apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  name: aiservices.hub.traefik.io
spec:
  group: hub.traefik.io
  scope: Namespaced
  names:
    kind: AIService
    listKind: AIServiceList
    singular: aiservice
    plural: aiservices
  versions:
    - name: v1alpha1
      served: true
      storage: true
      schema:
        openAPIV3Schema:
          type: object
          description: >-
            AIService configures the Traefik AI Gateway target for an LLM
            provider (OpenAI, Anthropic, Azure OpenAI, AWS Bedrock, Cohere,
            Gemini, Mistral, Ollama, or self-hosted). It carries the upstream
            credentials reference, default model, semantic-cache settings,
            and safety/guardrail policy chain (Presidio PII redaction, NVIDIA
            Safety NIM jailbreak detection, content filters).
          properties:
            spec:
              type: object
              properties:
                provider:
                  type: string
                  enum:
                    - openai
                    - anthropic
                    - azureOpenAI
                    - bedrock
                    - cohere
                    - gemini
                    - mistral
                    - ollama
                    - selfHosted
                model:
                  type: string
                credentialsSecret:
                  type: string
                cache:
                  type: object
                  properties:
                    enabled:
                      type: boolean
                    semanticThreshold:
                      type: number
                guardrails:
                  type: object
                  properties:
                    pii:
                      type: object
                    contentFilter:
                      type: object
                    jailbreakDetection:
                      type: object