---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.20.0
labels:
app: agentgateway
app.kubernetes.io/name: agentgateway
gateway.networking.k8s.io/policy: Direct
name: agentgatewaypolicies.agentgateway.dev
spec:
group: agentgateway.dev
names:
categories:
- agentgateway
kind: AgentgatewayPolicy
listKind: AgentgatewayPolicyList
plural: agentgatewaypolicies
shortNames:
- agpol
singular: agentgatewaypolicy
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Agentgateway policy acceptance status
jsonPath: .status.ancestors[*].conditions[?(@.type=='Accepted')].status
name: Accepted
type: string
- description: Agentgateway policy attachment status
jsonPath: .status.ancestors[*].conditions[?(@.type=='Attached')].status
name: Attached
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: spec defines the desired state of AgentgatewayPolicy.
properties:
backend:
description: |-
backend defines settings for how to connect to destination backends.
A backend policy can target a `Gateway` (optionally, with a
`sectionName` indicating the listener), `ListenerSet`, `Route`
(optionally, with a `sectionName` indicating the route rule), or a
`Service` or `Backend` (optionally, with a `sectionName` indicating the
port for `Service`, or sub-backend for `Backend`).
Note that a backend policy applies when connecting to a specific destination backend. Targeting a higher level
resource, like `Gateway`, is just a way to easily apply a policy to a
group of backends.
When multiple policies are selected for a given request, they are merged on a field-level basis, but not a deep
merge. Precedence is given to more precise policies: `Gateway` <
`Listener` < `Route` < `Route Rule` < `Backend` or `Service`. For
example, if a `Gateway` policy sets `tcp` and `tls`, and a `Backend`
policy sets `tls`, the effective policy would be `tcp` from the
`Gateway`, and `tls` from the `Backend`.
properties:
ai:
description: |-
`ai` specifies settings for AI workloads. This is only applicable when
connecting to a `Backend` of type `ai`.
properties:
defaults:
description: Provide defaults to merge with user input fields.
If the field is already set, the field in the request is
used.
items:
description: "FieldDefault provides default values for specific
fields in the JSON request body sent to the LLM provider.
These
defaults are merged with the user-provided request to
ensure missing fields are populated.
User input fields
here refer to the fields in the JSON request body that
a client sends when making a request to the LLM provider.
Defaults
set here do _not_ override those user-provided values
unless you explicitly set `override` to `true`.
Example:
Setting a default system field for Anthropic, which does
not support system role messages:
defaults:
-
field: \"system\"
value: \"answer all questions
in French\"
Example: Setting a default temperature
and overriding `max_tokens`:
defaults:
- field:
\"temperature\"
value: \"0.5\"
- field: \"max_tokens\"
\ value: \"100\"
override: true
Example: Setting
custom lists fields:
defaults:
- field: \"custom_integer_list\"
\ value: [1,2,3]
overrides:
- field: \"custom_string_list\"
\ value: [\"one\",\"two\",\"three\"]
Note: The `field`
values correspond to keys in the JSON request body, not
fields in this CRD."
properties:
field:
allOf:
- minLength: 1
- minLength: 1
description: The name of the field.
maxLength: 256
type: string
value:
description: The field default value, which can be any
JSON Data Type.
x-kubernetes-preserve-unknown-fields: true
required:
- field
- value
type: object
maxItems: 64
minItems: 1
type: array
modelAliases:
additionalProperties:
type: string
description: |-
ModelAliases maps friendly model names to actual provider model names.
Example: `{"fast": "gpt-3.5-turbo", "smart": "gpt-4-turbo"}`.
Note: This field is only applicable when using the agentgateway data plane.
maxProperties: 64
type: object
overrides:
description: Provide overrides to merge with user input fields.
If the field is already set, the field will be overwritten.
items:
description: "FieldDefault provides default values for specific
fields in the JSON request body sent to the LLM provider.
These
defaults are merged with the user-provided request to
ensure missing fields are populated.
User input fields
here refer to the fields in the JSON request body that
a client sends when making a request to the LLM provider.
Defaults
set here do _not_ override those user-provided values
unless you explicitly set `override` to `true`.
Example:
Setting a default system field for Anthropic, which does
not support system role messages:
defaults:
-
field: \"system\"
value: \"answer all questions
in French\"
Example: Setting a default temperature
and overriding `max_tokens`:
defaults:
- field:
\"temperature\"
value: \"0.5\"
- field: \"max_tokens\"
\ value: \"100\"
override: true
Example: Setting
custom lists fields:
defaults:
- field: \"custom_integer_list\"
\ value: [1,2,3]
overrides:
- field: \"custom_string_list\"
\ value: [\"one\",\"two\",\"three\"]
Note: The `field`
values correspond to keys in the JSON request body, not
fields in this CRD."
properties:
field:
allOf:
- minLength: 1
- minLength: 1
description: The name of the field.
maxLength: 256
type: string
value:
description: The field default value, which can be any
JSON Data Type.
x-kubernetes-preserve-unknown-fields: true
required:
- field
- value
type: object
maxItems: 64
minItems: 1
type: array
prompt:
description: |-
Enrich requests sent to the LLM provider by appending and prepending system prompts. This can be configured only for
LLM providers that use the `CHAT` or `CHAT_STREAMING` API route type.
properties:
append:
description: A list of messages to be appended to the
prompt sent by the client.
items:
description: An entry for a message to prepend or append
to each prompt.
properties:
content:
description: String content of the message.
type: string
role:
description: |-
Role of the message. The available roles depend on the backend
LLM provider model, such as `SYSTEM` or `USER` in the OpenAI API.
type: string
required:
- content
- role
type: object
type: array
prepend:
description: A list of messages to be prepended to the
prompt sent by the client.
items:
description: An entry for a message to prepend or append
to each prompt.
properties:
content:
description: String content of the message.
type: string
role:
description: |-
Role of the message. The available roles depend on the backend
LLM provider model, such as `SYSTEM` or `USER` in the OpenAI API.
type: string
required:
- content
- role
type: object
type: array
type: object
promptCaching:
description: |-
`promptCaching` enables automatic prompt caching for supported
providers, currently AWS Bedrock.
Reduces API costs by caching static content like system prompts and tool definitions.
Only applicable for Bedrock Claude 3+ and Nova models.
properties:
cacheMessages:
default: true
description: |-
CacheMessages enables caching for conversation messages.
Caches all messages in the conversation for cost savings.
type: boolean
cacheSystem:
default: true
description: |-
CacheSystem enables caching for system prompts.
Inserts a cache point after all system messages.
type: boolean
cacheTools:
default: false
description: |-
CacheTools enables caching for tool definitions.
Inserts a cache point after all tool specifications.
type: boolean
minTokens:
default: 1024
description: |-
MinTokens specifies the minimum estimated token count
before caching is enabled. Uses rough heuristic (word count × 1.3) to estimate tokens.
Bedrock requires at least 1,024 tokens for caching to be effective.
minimum: 0
type: integer
type: object
promptGuard:
description: '`promptGuard` enables adding guardrails to LLM
requests and responses.'
properties:
request:
description: Prompt guards to apply to requests sent by
the client.
items:
description: PromptguardRequest defines the prompt guards
to apply to requests sent by the client.
properties:
bedrockGuardrails:
description: |-
`bedrockGuardrails` configures AWS Bedrock Guardrails for prompt
guarding.
properties:
identifier:
description: GuardrailIdentifier is the identifier
of the Guardrail policy to use for the backend.
maxLength: 256
minLength: 1
type: string
policies:
description: policies controls policies for
communicating with AWS Bedrock Guardrails.
properties:
auth:
description: '`auth` defines settings for
managing authentication to the backend.'
properties:
aws:
description: |-
Auth specifies an explicit AWS authentication method for the backend.
When omitted, we will try to use the default AWS SDK authentication methods.
properties:
secretRef:
description: |-
`secretRef` references a Kubernetes `Secret` containing the AWS
credentials. The `Secret` must have keys `accessKey`, `secretKey`, and
optionally `sessionToken`.
properties:
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
x-kubernetes-map-type: atomic
required:
- secretRef
type: object
azure:
description: Azure specifies an Azure
authentication method for the backend.
properties:
managedIdentity:
description: Details for managed
identity authentication
properties:
clientId:
type: string
objectId:
type: string
resourceId:
type: string
required:
- clientId
- objectId
- resourceId
type: object
secretRef:
description: |-
`secretRef` references a Kubernetes `Secret` containing the Azure
credentials. The `Secret` must have keys `clientId`, `tenantId`, and
`clientSecret`.
properties:
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
x-kubernetes-map-type: atomic
type: object
gcp:
description: |-
Auth specifies to use a Google authentication method for the backend.
When omitted, we will try to use the default AWS SDK authentication methods.
properties:
audience:
description: |-
`audience` allows explicitly configuring the `aud` of the ID token. Only
valid with `IdToken` type. If not set, the `aud` is automatically
derived from the backend hostname.
maxLength: 256
minLength: 1
type: string
type:
description: |-
The type of token to generate. To authenticate to GCP services,
generally an `AccessToken` is used. To authenticate to Cloud Run, an
`IdToken` is used.
enum:
- AccessToken
- IdToken
type: string
type: object
x-kubernetes-validations:
- message: audience is only valid with
IdToken
rule: 'has(self.audience) ? self.type
== ''IdToken'' : true'
key:
description: |-
`key` provides an inline key to use as the value of the
`Authorization` header. This option is the least secure; usage of a
`Secret` is preferred.
maxLength: 2048
type: string
passthrough:
description: |-
`passthrough` passes through an existing token that has been sent by the
client and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
type: object
secretRef:
description: |-
`secretRef` references a Kubernetes `Secret` storing the key to use as
the authorization value. This must be stored in the `Authorization` key.
properties:
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
x-kubernetes-map-type: atomic
type: object
x-kubernetes-validations:
- message: exactly one of the fields in
[key secretRef passthrough aws azure
gcp] must be set
rule: '[has(self.key),has(self.secretRef),has(self.passthrough),has(self.aws),has(self.azure),has(self.gcp)].filter(x,x==true).size()
== 1'
health:
description: health defines settings for
passive and active health checking.
properties:
eviction:
description: Eviction defines settings
for evicting unhealthy backends.
properties:
consecutiveFailures:
description: |-
ConsecutiveFailures is the number of consecutive unhealthy responses required before the backend is evicted.
For example, a value of 5 means the backend must receive 5 unhealthy responses in a row before being evicted.
When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met.
When neither is set, a single unhealthy response can trigger eviction.
format: int32
minimum: 0
type: integer
duration:
default: 3s
description: |-
Duration specifies the base time a backend should be evicted after being marked unhealthy.
Subsequent evictions use multiplicative backoff (duration * times_evicted).
If all endpoints are evicted, the load balancer falls back to returning evicted endpoints
rather than failing entirely.
If unset, defaults to `3s`.
type: string
x-kubernetes-validations:
- message: invalid duration value
rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')
- message: evictionDuration must
be at least 1 second
rule: duration(self) >= duration('1s')
healthThreshold:
description: |-
HealthThreshold is the EWMA (exponentially-weighted moving average) health score threshold, expressed as 0–100.
When set, a backend is only evicted if its computed health drops below this value after an unhealthy response.
For example, 50 means the backend is evicted when its EWMA health falls below 50% following failures.
Unlike consecutiveFailures (which counts consecutive failures), this uses a sliding-window average
so a single success in a stream of failures can delay eviction.
When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met.
When neither is set, a single unhealthy response triggers eviction.
format: int32
maximum: 100
minimum: 0
type: integer
restoreHealth:
description: |-
RestoreHealth is the health score (0–100) assigned to a backend when it returns from eviction.
For gradual recovery, set below 100; for full recovery immediately, set 100.
If unset, the backend resumes with the health it had when evicted.
format: int32
maximum: 100
minimum: 0
type: integer
type: object
unhealthyCondition:
description: |-
UnhealthyCondition is a CEL expression that determines whether a response indicates an unhealthy backend.
When the expression evaluates to true, the backend is considered unhealthy and may be evicted.
For example, to evict on 5xx responses: `response.code >= 500`.
When unset, any 5xx response, or a connection failure, is treated as unhealthy.
This default lowers the backend's health score but does not trigger eviction on its own.
maxLength: 16384
minLength: 1
type: string
type: object
http:
description: http defines settings for managing
HTTP requests to the backend.
properties:
requestTimeout:
description: requestTimeout specifies
the deadline for receiving a response
from the backend.
type: string
x-kubernetes-validations:
- message: invalid duration value
rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')
- message: requestTimeout must be at
least 1ms
rule: duration(self) >= duration('1ms')
version:
description: |-
`version` specifies the HTTP protocol version to use when connecting to
the backend.
If not specified, the version is automatically determined:
* `Service` types can specify it with `appProtocol` on the `Service`
port.
* If traffic is identified as gRPC, `HTTP2` is used.
* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS, `HTTP1` will be used. This is
because most clients will transparently upgrade HTTPS traffic to
`HTTP2`, even if the backend doesn't support it.
enum:
- HTTP1
- HTTP2
type: string
type: object
tcp:
description: tcp defines settings for managing
TCP connections to the backend.
properties:
connectTimeout:
description: |-
`connectTimeout` defines the deadline for establishing a connection to
the destination.
type: string
x-kubernetes-validations:
- message: invalid duration value
rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')
- message: connectTimeout must be at
least 100ms
rule: duration(self) >= duration('100ms')
keepalive:
description: |-
`keepAlive` defines settings for enabling TCP keepalives on the
connection.
properties:
interval:
description: |-
interval specifies the number of seconds between keep-alive probes.
If unset, this defaults to 180s.
type: string
x-kubernetes-validations:
- message: invalid duration value
rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')
- message: interval must be at least
1 second
rule: duration(self) >= duration('1s')
retries:
description: |-
retries specifies the maximum number of keep-alive probes to send before dropping the connection.
If unset, this defaults to 9.
format: int32
maximum: 64
minimum: 1
type: integer
time:
description: |-
time specifies the number of seconds a connection needs to be idle before keep-alive probes start being sent.
If unset, this defaults to 180s.
type: string
x-kubernetes-validations:
- message: invalid duration value
rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')
- message: time must be at least
1 second
rule: duration(self) >= duration('1s')
type: object
type: object
tls:
description: |-
tls defines settings for managing TLS connections to the backend.
If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to
validate the server, and the SNI will automatically be set based on the destination.
properties:
alpnProtocols:
description: |-
`alpnProtocols` sets the Application-Layer Protocol Negotiation (`ALPN`)
value to use in the TLS handshake.
If not present, defaults to `["h2", "http/1.1"]`.
items:
maxLength: 64
minLength: 1
type: string
maxItems: 16
minItems: 1
type: array
caCertificateRefs:
description: |-
`caCertificateRefs` defines the CA certificate `ConfigMap` to use to
verify the server certificate.
If unset, the system's trusted certificates are used.
items:
description: |-
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
properties:
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
x-kubernetes-map-type: atomic
maxItems: 1
type: array
x-kubernetes-list-type: atomic
insecureSkipVerify:
description: |-
insecureSkipVerify originates TLS but skips verification of the backend's certificate.
WARNING: This is an insecure option that should only be used if the risks are understood.
There are two modes:
* `All` disables all TLS verification.
* `Hostname` verifies the CA certificate is trusted, but ignores any
mismatch of hostname or SANs. Note that this method is still insecure;
prefer setting `verifySubjectAltNames` to customize the valid hostnames
if possible.
enum:
- All
- Hostname
type: string
mtlsCertificateRef:
description: |-
`mtlsCertificateRef` enables mutual TLS to the backend, using the
specified key (`tls.key`) and cert (`tls.crt`) from the referenced
`Secret`.
An optional `ca.cert` field, if present, will be used to verify the
server certificate. If `caCertificateRefs` is also specified, the
`caCertificateRefs` field takes priority.
If unspecified, no client certificate will be used.
items:
description: |-
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
properties:
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
x-kubernetes-map-type: atomic
maxItems: 1
type: array
x-kubernetes-list-type: atomic
sni:
description: |-
`sni` specifies the Server Name Indicator (`SNI`) to be used in the TLS
handshake. If unset, the `SNI` is automatically set based on the
destination hostname.
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
verifySubjectAltNames:
description: |-
`verifySubjectAltNames` specifies the Subject Alternative Names (`SAN`)
to verify in the server certificate.
If not present, the destination hostname is automatically used.
items:
maxLength: 256
minLength: 1
type: string
maxItems: 16
minItems: 1
type: array
type: object
x-kubernetes-validations:
- message: insecureSkipVerify All and caCertificateRefs
may not be set together
rule: 'has(self.insecureSkipVerify) &&
self.insecureSkipVerify == ''All'' ?
!has(self.caCertificateRefs) : true'
- message: insecureSkipVerify and verifySubjectAltNames
may not be set together
rule: 'has(self.insecureSkipVerify) ?
!has(self.verifySubjectAltNames) : true'
- message: at most one of the fields in
[verifySubjectAltNames insecureSkipVerify]
may be set
rule: '[has(self.verifySubjectAltNames),has(self.insecureSkipVerify)].filter(x,x==true).size()
<= 1'
transformation:
description: transformation is used to mutate
and transform requests and responses sent
to and from the backend.
properties:
request:
description: '`request` is used to modify
the request path.'
properties:
add:
description: |-
`add` is a list of headers to add to the request and what that value
should be set to. If there is already a header with these values then
append the value as an extra entry.
items:
properties:
name:
description: The name of the
header to add.
maxLength: 256
minLength: 1
pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$
type: string
x-kubernetes-validations:
- message: pseudo-headers
must be one of :authority,
:method, :path, :scheme,
or :status
rule: '!self.startsWith('':'')
|| self in ['':authority'',
'':method'', '':path'',
'':scheme'', '':status'']'
value:
description: |-
`value` is the CEL expression to apply to generate the output value for
the header.
maxLength: 16384
minLength: 1
type: string
required:
- name
- value
type: object
maxItems: 16
minItems: 1
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
body:
description: '`body` controls manipulation
of the HTTP body.'
maxLength: 16384
minLength: 1
type: string
metadata:
additionalProperties:
description: CELExpression represents
a Common Expression Language
(CEL) expression.
maxLength: 16384
minLength: 1
type: string
description: |-
`metadata` stores CEL-evaluated values under the `metadata` CEL variable
for subsequent policy evaluations. `metadata` is evaluated before header
or body transformations.
maxProperties: 16
minProperties: 1
type: object
remove:
description: |-
`remove` is a list of header names to remove from the request or
response.
items:
description: An HTTP Header Name.
maxLength: 256
minLength: 1
pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$
type: string
x-kubernetes-validations:
- message: pseudo-headers must
be one of :authority, :method,
:path, :scheme, or :status
rule: '!self.startsWith('':'')
|| self in ['':authority'',
'':method'', '':path'', '':scheme'',
'':status'']'
maxItems: 16
minItems: 1
type: array
x-kubernetes-list-type: set
set:
description: '`set` is a list of
headers and the value they should
be set to.'
items:
properties:
name:
description: The name of the
header to add.
maxLength: 256
minLength: 1
pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$
type: string
x-kubernetes-validations:
- message: pseudo-headers
must be one of :authority,
:method, :path, :scheme,
or :status
rule: '!self.startsWith('':'')
|| self in ['':authority'',
'':method'', '':path'',
'':scheme'', '':status'']'
value:
description: |-
`value` is the CEL expression to apply to generate the output value for
the header.
maxLength: 16384
minLength: 1
type: string
required:
- name
- value
type: object
maxItems: 16
minItems: 1
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
type: object
x-kubernetes-validations:
- message: at least one of the fields
in [add body metadata remove set]
must be set
rule: '[has(self.add),has(self.body),has(self.metadata),has(self.remove),has(self.set)].filter(x,x==true).size()
>= 1'
response:
description: '`response` is used to
modify the response path.'
properties:
add:
description: |-
`add` is a list of headers to add to the request and what that value
should be set to. If there is already a header with these values then
append the value as an extra entry.
items:
properties:
name:
description: The name of the
header to add.
maxLength: 256
minLength: 1
pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$
type: string
x-kubernetes-validations:
- message: pseudo-headers
must be one of :authority,
:method, :path, :scheme,
or :status
rule: '!self.startsWith('':'')
|| self in ['':authority'',
'':method'', '':path'',
'':scheme'', '':status'']'
value:
description: |-
`value` is the CEL expression to apply to generate the output value for
the header.
maxLength: 16384
minLength: 1
type: string
required:
- name
- value
type: object
maxItems: 16
minItems: 1
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
body:
description: '`body` controls manipulation
of the HTTP body.'
maxLength: 16384
minLength: 1
type: string
metadata:
additionalProperties:
description: CELExpression represents
a Common Expression Language
(CEL) expression.
maxLength: 16384
minLength: 1
type: string
description: |-
`metadata` stores CEL-evaluated values under the `metadata` CEL variable
for subsequent policy evaluations. `metadata` is evaluated before header
or body transformations.
maxProperties: 16
minProperties: 1
type: object
remove:
description: |-
`remove` is a list of header names to remove from the request or
response.
items:
description: An HTTP Header Name.
maxLength: 256
minLength: 1
pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$
type: string
x-kubernetes-validations:
- message: pseudo-headers must
be one of :authority, :method,
:path, :scheme, or :status
rule: '!self.startsWith('':'')
|| self in ['':authority'',
'':method'', '':path'', '':scheme'',
'':status'']'
maxItems: 16
minItems: 1
type: array
x-kubernetes-list-type: set
set:
description: '`set` is a list of
headers and the value they should
be set to.'
items:
properties:
name:
description: The name of the
header to add.
maxLength: 256
minLength: 1
pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$
type: string
x-kubernetes-validations:
- message: pseudo-headers
must be one of :authority,
:method, :path, :scheme,
or :status
rule: '!self.startsWith('':'')
|| self in ['':authority'',
'':method'', '':path'',
'':scheme'', '':status'']'
value:
description: |-
`value` is the CEL expression to apply to generate the output value for
the header.
maxLength: 16384
minLength: 1
type: string
required:
- name
- value
type: object
maxItems: 16
minItems: 1
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
type: object
x-kubernetes-validations:
- message: at least one of the fields
in [add body metadata remove set]
must be set
rule: '[has(self.add),has(self.body),has(self.metadata),has(self.remove),has(self.set)].filter(x,x==true).size()
>= 1'
type: object
x-kubernetes-validations:
- message: at least one of the fields in
[request response] must be set
rule: '[has(self.request),has(self.response)].filter(x,x==true).size()
>= 1'
tunnel:
description: '`tunnel` defines settings
for managing tunnel connections (with
behavior like `HTTPS_PROXY`) to the backend.'
properties:
backendRef:
description: |-
`backendRef` references the proxy server to reach.
Supported types: `Service` and `Backend`.
properties:
group:
default: ""
description: |-
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
default: Service
description: |-
Kind is the Kubernetes resource kind of the referent. For example
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
description: Name is the name of
the referent.
maxLength: 253
minLength: 1
type: string
namespace:
description: |-
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
port:
description: |-
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
format: int32
maximum: 65535
minimum: 1
type: integer
required:
- name
type: object
x-kubernetes-validations:
- message: Must have port for Service
reference
rule: '(size(self.group) == 0 && self.kind
== ''Service'') ? has(self.port)
: true'
required:
- backendRef
type: object
type: object
region:
description: |-
Region is the AWS region where the guardrail is deployed (for example,
`us-west-2`).
maxLength: 256
minLength: 1
type: string
version:
description: GuardrailVersion is the version
of the Guardrail policy to use for the backend.
maxLength: 256
minLength: 1
type: string
required:
- identifier
- region
- version
type: object
googleModelArmor:
description: '`googleModelArmor` configures Google
Model Armor for prompt guarding.'
properties:
location:
default: us-central1
description: |-
Location is the Google Cloud location (for example, `us-central1`).
Defaults to `us-central1` if not specified.
maxLength: 256
minLength: 1
type: string
policies:
description: policies controls policies for
communicating with Google Model Armor.
properties:
auth:
description: '`auth` defines settings for
managing authentication to the backend.'
properties:
aws:
description: |-
Auth specifies an explicit AWS authentication method for the backend.
When omitted, we will try to use the default AWS SDK authentication methods.
properties:
secretRef:
description: |-
`secretRef` references a Kubernetes `Secret` containing the AWS
credentials. The `Secret` must have keys `accessKey`, `secretKey`, and
optionally `sessionToken`.
properties:
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
x-kubernetes-map-type: atomic
required:
- secretRef
type: object
azure:
description: Azure specifies an Azure
authentication method for the backend.
properties:
managedIdentity:
description: Details for managed
identity authentication
properties:
clientId:
type: string
objectId:
type: string
resourceId:
type: string
required:
- clientId
- objectId
- resourceId
type: object
secretRef:
description: |-
`secretRef` references a Kubernetes `Secret` containing the Azure
credentials. The `Secret` must have keys `clientId`, `tenantId`, and
`clientSecret`.
properties:
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
x-kubernetes-map-type: atomic
type: object
gcp:
description: |-
Auth specifies to use a Google authentication method for the backend.
When omitted, we will try to use the default AWS SDK authentication methods.
properties:
audience:
description: |-
`audience` allows explicitly configuring the `aud` of the ID token. Only
valid with `IdToken` type. If not set, the `aud` is automatically
derived from the backend hostname.
maxLength: 256
minLength: 1
type: string
type:
description: |-
The type of token to generate. To authenticate to GCP services,
generally an `AccessToken` is used. To authenticate to Cloud Run, an
`IdToken` is used.
enum:
- AccessToken
- IdToken
type: string
type: object
x-kubernetes-validations:
- message: audience is only valid with
IdToken
rule: 'has(self.audience) ? self.type
== ''IdToken'' : true'
key:
description: |-
`key` provides an inline key to use as the value of the
`Authorization` header. This option is the least secure; usage of a
`Secret` is preferred.
maxLength: 2048
type: string
passthrough:
description: |-
`passthrough` passes through an existing token that has been sent by the
client and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
type: object
secretRef:
description: |-
`secretRef` references a Kubernetes `Secret` storing the key to use as
the authorization value. This must be stored in the `Authorization` key.
properties:
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
x-kubernetes-map-type: atomic
type: object
x-kubernetes-validations:
- message: exactly one of the fields in
[key secretRef passthrough aws azure
gcp] must be set
rule: '[has(self.key),has(self.secretRef),has(self.passthrough),has(self.aws),has(self.azure),has(self.gcp)].filter(x,x==true).size()
== 1'
health:
description: health defines settings for
passive and active health checking.
properties:
eviction:
description: Eviction defines settings
for evicting unhealthy backends.
properties:
consecutiveFailures:
description: |-
ConsecutiveFailures is the number of consecutive unhealthy responses required before the backend is evicted.
For example, a value of 5 means the backend must receive 5 unhealthy responses in a row before being evicted.
When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met.
When neither is set, a single unhealthy response can trigger eviction.
format: int32
minimum: 0
type: integer
duration:
default: 3s
description: |-
Duration specifies the base time a backend should be evicted after being marked unhealthy.
Subsequent evictions use multiplicative backoff (duration * times_evicted).
If all endpoints are evicted, the load balancer falls back to returning evicted endpoints
rather than failing entirely.
If unset, defaults to `3s`.
type: string
x-kubernetes-validations:
- message: invalid duration value
rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')
- message: evictionDuration must
be at least 1 second
rule: duration(self) >= duration('1s')
healthThreshold:
description: |-
HealthThreshold is the EWMA (exponentially-weighted moving average) health score threshold, expressed as 0–100.
When set, a backend is only evicted if its computed health drops below this value after an unhealthy response.
For example, 50 means the backend is evicted when its EWMA health falls below 50% following failures.
Unlike consecutiveFailures (which counts consecutive failures), this uses a sliding-window average
so a single success in a stream of failures can delay eviction.
When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met.
When neither is set, a single unhealthy response triggers eviction.
format: int32
maximum: 100
minimum: 0
type: integer
restoreHealth:
description: |-
RestoreHealth is the health score (0–100) assigned to a backend when it returns from eviction.
For gradual recovery, set below 100; for full recovery immediately, set 100.
If unset, the backend resumes with the health it had when evicted.
format: int32
maximum: 100
minimum: 0
type: integer
type: object
unhealthyCondition:
description: |-
UnhealthyCondition is a CEL expression that determines whether a response indicates an unhealthy backend.
When the expression evaluates to true, the backend is considered unhealthy and may be evicted.
For example, to evict on 5xx responses: `response.code >= 500`.
When unset, any 5xx response, or a connection failure, is treated as unhealthy.
This default lowers the backend's health score but does not trigger eviction on its own.
maxLength: 16384
minLength: 1
type: string
type: object
http:
description: http defines settings for managing
HTTP requests to the backend.
properties:
requestTimeout:
description: requestTimeout specifies
the deadline for receiving a response
from the backend.
type: string
x-kubernetes-validations:
- message: invalid duration value
rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')
- message: requestTimeout must be at
least 1ms
rule: duration(self) >= duration('1ms')
version:
description: |-
`version` specifies the HTTP protocol version to use when connecting to
the backend.
If not specified, the version is automatically determined:
* `Service` types can specify it with `appProtocol` on the `Service`
port.
* If traffic is identified as gRPC, `HTTP2` is used.
* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS, `HTTP1` will be used. This is
because most clients will transparently upgrade HTTPS traffic to
`HTTP2`, even if the backend doesn't support it.
enum:
- HTTP1
- HTTP2
type: string
type: object
tcp:
description: tcp defines settings for managing
TCP connections to the backend.
properties:
connectTimeout:
description: |-
`connectTimeout` defines the deadline for establishing a connection to
the destination.
type: string
x-kubernetes-validations:
- message: invalid duration value
rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')
- message: connectTimeout must be at
least 100ms
rule: duration(self) >= duration('100ms')
keepalive:
description: |-
`keepAlive` defines settings for enabling TCP keepalives on the
connection.
properties:
interval:
description: |-
interval specifies the number of seconds between keep-alive probes.
If unset, this defaults to 180s.
type: string
x-kubernetes-validations:
- message: invalid duration value
rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')
- message: interval must be at least
1 second
rule: duration(self) >= duration('1s')
retries:
description: |-
retries specifies the maximum number of keep-alive probes to send before dropping the connection.
If unset, this defaults to 9.
format: int32
maximum: 64
minimum: 1
type: integer
time:
description: |-
time specifies the number of seconds a connection needs to be idle before keep-alive probes start being sent.
If unset, this defaults to 180s.
type: string
x-kubernetes-validations:
- message: invalid duration value
rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')
- message: time must be at least
1 second
rule: duration(self) >= duration('1s')
type: object
type: object
tls:
description: |-
tls defines settings for managing TLS connections to the backend.
If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to
validate the server, and the SNI will automatically be set based on the destination.
properties:
alpnProtocols:
description: |-
`alpnProtocols` sets the Application-Layer Protocol Negotiation (`ALPN`)
value to use in the TLS handshake.
If not present, defaults to `["h2", "http/1.1"]`.
items:
maxLength: 64
minLength: 1
type: string
maxItems: 16
minItems: 1
type: array
caCertificateRefs:
description: |-
`caCertificateRefs` defines the CA certificate `ConfigMap` to use to
verify the server certificate.
If unset, the system's trusted certificates are used.
items:
description: |-
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
properties:
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
x-kubernetes-map-type: atomic
maxItems: 1
type: array
x-kubernetes-list-type: atomic
insecureSkipVerify:
description: |-
insecureSkipVerify originates TLS but skips verification of the backend's certificate.
WARNING: This is an insecure option that should only be used if the risks are understood.
There are two modes:
* `All` disables all TLS verification.
* `Hostname` verifies the CA certificate is trusted, but ignores any
mismatch of hostname or SANs. Note that this method is still insecure;
prefer setting `verifySubjectAltNames` to customize the valid hostnames
if possible.
enum:
- All
- Hostname
type: string
mtlsCertificateRef:
description: |-
`mtlsCertificateRef` enables mutual TLS to the backend, using the
specified key (`tls.key`) and cert (`tls.crt`) from the referenced
`Secret`.
An optional `ca.cert` field, if present, will be used to verify the
server certificate. If `caCertificateRefs` is also specified, the
`caCertificateRefs` field takes priority.
If unspecified, no client certificate will be used.
items:
description: |-
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
properties:
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
x-kubernetes-map-type: atomic
maxItems: 1
type: array
x-kubernetes-list-type: atomic
sni:
description: |-
`sni` specifies the Server Name Indicator (`SNI`) to be used in the TLS
handshake. If unset, the `SNI` is automatically set based on the
destination hostname.
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
verifySubjectAltNames:
description: |-
`verifySubjectAltNames` specifies the Subject Alternative Names (`SAN`)
to verify in the server certificate.
If not present, the destination hostname is automatically used.
items:
maxLength: 256
minLength: 1
type: string
maxItems: 16
minItems: 1
type: array
type: object
x-kubernetes-validations:
- message: insecureSkipVerify All and caCertificateRefs
may not be set together
rule: 'has(self.insecureSkipVerify) &&
self.insecureSkipVerify == ''All'' ?
!has(self.caCertificateRefs) : true'
- message: insecureSkipVerify and verifySubjectAltNames
may not be set together
rule: 'has(self.insecureSkipVerify) ?
!has(self.verifySubjectAltNames) : true'
- message: at most one of the fields in
[verifySubjectAltNames insecureSkipVerify]
may be set
rule: '[has(self.verifySubjectAltNames),has(self.insecureSkipVerify)].filter(x,x==true).size()
<= 1'
transformation:
description: transformation is used to mutate
and transform requests and responses sent
to and from the backend.
properties:
request:
description: '`request` is used to modify
the request path.'
properties:
add:
description: |-
`add` is a list of headers to add to the request and what that value
should be set to. If there is already a header with these values then
append the value as an extra entry.
items:
properties:
name:
description: The name of the
header to add.
maxLength: 256
minLength: 1
pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$
type: string
x-kubernetes-validations:
- message: pseudo-headers
must be one of :authority,
:method, :path, :scheme,
or :status
rule: '!self.startsWith('':'')
|| self in ['':authority'',
'':method'', '':path'',
'':scheme'', '':status'']'
value:
description: |-
`value` is the CEL expression to apply to generate the output value for
the header.
maxLength: 16384
minLength: 1
type: string
required:
- name
- value
type: object
maxItems: 16
minItems: 1
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
body:
description: '`body` controls manipulation
of the HTTP body.'
maxLength: 16384
minLength: 1
type: string
metadata:
additionalProperties:
description: CELExpression represents
a Common Expression Language
(CEL) expression.
maxLength: 16384
minLength: 1
type: string
description: |-
`metadata` stores CEL-evaluated values under the `metadata` CEL variable
for subsequent policy evaluations. `metadata` is evaluated before header
or body transformations.
maxProperties: 16
minProperties: 1
type: object
remove:
description: |-
`remove` is a list of header names to remove from the request or
response.
items:
description: An HTTP Header Name.
maxLength: 256
minLength: 1
pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$
type: string
x-kubernetes-validations:
- message: pseudo-headers must
be one of :authority, :method,
:path, :scheme, or :status
rule: '!self.startsWith('':'')
|| self in ['':authority'',
'':method'', '':path'', '':scheme'',
'':status'']'
maxItems: 16
minItems: 1
type: array
x-kubernetes-list-type: set
set:
description: '`set` is a list of
headers and the value they should
be set to.'
items:
properties:
name:
description: The name of the
header to add.
maxLength: 256
minLength: 1
pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$
type: string
x-kubernetes-validations:
- message: pseudo-headers
must be one of :authority,
:method, :path, :scheme,
or :status
rule: '!self.startsWith('':'')
|| self in ['':authority'',
'':method'', '':path'',
'':scheme'', '':status'']'
value:
description: |-
`value` is the CEL expression to apply to generate the output value for
the header.
maxLength: 16384
minLength: 1
type: string
required:
- name
- value
type: object
maxItems: 16
minItems: 1
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
type: object
x-kubernetes-validations:
- message: at least one of the fields
in [add body metadata remove set]
must be set
rule: '[has(self.add),has(self.body),has(self.metadata),has(self.remove),has(self.set)].filter(x,x==true).size()
>= 1'
response:
description: '`response` is used to
modify the response path.'
properties:
add:
description: |-
`add` is a list of headers to add to the request and what that value
should be set to. If there is already a header with these values then
append the value as an extra entry.
items:
properties:
name:
description: The name of the
header to add.
maxLength: 256
minLength: 1
pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$
type: string
x-kubernetes-validations:
- message: pseudo-headers
must be one of :authority,
:method, :path, :scheme,
or :status
rule: '!self.startsWith('':'')
|| self in ['':authority'',
'':method'', '':path'',
'':scheme'', '':status'']'
value:
description: |-
`value` is the CEL expression to apply to generate the output value for
the header.
maxLength: 16384
minLength: 1
type: string
required:
- name
- value
type: object
maxItems: 16
minItems: 1
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
body:
description: '`body` controls manipulation
of the HTTP body.'
maxLength: 16384
minLength: 1
type: string
metadata:
additionalProperties:
description: CELExpression represents
a Common Expression Language
(CEL) expression.
maxLength: 16384
minLength: 1
type: string
description: |-
`metadata` stores CEL-evaluated values under the `metadata` CEL variable
for subsequent policy evaluations. `metadata` is evaluated before header
or body transformations.
maxProperties: 16
minProperties: 1
type: object
remove:
description: |-
`remove` is a list of header names to remove from the request or
response.
items:
description: An HTTP Header Name.
maxLength: 256
minLength: 1
pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$
type: string
x-kubernetes-validations:
- message: pseudo-headers must
be one of :authority, :method,
:path, :scheme, or :status
rule: '!self.startsWith('':'')
|| self in ['':authority'',
'':method'', '':path'', '':scheme'',
'':status'']'
maxItems: 16
minItems: 1
type: array
x-kubernetes-list-type: set
set:
description: '`set` is a list of
headers and the value they should
be set to.'
items:
properties:
name:
description: The name of the
header to add.
maxLength: 256
minLength: 1
pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$
type: string
x-kubernetes-validations:
- message: pseudo-headers
must be one of :authority,
:method, :path, :scheme,
or :status
rule: '!self.startsWith('':'')
|| self in ['':authority'',
'':method'', '':path'',
'':scheme'', '':status'']'
value:
description: |-
`value` is the CEL expression to apply to generate the output value for
the header.
maxLength: 16384
minLength: 1
type: string
required:
- name
- value
type: object
maxItems: 16
minItems: 1
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
type: object
x-kubernetes-validations:
- message: at least one of the fields
in [add body metadata remove set]
must be set
rule: '[has(self.add),has(self.body),has(self.metadata),has(self.remove),has(self.set)].filter(x,x==true).size()
>= 1'
type: object
x-kubernetes-validations:
- message: at least one of the fields in
[request response] must be set
rule: '[has(self.request),has(self.response)].filter(x,x==true).size()
>= 1'
tunnel:
description: '`tunnel` defines settings
for managing tunnel connections (with
behavior like `HTTPS_PROXY`) to the backend.'
properties:
backendRef:
description: |-
`backendRef` references the proxy server to reach.
Supported types: `Service` and `Backend`.
properties:
group:
default: ""
description: |-
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
default: Service
description: |-
Kind is the Kubernetes resource kind of the referent. For example
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
description: Name is the name of
the referent.
maxLength: 253
minLength: 1
type: string
namespace:
description: |-
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
port:
description: |-
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
format: int32
maximum: 65535
minimum: 1
type: integer
required:
- name
type: object
x-kubernetes-validations:
- message: Must have port for Service
reference
rule: '(size(self.group) == 0 && self.kind
== ''Service'') ? has(self.port)
: true'
required:
- backendRef
type: object
type: object
projectId:
description: ProjectID is the Google Cloud project
ID.
maxLength: 256
minLength: 1
type: string
templateId:
description: TemplateID is the template ID for
Google Model Armor.
maxLength: 256
minLength: 1
type: string
required:
- projectId
- templateId
type: object
openAIModeration:
description: |-
`openAIModeration` passes prompt data through the OpenAI Moderations
endpoint.
See https://developers.openai.com/api/reference/resources/moderations for more information.
properties:
model:
description: |-
`model` specifies the moderation model to use. For example,
`omni-moderation`.
type: string
policies:
description: policies controls policies for
communicating with OpenAI.
properties:
auth:
description: '`auth` defines settings for
managing authentication to the backend.'
properties:
aws:
description: |-
Auth specifies an explicit AWS authentication method for the backend.
When omitted, we will try to use the default AWS SDK authentication methods.
properties:
secretRef:
description: |-
`secretRef` references a Kubernetes `Secret` containing the AWS
credentials. The `Secret` must have keys `accessKey`, `secretKey`, and
optionally `sessionToken`.
properties:
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
x-kubernetes-map-type: atomic
required:
- secretRef
type: object
azure:
description: Azure specifies an Azure
authentication method for the backend.
properties:
managedIdentity:
description: Details for managed
identity authentication
properties:
clientId:
type: string
objectId:
type: string
resourceId:
type: string
required:
- clientId
- objectId
- resourceId
type: object
secretRef:
description: |-
`secretRef` references a Kubernetes `Secret` containing the Azure
credentials. The `Secret` must have keys `clientId`, `tenantId`, and
`clientSecret`.
properties:
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
x-kubernetes-map-type: atomic
type: object
gcp:
description: |-
Auth specifies to use a Google authentication method for the backend.
When omitted, we will try to use the default AWS SDK authentication methods.
properties:
audience:
description: |-
`audience` allows explicitly configuring the `aud` of the ID token. Only
valid with `IdToken` type. If not set, the `aud` is automatically
derived from the backend hostname.
maxLength: 256
minLength: 1
type: string
type:
description: |-
The type of token to generate. To authenticate to GCP services,
generally an `AccessToken` is used. To authenticate to Cloud Run, an
`IdToken` is used.
enum:
- AccessToken
- IdToken
type: string
type: object
x-kubernetes-validations:
- message: audience is only valid with
IdToken
rule: 'has(self.audience) ? self.type
== ''IdToken'' : true'
key:
description: |-
`key` provides an inline key to use as the value of the
`Authorization` header. This option is the least secure; usage of a
`Secret` is preferred.
maxLength: 2048
type: string
passthrough:
description: |-
`passthrough` passes through an existing token that has been sent by the
client and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
type: object
secretRef:
description: |-
`secretRef` references a Kubernetes `Secret` storing the key to use as
the authorization value. This must be stored in the `Authorization` key.
properties:
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
x-kubernetes-map-type: atomic
type: object
x-kubernetes-validations:
- message: exactly one of the fields in
[key secretRef passthrough aws azure
gcp] must be set
rule: '[has(self.key),has(self.secretRef),has(self.passthrough),has(self.aws),has(self.azure),has(self.gcp)].filter(x,x==true).size()
== 1'
health:
description: health defines settings for
passive and active health checking.
properties:
eviction:
description: Eviction defines settings
for evicting unhealthy backends.
properties:
consecutiveFailures:
description: |-
ConsecutiveFailures is the number of consecutive unhealthy responses required before the backend is evicted.
For example, a value of 5 means the backend must receive 5 unhealthy responses in a row before being evicted.
When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met.
When neither is set, a single unhealthy response can trigger eviction.
format: int32
minimum: 0
type: integer
duration:
default: 3s
description: |-
Duration specifies the base time a backend should be evicted after being marked unhealthy.
Subsequent evictions use multiplicative backoff (duration * times_evicted).
If all endpoints are evicted, the load balancer falls back to returning evicted endpoints
rather than failing entirely.
If unset, defaults to `3s`.
type: string
x-kubernetes-validations:
- message: invalid duration value
rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')
- message: evictionDuration must
be at least 1 second
rule: duration(self) >= duration('1s')
healthThreshold:
description: |-
HealthThreshold is the EWMA (exponentially-weighted moving average) health score threshold, expressed as 0–100.
When set, a backend is only evicted if its computed health drops below this value after an unhealthy response.
For example, 50 means the backend is evicted when its EWMA health falls below 50% following failures.
Unlike consecutiveFailures (which counts consecutive failures), this uses a sliding-window average
so a single success in a stream of failures can delay eviction.
When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met.
When neither is set, a single unhealthy response triggers eviction.
format: int32
maximum: 100
minimum: 0
type: integer
restoreHealth:
description: |-
RestoreHealth is the health score (0–100) assigned to a backend when it returns from eviction.
For gradual recovery, set below 100; for full recovery immediately, set 100.
If unset, the backend resumes with the health it had when evicted.
format: int32
maximum: 100
minimum: 0
type: integer
type: object
unhealthyCondition:
description: |-
UnhealthyCondition is a CEL expression that determines whether a response indicates an unhealthy backend.
When the expression evaluates to true, the backend is considered unhealthy and may be evicted.
For example, to evict on 5xx responses: `response.code >= 500`.
When unset, any 5xx response, or a connection failure, is treated as unhealthy.
This default lowers the backend's health score but does not trigger eviction on its own.
maxLength: 16384
minLength: 1
type: string
type: object
http:
description: http defines settings for managing
HTTP requests to the backend.
properties:
requestTimeout:
description: requestTimeout specifies
the deadline for receiving a response
from the backend.
type: string
x-kubernetes-validations:
- message: invalid duration value
rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')
- message: requestTimeout must be at
least 1ms
rule: duration(self) >= duration('1ms')
version:
description: |-
`version` specifies the HTTP protocol version to use when connecting to
the backend.
If not specified, the version is automatically determined:
* `Service` types can specify it with `appProtocol` on the `Service`
port.
* If traffic is identified as gRPC, `HTTP2` is used.
* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS, `HTTP1` will be used. This is
because most clients will transparently upgrade HTTPS traffic to
`HTTP2`, even if the backend doesn't support it.
enum:
- HTTP1
- HTTP2
type: string
type: object
tcp:
description: tcp defines settings for managing
TCP connections to the backend.
properties:
connectTimeout:
description: |-
`connectTimeout` defines the deadline for establishing a connection to
the destination.
type: string
x-kubernetes-validations:
- message: invalid duration value
rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')
- message: connectTimeout must be at
least 100ms
rule: duration(self) >= duration('100ms')
keepalive:
description: |-
`keepAlive` defines settings for enabling TCP keepalives on the
connection.
properties:
interval:
description: |-
interval specifies the number of seconds between keep-alive probes.
If unset, this defaults to 180s.
type: string
x-kubernetes-validations:
- message: invalid duration value
rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')
- message: interval must be at least
1 second
rule: duration(self) >= duration('1s')
retries:
description: |-
retries specifies the maximum number of keep-alive probes to send before dropping the connection.
If unset, this defaults to 9.
format: int32
maximum: 64
minimum: 1
type: integer
time:
description: |-
time specifies the number of seconds a connection needs to be idle before keep-alive probes start being sent.
If unset, this defaults to 180s.
type: string
x-kubernetes-validations:
- message: invalid duration value
rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')
- message: time must be at least
1 second
rule: duration(self) >= duration('1s')
type: object
type: object
tls:
description: |-
tls defines settings for managing TLS connections to the backend.
If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to
validate the server, and the SNI will automatically be set based on the destination.
properties:
alpnProtocols:
description: |-
`alpnProtocols` sets the Application-Layer Protocol Negotiation (`ALPN`)
value to use in the TLS handshake.
If not present, defaults to `["h2", "http/1.1"]`.
items:
maxLength: 64
minLength: 1
type: string
maxItems: 16
minItems: 1
type: array
caCertificateRefs:
description: |-
`caCertificateRefs` defines the CA certificate `ConfigMap` to use to
verify the server certificate.
If unset, the system's trusted certificates are used.
items:
description: |-
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
properties:
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
x-kubernetes-map-type: atomic
maxItems: 1
type: array
x-kubernetes-list-type: atomic
insecureSkipVerify:
description: |-
insecureSkipVerify originates TLS but skips verification of the backend's certificate.
WARNING: This is an insecure option that should only be used if the risks are understood.
There are two modes:
* `All` disables all TLS verification.
* `Hostname` verifies the CA certificate is trusted, but ignores any
mismatch of hostname or SANs. Note that this method is still insecure;
prefer setting `verifySubjectAltNames` to customize the valid hostnames
if possible.
enum:
- All
- Hostname
type: string
mtlsCertificateRef:
description: |-
`mtlsCertificateRef` enables mutual TLS to the backend, using the
specified key (`tls.key`) and cert (`tls.crt`) from the referenced
`Secret`.
An optional `ca.cert` field, if present, will be used to verify the
server certificate. If `caCertificateRefs` is also specified, the
`caCertificateRefs` field takes priority.
If unspecified, no client certificate will be used.
items:
description: |-
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
properties:
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
x-kubernetes-map-type: atomic
maxItems: 1
type: array
x-kubernetes-list-type: atomic
sni:
description: |-
`sni` specifies the Server Name Indicator (`SNI`) to be used in the TLS
handshake. If unset, the `SNI` is automatically set based on the
destination hostname.
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
verifySubjectAltNames:
description: |-
`verifySubjectAltNames` specifies the Subject Alternative Names (`SAN`)
to verify in the server certificate.
If not present, the destination hostname is automatically used.
items:
maxLength: 256
minLength: 1
type: string
maxItems: 16
minItems: 1
type: array
type: object
x-kubernetes-validations:
- message: insecureSkipVerify All and caCertificateRefs
may not be set together
rule: 'has(self.insecureSkipVerify) &&
self.insecureSkipVerify == ''All'' ?
!has(self.caCertificateRefs) : true'
- message: insecureSkipVerify and verifySubjectAltNames
may not be set together
rule: 'has(self.insecureSkipVerify) ?
!has(self.verifySubjectAltNames) : true'
- message: at most one of the fields in
[verifySubjectAltNames insecureSkipVerify]
may be set
rule: '[has(self.verifySubjectAltNames),has(self.insecureSkipVerify)].filter(x,x==true).size()
<= 1'
transformation:
description: transformation is used to mutate
and transform requests and responses sent
to and from the backend.
properties:
request:
description: '`request` is used to modify
the request path.'
properties:
add:
description: |-
`add` is a list of headers to add to the request and what that value
should be set to. If there is already a header with these values then
append the value as an extra entry.
items:
properties:
name:
description: The name of the
header to add.
maxLength: 256
minLength: 1
pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$
type: string
x-kubernetes-validations:
- message: pseudo-headers
must be one of :authority,
:method, :path, :scheme,
or :status
rule: '!self.startsWith('':'')
|| self in ['':authority'',
'':method'', '':path'',
'':scheme'', '':status'']'
value:
description: |-
`value` is the CEL expression to apply to generate the output value for
the header.
maxLength: 16384
minLength: 1
type: string
required:
- name
- value
type: object
maxItems: 16
minItems: 1
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
body:
description: '`body` controls manipulation
of the HTTP body.'
maxLength: 16384
minLength: 1
type: string
metadata:
additionalProperties:
description: CELExpression represents
a Common Expression Language
(CEL) expression.
maxLength: 16384
minLength: 1
type: string
description: |-
`metadata` stores CEL-evaluated values under the `metadata` CEL variable
for subsequent policy evaluations. `metadata` is evaluated before header
or body transformations.
maxProperties: 16
minProperties: 1
type: object
remove:
description: |-
`remove` is a list of header names to remove from the request or
response.
items:
description: An HTTP Header Name.
maxLength: 256
minLength: 1
pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$
type: string
x-kubernetes-validations:
- message: pseudo-headers must
be one of :authority, :method,
:path, :scheme, or :status
rule: '!self.startsWith('':'')
|| self in ['':authority'',
'':method'', '':path'', '':scheme'',
'':status'']'
maxItems: 16
minItems: 1
type: array
x-kubernetes-list-type: set
set:
description: '`set` is a list of
headers and the value they should
be set to.'
items:
properties:
name:
description: The name of the
header to add.
maxLength: 256
minLength: 1
pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$
type: string
x-kubernetes-validations:
- message: pseudo-headers
must be one of :authority,
:method, :path, :scheme,
or :status
rule: '!self.startsWith('':'')
|| self in ['':authority'',
'':method'', '':path'',
'':scheme'', '':status'']'
value:
description: |-
`value` is the CEL expression to apply to generate the output value for
the header.
maxLength: 16384
minLength: 1
type: string
required:
- name
- value
type: object
maxItems: 16
minItems: 1
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
type: object
x-kubernetes-validations:
- message: at least one of the fields
in [add body metadata remove set]
must be set
rule: '[has(self.add),has(self.body),has(self.metadata),has(self.remove),has(self.set)].filter(x,x==true).size()
>= 1'
response:
description: '`response` is used to
modify the response path.'
properties:
add:
description: |-
`add` is a list of headers to add to the request and what that value
should be set to. If there is already a header with these values then
append the value as an extra entry.
items:
properties:
name:
description: The name of the
header to add.
maxLength: 256
minLength: 1
pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$
type: string
x-kubernetes-validations:
- message: pseudo-headers
must be one of :authority,
:method, :path, :scheme,
or :status
rule: '!self.startsWith('':'')
|| self in ['':authority'',
'':method'', '':path'',
'':scheme'', '':status'']'
value:
description: |-
`value` is the CEL expression to apply to generate the output value for
the header.
maxLength: 16384
minLength: 1
type: string
required:
- name
- value
type: object
maxItems: 16
minItems: 1
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
body:
description: '`body` controls manipulation
of the HTTP body.'
maxLength: 16384
minLength: 1
type: string
metadata:
additionalProperties:
description: CELExpression represents
a Common Expression Language
(CEL) expression.
maxLength: 16384
minLength: 1
type: string
description: |-
`metadata` stores CEL-evaluated values under the `metadata` CEL variable
for subsequent policy evaluations. `metadata` is evaluated before header
or body transformations.
maxProperties: 16
minProperties: 1
type: object
remove:
description: |-
`remove` is a list of header names to remove from the request or
response.
items:
description: An HTTP Header Name.
maxLength: 256
minLength: 1
pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$
type: string
x-kubernetes-validations:
- message: pseudo-headers must
be one of :authority, :method,
:path, :scheme, or :status
rule: '!self.startsWith('':'')
|| self in ['':authority'',
'':method'', '':path'', '':scheme'',
'':status'']'
maxItems: 16
minItems: 1
type: array
x-kubernetes-list-type: set
set:
description: '`set` is a list of
headers and the value they should
be set to.'
items:
properties:
name:
description: The name of the
header to add.
maxLength: 256
minLength: 1
pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$
type: string
x-kubernetes-validations:
- message: pseudo-headers
must be one of :authority,
:method, :path, :scheme,
or :status
rule: '!self.startsWith('':'')
|| self in ['':authority'',
'':method'', '':path'',
'':scheme'', '':status'']'
value:
description: |-
`value` is the CEL expression to apply to generate the output value for
the header.
maxLength: 16384
minLength: 1
type: string
required:
- name
- value
type: object
maxItems: 16
minItems: 1
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
type: object
x-kubernetes-validations:
- message: at least one of the fields
in [add body metadata remove set]
must be set
rule: '[has(self.add),has(self.body),has(self.metadata),has(self.remove),has(self.set)].filter(x,x==true).size()
>= 1'
type: object
x-kubernetes-validations:
- message: at least one of the fields in
[request response] must be set
rule: '[has(self.request),has(self.response)].filter(x,x==true).size()
>= 1'
tunnel:
description: '`tunnel` defines settings
for managing tunnel connections (with
behavior like `HTTPS_PROXY`) to the backend.'
properties:
backendRef:
description: |-
`backendRef` references the proxy server to reach.
Supported types: `Service` and `Backend`.
properties:
group:
default: ""
description: |-
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
default: Service
description: |-
Kind is the Kubernetes resource kind of the referent. For example
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
description: Name is the name of
the referent.
maxLength: 253
minLength: 1
type: string
namespace:
description: |-
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
port:
description: |-
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
format: int32
maximum: 65535
minimum: 1
type: integer
required:
- name
type: object
x-kubernetes-validations:
- message: Must have port for Service
reference
rule: '(size(self.group) == 0 && self.kind
== ''Service'') ? has(self.port)
: true'
required:
- backendRef
type: object
type: object
type: object
regex:
description: Regular expression (regex) matching
for prompt guards and data masking.
properties:
action:
default: Mask
description: |-
The action to take if a regex pattern is matched in a request or response.
This setting applies only to request matches. `PromptguardResponse`
matches are always masked by default.
Defaults to `Mask`.
enum:
- Mask
- Reject
type: string
builtins:
description: |-
A list of built-in regex patterns to match against the request or response.
Matches and built-ins are additive.
items:
description: |-
Built-in regex patterns for specific types of strings in prompts.
For example, if you specify `CreditCard`, any credit card numbers
in the request or response are matched.
enum:
- Ssn
- CreditCard
- PhoneNumber
- Email
- CaSin
type: string
type: array
matches:
description: |-
A list of regex patterns to match against the request or response.
Matches and built-ins are additive.
items:
maxLength: 1024
minLength: 1
type: string
type: array
type: object
response:
description: |-
A custom response message to return to the client. If not specified, defaults to
`The request was rejected due to inappropriate content`.
properties:
message:
default: The request was rejected due to inappropriate
content
description: |-
A custom response message to return to the client. If not specified, defaults to
`The request was rejected due to inappropriate content`.
type: string
statusCode:
default: 403
description: The status code to return to the
client. Defaults to 403.
format: int32
maximum: 599
minimum: 200
type: integer
type: object
x-kubernetes-validations:
- message: at least one of the fields in [message
statusCode] must be set
rule: '[has(self.message),has(self.statusCode)].filter(x,x==true).size()
>= 1'
webhook:
description: Configure a webhook to forward requests
to for prompt guarding.
properties:
backendRef:
description: |-
backendRef references the webhook server to reach.
Supported types: Service and Backend.
properties:
group:
default: ""
description: |-
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
default: Service
description: |-
Kind is the Kubernetes resource kind of the referent. For example
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
description: Name is the name of the referent.
maxLength: 253
minLength: 1
type: string
namespace:
description: |-
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
port:
description: |-
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
format: int32
maximum: 65535
minimum: 1
type: integer
required:
- name
type: object
x-kubernetes-validations:
- message: Must have port for Service reference
rule: '(size(self.group) == 0 && self.kind
== ''Service'') ? has(self.port) : true'
forwardHeaderMatches:
description: |-
ForwardHeaderMatches defines a list of HTTP header matches that will be
used to select the headers to forward to the webhook.
Request headers are used when forwarding requests and response headers
are used when forwarding responses.
By default, no headers are forwarded.
items:
description: |-
HTTPHeaderMatch describes how to select a HTTP route by matching HTTP request
headers.
properties:
name:
description: |-
Name is the name of the HTTP Header to be matched. Name matching MUST be
case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
If multiple entries specify equivalent header names, only the first
entry with an equivalent name MUST be considered for a match. Subsequent
entries with an equivalent header name MUST be ignored. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered
equivalent.
When a header is repeated in an HTTP request, it is
implementation-specific behavior as to how this is represented.
Generally, proxies should follow the guidance from the RFC:
https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding
processing a repeated header, with special handling for "Set-Cookie".
maxLength: 256
minLength: 1
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_`|~]+$
type: string
type:
default: Exact
description: |-
Type specifies how to match against the value of the header.
Support: Core (Exact)
Support: Implementation-specific (RegularExpression)
Since RegularExpression HeaderMatchType has implementation-specific
conformance, implementations can support POSIX, PCRE or any other dialects
of regular expressions. Please read the implementation's documentation to
determine the supported dialect.
enum:
- Exact
- RegularExpression
type: string
value:
description: |-
Value is the value of HTTP Header to be matched.
Must consist of printable US-ASCII characters, optionally separated
by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2
maxLength: 4096
minLength: 1
type: string
required:
- name
- value
type: object
type: array
required:
- backendRef
type: object
type: object
x-kubernetes-validations:
- message: exactly one of the fields in [regex webhook
openAIModeration bedrockGuardrails googleModelArmor]
must be set
rule: '[has(self.regex),has(self.webhook),has(self.openAIModeration),has(self.bedrockGuardrails),has(self.googleModelArmor)].filter(x,x==true).size()
== 1'
maxItems: 8
minItems: 1
type: array
response:
description: Prompt guards to apply to responses returned
by the LLM provider.
items:
description: PromptguardResponse configures the response
that the prompt guard applies to responses returned
by the LLM provider.
properties:
bedrockGuardrails:
description: |-
`bedrockGuardrails` configures AWS Bedrock Guardrails for prompt
guarding.
properties:
identifier:
description: GuardrailIdentifier is the identifier
of the Guardrail policy to use for the backend.
maxLength: 256
minLength: 1
type: string
policies:
description: policies controls policies for
communicating with AWS Bedrock Guardrails.
properties:
auth:
description: '`auth` defines settings for
managing authentication to the backend.'
properties:
aws:
description: |-
Auth specifies an explicit AWS authentication method for the backend.
When omitted, we will try to use the default AWS SDK authentication methods.
properties:
secretRef:
description: |-
`secretRef` references a Kubernetes `Secret` containing the AWS
credentials. The `Secret` must have keys `accessKey`, `secretKey`, and
optionally `sessionToken`.
properties:
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
x-kubernetes-map-type: atomic
required:
- secretRef
type: object
azure:
description: Azure specifies an Azure
authentication method for the backend.
properties:
managedIdentity:
description: Details for managed
identity authentication
properties:
clientId:
type: string
objectId:
type: string
resourceId:
type: string
required:
- clientId
- objectId
- resourceId
type: object
secretRef:
description: |-
`secretRef` references a Kubernetes `Secret` containing the Azure
credentials. The `Secret` must have keys `clientId`, `tenantId`, and
`clientSecret`.
properties:
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
x-kubernetes-map-type: atomic
type: object
gcp:
description: |-
Auth specifies to use a Google authentication method for the backend.
When omitted, we will try to use the default AWS SDK authentication methods.
properties:
audience:
description: |-
`audience` allows explicitly configuring the `aud` of the ID token. Only
valid with `IdToken` type. If not set, the `aud` is automatically
derived from the backend hostname.
maxLength: 256
minLength: 1
type: string
type:
description: |-
The type of token to generate. To authenticate to GCP services,
generally an `AccessToken` is used. To authenticate to Cloud Run, an
`IdToken` is used.
enum:
- AccessToken
- IdToken
type: string
type: object
x-kubernetes-validations:
- message: audience is only valid with
IdToken
rule: 'has(self.audience) ? self.type
== ''IdToken'' : true'
key:
description: |-
`key` provides an inline key to use as the value of the
`Authorization` header. This option is the least secure; usage of a
`Secret` is preferred.
maxLength: 2048
type: string
passthrough:
description: |-
`passthrough` passes through an existing token that has been sent by the
client and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
type: object
secretRef:
description: |-
`secretRef` references a Kubernetes `Secret` storing the key to use as
the authorization value. This must be stored in the `Authorization` key.
properties:
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
x-kubernetes-map-type: atomic
type: object
x-kubernetes-validations:
- message: exactly one of the fields in
[key secretRef passthrough aws azure
gcp] must be set
rule: '[has(self.key),has(self.secretRef),has(self.passthrough),has(self.aws),has(self.azure),has(self.gcp)].filter(x,x==true).size()
== 1'
health:
description: health defines settings for
passive and active health checking.
properties:
eviction:
description: Eviction defines settings
for evicting unhealthy backends.
properties:
consecutiveFailures:
description: |-
ConsecutiveFailures is the number of consecutive unhealthy responses required before the backend is evicted.
For example, a value of 5 means the backend must receive 5 unhealthy responses in a row before being evicted.
When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met.
When neither is set, a single unhealthy response can trigger eviction.
format: int32
minimum: 0
type: integer
duration:
default: 3s
description: |-
Duration specifies the base time a backend should be evicted after being marked unhealthy.
Subsequent evictions use multiplicative backoff (duration * times_evicted).
If all endpoints are evicted, the load balancer falls back to returning evicted endpoints
rather than failing entirely.
If unset, defaults to `3s`.
type: string
x-kubernetes-validations:
- message: invalid duration value
rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')
- message: evictionDuration must
be at least 1 second
rule: duration(self) >= duration('1s')
healthThreshold:
description: |-
HealthThreshold is the EWMA (exponentially-weighted moving average) health score threshold, expressed as 0–100.
When set, a backend is only evicted if its computed health drops below this value after an unhealthy response.
For example, 50 means the backend is evicted when its EWMA health falls below 50% following failures.
Unlike consecutiveFailures (which counts consecutive failures), this uses a sliding-window average
so a single success in a stream of failures can delay eviction.
When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met.
When neither is set, a single unhealthy response triggers eviction.
format: int32
maximum: 100
minimum: 0
type: integer
restoreHealth:
description: |-
RestoreHealth is the health score (0–100) assigned to a backend when it returns from eviction.
For gradual recovery, set below 100; for full recovery immediately, set 100.
If unset, the backend resumes with the health it had when evicted.
format: int32
maximum: 100
minimum: 0
type: integer
type: object
unhealthyCondition:
description: |-
UnhealthyCondition is a CEL expression that determines whether a response indicates an unhealthy backend.
When the expression evaluates to true, the backend is considered unhealthy and may be evicted.
For example, to evict on 5xx responses: `response.code >= 500`.
When unset, any 5xx response, or a connection failure, is treated as unhealthy.
This default lowers the backend's health score but does not trigger eviction on its own.
maxLength: 16384
minLength: 1
type: string
type: object
http:
description: http defines settings for managing
HTTP requests to the backend.
properties:
requestTimeout:
description: requestTimeout specifies
the deadline for receiving a response
from the backend.
type: string
x-kubernetes-validations:
- message: invalid duration value
rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')
- message: requestTimeout must be at
least 1ms
rule: duration(self) >= duration('1ms')
version:
description: |-
`version` specifies the HTTP protocol version to use when connecting to
the backend.
If not specified, the version is automatically determined:
* `Service` types can specify it with `appProtocol` on the `Service`
port.
* If traffic is identified as gRPC, `HTTP2` is used.
* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS, `HTTP1` will be used. This is
because most clients will transparently upgrade HTTPS traffic to
`HTTP2`, even if the backend doesn't support it.
enum:
- HTTP1
- HTTP2
type: string
type: object
tcp:
description: tcp defines settings for managing
TCP connections to the backend.
properties:
connectTimeout:
description: |-
`connectTimeout` defines the deadline for establishing a connection to
the destination.
type: string
x-kubernetes-validations:
- message: invalid duration value
rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')
- message: connectTimeout must be at
least 100ms
rule: duration(self) >= duration('100ms')
keepalive:
description: |-
`keepAlive` defines settings for enabling TCP keepalives on the
connection.
properties:
interval:
description: |-
interval specifies the number of seconds between keep-alive probes.
If unset, this defaults to 180s.
type: string
x-kubernetes-validations:
- message: invalid duration value
rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')
- message: interval must be at least
1 second
rule: duration(self) >= duration('1s')
retries:
description: |-
retries specifies the maximum number of keep-alive probes to send before dropping the connection.
If unset, this defaults to 9.
format: int32
maximum: 64
minimum: 1
type: integer
time:
description: |-
time specifies the number of seconds a connection needs to be idle before keep-alive probes start being sent.
If unset, this defaults to 180s.
type: string
x-kubernetes-validations:
- message: invalid duration value
rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')
- message: time must be at least
1 second
rule: duration(self) >= duration('1s')
type: object
type: object
tls:
description: |-
tls defines settings for managing TLS connections to the backend.
If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to
validate the server, and the SNI will automatically be set based on the destination.
properties:
alpnProtocols:
description: |-
`alpnProtocols` sets the Application-Layer Protocol Negotiation (`ALPN`)
value to use in the TLS handshake.
If not present, defaults to `["h2", "http/1.1"]`.
items:
maxLength: 64
minLength: 1
type: string
maxItems: 16
minItems: 1
type: array
caCertificateRefs:
description: |-
`caCertificateRefs` defines the CA certificate `ConfigMap` to use to
verify the server certificate.
If unset, the system's trusted certificates are used.
items:
description: |-
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
properties:
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
x-kubernetes-map-type: atomic
maxItems: 1
type: array
x-kubernetes-list-type: atomic
insecureSkipVerify:
description: |-
insecureSkipVerify originates TLS but skips verification of the backend's certificate.
WARNING: This is an insecure option that should only be used if the risks are understood.
There are two modes:
* `All` disables all TLS verification.
* `Hostname` verifies the CA certificate is trusted, but ignores any
mismatch of hostname or SANs. Note that this method is still insecure;
prefer setting `verifySubjectAltNames` to customize the valid hostnames
if possible.
enum:
- All
- Hostname
type: string
mtlsCertificateRef:
description: |-
`mtlsCertificateRef` enables mutual TLS to the backend, using the
specified key (`tls.key`) and cert (`tls.crt`) from the referenced
`Secret`.
An optional `ca.cert` field, if present, will be used to verify the
server certificate. If `caCertificateRefs` is also specified, the
`caCertificateRefs` field takes priority.
If unspecified, no client certificate will be used.
items:
description: |-
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
properties:
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
x-kubernetes-map-type: atomic
maxItems: 1
type: array
x-kubernetes-list-type: atomic
sni:
description: |-
`sni` specifies the Server Name Indicator (`SNI`) to be used in the TLS
handshake. If unset, the `SNI` is automatically set based on the
destination hostname.
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
verifySubjectAltNames:
description: |-
`verifySubjectAltNames` specifies the Subject Alternative Names (`SAN`)
to verify in the server certificate.
If not present, the destination hostname is automatically used.
items:
maxLength: 256
minLength: 1
type: string
maxItems: 16
minItems: 1
type: array
type: object
x-kubernetes-validations:
- message: insecureSkipVerify All and caCertificateRefs
may not be set together
rule: 'has(self.insecureSkipVerify) &&
self.insecureSkipVerify == ''All'' ?
!has(self.caCertificateRefs) : true'
- message: insecureSkipVerify and verifySubjectAltNames
may not be set together
rule: 'has(self.insecureSkipVerify) ?
!has(self.verifySubjectAltNames) : true'
- message: at most one of the fields in
[verifySubjectAltNames insecureSkipVerify]
may be set
rule: '[has(self.verifySubjectAltNames),has(self.insecureSkipVerify)].filter(x,x==true).size()
<= 1'
transformation:
description: transformation is used to mutate
and transform requests and responses sent
to and from the backend.
properties:
request:
description: '`request` is used to modify
the request path.'
properties:
add:
description: |-
`add` is a list of headers to add to the request and what that value
should be set to. If there is already a header with these values then
append the value as an extra entry.
items:
properties:
name:
description: The name of the
header to add.
maxLength: 256
minLength: 1
pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$
type: string
x-kubernetes-validations:
- message: pseudo-headers
must be one of :authority,
:method, :path, :scheme,
or :status
rule: '!self.startsWith('':'')
|| self in ['':authority'',
'':method'', '':path'',
'':scheme'', '':status'']'
value:
description: |-
`value` is the CEL expression to apply to generate the output value for
the header.
maxLength: 16384
minLength: 1
type: string
required:
- name
- value
type: object
maxItems: 16
minItems: 1
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
body:
description: '`body` controls manipulation
of the HTTP body.'
maxLength: 16384
minLength: 1
type: string
metadata:
additionalProperties:
description: CELExpression represents
a Common Expression Language
(CEL) expression.
maxLength: 16384
minLength: 1
type: string
description: |-
`metadata` stores CEL-evaluated values under the `metadata` CEL variable
for subsequent policy evaluations. `metadata` is evaluated before header
or body transformations.
maxProperties: 16
minProperties: 1
type: object
remove:
description: |-
`remove` is a list of header names to remove from the request or
response.
items:
description: An HTTP Header Name.
maxLength: 256
minLength: 1
pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$
type: string
x-kubernetes-validations:
- message: pseudo-headers must
be one of :authority, :method,
:path, :scheme, or :status
rule: '!self.startsWith('':'')
|| self in ['':authority'',
'':method'', '':path'', '':scheme'',
'':status'']'
maxItems: 16
minItems: 1
type: array
x-kubernetes-list-type: set
set:
description: '`set` is a list of
headers and the value they should
be set to.'
items:
properties:
name:
description: The name of the
header to add.
maxLength: 256
minLength: 1
pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$
type: string
x-kubernetes-validations:
- message: pseudo-headers
must be one of :authority,
:method, :path, :scheme,
or :status
rule: '!self.startsWith('':'')
|| self in ['':authority'',
'':method'', '':path'',
'':scheme'', '':status'']'
value:
description: |-
`value` is the CEL expression to apply to generate the output value for
the header.
maxLength: 16384
minLength: 1
type: string
required:
- name
- value
type: object
maxItems: 16
minItems: 1
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
type: object
x-kubernetes-validations:
- message: at least one of the fields
in [add body metadata remove set]
must be set
rule: '[has(self.add),has(self.body),has(self.metadata),has(self.remove),has(self.set)].filter(x,x==true).size()
>= 1'
response:
description: '`response` is used to
modify the response path.'
properties:
add:
description: |-
`add` is a list of headers to add to the request and what that value
should be set to. If there is already a header with these values then
append the value as an extra entry.
items:
properties:
name:
description: The name of the
header to add.
maxLength: 256
minLength: 1
pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$
type: string
x-kubernetes-validations:
- message: pseudo-headers
must be one of :authority,
:method, :path, :scheme,
or :status
rule: '!self.startsWith('':'')
|| self in ['':authority'',
'':method'', '':path'',
'':scheme'', '':status'']'
value:
description: |-
`value` is the CEL expression to apply to generate the output value for
the header.
maxLength: 16384
minLength: 1
type: string
required:
- name
- value
type: object
maxItems: 16
minItems: 1
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
body:
description: '`body` controls manipulation
of the HTTP body.'
maxLength: 16384
minLength: 1
type: string
metadata:
additionalProperties:
description: CELExpression represents
a Common Expression Language
(CEL) expression.
maxLength: 16384
minLength: 1
type: string
description: |-
`metadata` stores CEL-evaluated values under the `metadata` CEL variable
for subsequent policy evaluations. `metadata` is evaluated before header
or body transformations.
maxProperties: 16
minProperties: 1
type: object
remove:
description: |-
`remove` is a list of header names to remove from the request or
response.
items:
description: An HTTP Header Name.
maxLength: 256
minLength: 1
pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$
type: string
x-kubernetes-validations:
- message: pseudo-headers must
be one of :authority, :method,
:path, :scheme, or :status
rule: '!self.startsWith('':'')
|| self in ['':authority'',
'':method'', '':path'', '':scheme'',
'':status'']'
maxItems: 16
minItems: 1
type: array
x-kubernetes-list-type: set
set:
description: '`set` is a list of
headers and the value they should
be set to.'
items:
properties:
name:
description: The name of the
header to add.
maxLength: 256
minLength: 1
pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$
type: string
x-kubernetes-validations:
- message: pseudo-headers
must be one of :authority,
:method, :path, :scheme,
or :status
rule: '!self.startsWith('':'')
|| self in ['':authority'',
'':method'', '':path'',
'':scheme'', '':status'']'
value:
description: |-
`value` is the CEL expression to apply to generate the output value for
the header.
maxLength: 16384
minLength: 1
type: string
required:
- name
- value
type: object
maxItems: 16
minItems: 1
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
type: object
x-kubernetes-validations:
- message: at least one of the fields
in [add body metadata remove set]
must be set
rule: '[has(self.add),has(self.body),has(self.metadata),has(self.remove),has(self.set)].filter(x,x==true).size()
>= 1'
type: object
x-kubernetes-validations:
- message: at least one of the fields in
[request response] must be set
rule: '[has(self.request),has(self.response)].filter(x,x==true).size()
>= 1'
tunnel:
description: '`tunnel` defines settings
for managing tunnel connections (with
behavior like `HTTPS_PROXY`) to the backend.'
properties:
backendRef:
description: |-
`backendRef` references the proxy server to reach.
Supported types: `Service` and `Backend`.
properties:
group:
default: ""
description: |-
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
default: Service
description: |-
Kind is the Kubernetes resource kind of the referent. For example
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
description: Name is the name of
the referent.
maxLength: 253
minLength: 1
type: string
namespace:
description: |-
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
port:
description: |-
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
format: int32
maximum: 65535
minimum: 1
type: integer
required:
- name
type: object
x-kubernetes-validations:
- message: Must have port for Service
reference
rule: '(size(self.group) == 0 && self.kind
== ''Service'') ? has(self.port)
: true'
required:
- backendRef
type: object
type: object
region:
description: |-
Region is the AWS region where the guardrail is deployed (for example,
`us-west-2`).
maxLength: 256
minLength: 1
type: string
version:
description: GuardrailVersion is the version
of the Guardrail policy to use for the backend.
maxLength: 256
minLength: 1
type: string
required:
- identifier
- region
- version
type: object
googleModelArmor:
description: '`googleModelArmor` configures Google
Model Armor for prompt guarding.'
properties:
location:
default: us-central1
description: |-
Location is the Google Cloud location (for example, `us-central1`).
Defaults to `us-central1` if not specified.
maxLength: 256
minLength: 1
type: string
policies:
description: policies controls policies for
communicating with Google Model Armor.
properties:
auth:
description: '`auth` defines settings for
managing authentication to the backend.'
properties:
aws:
description: |-
Auth specifies an explicit AWS authentication method for the backend.
When omitted, we will try to use the default AWS SDK authentication methods.
properties:
secretRef:
description: |-
`secretRef` references a Kubernetes `Secret` containing the AWS
credentials. The `Secret` must have keys `accessKey`, `secretKey`, and
optionally `sessionToken`.
properties:
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
x-kubernetes-map-type: atomic
required:
- secretRef
type: object
azure:
description: Azure specifies an Azure
authentication method for the backend.
properties:
managedIdentity:
description: Details for managed
identity authentication
properties:
clientId:
type: string
objectId:
type: string
resourceId:
type: string
required:
- clientId
- objectId
- resourceId
type: object
secretRef:
description: |-
`secretRef` references a Kubernetes `Secret` containing the Azure
credentials. The `Secret` must have keys `clientId`, `tenantId`, and
`clientSecret`.
properties:
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
x-kubernetes-map-type: atomic
type: object
gcp:
description: |-
Auth specifies to use a Google authentication method for the backend.
When omitted, we will try to use the default AWS SDK authentication methods.
properties:
audience:
description: |-
`audience` allows explicitly configuring the `aud` of the ID token. Only
valid with `IdToken` type. If not set, the `aud` is automatically
derived from the backend hostname.
maxLength: 256
minLength: 1
type: string
type:
description: |-
The type of token to generate. To authenticate to GCP services,
generally an `AccessToken` is used. To authenticate to Cloud Run, an
`IdToken` is used.
enum:
- AccessToken
- IdToken
type: string
type: object
x-kubernetes-validations:
- message: audience is only valid with
IdToken
rule: 'has(self.audience) ? self.type
== ''IdToken'' : true'
key:
description: |-
`key` provides an inline key to use as the value of the
`Authorization` header. This option is the least secure; usage of a
`Secret` is preferred.
maxLength: 2048
type: string
passthrough:
description: |-
`passthrough` passes through an existing token that has been sent by the
client and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
type: object
secretRef:
description: |-
`secretRef` references a Kubernetes `Secret` storing the key to use as
the authorization value. This must be stored in the `Authorization` key.
properties:
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
x-kubernetes-map-type: atomic
type: object
x-kubernetes-validations:
- message: exactly one of the fields in
[key secretRef passthrough aws azure
gcp] must be set
rule: '[has(self.key),has(self.secretRef),has(self.passthrough),has(self.aws),has(self.azure),has(self.gcp)].filter(x,x==true).size()
== 1'
health:
description: health defines settings for
passive and active health checking.
properties:
eviction:
description: Eviction defines settings
for evicting unhealthy backends.
properties:
consecutiveFailures:
description: |-
ConsecutiveFailures is the number of consecutive unhealthy responses required before the backend is evicted.
For example, a value of 5 means the backend must receive 5 unhealthy responses in a row before being evicted.
When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met.
When neither is set, a single unhealthy response can trigger eviction.
format: int32
minimum: 0
type: integer
duration:
default: 3s
description: |-
Duration specifies the base time a backend should be evicted after being marked unhealthy.
Subsequent evictions use multiplicative backoff (duration * times_evicted).
If all endpoints are evicted, the load balancer falls back to returning evicted endpoints
rather than failing entirely.
If unset, defaults to `3s`.
type: string
x-kubernetes-validations:
- message: invalid duration value
rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')
- message: evictionDuration must
be at least 1 second
rule: duration(self) >= duration('1s')
healthThreshold:
description: |-
HealthThreshold is the EWMA (exponentially-weighted moving average) health score threshold, expressed as 0–100.
When set, a backend is only evicted if its computed health drops below this value after an unhealthy response.
For example, 50 means the backend is evicted when its EWMA health falls below 50% following failures.
Unlike consecutiveFailures (which counts consecutive failures), this uses a sliding-window average
so a single success in a stream of failures can delay eviction.
When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met.
When neither is set, a single unhealthy response triggers eviction.
format: int32
maximum: 100
minimum: 0
type: integer
restoreHealth:
description: |-
RestoreHealth is the health score (0–100) assigned to a backend when it returns from eviction.
For gradual recovery, set below 100; for full recovery immediately, set 100.
If unset, the backend resumes with the health it had when evicted.
format: int32
maximum: 100
minimum: 0
type: integer
type: object
unhealthyCondition:
description: |-
UnhealthyCondition is a CEL expression that determines whether a response indicates an unhealthy backend.
When the expression evaluates to true, the backend is considered unhealthy and may be evicted.
For example, to evict on 5xx responses: `response.code >= 500`.
When unset, any 5xx response, or a connection failure, is treated as unhealthy.
This default lowers the backend's health score but does not trigger eviction on its own.
maxLength: 16384
minLength: 1
type: string
type: object
http:
description: http defines settings for managing
HTTP requests to the backend.
properties:
requestTimeout:
description: requestTimeout specifies
the deadline for receiving a response
from the backend.
type: string
x-kubernetes-validations:
- message: invalid duration value
rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')
- message: requestTimeout must be at
least 1ms
rule: duration(self) >= duration('1ms')
version:
description: |-
`version` specifies the HTTP protocol version to use when connecting to
the backend.
If not specified, the version is automatically determined:
* `Service` types can specify it with `appProtocol` on the `Service`
port.
* If traffic is identified as gRPC, `HTTP2` is used.
* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS, `HTTP1` will be used. This is
because most clients will transparently upgrade HTTPS traffic to
`HTTP2`, even if the backend doesn't support it.
enum:
- HTTP1
- HTTP2
type: string
type: object
tcp:
description: tcp defines settings for managing
TCP connections to the backend.
properties:
connectTimeout:
description: |-
`connectTimeout` defines the deadline for establishing a connection to
the destination.
type: string
x-kubernetes-validations:
- message: invalid duration value
rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')
- message: connectTimeout must be at
least 100ms
rule: duration(self) >= duration('100ms')
keepalive:
description: |-
`keepAlive` defines settings for enabling TCP keepalives on the
connection.
properties:
interval:
description: |-
interval specifies the number of seconds between keep-alive probes.
If unset, this defaults to 180s.
type: string
x-kubernetes-validations:
- message: invalid duration value
rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')
- message: interval must be at least
1 second
rule: duration(self) >= duration('1s')
retries:
description: |-
retries specifies the maximum number of keep-alive probes to send before dropping the connection.
If unset, this defaults to 9.
format: int32
maximum: 64
minimum: 1
type: integer
time:
description: |-
time specifies the number of seconds a connection needs to be idle before keep-alive probes start being sent.
If unset, this defaults to 180s.
type: string
x-kubernetes-validations:
- message: invalid duration value
rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')
- message: time must be at least
1 second
rule: duration(self) >= duration('1s')
type: object
type: object
tls:
description: |-
tls defines settings for managing TLS connections to the backend.
If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to
validate the server, and the SNI will automatically be set based on the destination.
properties:
alpnProtocols:
description: |-
`alpnProtocols` sets the Application-Layer Protocol Negotiation (`ALPN`)
value to use in the TLS handshake.
If not present, defaults to `["h2", "http/1.1"]`.
items:
maxLength: 64
minLength: 1
type: string
maxItems: 16
minItems: 1
type: array
caCertificateRefs:
description: |-
`caCertificateRefs` defines the CA certificate `ConfigMap` to use to
verify the server certificate.
If unset, the system's trusted certificates are used.
items:
description: |-
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
properties:
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
x-kubernetes-map-type: atomic
maxItems: 1
type: array
x-kubernetes-list-type: atomic
insecureSkipVerify:
description: |-
insecureSkipVerify originates TLS but skips verification of the backend's certificate.
WARNING: This is an insecure option that should only be used if the risks are understood.
There are two modes:
* `All` disables all TLS verification.
* `Hostname` verifies the CA certificate is trusted, but ignores any
mismatch of hostname or SANs. Note that this method is still insecure;
prefer setting `verifySubjectAltNames` to customize the valid hostnames
if possible.
enum:
- All
- Hostname
type: string
mtlsCertificateRef:
description: |-
`mtlsCertificateRef` enables mutual TLS to the backend, using the
specified key (`tls.key`) and cert (`tls.crt`) from the referenced
`Secret`.
An optional `ca.cert` field, if present, will be used to verify the
server certificate. If `caCertificateRefs` is also specified, the
`caCertificateRefs` field takes priority.
If unspecified, no client certificate will be used.
items:
description: |-
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
properties:
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
x-kubernetes-map-type: atomic
maxItems: 1
type: array
x-kubernetes-list-type: atomic
sni:
description: |-
`sni` specifies the Server Name Indicator (`SNI`) to be used in the TLS
handshake. If unset, the `SNI` is automatically set based on the
destination hostname.
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
verifySubjectAltNames:
description: |-
`verifySubjectAltNames` specifies the Subject Alternative Names (`SAN`)
to verify in the server certificate.
If not present, the destination hostname is automatically used.
items:
maxLength: 256
minLength: 1
type: string
maxItems: 16
minItems: 1
type: array
type: object
x-kubernetes-validations:
- message: insecureSkipVerify All and caCertificateRefs
may not be set together
rule: 'has(self.insecureSkipVerify) &&
self.insecureSkipVerify == ''All'' ?
!has(self.caCertificateRefs) : true'
- message: insecureSkipVerify and verifySubjectAltNames
may not be set together
rule: 'has(self.insecureSkipVerify) ?
!has(self.verifySubjectAltNames) : true'
- message: at most one of the fields in
[verifySubjectAltNames insecureSkipVerify]
may be set
rule: '[has(self.verifySubjectAltNames),has(self.insecureSkipVerify)].filter(x,x==true).size()
<= 1'
transformation:
description: transformation is used to mutate
and transform requests and responses sent
to and from the backend.
properties:
request:
description: '`request` is used to modify
the request path.'
properties:
add:
description: |-
`add` is a list of headers to add to the request and what that value
should be set to. If there is already a header with these values then
append the value as an extra entry.
items:
properties:
name:
description: The name of the
header to add.
maxLength: 256
minLength: 1
pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$
type: string
x-kubernetes-validations:
- message: pseudo-headers
must be one of :authority,
:method, :path, :scheme,
or :status
rule: '!self.startsWith('':'')
|| self in ['':authority'',
'':method'', '':path'',
'':scheme'', '':status'']'
value:
description: |-
`value` is the CEL expression to apply to generate the output value for
the header.
maxLength: 16384
minLength: 1
type: string
required:
- name
- value
type: object
maxItems: 16
minItems: 1
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
body:
description: '`body` controls manipulation
of the HTTP body.'
maxLength: 16384
minLength: 1
type: string
metadata:
additionalProperties:
description: CELExpression represents
a Common Expression Language
(CEL) expression.
maxLength: 16384
minLength: 1
type: string
description: |-
`metadata` stores CEL-evaluated values under the `metadata` CEL variable
for subsequent policy evaluations. `metadata` is evaluated before header
or body transformations.
maxProperties: 16
minProperties: 1
type: object
remove:
description: |-
`remove` is a list of header names to remove from the request or
response.
items:
description: An HTTP Header Name.
maxLength: 256
minLength: 1
pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$
type: string
x-kubernetes-validations:
- message: pseudo-headers must
be one of :authority, :method,
:path, :scheme, or :status
rule: '!self.startsWith('':'')
|| self in ['':authority'',
'':method'', '':path'', '':scheme'',
'':status'']'
maxItems: 16
minItems: 1
type: array
x-kubernetes-list-type: set
set:
description: '`set` is a list of
headers and the value they should
be set to.'
items:
properties:
name:
description: The name of the
header to add.
maxLength: 256
minLength: 1
pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$
type: string
x-kubernetes-validations:
- message: pseudo-headers
must be one of :authority,
:method, :path, :scheme,
or :status
rule: '!self.startsWith('':'')
|| self in ['':authority'',
'':method'', '':path'',
'':scheme'', '':status'']'
value:
description: |-
`value` is the CEL expression to apply to generate the output value for
the header.
maxLength: 16384
minLength: 1
type: string
required:
- name
- value
type: object
maxItems: 16
minItems: 1
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
type: object
x-kubernetes-validations:
- message: at least one of the fields
in [add body metadata remove set]
must be set
rule: '[has(self.add),has(self.body),has(self.metadata),has(self.remove),has(self.set)].filter(x,x==true).size()
>= 1'
response:
description: '`response` is used to
modify the response path.'
properties:
add:
description: |-
`add` is a list of headers to add to the request and what that value
should be set to. If there is already a header with these values then
append the value as an extra entry.
items:
properties:
name:
description: The name of the
header to add.
maxLength: 256
minLength: 1
pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$
type: string
x-kubernetes-validations:
- message: pseudo-headers
must be one of :authority,
:method, :path, :scheme,
or :status
rule: '!self.startsWith('':'')
|| self in ['':authority'',
'':method'', '':path'',
'':scheme'', '':status'']'
value:
description: |-
`value` is the CEL expression to apply to generate the output value for
the header.
maxLength: 16384
minLength: 1
type: string
required:
- name
- value
type: object
maxItems: 16
minItems: 1
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
body:
description: '`body` controls manipulation
of the HTTP body.'
maxLength: 16384
minLength: 1
type: string
metadata:
additionalProperties:
description: CELExpression represents
a Common Expression Language
(CEL) expression.
maxLength: 16384
minLength: 1
type: string
description: |-
`metadata` stores CEL-evaluated values under the `metadata` CEL variable
for subsequent policy evaluations. `metadata` is evaluated before header
or body transformations.
maxProperties: 16
minProperties: 1
type: object
remove:
description: |-
`remove` is a list of header names to remove from the request or
response.
items:
description: An HTTP Header Name.
maxLength: 256
minLength: 1
pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$
type: string
x-kubernetes-validations:
- message: pseudo-headers must
be one of :authority, :method,
:path, :scheme, or :status
rule: '!self.startsWith('':'')
|| self in ['':authority'',
'':method'', '':path'', '':scheme'',
'':status'']'
maxItems: 16
minItems: 1
type: array
x-kubernetes-list-type: set
set:
description: '`set` is a list of
headers and the value they should
be set to.'
items:
properties:
name:
description: The name of the
header to add.
maxLength: 256
minLength: 1
pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$
type: string
x-kubernetes-validations:
- message: pseudo-headers
must be one of :authority,
:method, :path, :scheme,
or :status
rule: '!self.startsWith('':'')
|| self in ['':authority'',
'':method'', '':path'',
'':scheme'', '':status'']'
value:
description: |-
`value` is the CEL expression to apply to generate the output value for
the header.
maxLength: 16384
minLength: 1
type: string
required:
- name
- value
type: object
maxItems: 16
minItems: 1
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
type: object
x-kubernetes-validations:
- message: at least one of the fields
in [add body metadata remove set]
must be set
rule: '[has(self.add),has(self.body),has(self.metadata),has(self.remove),has(self.set)].filter(x,x==true).size()
>= 1'
type: object
x-kubernetes-validations:
- message: at least one of the fields in
[request response] must be set
rule: '[has(self.request),has(self.response)].filter(x,x==true).size()
>= 1'
tunnel:
description: '`tunnel` defines settings
for managing tunnel connections (with
behavior like `HTTPS_PROXY`) to the backend.'
properties:
backendRef:
description: |-
`backendRef` references the proxy server to reach.
Supported types: `Service` and `Backend`.
properties:
group:
default: ""
description: |-
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
default: Service
description: |-
Kind is the Kubernetes resource kind of the referent. For example
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
description: Name is the name of
the referent.
maxLength: 253
minLength: 1
type: string
namespace:
description: |-
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
port:
description: |-
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
format: int32
maximum: 65535
minimum: 1
type: integer
required:
- name
type: object
x-kubernetes-validations:
- message: Must have port for Service
reference
rule: '(size(self.group) == 0 && self.kind
== ''Service'') ? has(self.port)
: true'
required:
- backendRef
type: object
type: object
projectId:
description: ProjectID is the Google Cloud project
ID.
maxLength: 256
minLength: 1
type: string
templateId:
description: TemplateID is the template ID for
Google Model Armor.
maxLength: 256
minLength: 1
type: string
required:
- projectId
- templateId
type: object
regex:
description: Regular expression (regex) matching
for prompt guards and data masking.
properties:
action:
default: Mask
description: |-
The action to take if a regex pattern is matched in a request or response.
This setting applies only to request matches. `PromptguardResponse`
matches are always masked by default.
Defaults to `Mask`.
enum:
- Mask
- Reject
type: string
builtins:
description: |-
A list of built-in regex patterns to match against the request or response.
Matches and built-ins are additive.
items:
description: |-
Built-in regex patterns for specific types of strings in prompts.
For example, if you specify `CreditCard`, any credit card numbers
in the request or response are matched.
enum:
- Ssn
- CreditCard
- PhoneNumber
- Email
- CaSin
type: string
type: array
matches:
description: |-
A list of regex patterns to match against the request or response.
Matches and built-ins are additive.
items:
maxLength: 1024
minLength: 1
type: string
type: array
type: object
response:
description: |-
A custom response message to return to the client. If not specified, defaults to
`The response was rejected due to inappropriate content`.
properties:
message:
default: The request was rejected due to inappropriate
content
description: |-
A custom response message to return to the client. If not specified, defaults to
`The request was rejected due to inappropriate content`.
type: string
statusCode:
default: 403
description: The status code to return to the
client. Defaults to 403.
format: int32
maximum: 599
minimum: 200
type: integer
type: object
x-kubernetes-validations:
- message: at least one of the fields in [message
statusCode] must be set
rule: '[has(self.message),has(self.statusCode)].filter(x,x==true).size()
>= 1'
webhook:
description: Configure a webhook to forward responses
to for prompt guarding.
properties:
backendRef:
description: |-
backendRef references the webhook server to reach.
Supported types: Service and Backend.
properties:
group:
default: ""
description: |-
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
default: Service
description: |-
Kind is the Kubernetes resource kind of the referent. For example
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
description: Name is the name of the referent.
maxLength: 253
minLength: 1
type: string
namespace:
description: |-
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
port:
description: |-
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
format: int32
maximum: 65535
minimum: 1
type: integer
required:
- name
type: object
x-kubernetes-validations:
- message: Must have port for Service reference
rule: '(size(self.group) == 0 && self.kind
== ''Service'') ? has(self.port) : true'
forwardHeaderMatches:
description: |-
ForwardHeaderMatches defines a list of HTTP header matches that will be
used to select the headers to forward to the webhook.
Request headers are used when forwarding requests and response headers
are used when forwarding responses.
By default, no headers are forwarded.
items:
description: |-
HTTPHeaderMatch describes how to select a HTTP route by matching HTTP request
headers.
properties:
name:
description: |-
Name is the name of the HTTP Header to be matched. Name matching MUST be
case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
If multiple entries specify equivalent header names, only the first
entry with an equivalent name MUST be considered for a match. Subsequent
entries with an equivalent header name MUST be ignored. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered
equivalent.
When a header is repeated in an HTTP request, it is
implementation-specific behavior as to how this is represented.
Generally, proxies should follow the guidance from the RFC:
https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding
processing a repeated header, with special handling for "Set-Cookie".
maxLength: 256
minLength: 1
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_`|~]+$
type: string
type:
default: Exact
description: |-
Type specifies how to match against the value of the header.
Support: Core (Exact)
Support: Implementation-specific (RegularExpression)
Since RegularExpression HeaderMatchType has implementation-specific
conformance, implementations can support POSIX, PCRE or any other dialects
of regular expressions. Please read the implementation's documentation to
determine the supported dialect.
enum:
- Exact
- RegularExpression
type: string
value:
description: |-
Value is the value of HTTP Header to be matched.
Must consist of printable US-ASCII characters, optionally separated
by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2
maxLength: 4096
minLength: 1
type: string
required:
- name
- value
type: object
type: array
required:
- backendRef
type: object
type: object
x-kubernetes-validations:
- message: exactly one of the fields in [regex webhook
bedrockGuardrails googleModelArmor] must be set
rule: '[has(self.regex),has(self.webhook),has(self.bedrockGuardrails),has(self.googleModelArmor)].filter(x,x==true).size()
== 1'
maxItems: 8
minItems: 1
type: array
type: object
x-kubernetes-validations:
- message: at least one of the fields in [request response]
must be set
rule: '[has(self.request),has(self.response)].filter(x,x==true).size()
>= 1'
routes:
additionalProperties:
description: |-
RouteType specifies how the AI gateway should process incoming requests
based on the URL path and the API format expected.
enum:
- Completions
- Messages
- Models
- Passthrough
- Detect
- Responses
- AnthropicTokenCount
- Embeddings
- Realtime
type: string
description: |-
`routes` defines how to identify the type of traffic to handle.
The keys are URL path suffixes matched using ends-with comparison, for
example `"/v1/chat/completions"`.
The special `*` wildcard matches any path.
If not specified, all traffic defaults to `completions` type.
type: object
transformations:
description: |-
Provide CEL transformations to compute and set fields in the request body.
The expression result overwrites any existing value for that field.
This has a higher priority than `overrides` if both are set for the same
key.
items:
description: |-
FieldTransformation maps a request JSON field to a CEL expression string.
The expression is evaluated against the current request body and its result
is assigned to the configured field.
properties:
expression:
description: CEL expression used to compute the field
value.
maxLength: 16384
minLength: 1
type: string
field:
allOf:
- minLength: 1
- minLength: 1
description: The name of the field to set.
maxLength: 256
type: string
required:
- expression
- field
type: object
maxItems: 64
minItems: 1
type: array
type: object
x-kubernetes-validations:
- message: at least one of the fields in [defaults modelAliases
overrides prompt promptCaching promptGuard routes transformations]
must be set
rule: '[has(self.defaults),has(self.modelAliases),has(self.overrides),has(self.prompt),has(self.promptCaching),has(self.promptGuard),has(self.routes),has(self.transformations)].filter(x,x==true).size()
>= 1'
auth:
description: '`auth` defines settings for managing authentication
to the backend.'
properties:
aws:
description: |-
Auth specifies an explicit AWS authentication method for the backend.
When omitted, we will try to use the default AWS SDK authentication methods.
properties:
secretRef:
description: |-
`secretRef` references a Kubernetes `Secret` containing the AWS
credentials. The `Secret` must have keys `accessKey`, `secretKey`, and
optionally `sessionToken`.
properties:
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
x-kubernetes-map-type: atomic
required:
- secretRef
type: object
azure:
description: Azure specifies an Azure authentication method
for the backend.
properties:
managedIdentity:
description: Details for managed identity authentication
properties:
clientId:
type: string
objectId:
type: string
resourceId:
type: string
required:
- clientId
- objectId
- resourceId
type: object
secretRef:
description: |-
`secretRef` references a Kubernetes `Secret` containing the Azure
credentials. The `Secret` must have keys `clientId`, `tenantId`, and
`clientSecret`.
properties:
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
x-kubernetes-map-type: atomic
type: object
gcp:
description: |-
Auth specifies to use a Google authentication method for the backend.
When omitted, we will try to use the default AWS SDK authentication methods.
properties:
audience:
description: |-
`audience` allows explicitly configuring the `aud` of the ID token. Only
valid with `IdToken` type. If not set, the `aud` is automatically
derived from the backend hostname.
maxLength: 256
minLength: 1
type: string
type:
description: |-
The type of token to generate. To authenticate to GCP services,
generally an `AccessToken` is used. To authenticate to Cloud Run, an
`IdToken` is used.
enum:
- AccessToken
- IdToken
type: string
type: object
x-kubernetes-validations:
- message: audience is only valid with IdToken
rule: 'has(self.audience) ? self.type == ''IdToken'' : true'
key:
description: |-
`key` provides an inline key to use as the value of the
`Authorization` header. This option is the least secure; usage of a
`Secret` is preferred.
maxLength: 2048
type: string
passthrough:
description: |-
`passthrough` passes through an existing token that has been sent by the
client and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
type: object
secretRef:
description: |-
`secretRef` references a Kubernetes `Secret` storing the key to use as
the authorization value. This must be stored in the `Authorization` key.
properties:
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
x-kubernetes-map-type: atomic
type: object
x-kubernetes-validations:
- message: exactly one of the fields in [key secretRef passthrough
aws azure gcp] must be set
rule: '[has(self.key),has(self.secretRef),has(self.passthrough),has(self.aws),has(self.azure),has(self.gcp)].filter(x,x==true).size()
== 1'
health:
description: health defines settings for passive and active health
checking.
properties:
eviction:
description: Eviction defines settings for evicting unhealthy
backends.
properties:
consecutiveFailures:
description: |-
ConsecutiveFailures is the number of consecutive unhealthy responses required before the backend is evicted.
For example, a value of 5 means the backend must receive 5 unhealthy responses in a row before being evicted.
When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met.
When neither is set, a single unhealthy response can trigger eviction.
format: int32
minimum: 0
type: integer
duration:
default: 3s
description: |-
Duration specifies the base time a backend should be evicted after being marked unhealthy.
Subsequent evictions use multiplicative backoff (duration * times_evicted).
If all endpoints are evicted, the load balancer falls back to returning evicted endpoints
rather than failing entirely.
If unset, defaults to `3s`.
type: string
x-kubernetes-validations:
- message: invalid duration value
rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')
- message: evictionDuration must be at least 1 second
rule: duration(self) >= duration('1s')
healthThreshold:
description: |-
HealthThreshold is the EWMA (exponentially-weighted moving average) health score threshold, expressed as 0–100.
When set, a backend is only evicted if its computed health drops below this value after an unhealthy response.
For example, 50 means the backend is evicted when its EWMA health falls below 50% following failures.
Unlike consecutiveFailures (which counts consecutive failures), this uses a sliding-window average
so a single success in a stream of failures can delay eviction.
When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met.
When neither is set, a single unhealthy response triggers eviction.
format: int32
maximum: 100
minimum: 0
type: integer
restoreHealth:
description: |-
RestoreHealth is the health score (0–100) assigned to a backend when it returns from eviction.
For gradual recovery, set below 100; for full recovery immediately, set 100.
If unset, the backend resumes with the health it had when evicted.
format: int32
maximum: 100
minimum: 0
type: integer
type: object
unhealthyCondition:
description: |-
UnhealthyCondition is a CEL expression that determines whether a response indicates an unhealthy backend.
When the expression evaluates to true, the backend is considered unhealthy and may be evicted.
For example, to evict on 5xx responses: `response.code >= 500`.
When unset, any 5xx response, or a connection failure, is treated as unhealthy.
This default lowers the backend's health score but does not trigger eviction on its own.
maxLength: 16384
minLength: 1
type: string
type: object
http:
description: http defines settings for managing HTTP requests
to the backend.
properties:
requestTimeout:
description: requestTimeout specifies the deadline for receiving
a response from the backend.
type: string
x-kubernetes-validations:
- message: invalid duration value
rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')
- message: requestTimeout must be at least 1ms
rule: duration(self) >= duration('1ms')
version:
description: |-
`version` specifies the HTTP protocol version to use when connecting to
the backend.
If not specified, the version is automatically determined:
* `Service` types can specify it with `appProtocol` on the `Service`
port.
* If traffic is identified as gRPC, `HTTP2` is used.
* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS, `HTTP1` will be used. This is
because most clients will transparently upgrade HTTPS traffic to
`HTTP2`, even if the backend doesn't support it.
enum:
- HTTP1
- HTTP2
type: string
type: object
mcp:
description: |-
`mcp` specifies settings for MCP workloads. This is only applicable when
connecting to a `Backend` of type `mcp`.
This field is deprecated; prefer to use traffic policy `jwtAuthentication.mcp`, which ensures authentication runs before
other policies such as transformation and rate limiting.
properties:
authentication:
description: '`authentication` defines `MCPBackend`-specific
authentication rules.'
properties:
audiences:
description: |-
`audiences` specifies the list of allowed audiences that are allowed
access. This corresponds to the `aud` claim
(https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.3).
If unset, any audience is allowed.
items:
type: string
maxItems: 64
minItems: 1
type: array
issuer:
description: |-
`issuer` identifies the IdP that issued the JWT. This corresponds to the
`iss` claim (https://tools.ietf.org/html/rfc7519#section-4.1.1).
maxLength: 256
minLength: 1
type: string
jwks:
description: |-
`jwks` defines the remote JSON Web Key used to validate the signature of
the JWT.
properties:
backendRef:
description: |-
`backendRef` references the remote JWKS server to reach.
Supported types are `Service` and static `Backend`. An
`AgentgatewayPolicy` containing backend TLS config can then be attached
to the `Service` or `Backend` in order to set TLS options for a
connection to the remote `jwks` source.
properties:
group:
default: ""
description: |-
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
default: Service
description: |-
Kind is the Kubernetes resource kind of the referent. For example
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
description: Name is the name of the referent.
maxLength: 253
minLength: 1
type: string
namespace:
description: |-
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
port:
description: |-
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
format: int32
maximum: 65535
minimum: 1
type: integer
required:
- name
type: object
x-kubernetes-validations:
- message: Must have port for Service reference
rule: '(size(self.group) == 0 && self.kind == ''Service'')
? has(self.port) : true'
cacheDuration:
default: 5m
type: string
x-kubernetes-validations:
- message: invalid duration value
rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')
- message: cacheDuration must be at least 5m.
rule: duration(self) >= duration('5m')
jwksPath:
description: |-
Path to the IdP `jwks` endpoint, relative to the root, commonly
`".well-known/jwks.json"`.
maxLength: 2000
minLength: 1
type: string
required:
- backendRef
- jwksPath
type: object
mode:
default: Strict
description: '`mode` is the validation mode for JWT authentication.'
enum:
- Strict
- Optional
- Permissive
type: string
provider:
description: '`provider` specifies the identity provider
to use for authentication.'
enum:
- Auth0
- Keycloak
type: string
resourceMetadata:
additionalProperties:
x-kubernetes-preserve-unknown-fields: true
description: ResourceMetadata defines the metadata to
use for MCP resources.
type: object
required:
- jwks
type: object
authorization:
description: |-
authorization defines MCPBackend level authorization. Unlike authorization at the HTTP level, which will reject
unauthorized requests with a `403` error, this policy works at the
`MCPBackend` level.
List operations, such as `list_tools`, will have each item evaluated.
Items that do not meet the rule will be filtered.
Get or call operations, such as `call_tool`, will evaluate the specific
item and reject requests that do not meet the rule.
properties:
action:
default: Allow
description: |-
`action` defines whether the rule allows, denies, or requires the request if
matched. If unspecified, the default is `Allow`.
Require policies are conjunctive across merged policies: all require policies must match.
enum:
- Allow
- Deny
- Require
type: string
policy:
description: |-
`policy` specifies the authorization rule to evaluate.
* For `Allow` rules: any policy allows the request.
* For `Require` rules: all policies must match for the request to be allowed.
* For `Deny` rules: any matching policy denies the request. Note: a CEL expression that fails to evaluate is not
considered to match, making this a risky policy; prefer to use `Require`.
The presence of at least one `Allow` rule triggers a deny-by-default policy, requiring at least 1 match to allow.
With no rules, all requires are allowed.
properties:
matchExpressions:
description: |-
MatchExpressions defines a set of conditions that must be satisfied for the rule to match.
These expressions should be in the form of a Common Expression Language
(`CEL`) expression.
items:
description: CELExpression represents a Common Expression
Language (CEL) expression.
maxLength: 16384
minLength: 1
type: string
maxItems: 256
minItems: 1
type: array
required:
- matchExpressions
type: object
required:
- policy
type: object
type: object
x-kubernetes-validations:
- message: at least one of the fields in [authentication authorization]
must be set
rule: '[has(self.authentication),has(self.authorization)].filter(x,x==true).size()
>= 1'
tcp:
description: tcp defines settings for managing TCP connections
to the backend.
properties:
connectTimeout:
description: |-
`connectTimeout` defines the deadline for establishing a connection to
the destination.
type: string
x-kubernetes-validations:
- message: invalid duration value
rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')
- message: connectTimeout must be at least 100ms
rule: duration(self) >= duration('100ms')
keepalive:
description: |-
`keepAlive` defines settings for enabling TCP keepalives on the
connection.
properties:
interval:
description: |-
interval specifies the number of seconds between keep-alive probes.
If unset, this defaults to 180s.
type: string
x-kubernetes-validations:
- message: invalid duration value
rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')
- message: interval must be at least 1 second
rule: duration(self) >= duration('1s')
retries:
description: |-
retries specifies the maximum number of keep-alive probes to send before dropping the connection.
If unset, this defaults to 9.
format: int32
maximum: 64
minimum: 1
type: integer
time:
description: |-
time specifies the number of seconds a connection needs to be idle before keep-alive probes start being sent.
If unset, this defaults to 180s.
type: string
x-kubernetes-validations:
- message: invalid duration value
rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')
- message: time must be at least 1 second
rule: duration(self) >= duration('1s')
type: object
type: object
tls:
description: |-
tls defines settings for managing TLS connections to the backend.
If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to
validate the server, and the SNI will automatically be set based on the destination.
properties:
alpnProtocols:
description: |-
`alpnProtocols` sets the Application-Layer Protocol Negotiation (`ALPN`)
value to use in the TLS handshake.
If not present, defaults to `["h2", "http/1.1"]`.
items:
maxLength: 64
minLength: 1
type: string
maxItems: 16
minItems: 1
type: array
caCertificateRefs:
description: |-
`caCertificateRefs` defines the CA certificate `ConfigMap` to use to
verify the server certificate.
If unset, the system's trusted certificates are used.
items:
description: |-
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
properties:
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
x-kubernetes-map-type: atomic
maxItems: 1
type: array
x-kubernetes-list-type: atomic
insecureSkipVerify:
description: |-
insecureSkipVerify originates TLS but skips verification of the backend's certificate.
WARNING: This is an insecure option that should only be used if the risks are understood.
There are two modes:
* `All` disables all TLS verification.
* `Hostname` verifies the CA certificate is trusted, but ignores any
mismatch of hostname or SANs. Note that this method is still insecure;
prefer setting `verifySubjectAltNames` to customize the valid hostnames
if possible.
enum:
- All
- Hostname
type: string
mtlsCertificateRef:
description: |-
`mtlsCertificateRef` enables mutual TLS to the backend, using the
specified key (`tls.key`) and cert (`tls.crt`) from the referenced
`Secret`.
An optional `ca.cert` field, if present, will be used to verify the
server certificate. If `caCertificateRefs` is also specified, the
`caCertificateRefs` field takes priority.
If unspecified, no client certificate will be used.
items:
description: |-
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
properties:
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
x-kubernetes-map-type: atomic
maxItems: 1
type: array
x-kubernetes-list-type: atomic
sni:
description: |-
`sni` specifies the Server Name Indicator (`SNI`) to be used in the TLS
handshake. If unset, the `SNI` is automatically set based on the
destination hostname.
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
verifySubjectAltNames:
description: |-
`verifySubjectAltNames` specifies the Subject Alternative Names (`SAN`)
to verify in the server certificate.
If not present, the destination hostname is automatically used.
items:
maxLength: 256
minLength: 1
type: string
maxItems: 16
minItems: 1
type: array
type: object
x-kubernetes-validations:
- message: insecureSkipVerify All and caCertificateRefs may not
be set together
rule: 'has(self.insecureSkipVerify) && self.insecureSkipVerify
== ''All'' ? !has(self.caCertificateRefs) : true'
- message: insecureSkipVerify and verifySubjectAltNames may not
be set together
rule: 'has(self.insecureSkipVerify) ? !has(self.verifySubjectAltNames)
: true'
- message: at most one of the fields in [verifySubjectAltNames
insecureSkipVerify] may be set
rule: '[has(self.verifySubjectAltNames),has(self.insecureSkipVerify)].filter(x,x==true).size()
<= 1'
transformation:
description: transformation is used to mutate and transform requests
and responses sent to and from the backend.
properties:
request:
description: '`request` is used to modify the request path.'
properties:
add:
description: |-
`add` is a list of headers to add to the request and what that value
should be set to. If there is already a header with these values then
append the value as an extra entry.
items:
properties:
name:
description: The name of the header to add.
maxLength: 256
minLength: 1
pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$
type: string
x-kubernetes-validations:
- message: pseudo-headers must be one of :authority,
:method, :path, :scheme, or :status
rule: '!self.startsWith('':'') || self in ['':authority'',
'':method'', '':path'', '':scheme'', '':status'']'
value:
description: |-
`value` is the CEL expression to apply to generate the output value for
the header.
maxLength: 16384
minLength: 1
type: string
required:
- name
- value
type: object
maxItems: 16
minItems: 1
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
body:
description: '`body` controls manipulation of the HTTP
body.'
maxLength: 16384
minLength: 1
type: string
metadata:
additionalProperties:
description: CELExpression represents a Common Expression
Language (CEL) expression.
maxLength: 16384
minLength: 1
type: string
description: |-
`metadata` stores CEL-evaluated values under the `metadata` CEL variable
for subsequent policy evaluations. `metadata` is evaluated before header
or body transformations.
maxProperties: 16
minProperties: 1
type: object
remove:
description: |-
`remove` is a list of header names to remove from the request or
response.
items:
description: An HTTP Header Name.
maxLength: 256
minLength: 1
pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$
type: string
x-kubernetes-validations:
- message: pseudo-headers must be one of :authority,
:method, :path, :scheme, or :status
rule: '!self.startsWith('':'') || self in ['':authority'',
'':method'', '':path'', '':scheme'', '':status'']'
maxItems: 16
minItems: 1
type: array
x-kubernetes-list-type: set
set:
description: '`set` is a list of headers and the value
they should be set to.'
items:
properties:
name:
description: The name of the header to add.
maxLength: 256
minLength: 1
pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$
type: string
x-kubernetes-validations:
- message: pseudo-headers must be one of :authority,
:method, :path, :scheme, or :status
rule: '!self.startsWith('':'') || self in ['':authority'',
'':method'', '':path'', '':scheme'', '':status'']'
value:
description: |-
`value` is the CEL expression to apply to generate the output value for
the header.
maxLength: 16384
minLength: 1
type: string
required:
- name
- value
type: object
maxItems: 16
minItems: 1
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
type: object
x-kubernetes-validations:
- message: at least one of the fields in [add body metadata
remove set] must be set
rule: '[has(self.add),has(self.body),has(self.metadata),has(self.remove),has(self.set)].filter(x,x==true).size()
>= 1'
response:
description: '`response` is used to modify the response path.'
properties:
add:
description: |-
`add` is a list of headers to add to the request and what that value
should be set to. If there is already a header with these values then
append the value as an extra entry.
items:
properties:
name:
description: The name of the header to add.
maxLength: 256
minLength: 1
pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$
type: string
x-kubernetes-validations:
- message: pseudo-headers must be one of :authority,
:method, :path, :scheme, or :status
rule: '!self.startsWith('':'') || self in ['':authority'',
'':method'', '':path'', '':scheme'', '':status'']'
value:
description: |-
`value` is the CEL expression to apply to generate the output value for
the header.
maxLength: 16384
minLength: 1
type: string
required:
- name
- value
type: object
maxItems: 16
minItems: 1
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
body:
description: '`body` controls manipulation of the HTTP
body.'
maxLength: 16384
minLength: 1
type: string
metadata:
additionalProperties:
description: CELExpression represents a Common Expression
Language (CEL) expression.
maxLength: 16384
minLength: 1
type: string
description: |-
`metadata` stores CEL-evaluated values under the `metadata` CEL variable
for subsequent policy evaluations. `metadata` is evaluated before header
or body transformations.
maxProperties: 16
minProperties: 1
type: object
remove:
description: |-
`remove` is a list of header names to remove from the request or
response.
items:
description: An HTTP Header Name.
maxLength: 256
minLength: 1
pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$
type: string
x-kubernetes-validations:
- message: pseudo-headers must be one of :authority,
:method, :path, :scheme, or :status
rule: '!self.startsWith('':'') || self in ['':authority'',
'':method'', '':path'', '':scheme'', '':status'']'
maxItems: 16
minItems: 1
type: array
x-kubernetes-list-type: set
set:
description: '`set` is a list of headers and the value
they should be set to.'
items:
properties:
name:
description: The name of the header to add.
maxLength: 256
minLength: 1
pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$
type: string
x-kubernetes-validations:
- message: pseudo-headers must be one of :authority,
:method, :path, :scheme, or :status
rule: '!self.startsWith('':'') || self in ['':authority'',
'':method'', '':path'', '':scheme'', '':status'']'
value:
description: |-
`value` is the CEL expression to apply to generate the output value for
the header.
maxLength: 16384
minLength: 1
type: string
required:
- name
- value
type: object
maxItems: 16
minItems: 1
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
type: object
x-kubernetes-validations:
- message: at least one of the fields in [add body metadata
remove set] must be set
rule: '[has(self.add),has(self.body),has(self.metadata),has(self.remove),has(self.set)].filter(x,x==true).size()
>= 1'
type: object
x-kubernetes-validations:
- message: at least one of the fields in [request response] must
be set
rule: '[has(self.request),has(self.response)].filter(x,x==true).size()
>= 1'
tunnel:
description: '`tunnel` defines settings for managing tunnel connections
(with behavior like `HTTPS_PROXY`) to the backend.'
properties:
backendRef:
description: |-
`backendRef` references the proxy server to reach.
Supported types: `Service` and `Backend`.
properties:
group:
default: ""
description: |-
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
default: Service
description: |-
Kind is the Kubernetes resource kind of the referent. For example
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
description: Name is the name of the referent.
maxLength: 253
minLength: 1
type: string
namespace:
description: |-
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
port:
description: |-
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
format: int32
maximum: 65535
minimum: 1
type: integer
required:
- name
type: object
x-kubernetes-validations:
- message: Must have port for Service reference
rule: '(size(self.group) == 0 && self.kind == ''Service'')
? has(self.port) : true'
required:
- backendRef
type: object
type: object
x-kubernetes-validations:
- message: at least one of the fields in [ai auth health http mcp
tcp tls transformation tunnel] must be set
rule: '[has(self.ai),has(self.auth),has(self.health),has(self.http),has(self.mcp),has(self.tcp),has(self.tls),has(self.transformation),has(self.tunnel)].filter(x,x==true).size()
>= 1'
frontend:
description: |-
frontend defines settings for how to handle incoming traffic.
A frontend policy can only target a `Gateway`. `Listener` and
`ListenerSet` are not valid targets.
When multiple policies are selected for a given request, they are merged on a field-level basis, but not a deep
merge. For example, policy A sets `tcp` and `tls`, and policy B sets
`tls`; the effective policy would be `tcp` from policy A, and `tls` from
policy B.
properties:
accessLog:
description: '`accessLog` contains access logging configuration.'
properties:
attributes:
description: |-
`attributes` specifies customizations to the key-value pairs that are
logged.
properties:
add:
description: |-
`add` specifies additional key-value pairs to be added to each entry.
The value is a CEL expression. If the CEL expression fails to evaluate,
the pair will be excluded.
items:
properties:
expression:
description: CELExpression represents a Common Expression
Language (CEL) expression.
maxLength: 16384
minLength: 1
type: string
name:
maxLength: 256
minLength: 1
type: string
required:
- expression
- name
type: object
minItems: 1
type: array
remove:
description: |-
`remove` lists the default fields that should be removed. For example,
`http.method`.
items:
maxLength: 64
minLength: 1
type: string
maxItems: 32
minItems: 1
type: array
type: object
x-kubernetes-validations:
- message: at least one of the fields in [add remove] must
be set
rule: '[has(self.add),has(self.remove)].filter(x,x==true).size()
>= 1'
filter:
description: |-
`filter` specifies a CEL expression that is used to filter logs. A log
will only be emitted if the expression evaluates to `true`.
maxLength: 16384
minLength: 1
type: string
otlp:
description: |-
`otlp` configures OTLP access log export to an
OpenTelemetry-compatible backend.
properties:
backendRef:
description: |-
`backendRef` references the OTLP server to send access logs to.
Supported types: `Service` and `AgentgatewayBackend`.
properties:
group:
default: ""
description: |-
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
default: Service
description: |-
Kind is the Kubernetes resource kind of the referent. For example
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
description: Name is the name of the referent.
maxLength: 253
minLength: 1
type: string
namespace:
description: |-
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
port:
description: |-
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
format: int32
maximum: 65535
minimum: 1
type: integer
required:
- name
type: object
x-kubernetes-validations:
- message: Must have port for Service reference
rule: '(size(self.group) == 0 && self.kind == ''Service'')
? has(self.port) : true'
path:
description: |-
`path` specifies the OTLP/HTTP path to use. This is only applicable
when `protocol` is `HTTP`. If unset, this defaults to `/v1/logs`.
maxLength: 1024
minLength: 1
type: string
protocol:
default: GRPC
description: '`protocol` specifies the OTLP protocol variant
to use.'
enum:
- HTTP
- GRPC
type: string
required:
- backendRef
type: object
x-kubernetes-validations:
- message: path is only valid with protocol HTTP
rule: '!has(self.path) || !has(self.protocol) || self.protocol
== ''HTTP'''
- message: path must start with /
rule: '!has(self.path) || self.path.startsWith(''/'')'
type: object
http:
description: http defines settings on managing incoming HTTP requests.
properties:
http1IdleTimeout:
description: |-
`http1IdleTimeout` defines the timeout before an unused connection is
closed.
If unset, this defaults to 10 minutes.
type: string
x-kubernetes-validations:
- message: invalid duration value
rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')
- message: http1IdleTimeout must be at least 1 second
rule: duration(self) >= duration('1s')
http1MaxHeaders:
description: |-
`http1MaxHeaders` defines the maximum number of headers that are allowed
in `HTTP/1.1` requests.
If unset, this defaults to 100.
format: int32
maximum: 4096
minimum: 1
type: integer
http2ConnectionWindowSize:
description: |-
`http2ConnectionWindowSize` indicates the initial window size for
connection-level flow control for received data.
format: int32
minimum: 1
type: integer
http2FrameSize:
description: |-
`http2FrameSize` sets the maximum frame size to use.
If unset, this defaults to `16kb`.
format: int32
maximum: 1677215
minimum: 16384
type: integer
http2KeepaliveInterval:
type: string
x-kubernetes-validations:
- message: invalid duration value
rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')
- message: http2KeepaliveInterval must be at least 1 second
rule: duration(self) >= duration('1s')
http2KeepaliveTimeout:
type: string
x-kubernetes-validations:
- message: invalid duration value
rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')
- message: http2KeepaliveTimeout must be at least 1 second
rule: duration(self) >= duration('1s')
http2WindowSize:
description: |-
`http2WindowSize` indicates the initial window size for stream-level flow
control for received data.
format: int32
minimum: 1
type: integer
maxBufferSize:
description: |-
`maxBufferSize` defines the maximum HTTP body size that will be buffered
into memory.
Bodies will only be buffered for policies which require buffering.
If unset, this defaults to `2mb`.
format: int32
minimum: 1
type: integer
type: object
x-kubernetes-validations:
- message: at least one of the fields in [http1IdleTimeout http1MaxHeaders
http2ConnectionWindowSize http2FrameSize http2KeepaliveInterval
http2KeepaliveTimeout http2WindowSize maxBufferSize] must
be set
rule: '[has(self.http1IdleTimeout),has(self.http1MaxHeaders),has(self.http2ConnectionWindowSize),has(self.http2FrameSize),has(self.http2KeepaliveInterval),has(self.http2KeepaliveTimeout),has(self.http2WindowSize),has(self.maxBufferSize)].filter(x,x==true).size()
>= 1'
networkAuthorization:
description: |-
networkAuthorization defines CEL authorization on downstream network connections.
This runs before protocol handling and is intended for L4 access control,
for example using `source.address` with `cidr(...).containsIP(...)`.
properties:
action:
default: Allow
description: |-
`action` defines whether the rule allows, denies, or requires the request if
matched. If unspecified, the default is `Allow`.
Require policies are conjunctive across merged policies: all require policies must match.
enum:
- Allow
- Deny
- Require
type: string
policy:
description: |-
`policy` specifies the authorization rule to evaluate.
* For `Allow` rules: any policy allows the request.
* For `Require` rules: all policies must match for the request to be allowed.
* For `Deny` rules: any matching policy denies the request. Note: a CEL expression that fails to evaluate is not
considered to match, making this a risky policy; prefer to use `Require`.
The presence of at least one `Allow` rule triggers a deny-by-default policy, requiring at least 1 match to allow.
With no rules, all requires are allowed.
properties:
matchExpressions:
description: |-
MatchExpressions defines a set of conditions that must be satisfied for the rule to match.
These expressions should be in the form of a Common Expression Language
(`CEL`) expression.
items:
description: CELExpression represents a Common Expression
Language (CEL) expression.
maxLength: 16384
minLength: 1
type: string
maxItems: 256
minItems: 1
type: array
required:
- matchExpressions
type: object
required:
- policy
type: object
tcp:
description: tcp defines settings on managing incoming TCP connections.
properties:
keepalive:
description: keepalive defines settings for enabling TCP keepalives
on the connection.
properties:
interval:
description: |-
interval specifies the number of seconds between keep-alive probes.
If unset, this defaults to 180s.
type: string
x-kubernetes-validations:
- message: invalid duration value
rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')
- message: interval must be at least 1 second
rule: duration(self) >= duration('1s')
retries:
description: |-
retries specifies the maximum number of keep-alive probes to send before dropping the connection.
If unset, this defaults to 9.
format: int32
maximum: 64
minimum: 1
type: integer
time:
description: |-
time specifies the number of seconds a connection needs to be idle before keep-alive probes start being sent.
If unset, this defaults to 180s.
type: string
x-kubernetes-validations:
- message: invalid duration value
rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')
- message: time must be at least 1 second
rule: duration(self) >= duration('1s')
type: object
type: object
x-kubernetes-validations:
- message: at least one of the fields in [keepalive] must be set
rule: '[has(self.keepalive)].filter(x,x==true).size() >= 1'
tls:
description: tls defines settings on managing incoming TLS connections.
properties:
alpnProtocols:
description: |-
`alpnProtocols` sets the Application-Layer Protocol Negotiation (`ALPN`)
value to use in the TLS handshake.
If not present, defaults to `["h2", "http/1.1"]`.
items:
maxLength: 64
minLength: 1
type: string
maxItems: 16
minItems: 1
type: array
cipherSuites:
description: |-
CipherSuites configures the list of cipher suites for a TLS listener.
The value is a comma-separated list of cipher suites, for example
`TLS13_AES_256_GCM_SHA384,TLS13_AES_128_GCM_SHA256`.
Use this in the TLS options field of a TLS listener.
items:
enum:
- TLS13_AES_256_GCM_SHA384
- TLS13_AES_128_GCM_SHA256
- TLS13_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
type: string
type: array
handshakeTimeout:
description: |-
`handshakeTimeout` specifies the deadline for a TLS handshake to
complete. If unset, this defaults to `15s`.
type: string
x-kubernetes-validations:
- message: invalid duration value
rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')
- message: handshakeTimeout must be at least 100ms
rule: duration(self) >= duration('100ms')
maxProtocolVersion:
description: MaxTLSVersion configures the maximum TLS version
to support.
enum:
- "1.2"
- "1.3"
type: string
minProtocolVersion:
description: MinTLSVersion configures the minimum TLS version
to support.
enum:
- "1.2"
- "1.3"
type: string
type: object
x-kubernetes-validations:
- message: at least one of the fields in [alpnProtocols cipherSuites
handshakeTimeout maxProtocolVersion minProtocolVersion] must
be set
rule: '[has(self.alpnProtocols),has(self.cipherSuites),has(self.handshakeTimeout),has(self.maxProtocolVersion),has(self.minProtocolVersion)].filter(x,x==true).size()
>= 1'
tracing:
description: '`tracing` contains various settings for the OpenTelemetry
tracer.'
properties:
attributes:
description: |-
`attributes` specifies customizations to the key-value pairs that are
included in the trace.
properties:
add:
description: |-
`add` specifies additional key-value pairs to be added to each entry.
The value is a CEL expression. If the CEL expression fails to evaluate,
the pair will be excluded.
items:
properties:
expression:
description: CELExpression represents a Common Expression
Language (CEL) expression.
maxLength: 16384
minLength: 1
type: string
name:
maxLength: 256
minLength: 1
type: string
required:
- expression
- name
type: object
minItems: 1
type: array
remove:
description: |-
`remove` lists the default fields that should be removed. For example,
`http.method`.
items:
maxLength: 64
minLength: 1
type: string
maxItems: 32
minItems: 1
type: array
type: object
x-kubernetes-validations:
- message: at least one of the fields in [add remove] must
be set
rule: '[has(self.add),has(self.remove)].filter(x,x==true).size()
>= 1'
backendRef:
description: |-
`backendRef` references the OTLP server to reach.
Supported types: `Service` and `AgentgatewayBackend`.
properties:
group:
default: ""
description: |-
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
default: Service
description: |-
Kind is the Kubernetes resource kind of the referent. For example
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
description: Name is the name of the referent.
maxLength: 253
minLength: 1
type: string
namespace:
description: |-
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
port:
description: |-
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
format: int32
maximum: 65535
minimum: 1
type: integer
required:
- name
type: object
x-kubernetes-validations:
- message: Must have port for Service reference
rule: '(size(self.group) == 0 && self.kind == ''Service'')
? has(self.port) : true'
clientSampling:
description: |-
`clientSampling` is an expression to determine the amount of client
sampling. Client sampling determines whether to initiate a new trace
span if the incoming request does have a trace already. This should
evaluate to a float between `0.0` and `1.0`, or a boolean (`true` or
`false`). If unspecified, client sampling is `100%` enabled.
maxLength: 16384
minLength: 1
type: string
path:
description: |-
`path` specifies the OTLP path to use. This is only applicable when
`protocol` is `HTTP`. If unset, this defaults to `/v1/traces`.
maxLength: 1024
minLength: 1
type: string
protocol:
default: GRPC
description: '`protocol` specifies the OTLP protocol variant
to use.'
enum:
- HTTP
- GRPC
type: string
randomSampling:
description: |-
`randomSampling` is an expression to determine the amount of random
sampling. Random sampling will initiate a new trace span if the incoming
request does not have a trace initiated already. This should evaluate to
a float between `0.0` and `1.0`, or a boolean (`true` or `false`). If
unspecified, random sampling is disabled.
maxLength: 16384
minLength: 1
type: string
resources:
description: |-
`resources` describes the entity producing telemetry and specifies the
resources to be included in the trace.
items:
properties:
expression:
description: CELExpression represents a Common Expression
Language (CEL) expression.
maxLength: 16384
minLength: 1
type: string
name:
maxLength: 256
minLength: 1
type: string
required:
- expression
- name
type: object
type: array
required:
- backendRef
type: object
x-kubernetes-validations:
- message: path is only valid with protocol HTTP
rule: '!has(self.path) || !has(self.protocol) || self.protocol
== ''HTTP'''
- message: path must start with /
rule: '!has(self.path) || self.path.startsWith(''/'')'
type: object
x-kubernetes-validations:
- message: at least one of the fields in [accessLog http networkAuthorization
tcp tls tracing] must be set
rule: '[has(self.accessLog),has(self.http),has(self.networkAuthorization),has(self.tcp),has(self.tls),has(self.tracing)].filter(x,x==true).size()
>= 1'
targetRefs:
description: |-
`targetRefs` specifies the target resources by reference to attach the
policy to.
items:
description: |-
Select the object to attach the policy by `Group`, `Kind`, `Name`, and
`SectionName`.
The object must be in the same namespace as the policy.
You can target only one object at a time.
properties:
group:
description: |-
The API group of the target resource.
For Kubernetes Gateway API resources, the group is `gateway.networking.k8s.io`.
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
description: The API kind of the target resource, such as `Gateway`
or `HTTPRoute`.
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
description: The name of the target resource.
maxLength: 253
minLength: 1
type: string
sectionName:
description: The section name of the target resource.
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
required:
- group
- kind
- name
type: object
maxItems: 16
minItems: 1
type: array
x-kubernetes-list-type: atomic
x-kubernetes-validations:
- message: targetRefs may only reference Gateway, HTTPRoute, GRPCRoute,
ListenerSet, Service, or AgentgatewayBackend resources
rule: self.all(r, (r.kind == 'Service' && r.group == '') || (r.kind
== 'AgentgatewayBackend' && r.group == 'agentgateway.dev') ||
(r.kind in ['Gateway', 'HTTPRoute', 'GRPCRoute'] && r.group ==
'gateway.networking.k8s.io') || (r.kind == 'ListenerSet' && r.group
== 'gateway.networking.k8s.io'))
- message: Only one Kind of targetRef can be set on one policy
rule: self.all(l1, !self.exists(l2, l1.kind != l2.kind))
targetSelectors:
description: |-
`targetSelectors` specifies the target selectors used to select resources
to attach the policy to.
items:
description: |-
LocalPolicyTargetSelectorWithSectionName selects the object to attach the
policy by `Group`, `Kind`, `MatchLabels`, and optionally `SectionName`.
The object must be in the same namespace as the policy and match the
specified labels.
Do not use `targetSelectors` when reconciliation times are critical,
especially if you
have a large number of policies that target the same resource.
Instead, use `targetRefs` to attach the policy.
properties:
group:
description: |-
The API group of the target resource.
For Kubernetes Gateway API resources, the group is `gateway.networking.k8s.io`.
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
description: The API kind of the target resource, such as `Gateway`
or `HTTPRoute`.
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
matchLabels:
additionalProperties:
type: string
description: Label selector to select the target resource.
type: object
sectionName:
description: The section name of the target resource.
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
required:
- group
- kind
- matchLabels
type: object
maxItems: 16
minItems: 1
type: array
x-kubernetes-validations:
- message: targetRefs may only reference Gateway, HTTPRoute, GRPCRoute,
ListenerSet, Service, or AgentgatewayBackend resources
rule: self.all(r, (r.kind == 'Service' && r.group == '') || (r.kind
== 'AgentgatewayBackend' && r.group == 'agentgateway.dev') ||
(r.kind in ['Gateway', 'HTTPRoute', 'GRPCRoute'] && r.group ==
'gateway.networking.k8s.io') || (r.kind == 'ListenerSet' && r.group
== 'gateway.networking.k8s.io'))
- message: Only one Kind of targetRef can be set on one policy
rule: self.all(l1, !self.exists(l2, l1.kind != l2.kind))
traffic:
description: |-
traffic defines settings for how process traffic.
A traffic policy can target a `Gateway` (optionally, with a
`sectionName` indicating the listener), `ListenerSet`, or `Route`
(optionally, with a `sectionName` indicating the route rule).
When multiple policies are selected for a given request, they are merged on a field-level basis, but not a deep
merge. Precedence is given to more precise policies: `Gateway` <
`Listener` < `Route` < `Route Rule`. For example, policy A sets
`timeouts` and `retries`, and policy B sets `retries`; the effective
policy would be `timeouts` from policy A, and `retries` from policy B.
properties:
apiKeyAuthentication:
description: |-
`apiKeyAuthentication` authenticates users based on a configured API
key.
properties:
mode:
default: Strict
description: '`mode` is the validation mode for API key authentication.'
enum:
- Strict
- Optional
type: string
secretRef:
description: "`secretRef` references a Kubernetes `Secret`
storing a set of API keys.
If there are many keys, `secretSelector`
can be used instead.
Each entry in the `Secret` represents
one API key. The key is an
arbitrary identifier. The value
can either be:
* A string representing the API key.
*
A JSON object with two fields, `key` and `metadata`. `key`
contains
the API key. `metadata` contains arbitrary JSON
metadata associated
with the key, which may be used by
other policies. For example, you
may write an authorization
policy allowing `apiKey.group == 'sales'`.
Example:
apiVersion:
v1
kind: Secret
metadata:
name: api-key
stringData:
\ client1: |
{
\"key\": \"k-123\",
\"metadata\":
{
\"group\": \"sales\",
\"created_at\":
\"2024-10-01T12:00:00Z\"
}
}
client2:
\"k-456\""
properties:
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
x-kubernetes-map-type: atomic
secretSelector:
description: "`secretSelector` selects multiple `Secret` resources
containing API
keys. If the same key is defined in multiple
secrets, the behavior is
undefined.
Each entry in the
`Secret` represents one API key. The key is an
arbitrary
identifier. The value can either be:
* A string representing
the API key.
* A JSON object with two fields, `key` and
`metadata`. `key` contains
the API key. `metadata` contains
arbitrary JSON metadata associated
with the key, which
may be used by other policies. For example, you
may write
an authorization policy allowing `apiKey.group == 'sales'`.
Example:
apiVersion:
v1
kind: Secret
metadata:
name: api-key
stringData:
\ client1: |
{
\"key\": \"k-123\",
\"metadata\":
{
\"group\": \"sales\",
\"created_at\":
\"2024-10-01T12:00:00Z\"
}
}
client2:
\"k-456\""
properties:
matchLabels:
additionalProperties:
type: string
description: Label selector to select the target resource.
type: object
required:
- matchLabels
type: object
type: object
x-kubernetes-validations:
- message: exactly one of the fields in [secretRef secretSelector]
must be set
rule: '[has(self.secretRef),has(self.secretSelector)].filter(x,x==true).size()
== 1'
authorization:
description: |-
`authorization` specifies the access rules based on roles and
permissions.
If multiple authorization rules are applied across different policies (at the same, or different, attahcment points),
all rules are merged.
properties:
action:
default: Allow
description: |-
`action` defines whether the rule allows, denies, or requires the request if
matched. If unspecified, the default is `Allow`.
Require policies are conjunctive across merged policies: all require policies must match.
enum:
- Allow
- Deny
- Require
type: string
policy:
description: |-
`policy` specifies the authorization rule to evaluate.
* For `Allow` rules: any policy allows the request.
* For `Require` rules: all policies must match for the request to be allowed.
* For `Deny` rules: any matching policy denies the request. Note: a CEL expression that fails to evaluate is not
considered to match, making this a risky policy; prefer to use `Require`.
The presence of at least one `Allow` rule triggers a deny-by-default policy, requiring at least 1 match to allow.
With no rules, all requires are allowed.
properties:
matchExpressions:
description: |-
MatchExpressions defines a set of conditions that must be satisfied for the rule to match.
These expressions should be in the form of a Common Expression Language
(`CEL`) expression.
items:
description: CELExpression represents a Common Expression
Language (CEL) expression.
maxLength: 16384
minLength: 1
type: string
maxItems: 256
minItems: 1
type: array
required:
- matchExpressions
type: object
required:
- policy
type: object
basicAuthentication:
description: |-
`basicAuthentication` authenticates users based on the `Basic`
authentication scheme (RFC 7617), where a username and password are
encoded in the request.
properties:
mode:
default: Strict
description: '`mode` is the validation mode for basic auth
authentication.'
enum:
- Strict
- Optional
type: string
realm:
description: |-
`realm` specifies the `realm` to return in the `WWW-Authenticate`
header for failed authentication requests. If unset, `Restricted` will
be used.
type: string
secretRef:
description: "`secretRef` references a Kubernetes `Secret`
storing the `.htaccess`
file. The `Secret` must have a
key named `.htaccess`, and should contain
the complete
`.htaccess` file.
Note: passwords should be the hash
of the password, not the raw password. Use the `htpasswd`
or similar commands
to generate a hash. MD5, bcrypt, crypt,
and SHA-1 are supported.
Example:
apiVersion: v1
kind:
Secret
metadata:
name: basic-auth
stringData:
\ .htaccess: |
alice:$apr1$3zSE0Abt$IuETi4l5yO87MuOrbSE4V.
\ bob:$apr1$Ukb5LgRD$EPY2lIfY.A54jzLELNIId/"
properties:
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
x-kubernetes-map-type: atomic
users:
description: "`users` provides an inline list of username
and password pairs that will
be accepted. Each entry represents
one line of the `htpasswd` format:
https://httpd.apache.org/docs/2.4/programs/htpasswd.html.
Note:
passwords should be the hash of the password, not the raw
password. Use the `htpasswd` or similar commands
to generate
a hash. MD5, bcrypt, crypt, and SHA-1 are supported.
Example:
users:
-
\"user1:$apr1$ivPt0D4C$DmRhnewfHRSrb3DQC.WHC.\"
- \"user2:$2y$05$r3J4d3VepzFkedkd/q1vI.pBYIpSqjfN0qOARV3ScUHysatnS0cL2\""
items:
type: string
maxItems: 256
minItems: 1
type: array
type: object
x-kubernetes-validations:
- message: exactly one of the fields in [users secretRef] must
be set
rule: '[has(self.users),has(self.secretRef)].filter(x,x==true).size()
== 1'
cors:
description: cors specifies the CORS configuration for the policy.
properties:
allowCredentials:
description: |-
AllowCredentials indicates whether the actual cross-origin request allows
to include credentials.
When set to true, the gateway will include the `Access-Control-Allow-Credentials`
response header with value true (case-sensitive).
When set to false or omitted the gateway will omit the header
`Access-Control-Allow-Credentials` entirely (this is the standard CORS
behavior).
Support: Extended
type: boolean
allowHeaders:
description: |-
AllowHeaders indicates which HTTP request headers are supported for
accessing the requested resource.
Header names are not case-sensitive.
Multiple header names in the value of the `Access-Control-Allow-Headers`
response header are separated by a comma (",").
When the `AllowHeaders` field is configured with one or more headers, the
gateway must return the `Access-Control-Allow-Headers` response header
which value is present in the `AllowHeaders` field.
If any header name in the `Access-Control-Request-Headers` request header
is not included in the list of header names specified by the response
header `Access-Control-Allow-Headers`, it will present an error on the
client side.
If any header name in the `Access-Control-Allow-Headers` response header
does not recognize by the client, it will also occur an error on the
client side.
A wildcard indicates that the requests with all HTTP headers are allowed.
If config contains the wildcard "*" in allowHeaders and the request is
not credentialed, the `Access-Control-Allow-Headers` response header
can either use the `*` wildcard or the value of
Access-Control-Request-Headers from the request.
When the request is credentialed, the gateway must not specify the `*`
wildcard in the `Access-Control-Allow-Headers` response header. When
also the `AllowCredentials` field is true and `AllowHeaders` field
is specified with the `*` wildcard, the gateway must specify one or more
HTTP headers in the value of the `Access-Control-Allow-Headers` response
header. The value of the header `Access-Control-Allow-Headers` is same as
the `Access-Control-Request-Headers` header provided by the client. If
the header `Access-Control-Request-Headers` is not included in the
request, the gateway will omit the `Access-Control-Allow-Headers`
response header, instead of specifying the `*` wildcard.
Support: Extended
items:
description: |-
HTTPHeaderName is the name of an HTTP header.
Valid values include:
* "Authorization"
* "Set-Cookie"
Invalid values include:
- ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
maxLength: 256
minLength: 1
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_`|~]+$
type: string
maxItems: 64
type: array
x-kubernetes-list-type: set
x-kubernetes-validations:
- message: AllowHeaders cannot contain '*' alongside other
methods
rule: '!(''*'' in self && self.size() > 1)'
allowMethods:
description: |-
AllowMethods indicates which HTTP methods are supported for accessing the
requested resource.
Valid values are any method defined by RFC9110, along with the special
value `*`, which represents all HTTP methods are allowed.
Method names are case-sensitive, so these values are also case-sensitive.
(See https://www.rfc-editor.org/rfc/rfc2616#section-5.1.1)
Multiple method names in the value of the `Access-Control-Allow-Methods`
response header are separated by a comma (",").
A CORS-safelisted method is a method that is `GET`, `HEAD`, or `POST`.
(See https://fetch.spec.whatwg.org/#cors-safelisted-method) The
CORS-safelisted methods are always allowed, regardless of whether they
are specified in the `AllowMethods` field.
When the `AllowMethods` field is configured with one or more methods, the
gateway must return the `Access-Control-Allow-Methods` response header
which value is present in the `AllowMethods` field.
If the HTTP method of the `Access-Control-Request-Method` request header
is not included in the list of methods specified by the response header
`Access-Control-Allow-Methods`, it will present an error on the client
side.
If config contains the wildcard "*" in allowMethods and the request is
not credentialed, the `Access-Control-Allow-Methods` response header
can either use the `*` wildcard or the value of
Access-Control-Request-Method from the request.
When the request is credentialed, the gateway must not specify the `*`
wildcard in the `Access-Control-Allow-Methods` response header. When
also the `AllowCredentials` field is true and `AllowMethods` field
specified with the `*` wildcard, the gateway must specify one HTTP method
in the value of the Access-Control-Allow-Methods response header. The
value of the header `Access-Control-Allow-Methods` is same as the
`Access-Control-Request-Method` header provided by the client. If the
header `Access-Control-Request-Method` is not included in the request,
the gateway will omit the `Access-Control-Allow-Methods` response header,
instead of specifying the `*` wildcard.
Support: Extended
items:
enum:
- GET
- HEAD
- POST
- PUT
- DELETE
- CONNECT
- OPTIONS
- TRACE
- PATCH
- '*'
type: string
maxItems: 9
type: array
x-kubernetes-list-type: set
x-kubernetes-validations:
- message: AllowMethods cannot contain '*' alongside other
methods
rule: '!(''*'' in self && self.size() > 1)'
allowOrigins:
description: |-
AllowOrigins indicates whether the response can be shared with requested
resource from the given `Origin`.
The `Origin` consists of a scheme and a host, with an optional port, and
takes the form `://(:)`.
Valid values for scheme are: `http` and `https`.
Valid values for port are any integer between 1 and 65535 (the list of
available TCP/UDP ports). Note that, if not included, port `80` is
assumed for `http` scheme origins, and port `443` is assumed for `https`
origins. This may affect origin matching.
The host part of the origin may contain the wildcard character `*`. These
wildcard characters behave as follows:
* `*` is a greedy match to the _left_, including any number of
DNS labels to the left of its position. This also means that
`*` will include any number of period `.` characters to the
left of its position.
* A wildcard by itself matches all hosts.
An origin value that includes _only_ the `*` character indicates requests
from all `Origin`s are allowed.
When the `AllowOrigins` field is configured with multiple origins, it
means the server supports clients from multiple origins. If the request
`Origin` matches the configured allowed origins, the gateway must return
the given `Origin` and sets value of the header
`Access-Control-Allow-Origin` same as the `Origin` header provided by the
client.
The status code of a successful response to a "preflight" request is
always an OK status (i.e., 204 or 200).
If the request `Origin` does not match the configured allowed origins,
the gateway returns 204/200 response but doesn't set the relevant
cross-origin response headers. Alternatively, the gateway responds with
403 status to the "preflight" request is denied, coupled with omitting
the CORS headers. The cross-origin request fails on the client side.
Therefore, the client doesn't attempt the actual cross-origin request.
Conversely, if the request `Origin` matches one of the configured
allowed origins, the gateway sets the response header
`Access-Control-Allow-Origin` to the same value as the `Origin`
header provided by the client.
When config has the wildcard ("*") in allowOrigins, and the request
is not credentialed (e.g., it is a preflight request), the
`Access-Control-Allow-Origin` response header either contains the
wildcard as well or the Origin from the request.
When the request is credentialed, the gateway must not specify the `*`
wildcard in the `Access-Control-Allow-Origin` response header. When
also the `AllowCredentials` field is true and `AllowOrigins` field
specified with the `*` wildcard, the gateway must return a single origin
in the value of the `Access-Control-Allow-Origin` response header,
instead of specifying the `*` wildcard. The value of the header
`Access-Control-Allow-Origin` is same as the `Origin` header provided by
the client.
Support: Extended
items:
description: |-
The CORSOrigin MUST NOT be a relative URI, and it MUST follow the URI syntax and
encoding rules specified in RFC3986. The CORSOrigin MUST include both a
scheme ("http" or "https") and a scheme-specific-part, or it should be a single '*' character.
URIs that include an authority MUST include a fully qualified domain name or
IP address as the host.
maxLength: 253
minLength: 1
pattern: (^\*$)|(^(http(s)?):\/\/(((\*\.)?([a-zA-Z0-9\-]+\.)*[a-zA-Z0-9-]+|\*)(:([0-9]{1,5}))?)$)
type: string
maxItems: 64
type: array
x-kubernetes-list-type: set
x-kubernetes-validations:
- message: AllowOrigins cannot contain '*' alongside other
origins
rule: '!(''*'' in self && self.size() > 1)'
exposeHeaders:
description: |-
ExposeHeaders indicates which HTTP response headers can be exposed
to client-side scripts in response to a cross-origin request.
A CORS-safelisted response header is an HTTP header in a CORS response
that it is considered safe to expose to the client scripts.
The CORS-safelisted response headers include the following headers:
`Cache-Control`
`Content-Language`
`Content-Length`
`Content-Type`
`Expires`
`Last-Modified`
`Pragma`
(See https://fetch.spec.whatwg.org/#cors-safelisted-response-header-name)
The CORS-safelisted response headers are exposed to client by default.
When an HTTP header name is specified using the `ExposeHeaders` field,
this additional header will be exposed as part of the response to the
client.
Header names are not case-sensitive.
Multiple header names in the value of the `Access-Control-Expose-Headers`
response header are separated by a comma (",").
A wildcard indicates that the responses with all HTTP headers are exposed
to clients. The `Access-Control-Expose-Headers` response header can only
use `*` wildcard as value when the request is not credentialed.
When the `exposeHeaders` config field contains the "*" wildcard and
the request is credentialed, the gateway cannot use the `*` wildcard in
the `Access-Control-Expose-Headers` response header.
Support: Extended
items:
description: |-
HTTPHeaderName is the name of an HTTP header.
Valid values include:
* "Authorization"
* "Set-Cookie"
Invalid values include:
- ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
maxLength: 256
minLength: 1
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_`|~]+$
type: string
maxItems: 64
type: array
x-kubernetes-list-type: set
maxAge:
default: 5
description: |-
MaxAge indicates the duration (in seconds) for the client to cache the
results of a "preflight" request.
The information provided by the `Access-Control-Allow-Methods` and
`Access-Control-Allow-Headers` response headers can be cached by the
client until the time specified by `Access-Control-Max-Age` elapses.
The default value of `Access-Control-Max-Age` response header is 5
(seconds).
When the `MaxAge` field is unspecified, the gateway sets the response
header "Access-Control-Max-Age: 5" by default.
format: int32
minimum: 1
type: integer
type: object
x-kubernetes-preserve-unknown-fields: true
csrf:
description: |-
csrf specifies the Cross-Site Request Forgery (CSRF) policy for this traffic policy.
The CSRF policy has the following behavior:
* Safe methods (`GET`, `HEAD`, `OPTIONS`) are automatically allowed.
* Requests without `Sec-Fetch-Site` or `Origin` headers are assumed to
be same-origin or non-browser requests and are allowed.
* Otherwise, the `Sec-Fetch-Site` header is checked, with a fallback to
comparing the `Origin` header to the `Host` header.
properties:
additionalOrigins:
description: |-
`additionalOrigins` specifies additional source origins that will be
allowed in addition to the destination origin. The `Origin` consists of
a scheme and a host, with an optional port, and takes the form
`://(:)`.
items:
maxLength: 256
minLength: 1
type: string
maxItems: 16
minItems: 1
type: array
type: object
directResponse:
description: |-
`directResponse` configures the policy to send a direct response to the
client.
properties:
body:
description: |-
Body defines the content to be returned in the HTTP response body.
The maximum length of the body is restricted to prevent excessively large responses.
If this field is omitted, no body is included in the response.
maxLength: 4096
minLength: 1
type: string
status:
description: StatusCode defines the HTTP status code to return
for this route.
format: int32
maximum: 599
minimum: 200
type: integer
required:
- status
type: object
extAuth:
description: |-
extAuth specifies the external authentication configuration for the policy.
This controls what external server to send requests to for authentication.
properties:
backendRef:
description: |-
`backendRef` references the External Authorization server to reach.
Supported types: `Service` and `Backend`.
properties:
group:
default: ""
description: |-
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
default: Service
description: |-
Kind is the Kubernetes resource kind of the referent. For example
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
description: Name is the name of the referent.
maxLength: 253
minLength: 1
type: string
namespace:
description: |-
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
port:
description: |-
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
format: int32
maximum: 65535
minimum: 1
type: integer
required:
- name
type: object
x-kubernetes-validations:
- message: Must have port for Service reference
rule: '(size(self.group) == 0 && self.kind == ''Service'')
? has(self.port) : true'
failureMode:
description: |-
FailureMode controls behavior when the external authorization service is
unavailable or returns an error. "FailOpen" allows the request to continue.
"FailClosed" (default) denies the request.
enum:
- FailOpen
- FailClosed
type: string
forwardBody:
description: |-
`forwardBody` configures whether to include the HTTP body in the request.
If enabled, the request body will be buffered.
properties:
maxSize:
description: |-
`maxSize` specifies, in bytes, the largest body that will be buffered
and sent to the authorization server. If the body size is larger than
`maxSize`, then the request will be rejected with a response.
format: int32
minimum: 1
type: integer
required:
- maxSize
type: object
grpc:
description: |-
grpc specifies that the gRPC External Authorization
[protocol](https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/auth/v3/external_auth.proto) should be used.
properties:
contextExtensions:
additionalProperties:
type: string
description: |-
`contextExtensions` specifies additional arbitrary key-value pairs to
send to the authorization server in the `context_extensions` field.
maxProperties: 64
type: object
requestMetadata:
additionalProperties:
description: CELExpression represents a Common Expression
Language (CEL) expression.
maxLength: 16384
minLength: 1
type: string
description: |-
`requestMetadata` specifies metadata to be sent to the authorization
server. This maps to the `metadata_context.filter_metadata` field of the
request, and allows dynamic CEL expressions. If unset, by default the
`envoy.filters.http.jwt_authn` key is set if the JWT policy is used as
well, for compatibility.
maxProperties: 64
type: object
type: object
http:
description: |-
`http` specifies that the HTTP protocol should be used for connecting to
the authorization server. The authorization server must return a `200`
status code, otherwise the request is considered an authorization
failure.
properties:
addRequestHeaders:
additionalProperties:
description: CELExpression represents a Common Expression
Language (CEL) expression.
maxLength: 16384
minLength: 1
type: string
description: |-
`addRequestHeaders` specifies what additional headers to add to the
request to the authorization server. While `allowedRequestHeaders` just
passes the original headers through, `addRequestHeaders` allows defining
custom headers based on CEL expressions.
maxProperties: 64
type: object
allowedRequestHeaders:
description: |-
`allowedRequestHeaders` specifies what additional headers from the client request
will be sent to the authorization server.
If unset, the following headers are sent by default: `Authorization`.
items:
maxLength: 256
minLength: 1
type: string
maxItems: 64
type: array
allowedResponseHeaders:
description: |-
`allowedResponseHeaders` specifies what headers from the authorization response
will be copied into the request to the backend.
items:
maxLength: 256
minLength: 1
type: string
maxItems: 64
type: array
path:
description: |-
`path` specifies the path to send to the authorization server. If
unset, this defaults to the original request path.
This is a CEL expression, which allows customizing the path based on the
incoming request. For example, to add a prefix, use
`"/prefix/" + request.path`.
maxLength: 16384
minLength: 1
type: string
redirect:
description: |-
`redirect` defines an optional expression to determine a path to
redirect to on authorization failure. This is useful to redirect to a
sign-in page.
maxLength: 16384
minLength: 1
type: string
responseMetadata:
additionalProperties:
description: CELExpression represents a Common Expression
Language (CEL) expression.
maxLength: 16384
minLength: 1
type: string
description: |-
`responseMetadata` specifies what metadata fields should be constructed
from the authorization response. These will be included under the
`extauthz` variable in future CEL expressions. Setting this is useful
for things like logging usernames, without needing to include them as
headers to the backend, as `allowedResponseHeaders` would.
maxProperties: 64
type: object
type: object
required:
- backendRef
type: object
x-kubernetes-validations:
- message: exactly one of the fields in [grpc http] must be set
rule: '[has(self.grpc),has(self.http)].filter(x,x==true).size()
== 1'
extProc:
description: extProc specifies the external processing configuration
for the policy.
properties:
backendRef:
description: |-
`backendRef` references the External Processor server to reach.
Supported types: `Service` and `Backend`.
properties:
group:
default: ""
description: |-
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
default: Service
description: |-
Kind is the Kubernetes resource kind of the referent. For example
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
description: Name is the name of the referent.
maxLength: 253
minLength: 1
type: string
namespace:
description: |-
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
port:
description: |-
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
format: int32
maximum: 65535
minimum: 1
type: integer
required:
- name
type: object
x-kubernetes-validations:
- message: Must have port for Service reference
rule: '(size(self.group) == 0 && self.kind == ''Service'')
? has(self.port) : true'
required:
- backendRef
type: object
headerModifiers:
description: headerModifiers defines the policy to modify request
and response headers.
properties:
request:
description: Request modifies request headers.
properties:
add:
description: |-
Add adds the given header(s) (name, value) to the request
before the action. It appends to any existing values associated
with the header name.
Input:
GET /foo HTTP/1.1
my-header: foo
Config:
add:
- name: "my-header"
value: "bar,baz"
Output:
GET /foo HTTP/1.1
my-header: foo,bar,baz
items:
description: HTTPHeader represents an HTTP Header name
and value as defined by RFC 7230.
properties:
name:
description: |-
Name is the name of the HTTP Header to be matched. Name matching MUST be
case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
If multiple entries specify equivalent header names, the first entry with
an equivalent name MUST be considered for a match. Subsequent entries
with an equivalent header name MUST be ignored. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered
equivalent.
maxLength: 256
minLength: 1
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_`|~]+$
type: string
value:
description: |-
Value is the value of HTTP Header to be matched.
Must consist of printable US-ASCII characters, optionally separated
by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2
maxLength: 4096
minLength: 1
type: string
required:
- name
- value
type: object
maxItems: 16
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
remove:
description: |-
Remove the given header(s) from the HTTP request before the action. The
value of Remove is a list of HTTP header names. Note that the header
names are case-insensitive (see
https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
Input:
GET /foo HTTP/1.1
my-header1: foo
my-header2: bar
my-header3: baz
Config:
remove: ["my-header1", "my-header3"]
Output:
GET /foo HTTP/1.1
my-header2: bar
items:
type: string
maxItems: 16
type: array
x-kubernetes-list-type: set
set:
description: |-
Set overwrites the request with the given header (name, value)
before the action.
Input:
GET /foo HTTP/1.1
my-header: foo
Config:
set:
- name: "my-header"
value: "bar"
Output:
GET /foo HTTP/1.1
my-header: bar
items:
description: HTTPHeader represents an HTTP Header name
and value as defined by RFC 7230.
properties:
name:
description: |-
Name is the name of the HTTP Header to be matched. Name matching MUST be
case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
If multiple entries specify equivalent header names, the first entry with
an equivalent name MUST be considered for a match. Subsequent entries
with an equivalent header name MUST be ignored. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered
equivalent.
maxLength: 256
minLength: 1
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_`|~]+$
type: string
value:
description: |-
Value is the value of HTTP Header to be matched.
Must consist of printable US-ASCII characters, optionally separated
by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2
maxLength: 4096
minLength: 1
type: string
required:
- name
- value
type: object
maxItems: 16
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
type: object
response:
description: Response modifies response headers.
properties:
add:
description: |-
Add adds the given header(s) (name, value) to the request
before the action. It appends to any existing values associated
with the header name.
Input:
GET /foo HTTP/1.1
my-header: foo
Config:
add:
- name: "my-header"
value: "bar,baz"
Output:
GET /foo HTTP/1.1
my-header: foo,bar,baz
items:
description: HTTPHeader represents an HTTP Header name
and value as defined by RFC 7230.
properties:
name:
description: |-
Name is the name of the HTTP Header to be matched. Name matching MUST be
case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
If multiple entries specify equivalent header names, the first entry with
an equivalent name MUST be considered for a match. Subsequent entries
with an equivalent header name MUST be ignored. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered
equivalent.
maxLength: 256
minLength: 1
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_`|~]+$
type: string
value:
description: |-
Value is the value of HTTP Header to be matched.
Must consist of printable US-ASCII characters, optionally separated
by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2
maxLength: 4096
minLength: 1
type: string
required:
- name
- value
type: object
maxItems: 16
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
remove:
description: |-
Remove the given header(s) from the HTTP request before the action. The
value of Remove is a list of HTTP header names. Note that the header
names are case-insensitive (see
https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
Input:
GET /foo HTTP/1.1
my-header1: foo
my-header2: bar
my-header3: baz
Config:
remove: ["my-header1", "my-header3"]
Output:
GET /foo HTTP/1.1
my-header2: bar
items:
type: string
maxItems: 16
type: array
x-kubernetes-list-type: set
set:
description: |-
Set overwrites the request with the given header (name, value)
before the action.
Input:
GET /foo HTTP/1.1
my-header: foo
Config:
set:
- name: "my-header"
value: "bar"
Output:
GET /foo HTTP/1.1
my-header: bar
items:
description: HTTPHeader represents an HTTP Header name
and value as defined by RFC 7230.
properties:
name:
description: |-
Name is the name of the HTTP Header to be matched. Name matching MUST be
case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
If multiple entries specify equivalent header names, the first entry with
an equivalent name MUST be considered for a match. Subsequent entries
with an equivalent header name MUST be ignored. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered
equivalent.
maxLength: 256
minLength: 1
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_`|~]+$
type: string
value:
description: |-
Value is the value of HTTP Header to be matched.
Must consist of printable US-ASCII characters, optionally separated
by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2
maxLength: 4096
minLength: 1
type: string
required:
- name
- value
type: object
maxItems: 16
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
type: object
type: object
x-kubernetes-validations:
- message: at least one of the fields in [request response] must
be set
rule: '[has(self.request),has(self.response)].filter(x,x==true).size()
>= 1'
hostRewrite:
description: |-
`hostRewrite` specifies how to rewrite the `Host` header for requests.
If the `HTTPRoute` `urlRewrite` filter already specifies a host rewrite,
this setting is ignored.
properties:
mode:
description: |-
`mode` sets the hostname rewrite mode.
The following may be specified:
* `Auto`: automatically set the `Host` header based on the destination.
* `None`: do not rewrite the `Host` header. The original `Host` header
will be passed through.
This setting defaults to `Auto` when connecting to hostname-based
`Backend` types, and `None` otherwise, for `Service` or IP-based
backends.
enum:
- Auto
- None
type: string
required:
- mode
type: object
jwtAuthentication:
description: '`jwtAuthentication` authenticates users based on
JWT tokens.'
properties:
mcp:
description: |-
`mcp` optionally enables MCP OAuth metadata endpoint handling
and MCP-specific authentication behavior on top of standard JWT validation.
When set, the gateway will serve the MCP OAuth metadata discovery endpoints.
properties:
provider:
description: '`provider` specifies the identity provider
to use for MCP authentication flows.'
enum:
- Auth0
- Keycloak
type: string
resourceMetadata:
additionalProperties:
x-kubernetes-preserve-unknown-fields: true
description: |-
`resourceMetadata` defines the metadata to use for MCP resources,
served at the MCP OAuth metadata endpoints.
type: object
type: object
mode:
default: Strict
description: '`mode` is the validation mode for JWT authentication.'
enum:
- Strict
- Optional
- Permissive
type: string
providers:
items:
properties:
audiences:
description: |-
`audiences` specifies the list of allowed audiences that are allowed
access. This corresponds to the `aud` claim
(https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.3).
If unset, any audience is allowed.
items:
type: string
maxItems: 64
minItems: 1
type: array
issuer:
description: |-
`issuer` identifies the IdP that issued the JWT. This corresponds to the
`iss` claim (https://tools.ietf.org/html/rfc7519#section-4.1.1).
maxLength: 256
minLength: 1
type: string
jwks:
description: |-
`jwks` defines the JSON Web Key Set used to validate the signature of the
JWT.
properties:
inline:
description: |-
`inline` specifies an inline JSON Web Key Set used to validate the
signature of the JWT.
maxLength: 65536
minLength: 2
type: string
remote:
description: |-
`remote` specifies how to reach the JSON Web Key Set from a remote
address.
properties:
backendRef:
description: |-
`backendRef` references the remote JWKS server to reach.
Supported types are `Service` and static `Backend`. An
`AgentgatewayPolicy` containing backend TLS config can then be attached
to the `Service` or `Backend` in order to set TLS options for a
connection to the remote `jwks` source.
properties:
group:
default: ""
description: |-
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
default: Service
description: |-
Kind is the Kubernetes resource kind of the referent. For example
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
description: Name is the name of the referent.
maxLength: 253
minLength: 1
type: string
namespace:
description: |-
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
port:
description: |-
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
format: int32
maximum: 65535
minimum: 1
type: integer
required:
- name
type: object
x-kubernetes-validations:
- message: Must have port for Service reference
rule: '(size(self.group) == 0 && self.kind
== ''Service'') ? has(self.port) : true'
cacheDuration:
default: 5m
type: string
x-kubernetes-validations:
- message: invalid duration value
rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')
- message: cacheDuration must be at least 5m.
rule: duration(self) >= duration('5m')
jwksPath:
description: |-
Path to the IdP `jwks` endpoint, relative to the root, commonly
`".well-known/jwks.json"`.
maxLength: 2000
minLength: 1
type: string
required:
- backendRef
- jwksPath
type: object
type: object
x-kubernetes-validations:
- message: exactly one of the fields in [remote inline]
must be set
rule: '[has(self.remote),has(self.inline)].filter(x,x==true).size()
== 1'
required:
- issuer
- jwks
type: object
maxItems: 64
minItems: 1
type: array
required:
- providers
type: object
x-kubernetes-validations:
- message: jwtAuthentication.mcp requires exactly one provider
rule: '!has(self.mcp) || size(self.providers) == 1'
- message: jwtAuthentication.mcp requires mode Strict
rule: '!has(self.mcp) || !has(self.mode) || self.mode == ''Strict'''
phase:
description: |-
The phase to apply the traffic policy to. If the phase is `PreRouting`,
the `targetRef` must be a `Gateway` or a `Listener`. `PreRouting` is
typically used only when a policy needs to influence the routing
decision.
Even when using `PostRouting` mode, the policy can target the
`Gateway` or `Listener`. This is a helper for applying the policy to all
routes under that `Gateway` or `Listener`, and follows the merging logic
described above.
Note: `PreRouting` and `PostRouting` rules do not merge together. These
are independent execution phases. That is, all `PreRouting` rules will
merge and execute, then all `PostRouting` rules will merge and execute.
If unset, this defaults to `PostRouting`.
enum:
- PreRouting
- PostRouting
type: string
rateLimit:
description: |-
rateLimit specifies the rate limiting configuration for the policy.
This controls the rate at which requests are allowed to be processed.
properties:
global:
description: Global defines a global rate limiting policy
using an external service.
properties:
backendRef:
description: |-
`backendRef` references the rate limit server to reach.
Supported types: `Service` and `Backend`.
properties:
group:
default: ""
description: |-
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
default: Service
description: |-
Kind is the Kubernetes resource kind of the referent. For example
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
description: Name is the name of the referent.
maxLength: 253
minLength: 1
type: string
namespace:
description: |-
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
port:
description: |-
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
format: int32
maximum: 65535
minimum: 1
type: integer
required:
- name
type: object
x-kubernetes-validations:
- message: Must have port for Service reference
rule: '(size(self.group) == 0 && self.kind == ''Service'')
? has(self.port) : true'
descriptors:
description: |-
`descriptors` define the dimensions for rate limiting. These values are
passed to the rate limit service which applies configured limits based
on them. Each descriptor represents a single rate limit rule with one or
more entries.
items:
properties:
entries:
description: '`entries` are the individual components
that make up this descriptor.'
items:
description: A descriptor entry defines a single
entry in a rate limit descriptor.
properties:
expression:
description: |-
`expression` is a Common Expression Language (`CEL`) expression that
defines the value for the descriptor.
For example, to rate limit based on the Client IP: `source.address`.
See https://agentgateway.dev/docs/standalone/latest/reference/cel/ for more info.
maxLength: 16384
minLength: 1
type: string
name:
description: '`name` specifies the name of
the descriptor.'
maxLength: 64
minLength: 1
type: string
required:
- expression
- name
type: object
maxItems: 16
minItems: 1
type: array
unit:
description: |-
`unit` defines what to use as the cost function. If unspecified,
`Requests` is used.
enum:
- Requests
- Tokens
type: string
required:
- entries
type: object
maxItems: 16
minItems: 1
type: array
domain:
description: |-
`domain` specifies the domain under which this limit should apply.
This is an arbitrary string that enables a rate limit server to distinguish between different applications.
maxLength: 256
minLength: 1
type: string
failureMode:
description: |-
`failureMode` controls behavior when the remote rate limit service is
unavailable or returns an error. `FailOpen` allows the request to continue.
`FailClosed` (default) denies the request.
enum:
- FailOpen
- FailClosed
type: string
required:
- backendRef
- descriptors
- domain
type: object
local:
description: Local defines a local rate limiting policy.
items:
description: |-
Policy for local rate limiting. Local rate limits are handled locally on a per-proxy basis, without co-ordination
between instances of the proxy.
properties:
burst:
description: |-
`burst` specifies an allowance of requests above the request-per-unit
that should be allowed within a short period of time.
format: int32
type: integer
requests:
description: |-
`requests` specifies the number of HTTP requests per unit of time that
are allowed. Requests exceeding this limit will fail with a `429`
error.
format: int32
minimum: 1
type: integer
tokens:
description: |-
`tokens` specifies the number of LLM tokens per unit of time that are
allowed. Requests exceeding this limit will fail with a `429` error.
Both input and output tokens are counted. However, token counts are not known until the request completes. As a
result, token-based rate limits will apply to future requests only.
format: int32
minimum: 1
type: integer
unit:
description: '`unit` specifies the unit of time that
requests are limited on.'
enum:
- Seconds
- Minutes
- Hours
type: string
required:
- unit
type: object
x-kubernetes-validations:
- message: exactly one of the fields in [requests tokens]
must be set
rule: '[has(self.requests),has(self.tokens)].filter(x,x==true).size()
== 1'
maxItems: 16
minItems: 1
type: array
type: object
x-kubernetes-validations:
- message: at least one of the fields in [global local] must be
set
rule: '[has(self.global),has(self.local)].filter(x,x==true).size()
>= 1'
retry:
description: retry defines the policy for retrying requests.
properties:
attempts:
description: |-
Attempts specifies the maximum number of times an individual request
from the gateway to a backend should be retried.
If the maximum number of retries has been attempted without a successful
response from the backend, the Gateway MUST return an error.
When this field is unspecified, the number of times to attempt to retry
a backend request is implementation-specific.
Support: Extended
type: integer
backoff:
description: |-
Backoff specifies the minimum duration a Gateway should wait between
retry attempts and is represented in Gateway API Duration formatting.
For example, setting the `rules[].retry.backoff` field to the value
`100ms` will cause a backend request to first be retried approximately
100 milliseconds after timing out or receiving a response code configured
to be retriable.
An implementation MAY use an exponential or alternative backoff strategy
for subsequent retry attempts, MAY cap the maximum backoff duration to
some amount greater than the specified minimum, and MAY add arbitrary
jitter to stagger requests, as long as unsuccessful backend requests are
not retried before the configured minimum duration.
If a Request timeout (`rules[].timeouts.request`) is configured on the
route, the entire duration of the initial request and any retry attempts
MUST not exceed the Request timeout duration. If any retry attempts are
still in progress when the Request timeout duration has been reached,
these SHOULD be canceled if possible and the Gateway MUST immediately
return a timeout error.
If a BackendRequest timeout (`rules[].timeouts.backendRequest`) is
configured on the route, any retry attempts which reach the configured
BackendRequest timeout duration without a response SHOULD be canceled if
possible and the Gateway should wait for at least the specified backoff
duration before attempting to retry the backend request again.
If a BackendRequest timeout is _not_ configured on the route, retry
attempts MAY time out after an implementation default duration, or MAY
remain pending until a configured Request timeout or implementation
default duration for total request time is reached.
When this field is unspecified, the time to wait between retry attempts
is implementation-specific.
Support: Extended
pattern: ^([0-9]{1,5}(h|m|s|ms)){1,4}$
type: string
codes:
description: |-
Codes defines the HTTP response status codes for which a backend request
should be retried.
Support: Extended
items:
description: |-
HTTPRouteRetryStatusCode defines an HTTP response status code for
which a backend request should be retried.
Implementations MUST support the following status codes as retriable:
* 500
* 502
* 503
* 504
Implementations MAY support specifying additional discrete values in the
500-599 range.
Implementations MAY support specifying discrete values in the 400-499 range,
which are often inadvisable to retry.
maximum: 599
minimum: 400
type: integer
type: array
x-kubernetes-list-type: atomic
type: object
timeouts:
description: |-
`timeouts` defines the timeouts for requests.
It is applicable to `HTTPRoute` resources and ignored for other targeted
kinds.
properties:
request:
description: |-
request specifies a timeout for an individual request from the gateway to a backend. This covers the time from when
the request first starts being sent from the gateway to when the full response has been received from the backend.
type: string
x-kubernetes-validations:
- message: invalid duration value
rule: matches(self, '^([0-9]{1,5}(h|m|s|ms)){1,4}$')
- message: request must be at least 1ms
rule: duration(self) >= duration('100ms')
type: object
transformation:
description: |-
transformation is used to mutate and transform requests and responses
before forwarding them to the destination.
properties:
request:
description: '`request` is used to modify the request path.'
properties:
add:
description: |-
`add` is a list of headers to add to the request and what that value
should be set to. If there is already a header with these values then
append the value as an extra entry.
items:
properties:
name:
description: The name of the header to add.
maxLength: 256
minLength: 1
pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$
type: string
x-kubernetes-validations:
- message: pseudo-headers must be one of :authority,
:method, :path, :scheme, or :status
rule: '!self.startsWith('':'') || self in ['':authority'',
'':method'', '':path'', '':scheme'', '':status'']'
value:
description: |-
`value` is the CEL expression to apply to generate the output value for
the header.
maxLength: 16384
minLength: 1
type: string
required:
- name
- value
type: object
maxItems: 16
minItems: 1
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
body:
description: '`body` controls manipulation of the HTTP
body.'
maxLength: 16384
minLength: 1
type: string
metadata:
additionalProperties:
description: CELExpression represents a Common Expression
Language (CEL) expression.
maxLength: 16384
minLength: 1
type: string
description: |-
`metadata` stores CEL-evaluated values under the `metadata` CEL variable
for subsequent policy evaluations. `metadata` is evaluated before header
or body transformations.
maxProperties: 16
minProperties: 1
type: object
remove:
description: |-
`remove` is a list of header names to remove from the request or
response.
items:
description: An HTTP Header Name.
maxLength: 256
minLength: 1
pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$
type: string
x-kubernetes-validations:
- message: pseudo-headers must be one of :authority,
:method, :path, :scheme, or :status
rule: '!self.startsWith('':'') || self in ['':authority'',
'':method'', '':path'', '':scheme'', '':status'']'
maxItems: 16
minItems: 1
type: array
x-kubernetes-list-type: set
set:
description: '`set` is a list of headers and the value
they should be set to.'
items:
properties:
name:
description: The name of the header to add.
maxLength: 256
minLength: 1
pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$
type: string
x-kubernetes-validations:
- message: pseudo-headers must be one of :authority,
:method, :path, :scheme, or :status
rule: '!self.startsWith('':'') || self in ['':authority'',
'':method'', '':path'', '':scheme'', '':status'']'
value:
description: |-
`value` is the CEL expression to apply to generate the output value for
the header.
maxLength: 16384
minLength: 1
type: string
required:
- name
- value
type: object
maxItems: 16
minItems: 1
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
type: object
x-kubernetes-validations:
- message: at least one of the fields in [add body metadata
remove set] must be set
rule: '[has(self.add),has(self.body),has(self.metadata),has(self.remove),has(self.set)].filter(x,x==true).size()
>= 1'
response:
description: '`response` is used to modify the response path.'
properties:
add:
description: |-
`add` is a list of headers to add to the request and what that value
should be set to. If there is already a header with these values then
append the value as an extra entry.
items:
properties:
name:
description: The name of the header to add.
maxLength: 256
minLength: 1
pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$
type: string
x-kubernetes-validations:
- message: pseudo-headers must be one of :authority,
:method, :path, :scheme, or :status
rule: '!self.startsWith('':'') || self in ['':authority'',
'':method'', '':path'', '':scheme'', '':status'']'
value:
description: |-
`value` is the CEL expression to apply to generate the output value for
the header.
maxLength: 16384
minLength: 1
type: string
required:
- name
- value
type: object
maxItems: 16
minItems: 1
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
body:
description: '`body` controls manipulation of the HTTP
body.'
maxLength: 16384
minLength: 1
type: string
metadata:
additionalProperties:
description: CELExpression represents a Common Expression
Language (CEL) expression.
maxLength: 16384
minLength: 1
type: string
description: |-
`metadata` stores CEL-evaluated values under the `metadata` CEL variable
for subsequent policy evaluations. `metadata` is evaluated before header
or body transformations.
maxProperties: 16
minProperties: 1
type: object
remove:
description: |-
`remove` is a list of header names to remove from the request or
response.
items:
description: An HTTP Header Name.
maxLength: 256
minLength: 1
pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$
type: string
x-kubernetes-validations:
- message: pseudo-headers must be one of :authority,
:method, :path, :scheme, or :status
rule: '!self.startsWith('':'') || self in ['':authority'',
'':method'', '':path'', '':scheme'', '':status'']'
maxItems: 16
minItems: 1
type: array
x-kubernetes-list-type: set
set:
description: '`set` is a list of headers and the value
they should be set to.'
items:
properties:
name:
description: The name of the header to add.
maxLength: 256
minLength: 1
pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_`|~]+$
type: string
x-kubernetes-validations:
- message: pseudo-headers must be one of :authority,
:method, :path, :scheme, or :status
rule: '!self.startsWith('':'') || self in ['':authority'',
'':method'', '':path'', '':scheme'', '':status'']'
value:
description: |-
`value` is the CEL expression to apply to generate the output value for
the header.
maxLength: 16384
minLength: 1
type: string
required:
- name
- value
type: object
maxItems: 16
minItems: 1
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
type: object
x-kubernetes-validations:
- message: at least one of the fields in [add body metadata
remove set] must be set
rule: '[has(self.add),has(self.body),has(self.metadata),has(self.remove),has(self.set)].filter(x,x==true).size()
>= 1'
type: object
x-kubernetes-validations:
- message: at least one of the fields in [request response] must
be set
rule: '[has(self.request),has(self.response)].filter(x,x==true).size()
>= 1'
type: object
x-kubernetes-validations:
- message: phase PreRouting only supports extAuth, transformation,
extProc, jwtAuthentication, basicAuthentication, and apiKeyAuthentication
rule: 'has(self.phase) && self.phase == ''PreRouting'' ? [has(self.authorization),has(self.cors),has(self.csrf),has(self.directResponse),has(self.headerModifiers),has(self.hostRewrite),has(self.rateLimit),has(self.retry),has(self.timeouts)].filter(x,x==true).size()
== 0 : true'
type: object
x-kubernetes-validations:
- message: At least one of traffic, frontend, or backend must be provided.
rule: has(self.traffic) || has(self.frontend) || has(self.backend)
- message: backend.mcp may not be used with a Service target
rule: '!has(self.backend) || !has(self.backend.mcp) || ((!has(self.targetRefs)
|| !self.targetRefs.exists(t, t.kind == ''Service'')) && (!has(self.targetSelectors)
|| !self.targetSelectors.exists(t, t.kind == ''Service'')))'
- message: backend.ai may not be used with a Service target
rule: '!has(self.backend) || !has(self.backend.ai) || ((!has(self.targetRefs)
|| !self.targetRefs.exists(t, t.kind == ''Service'')) && (!has(self.targetSelectors)
|| !self.targetSelectors.exists(t, t.kind == ''Service'')))'
- message: traffic.jwtAuthentication may not be used with backend.mcp.authentication
in the same policy
rule: '!(has(self.traffic) && has(self.traffic.jwtAuthentication) &&
has(self.backend) && has(self.backend.mcp) && has(self.backend.mcp.authentication))'
- message: the 'frontend' field can only target a Gateway
rule: 'has(self.frontend) && has(self.targetRefs) ? self.targetRefs.all(t,
t.kind == ''Gateway'' && !has(t.sectionName)) : true'
- message: the 'frontend' field can only target a Gateway
rule: 'has(self.frontend) && has(self.targetSelectors) ? self.targetSelectors.all(t,
t.kind == ''Gateway'' && !has(t.sectionName)) : true'
- message: the 'traffic' field can only target a Gateway, ListenerSet,
GRPCRoute, or HTTPRoute
rule: 'has(self.traffic) && has(self.targetRefs) ? self.targetRefs.all(t,
t.kind in [''Gateway'', ''HTTPRoute'', ''GRPCRoute'', ''ListenerSet''])
: true'
- message: the 'traffic' field can only target a Gateway, ListenerSet,
GRPCRoute, or HTTPRoute
rule: 'has(self.traffic) && has(self.targetSelectors) ? self.targetSelectors.all(t,
t.kind in [''Gateway'', ''HTTPRoute'', ''GRPCRoute'', ''ListenerSet''])
: true'
- message: the 'traffic.phase=PreRouting' field can only target a Gateway
or ListenerSet
rule: 'has(self.targetRefs) && has(self.traffic) && has(self.traffic.phase)
&& self.traffic.phase == ''PreRouting'' ? self.targetRefs.all(t, t.kind
in [''Gateway'', ''ListenerSet'']) : true'
- message: the 'traffic.phase=PreRouting' field can only target a Gateway
or ListenerSet
rule: 'has(self.targetSelectors) && has(self.traffic) && has(self.traffic.phase)
&& self.traffic.phase == ''PreRouting'' ? self.targetSelectors.all(t,
t.kind in [''Gateway'', ''ListenerSet'']) : true'
- message: exactly one of the fields in [targetRefs targetSelectors] must
be set
rule: '[has(self.targetRefs),has(self.targetSelectors)].filter(x,x==true).size()
== 1'
status:
description: status defines the current state of AgentgatewayPolicy.
properties:
ancestors:
description: |-
Ancestors is a list of ancestor resources (usually Gateways) that are
associated with the policy, and the status of the policy with respect to
each ancestor. When this policy attaches to a parent, the controller that
manages the parent and the ancestors MUST add an entry to this list when
the controller first sees the policy and SHOULD update the entry as
appropriate when the relevant ancestor is modified.
Note that choosing the relevant ancestor is left to the Policy designers;
an important part of Policy design is designing the right object level at
which to namespace this status.
Note also that implementations MUST ONLY populate ancestor status for
the Ancestor resources they are responsible for. Implementations MUST
use the ControllerName field to uniquely identify the entries in this list
that they are responsible for.
Note that to achieve this, the list of PolicyAncestorStatus structs
MUST be treated as a map with a composite key, made up of the AncestorRef
and ControllerName fields combined.
A maximum of 16 ancestors will be represented in this list. An empty list
means the Policy is not relevant for any ancestors.
If this slice is full, implementations MUST NOT add further entries.
Instead they MUST consider the policy unimplementable and signal that
on any related resources such as the ancestor that would be referenced
here. For example, if this list was full on BackendTLSPolicy, no
additional Gateways would be able to reference the Service targeted by
the BackendTLSPolicy.
items:
description: |-
PolicyAncestorStatus describes the status of a route with respect to an
associated Ancestor.
Ancestors refer to objects that are either the Target of a policy or above it
in terms of object hierarchy. For example, if a policy targets a Service, the
Policy's Ancestors are, in order, the Service, the HTTPRoute, the Gateway, and
the GatewayClass. Almost always, in this hierarchy, the Gateway will be the most
useful object to place Policy status on, so we recommend that implementations
SHOULD use Gateway as the PolicyAncestorStatus object unless the designers
have a _very_ good reason otherwise.
In the context of policy attachment, the Ancestor is used to distinguish which
resource results in a distinct application of this policy. For example, if a policy
targets a Service, it may have a distinct result per attached Gateway.
Policies targeting the same resource may have different effects depending on the
ancestors of those resources. For example, different Gateways targeting the same
Service may have different capabilities, especially if they have different underlying
implementations.
For example, in BackendTLSPolicy, the Policy attaches to a Service that is
used as a backend in a HTTPRoute that is itself attached to a Gateway.
In this case, the relevant object for status is the Gateway, and that is the
ancestor object referred to in this status.
Note that a parent is also an ancestor, so for objects where the parent is the
relevant object for status, this struct SHOULD still be used.
This struct is intended to be used in a slice that's effectively a map,
with a composite key made up of the AncestorRef and the ControllerName.
properties:
ancestorRef:
description: |-
AncestorRef corresponds with a ParentRef in the spec that this
PolicyAncestorStatus struct describes the status of.
properties:
group:
default: gateway.networking.k8s.io
description: |-
Group is the group of the referent.
When unspecified, "gateway.networking.k8s.io" is inferred.
To set the core API group (such as for a "Service" kind referent),
Group must be explicitly set to "" (empty string).
Support: Core
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
default: Gateway
description: |-
Kind is kind of the referent.
There are two kinds of parent resources with "Core" support:
* Gateway (Gateway conformance profile)
* Service (Mesh conformance profile, ClusterIP Services only)
Support for other resources is Implementation-Specific.
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
description: |-
Name is the name of the referent.
Support: Core
maxLength: 253
minLength: 1
type: string
namespace:
description: |-
Namespace is the namespace of the referent. When unspecified, this refers
to the local namespace of the Route.
Note that there are specific rules for ParentRefs which cross namespace
boundaries. Cross-namespace references are only valid if they are explicitly
allowed by something in the namespace they are referring to. For example:
Gateway has the AllowedRoutes field, and ReferenceGrant provides a
generic way to enable any other kind of cross-namespace reference.
ParentRefs from a Route to a Service in the same namespace are "producer"
routes, which apply default routing rules to inbound connections from
any namespace to the Service.
ParentRefs from a Route to a Service in a different namespace are
"consumer" routes, and these routing rules are only applied to outbound
connections originating from the same namespace as the Route, for which
the intended destination of the connections are a Service targeted as a
ParentRef of the Route.
Support: Core
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
port:
description: |-
Port is the network port this Route targets. It can be interpreted
differently based on the type of parent resource.
When the parent resource is a Gateway, this targets all listeners
listening on the specified port that also support this kind of Route(and
select this Route). It's not recommended to set `Port` unless the
networking behaviors specified in a Route must apply to a specific port
as opposed to a listener(s) whose port(s) may be changed. When both Port
and SectionName are specified, the name and port of the selected listener
must match both specified values.
When the parent resource is a Service, this targets a specific port in the
Service spec. When both Port (experimental) and SectionName are specified,
the name and port of the selected port must match both specified values.
Implementations MAY choose to support other parent resources.
Implementations supporting other types of parent resources MUST clearly
document how/if Port is interpreted.
For the purpose of status, an attachment is considered successful as
long as the parent resource accepts it partially. For example, Gateway
listeners can restrict which Routes can attach to them by Route kind,
namespace, or hostname. If 1 of 2 Gateway listeners accept attachment
from the referencing Route, the Route MUST be considered successfully
attached. If no Gateway listeners accept attachment from this Route,
the Route MUST be considered detached from the Gateway.
Support: Extended
format: int32
maximum: 65535
minimum: 1
type: integer
sectionName:
description: |-
SectionName is the name of a section within the target resource. In the
following resources, SectionName is interpreted as the following:
* Gateway: Listener name. When both Port (experimental) and SectionName
are specified, the name and port of the selected listener must match
both specified values.
* Service: Port name. When both Port (experimental) and SectionName
are specified, the name and port of the selected listener must match
both specified values.
Implementations MAY choose to support attaching Routes to other resources.
If that is the case, they MUST clearly document how SectionName is
interpreted.
When unspecified (empty string), this will reference the entire resource.
For the purpose of status, an attachment is considered successful if at
least one section in the parent resource accepts it. For example, Gateway
listeners can restrict which Routes can attach to them by Route kind,
namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from
the referencing Route, the Route MUST be considered successfully
attached. If no Gateway listeners accept attachment from this Route, the
Route MUST be considered detached from the Gateway.
Support: Core
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
required:
- name
type: object
conditions:
description: |-
Conditions describes the status of the Policy with respect to the given Ancestor.
Notes for implementors:
Conditions are a listType `map`, which means that they function like a
map with a key of the `type` field _in the k8s apiserver_.
This means that implementations must obey some rules when updating this
section.
* Implementations MUST perform a read-modify-write cycle on this field
before modifying it. That is, when modifying this field, implementations
must be confident they have fetched the most recent version of this field,
and ensure that changes they make are on that recent version.
* Implementations MUST NOT remove or reorder Conditions that they are not
directly responsible for. For example, if an implementation sees a Condition
with type `special.io/SomeField`, it MUST NOT remove, change or update that
Condition.
* Implementations MUST always _merge_ changes into Conditions of the same Type,
rather than creating more than one Condition of the same Type.
* Implementations MUST always update the `observedGeneration` field of the
Condition to the `metadata.generation` of the Gateway at the time of update creation.
* If the `observedGeneration` of a Condition is _greater than_ the value the
implementation knows about, then it MUST NOT perform the update on that Condition,
but must wait for a future reconciliation and status update. (The assumption is that
the implementation's copy of the object is stale and an update will be re-triggered
if relevant.)
items:
description: Condition contains details for one aspect of
the current state of this API Resource.
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False,
Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
maxItems: 8
minItems: 1
type: array
x-kubernetes-list-map-keys:
- type
x-kubernetes-list-type: map
controllerName:
description: |-
ControllerName is a domain/path string that indicates the name of the
controller that wrote this status. This corresponds with the
controllerName field on GatewayClass.
Example: "example.net/gateway-controller".
The format of this field is DOMAIN "/" PATH, where DOMAIN and PATH are
valid Kubernetes names
(https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
Controllers MUST populate this field when writing status. Controllers should ensure that
entries to status populated with their ControllerName are cleaned up when they are no
longer necessary.
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
type: string
required:
- ancestorRef
- conditions
- controllerName
type: object
maxItems: 16
type: array
x-kubernetes-list-type: atomic
required:
- ancestors
type: object
required:
- spec
type: object
served: true
storage: true
subresources:
status: {}