (CEL) expression. maxLength: 16384 minLength: 1 type: string description: |- `metadata` stores CEL-evaluated values under the `metadata` CEL variable for subsequent policy evaluations. `metadata` is evaluated before header or body transformations. maxProperties: 16 minProperties: 1 type: object remove: description: |- `remove` is a list of header names to remove from the request or response. items: description: An HTTP Header Name. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' maxItems: 16 minItems: 1 type: array x-kubernetes-list-type: set set: description: '`set` is a list of headers and the value they should be set to.' items: properties: name: description: The name of the header to add. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' value: description: |- `value` is the CEL expression to apply to generate the output value for the header. maxLength: 16384 minLength: 1 type: string required: - name - value type: object maxItems: 16 minItems: 1 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map type: object x-kubernetes-validations: - message: at least one of the fields in [add body metadata remove set] must be set rule: '[has(self.add),has(self.body),has(self.metadata),has(self.remove),has(self.set)].filter(x,x==true).size() >= 1' type: object x-kubernetes-validations: - message: at least one of the fields in [request response] must be set rule: '[has(self.request),has(self.response)].filter(x,x==true).size() >= 1' tunnel: description: '`tunnel` defines settings for managing tunnel connections (with behavior like `HTTPS_PROXY`) to the backend.' properties: backendRef: description: |- `backendRef` references the proxy server to reach. Supported types: `Service` and `Backend`. properties: group: default: "" description: |- Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred. maxLength: 253 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string kind: default: Service description: |- Kind is the Kubernetes resource kind of the referent. For example "Service". Defaults to "Service" when not specified. ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. Support: Core (Services with a type other than ExternalName) Support: Implementation-specific (Services with type ExternalName) maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ type: string name: description: Name is the name of the referent. maxLength: 253 minLength: 1 type: string namespace: description: |- Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. Support: Core maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string port: description: |- Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field. format: int32 maximum: 65535 minimum: 1 type: integer required: - name type: object x-kubernetes-validations: - message: Must have port for Service reference rule: '(size(self.group) == 0 && self.kind == ''Service'') ? has(self.port) : true' required: - backendRef type: object type: object region: description: |- Region is the AWS region where the guardrail is deployed (for example, `us-west-2`). maxLength: 256 minLength: 1 type: string version: description: GuardrailVersion is the version of the Guardrail policy to use for the backend. maxLength: 256 minLength: 1 type: string required: - identifier - region - version type: object googleModelArmor: description: '`googleModelArmor` configures Google Model Armor for prompt guarding.' properties: location: default: us-central1 description: |- Location is the Google Cloud location (for example, `us-central1`). Defaults to `us-central1` if not specified. maxLength: 256 minLength: 1 type: string policies: description: policies controls policies for communicating with Google Model Armor. properties: auth: description: '`auth` defines settings for managing authentication to the backend.' properties: aws: description: |- Auth specifies an explicit AWS authentication method for the backend. When omitted, we will try to use the default AWS SDK authentication methods. properties: secretRef: description: |- `secretRef` references a Kubernetes `Secret` containing the AWS credentials. The `Secret` must have keys `accessKey`, `secretKey`, and optionally `sessionToken`. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic required: - secretRef type: object azure: description: Azure specifies an Azure authentication method for the backend. properties: managedIdentity: description: Details for managed identity authentication properties: clientId: type: string objectId: type: string resourceId: type: string required: - clientId - objectId - resourceId type: object secretRef: description: |- `secretRef` references a Kubernetes `Secret` containing the Azure credentials. The `Secret` must have keys `clientId`, `tenantId`, and `clientSecret`. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic type: object gcp: description: |- Auth specifies to use a Google authentication method for the backend. When omitted, we will try to use the default AWS SDK authentication methods. properties: audience: description: |- `audience` allows explicitly configuring the `aud` of the ID token. Only valid with `IdToken` type. If not set, the `aud` is automatically derived from the backend hostname. maxLength: 256 minLength: 1 type: string type: description: |- The type of token to generate. To authenticate to GCP services, generally an `AccessToken` is used. To authenticate to Cloud Run, an `IdToken` is used. enum: - AccessToken - IdToken type: string type: object x-kubernetes-validations: - message: audience is only valid with IdToken rule: 'has(self.audience) ? self.type == ''IdToken'' : true' key: description: |- `key` provides an inline key to use as the value of the `Authorization` header. This option is the least secure; usage of a `Secret` is preferred. maxLength: 2048 type: string passthrough: description: |- `passthrough` passes through an existing token that has been sent by the client and validated. Other policies, like JWT and API key authentication, will strip the original client credentials. Passthrough backend authentication causes the original token to be added back into the request. If there are no client authentication policies on the request, the original token would be unchanged, so this would have no effect. type: object secretRef: description: |- `secretRef` references a Kubernetes `Secret` storing the key to use as the authorization value. This must be stored in the `Authorization` key. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic type: object x-kubernetes-validations: - message: exactly one of the fields in [key secretRef passthrough aws azure gcp] must be set rule: '[has(self.key),has(self.secretRef),has(self.passthrough),has(self.aws),has(self.azure),has(self.gcp)].filter(x,x==true).size() == 1' health: description: health defines settings for passive and active health checking. properties: eviction: description: Eviction defines settings for evicting unhealthy backends. properties: consecutiveFailures: description: |- ConsecutiveFailures is the number of consecutive unhealthy responses required before the backend is evicted. For example, a value of 5 means the backend must receive 5 unhealthy responses in a row before being evicted. When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met. When neither is set, a single unhealthy response can trigger eviction. format: int32 minimum: 0 type: integer duration: default: 3s description: |- Duration specifies the base time a backend should be evicted after being marked unhealthy. Subsequent evictions use multiplicative backoff (duration * times_evicted). If all endpoints are evicted, the load balancer falls back to returning evicted endpoints rather than failing entirely. If unset, defaults to `3s`. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: evictionDuration must be at least 1 second rule: duration(self) >= duration('1s') healthThreshold: description: |- HealthThreshold is the EWMA (exponentially-weighted moving average) health score threshold, expressed as 0–100. When set, a backend is only evicted if its computed health drops below this value after an unhealthy response. For example, 50 means the backend is evicted when its EWMA health falls below 50% following failures. Unlike consecutiveFailures (which counts consecutive failures), this uses a sliding-window average so a single success in a stream of failures can delay eviction. When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met. When neither is set, a single unhealthy response triggers eviction. format: int32 maximum: 100 minimum: 0 type: integer restoreHealth: description: |- RestoreHealth is the health score (0–100) assigned to a backend when it returns from eviction. For gradual recovery, set below 100; for full recovery immediately, set 100. If unset, the backend resumes with the health it had when evicted. format: int32 maximum: 100 minimum: 0 type: integer type: object unhealthyCondition: description: |- UnhealthyCondition is a CEL expression that determines whether a response indicates an unhealthy backend. When the expression evaluates to true, the backend is considered unhealthy and may be evicted. For example, to evict on 5xx responses: `response.code >= 500`. When unset, any 5xx response, or a connection failure, is treated as unhealthy. This default lowers the backend's health score but does not trigger eviction on its own. maxLength: 16384 minLength: 1 type: string type: object http: description: http defines settings for managing HTTP requests to the backend. properties: requestTimeout: description: requestTimeout specifies the deadline for receiving a response from the backend. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: requestTimeout must be at least 1ms rule: duration(self) >= duration('1ms') version: description: |- `version` specifies the HTTP protocol version to use when connecting to the backend. If not specified, the version is automatically determined: * `Service` types can specify it with `appProtocol` on the `Service` port. * If traffic is identified as gRPC, `HTTP2` is used. * If the incoming traffic was plaintext HTTP, the original protocol will be used. * If the incoming traffic was HTTPS, `HTTP1` will be used. This is because most clients will transparently upgrade HTTPS traffic to `HTTP2`, even if the backend doesn't support it. enum: - HTTP1 - HTTP2 type: string type: object tcp: description: tcp defines settings for managing TCP connections to the backend. properties: connectTimeout: description: |- `connectTimeout` defines the deadline for establishing a connection to the destination. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: connectTimeout must be at least 100ms rule: duration(self) >= duration('100ms') keepalive: description: |- `keepAlive` defines settings for enabling TCP keepalives on the connection. properties: interval: description: |- interval specifies the number of seconds between keep-alive probes. If unset, this defaults to 180s. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: interval must be at least 1 second rule: duration(self) >= duration('1s') retries: description: |- retries specifies the maximum number of keep-alive probes to send before dropping the connection. If unset, this defaults to 9. format: int32 maximum: 64 minimum: 1 type: integer time: description: |- time specifies the number of seconds a connection needs to be idle before keep-alive probes start being sent. If unset, this defaults to 180s. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: time must be at least 1 second rule: duration(self) >= duration('1s') type: object type: object tls: description: |- tls defines settings for managing TLS connections to the backend. If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to validate the server, and the SNI will automatically be set based on the destination. properties: alpnProtocols: description: |- `alpnProtocols` sets the Application-Layer Protocol Negotiation (`ALPN`) value to use in the TLS handshake. If not present, defaults to `["h2", "http/1.1"]`. items: maxLength: 64 minLength: 1 type: string maxItems: 16 minItems: 1 type: array caCertificateRefs: description: |- `caCertificateRefs` defines the CA certificate `ConfigMap` to use to verify the server certificate. If unset, the system's trusted certificates are used. items: description: |- LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic maxItems: 1 type: array x-kubernetes-list-type: atomic insecureSkipVerify: description: |- insecureSkipVerify originates TLS but skips verification of the backend's certificate. WARNING: This is an insecure option that should only be used if the risks are understood. There are two modes: * `All` disables all TLS verification. * `Hostname` verifies the CA certificate is trusted, but ignores any mismatch of hostname or SANs. Note that this method is still insecure; prefer setting `verifySubjectAltNames` to customize the valid hostnames if possible. enum: - All - Hostname type: string mtlsCertificateRef: description: |- `mtlsCertificateRef` enables mutual TLS to the backend, using the specified key (`tls.key`) and cert (`tls.crt`) from the referenced `Secret`. An optional `ca.cert` field, if present, will be used to verify the server certificate. If `caCertificateRefs` is also specified, the `caCertificateRefs` field takes priority. If unspecified, no client certificate will be used. items: description: |- LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic maxItems: 1 type: array x-kubernetes-list-type: atomic sni: description: |- `sni` specifies the Server Name Indicator (`SNI`) to be used in the TLS handshake. If unset, the `SNI` is automatically set based on the destination hostname. maxLength: 253 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string verifySubjectAltNames: description: |- `verifySubjectAltNames` specifies the Subject Alternative Names (`SAN`) to verify in the server certificate. If not present, the destination hostname is automatically used. items: maxLength: 256 minLength: 1 type: string maxItems: 16 minItems: 1 type: array type: object x-kubernetes-validations: - message: insecureSkipVerify All and caCertificateRefs may not be set together rule: 'has(self.insecureSkipVerify) && self.insecureSkipVerify == ''All'' ? !has(self.caCertificateRefs) : true' - message: insecureSkipVerify and verifySubjectAltNames may not be set together rule: 'has(self.insecureSkipVerify) ? !has(self.verifySubjectAltNames) : true' - message: at most one of the fields in [verifySubjectAltNames insecureSkipVerify] may be set rule: '[has(self.verifySubjectAltNames),has(self.insecureSkipVerify)].filter(x,x==true).size() <= 1' transformation: description: transformation is used to mutate and transform requests and responses sent to and from the backend. properties: request: description: '`request` is used to modify the request path.' properties: add: description: |- `add` is a list of headers to add to the request and what that value should be set to. If there is already a header with these values then append the value as an extra entry. items: properties: name: description: The name of the header to add. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' value: description: |- `value` is the CEL expression to apply to generate the output value for the header. maxLength: 16384 minLength: 1 type: string required: - name - value type: object maxItems: 16 minItems: 1 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map body: description: '`body` controls manipulation of the HTTP body.' maxLength: 16384 minLength: 1 type: string metadata: additionalProperties: description: CELExpression represents a Common Expression Language (CEL) expression. maxLength: 16384 minLength: 1 type: string description: |- `metadata` stores CEL-evaluated values under the `metadata` CEL variable for subsequent policy evaluations. `metadata` is evaluated before header or body transformations. maxProperties: 16 minProperties: 1 type: object remove: description: |- `remove` is a list of header names to remove from the request or response. items: description: An HTTP Header Name. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' maxItems: 16 minItems: 1 type: array x-kubernetes-list-type: set set: description: '`set` is a list of headers and the value they should be set to.' items: properties: name: description: The name of the header to add. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' value: description: |- `value` is the CEL expression to apply to generate the output value for the header. maxLength: 16384 minLength: 1 type: string required: - name - value type: object maxItems: 16 minItems: 1 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map type: object x-kubernetes-validations: - message: at least one of the fields in [add body metadata remove set] must be set rule: '[has(self.add),has(self.body),has(self.metadata),has(self.remove),has(self.set)].filter(x,x==true).size() >= 1' response: description: '`response` is used to modify the response path.' properties: add: description: |- `add` is a list of headers to add to the request and what that value should be set to. If there is already a header with these values then append the value as an extra entry. items: properties: name: description: The name of the header to add. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' value: description: |- `value` is the CEL expression to apply to generate the output value for the header. maxLength: 16384 minLength: 1 type: string required: - name - value type: object maxItems: 16 minItems: 1 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map body: description: '`body` controls manipulation of the HTTP body.' maxLength: 16384 minLength: 1 type: string metadata: additionalProperties: description: CELExpression represents a Common Expression Language (CEL) expression. maxLength: 16384 minLength: 1 type: string description: |- `metadata` stores CEL-evaluated values under the `metadata` CEL variable for subsequent policy evaluations. `metadata` is evaluated before header or body transformations. maxProperties: 16 minProperties: 1 type: object remove: description: |- `remove` is a list of header names to remove from the request or response. items: description: An HTTP Header Name. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' maxItems: 16 minItems: 1 type: array x-kubernetes-list-type: set set: description: '`set` is a list of headers and the value they should be set to.' items: properties: name: description: The name of the header to add. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' value: description: |- `value` is the CEL expression to apply to generate the output value for the header. maxLength: 16384 minLength: 1 type: string required: - name - value type: object maxItems: 16 minItems: 1 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map type: object x-kubernetes-validations: - message: at least one of the fields in [add body metadata remove set] must be set rule: '[has(self.add),has(self.body),has(self.metadata),has(self.remove),has(self.set)].filter(x,x==true).size() >= 1' type: object x-kubernetes-validations: - message: at least one of the fields in [request response] must be set rule: '[has(self.request),has(self.response)].filter(x,x==true).size() >= 1' tunnel: description: '`tunnel` defines settings for managing tunnel connections (with behavior like `HTTPS_PROXY`) to the backend.' properties: backendRef: description: |- `backendRef` references the proxy server to reach. Supported types: `Service` and `Backend`. properties: group: default: "" description: |- Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred. maxLength: 253 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string kind: default: Service description: |- Kind is the Kubernetes resource kind of the referent. For example "Service". Defaults to "Service" when not specified. ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. Support: Core (Services with a type other than ExternalName) Support: Implementation-specific (Services with type ExternalName) maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ type: string name: description: Name is the name of the referent. maxLength: 253 minLength: 1 type: string namespace: description: |- Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. Support: Core maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string port: description: |- Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field. format: int32 maximum: 65535 minimum: 1 type: integer required: - name type: object x-kubernetes-validations: - message: Must have port for Service reference rule: '(size(self.group) == 0 && self.kind == ''Service'') ? has(self.port) : true' required: - backendRef type: object type: object projectId: description: ProjectID is the Google Cloud project ID. maxLength: 256 minLength: 1 type: string templateId: description: TemplateID is the template ID for Google Model Armor. maxLength: 256 minLength: 1 type: string required: - projectId - templateId type: object openAIModeration: description: |- `openAIModeration` passes prompt data through the OpenAI Moderations endpoint. See https://developers.openai.com/api/reference/resources/moderations for more information. properties: model: description: |- `model` specifies the moderation model to use. For example, `omni-moderation`. type: string policies: description: policies controls policies for communicating with OpenAI. properties: auth: description: '`auth` defines settings for managing authentication to the backend.' properties: aws: description: |- Auth specifies an explicit AWS authentication method for the backend. When omitted, we will try to use the default AWS SDK authentication methods. properties: secretRef: description: |- `secretRef` references a Kubernetes `Secret` containing the AWS credentials. The `Secret` must have keys `accessKey`, `secretKey`, and optionally `sessionToken`. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic required: - secretRef type: object azure: description: Azure specifies an Azure authentication method for the backend. properties: managedIdentity: description: Details for managed identity authentication properties: clientId: type: string objectId: type: string resourceId: type: string required: - clientId - objectId - resourceId type: object secretRef: description: |- `secretRef` references a Kubernetes `Secret` containing the Azure credentials. The `Secret` must have keys `clientId`, `tenantId`, and `clientSecret`. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic type: object gcp: description: |- Auth specifies to use a Google authentication method for the backend. When omitted, we will try to use the default AWS SDK authentication methods. properties: audience: description: |- `audience` allows explicitly configuring the `aud` of the ID token. Only valid with `IdToken` type. If not set, the `aud` is automatically derived from the backend hostname. maxLength: 256 minLength: 1 type: string type: description: |- The type of token to generate. To authenticate to GCP services, generally an `AccessToken` is used. To authenticate to Cloud Run, an `IdToken` is used. enum: - AccessToken - IdToken type: string type: object x-kubernetes-validations: - message: audience is only valid with IdToken rule: 'has(self.audience) ? self.type == ''IdToken'' : true' key: description: |- `key` provides an inline key to use as the value of the `Authorization` header. This option is the least secure; usage of a `Secret` is preferred. maxLength: 2048 type: string passthrough: description: |- `passthrough` passes through an existing token that has been sent by the client and validated. Other policies, like JWT and API key authentication, will strip the original client credentials. Passthrough backend authentication causes the original token to be added back into the request. If there are no client authentication policies on the request, the original token would be unchanged, so this would have no effect. type: object secretRef: description: |- `secretRef` references a Kubernetes `Secret` storing the key to use as the authorization value. This must be stored in the `Authorization` key. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic type: object x-kubernetes-validations: - message: exactly one of the fields in [key secretRef passthrough aws azure gcp] must be set rule: '[has(self.key),has(self.secretRef),has(self.passthrough),has(self.aws),has(self.azure),has(self.gcp)].filter(x,x==true).size() == 1' health: description: health defines settings for passive and active health checking. properties: eviction: description: Eviction defines settings for evicting unhealthy backends. properties: consecutiveFailures: description: |- ConsecutiveFailures is the number of consecutive unhealthy responses required before the backend is evicted. For example, a value of 5 means the backend must receive 5 unhealthy responses in a row before being evicted. When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met. When neither is set, a single unhealthy response can trigger eviction. format: int32 minimum: 0 type: integer duration: default: 3s description: |- Duration specifies the base time a backend should be evicted after being marked unhealthy. Subsequent evictions use multiplicative backoff (duration * times_evicted). If all endpoints are evicted, the load balancer falls back to returning evicted endpoints rather than failing entirely. If unset, defaults to `3s`. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: evictionDuration must be at least 1 second rule: duration(self) >= duration('1s') healthThreshold: description: |- HealthThreshold is the EWMA (exponentially-weighted moving average) health score threshold, expressed as 0–100. When set, a backend is only evicted if its computed health drops below this value after an unhealthy response. For example, 50 means the backend is evicted when its EWMA health falls below 50% following failures. Unlike consecutiveFailures (which counts consecutive failures), this uses a sliding-window average so a single success in a stream of failures can delay eviction. When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met. When neither is set, a single unhealthy response triggers eviction. format: int32 maximum: 100 minimum: 0 type: integer restoreHealth: description: |- RestoreHealth is the health score (0–100) assigned to a backend when it returns from eviction. For gradual recovery, set below 100; for full recovery immediately, set 100. If unset, the backend resumes with the health it had when evicted. format: int32 maximum: 100 minimum: 0 type: integer type: object unhealthyCondition: description: |- UnhealthyCondition is a CEL expression that determines whether a response indicates an unhealthy backend. When the expression evaluates to true, the backend is considered unhealthy and may be evicted. For example, to evict on 5xx responses: `response.code >= 500`. When unset, any 5xx response, or a connection failure, is treated as unhealthy. This default lowers the backend's health score but does not trigger eviction on its own. maxLength: 16384 minLength: 1 type: string type: object http: description: http defines settings for managing HTTP requests to the backend. properties: requestTimeout: description: requestTimeout specifies the deadline for receiving a response from the backend. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: requestTimeout must be at least 1ms rule: duration(self) >= duration('1ms') version: description: |- `version` specifies the HTTP protocol version to use when connecting to the backend. If not specified, the version is automatically determined: * `Service` types can specify it with `appProtocol` on the `Service` port. * If traffic is identified as gRPC, `HTTP2` is used. * If the incoming traffic was plaintext HTTP, the original protocol will be used. * If the incoming traffic was HTTPS, `HTTP1` will be used. This is because most clients will transparently upgrade HTTPS traffic to `HTTP2`, even if the backend doesn't support it. enum: - HTTP1 - HTTP2 type: string type: object tcp: description: tcp defines settings for managing TCP connections to the backend. properties: connectTimeout: description: |- `connectTimeout` defines the deadline for establishing a connection to the destination. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: connectTimeout must be at least 100ms rule: duration(self) >= duration('100ms') keepalive: description: |- `keepAlive` defines settings for enabling TCP keepalives on the connection. properties: interval: description: |- interval specifies the number of seconds between keep-alive probes. If unset, this defaults to 180s. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: interval must be at least 1 second rule: duration(self) >= duration('1s') retries: description: |- retries specifies the maximum number of keep-alive probes to send before dropping the connection. If unset, this defaults to 9. format: int32 maximum: 64 minimum: 1 type: integer time: description: |- time specifies the number of seconds a connection needs to be idle before keep-alive probes start being sent. If unset, this defaults to 180s. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: time must be at least 1 second rule: duration(self) >= duration('1s') type: object type: object tls: description: |- tls defines settings for managing TLS connections to the backend. If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to validate the server, and the SNI will automatically be set based on the destination. properties: alpnProtocols: description: |- `alpnProtocols` sets the Application-Layer Protocol Negotiation (`ALPN`) value to use in the TLS handshake. If not present, defaults to `["h2", "http/1.1"]`. items: maxLength: 64 minLength: 1 type: string maxItems: 16 minItems: 1 type: array caCertificateRefs: description: |- `caCertificateRefs` defines the CA certificate `ConfigMap` to use to verify the server certificate. If unset, the system's trusted certificates are used. items: description: |- LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic maxItems: 1 type: array x-kubernetes-list-type: atomic insecureSkipVerify: description: |- insecureSkipVerify originates TLS but skips verification of the backend's certificate. WARNING: This is an insecure option that should only be used if the risks are understood. There are two modes: * `All` disables all TLS verification. * `Hostname` verifies the CA certificate is trusted, but ignores any mismatch of hostname or SANs. Note that this method is still insecure; prefer setting `verifySubjectAltNames` to customize the valid hostnames if possible. enum: - All - Hostname type: string mtlsCertificateRef: description: |- `mtlsCertificateRef` enables mutual TLS to the backend, using the specified key (`tls.key`) and cert (`tls.crt`) from the referenced `Secret`. An optional `ca.cert` field, if present, will be used to verify the server certificate. If `caCertificateRefs` is also specified, the `caCertificateRefs` field takes priority. If unspecified, no client certificate will be used. items: description: |- LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic maxItems: 1 type: array x-kubernetes-list-type: atomic sni: description: |- `sni` specifies the Server Name Indicator (`SNI`) to be used in the TLS handshake. If unset, the `SNI` is automatically set based on the destination hostname. maxLength: 253 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string verifySubjectAltNames: description: |- `verifySubjectAltNames` specifies the Subject Alternative Names (`SAN`) to verify in the server certificate. If not present, the destination hostname is automatically used. items: maxLength: 256 minLength: 1 type: string maxItems: 16 minItems: 1 type: array type: object x-kubernetes-validations: - message: insecureSkipVerify All and caCertificateRefs may not be set together rule: 'has(self.insecureSkipVerify) && self.insecureSkipVerify == ''All'' ? !has(self.caCertificateRefs) : true' - message: insecureSkipVerify and verifySubjectAltNames may not be set together rule: 'has(self.insecureSkipVerify) ? !has(self.verifySubjectAltNames) : true' - message: at most one of the fields in [verifySubjectAltNames insecureSkipVerify] may be set rule: '[has(self.verifySubjectAltNames),has(self.insecureSkipVerify)].filter(x,x==true).size() <= 1' transformation: description: transformation is used to mutate and transform requests and responses sent to and from the backend. properties: request: description: '`request` is used to modify the request path.' properties: add: description: |- `add` is a list of headers to add to the request and what that value should be set to. If there is already a header with these values then append the value as an extra entry. items: properties: name: description: The name of the header to add. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' value: description: |- `value` is the CEL expression to apply to generate the output value for the header. maxLength: 16384 minLength: 1 type: string required: - name - value type: object maxItems: 16 minItems: 1 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map body: description: '`body` controls manipulation of the HTTP body.' maxLength: 16384 minLength: 1 type: string metadata: additionalProperties: description: CELExpression represents a Common Expression Language (CEL) expression. maxLength: 16384 minLength: 1 type: string description: |- `metadata` stores CEL-evaluated values under the `metadata` CEL variable for subsequent policy evaluations. `metadata` is evaluated before header or body transformations. maxProperties: 16 minProperties: 1 type: object remove: description: |- `remove` is a list of header names to remove from the request or response. items: description: An HTTP Header Name. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' maxItems: 16 minItems: 1 type: array x-kubernetes-list-type: set set: description: '`set` is a list of headers and the value they should be set to.' items: properties: name: description: The name of the header to add. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' value: description: |- `value` is the CEL expression to apply to generate the output value for the header. maxLength: 16384 minLength: 1 type: string required: - name - value type: object maxItems: 16 minItems: 1 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map type: object x-kubernetes-validations: - message: at least one of the fields in [add body metadata remove set] must be set rule: '[has(self.add),has(self.body),has(self.metadata),has(self.remove),has(self.set)].filter(x,x==true).size() >= 1' response: description: '`response` is used to modify the response path.' properties: add: description: |- `add` is a list of headers to add to the request and what that value should be set to. If there is already a header with these values then append the value as an extra entry. items: properties: name: description: The name of the header to add. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' value: description: |- `value` is the CEL expression to apply to generate the output value for the header. maxLength: 16384 minLength: 1 type: string required: - name - value type: object maxItems: 16 minItems: 1 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map body: description: '`body` controls manipulation of the HTTP body.' maxLength: 16384 minLength: 1 type: string metadata: additionalProperties: description: CELExpression represents a Common Expression Language (CEL) expression. maxLength: 16384 minLength: 1 type: string description: |- `metadata` stores CEL-evaluated values under the `metadata` CEL variable for subsequent policy evaluations. `metadata` is evaluated before header or body transformations. maxProperties: 16 minProperties: 1 type: object remove: description: |- `remove` is a list of header names to remove from the request or response. items: description: An HTTP Header Name. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' maxItems: 16 minItems: 1 type: array x-kubernetes-list-type: set set: description: '`set` is a list of headers and the value they should be set to.' items: properties: name: description: The name of the header to add. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' value: description: |- `value` is the CEL expression to apply to generate the output value for the header. maxLength: 16384 minLength: 1 type: string required: - name - value type: object maxItems: 16 minItems: 1 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map type: object x-kubernetes-validations: - message: at least one of the fields in [add body metadata remove set] must be set rule: '[has(self.add),has(self.body),has(self.metadata),has(self.remove),has(self.set)].filter(x,x==true).size() >= 1' type: object x-kubernetes-validations: - message: at least one of the fields in [request response] must be set rule: '[has(self.request),has(self.response)].filter(x,x==true).size() >= 1' tunnel: description: '`tunnel` defines settings for managing tunnel connections (with behavior like `HTTPS_PROXY`) to the backend.' properties: backendRef: description: |- `backendRef` references the proxy server to reach. Supported types: `Service` and `Backend`. properties: group: default: "" description: |- Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred. maxLength: 253 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string kind: default: Service description: |- Kind is the Kubernetes resource kind of the referent. For example "Service". Defaults to "Service" when not specified. ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. Support: Core (Services with a type other than ExternalName) Support: Implementation-specific (Services with type ExternalName) maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ type: string name: description: Name is the name of the referent. maxLength: 253 minLength: 1 type: string namespace: description: |- Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. Support: Core maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string port: description: |- Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field. format: int32 maximum: 65535 minimum: 1 type: integer required: - name type: object x-kubernetes-validations: - message: Must have port for Service reference rule: '(size(self.group) == 0 && self.kind == ''Service'') ? has(self.port) : true' required: - backendRef type: object type: object type: object regex: description: Regular expression (regex) matching for prompt guards and data masking. properties: action: default: Mask description: |- The action to take if a regex pattern is matched in a request or response. This setting applies only to request matches. `PromptguardResponse` matches are always masked by default. Defaults to `Mask`. enum: - Mask - Reject type: string builtins: description: |- A list of built-in regex patterns to match against the request or response. Matches and built-ins are additive. items: description: |- Built-in regex patterns for specific types of strings in prompts. For example, if you specify `CreditCard`, any credit card numbers in the request or response are matched. enum: - Ssn - CreditCard - PhoneNumber - Email - CaSin type: string type: array matches: description: |- A list of regex patterns to match against the request or response. Matches and built-ins are additive. items: maxLength: 1024 minLength: 1 type: string type: array type: object response: description: |- A custom response message to return to the client. If not specified, defaults to `The request was rejected due to inappropriate content`. properties: message: default: The request was rejected due to inappropriate content description: |- A custom response message to return to the client. If not specified, defaults to `The request was rejected due to inappropriate content`. type: string statusCode: default: 403 description: The status code to return to the client. Defaults to 403. format: int32 maximum: 599 minimum: 200 type: integer type: object x-kubernetes-validations: - message: at least one of the fields in [message statusCode] must be set rule: '[has(self.message),has(self.statusCode)].filter(x,x==true).size() >= 1' webhook: description: Configure a webhook to forward requests to for prompt guarding. properties: backendRef: description: |- backendRef references the webhook server to reach. Supported types: Service and Backend. properties: group: default: "" description: |- Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred. maxLength: 253 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string kind: default: Service description: |- Kind is the Kubernetes resource kind of the referent. For example "Service". Defaults to "Service" when not specified. ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. Support: Core (Services with a type other than ExternalName) Support: Implementation-specific (Services with type ExternalName) maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ type: string name: description: Name is the name of the referent. maxLength: 253 minLength: 1 type: string namespace: description: |- Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. Support: Core maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string port: description: |- Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field. format: int32 maximum: 65535 minimum: 1 type: integer required: - name type: object x-kubernetes-validations: - message: Must have port for Service reference rule: '(size(self.group) == 0 && self.kind == ''Service'') ? has(self.port) : true' forwardHeaderMatches: description: |- ForwardHeaderMatches defines a list of HTTP header matches that will be used to select the headers to forward to the webhook. Request headers are used when forwarding requests and response headers are used when forwarding responses. By default, no headers are forwarded. items: description: |- HTTPHeaderMatch describes how to select a HTTP route by matching HTTP request headers. properties: name: description: |- Name is the name of the HTTP Header to be matched. Name matching MUST be case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). If multiple entries specify equivalent header names, only the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, "foo" and "Foo" are considered equivalent. When a header is repeated in an HTTP request, it is implementation-specific behavior as to how this is represented. Generally, proxies should follow the guidance from the RFC: https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding processing a repeated header, with special handling for "Set-Cookie". maxLength: 256 minLength: 1 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string type: default: Exact description: |- Type specifies how to match against the value of the header. Support: Core (Exact) Support: Implementation-specific (RegularExpression) Since RegularExpression HeaderMatchType has implementation-specific conformance, implementations can support POSIX, PCRE or any other dialects of regular expressions. Please read the implementation's documentation to determine the supported dialect. enum: - Exact - RegularExpression type: string value: description: |- Value is the value of HTTP Header to be matched. Must consist of printable US-ASCII characters, optionally separated by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2 maxLength: 4096 minLength: 1 type: string required: - name - value type: object type: array required: - backendRef type: object type: object x-kubernetes-validations: - message: exactly one of the fields in [regex webhook openAIModeration bedrockGuardrails googleModelArmor] must be set rule: '[has(self.regex),has(self.webhook),has(self.openAIModeration),has(self.bedrockGuardrails),has(self.googleModelArmor)].filter(x,x==true).size() == 1' maxItems: 8 minItems: 1 type: array response: description: Prompt guards to apply to responses returned by the LLM provider. items: description: PromptguardResponse configures the response that the prompt guard applies to responses returned by the LLM provider. properties: bedrockGuardrails: description: |- `bedrockGuardrails` configures AWS Bedrock Guardrails for prompt guarding. properties: identifier: description: GuardrailIdentifier is the identifier of the Guardrail policy to use for the backend. maxLength: 256 minLength: 1 type: string policies: description: policies controls policies for communicating with AWS Bedrock Guardrails. properties: auth: description: '`auth` defines settings for managing authentication to the backend.' properties: aws: description: |- Auth specifies an explicit AWS authentication method for the backend. When omitted, we will try to use the default AWS SDK authentication methods. properties: secretRef: description: |- `secretRef` references a Kubernetes `Secret` containing the AWS credentials. The `Secret` must have keys `accessKey`, `secretKey`, and optionally `sessionToken`. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic required: - secretRef type: object azure: description: Azure specifies an Azure authentication method for the backend. properties: managedIdentity: description: Details for managed identity authentication properties: clientId: type: string objectId: type: string resourceId: type: string required: - clientId - objectId - resourceId type: object secretRef: description: |- `secretRef` references a Kubernetes `Secret` containing the Azure credentials. The `Secret` must have keys `clientId`, `tenantId`, and `clientSecret`. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic type: object gcp: description: |- Auth specifies to use a Google authentication method for the backend. When omitted, we will try to use the default AWS SDK authentication methods. properties: audience: description: |- `audience` allows explicitly configuring the `aud` of the ID token. Only valid with `IdToken` type. If not set, the `aud` is automatically derived from the backend hostname. maxLength: 256 minLength: 1 type: string type: description: |- The type of token to generate. To authenticate to GCP services, generally an `AccessToken` is used. To authenticate to Cloud Run, an `IdToken` is used. enum: - AccessToken - IdToken type: string type: object x-kubernetes-validations: - message: audience is only valid with IdToken rule: 'has(self.audience) ? self.type == ''IdToken'' : true' key: description: |- `key` provides an inline key to use as the value of the `Authorization` header. This option is the least secure; usage of a `Secret` is preferred. maxLength: 2048 type: string passthrough: description: |- `passthrough` passes through an existing token that has been sent by the client and validated. Other policies, like JWT and API key authentication, will strip the original client credentials. Passthrough backend authentication causes the original token to be added back into the request. If there are no client authentication policies on the request, the original token would be unchanged, so this would have no effect. type: object secretRef: description: |- `secretRef` references a Kubernetes `Secret` storing the key to use as the authorization value. This must be stored in the `Authorization` key. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic type: object x-kubernetes-validations: - message: exactly one of the fields in [key secretRef passthrough aws azure gcp] must be set rule: '[has(self.key),has(self.secretRef),has(self.passthrough),has(self.aws),has(self.azure),has(self.gcp)].filter(x,x==true).size() == 1' health: description: health defines settings for passive and active health checking. properties: eviction: description: Eviction defines settings for evicting unhealthy backends. properties: consecutiveFailures: description: |- ConsecutiveFailures is the number of consecutive unhealthy responses required before the backend is evicted. For example, a value of 5 means the backend must receive 5 unhealthy responses in a row before being evicted. When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met. When neither is set, a single unhealthy response can trigger eviction. format: int32 minimum: 0 type: integer duration: default: 3s description: |- Duration specifies the base time a backend should be evicted after being marked unhealthy. Subsequent evictions use multiplicative backoff (duration * times_evicted). If all endpoints are evicted, the load balancer falls back to returning evicted endpoints rather than failing entirely. If unset, defaults to `3s`. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: evictionDuration must be at least 1 second rule: duration(self) >= duration('1s') healthThreshold: description: |- HealthThreshold is the EWMA (exponentially-weighted moving average) health score threshold, expressed as 0–100. When set, a backend is only evicted if its computed health drops below this value after an unhealthy response. For example, 50 means the backend is evicted when its EWMA health falls below 50% following failures. Unlike consecutiveFailures (which counts consecutive failures), this uses a sliding-window average so a single success in a stream of failures can delay eviction. When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met. When neither is set, a single unhealthy response triggers eviction. format: int32 maximum: 100 minimum: 0 type: integer restoreHealth: description: |- RestoreHealth is the health score (0–100) assigned to a backend when it returns from eviction. For gradual recovery, set below 100; for full recovery immediately, set 100. If unset, the backend resumes with the health it had when evicted. format: int32 maximum: 100 minimum: 0 type: integer type: object unhealthyCondition: description: |- UnhealthyCondition is a CEL expression that determines whether a response indicates an unhealthy backend. When the expression evaluates to true, the backend is considered unhealthy and may be evicted. For example, to evict on 5xx responses: `response.code >= 500`. When unset, any 5xx response, or a connection failure, is treated as unhealthy. This default lowers the backend's health score but does not trigger eviction on its own. maxLength: 16384 minLength: 1 type: string type: object http: description: http defines settings for managing HTTP requests to the backend. properties: requestTimeout: description: requestTimeout specifies the deadline for receiving a response from the backend. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: requestTimeout must be at least 1ms rule: duration(self) >= duration('1ms') version: description: |- `version` specifies the HTTP protocol version to use when connecting to the backend. If not specified, the version is automatically determined: * `Service` types can specify it with `appProtocol` on the `Service` port. * If traffic is identified as gRPC, `HTTP2` is used. * If the incoming traffic was plaintext HTTP, the original protocol will be used. * If the incoming traffic was HTTPS, `HTTP1` will be used. This is because most clients will transparently upgrade HTTPS traffic to `HTTP2`, even if the backend doesn't support it. enum: - HTTP1 - HTTP2 type: string type: object tcp: description: tcp defines settings for managing TCP connections to the backend. properties: connectTimeout: description: |- `connectTimeout` defines the deadline for establishing a connection to the destination. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: connectTimeout must be at least 100ms rule: duration(self) >= duration('100ms') keepalive: description: |- `keepAlive` defines settings for enabling TCP keepalives on the connection. properties: interval: description: |- interval specifies the number of seconds between keep-alive probes. If unset, this defaults to 180s. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: interval must be at least 1 second rule: duration(self) >= duration('1s') retries: description: |- retries specifies the maximum number of keep-alive probes to send before dropping the connection. If unset, this defaults to 9. format: int32 maximum: 64 minimum: 1 type: integer time: description: |- time specifies the number of seconds a connection needs to be idle before keep-alive probes start being sent. If unset, this defaults to 180s. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: time must be at least 1 second rule: duration(self) >= duration('1s') type: object type: object tls: description: |- tls defines settings for managing TLS connections to the backend. If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to validate the server, and the SNI will automatically be set based on the destination. properties: alpnProtocols: description: |- `alpnProtocols` sets the Application-Layer Protocol Negotiation (`ALPN`) value to use in the TLS handshake. If not present, defaults to `["h2", "http/1.1"]`. items: maxLength: 64 minLength: 1 type: string maxItems: 16 minItems: 1 type: array caCertificateRefs: description: |- `caCertificateRefs` defines the CA certificate `ConfigMap` to use to verify the server certificate. If unset, the system's trusted certificates are used. items: description: |- LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic maxItems: 1 type: array x-kubernetes-list-type: atomic insecureSkipVerify: description: |- insecureSkipVerify originates TLS but skips verification of the backend's certificate. WARNING: This is an insecure option that should only be used if the risks are understood. There are two modes: * `All` disables all TLS verification. * `Hostname` verifies the CA certificate is trusted, but ignores any mismatch of hostname or SANs. Note that this method is still insecure; prefer setting `verifySubjectAltNames` to customize the valid hostnames if possible. enum: - All - Hostname type: string mtlsCertificateRef: description: |- `mtlsCertificateRef` enables mutual TLS to the backend, using the specified key (`tls.key`) and cert (`tls.crt`) from the referenced `Secret`. An optional `ca.cert` field, if present, will be used to verify the server certificate. If `caCertificateRefs` is also specified, the `caCertificateRefs` field takes priority. If unspecified, no client certificate will be used. items: description: |- LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic maxItems: 1 type: array x-kubernetes-list-type: atomic sni: description: |- `sni` specifies the Server Name Indicator (`SNI`) to be used in the TLS handshake. If unset, the `SNI` is automatically set based on the destination hostname. maxLength: 253 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string verifySubjectAltNames: description: |- `verifySubjectAltNames` specifies the Subject Alternative Names (`SAN`) to verify in the server certificate. If not present, the destination hostname is automatically used. items: maxLength: 256 minLength: 1 type: string maxItems: 16 minItems: 1 type: array type: object x-kubernetes-validations: - message: insecureSkipVerify All and caCertificateRefs may not be set together rule: 'has(self.insecureSkipVerify) && self.insecureSkipVerify == ''All'' ? !has(self.caCertificateRefs) : true' - message: insecureSkipVerify and verifySubjectAltNames may not be set together rule: 'has(self.insecureSkipVerify) ? !has(self.verifySubjectAltNames) : true' - message: at most one of the fields in [verifySubjectAltNames insecureSkipVerify] may be set rule: '[has(self.verifySubjectAltNames),has(self.insecureSkipVerify)].filter(x,x==true).size() <= 1' transformation: description: transformation is used to mutate and transform requests and responses sent to and from the backend. properties: request: description: '`request` is used to modify the request path.' properties: add: description: |- `add` is a list of headers to add to the request and what that value should be set to. If there is already a header with these values then append the value as an extra entry. items: properties: name: description: The name of the header to add. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' value: description: |- `value` is the CEL expression to apply to generate the output value for the header. maxLength: 16384 minLength: 1 type: string required: - name - value type: object maxItems: 16 minItems: 1 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map body: description: '`body` controls manipulation of the HTTP body.' maxLength: 16384 minLength: 1 type: string metadata: additionalProperties: description: CELExpression represents a Common Expression Language (CEL) expression. maxLength: 16384 minLength: 1 type: string description: |- `metadata` stores CEL-evaluated values under the `metadata` CEL variable for subsequent policy evaluations. `metadata` is evaluated before header or body transformations. maxProperties: 16 minProperties: 1 type: object remove: description: |- `remove` is a list of header names to remove from the request or response. items: description: An HTTP Header Name. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' maxItems: 16 minItems: 1 type: array x-kubernetes-list-type: set set: description: '`set` is a list of headers and the value they should be set to.' items: properties: name: description: The name of the header to add. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' value: description: |- `value` is the CEL expression to apply to generate the output value for the header. maxLength: 16384 minLength: 1 type: string required: - name - value type: object maxItems: 16 minItems: 1 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map type: object x-kubernetes-validations: - message: at least one of the fields in [add body metadata remove set] must be set rule: '[has(self.add),has(self.body),has(self.metadata),has(self.remove),has(self.set)].filter(x,x==true).size() >= 1' response: description: '`response` is used to modify the response path.' properties: add: description: |- `add` is a list of headers to add to the request and what that value should be set to. If there is already a header with these values then append the value as an extra entry. items: properties: name: description: The name of the header to add. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' value: description: |- `value` is the CEL expression to apply to generate the output value for the header. maxLength: 16384 minLength: 1 type: string required: - name - value type: object maxItems: 16 minItems: 1 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map body: description: '`body` controls manipulation of the HTTP body.' maxLength: 16384 minLength: 1 type: string metadata: additionalProperties: description: CELExpression represents a Common Expression Language (CEL) expression. maxLength: 16384 minLength: 1 type: string description: |- `metadata` stores CEL-evaluated values under the `metadata` CEL variable for subsequent policy evaluations. `metadata` is evaluated before header or body transformations. maxProperties: 16 minProperties: 1 type: object remove: description: |- `remove` is a list of header names to remove from the request or response. items: description: An HTTP Header Name. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' maxItems: 16 minItems: 1 type: array x-kubernetes-list-type: set set: description: '`set` is a list of headers and the value they should be set to.' items: properties: name: description: The name of the header to add. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' value: description: |- `value` is the CEL expression to apply to generate the output value for the header. maxLength: 16384 minLength: 1 type: string required: - name - value type: object maxItems: 16 minItems: 1 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map type: object x-kubernetes-validations: - message: at least one of the fields in [add body metadata remove set] must be set rule: '[has(self.add),has(self.body),has(self.metadata),has(self.remove),has(self.set)].filter(x,x==true).size() >= 1' type: object x-kubernetes-validations: - message: at least one of the fields in [request response] must be set rule: '[has(self.request),has(self.response)].filter(x,x==true).size() >= 1' tunnel: description: '`tunnel` defines settings for managing tunnel connections (with behavior like `HTTPS_PROXY`) to the backend.' properties: backendRef: description: |- `backendRef` references the proxy server to reach. Supported types: `Service` and `Backend`. properties: group: default: "" description: |- Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred. maxLength: 253 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string kind: default: Service description: |- Kind is the Kubernetes resource kind of the referent. For example "Service". Defaults to "Service" when not specified. ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. Support: Core (Services with a type other than ExternalName) Support: Implementation-specific (Services with type ExternalName) maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ type: string name: description: Name is the name of the referent. maxLength: 253 minLength: 1 type: string namespace: description: |- Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. Support: Core maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string port: description: |- Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field. format: int32 maximum: 65535 minimum: 1 type: integer required: - name type: object x-kubernetes-validations: - message: Must have port for Service reference rule: '(size(self.group) == 0 && self.kind == ''Service'') ? has(self.port) : true' required: - backendRef type: object type: object region: description: |- Region is the AWS region where the guardrail is deployed (for example, `us-west-2`). maxLength: 256 minLength: 1 type: string version: description: GuardrailVersion is the version of the Guardrail policy to use for the backend. maxLength: 256 minLength: 1 type: string required: - identifier - region - version type: object googleModelArmor: description: '`googleModelArmor` configures Google Model Armor for prompt guarding.' properties: location: default: us-central1 description: |- Location is the Google Cloud location (for example, `us-central1`). Defaults to `us-central1` if not specified. maxLength: 256 minLength: 1 type: string policies: description: policies controls policies for communicating with Google Model Armor. properties: auth: description: '`auth` defines settings for managing authentication to the backend.' properties: aws: description: |- Auth specifies an explicit AWS authentication method for the backend. When omitted, we will try to use the default AWS SDK authentication methods. properties: secretRef: description: |- `secretRef` references a Kubernetes `Secret` containing the AWS credentials. The `Secret` must have keys `accessKey`, `secretKey`, and optionally `sessionToken`. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic required: - secretRef type: object azure: description: Azure specifies an Azure authentication method for the backend. properties: managedIdentity: description: Details for managed identity authentication properties: clientId: type: string objectId: type: string resourceId: type: string required: - clientId - objectId - resourceId type: object secretRef: description: |- `secretRef` references a Kubernetes `Secret` containing the Azure credentials. The `Secret` must have keys `clientId`, `tenantId`, and `clientSecret`. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic type: object gcp: description: |- Auth specifies to use a Google authentication method for the backend. When omitted, we will try to use the default AWS SDK authentication methods. properties: audience: description: |- `audience` allows explicitly configuring the `aud` of the ID token. Only valid with `IdToken` type. If not set, the `aud` is automatically derived from the backend hostname. maxLength: 256 minLength: 1 type: string type: description: |- The type of token to generate. To authenticate to GCP services, generally an `AccessToken` is used. To authenticate to Cloud Run, an `IdToken` is used. enum: - AccessToken - IdToken type: string type: object x-kubernetes-validations: - message: audience is only valid with IdToken rule: 'has(self.audience) ? self.type == ''IdToken'' : true' key: description: |- `key` provides an inline key to use as the value of the `Authorization` header. This option is the least secure; usage of a `Secret` is preferred. maxLength: 2048 type: string passthrough: description: |- `passthrough` passes through an existing token that has been sent by the client and validated. Other policies, like JWT and API key authentication, will strip the original client credentials. Passthrough backend authentication causes the original token to be added back into the request. If there are no client authentication policies on the request, the original token would be unchanged, so this would have no effect. type: object secretRef: description: |- `secretRef` references a Kubernetes `Secret` storing the key to use as the authorization value. This must be stored in the `Authorization` key. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic type: object x-kubernetes-validations: - message: exactly one of the fields in [key secretRef passthrough aws azure gcp] must be set rule: '[has(self.key),has(self.secretRef),has(self.passthrough),has(self.aws),has(self.azure),has(self.gcp)].filter(x,x==true).size() == 1' health: description: health defines settings for passive and active health checking. properties: eviction: description: Eviction defines settings for evicting unhealthy backends. properties: consecutiveFailures: description: |- ConsecutiveFailures is the number of consecutive unhealthy responses required before the backend is evicted. For example, a value of 5 means the backend must receive 5 unhealthy responses in a row before being evicted. When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met. When neither is set, a single unhealthy response can trigger eviction. format: int32 minimum: 0 type: integer duration: default: 3s description: |- Duration specifies the base time a backend should be evicted after being marked unhealthy. Subsequent evictions use multiplicative backoff (duration * times_evicted). If all endpoints are evicted, the load balancer falls back to returning evicted endpoints rather than failing entirely. If unset, defaults to `3s`. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: evictionDuration must be at least 1 second rule: duration(self) >= duration('1s') healthThreshold: description: |- HealthThreshold is the EWMA (exponentially-weighted moving average) health score threshold, expressed as 0–100. When set, a backend is only evicted if its computed health drops below this value after an unhealthy response. For example, 50 means the backend is evicted when its EWMA health falls below 50% following failures. Unlike consecutiveFailures (which counts consecutive failures), this uses a sliding-window average so a single success in a stream of failures can delay eviction. When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met. When neither is set, a single unhealthy response triggers eviction. format: int32 maximum: 100 minimum: 0 type: integer restoreHealth: description: |- RestoreHealth is the health score (0–100) assigned to a backend when it returns from eviction. For gradual recovery, set below 100; for full recovery immediately, set 100. If unset, the backend resumes with the health it had when evicted. format: int32 maximum: 100 minimum: 0 type: integer type: object unhealthyCondition: description: |- UnhealthyCondition is a CEL expression that determines whether a response indicates an unhealthy backend. When the expression evaluates to true, the backend is considered unhealthy and may be evicted. For example, to evict on 5xx responses: `response.code >= 500`. When unset, any 5xx response, or a connection failure, is treated as unhealthy. This default lowers the backend's health score but does not trigger eviction on its own. maxLength: 16384 minLength: 1 type: string type: object http: description: http defines settings for managing HTTP requests to the backend. properties: requestTimeout: description: requestTimeout specifies the deadline for receiving a response from the backend. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: requestTimeout must be at least 1ms rule: duration(self) >= duration('1ms') version: description: |- `version` specifies the HTTP protocol version to use when connecting to the backend. If not specified, the version is automatically determined: * `Service` types can specify it with `appProtocol` on the `Service` port. * If traffic is identified as gRPC, `HTTP2` is used. * If the incoming traffic was plaintext HTTP, the original protocol will be used. * If the incoming traffic was HTTPS, `HTTP1` will be used. This is because most clients will transparently upgrade HTTPS traffic to `HTTP2`, even if the backend doesn't support it. enum: - HTTP1 - HTTP2 type: string type: object tcp: description: tcp defines settings for managing TCP connections to the backend. properties: connectTimeout: description: |- `connectTimeout` defines the deadline for establishing a connection to the destination. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: connectTimeout must be at least 100ms rule: duration(self) >= duration('100ms') keepalive: description: |- `keepAlive` defines settings for enabling TCP keepalives on the connection. properties: interval: description: |- interval specifies the number of seconds between keep-alive probes. If unset, this defaults to 180s. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: interval must be at least 1 second rule: duration(self) >= duration('1s') retries: description: |- retries specifies the maximum number of keep-alive probes to send before dropping the connection. If unset, this defaults to 9. format: int32 maximum: 64 minimum: 1 type: integer time: description: |- time specifies the number of seconds a connection needs to be idle before keep-alive probes start being sent. If unset, this defaults to 180s. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: time must be at least 1 second rule: duration(self) >= duration('1s') type: object type: object tls: description: |- tls defines settings for managing TLS connections to the backend. If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to validate the server, and the SNI will automatically be set based on the destination. properties: alpnProtocols: description: |- `alpnProtocols` sets the Application-Layer Protocol Negotiation (`ALPN`) value to use in the TLS handshake. If not present, defaults to `["h2", "http/1.1"]`. items: maxLength: 64 minLength: 1 type: string maxItems: 16 minItems: 1 type: array caCertificateRefs: description: |- `caCertificateRefs` defines the CA certificate `ConfigMap` to use to verify the server certificate. If unset, the system's trusted certificates are used. items: description: |- LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic maxItems: 1 type: array x-kubernetes-list-type: atomic insecureSkipVerify: description: |- insecureSkipVerify originates TLS but skips verification of the backend's certificate. WARNING: This is an insecure option that should only be used if the risks are understood. There are two modes: * `All` disables all TLS verification. * `Hostname` verifies the CA certificate is trusted, but ignores any mismatch of hostname or SANs. Note that this method is still insecure; prefer setting `verifySubjectAltNames` to customize the valid hostnames if possible. enum: - All - Hostname type: string mtlsCertificateRef: description: |- `mtlsCertificateRef` enables mutual TLS to the backend, using the specified key (`tls.key`) and cert (`tls.crt`) from the referenced `Secret`. An optional `ca.cert` field, if present, will be used to verify the server certificate. If `caCertificateRefs` is also specified, the `caCertificateRefs` field takes priority. If unspecified, no client certificate will be used. items: description: |- LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic maxItems: 1 type: array x-kubernetes-list-type: atomic sni: description: |- `sni` specifies the Server Name Indicator (`SNI`) to be used in the TLS handshake. If unset, the `SNI` is automatically set based on the destination hostname. maxLength: 253 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string verifySubjectAltNames: description: |- `verifySubjectAltNames` specifies the Subject Alternative Names (`SAN`) to verify in the server certificate. If not present, the destination hostname is automatically used. items: maxLength: 256 minLength: 1 type: string maxItems: 16 minItems: 1 type: array type: object x-kubernetes-validations: - message: insecureSkipVerify All and caCertificateRefs may not be set together rule: 'has(self.insecureSkipVerify) && self.insecureSkipVerify == ''All'' ? !has(self.caCertificateRefs) : true' - message: insecureSkipVerify and verifySubjectAltNames may not be set together rule: 'has(self.insecureSkipVerify) ? !has(self.verifySubjectAltNames) : true' - message: at most one of the fields in [verifySubjectAltNames insecureSkipVerify] may be set rule: '[has(self.verifySubjectAltNames),has(self.insecureSkipVerify)].filter(x,x==true).size() <= 1' transformation: description: transformation is used to mutate and transform requests and responses sent to and from the backend. properties: request: description: '`request` is used to modify the request path.' properties: add: description: |- `add` is a list of headers to add to the request and what that value should be set to. If there is already a header with these values then append the value as an extra entry. items: properties: name: description: The name of the header to add. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' value: description: |- `value` is the CEL expression to apply to generate the output value for the header. maxLength: 16384 minLength: 1 type: string required: - name - value type: object maxItems: 16 minItems: 1 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map body: description: '`body` controls manipulation of the HTTP body.' maxLength: 16384 minLength: 1 type: string metadata: additionalProperties: description: CELExpression represents a Common Expression Language (CEL) expression. maxLength: 16384 minLength: 1 type: string description: |- `metadata` stores CEL-evaluated values under the `metadata` CEL variable for subsequent policy evaluations. `metadata` is evaluated before header or body transformations. maxProperties: 16 minProperties: 1 type: object remove: description: |- `remove` is a list of header names to remove from the request or response. items: description: An HTTP Header Name. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' maxItems: 16 minItems: 1 type: array x-kubernetes-list-type: set set: description: '`set` is a list of headers and the value they should be set to.' items: properties: name: description: The name of the header to add. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' value: description: |- `value` is the CEL expression to apply to generate the output value for the header. maxLength: 16384 minLength: 1 type: string required: - name - value type: object maxItems: 16 minItems: 1 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map type: object x-kubernetes-validations: - message: at least one of the fields in [add body metadata remove set] must be set rule: '[has(self.add),has(self.body),has(self.metadata),has(self.remove),has(self.set)].filter(x,x==true).size() >= 1' response: description: '`response` is used to modify the response path.' properties: add: description: |- `add` is a list of headers to add to the request and what that value should be set to. If there is already a header with these values then append the value as an extra entry. items: properties: name: description: The name of the header to add. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' value: description: |- `value` is the CEL expression to apply to generate the output value for the header. maxLength: 16384 minLength: 1 type: string required: - name - value type: object maxItems: 16 minItems: 1 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map body: description: '`body` controls manipulation of the HTTP body.' maxLength: 16384 minLength: 1 type: string metadata: additionalProperties: description: CELExpression represents a Common Expression Language (CEL) expression. maxLength: 16384 minLength: 1 type: string description: |- `metadata` stores CEL-evaluated values under the `metadata` CEL variable for subsequent policy evaluations. `metadata` is evaluated before header or body transformations. maxProperties: 16 minProperties: 1 type: object remove: description: |- `remove` is a list of header names to remove from the request or response. items: description: An HTTP Header Name. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' maxItems: 16 minItems: 1 type: array x-kubernetes-list-type: set set: description: '`set` is a list of headers and the value they should be set to.' items: properties: name: description: The name of the header to add. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' value: description: |- `value` is the CEL expression to apply to generate the output value for the header. maxLength: 16384 minLength: 1 type: string required: - name - value type: object maxItems: 16 minItems: 1 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map type: object x-kubernetes-validations: - message: at least one of the fields in [add body metadata remove set] must be set rule: '[has(self.add),has(self.body),has(self.metadata),has(self.remove),has(self.set)].filter(x,x==true).size() >= 1' type: object x-kubernetes-validations: - message: at least one of the fields in [request response] must be set rule: '[has(self.request),has(self.response)].filter(x,x==true).size() >= 1' tunnel: description: '`tunnel` defines settings for managing tunnel connections (with behavior like `HTTPS_PROXY`) to the backend.' properties: backendRef: description: |- `backendRef` references the proxy server to reach. Supported types: `Service` and `Backend`. properties: group: default: "" description: |- Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred. maxLength: 253 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string kind: default: Service description: |- Kind is the Kubernetes resource kind of the referent. For example "Service". Defaults to "Service" when not specified. ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. Support: Core (Services with a type other than ExternalName) Support: Implementation-specific (Services with type ExternalName) maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ type: string name: description: Name is the name of the referent. maxLength: 253 minLength: 1 type: string namespace: description: |- Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. Support: Core maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string port: description: |- Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field. format: int32 maximum: 65535 minimum: 1 type: integer required: - name type: object x-kubernetes-validations: - message: Must have port for Service reference rule: '(size(self.group) == 0 && self.kind == ''Service'') ? has(self.port) : true' required: - backendRef type: object type: object projectId: description: ProjectID is the Google Cloud project ID. maxLength: 256 minLength: 1 type: string templateId: description: TemplateID is the template ID for Google Model Armor. maxLength: 256 minLength: 1 type: string required: - projectId - templateId type: object regex: description: Regular expression (regex) matching for prompt guards and data masking. properties: action: default: Mask description: |- The action to take if a regex pattern is matched in a request or response. This setting applies only to request matches. `PromptguardResponse` matches are always masked by default. Defaults to `Mask`. enum: - Mask - Reject type: string builtins: description: |- A list of built-in regex patterns to match against the request or response. Matches and built-ins are additive. items: description: |- Built-in regex patterns for specific types of strings in prompts. For example, if you specify `CreditCard`, any credit card numbers in the request or response are matched. enum: - Ssn - CreditCard - PhoneNumber - Email - CaSin type: string type: array matches: description: |- A list of regex patterns to match against the request or response. Matches and built-ins are additive. items: maxLength: 1024 minLength: 1 type: string type: array type: object response: description: |- A custom response message to return to the client. If not specified, defaults to `The response was rejected due to inappropriate content`. properties: message: default: The request was rejected due to inappropriate content description: |- A custom response message to return to the client. If not specified, defaults to `The request was rejected due to inappropriate content`. type: string statusCode: default: 403 description: The status code to return to the client. Defaults to 403. format: int32 maximum: 599 minimum: 200 type: integer type: object x-kubernetes-validations: - message: at least one of the fields in [message statusCode] must be set rule: '[has(self.message),has(self.statusCode)].filter(x,x==true).size() >= 1' webhook: description: Configure a webhook to forward responses to for prompt guarding. properties: backendRef: description: |- backendRef references the webhook server to reach. Supported types: Service and Backend. properties: group: default: "" description: |- Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred. maxLength: 253 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string kind: default: Service description: |- Kind is the Kubernetes resource kind of the referent. For example "Service". Defaults to "Service" when not specified. ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. Support: Core (Services with a type other than ExternalName) Support: Implementation-specific (Services with type ExternalName) maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ type: string name: description: Name is the name of the referent. maxLength: 253 minLength: 1 type: string namespace: description: |- Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. Support: Core maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string port: description: |- Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field. format: int32 maximum: 65535 minimum: 1 type: integer required: - name type: object x-kubernetes-validations: - message: Must have port for Service reference rule: '(size(self.group) == 0 && self.kind == ''Service'') ? has(self.port) : true' forwardHeaderMatches: description: |- ForwardHeaderMatches defines a list of HTTP header matches that will be used to select the headers to forward to the webhook. Request headers are used when forwarding requests and response headers are used when forwarding responses. By default, no headers are forwarded. items: description: |- HTTPHeaderMatch describes how to select a HTTP route by matching HTTP request headers. properties: name: description: |- Name is the name of the HTTP Header to be matched. Name matching MUST be case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). If multiple entries specify equivalent header names, only the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, "foo" and "Foo" are considered equivalent. When a header is repeated in an HTTP request, it is implementation-specific behavior as to how this is represented. Generally, proxies should follow the guidance from the RFC: https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding processing a repeated header, with special handling for "Set-Cookie". maxLength: 256 minLength: 1 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string type: default: Exact description: |- Type specifies how to match against the value of the header. Support: Core (Exact) Support: Implementation-specific (RegularExpression) Since RegularExpression HeaderMatchType has implementation-specific conformance, implementations can support POSIX, PCRE or any other dialects of regular expressions. Please read the implementation's documentation to determine the supported dialect. enum: - Exact - RegularExpression type: string value: description: |- Value is the value of HTTP Header to be matched. Must consist of printable US-ASCII characters, optionally separated by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2 maxLength: 4096 minLength: 1 type: string required: - name - value type: object type: array required: - backendRef type: object type: object x-kubernetes-validations: - message: exactly one of the fields in [regex webhook bedrockGuardrails googleModelArmor] must be set rule: '[has(self.regex),has(self.webhook),has(self.bedrockGuardrails),has(self.googleModelArmor)].filter(x,x==true).size() == 1' maxItems: 8 minItems: 1 type: array type: object x-kubernetes-validations: - message: at least one of the fields in [request response] must be set rule: '[has(self.request),has(self.response)].filter(x,x==true).size() >= 1' routes: additionalProperties: description: |- RouteType specifies how the AI gateway should process incoming requests based on the URL path and the API format expected. enum: - Completions - Messages - Models - Passthrough - Detect - Responses - AnthropicTokenCount - Embeddings - Realtime type: string description: |- `routes` defines how to identify the type of traffic to handle. The keys are URL path suffixes matched using ends-with comparison, for example `"/v1/chat/completions"`. The special `*` wildcard matches any path. If not specified, all traffic defaults to `completions` type. type: object transformations: description: |- Provide CEL transformations to compute and set fields in the request body. The expression result overwrites any existing value for that field. This has a higher priority than `overrides` if both are set for the same key. items: description: |- FieldTransformation maps a request JSON field to a CEL expression string. The expression is evaluated against the current request body and its result is assigned to the configured field. properties: expression: description: CEL expression used to compute the field value. maxLength: 16384 minLength: 1 type: string field: allOf: - minLength: 1 - minLength: 1 description: The name of the field to set. maxLength: 256 type: string required: - expression - field type: object maxItems: 64 minItems: 1 type: array type: object x-kubernetes-validations: - message: at least one of the fields in [defaults modelAliases overrides prompt promptCaching promptGuard routes transformations] must be set rule: '[has(self.defaults),has(self.modelAliases),has(self.overrides),has(self.prompt),has(self.promptCaching),has(self.promptGuard),has(self.routes),has(self.transformations)].filter(x,x==true).size() >= 1' auth: description: '`auth` defines settings for managing authentication to the backend.' properties: aws: description: |- Auth specifies an explicit AWS authentication method for the backend. When omitted, we will try to use the default AWS SDK authentication methods. properties: secretRef: description: |- `secretRef` references a Kubernetes `Secret` containing the AWS credentials. The `Secret` must have keys `accessKey`, `secretKey`, and optionally `sessionToken`. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic required: - secretRef type: object azure: description: Azure specifies an Azure authentication method for the backend. properties: managedIdentity: description: Details for managed identity authentication properties: clientId: type: string objectId: type: string resourceId: type: string required: - clientId - objectId - resourceId type: object secretRef: description: |- `secretRef` references a Kubernetes `Secret` containing the Azure credentials. The `Secret` must have keys `clientId`, `tenantId`, and `clientSecret`. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic type: object gcp: description: |- Auth specifies to use a Google authentication method for the backend. When omitted, we will try to use the default AWS SDK authentication methods. properties: audience: description: |- `audience` allows explicitly configuring the `aud` of the ID token. Only valid with `IdToken` type. If not set, the `aud` is automatically derived from the backend hostname. maxLength: 256 minLength: 1 type: string type: description: |- The type of token to generate. To authenticate to GCP services, generally an `AccessToken` is used. To authenticate to Cloud Run, an `IdToken` is used. enum: - AccessToken - IdToken type: string type: object x-kubernetes-validations: - message: audience is only valid with IdToken rule: 'has(self.audience) ? self.type == ''IdToken'' : true' key: description: |- `key` provides an inline key to use as the value of the `Authorization` header. This option is the least secure; usage of a `Secret` is preferred. maxLength: 2048 type: string passthrough: description: |- `passthrough` passes through an existing token that has been sent by the client and validated. Other policies, like JWT and API key authentication, will strip the original client credentials. Passthrough backend authentication causes the original token to be added back into the request. If there are no client authentication policies on the request, the original token would be unchanged, so this would have no effect. type: object secretRef: description: |- `secretRef` references a Kubernetes `Secret` storing the key to use as the authorization value. This must be stored in the `Authorization` key. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic type: object x-kubernetes-validations: - message: exactly one of the fields in [key secretRef passthrough aws azure gcp] must be set rule: '[has(self.key),has(self.secretRef),has(self.passthrough),has(self.aws),has(self.azure),has(self.gcp)].filter(x,x==true).size() == 1' health: description: health defines settings for passive and active health checking. properties: eviction: description: Eviction defines settings for evicting unhealthy backends. properties: consecutiveFailures: description: |- ConsecutiveFailures is the number of consecutive unhealthy responses required before the backend is evicted. For example, a value of 5 means the backend must receive 5 unhealthy responses in a row before being evicted. When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met. When neither is set, a single unhealthy response can trigger eviction. format: int32 minimum: 0 type: integer duration: default: 3s description: |- Duration specifies the base time a backend should be evicted after being marked unhealthy. Subsequent evictions use multiplicative backoff (duration * times_evicted). If all endpoints are evicted, the load balancer falls back to returning evicted endpoints rather than failing entirely. If unset, defaults to `3s`. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: evictionDuration must be at least 1 second rule: duration(self) >= duration('1s') healthThreshold: description: |- HealthThreshold is the EWMA (exponentially-weighted moving average) health score threshold, expressed as 0–100. When set, a backend is only evicted if its computed health drops below this value after an unhealthy response. For example, 50 means the backend is evicted when its EWMA health falls below 50% following failures. Unlike consecutiveFailures (which counts consecutive failures), this uses a sliding-window average so a single success in a stream of failures can delay eviction. When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met. When neither is set, a single unhealthy response triggers eviction. format: int32 maximum: 100 minimum: 0 type: integer restoreHealth: description: |- RestoreHealth is the health score (0–100) assigned to a backend when it returns from eviction. For gradual recovery, set below 100; for full recovery immediately, set 100. If unset, the backend resumes with the health it had when evicted. format: int32 maximum: 100 minimum: 0 type: integer type: object unhealthyCondition: description: |- UnhealthyCondition is a CEL expression that determines whether a response indicates an unhealthy backend. When the expression evaluates to true, the backend is considered unhealthy and may be evicted. For example, to evict on 5xx responses: `response.code >= 500`. When unset, any 5xx response, or a connection failure, is treated as unhealthy. This default lowers the backend's health score but does not trigger eviction on its own. maxLength: 16384 minLength: 1 type: string type: object http: description: http defines settings for managing HTTP requests to the backend. properties: requestTimeout: description: requestTimeout specifies the deadline for receiving a response from the backend. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: requestTimeout must be at least 1ms rule: duration(self) >= duration('1ms') version: description: |- `version` specifies the HTTP protocol version to use when connecting to the backend. If not specified, the version is automatically determined: * `Service` types can specify it with `appProtocol` on the `Service` port. * If traffic is identified as gRPC, `HTTP2` is used. * If the incoming traffic was plaintext HTTP, the original protocol will be used. * If the incoming traffic was HTTPS, `HTTP1` will be used. This is because most clients will transparently upgrade HTTPS traffic to `HTTP2`, even if the backend doesn't support it. enum: - HTTP1 - HTTP2 type: string type: object mcp: description: |- `mcp` specifies settings for MCP workloads. This is only applicable when connecting to a `Backend` of type `mcp`. This field is deprecated; prefer to use traffic policy `jwtAuthentication.mcp`, which ensures authentication runs before other policies such as transformation and rate limiting. properties: authentication: description: '`authentication` defines `MCPBackend`-specific authentication rules.' properties: audiences: description: |- `audiences` specifies the list of allowed audiences that are allowed access. This corresponds to the `aud` claim (https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.3). If unset, any audience is allowed. items: type: string maxItems: 64 minItems: 1 type: array issuer: description: |- `issuer` identifies the IdP that issued the JWT. This corresponds to the `iss` claim (https://tools.ietf.org/html/rfc7519#section-4.1.1). maxLength: 256 minLength: 1 type: string jwks: description: |- `jwks` defines the remote JSON Web Key used to validate the signature of the JWT. properties: backendRef: description: |- `backendRef` references the remote JWKS server to reach. Supported types are `Service` and static `Backend`. An `AgentgatewayPolicy` containing backend TLS config can then be attached to the `Service` or `Backend` in order to set TLS options for a connection to the remote `jwks` source. properties: group: default: "" description: |- Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred. maxLength: 253 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string kind: default: Service description: |- Kind is the Kubernetes resource kind of the referent. For example "Service". Defaults to "Service" when not specified. ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. Support: Core (Services with a type other than ExternalName) Support: Implementation-specific (Services with type ExternalName) maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ type: string name: description: Name is the name of the referent. maxLength: 253 minLength: 1 type: string namespace: description: |- Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. Support: Core maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string port: description: |- Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field. format: int32 maximum: 65535 minimum: 1 type: integer required: - name type: object x-kubernetes-validations: - message: Must have port for Service reference rule: '(size(self.group) == 0 && self.kind == ''Service'') ? has(self.port) : true' cacheDuration: default: 5m type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: cacheDuration must be at least 5m. rule: duration(self) >= duration('5m') jwksPath: description: |- Path to the IdP `jwks` endpoint, relative to the root, commonly `".well-known/jwks.json"`. maxLength: 2000 minLength: 1 type: string required: - backendRef - jwksPath type: object mode: default: Strict description: '`mode` is the validation mode for JWT authentication.' enum: - Strict - Optional - Permissive type: string provider: description: '`provider` specifies the identity provider to use for authentication.' enum: - Auth0 - Keycloak type: string resourceMetadata: additionalProperties: x-kubernetes-preserve-unknown-fields: true description: ResourceMetadata defines the metadata to use for MCP resources. type: object required: - jwks type: object authorization: description: |- authorization defines MCPBackend level authorization. Unlike authorization at the HTTP level, which will reject unauthorized requests with a `403` error, this policy works at the `MCPBackend` level. List operations, such as `list_tools`, will have each item evaluated. Items that do not meet the rule will be filtered. Get or call operations, such as `call_tool`, will evaluate the specific item and reject requests that do not meet the rule. properties: action: default: Allow description: |- `action` defines whether the rule allows, denies, or requires the request if matched. If unspecified, the default is `Allow`. Require policies are conjunctive across merged policies: all require policies must match. enum: - Allow - Deny - Require type: string policy: description: |- `policy` specifies the authorization rule to evaluate. * For `Allow` rules: any policy allows the request. * For `Require` rules: all policies must match for the request to be allowed. * For `Deny` rules: any matching policy denies the request. Note: a CEL expression that fails to evaluate is not considered to match, making this a risky policy; prefer to use `Require`. The presence of at least one `Allow` rule triggers a deny-by-default policy, requiring at least 1 match to allow. With no rules, all requires are allowed. properties: matchExpressions: description: |- MatchExpressions defines a set of conditions that must be satisfied for the rule to match. These expressions should be in the form of a Common Expression Language (`CEL`) expression. items: description: CELExpression represents a Common Expression Language (CEL) expression. maxLength: 16384 minLength: 1 type: string maxItems: 256 minItems: 1 type: array required: - matchExpressions type: object required: - policy type: object type: object x-kubernetes-validations: - message: at least one of the fields in [authentication authorization] must be set rule: '[has(self.authentication),has(self.authorization)].filter(x,x==true).size() >= 1' tcp: description: tcp defines settings for managing TCP connections to the backend. properties: connectTimeout: description: |- `connectTimeout` defines the deadline for establishing a connection to the destination. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: connectTimeout must be at least 100ms rule: duration(self) >= duration('100ms') keepalive: description: |- `keepAlive` defines settings for enabling TCP keepalives on the connection. properties: interval: description: |- interval specifies the number of seconds between keep-alive probes. If unset, this defaults to 180s. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: interval must be at least 1 second rule: duration(self) >= duration('1s') retries: description: |- retries specifies the maximum number of keep-alive probes to send before dropping the connection. If unset, this defaults to 9. format: int32 maximum: 64 minimum: 1 type: integer time: description: |- time specifies the number of seconds a connection needs to be idle before keep-alive probes start being sent. If unset, this defaults to 180s. type: string x-kubernetes-validations: - message: invalid duration value rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$') - message: time must be at least 1 second rule: duration(self) >= duration('1s') type: object type: object tls: description: |- tls defines settings for managing TLS connections to the backend. If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to validate the server, and the SNI will automatically be set based on the destination. properties: alpnProtocols: description: |- `alpnProtocols` sets the Application-Layer Protocol Negotiation (`ALPN`) value to use in the TLS handshake. If not present, defaults to `["h2", "http/1.1"]`. items: maxLength: 64 minLength: 1 type: string maxItems: 16 minItems: 1 type: array caCertificateRefs: description: |- `caCertificateRefs` defines the CA certificate `ConfigMap` to use to verify the server certificate. If unset, the system's trusted certificates are used. items: description: |- LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic maxItems: 1 type: array x-kubernetes-list-type: atomic insecureSkipVerify: description: |- insecureSkipVerify originates TLS but skips verification of the backend's certificate. WARNING: This is an insecure option that should only be used if the risks are understood. There are two modes: * `All` disables all TLS verification. * `Hostname` verifies the CA certificate is trusted, but ignores any mismatch of hostname or SANs. Note that this method is still insecure; prefer setting `verifySubjectAltNames` to customize the valid hostnames if possible. enum: - All - Hostname type: string mtlsCertificateRef: description: |- `mtlsCertificateRef` enables mutual TLS to the backend, using the specified key (`tls.key`) and cert (`tls.crt`) from the referenced `Secret`. An optional `ca.cert` field, if present, will be used to verify the server certificate. If `caCertificateRefs` is also specified, the `caCertificateRefs` field takes priority. If unspecified, no client certificate will be used. items: description: |- LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic maxItems: 1 type: array x-kubernetes-list-type: atomic sni: description: |- `sni` specifies the Server Name Indicator (`SNI`) to be used in the TLS handshake. If unset, the `SNI` is automatically set based on the destination hostname. maxLength: 253 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string verifySubjectAltNames: description: |- `verifySubjectAltNames` specifies the Subject Alternative Names (`SAN`) to verify in the server certificate. If not present, the destination hostname is automatically used. items: maxLength: 256 minLength: 1 type: string maxItems: 16 minItems: 1 type: array type: object x-kubernetes-validations: - message: insecureSkipVerify All and caCertificateRefs may not be set together rule: 'has(self.insecureSkipVerify) && self.insecureSkipVerify == ''All'' ? !has(self.caCertificateRefs) : true' - message: insecureSkipVerify and verifySubjectAltNames may not be set together rule: 'has(self.insecureSkipVerify) ? !has(self.verifySubjectAltNames) : true' - message: at most one of the fields in [verifySubjectAltNames insecureSkipVerify] may be set rule: '[has(self.verifySubjectAltNames),has(self.insecureSkipVerify)].filter(x,x==true).size() <= 1' transformation: description: transformation is used to mutate and transform requests and responses sent to and from the backend. properties: request: description: '`request` is used to modify the request path.' properties: add: description: |- `add` is a list of headers to add to the request and what that value should be set to. If there is already a header with these values then append the value as an extra entry. items: properties: name: description: The name of the header to add. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' value: description: |- `value` is the CEL expression to apply to generate the output value for the header. maxLength: 16384 minLength: 1 type: string required: - name - value type: object maxItems: 16 minItems: 1 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map body: description: '`body` controls manipulation of the HTTP body.' maxLength: 16384 minLength: 1 type: string metadata: additionalProperties: description: CELExpression represents a Common Expression Language (CEL) expression. maxLength: 16384 minLength: 1 type: string description: |- `metadata` stores CEL-evaluated values under the `metadata` CEL variable for subsequent policy evaluations. `metadata` is evaluated before header or body transformations. maxProperties: 16 minProperties: 1 type: object remove: description: |- `remove` is a list of header names to remove from the request or response. items: description: An HTTP Header Name. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' maxItems: 16 minItems: 1 type: array x-kubernetes-list-type: set set: description: '`set` is a list of headers and the value they should be set to.' items: properties: name: description: The name of the header to add. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' value: description: |- `value` is the CEL expression to apply to generate the output value for the header. maxLength: 16384 minLength: 1 type: string required: - name - value type: object maxItems: 16 minItems: 1 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map type: object x-kubernetes-validations: - message: at least one of the fields in [add body metadata remove set] must be set rule: '[has(self.add),has(self.body),has(self.metadata),has(self.remove),has(self.set)].filter(x,x==true).size() >= 1' response: description: '`response` is used to modify the response path.' properties: add: description: |- `add` is a list of headers to add to the request and what that value should be set to. If there is already a header with these values then append the value as an extra entry. items: properties: name: description: The name of the header to add. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' value: description: |- `value` is the CEL expression to apply to generate the output value for the header. maxLength: 16384 minLength: 1 type: string required: - name - value type: object maxItems: 16 minItems: 1 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map body: description: '`body` controls manipulation of the HTTP body.' maxLength: 16384 minLength: 1 type: string metadata: additionalProperties: description: CELExpression represents a Common Expression Language (CEL) expression. maxLength: 16384 minLength: 1 type: string description: |- `metadata` stores CEL-evaluated values under the `metadata` CEL variable for subsequent policy evaluations. `metadata` is evaluated before header or body transformations. maxProperties: 16 minProperties: 1 type: object remove: description: |- `remove` is a list of header names to remove from the request or response. items: description: An HTTP Header Name. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' maxItems: 16 minItems: 1 type: array x-kubernetes-list-type: set set: description: '`set` is a list of headers and the value they should be set to.' items: properties: name: description: The name of the header to add. maxLength: 256 minLength: 1 pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$ type: string x-kubernetes-validations: - message: pseudo-headers must be one of :authority, :method, :path, :scheme, or :status rule: '!self.startsWith('':'') || self in ['':authority'', '':method'', '':path'', '':scheme'', '':status'']' value: description: |- `value` is the CEL expression to apply to generate the output value for the header. maxLength: 16384 minLength: 1 type: string required: - name - value type: object maxItems: 16 minItems: 1 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map type: object x-kubernetes-validations: - message: at least one of the fields in [add body metadata remove set] must be set rule: '[has(self.add),has(self.body),has(self.metadata),has(self.remove),has(self.set)].filter(x,x==true).size() >= 1' type: object x-kubernetes-validations: - message: at least one of the fields in [request response] must be set rule: '[has(self.request),has(self.response)].filter(x,x==true).size() >= 1' tunnel: description: '`tunnel` defines settings for managing tunnel connections (with behavior like `HTTPS_PROXY`) to the backend.' properties: backendRef: description: |- `backendRef` references the proxy server to reach. Supported types: `Service` and `Backend`. properties: group: default: "" description: |- Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred. maxLength: 253 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string kind: default: Service description: |- Kind is the Kubernetes resource kind of the referent. For example "Service". Defaults to "Service" when not specified. ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. Support: Core (Services with a type other than ExternalName) Support: Implementation-specific (Services with type ExternalName) maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ type: string name: description: Name is the name of the referent. maxLength: 253 minLength: 1 type: string namespace: description: |- Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. Support: Core maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string port: description: |- Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field. format: int32 maximum: 65535 minimum: 1 type: integer required: - name type: object x-kubernetes-validations: - message: Must have port for Service reference rule: '(size(self.group) == 0 && self.kind == ''Service'') ? has(self.port) : true' required: - backendRef type: object type: object x-kubernetes-validations: - message: at least one of the fields in [ai auth health http mcp tcp tls transformation tunnel] must be set rule: '[has(self.ai),has(self.auth),has(self.health),has(self.http),has(self.mcp),has(self.tcp),has(self.tls),has(self.transformation),has(self.tunnel)].filter(x,x==true).size() >= 1' static: description: static represents a static hostname. properties: host: description: host to connect to. maxLength: 256 minLength: 1 type: string port: description: port to connect to. format: int32 maximum: 65535 minimum: 1 type: integer required: - host - port type: object type: object x-kubernetes-validations: - message: AI policies require AI backend rule: 'has(self.policies) && has(self.policies.ai) ? has(self.ai) : true' - message: MCP policies require MCP backend rule: 'has(self.policies) && has(self.policies.mcp) ? has(self.mcp) : true' - message: exactly one of the fields in [ai static dynamicForwardProxy mcp aws] must be set rule: '[has(self.ai),has(self.static),has(self.dynamicForwardProxy),has(self.mcp),has(self.aws)].filter(x,x==true).size() == 1' status: description: status defines the current state of AgentgatewayBackend. properties: conditions: description: Conditions is the list of conditions for the backend. items: description: Condition contains details for one aspect of the current state of this API Resource. properties: lastTransitionTime: description: |- lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- message is a human readable message indicating details about the transition. This may be an empty string. maxLength: 32768 type: string observedGeneration: description: |- observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: description: |- reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: description: status of the condition, one of True, False, Unknown. enum: - "True" - "False" - Unknown type: string type: description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - lastTransitionTime - message - reason - status - type type: object maxItems: 8 type: array x-kubernetes-list-map-keys: - type x-kubernetes-list-type: map type: object required: - spec type: object served: true storage: true subresources: status: {}