AgentgatewayPolicy
agentgateway.dev / v1alpha1
apiVersion: agentgateway.dev/v1alpha1
kind: AgentgatewayPolicy
metadata:
name: example
apiVersion
string
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
kind
string
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
metadata
object
spec object required
Desired policy configuration.
backend object
Settings for how to connect to destination backends.
A backend policy can target a `Gateway` (optionally, with a
`sectionName` indicating the listener), `ListenerSet`, `Route`
(optionally, with a `sectionName` indicating the route rule), or a
`Service` or `Backend` (optionally, with a `sectionName` indicating the
port for `Service`, or sub-backend for `Backend`).
Note that a backend policy applies when connecting to a specific destination backend. Targeting a higher level
resource, like `Gateway`, is just a way to easily apply a policy to a
group of backends.
When multiple policies are selected for a given request, they are merged on a field-level basis, but not a deep
merge. Precedence is given to more precise policies: `Gateway` <
`Listener` < `Route` < `Route Rule` < `Backend` or `Service`. For
example, if a `Gateway` policy sets `tcp` and `tls`, and a `Backend`
policy sets `tls`, the effective policy would be `tcp` from the
`Gateway`, and `tls` from the `Backend`.
ai object
Settings for AI workloads. This is only applicable when
connecting to a `Backend` of type `ai`.
defaults []object
Defaults to merge with user input fields. If the field is already set, the field in the request is used.
minItems:
1maxItems:
64
field
string required
Name of the field.
maxLength:
256
value
object required
Default value for the field. This can be any JSON data type.
modelAliases
object
Maps friendly model names to actual provider model names.
Example: `{"fast": "gpt-3.5-turbo", "smart": "gpt-4-turbo"}`.
Note: This field is only applicable when using the agentgateway data plane.
overrides []object
Overrides to merge with user input fields. If the field is already set, the field is overwritten.
minItems:
1maxItems:
64
field
string required
Name of the field.
maxLength:
256
value
object required
Default value for the field. This can be any JSON data type.
prompt object
Enriches requests sent to the LLM provider by appending and prepending system prompts. This can be configured only for
LLM providers that use the `CHAT` or `CHAT_STREAMING` API route type.
append []object
Messages to append to the prompt sent by the client.
content
string required
String content of the message.
role
string required
Role of the message. The available roles depend on the backend
LLM provider model, such as `SYSTEM` or `USER` in the OpenAI API.
prepend []object
Messages to prepend to the prompt sent by the client.
content
string required
String content of the message.
role
string required
Role of the message. The available roles depend on the backend
LLM provider model, such as `SYSTEM` or `USER` in the OpenAI API.
promptCaching object
Automatic prompt caching for supported
providers, currently AWS Bedrock.
Reduces API costs by caching static content like system prompts and tool definitions.
Only applicable for Bedrock Claude 3+ and Nova models.
cacheMessageOffset
integer
Shifts the message cache point further back in the
conversation. 0 (default) places it at the second-to-last message.
Higher values move it N additional messages towards the start, clamped
to bounds.
minimum:
0
cacheMessages
boolean
Enables caching for conversation messages.
Caches all messages in the conversation for cost savings.
cacheSystem
boolean
Enables caching for system prompts.
Inserts a cache point after all system messages.
cacheTools
boolean
Enables caching for tool definitions.
Inserts a cache point after all tool specifications.
minTokens
integer
Minimum estimated token count
before caching is enabled. Uses rough heuristic (word count × 1.3) to estimate tokens.
Bedrock requires at least 1,024 tokens for caching to be effective.
minimum:
0promptGuard object
Guardrails for LLM requests and responses.
request []object
Prompt guards to apply to requests sent by the client.
minItems:
1maxItems:
8bedrockGuardrails object
AWS Bedrock Guardrails settings for prompt
guarding.
identifier
string required
Identifier of the Guardrail policy to use for the backend.
minLength:
1maxLength:
256policies object
Policies for communicating with AWS Bedrock Guardrails.
auth object
Settings for managing authentication to the backend.
aws object
Explicit AWS authentication method for the backend.
When omitted, default AWS SDK credential discovery is used.
assumeRole object
AWS STS AssumeRole settings to use before signing backend requests.
Ambient AWS credentials are used as the source credentials for STS.
roleArn
string required
AWS IAM role ARN to assume.
pattern:
^arn:aws[a-z-]*:iam::[0-9]{12}:role/.+$minLength:
1secretRef object
Credential source, defaulting to a Kubernetes
`Secret`, containing the AWS credentials. When using the default Secret
resolver, the `Secret` must have keys `accessKey`, `secretKey`, and
optionally `sessionToken`.
group
string
The API group of the referenced credential.
Empty selects the core API group.
kind
string
The kind of the referenced credential.
Empty defaults to `Secret`.
name
string required
The name of the referenced credential.
minLength:
1maxLength:
253
serviceName
string
AWS SigV4 signing service name, for example
`bedrock`, `bedrock-agentcore`, or `execute-api`). If unset, typed AWS
backends may provide this automatically.
minLength:
1maxLength:
256azure object
Azure authentication method for the backend.
managedIdentity object
Managed identity authentication settings.
clientId
string required
objectId
string required
resourceId
string required
secretRef object
Credential source, defaulting to a Kubernetes
`Secret`, containing the Azure credentials. When using the default Secret
resolver, the `Secret` must have keys `clientID`, `tenantID`, and
`clientSecret`.
group
string
The API group of the referenced credential.
Empty selects the core API group.
kind
string
The kind of the referenced credential.
Empty defaults to `Secret`.
name
string required
The name of the referenced credential.
minLength:
1maxLength:
253gcp object
Google authentication method for the backend.
When omitted, default Google credential discovery is used.
audience
string
Explicit `aud` value for the ID token. Only
valid with `IdToken` type. If not set, the `aud` is automatically
derived from the backend hostname.
minLength:
1maxLength:
256secretRef object
Credential source, defaulting to a Kubernetes
`Secret`, containing ADC-compatible Google credential JSON. When using
the default Secret resolver, this must be stored in the `credentials.json`
key. When omitted, ambient credentials are used.
group
string
The API group of the referenced credential.
Empty selects the core API group.
kind
string
The kind of the referenced credential.
Empty defaults to `Secret`.
name
string required
The name of the referenced credential.
minLength:
1maxLength:
253
type
string
The type of token to generate. To authenticate to GCP services,
generally an `AccessToken` is used. To authenticate to Cloud Run, an
`IdToken` is used.
enum:
AccessToken, IdToken
key
string
Inline key to use as the value of the
`Authorization` header. This option is the least secure; usage of a
`Secret` is preferred.
maxLength:
2048location object
Where backend credentials are inserted.
If omitted, credentials are written to the `Authorization` header with the `Bearer ` prefix.
This applies to `key`, `secretRef`, and `passthrough`.
cookie object
name
string required
minLength:
1maxLength:
256header object
name
string required
HTTPHeaderName is the name of an HTTP header.
Valid values include:
* "Authorization"
* "Set-Cookie"
Invalid values include:
- ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
pattern:
^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$minLength:
1maxLength:
256
prefix
string
minLength:
1maxLength:
256queryParameter object
name
string required
minLength:
1maxLength:
256
passthrough
object
Passes through an existing token that has been sent by the
client and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
secretRef object
Credential source, defaulting to a Kubernetes
`Secret`, storing the key to use as the authorization value. When using
the default Secret resolver, this must be stored in the `Authorization`
key.
group
string
The API group of the referenced credential.
Empty selects the core API group.
kind
string
The kind of the referenced credential.
Empty defaults to `Secret`.
name
string required
The name of the referenced credential.
minLength:
1maxLength:
253http object
Settings for managing HTTP requests to the backend.
requestTimeout
string
Deadline for receiving a response from the backend.
version
string
HTTP protocol version to use when connecting to
the backend.
If not specified, the version is automatically determined:
* `Service` types can specify it with `appProtocol` on the `Service`
port.
* If traffic is identified as gRPC, `HTTP2` is used.
* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS, `HTTP1` will be used. This is
because most clients will transparently upgrade HTTPS traffic to
`HTTP2`, even if the backend doesn't support it.
enum:
HTTP1, HTTP2tcp object
Settings for managing TCP connections to the backend.
connectTimeout
string
Deadline for establishing a connection to
the destination.
keepalive object
Settings for enabling TCP keepalives on the
connection.
interval
string
Time between keepalive probes.
If unset, this defaults to 180s.
retries
integer
Maximum number of keepalive probes to send before dropping the connection.
If unset, this defaults to 9.
format:
int32minimum:
1maximum:
64
time
string
Time a connection needs to be idle before keepalive probes start being sent.
If unset, this defaults to 180s.
tls object
Settings for managing TLS connections to the backend.
If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to
validate the server, and the SNI will automatically be set based on the destination.
alpnProtocols
[]string
Application-Layer Protocol Negotiation (`ALPN`)
value to use in the TLS handshake.
If not present, defaults to `["h2", "http/1.1"]`.
minItems:
1maxItems:
16caCertificateRefs []object
CA certificate `ConfigMap` to use to
verify the server certificate.
If unset, the system's trusted certificates are used.
maxItems:
1
name
string
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
insecureSkipVerify
string
Originates TLS but skips verification of the backend's certificate.
WARNING: This is an insecure option that should only be used if the risks are understood.
There are two modes:
* `All` disables all TLS verification.
* `Hostname` verifies the CA certificate is trusted, but ignores any
mismatch of hostname or SANs. Note that this method is still insecure;
prefer setting `verifySubjectAltNames` to customize the valid hostnames
if possible.
enum:
All, Hostname
keyExchangeGroups
[]string
Ordered list of key exchange groups for a TLS connection.
For example: `X25519_MLKEM768,X25519`.
mtlsCertificateRef []object
Enables mutual TLS to the backend, using the
specified key (`tls.key`) and cert (`tls.crt`) from the referenced
credential source, defaulting to a Kubernetes `Secret`.
An optional `ca.cert` field, if present, will be used to verify the
server certificate. If `caCertificateRefs` is also specified, the
`caCertificateRefs` field takes priority.
If unspecified, no client certificate will be used.
maxItems:
1
group
string
The API group of the referenced credential.
Empty selects the core API group.
kind
string
The kind of the referenced credential.
Empty defaults to `Secret`.
name
string required
The name of the referenced credential.
minLength:
1maxLength:
253
sni
string
Server Name Indicator (`SNI`) to use in the TLS
handshake. If unset, the `SNI` is automatically set based on the
destination hostname.
pattern:
^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$minLength:
1maxLength:
253
verifySubjectAltNames
[]string
Subject Alternative Names (`SAN`)
to verify in the server certificate.
If not present, the destination hostname is automatically used.
minItems:
1maxItems:
16tunnel object
Settings for managing tunnel connections, with behavior like `HTTPS_PROXY`, to the backend.
backendRef object required
Proxy server to reach.
Supported types: `Service` and `Backend`.
group
string
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
pattern:
^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$maxLength:
253
kind
string
Kind is the Kubernetes resource kind of the referent. For example
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
pattern:
^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$minLength:
1maxLength:
63
name
string required
Name is the name of the referent.
minLength:
1maxLength:
253
namespace
string
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
pattern:
^[a-z0-9]([-a-z0-9]*[a-z0-9])?$minLength:
1maxLength:
63
port
integer
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
format:
int32minimum:
1maximum:
65535
region
string required
AWS region where the guardrail is deployed, for example
`us-west-2`).
minLength:
1maxLength:
256
version
string required
Version of the Guardrail policy to use for the backend.
minLength:
1maxLength:
256googleModelArmor object
Google Model Armor settings for prompt guarding.
location
string
Google Cloud location, for example `us-central1`.
Defaults to `us-central1` if not specified.
minLength:
1maxLength:
256policies object
Policies for communicating with Google Model Armor.
auth object
Settings for managing authentication to the backend.
aws object
Explicit AWS authentication method for the backend.
When omitted, default AWS SDK credential discovery is used.
assumeRole object
AWS STS AssumeRole settings to use before signing backend requests.
Ambient AWS credentials are used as the source credentials for STS.
roleArn
string required
AWS IAM role ARN to assume.
pattern:
^arn:aws[a-z-]*:iam::[0-9]{12}:role/.+$minLength:
1secretRef object
Credential source, defaulting to a Kubernetes
`Secret`, containing the AWS credentials. When using the default Secret
resolver, the `Secret` must have keys `accessKey`, `secretKey`, and
optionally `sessionToken`.
group
string
The API group of the referenced credential.
Empty selects the core API group.
kind
string
The kind of the referenced credential.
Empty defaults to `Secret`.
name
string required
The name of the referenced credential.
minLength:
1maxLength:
253
serviceName
string
AWS SigV4 signing service name, for example
`bedrock`, `bedrock-agentcore`, or `execute-api`). If unset, typed AWS
backends may provide this automatically.
minLength:
1maxLength:
256azure object
Azure authentication method for the backend.
managedIdentity object
Managed identity authentication settings.
clientId
string required
objectId
string required
resourceId
string required
secretRef object
Credential source, defaulting to a Kubernetes
`Secret`, containing the Azure credentials. When using the default Secret
resolver, the `Secret` must have keys `clientID`, `tenantID`, and
`clientSecret`.
group
string
The API group of the referenced credential.
Empty selects the core API group.
kind
string
The kind of the referenced credential.
Empty defaults to `Secret`.
name
string required
The name of the referenced credential.
minLength:
1maxLength:
253gcp object
Google authentication method for the backend.
When omitted, default Google credential discovery is used.
audience
string
Explicit `aud` value for the ID token. Only
valid with `IdToken` type. If not set, the `aud` is automatically
derived from the backend hostname.
minLength:
1maxLength:
256secretRef object
Credential source, defaulting to a Kubernetes
`Secret`, containing ADC-compatible Google credential JSON. When using
the default Secret resolver, this must be stored in the `credentials.json`
key. When omitted, ambient credentials are used.
group
string
The API group of the referenced credential.
Empty selects the core API group.
kind
string
The kind of the referenced credential.
Empty defaults to `Secret`.
name
string required
The name of the referenced credential.
minLength:
1maxLength:
253
type
string
The type of token to generate. To authenticate to GCP services,
generally an `AccessToken` is used. To authenticate to Cloud Run, an
`IdToken` is used.
enum:
AccessToken, IdToken
key
string
Inline key to use as the value of the
`Authorization` header. This option is the least secure; usage of a
`Secret` is preferred.
maxLength:
2048location object
Where backend credentials are inserted.
If omitted, credentials are written to the `Authorization` header with the `Bearer ` prefix.
This applies to `key`, `secretRef`, and `passthrough`.
cookie object
name
string required
minLength:
1maxLength:
256header object
name
string required
HTTPHeaderName is the name of an HTTP header.
Valid values include:
* "Authorization"
* "Set-Cookie"
Invalid values include:
- ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
pattern:
^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$minLength:
1maxLength:
256
prefix
string
minLength:
1maxLength:
256queryParameter object
name
string required
minLength:
1maxLength:
256
passthrough
object
Passes through an existing token that has been sent by the
client and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
secretRef object
Credential source, defaulting to a Kubernetes
`Secret`, storing the key to use as the authorization value. When using
the default Secret resolver, this must be stored in the `Authorization`
key.
group
string
The API group of the referenced credential.
Empty selects the core API group.
kind
string
The kind of the referenced credential.
Empty defaults to `Secret`.
name
string required
The name of the referenced credential.
minLength:
1maxLength:
253http object
Settings for managing HTTP requests to the backend.
requestTimeout
string
Deadline for receiving a response from the backend.
version
string
HTTP protocol version to use when connecting to
the backend.
If not specified, the version is automatically determined:
* `Service` types can specify it with `appProtocol` on the `Service`
port.
* If traffic is identified as gRPC, `HTTP2` is used.
* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS, `HTTP1` will be used. This is
because most clients will transparently upgrade HTTPS traffic to
`HTTP2`, even if the backend doesn't support it.
enum:
HTTP1, HTTP2tcp object
Settings for managing TCP connections to the backend.
connectTimeout
string
Deadline for establishing a connection to
the destination.
keepalive object
Settings for enabling TCP keepalives on the
connection.
interval
string
Time between keepalive probes.
If unset, this defaults to 180s.
retries
integer
Maximum number of keepalive probes to send before dropping the connection.
If unset, this defaults to 9.
format:
int32minimum:
1maximum:
64
time
string
Time a connection needs to be idle before keepalive probes start being sent.
If unset, this defaults to 180s.
tls object
Settings for managing TLS connections to the backend.
If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to
validate the server, and the SNI will automatically be set based on the destination.
alpnProtocols
[]string
Application-Layer Protocol Negotiation (`ALPN`)
value to use in the TLS handshake.
If not present, defaults to `["h2", "http/1.1"]`.
minItems:
1maxItems:
16caCertificateRefs []object
CA certificate `ConfigMap` to use to
verify the server certificate.
If unset, the system's trusted certificates are used.
maxItems:
1
name
string
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
insecureSkipVerify
string
Originates TLS but skips verification of the backend's certificate.
WARNING: This is an insecure option that should only be used if the risks are understood.
There are two modes:
* `All` disables all TLS verification.
* `Hostname` verifies the CA certificate is trusted, but ignores any
mismatch of hostname or SANs. Note that this method is still insecure;
prefer setting `verifySubjectAltNames` to customize the valid hostnames
if possible.
enum:
All, Hostname
keyExchangeGroups
[]string
Ordered list of key exchange groups for a TLS connection.
For example: `X25519_MLKEM768,X25519`.
mtlsCertificateRef []object
Enables mutual TLS to the backend, using the
specified key (`tls.key`) and cert (`tls.crt`) from the referenced
credential source, defaulting to a Kubernetes `Secret`.
An optional `ca.cert` field, if present, will be used to verify the
server certificate. If `caCertificateRefs` is also specified, the
`caCertificateRefs` field takes priority.
If unspecified, no client certificate will be used.
maxItems:
1
group
string
The API group of the referenced credential.
Empty selects the core API group.
kind
string
The kind of the referenced credential.
Empty defaults to `Secret`.
name
string required
The name of the referenced credential.
minLength:
1maxLength:
253
sni
string
Server Name Indicator (`SNI`) to use in the TLS
handshake. If unset, the `SNI` is automatically set based on the
destination hostname.
pattern:
^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$minLength:
1maxLength:
253
verifySubjectAltNames
[]string
Subject Alternative Names (`SAN`)
to verify in the server certificate.
If not present, the destination hostname is automatically used.
minItems:
1maxItems:
16tunnel object
Settings for managing tunnel connections, with behavior like `HTTPS_PROXY`, to the backend.
backendRef object required
Proxy server to reach.
Supported types: `Service` and `Backend`.
group
string
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
pattern:
^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$maxLength:
253
kind
string
Kind is the Kubernetes resource kind of the referent. For example
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
pattern:
^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$minLength:
1maxLength:
63
name
string required
Name is the name of the referent.
minLength:
1maxLength:
253
namespace
string
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
pattern:
^[a-z0-9]([-a-z0-9]*[a-z0-9])?$minLength:
1maxLength:
63
port
integer
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
format:
int32minimum:
1maximum:
65535
projectId
string required
Google Cloud project ID.
minLength:
1maxLength:
256
templateId
string required
Template ID for Google Model Armor.
minLength:
1maxLength:
256openAIModeration object
Passes prompt data through the OpenAI Moderations
endpoint.
See https://developers.openai.com/api/reference/resources/moderations for more information.
model
string
Moderation model to use. For example,
`omni-moderation`.
policies object
Policies for communicating with OpenAI.
auth object
Settings for managing authentication to the backend.
aws object
Explicit AWS authentication method for the backend.
When omitted, default AWS SDK credential discovery is used.
assumeRole object
AWS STS AssumeRole settings to use before signing backend requests.
Ambient AWS credentials are used as the source credentials for STS.
roleArn
string required
AWS IAM role ARN to assume.
pattern:
^arn:aws[a-z-]*:iam::[0-9]{12}:role/.+$minLength:
1secretRef object
Credential source, defaulting to a Kubernetes
`Secret`, containing the AWS credentials. When using the default Secret
resolver, the `Secret` must have keys `accessKey`, `secretKey`, and
optionally `sessionToken`.
group
string
The API group of the referenced credential.
Empty selects the core API group.
kind
string
The kind of the referenced credential.
Empty defaults to `Secret`.
name
string required
The name of the referenced credential.
minLength:
1maxLength:
253
serviceName
string
AWS SigV4 signing service name, for example
`bedrock`, `bedrock-agentcore`, or `execute-api`). If unset, typed AWS
backends may provide this automatically.
minLength:
1maxLength:
256azure object
Azure authentication method for the backend.
managedIdentity object
Managed identity authentication settings.
clientId
string required
objectId
string required
resourceId
string required
secretRef object
Credential source, defaulting to a Kubernetes
`Secret`, containing the Azure credentials. When using the default Secret
resolver, the `Secret` must have keys `clientID`, `tenantID`, and
`clientSecret`.
group
string
The API group of the referenced credential.
Empty selects the core API group.
kind
string
The kind of the referenced credential.
Empty defaults to `Secret`.
name
string required
The name of the referenced credential.
minLength:
1maxLength:
253gcp object
Google authentication method for the backend.
When omitted, default Google credential discovery is used.
audience
string
Explicit `aud` value for the ID token. Only
valid with `IdToken` type. If not set, the `aud` is automatically
derived from the backend hostname.
minLength:
1maxLength:
256secretRef object
Credential source, defaulting to a Kubernetes
`Secret`, containing ADC-compatible Google credential JSON. When using
the default Secret resolver, this must be stored in the `credentials.json`
key. When omitted, ambient credentials are used.
group
string
The API group of the referenced credential.
Empty selects the core API group.
kind
string
The kind of the referenced credential.
Empty defaults to `Secret`.
name
string required
The name of the referenced credential.
minLength:
1maxLength:
253
type
string
The type of token to generate. To authenticate to GCP services,
generally an `AccessToken` is used. To authenticate to Cloud Run, an
`IdToken` is used.
enum:
AccessToken, IdToken
key
string
Inline key to use as the value of the
`Authorization` header. This option is the least secure; usage of a
`Secret` is preferred.
maxLength:
2048location object
Where backend credentials are inserted.
If omitted, credentials are written to the `Authorization` header with the `Bearer ` prefix.
This applies to `key`, `secretRef`, and `passthrough`.
cookie object
name
string required
minLength:
1maxLength:
256header object
name
string required
HTTPHeaderName is the name of an HTTP header.
Valid values include:
* "Authorization"
* "Set-Cookie"
Invalid values include:
- ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
pattern:
^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$minLength:
1maxLength:
256
prefix
string
minLength:
1maxLength:
256queryParameter object
name
string required
minLength:
1maxLength:
256
passthrough
object
Passes through an existing token that has been sent by the
client and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
secretRef object
Credential source, defaulting to a Kubernetes
`Secret`, storing the key to use as the authorization value. When using
the default Secret resolver, this must be stored in the `Authorization`
key.
group
string
The API group of the referenced credential.
Empty selects the core API group.
kind
string
The kind of the referenced credential.
Empty defaults to `Secret`.
name
string required
The name of the referenced credential.
minLength:
1maxLength:
253http object
Settings for managing HTTP requests to the backend.
requestTimeout
string
Deadline for receiving a response from the backend.
version
string
HTTP protocol version to use when connecting to
the backend.
If not specified, the version is automatically determined:
* `Service` types can specify it with `appProtocol` on the `Service`
port.
* If traffic is identified as gRPC, `HTTP2` is used.
* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS, `HTTP1` will be used. This is
because most clients will transparently upgrade HTTPS traffic to
`HTTP2`, even if the backend doesn't support it.
enum:
HTTP1, HTTP2tcp object
Settings for managing TCP connections to the backend.
connectTimeout
string
Deadline for establishing a connection to
the destination.
keepalive object
Settings for enabling TCP keepalives on the
connection.
interval
string
Time between keepalive probes.
If unset, this defaults to 180s.
retries
integer
Maximum number of keepalive probes to send before dropping the connection.
If unset, this defaults to 9.
format:
int32minimum:
1maximum:
64
time
string
Time a connection needs to be idle before keepalive probes start being sent.
If unset, this defaults to 180s.
tls object
Settings for managing TLS connections to the backend.
If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to
validate the server, and the SNI will automatically be set based on the destination.
alpnProtocols
[]string
Application-Layer Protocol Negotiation (`ALPN`)
value to use in the TLS handshake.
If not present, defaults to `["h2", "http/1.1"]`.
minItems:
1maxItems:
16caCertificateRefs []object
CA certificate `ConfigMap` to use to
verify the server certificate.
If unset, the system's trusted certificates are used.
maxItems:
1
name
string
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
insecureSkipVerify
string
Originates TLS but skips verification of the backend's certificate.
WARNING: This is an insecure option that should only be used if the risks are understood.
There are two modes:
* `All` disables all TLS verification.
* `Hostname` verifies the CA certificate is trusted, but ignores any
mismatch of hostname or SANs. Note that this method is still insecure;
prefer setting `verifySubjectAltNames` to customize the valid hostnames
if possible.
enum:
All, Hostname
keyExchangeGroups
[]string
Ordered list of key exchange groups for a TLS connection.
For example: `X25519_MLKEM768,X25519`.
mtlsCertificateRef []object
Enables mutual TLS to the backend, using the
specified key (`tls.key`) and cert (`tls.crt`) from the referenced
credential source, defaulting to a Kubernetes `Secret`.
An optional `ca.cert` field, if present, will be used to verify the
server certificate. If `caCertificateRefs` is also specified, the
`caCertificateRefs` field takes priority.
If unspecified, no client certificate will be used.
maxItems:
1
group
string
The API group of the referenced credential.
Empty selects the core API group.
kind
string
The kind of the referenced credential.
Empty defaults to `Secret`.
name
string required
The name of the referenced credential.
minLength:
1maxLength:
253
sni
string
Server Name Indicator (`SNI`) to use in the TLS
handshake. If unset, the `SNI` is automatically set based on the
destination hostname.
pattern:
^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$minLength:
1maxLength:
253
verifySubjectAltNames
[]string
Subject Alternative Names (`SAN`)
to verify in the server certificate.
If not present, the destination hostname is automatically used.
minItems:
1maxItems:
16tunnel object
Settings for managing tunnel connections, with behavior like `HTTPS_PROXY`, to the backend.
backendRef object required
Proxy server to reach.
Supported types: `Service` and `Backend`.
group
string
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
pattern:
^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$maxLength:
253
kind
string
Kind is the Kubernetes resource kind of the referent. For example
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
pattern:
^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$minLength:
1maxLength:
63
name
string required
Name is the name of the referent.
minLength:
1maxLength:
253
namespace
string
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
pattern:
^[a-z0-9]([-a-z0-9]*[a-z0-9])?$minLength:
1maxLength:
63
port
integer
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
format:
int32minimum:
1maximum:
65535regex object
Regular expression (regex) matching for prompt guards and data masking.
action
string
The action to take if a regex pattern is matched in a request or response.
This setting applies only to request matches. `PromptguardResponse`
matches are always masked by default.
Defaults to `Mask`.
enum:
Mask, Reject
builtins
[]string
Built-in regex patterns to match against the request or response.
Matches and built-ins are additive.
matches
[]string
Regex patterns to match against the request or response.
Matches and built-ins are additive.
response object
Custom response message to return to the client. If not specified, defaults to
`The request was rejected due to inappropriate content`.
message
string
Custom response message to return to the client. If not specified, defaults to
`The request was rejected due to inappropriate content`.
statusCode
integer
Status code to return to the client. Defaults to 403.
format:
int32minimum:
200maximum:
599webhook object
Webhook that receives requests for prompt guarding.
backendRef object required
Webhook server to reach.
Supported types: Service and Backend.
group
string
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
pattern:
^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$maxLength:
253
kind
string
Kind is the Kubernetes resource kind of the referent. For example
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
pattern:
^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$minLength:
1maxLength:
63
name
string required
Name is the name of the referent.
minLength:
1maxLength:
253
namespace
string
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
pattern:
^[a-z0-9]([-a-z0-9]*[a-z0-9])?$minLength:
1maxLength:
63
port
integer
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
format:
int32minimum:
1maximum:
65535
failureMode
string
Behavior when the webhook guardrail is unavailable
or returns an error. `FailOpen` allows the request to continue.
`FailClosed` (default) rejects the request.
enum:
FailClosed, FailOpenforwardHeaderMatches []object
HTTP header matches used to select the headers to forward to the webhook.
Request headers are used when forwarding requests and response headers
are used when forwarding responses.
By default, no headers are forwarded.
name
string required
Name is the name of the HTTP Header to be matched. Name matching MUST be
case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
If multiple entries specify equivalent header names, only the first
entry with an equivalent name MUST be considered for a match. Subsequent
entries with an equivalent header name MUST be ignored. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered
equivalent.
When a header is repeated in an HTTP request, it is
implementation-specific behavior as to how this is represented.
Generally, proxies should follow the guidance from the RFC:
https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding
processing a repeated header, with special handling for "Set-Cookie".
pattern:
^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$minLength:
1maxLength:
256
type
string
Type specifies how to match against the value of the header.
Support: Core (Exact)
Support: Implementation-specific (RegularExpression)
Since RegularExpression HeaderMatchType has implementation-specific
conformance, implementations can support POSIX, PCRE or any other dialects
of regular expressions. Please read the implementation's documentation to
determine the supported dialect.
enum:
Exact, RegularExpression
value
string required
Value is the value of HTTP Header to be matched.
<gateway:experimental:description>
Must consist of printable US-ASCII characters, optionally separated
by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2
</gateway:experimental:description>
<gateway:experimental:validation:Pattern=`^[!-~]+([\t ]?[!-~]+)*$`>
minLength:
1maxLength:
4096response []object
Prompt guards to apply to responses returned by the LLM provider.
minItems:
1maxItems:
8bedrockGuardrails object
AWS Bedrock Guardrails settings for prompt
guarding.
identifier
string required
Identifier of the Guardrail policy to use for the backend.
minLength:
1maxLength:
256policies object
Policies for communicating with AWS Bedrock Guardrails.
auth object
Settings for managing authentication to the backend.
aws object
Explicit AWS authentication method for the backend.
When omitted, default AWS SDK credential discovery is used.
assumeRole object
AWS STS AssumeRole settings to use before signing backend requests.
Ambient AWS credentials are used as the source credentials for STS.
roleArn
string required
AWS IAM role ARN to assume.
pattern:
^arn:aws[a-z-]*:iam::[0-9]{12}:role/.+$minLength:
1secretRef object
Credential source, defaulting to a Kubernetes
`Secret`, containing the AWS credentials. When using the default Secret
resolver, the `Secret` must have keys `accessKey`, `secretKey`, and
optionally `sessionToken`.
group
string
The API group of the referenced credential.
Empty selects the core API group.
kind
string
The kind of the referenced credential.
Empty defaults to `Secret`.
name
string required
The name of the referenced credential.
minLength:
1maxLength:
253
serviceName
string
AWS SigV4 signing service name, for example
`bedrock`, `bedrock-agentcore`, or `execute-api`). If unset, typed AWS
backends may provide this automatically.
minLength:
1maxLength:
256azure object
Azure authentication method for the backend.
managedIdentity object
Managed identity authentication settings.
clientId
string required
objectId
string required
resourceId
string required
secretRef object
Credential source, defaulting to a Kubernetes
`Secret`, containing the Azure credentials. When using the default Secret
resolver, the `Secret` must have keys `clientID`, `tenantID`, and
`clientSecret`.
group
string
The API group of the referenced credential.
Empty selects the core API group.
kind
string
The kind of the referenced credential.
Empty defaults to `Secret`.
name
string required
The name of the referenced credential.
minLength:
1maxLength:
253gcp object
Google authentication method for the backend.
When omitted, default Google credential discovery is used.
audience
string
Explicit `aud` value for the ID token. Only
valid with `IdToken` type. If not set, the `aud` is automatically
derived from the backend hostname.
minLength:
1maxLength:
256secretRef object
Credential source, defaulting to a Kubernetes
`Secret`, containing ADC-compatible Google credential JSON. When using
the default Secret resolver, this must be stored in the `credentials.json`
key. When omitted, ambient credentials are used.
group
string
The API group of the referenced credential.
Empty selects the core API group.
kind
string
The kind of the referenced credential.
Empty defaults to `Secret`.
name
string required
The name of the referenced credential.
minLength:
1maxLength:
253
type
string
The type of token to generate. To authenticate to GCP services,
generally an `AccessToken` is used. To authenticate to Cloud Run, an
`IdToken` is used.
enum:
AccessToken, IdToken
key
string
Inline key to use as the value of the
`Authorization` header. This option is the least secure; usage of a
`Secret` is preferred.
maxLength:
2048location object
Where backend credentials are inserted.
If omitted, credentials are written to the `Authorization` header with the `Bearer ` prefix.
This applies to `key`, `secretRef`, and `passthrough`.
cookie object
name
string required
minLength:
1maxLength:
256header object
name
string required
HTTPHeaderName is the name of an HTTP header.
Valid values include:
* "Authorization"
* "Set-Cookie"
Invalid values include:
- ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
pattern:
^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$minLength:
1maxLength:
256
prefix
string
minLength:
1maxLength:
256queryParameter object
name
string required
minLength:
1maxLength:
256
passthrough
object
Passes through an existing token that has been sent by the
client and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
secretRef object
Credential source, defaulting to a Kubernetes
`Secret`, storing the key to use as the authorization value. When using
the default Secret resolver, this must be stored in the `Authorization`
key.
group
string
The API group of the referenced credential.
Empty selects the core API group.
kind
string
The kind of the referenced credential.
Empty defaults to `Secret`.
name
string required
The name of the referenced credential.
minLength:
1maxLength:
253http object
Settings for managing HTTP requests to the backend.
requestTimeout
string
Deadline for receiving a response from the backend.
version
string
HTTP protocol version to use when connecting to
the backend.
If not specified, the version is automatically determined:
* `Service` types can specify it with `appProtocol` on the `Service`
port.
* If traffic is identified as gRPC, `HTTP2` is used.
* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS, `HTTP1` will be used. This is
because most clients will transparently upgrade HTTPS traffic to
`HTTP2`, even if the backend doesn't support it.
enum:
HTTP1, HTTP2tcp object
Settings for managing TCP connections to the backend.
connectTimeout
string
Deadline for establishing a connection to
the destination.
keepalive object
Settings for enabling TCP keepalives on the
connection.
interval
string
Time between keepalive probes.
If unset, this defaults to 180s.
retries
integer
Maximum number of keepalive probes to send before dropping the connection.
If unset, this defaults to 9.
format:
int32minimum:
1maximum:
64
time
string
Time a connection needs to be idle before keepalive probes start being sent.
If unset, this defaults to 180s.
tls object
Settings for managing TLS connections to the backend.
If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to
validate the server, and the SNI will automatically be set based on the destination.
alpnProtocols
[]string
Application-Layer Protocol Negotiation (`ALPN`)
value to use in the TLS handshake.
If not present, defaults to `["h2", "http/1.1"]`.
minItems:
1maxItems:
16caCertificateRefs []object
CA certificate `ConfigMap` to use to
verify the server certificate.
If unset, the system's trusted certificates are used.
maxItems:
1
name
string
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
insecureSkipVerify
string
Originates TLS but skips verification of the backend's certificate.
WARNING: This is an insecure option that should only be used if the risks are understood.
There are two modes:
* `All` disables all TLS verification.
* `Hostname` verifies the CA certificate is trusted, but ignores any
mismatch of hostname or SANs. Note that this method is still insecure;
prefer setting `verifySubjectAltNames` to customize the valid hostnames
if possible.
enum:
All, Hostname
keyExchangeGroups
[]string
Ordered list of key exchange groups for a TLS connection.
For example: `X25519_MLKEM768,X25519`.
mtlsCertificateRef []object
Enables mutual TLS to the backend, using the
specified key (`tls.key`) and cert (`tls.crt`) from the referenced
credential source, defaulting to a Kubernetes `Secret`.
An optional `ca.cert` field, if present, will be used to verify the
server certificate. If `caCertificateRefs` is also specified, the
`caCertificateRefs` field takes priority.
If unspecified, no client certificate will be used.
maxItems:
1
group
string
The API group of the referenced credential.
Empty selects the core API group.
kind
string
The kind of the referenced credential.
Empty defaults to `Secret`.
name
string required
The name of the referenced credential.
minLength:
1maxLength:
253
sni
string
Server Name Indicator (`SNI`) to use in the TLS
handshake. If unset, the `SNI` is automatically set based on the
destination hostname.
pattern:
^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$minLength:
1maxLength:
253
verifySubjectAltNames
[]string
Subject Alternative Names (`SAN`)
to verify in the server certificate.
If not present, the destination hostname is automatically used.
minItems:
1maxItems:
16tunnel object
Settings for managing tunnel connections, with behavior like `HTTPS_PROXY`, to the backend.
backendRef object required
Proxy server to reach.
Supported types: `Service` and `Backend`.
group
string
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
pattern:
^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$maxLength:
253
kind
string
Kind is the Kubernetes resource kind of the referent. For example
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
pattern:
^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$minLength:
1maxLength:
63
name
string required
Name is the name of the referent.
minLength:
1maxLength:
253
namespace
string
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
pattern:
^[a-z0-9]([-a-z0-9]*[a-z0-9])?$minLength:
1maxLength:
63
port
integer
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
format:
int32minimum:
1maximum:
65535
region
string required
AWS region where the guardrail is deployed, for example
`us-west-2`).
minLength:
1maxLength:
256
version
string required
Version of the Guardrail policy to use for the backend.
minLength:
1maxLength:
256googleModelArmor object
Google Model Armor settings for prompt guarding.
location
string
Google Cloud location, for example `us-central1`.
Defaults to `us-central1` if not specified.
minLength:
1maxLength:
256policies object
Policies for communicating with Google Model Armor.
auth object
Settings for managing authentication to the backend.
aws object
Explicit AWS authentication method for the backend.
When omitted, default AWS SDK credential discovery is used.
assumeRole object
AWS STS AssumeRole settings to use before signing backend requests.
Ambient AWS credentials are used as the source credentials for STS.
roleArn
string required
AWS IAM role ARN to assume.
pattern:
^arn:aws[a-z-]*:iam::[0-9]{12}:role/.+$minLength:
1secretRef object
Credential source, defaulting to a Kubernetes
`Secret`, containing the AWS credentials. When using the default Secret
resolver, the `Secret` must have keys `accessKey`, `secretKey`, and
optionally `sessionToken`.
group
string
The API group of the referenced credential.
Empty selects the core API group.
kind
string
The kind of the referenced credential.
Empty defaults to `Secret`.
name
string required
The name of the referenced credential.
minLength:
1maxLength:
253
serviceName
string
AWS SigV4 signing service name, for example
`bedrock`, `bedrock-agentcore`, or `execute-api`). If unset, typed AWS
backends may provide this automatically.
minLength:
1maxLength:
256azure object
Azure authentication method for the backend.
managedIdentity object
Managed identity authentication settings.
clientId
string required
objectId
string required
resourceId
string required
secretRef object
Credential source, defaulting to a Kubernetes
`Secret`, containing the Azure credentials. When using the default Secret
resolver, the `Secret` must have keys `clientID`, `tenantID`, and
`clientSecret`.
group
string
The API group of the referenced credential.
Empty selects the core API group.
kind
string
The kind of the referenced credential.
Empty defaults to `Secret`.
name
string required
The name of the referenced credential.
minLength:
1maxLength:
253gcp object
Google authentication method for the backend.
When omitted, default Google credential discovery is used.
audience
string
Explicit `aud` value for the ID token. Only
valid with `IdToken` type. If not set, the `aud` is automatically
derived from the backend hostname.
minLength:
1maxLength:
256secretRef object
Credential source, defaulting to a Kubernetes
`Secret`, containing ADC-compatible Google credential JSON. When using
the default Secret resolver, this must be stored in the `credentials.json`
key. When omitted, ambient credentials are used.
group
string
The API group of the referenced credential.
Empty selects the core API group.
kind
string
The kind of the referenced credential.
Empty defaults to `Secret`.
name
string required
The name of the referenced credential.
minLength:
1maxLength:
253
type
string
The type of token to generate. To authenticate to GCP services,
generally an `AccessToken` is used. To authenticate to Cloud Run, an
`IdToken` is used.
enum:
AccessToken, IdToken
key
string
Inline key to use as the value of the
`Authorization` header. This option is the least secure; usage of a
`Secret` is preferred.
maxLength:
2048location object
Where backend credentials are inserted.
If omitted, credentials are written to the `Authorization` header with the `Bearer ` prefix.
This applies to `key`, `secretRef`, and `passthrough`.
cookie object
name
string required
minLength:
1maxLength:
256header object
name
string required
HTTPHeaderName is the name of an HTTP header.
Valid values include:
* "Authorization"
* "Set-Cookie"
Invalid values include:
- ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
pattern:
^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$minLength:
1maxLength:
256
prefix
string
minLength:
1maxLength:
256queryParameter object
name
string required
minLength:
1maxLength:
256
passthrough
object
Passes through an existing token that has been sent by the
client and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
secretRef object
Credential source, defaulting to a Kubernetes
`Secret`, storing the key to use as the authorization value. When using
the default Secret resolver, this must be stored in the `Authorization`
key.
group
string
The API group of the referenced credential.
Empty selects the core API group.
kind
string
The kind of the referenced credential.
Empty defaults to `Secret`.
name
string required
The name of the referenced credential.
minLength:
1maxLength:
253http object
Settings for managing HTTP requests to the backend.
requestTimeout
string
Deadline for receiving a response from the backend.
version
string
HTTP protocol version to use when connecting to
the backend.
If not specified, the version is automatically determined:
* `Service` types can specify it with `appProtocol` on the `Service`
port.
* If traffic is identified as gRPC, `HTTP2` is used.
* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS, `HTTP1` will be used. This is
because most clients will transparently upgrade HTTPS traffic to
`HTTP2`, even if the backend doesn't support it.
enum:
HTTP1, HTTP2tcp object
Settings for managing TCP connections to the backend.
connectTimeout
string
Deadline for establishing a connection to
the destination.
keepalive object
Settings for enabling TCP keepalives on the
connection.
interval
string
Time between keepalive probes.
If unset, this defaults to 180s.
retries
integer
Maximum number of keepalive probes to send before dropping the connection.
If unset, this defaults to 9.
format:
int32minimum:
1maximum:
64
time
string
Time a connection needs to be idle before keepalive probes start being sent.
If unset, this defaults to 180s.
tls object
Settings for managing TLS connections to the backend.
If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to
validate the server, and the SNI will automatically be set based on the destination.
alpnProtocols
[]string
Application-Layer Protocol Negotiation (`ALPN`)
value to use in the TLS handshake.
If not present, defaults to `["h2", "http/1.1"]`.
minItems:
1maxItems:
16caCertificateRefs []object
CA certificate `ConfigMap` to use to
verify the server certificate.
If unset, the system's trusted certificates are used.
maxItems:
1
name
string
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
insecureSkipVerify
string
Originates TLS but skips verification of the backend's certificate.
WARNING: This is an insecure option that should only be used if the risks are understood.
There are two modes:
* `All` disables all TLS verification.
* `Hostname` verifies the CA certificate is trusted, but ignores any
mismatch of hostname or SANs. Note that this method is still insecure;
prefer setting `verifySubjectAltNames` to customize the valid hostnames
if possible.
enum:
All, Hostname
keyExchangeGroups
[]string
Ordered list of key exchange groups for a TLS connection.
For example: `X25519_MLKEM768,X25519`.
mtlsCertificateRef []object
Enables mutual TLS to the backend, using the
specified key (`tls.key`) and cert (`tls.crt`) from the referenced
credential source, defaulting to a Kubernetes `Secret`.
An optional `ca.cert` field, if present, will be used to verify the
server certificate. If `caCertificateRefs` is also specified, the
`caCertificateRefs` field takes priority.
If unspecified, no client certificate will be used.
maxItems:
1
group
string
The API group of the referenced credential.
Empty selects the core API group.
kind
string
The kind of the referenced credential.
Empty defaults to `Secret`.
name
string required
The name of the referenced credential.
minLength:
1maxLength:
253
sni
string
Server Name Indicator (`SNI`) to use in the TLS
handshake. If unset, the `SNI` is automatically set based on the
destination hostname.
pattern:
^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$minLength:
1maxLength:
253
verifySubjectAltNames
[]string
Subject Alternative Names (`SAN`)
to verify in the server certificate.
If not present, the destination hostname is automatically used.
minItems:
1maxItems:
16tunnel object
Settings for managing tunnel connections, with behavior like `HTTPS_PROXY`, to the backend.
backendRef object required
Proxy server to reach.
Supported types: `Service` and `Backend`.
group
string
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
pattern:
^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$maxLength:
253
kind
string
Kind is the Kubernetes resource kind of the referent. For example
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
pattern:
^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$minLength:
1maxLength:
63
name
string required
Name is the name of the referent.
minLength:
1maxLength:
253
namespace
string
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
pattern:
^[a-z0-9]([-a-z0-9]*[a-z0-9])?$minLength:
1maxLength:
63
port
integer
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
format:
int32minimum:
1maximum:
65535
projectId
string required
Google Cloud project ID.
minLength:
1maxLength:
256
templateId
string required
Template ID for Google Model Armor.
minLength:
1maxLength:
256regex object
Regular expression (regex) matching for prompt guards and data masking.
action
string
The action to take if a regex pattern is matched in a request or response.
This setting applies only to request matches. `PromptguardResponse`
matches are always masked by default.
Defaults to `Mask`.
enum:
Mask, Reject
builtins
[]string
Built-in regex patterns to match against the request or response.
Matches and built-ins are additive.
matches
[]string
Regex patterns to match against the request or response.
Matches and built-ins are additive.
response object
Custom response message to return to the client. If not specified, defaults to
`The response was rejected due to inappropriate content`.
message
string
Custom response message to return to the client. If not specified, defaults to
`The request was rejected due to inappropriate content`.
statusCode
integer
Status code to return to the client. Defaults to 403.
format:
int32minimum:
200maximum:
599webhook object
Webhook that receives responses for prompt guarding.
backendRef object required
Webhook server to reach.
Supported types: Service and Backend.
group
string
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
pattern:
^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$maxLength:
253
kind
string
Kind is the Kubernetes resource kind of the referent. For example
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
pattern:
^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$minLength:
1maxLength:
63
name
string required
Name is the name of the referent.
minLength:
1maxLength:
253
namespace
string
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
pattern:
^[a-z0-9]([-a-z0-9]*[a-z0-9])?$minLength:
1maxLength:
63
port
integer
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
format:
int32minimum:
1maximum:
65535
failureMode
string
Behavior when the webhook guardrail is unavailable
or returns an error. `FailOpen` allows the request to continue.
`FailClosed` (default) rejects the request.
enum:
FailClosed, FailOpenforwardHeaderMatches []object
HTTP header matches used to select the headers to forward to the webhook.
Request headers are used when forwarding requests and response headers
are used when forwarding responses.
By default, no headers are forwarded.
name
string required
Name is the name of the HTTP Header to be matched. Name matching MUST be
case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
If multiple entries specify equivalent header names, only the first
entry with an equivalent name MUST be considered for a match. Subsequent
entries with an equivalent header name MUST be ignored. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered
equivalent.
When a header is repeated in an HTTP request, it is
implementation-specific behavior as to how this is represented.
Generally, proxies should follow the guidance from the RFC:
https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding
processing a repeated header, with special handling for "Set-Cookie".
pattern:
^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$minLength:
1maxLength:
256
type
string
Type specifies how to match against the value of the header.
Support: Core (Exact)
Support: Implementation-specific (RegularExpression)
Since RegularExpression HeaderMatchType has implementation-specific
conformance, implementations can support POSIX, PCRE or any other dialects
of regular expressions. Please read the implementation's documentation to
determine the supported dialect.
enum:
Exact, RegularExpression
value
string required
Value is the value of HTTP Header to be matched.
<gateway:experimental:description>
Must consist of printable US-ASCII characters, optionally separated
by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2
</gateway:experimental:description>
<gateway:experimental:validation:Pattern=`^[!-~]+([\t ]?[!-~]+)*$`>
minLength:
1maxLength:
4096
streaming
string
Apply prompt guards to streaming responses and realtime websocket messages.
Defaults to disabled to preserve streaming throughput unless explicitly enabled.
enum:
Enabled
routes
object
Rules for identifying the type of traffic to handle.
The keys are URL path suffixes matched using ends-with comparison, for
example `"/v1/chat/completions"`.
The special `*` wildcard matches any path.
If not specified, all traffic defaults to `completions` type.
transformations []object
CEL transformations to compute and set fields in the request body.
The expression result overwrites any existing value for that field.
This has a higher priority than `overrides` if both are set for the same
key.
minItems:
1maxItems:
64
expression
string required
CEL expression used to compute the field value.
minLength:
1maxLength:
16384
field
string required
Name of the field to set.
maxLength:
256auth object
Settings for managing authentication to the backend.
aws object
Explicit AWS authentication method for the backend.
When omitted, default AWS SDK credential discovery is used.
assumeRole object
AWS STS AssumeRole settings to use before signing backend requests.
Ambient AWS credentials are used as the source credentials for STS.
roleArn
string required
AWS IAM role ARN to assume.
pattern:
^arn:aws[a-z-]*:iam::[0-9]{12}:role/.+$minLength:
1secretRef object
Credential source, defaulting to a Kubernetes
`Secret`, containing the AWS credentials. When using the default Secret
resolver, the `Secret` must have keys `accessKey`, `secretKey`, and
optionally `sessionToken`.
group
string
The API group of the referenced credential.
Empty selects the core API group.
kind
string
The kind of the referenced credential.
Empty defaults to `Secret`.
name
string required
The name of the referenced credential.
minLength:
1maxLength:
253
serviceName
string
AWS SigV4 signing service name, for example
`bedrock`, `bedrock-agentcore`, or `execute-api`). If unset, typed AWS
backends may provide this automatically.
minLength:
1maxLength:
256azure object
Azure authentication method for the backend.
managedIdentity object
Managed identity authentication settings.
clientId
string required
objectId
string required
resourceId
string required
secretRef object
Credential source, defaulting to a Kubernetes
`Secret`, containing the Azure credentials. When using the default Secret
resolver, the `Secret` must have keys `clientID`, `tenantID`, and
`clientSecret`.
group
string
The API group of the referenced credential.
Empty selects the core API group.
kind
string
The kind of the referenced credential.
Empty defaults to `Secret`.
name
string required
The name of the referenced credential.
minLength:
1maxLength:
253gcp object
Google authentication method for the backend.
When omitted, default Google credential discovery is used.
audience
string
Explicit `aud` value for the ID token. Only
valid with `IdToken` type. If not set, the `aud` is automatically
derived from the backend hostname.
minLength:
1maxLength:
256secretRef object
Credential source, defaulting to a Kubernetes
`Secret`, containing ADC-compatible Google credential JSON. When using
the default Secret resolver, this must be stored in the `credentials.json`
key. When omitted, ambient credentials are used.
group
string
The API group of the referenced credential.
Empty selects the core API group.
kind
string
The kind of the referenced credential.
Empty defaults to `Secret`.
name
string required
The name of the referenced credential.
minLength:
1maxLength:
253
type
string
The type of token to generate. To authenticate to GCP services,
generally an `AccessToken` is used. To authenticate to Cloud Run, an
`IdToken` is used.
enum:
AccessToken, IdToken
key
string
Inline key to use as the value of the
`Authorization` header. This option is the least secure; usage of a
`Secret` is preferred.
maxLength:
2048location object
Where backend credentials are inserted.
If omitted, credentials are written to the `Authorization` header with the `Bearer ` prefix.
This applies to `key`, `secretRef`, and `passthrough`.
cookie object
name
string required
minLength:
1maxLength:
256header object
name
string required
HTTPHeaderName is the name of an HTTP header.
Valid values include:
* "Authorization"
* "Set-Cookie"
Invalid values include:
- ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
pattern:
^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$minLength:
1maxLength:
256
prefix
string
minLength:
1maxLength:
256queryParameter object
name
string required
minLength:
1maxLength:
256
passthrough
object
Passes through an existing token that has been sent by the
client and validated. Other policies, like JWT and API key
authentication, will strip the original client credentials. Passthrough backend authentication
causes the original token to be added back into the request. If there are no client authentication policies on the
request, the original token would be unchanged, so this would have no effect.
secretRef object
Credential source, defaulting to a Kubernetes
`Secret`, storing the key to use as the authorization value. When using
the default Secret resolver, this must be stored in the `Authorization`
key.
group
string
The API group of the referenced credential.
Empty selects the core API group.
kind
string
The kind of the referenced credential.
Empty defaults to `Secret`.
name
string required
The name of the referenced credential.
minLength:
1maxLength:
253extAuth object
External authentication configuration for requests
sent to this backend.
backendRef object
External Authorization server to reach.
Supported types: `Service` and `Backend`.
group
string
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
pattern:
^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$maxLength:
253
kind
string
Kind is the Kubernetes resource kind of the referent. For example
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
pattern:
^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$minLength:
1maxLength:
63
name
string required
Name is the name of the referent.
minLength:
1maxLength:
253
namespace
string
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
pattern:
^[a-z0-9]([-a-z0-9]*[a-z0-9])?$minLength:
1maxLength:
63
port
integer
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
format:
int32minimum:
1maximum:
65535cache object
Caches gRPC authorization results.
WARNING: the safety of this feature depends on the cache key accurately
capturing every request property that the authorization service uses to
make a decision. For example, if the service returns different results
based on both path and authorization header, both must be included in
`key`; otherwise, one request may incorrectly reuse another request's
authorization result.
If any key expression fails to evaluate or produces an unsupported value,
the request is still sent to the authorization service, but its result is
not read from or written to the cache.
key
[]string required
Ordered list of CEL expressions evaluated against the request
to construct the cache key.
minItems:
1maxItems:
16
maxEntries
integer
Maximum number of authorization results to keep in
the cache. If unset, this defaults to 10000.
format:
int32minimum:
1
ttl
string required
Duration string, such as `5m`, or a CEL expression that
returns the duration that cached authorization results may be reused, or a
timestamp when the cached authorization result expires. The expression is
evaluated after the authorization response has been applied to the request.
minLength:
1maxLength:
16384
failureMode
string
Behavior when the external authorization service is
unavailable or returns an error. "FailOpen" allows the request to continue.
"FailClosed" (default) denies the request.
enum:
FailClosed, FailOpenforwardBody object
Whether to include the HTTP body in the authorization request.
If enabled, the request body will be buffered.
maxSize
string | integer required
Largest body, in bytes, that will be buffered
and sent to the authorization server. If the body size is larger than
`maxSize`, then the request will be rejected with a response.
string pattern:
^[+-]?([0-9]+(\.[0-9]*)?|\.[0-9]+)(([KMGTPE]i)|[numkMGTPE]|[eE](\+?0*([0-9]|1[0-8])|-0*[0-9]))?$string minLength:
1string maxLength:
32grpc object
Uses the gRPC External Authorization
[protocol](https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/auth/v3/external_auth.proto) should be used.
contextExtensions
object
Additional arbitrary key-value pairs to
send to the authorization server in the `context_extensions` field.
requestMetadata
object
Metadata to send to the authorization
server. This maps to the `metadata_context.filter_metadata` field of the
request, and allows dynamic CEL expressions. If unset, by default the
`envoy.filters.http.jwt_authn` key is set if the JWT policy is used as
well, for compatibility.
http object
Uses HTTP to connect to
the authorization server. The authorization server must return a `200`
status code, otherwise the request is considered an authorization
failure.
addRequestHeaders
object
Additional headers to add to the
request to the authorization server. While `allowedRequestHeaders` just
passes the original headers through, `addRequestHeaders` allows defining
custom headers based on CEL expressions.
allowedRequestHeaders
[]string
Additional headers from the client request that
will be sent to the authorization server.
If unset, the following headers are sent by default: `Authorization`.
maxItems:
64
allowedResponseHeaders
[]string
Headers from the authorization response that
will be copied into the request to the backend.
maxItems:
64
path
string
Path to send to the authorization server. If
unset, this defaults to the original request path.
This is a CEL expression, which allows customizing the path based on the
incoming request. For example, to add a prefix, use
`"/prefix/" + request.path`.
minLength:
1maxLength:
16384
redirect
string
Optional expression that determines a path to
redirect to on authorization failure. This is useful to redirect to a
sign-in page.
minLength:
1maxLength:
16384
responseMetadata
object
Metadata fields to construct
from the authorization response. These will be included under the
`extauthz` variable in future CEL expressions. Setting this is useful
for things like logging usernames, without needing to include them as
headers to the backend, as `allowedResponseHeaders` would.
health object
Settings for passive and active health checking.
eviction object
Settings for evicting unhealthy backends.
consecutiveFailures
integer
Number of consecutive unhealthy responses required before the backend is evicted.
For example, a value of 5 means the backend must receive 5 unhealthy responses in a row before being evicted.
When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met.
When neither is set, a single unhealthy response can trigger eviction.
format:
int32minimum:
0
duration
string
Base time a backend should be evicted after being marked unhealthy.
Subsequent evictions use multiplicative backoff (duration * times_evicted).
If all endpoints are evicted, the load balancer falls back to returning evicted endpoints
rather than failing entirely.
If unset, defaults to `3s`.
healthThreshold
integer
EWMA health score threshold, expressed as 0 to 100.
When set, a backend is only evicted if its computed health drops below this value after an unhealthy response.
For example, 50 means the backend is evicted when its EWMA health falls below 50% following failures.
Unlike consecutiveFailures (which counts consecutive failures), this uses a sliding-window average
so a single success in a stream of failures can delay eviction.
When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met.
When neither is set, a single unhealthy response triggers eviction.
format:
int32minimum:
0maximum:
100
restoreHealth
integer
Health score from 0 to 100 assigned to a backend when it returns from eviction.
For gradual recovery, set below 100; for full recovery immediately, set 100.
If unset, the backend resumes with the health it had when evicted.
format:
int32minimum:
0maximum:
100
unhealthyCondition
string
CEL expression that determines whether a response indicates an unhealthy backend.
When the expression evaluates to true, the backend is considered unhealthy and may be evicted.
For example, to evict on 5xx responses: `response.code >= 500`.
When unset, any 5xx response, or a connection failure, is treated as unhealthy.
This default lowers the backend's health score but does not trigger eviction on its own.
minLength:
1maxLength:
16384http object
Settings for managing HTTP requests to the backend.
requestTimeout
string
Deadline for receiving a response from the backend.
version
string
HTTP protocol version to use when connecting to
the backend.
If not specified, the version is automatically determined:
* `Service` types can specify it with `appProtocol` on the `Service`
port.
* If traffic is identified as gRPC, `HTTP2` is used.
* If the incoming traffic was plaintext HTTP, the original protocol will
be used.
* If the incoming traffic was HTTPS, `HTTP1` will be used. This is
because most clients will transparently upgrade HTTPS traffic to
`HTTP2`, even if the backend doesn't support it.
enum:
HTTP1, HTTP2mcp object
Settings for MCP workloads. This is only applicable when
connecting to a `Backend` of type `mcp`.
authentication object
MCP backend-specific authentication rules.
This field is deprecated; prefer to use traffic policy `jwtAuthentication.mcp`, which ensures authentication runs before
other policies such as transformation and rate limiting.
audiences
[]string
Allowed audiences that are allowed
access. This corresponds to the `aud` claim
([RFC 7519 §4.1.3](https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.3)).
If unset, any audience is allowed.
minItems:
1maxItems:
64
clientId
string
Client ID to use for short-circuiting Dynamic Client Registration.
If set, the gateway will not proxy registration requests to the IDP and instead return this client ID.
issuer
string
IdP that issued the JWT. This corresponds to the
`iss` claim ([RFC 7519 §4.1.1](https://tools.ietf.org/html/rfc7519#section-4.1.1)).
minLength:
1maxLength:
256jwks object required
Remote JSON Web Key used to validate the signature of
the JWT.
backendRef object required
Remote JWKS server to reach.
Supported types are `Service` and static `Backend`. An
`AgentgatewayPolicy` containing backend TLS config can then be attached
to the `Service` or `Backend` in order to set TLS options for a
connection to the remote `jwks` source.
group
string
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
pattern:
^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$maxLength:
253
kind
string
Kind is the Kubernetes resource kind of the referent. For example
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
pattern:
^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$minLength:
1maxLength:
63
name
string required
Name is the name of the referent.
minLength:
1maxLength:
253
namespace
string
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
pattern:
^[a-z0-9]([-a-z0-9]*[a-z0-9])?$minLength:
1maxLength:
63
port
integer
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
format:
int32minimum:
1maximum:
65535
cacheDuration
string
jwksPath
string required
Path to the IdP `jwks` endpoint, relative to the root, commonly
`".well-known/jwks.json"`.
minLength:
1maxLength:
2000
mode
string
Validation mode for JWT authentication.
enum:
Optional, Permissive, Strict
provider
string
Identity provider to use for authentication.
enum:
Auth0, Keycloak, Okta
resourceMetadata
object
Metadata to use for MCP resources.
authorization object
MCP backend authorization. Unlike authorization at the HTTP level, which rejects
unauthorized requests with a `403` error, this policy works at the
`MCPBackend` level.
List operations, such as `list_tools`, will have each item evaluated.
Items that do not meet the rule will be filtered.
Get or call operations, such as `call_tool`, will evaluate the specific
item and reject requests that do not meet the rule.
action
string
The effect of this rule when it matches.
If unspecified, defaults to `Allow`.
`Require` rules are cumulative: all require rules must match.
enum:
Allow, Deny, Requirepolicy object required
The authorization rule to evaluate.
* `Allow`: any matching allow rule allows the request.
* `Require`: every require rule must match for the request to be allowed.
* `Deny`: any matching deny rule denies the request.
A CEL expression that fails to evaluate does not match. Prefer `Require`
for deny-by-default behavior.
If at least one `Allow` rule is configured, requests are denied unless at
least one allow rule matches.
matchExpressions
[]string required
CEL expressions that must all evaluate to true for the rule to match.
minItems:
1maxItems:
256guardrails object
`guardrails` routes selected JSON-RPC methods through a remote policy server.
processors []object required
`processors` is the ordered list of policy processors applied to matched
methods. Processors run in the order listed; the first to reject a request
short-circuits the chain.
minItems:
1maxItems:
16
methods
object required
`methods` is the allowlist of JSON-RPC methods (e.g. `tools/call`,
`tools/list`) routed through this processor, keyed by method name with the
phase it runs in. Keys may be exact, a prefix wildcard (`tools/*`), a suffix
wildcard (`*/list`), or `*` for all methods; the most specific match wins.
Methods matching no key, including unknown ones, bypass this processor.
remote object
`remote` configures a gRPC policy server.
allowedRequestHeaders
[]string
`allowedRequestHeaders` lists the incoming request headers forwarded to
the policy server in `McpRequest.headers`. If empty, all headers and
pseudo-headers (`:authority`, `:method`, ...) are forwarded. Matching is
case-insensitive.
maxItems:
64backendRef object required
`backendRef` references the remote guardrails policy server.
Supported types: `Service` and `Backend`.
group
string
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
pattern:
^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$maxLength:
253
kind
string
Kind is the Kubernetes resource kind of the referent. For example
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
pattern:
^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$minLength:
1maxLength:
63
name
string required
Name is the name of the referent.
minLength:
1maxLength:
253
namespace
string
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
pattern:
^[a-z0-9]([-a-z0-9]*[a-z0-9])?$minLength:
1maxLength:
63
port
integer
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
format:
int32minimum:
1maximum:
65535
disallowedRequestHeaders
[]string
`disallowedRequestHeaders` lists header names never forwarded to the
policy server, even if listed in `allowedRequestHeaders`. Matching is
case-insensitive.
maxItems:
64
failureMode
string
`failureMode` controls behavior when the policy server is unreachable
or returns an error. `FailOpen` allows the request; `FailClosed`
(default) denies it.
enum:
FailClosed, FailOpen
metadata
object
`metadata` is static or CEL-evaluated context surfaced to the policy
server as fields of the `metadata_context` google.protobuf.Struct,
keyed by config key. Values are CEL expressions.
tcp object
Settings for managing TCP connections to the backend.
connectTimeout
string
Deadline for establishing a connection to
the destination.
keepalive object
Settings for enabling TCP keepalives on the
connection.
interval
string
Time between keepalive probes.
If unset, this defaults to 180s.
retries
integer
Maximum number of keepalive probes to send before dropping the connection.
If unset, this defaults to 9.
format:
int32minimum:
1maximum:
64
time
string
Time a connection needs to be idle before keepalive probes start being sent.
If unset, this defaults to 180s.
tls object
Settings for managing TLS connections to the backend.
If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to
validate the server, and the SNI will automatically be set based on the destination.
alpnProtocols
[]string
Application-Layer Protocol Negotiation (`ALPN`)
value to use in the TLS handshake.
If not present, defaults to `["h2", "http/1.1"]`.
minItems:
1maxItems:
16caCertificateRefs []object
CA certificate `ConfigMap` to use to
verify the server certificate.
If unset, the system's trusted certificates are used.
maxItems:
1
name
string
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
insecureSkipVerify
string
Originates TLS but skips verification of the backend's certificate.
WARNING: This is an insecure option that should only be used if the risks are understood.
There are two modes:
* `All` disables all TLS verification.
* `Hostname` verifies the CA certificate is trusted, but ignores any
mismatch of hostname or SANs. Note that this method is still insecure;
prefer setting `verifySubjectAltNames` to customize the valid hostnames
if possible.
enum:
All, Hostname
keyExchangeGroups
[]string
Ordered list of key exchange groups for a TLS connection.
For example: `X25519_MLKEM768,X25519`.
mtlsCertificateRef []object
Enables mutual TLS to the backend, using the
specified key (`tls.key`) and cert (`tls.crt`) from the referenced
credential source, defaulting to a Kubernetes `Secret`.
An optional `ca.cert` field, if present, will be used to verify the
server certificate. If `caCertificateRefs` is also specified, the
`caCertificateRefs` field takes priority.
If unspecified, no client certificate will be used.
maxItems:
1
group
string
The API group of the referenced credential.
Empty selects the core API group.
kind
string
The kind of the referenced credential.
Empty defaults to `Secret`.
name
string required
The name of the referenced credential.
minLength:
1maxLength:
253
sni
string
Server Name Indicator (`SNI`) to use in the TLS
handshake. If unset, the `SNI` is automatically set based on the
destination hostname.
pattern:
^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$minLength:
1maxLength:
253
verifySubjectAltNames
[]string
Subject Alternative Names (`SAN`)
to verify in the server certificate.
If not present, the destination hostname is automatically used.
minItems:
1maxItems:
16transformation object
Mutates and transforms requests and responses sent to and from the backend.
request object
Request transformation settings.
add []object
Headers to add to the request and what each value
should be set to. If there is already a header with these values then
append the value as an extra entry.
minItems:
1maxItems:
16
name
string required
The name of the header to add.
pattern:
^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$minLength:
1maxLength:
256
value
string required
CEL expression that generates the output value for
the header.
minLength:
1maxLength:
16384
body
string
HTTP body transformation.
minLength:
1maxLength:
16384
metadata
object
Stores CEL-evaluated values under the `metadata` CEL variable
for subsequent policy evaluations. `metadata` is evaluated before header
or body transformations.
remove
[]string
Header names to remove from the request or
response.
minItems:
1maxItems:
16set []object
Headers to set and the values to use.
minItems:
1maxItems:
16
name
string required
The name of the header to add.
pattern:
^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$minLength:
1maxLength:
256
value
string required
CEL expression that generates the output value for
the header.
minLength:
1maxLength:
16384response object
Response transformation settings.
add []object
Headers to add to the request and what each value
should be set to. If there is already a header with these values then
append the value as an extra entry.
minItems:
1maxItems:
16
name
string required
The name of the header to add.
pattern:
^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$minLength:
1maxLength:
256
value
string required
CEL expression that generates the output value for
the header.
minLength:
1maxLength:
16384
body
string
HTTP body transformation.
minLength:
1maxLength:
16384
metadata
object
Stores CEL-evaluated values under the `metadata` CEL variable
for subsequent policy evaluations. `metadata` is evaluated before header
or body transformations.
remove
[]string
Header names to remove from the request or
response.
minItems:
1maxItems:
16set []object
Headers to set and the values to use.
minItems:
1maxItems:
16
name
string required
The name of the header to add.
pattern:
^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$minLength:
1maxLength:
256
value
string required
CEL expression that generates the output value for
the header.
minLength:
1maxLength:
16384tunnel object
Settings for managing tunnel connections, with behavior like `HTTPS_PROXY`, to the backend.
backendRef object required
Proxy server to reach.
Supported types: `Service` and `Backend`.
group
string
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
pattern:
^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$maxLength:
253
kind
string
Kind is the Kubernetes resource kind of the referent. For example
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
pattern:
^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$minLength:
1maxLength:
63
name
string required
Name is the name of the referent.
minLength:
1maxLength:
253
namespace
string
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
pattern:
^[a-z0-9]([-a-z0-9]*[a-z0-9])?$minLength:
1maxLength:
63
port
integer
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
format:
int32minimum:
1maximum:
65535frontend object
Settings for how to handle incoming traffic.
A frontend policy can only target a `Gateway`. `Listener` and
`ListenerSet` are not valid targets.
When multiple policies are selected for a given request, they are merged on a field-level basis, but not a deep
merge. For example, policy A sets `tcp` and `tls`, and policy B sets
`tls`; the effective policy would be `tcp` from policy A, and `tls` from
policy B.
accessLog object
Access logging configuration.
attributes object
Customizations to the key-value pairs that are
logged.
add []object
Additional key-value pairs to add to each entry.
The value is a CEL expression. If the CEL expression fails to evaluate,
the pair will be excluded.
minItems:
1
expression
string required
A Common Expression Language (CEL) expression.
minLength:
1maxLength:
16384
name
string required
minLength:
1maxLength:
256
remove
[]string
Default fields to remove. For example,
`http.method`.
minItems:
1maxItems:
32
filter
string
CEL expression used to filter logs. A log
will only be emitted if the expression evaluates to `true`.
minLength:
1maxLength:
16384otlp object
OTLP access log export to an
OpenTelemetry-compatible backend.
backendRef object required
OTLP server to send access logs to.
Supported types: `Service` and `AgentgatewayBackend`.
group
string
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
pattern:
^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$maxLength:
253
kind
string
Kind is the Kubernetes resource kind of the referent. For example
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
pattern:
^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$minLength:
1maxLength:
63
name
string required
Name is the name of the referent.
minLength:
1maxLength:
253
namespace
string
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
pattern:
^[a-z0-9]([-a-z0-9]*[a-z0-9])?$minLength:
1maxLength:
63
port
integer
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
format:
int32minimum:
1maximum:
65535
path
string
OTLP/HTTP path to use. This is only applicable
when `protocol` is `HTTP`. If unset, this defaults to `/v1/logs`.
minLength:
1maxLength:
1024
protocol
string
OTLP protocol variant to use.
enum:
GRPC, HTTPconnect object
Settings for downstream HTTP CONNECT handling.
If unset, CONNECT requests are rejected with Method Not Allowed.
mode
string required
Whether downstream CONNECT requests are accepted.
enum:
Deny, Route, Tunnelhttp object
Settings for managing incoming HTTP requests.
http1HeaderCase
string
Controls HTTP/1 request header name casing when encoding responses on the same connection.
This only applies to `HTTP/1`. If a request is HTTP/2 in either the incoming or outgoing request, this will be ignored.
HTTP/2 requests are always lower case.
Modifying the headers from other policies may result in the original case being lost.
enum:
Lowercase, Preserve
http1IdleTimeout
string
Timeout before an unused connection is
closed.
If unset, this defaults to 10 minutes.
http1MaxHeaders
integer
Maximum number of headers allowed
in `HTTP/1.1` requests.
If unset, this defaults to 100.
format:
int32minimum:
1maximum:
4096
http2ConnectionWindowSize
string | integer
Initial window size for
connection-level flow control for received data.
string pattern:
^[+-]?([0-9]+(\.[0-9]*)?|\.[0-9]+)(([KMGTPE]i)|[numkMGTPE]|[eE](\+?0*([0-9]|1[0-8])|-0*[0-9]))?$string minLength:
1string maxLength:
32
http2FrameSize
string | integer
Maximum frame size to use.
If unset, this defaults to `16kb`.
string pattern:
^[+-]?([0-9]+(\.[0-9]*)?|\.[0-9]+)(([KMGTPE]i)|[numkMGTPE]|[eE](\+?0*([0-9]|1[0-8])|-0*[0-9]))?$string minLength:
1string maxLength:
32
http2KeepaliveInterval
string
http2KeepaliveTimeout
string
http2MaxHeaderSize
string | integer
Maximum aggregate size of decoded HTTP/2
request headers.
If unset, this defaults to `16Ki`.
string pattern:
^[+-]?([0-9]+(\.[0-9]*)?|\.[0-9]+)(([KMGTPE]i)|[numkMGTPE]|[eE](\+?0*([0-9]|1[0-8])|-0*[0-9]))?$string minLength:
1string maxLength:
32
http2WindowSize
string | integer
Initial window size for stream-level flow
control for received data.
string pattern:
^[+-]?([0-9]+(\.[0-9]*)?|\.[0-9]+)(([KMGTPE]i)|[numkMGTPE]|[eE](\+?0*([0-9]|1[0-8])|-0*[0-9]))?$string minLength:
1string maxLength:
32
maxBufferSize
string | integer
Maximum HTTP body size that will be buffered
into memory.
Bodies will only be buffered for policies which require buffering.
If unset, this defaults to `2mb`.
string pattern:
^[+-]?([0-9]+(\.[0-9]*)?|\.[0-9]+)(([KMGTPE]i)|[numkMGTPE]|[eE](\+?0*([0-9]|1[0-8])|-0*[0-9]))?$string minLength:
1string maxLength:
32
maxConnectionDuration
string
Maximum time a connection is allowed to remain open.
After this duration, the connection is gracefully closed after the current in-flight request completes.
Useful for ensuring even traffic distribution behind load balancers during scaling events.
metrics object
Custom Prometheus metric label configuration.
CEL expressions are evaluated per-request and added as labels to all
Prometheus metrics exposed by agentgateway.
attributes object required
Customizations to the labels that are
added to Prometheus metrics.
add []object
Additional key-value pairs to add as custom labels
to all Prometheus metrics. The value is a CEL expression evaluated
per-request. If the CEL expression fails to evaluate, the label value
is set to "unknown".
WARNING: High-cardinality labels (e.g., per-user IDs) can significantly
increase Prometheus storage and memory usage. Prefer low-cardinality
dimensions like team or environment.
minItems:
1maxItems:
16
expression
string required
A Common Expression Language (CEL) expression.
minLength:
1maxLength:
16384
name
string required
minLength:
1maxLength:
256networkAuthorization object
CEL authorization on downstream network connections.
This runs before protocol handling and is intended for L4 access control,
for example using `source.address` with `cidr(...).containsIP(...)`.
action
string
The effect of this rule when it matches.
If unspecified, defaults to `Allow`.
`Require` rules are cumulative: all require rules must match.
enum:
Allow, Deny, Requirepolicy object required
The authorization rule to evaluate.
* `Allow`: any matching allow rule allows the request.
* `Require`: every require rule must match for the request to be allowed.
* `Deny`: any matching deny rule denies the request.
A CEL expression that fails to evaluate does not match. Prefer `Require`
for deny-by-default behavior.
If at least one `Allow` rule is configured, requests are denied unless at
least one allow rule matches.
matchExpressions
[]string required
CEL expressions that must all evaluate to true for the rule to match.
minItems:
1maxItems:
256proxyProtocol object
Settings for downstream PROXY protocol handling.
If configured, incoming connections may require a PROXY header before
normal protocol handling. This can also be configured to allow both
PROXY and non-PROXY traffic on the same listener.
mode
string
Whether PROXY headers are required or optional.
If unset, this defaults to `Strict`.
enum:
Optional, Strict
version
string
PROXY protocol version to accept.
If unset, this defaults to `V2`.
enum:
All, V1, V2tcp object
Settings for managing incoming TCP connections.
keepalive object
Settings for enabling TCP keepalives on the connection.
interval
string
Time between keepalive probes.
If unset, this defaults to 180s.
retries
integer
Maximum number of keepalive probes to send before dropping the connection.
If unset, this defaults to 9.
format:
int32minimum:
1maximum:
64
time
string
Time a connection needs to be idle before keepalive probes start being sent.
If unset, this defaults to 180s.
tls object
Settings for managing incoming TLS connections.
alpnProtocols
[]string
Application-Layer Protocol Negotiation (`ALPN`)
value to use in the TLS handshake.
If not present, defaults to `["h2", "http/1.1"]`.
minItems:
1maxItems:
16
cipherSuites
[]string
Cipher suites for a TLS listener.
The value is a comma-separated list of cipher suites, for example
`TLS13_AES_256_GCM_SHA384,TLS13_AES_128_GCM_SHA256`.
Use this in the TLS options field of a TLS listener.
handshakeTimeout
string
Deadline for a TLS handshake to
complete. If unset, this defaults to `15s`.
keyExchangeGroups
[]string
Ordered list of key exchange groups for a TLS listener.
For example: `X25519_MLKEM768,X25519`.
maxProtocolVersion
string
Maximum TLS version to support.
enum:
1.2, 1.3
minProtocolVersion
string
Minimum TLS version to support.
enum:
1.2, 1.3tracing object
OpenTelemetry tracing settings.
attributes object
Customizations to the key-value pairs that are
included in the trace.
add []object
Additional key-value pairs to add to each entry.
The value is a CEL expression. If the CEL expression fails to evaluate,
the pair will be excluded.
minItems:
1
expression
string required
A Common Expression Language (CEL) expression.
minLength:
1maxLength:
16384
name
string required
minLength:
1maxLength:
256
remove
[]string
Default fields to remove. For example,
`http.method`.
minItems:
1maxItems:
32backendRef object required
OTLP server to reach.
Supported types: `Service` and `AgentgatewayBackend`.
group
string
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
pattern:
^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$maxLength:
253
kind
string
Kind is the Kubernetes resource kind of the referent. For example
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
pattern:
^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$minLength:
1maxLength:
63
name
string required
Name is the name of the referent.
minLength:
1maxLength:
253
namespace
string
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
pattern:
^[a-z0-9]([-a-z0-9]*[a-z0-9])?$minLength:
1maxLength:
63
port
integer
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
format:
int32minimum:
1maximum:
65535
clientSampling
string
Expression that determines the amount of client
sampling. Client sampling determines whether to initiate a new trace
span if the incoming request does have a trace already. This should
evaluate to a float between `0.0` and `1.0`, or a boolean (`true` or
`false`). If unspecified, client sampling is `100%` enabled.
minLength:
1maxLength:
16384
path
string
OTLP path to use. This is only applicable when
`protocol` is `HTTP`. If unset, this defaults to `/v1/traces`.
minLength:
1maxLength:
1024
protocol
string
OTLP protocol variant to use.
enum:
GRPC, HTTP
randomSampling
string
Expression that determines the amount of random
sampling. Random sampling will initiate a new trace span if the incoming
request does not have a trace initiated already. This should evaluate to
a float between `0.0` and `1.0`, or a boolean (`true` or `false`). If
unspecified, random sampling is disabled.
minLength:
1maxLength:
16384resources []object
Entity producing telemetry and resources
resources to be included in the trace.
expression
string required
A Common Expression Language (CEL) expression.
minLength:
1maxLength:
16384
name
string required
minLength:
1maxLength:
256strategy object
Policy merge and conflict resolution strategy.
Strategy settings apply to the policy object as a whole. Individual strategy fields may
only be valid for specific policy kinds; for example, inheritance is only valid when this
policy contains traffic settings.
inheritance
string
Controls whether less-specific traffic policies prevent more-specific traffic policies
from contributing to the effective policy.
This field is only valid on traffic policies. Frontend and backend policy merging does not use
inheritance.
When unset or set to `Default`, traffic policy fields are merged by specificity, with more-specific
attachment points such as routes and route rules able to override fields from less-specific
attachment points such as gateways and listeners.
In other words, this policy provides `Default`s that can be overridden. For example, you may provide a `Default`
timeout policy for the entire Gateway that is overridden by specific routes.
When set to `Override`, this policy blocks traffic policies at more-specific attachment points from
being included in the effective policy. This is useful when a gateway-level policy must remain
authoritative for all routes below it.
enum:
Default, OverridetargetRefs []object
Target resources to attach the
policy to.
minItems:
1maxItems:
16
group
string required
The API group of the target resource.
For Kubernetes Gateway API resources, the group is `gateway.networking.k8s.io`.
pattern:
^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$maxLength:
253
kind
string required
The API kind of the target resource, such as `Gateway` or `HTTPRoute`.
pattern:
^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$minLength:
1maxLength:
63
name
string required
The name of the target resource.
minLength:
1maxLength:
253
sectionName
string
The named section of the target resource.
pattern:
^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$minLength:
1maxLength:
253targetSelectors []object
Target selectors used to select resources to attach the policy to.
minItems:
1maxItems:
16
group
string required
The API group of the target resource.
For Kubernetes Gateway API resources, the group is `gateway.networking.k8s.io`.
pattern:
^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$maxLength:
253
kind
string required
The API kind of the target resource, such as `Gateway` or `HTTPRoute`.
pattern:
^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$minLength:
1maxLength:
63
matchLabels
object required
Labels that must be present on each selected target resource.
sectionName
string
The named section of each selected target resource.
pattern:
^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$minLength:
1maxLength:
253traffic object
Settings for how to process traffic.
A traffic policy can target a `Gateway` (optionally, with a
`sectionName` indicating the listener), `ListenerSet`, or `Route`
(optionally, with a `sectionName` indicating the route rule).
When multiple policies are selected for a given request, they are merged on a field-level basis, but not a deep
merge. Precedence is given to more precise policies: `Gateway` <
`Listener` < `Route` < `Route Rule`. For example, policy A sets
`timeouts` and `retries`, and policy B sets `retries`; the effective
policy would be `timeouts` from policy A, and `retries` from policy B.
apiKeyAuthentication object
Authenticates users based on a configured API
key.
location object
Where API keys are read from.
If omitted, credentials are read from the `Authorization` header with the `Bearer ` prefix.
cookie object
name
string required
minLength:
1maxLength:
256
expression
string
CEL expression that extracts the credential from the request.
minLength:
1maxLength:
16384header object
name
string required
HTTPHeaderName is the name of an HTTP header.
Valid values include:
* "Authorization"
* "Set-Cookie"
Invalid values include:
- ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
pattern:
^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$minLength:
1maxLength:
256
prefix
string
minLength:
1maxLength:
256queryParameter object
name
string required
minLength:
1maxLength:
256
mode
string
Validation mode for API key authentication.
enum:
Optional, Permissive, StrictsecretRef object
Credential source, defaulting to a Kubernetes
`Secret`, storing a set of API keys. If there are many Secret-backed
keys, `secretSelector` can be used instead.
Each entry in the credential data represents one API key. The key is an
arbitrary identifier. The value can either be:
* A string representing the API key.
* A JSON object with two fields, `key` and `metadata`. `key` contains
the API key. `metadata` contains arbitrary JSON metadata associated
with the key, which may be used by other policies. For example, you
may write an authorization policy allowing `apiKey.group == 'sales'`.
Example:
apiVersion: v1
kind: Secret
metadata:
name: api-key
stringData:
client1: |
{
"key": "k-123",
"metadata": {
"group": "sales",
"created_at": "2024-10-01T12:00:00Z"
}
}
client2: "k-456"
group
string
The API group of the referenced credential.
Empty selects the core API group.
kind
string
The kind of the referenced credential.
Empty defaults to `Secret`.
name
string required
The name of the referenced credential.
minLength:
1maxLength:
253secretSelector object
Selects multiple Kubernetes `Secret` resources
containing API keys. It is Secret-only; use `secretRef` for other
credential kinds. If the same key is defined in multiple secrets, the
behavior is undefined.
Each entry in the `Secret` data represents one API key. The key is an
arbitrary identifier. The value can either be:
* A string representing the API key.
* A JSON object with two fields, `key` and `metadata`. `key` contains
the API key. `metadata` contains arbitrary JSON metadata associated
with the key, which may be used by other policies. For example, you
may write an authorization policy allowing `apiKey.group == 'sales'`.
Example:
apiVersion: v1
kind: Secret
metadata:
name: api-key
stringData:
client1: |
{
"key": "k-123",
"metadata": {
"group": "sales",
"created_at": "2024-10-01T12:00:00Z"
}
}
client2: "k-456"
matchLabels
object required
Labels that must be present on each selected Secret.
authorization object
Access rules based on roles and
permissions.
If multiple authorization rules are applied across different policies, at the same or different attachment points,
all rules are merged.
action
string
The effect of this rule when it matches.
If unspecified, defaults to `Allow`.
`Require` rules are cumulative: all require rules must match.
enum:
Allow, Deny, Requirepolicy object required
The authorization rule to evaluate.
* `Allow`: any matching allow rule allows the request.
* `Require`: every require rule must match for the request to be allowed.
* `Deny`: any matching deny rule denies the request.
A CEL expression that fails to evaluate does not match. Prefer `Require`
for deny-by-default behavior.
If at least one `Allow` rule is configured, requests are denied unless at
least one allow rule matches.
matchExpressions
[]string required
CEL expressions that must all evaluate to true for the rule to match.
minItems:
1maxItems:
256basicAuthentication object
Authenticates users based on the `Basic`
authentication scheme (RFC 7617), where a username and password are
encoded in the request.
location object
Where Basic credentials are read from.
If omitted, credentials are read from the `Authorization` header with the `Basic ` prefix.
cookie object
name
string required
minLength:
1maxLength:
256
expression
string
CEL expression that extracts the credential from the request.
minLength:
1maxLength:
16384header object
name
string required
HTTPHeaderName is the name of an HTTP header.
Valid values include:
* "Authorization"
* "Set-Cookie"
Invalid values include:
- ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
pattern:
^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$minLength:
1maxLength:
256
prefix
string
minLength:
1maxLength:
256queryParameter object
name
string required
minLength:
1maxLength:
256
mode
string
Validation mode for basic authentication.
enum:
Optional, Strict
realm
string
`realm` value to return in the `WWW-Authenticate`
header for failed authentication requests. If unset, `Restricted` will
be used.
secretRef object
Credential source, defaulting to a Kubernetes
`Secret`, storing the `.htaccess` file. When using the default Secret
resolver, the `Secret` must have a key named `.htaccess`, and should
contain the complete `.htaccess` file.
Note: passwords should be the hash of the password, not the raw password. Use the `htpasswd` or similar commands
to generate a hash. MD5, bcrypt, crypt, and SHA-1 are supported.
Example:
apiVersion: v1
kind: Secret
metadata:
name: basic-auth
stringData:
.htaccess: |
alice:$apr1$3zSE0Abt$IuETi4l5yO87MuOrbSE4V.
bob:$apr1$Ukb5LgRD$EPY2lIfY.A54jzLELNIId/
group
string
The API group of the referenced credential.
Empty selects the core API group.
kind
string
The kind of the referenced credential.
Empty defaults to `Secret`.
name
string required
The name of the referenced credential.
minLength:
1maxLength:
253
users
[]string
Inline list of username and password pairs that will
be accepted. Each entry represents one line of the `htpasswd` format:
https://httpd.apache.org/docs/2.4/programs/htpasswd.html.
Note: passwords should be the hash of the password, not the raw password. Use the `htpasswd` or similar commands
to generate a hash. MD5, bcrypt, crypt, and SHA-1 are supported.
Example:
users:
- "user1:$apr1$ivPt0D4C$DmRhnewfHRSrb3DQC.WHC."
- "user2:$2y$05$r3J4d3VepzFkedkd/q1vI.pBYIpSqjfN0qOARV3ScUHysatnS0cL2"
minItems:
1maxItems:
256buffer object
Buffers request and response bodies. Buffered bodies are accumulated in memory
by the proxy until completion before being forwarded. This changes the proxies default behavior, which streams bodies.
Warning: large bodies can lead to excessive memory usage in the proxy. Utilize with care, or with strict limits.
request object
Request body buffering settings.
maxBytes
string | integer
Maximum number of bytes to buffer from the request or response body.
If unset, defaults to the global proxy setting, which defaults to 2Mi.
string pattern:
^[+-]?([0-9]+(\.[0-9]*)?|\.[0-9]+)(([KMGTPE]i)|[numkMGTPE]|[eE](\+?0*([0-9]|1[0-8])|-0*[0-9]))?$string minLength:
1string maxLength:
32response object
Response body buffering settings.
maxBytes
string | integer
Maximum number of bytes to buffer from the request or response body.
If unset, defaults to the global proxy setting, which defaults to 2Mi.
string pattern:
^[+-]?([0-9]+(\.[0-9]*)?|\.[0-9]+)(([KMGTPE]i)|[numkMGTPE]|[eE](\+?0*([0-9]|1[0-8])|-0*[0-9]))?$string minLength:
1string maxLength:
32cors object
CORS configuration for the policy.
allowCredentials
boolean
AllowCredentials indicates whether the actual cross-origin request allows
to include credentials.
When set to true, the gateway will include the `Access-Control-Allow-Credentials`
response header with value true (case-sensitive).
When set to false or omitted the gateway will omit the header
`Access-Control-Allow-Credentials` entirely (this is the standard CORS
behavior).
Support: Extended
allowHeaders
[]string
AllowHeaders indicates which HTTP request headers are supported for
accessing the requested resource.
Header names are not case-sensitive.
Multiple header names in the value of the `Access-Control-Allow-Headers`
response header are separated by a comma (",").
When the `allowHeaders` field is configured with one or more headers, the
gateway must return the `Access-Control-Allow-Headers` response header
which value is present in the `allowHeaders` field.
If any header name in the `Access-Control-Request-Headers` request header
is not included in the list of header names specified by the response
header `Access-Control-Allow-Headers`, it will present an error on the
client side.
If any header name in the `Access-Control-Allow-Headers` response header
does not recognize by the client, it will also occur an error on the
client side.
A wildcard indicates that the requests with all HTTP headers are allowed.
If the configuration contains the wildcard `*` in `allowHeaders` and
`allowCredentials` is set to `false`, the `Access-Control-Allow-Headers`
response header may either contain the wildcard `*` or echo the value
of the `Access-Control-Request-Headers` request header.
If the configuration contains the wildcard `*` in `allowHeaders` and
`allowCredentials` is set to `true`, the gateway must not return `*`
in the `Access-Control-Allow-Headers` response header. Instead, it must
return one or more header names matching the value of the
`Access-Control-Request-Headers` request header.
If the `Access-Control-Request-Headers` header is not present in the
request, the gateway must omit the `Access-Control-Allow-Headers`
response header.
Support: Extended
maxItems:
64
allowMethods
[]string
AllowMethods indicates which HTTP methods are supported for accessing the
requested resource.
Valid values are any method defined by RFC9110, along with the special
value `*`, which represents all HTTP methods are allowed.
Method names are case-sensitive, so these values are also case-sensitive.
(See https://www.rfc-editor.org/rfc/rfc2616#section-5.1.1)
Multiple method names in the value of the `Access-Control-Allow-Methods`
response header are separated by a comma (",").
A CORS-safelisted method is a method that is `GET`, `HEAD`, or `POST`.
(See https://fetch.spec.whatwg.org/#cors-safelisted-method) The
CORS-safelisted methods are always allowed, regardless of whether they
are specified in the `allowMethods` field.
When the `allowMethods` field is configured with one or more methods, the
gateway must return the `Access-Control-Allow-Methods` response header
which value is present in the `allowMethods` field.
If the HTTP method of the `Access-Control-Request-Method` request header
is not included in the list of methods specified by the response header
`Access-Control-Allow-Methods`, it will present an error on the client
side.
If the configuration contains the wildcard `*` in `allowMethods` and
`allowCredentials` is set to `false`, the `Access-Control-Allow-Methods`
response header may either contain the wildcard `*` or echo the value
of the `Access-Control-Request-Method` request header.
If the configuration contains the wildcard `*` in `allowMethods` and
`allowCredentials` is set to `true`, the gateway must not return `*`
in the `Access-Control-Allow-Methods` response header. Instead, it must
return a single HTTP method matching the value of the
`Access-Control-Request-Method` request header.
If the `Access-Control-Request-Method` header is not present in the request,
the gateway must omit the `Access-Control-Allow-Methods` response header.
Support: Extended
maxItems:
9
allowOrigins
[]string
AllowOrigins indicates whether the response can be shared with requested
resource from the given `Origin`.
The `Origin` consists of a scheme and a host, with an optional port, and
takes the form `<scheme>://<host>(:<port>)`.
Valid values for scheme are: `http` and `https`.
Valid values for port are any integer between 1 and 65535 (the list of
available TCP/UDP ports). Note that, if not included, port `80` is
assumed for `http` scheme origins, and port `443` is assumed for `https`
origins. This may affect origin matching.
The host part of the origin may contain the wildcard character `*`. These
wildcard characters behave as follows:
* `*` is a greedy match to the _left_, including any number of
DNS labels to the left of its position. This also means that
`*` will include any number of period `.` characters to the
left of its position.
* A wildcard by itself matches all hosts.
An origin value that includes _only_ the `*` character indicates requests
from all `Origin`s are allowed.
When the `allowOrigins` field is configured with multiple origins, it
means the server supports clients from multiple origins. If the request
`Origin` matches the configured allowed origins, the gateway must return
the given `Origin` and sets value of the header
`Access-Control-Allow-Origin` same as the `Origin` header provided by the
client.
The status code of a successful response to a "preflight" request is
always an OK status (i.e., 204 or 200).
If the request `Origin` does not match the configured allowed origins,
the gateway returns 204/200 response but doesn't set the relevant
cross-origin response headers. Alternatively, the gateway responds with
403 status to the "preflight" request is denied, coupled with omitting
the CORS headers. The cross-origin request fails on the client side.
Therefore, the client doesn't attempt the actual cross-origin request.
Conversely, if the request `Origin` matches one of the configured
allowed origins, the gateway sets the response header
`Access-Control-Allow-Origin` to the same value as the `Origin`
header provided by the client.
If the configuration contains the wildcard `*` in `allowOrigins` and
`allowCredentials` is set to `false`, the `Access-Control-Allow-Origin`
response header may either contain the wildcard `*` or echo the value
of the `Origin` request header.
If the configuration contains the wildcard `*` in `allowOrigins` and
`allowCredentials` is set to `true`, the gateway must not return `*`
in the `Access-Control-Allow-Origin` response header. Instead, it must
return a single origin matching the value of the `Origin` request header.
Support: Extended
maxItems:
64
exposeHeaders
[]string
ExposeHeaders indicates which HTTP response headers can be exposed
to client-side scripts in response to a cross-origin request.
A CORS-safelisted response header is an HTTP header in a CORS response
that it is considered safe to expose to the client scripts.
The CORS-safelisted response headers include the following headers:
`Cache-Control`
`Content-Language`
`Content-Length`
`Content-Type`
`Expires`
`Last-Modified`
`Pragma`
(See https://fetch.spec.whatwg.org/#cors-safelisted-response-header-name)
The CORS-safelisted response headers are exposed to client by default.
When an HTTP header name is specified using the `exposeHeaders` field,
this additional header will be exposed as part of the response to the
client.
Header names are not case-sensitive.
Multiple header names in the value of the `Access-Control-Expose-Headers`
response header are separated by a comma (",").
A wildcard indicates that the responses with all HTTP headers are exposed
to clients.
If the configuration contains the wildcard `*` in `exposeHeaders` and
`allowCredentials` is set to `false`, the `Access-Control-Expose-Headers`
response header can contain the wildcard `*`.
If the configuration contains the wildcard `*` in `exposeHeaders` and
`allowCredentials` is set to `true`, the gateway cannot use the `*`
in the `Access-Control-Expose-Headers` response header.
Support: Extended
maxItems:
64
maxAge
integer
MaxAge indicates the duration (in seconds) for the client to cache the
results of a "preflight" request.
The information provided by the `Access-Control-Allow-Methods` and
`Access-Control-Allow-Headers` response headers can be cached by the
client until the time specified by `Access-Control-Max-Age` elapses.
The default value of `Access-Control-Max-Age` response header is 5
(seconds).
When the `MaxAge` field is unspecified, the gateway sets the response
header "Access-Control-Max-Age: 5" by default.
format:
int32minimum:
1csrf object
Cross-Site Request Forgery (CSRF) policy for this traffic policy.
The CSRF policy has the following behavior:
* Safe methods (`GET`, `HEAD`, `OPTIONS`) are automatically allowed.
* Requests without `Sec-Fetch-Site` or `Origin` headers are assumed to
be same-origin or non-browser requests and are allowed.
* Otherwise, the `Sec-Fetch-Site` header is checked, with a fallback to
comparing the `Origin` header to the `Host` header.
additionalOrigins
[]string
Additional source origins that will be
allowed in addition to the destination origin. The `Origin` consists of
a scheme and a host, with an optional port, and takes the form
`<scheme>://<host>(:<port>)`.
minItems:
1maxItems:
16directResponse object
Sends a direct response to the
client.
body
string
Content to return in the HTTP response body.
The maximum length of the body is restricted to prevent excessively large responses.
If this field is omitted, no body is included in the response.
minLength:
1maxLength:
4096
bodyExpression
string
CEL expression that produces the HTTP response body.
Strings and bytes are written directly; other values are serialized as JSON.
If this field is omitted, no expression body is included in the response.
minLength:
1maxLength:
16384conditional []object
Conditional policy execution. Set this or the top-level directResponse fields.
The first matching policy will be executed.
A single policy may be provided without a condition set; if so, it must be the last policy and will be the fallback
in case no conditions are met.
minItems:
1maxItems:
16
condition
string
CEL expression that must evaluate to true for this policy to execute.
minLength:
1maxLength:
16384policy object required
Policy to apply when the condition matches.
body
string
Content to return in the HTTP response body.
The maximum length of the body is restricted to prevent excessively large responses.
If this field is omitted, no body is included in the response.
minLength:
1maxLength:
4096
bodyExpression
string
CEL expression that produces the HTTP response body.
Strings and bytes are written directly; other values are serialized as JSON.
If this field is omitted, no expression body is included in the response.
minLength:
1maxLength:
16384headers []object
Response headers to set on the direct response.
minItems:
1maxItems:
16
name
string required
The name of the header to set.
pattern:
^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$minLength:
1maxLength:
256
value
string required
CEL expression that generates the output value for
the header.
minLength:
1maxLength:
16384
status
integer
HTTP status code to return.
format:
int32minimum:
200maximum:
599headers []object
Response headers to set on the direct response.
minItems:
1maxItems:
16
name
string required
The name of the header to set.
pattern:
^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$minLength:
1maxLength:
256
value
string required
CEL expression that generates the output value for
the header.
minLength:
1maxLength:
16384
status
integer
HTTP status code to return.
format:
int32minimum:
200maximum:
599extAuth object
External authentication configuration for the policy.
This selects the external server to send requests to for authentication.
An extAuth policy can be conditionally set by nesting configuration under the `conditional` field.
backendRef object
External Authorization server to reach.
Supported types: `Service` and `Backend`.
group
string
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
pattern:
^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$maxLength:
253
kind
string
Kind is the Kubernetes resource kind of the referent. For example
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
pattern:
^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$minLength:
1maxLength:
63
name
string required
Name is the name of the referent.
minLength:
1maxLength:
253
namespace
string
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
pattern:
^[a-z0-9]([-a-z0-9]*[a-z0-9])?$minLength:
1maxLength:
63
port
integer
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
format:
int32minimum:
1maximum:
65535cache object
Caches gRPC authorization results.
WARNING: the safety of this feature depends on the cache key accurately
capturing every request property that the authorization service uses to
make a decision. For example, if the service returns different results
based on both path and authorization header, both must be included in
`key`; otherwise, one request may incorrectly reuse another request's
authorization result.
If any key expression fails to evaluate or produces an unsupported value,
the request is still sent to the authorization service, but its result is
not read from or written to the cache.
key
[]string required
Ordered list of CEL expressions evaluated against the request
to construct the cache key.
minItems:
1maxItems:
16
maxEntries
integer
Maximum number of authorization results to keep in
the cache. If unset, this defaults to 10000.
format:
int32minimum:
1
ttl
string required
Duration string, such as `5m`, or a CEL expression that
returns the duration that cached authorization results may be reused, or a
timestamp when the cached authorization result expires. The expression is
evaluated after the authorization response has been applied to the request.
minLength:
1maxLength:
16384conditional []object
Conditional policy execution. Set this or the top-level extAuth fields.
The first matching policy will be executed.
A single policy may be provided without a condition set; if so, it must be the last policy and will be the fallback
in case no conditions are met.
minItems:
1maxItems:
16
condition
string
CEL expression that must evaluate to true for this policy to execute.
minLength:
1maxLength:
16384policy object required
Policy to apply when the condition matches.
backendRef object
External Authorization server to reach.
Supported types: `Service` and `Backend`.
group
string
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
pattern:
^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$maxLength:
253
kind
string
Kind is the Kubernetes resource kind of the referent. For example
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
pattern:
^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$minLength:
1maxLength:
63
name
string required
Name is the name of the referent.
minLength:
1maxLength:
253
namespace
string
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
pattern:
^[a-z0-9]([-a-z0-9]*[a-z0-9])?$minLength:
1maxLength:
63
port
integer
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
format:
int32minimum:
1maximum:
65535cache object
Caches gRPC authorization results.
WARNING: the safety of this feature depends on the cache key accurately
capturing every request property that the authorization service uses to
make a decision. For example, if the service returns different results
based on both path and authorization header, both must be included in
`key`; otherwise, one request may incorrectly reuse another request's
authorization result.
If any key expression fails to evaluate or produces an unsupported value,
the request is still sent to the authorization service, but its result is
not read from or written to the cache.
key
[]string required
Ordered list of CEL expressions evaluated against the request
to construct the cache key.
minItems:
1maxItems:
16
maxEntries
integer
Maximum number of authorization results to keep in
the cache. If unset, this defaults to 10000.
format:
int32minimum:
1
ttl
string required
Duration string, such as `5m`, or a CEL expression that
returns the duration that cached authorization results may be reused, or a
timestamp when the cached authorization result expires. The expression is
evaluated after the authorization response has been applied to the request.
minLength:
1maxLength:
16384
failureMode
string
Behavior when the external authorization service is
unavailable or returns an error. "FailOpen" allows the request to continue.
"FailClosed" (default) denies the request.
enum:
FailClosed, FailOpenforwardBody object
Whether to include the HTTP body in the authorization request.
If enabled, the request body will be buffered.
maxSize
string | integer required
Largest body, in bytes, that will be buffered
and sent to the authorization server. If the body size is larger than
`maxSize`, then the request will be rejected with a response.
string pattern:
^[+-]?([0-9]+(\.[0-9]*)?|\.[0-9]+)(([KMGTPE]i)|[numkMGTPE]|[eE](\+?0*([0-9]|1[0-8])|-0*[0-9]))?$string minLength:
1string maxLength:
32grpc object
Uses the gRPC External Authorization
[protocol](https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/auth/v3/external_auth.proto) should be used.
contextExtensions
object
Additional arbitrary key-value pairs to
send to the authorization server in the `context_extensions` field.
requestMetadata
object
Metadata to send to the authorization
server. This maps to the `metadata_context.filter_metadata` field of the
request, and allows dynamic CEL expressions. If unset, by default the
`envoy.filters.http.jwt_authn` key is set if the JWT policy is used as
well, for compatibility.
http object
Uses HTTP to connect to
the authorization server. The authorization server must return a `200`
status code, otherwise the request is considered an authorization
failure.
addRequestHeaders
object
Additional headers to add to the
request to the authorization server. While `allowedRequestHeaders` just
passes the original headers through, `addRequestHeaders` allows defining
custom headers based on CEL expressions.
allowedRequestHeaders
[]string
Additional headers from the client request that
will be sent to the authorization server.
If unset, the following headers are sent by default: `Authorization`.
maxItems:
64
allowedResponseHeaders
[]string
Headers from the authorization response that
will be copied into the request to the backend.
maxItems:
64
path
string
Path to send to the authorization server. If
unset, this defaults to the original request path.
This is a CEL expression, which allows customizing the path based on the
incoming request. For example, to add a prefix, use
`"/prefix/" + request.path`.
minLength:
1maxLength:
16384
redirect
string
Optional expression that determines a path to
redirect to on authorization failure. This is useful to redirect to a
sign-in page.
minLength:
1maxLength:
16384
responseMetadata
object
Metadata fields to construct
from the authorization response. These will be included under the
`extauthz` variable in future CEL expressions. Setting this is useful
for things like logging usernames, without needing to include them as
headers to the backend, as `allowedResponseHeaders` would.
failureMode
string
Behavior when the external authorization service is
unavailable or returns an error. "FailOpen" allows the request to continue.
"FailClosed" (default) denies the request.
enum:
FailClosed, FailOpenforwardBody object
Whether to include the HTTP body in the authorization request.
If enabled, the request body will be buffered.
maxSize
string | integer required
Largest body, in bytes, that will be buffered
and sent to the authorization server. If the body size is larger than
`maxSize`, then the request will be rejected with a response.
string pattern:
^[+-]?([0-9]+(\.[0-9]*)?|\.[0-9]+)(([KMGTPE]i)|[numkMGTPE]|[eE](\+?0*([0-9]|1[0-8])|-0*[0-9]))?$string minLength:
1string maxLength:
32grpc object
Uses the gRPC External Authorization
[protocol](https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/auth/v3/external_auth.proto) should be used.
contextExtensions
object
Additional arbitrary key-value pairs to
send to the authorization server in the `context_extensions` field.
requestMetadata
object
Metadata to send to the authorization
server. This maps to the `metadata_context.filter_metadata` field of the
request, and allows dynamic CEL expressions. If unset, by default the
`envoy.filters.http.jwt_authn` key is set if the JWT policy is used as
well, for compatibility.
http object
Uses HTTP to connect to
the authorization server. The authorization server must return a `200`
status code, otherwise the request is considered an authorization
failure.
addRequestHeaders
object
Additional headers to add to the
request to the authorization server. While `allowedRequestHeaders` just
passes the original headers through, `addRequestHeaders` allows defining
custom headers based on CEL expressions.
allowedRequestHeaders
[]string
Additional headers from the client request that
will be sent to the authorization server.
If unset, the following headers are sent by default: `Authorization`.
maxItems:
64
allowedResponseHeaders
[]string
Headers from the authorization response that
will be copied into the request to the backend.
maxItems:
64
path
string
Path to send to the authorization server. If
unset, this defaults to the original request path.
This is a CEL expression, which allows customizing the path based on the
incoming request. For example, to add a prefix, use
`"/prefix/" + request.path`.
minLength:
1maxLength:
16384
redirect
string
Optional expression that determines a path to
redirect to on authorization failure. This is useful to redirect to a
sign-in page.
minLength:
1maxLength:
16384
responseMetadata
object
Metadata fields to construct
from the authorization response. These will be included under the
`extauthz` variable in future CEL expressions. Setting this is useful
for things like logging usernames, without needing to include them as
headers to the backend, as `allowedResponseHeaders` would.
extProc object
External processing configuration for the policy.
backendRef object
External Processor server to reach.
Supported types: `Service` and `Backend`.
group
string
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
pattern:
^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$maxLength:
253
kind
string
Kind is the Kubernetes resource kind of the referent. For example
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
pattern:
^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$minLength:
1maxLength:
63
name
string required
Name is the name of the referent.
minLength:
1maxLength:
253
namespace
string
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
pattern:
^[a-z0-9]([-a-z0-9]*[a-z0-9])?$minLength:
1maxLength:
63
port
integer
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
format:
int32minimum:
1maximum:
65535conditional []object
Conditional policy execution. Set this or the top-level extProc fields.
The first matching policy will be executed.
A single policy may be provided without a condition set; if so, it must be the last policy and will be the fallback
in case no conditions are met.
minItems:
1maxItems:
16
condition
string
CEL expression that must evaluate to true for this policy to execute.
minLength:
1maxLength:
16384policy object required
Policy to apply when the condition matches.
backendRef object
External Processor server to reach.
Supported types: `Service` and `Backend`.
group
string
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
pattern:
^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$maxLength:
253
kind
string
Kind is the Kubernetes resource kind of the referent. For example
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
pattern:
^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$minLength:
1maxLength:
63
name
string required
Name is the name of the referent.
minLength:
1maxLength:
253
namespace
string
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
pattern:
^[a-z0-9]([-a-z0-9]*[a-z0-9])?$minLength:
1maxLength:
63
port
integer
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
format:
int32minimum:
1maximum:
65535processingOptions object
How request and response phases are sent to ext_proc.
allowModeOverride
boolean
Allows ext_proc `mode_override` values from matching header responses to update
subsequent request/response processing phases for this exchange. Defaults to `false`.
requestBodyMode
string
How request bodies are sent to the external processor.
`Buffered` buffers the full body and returns an error if it exceeds 8KB.
`BufferedPartial` buffers up to 8KB and sends the buffered prefix if the
body exceeds that limit. Defaults to `FullDuplexStreamed`.
enum:
None, Buffered, BufferedPartial, FullDuplexStreamed
requestHeaderMode
string
Whether request headers are sent to the external processor.
Defaults to `Send`.
enum:
Send, Skip
requestTrailerMode
string
Whether request trailers are sent to the external processor.
Defaults to `Send`.
enum:
Skip, Send
responseBodyMode
string
How response bodies are sent to the external processor.
`Buffered` buffers the full body and returns an error if it exceeds 8KB.
`BufferedPartial` buffers up to 8KB and sends the buffered prefix if the
body exceeds that limit. Defaults to `FullDuplexStreamed`.
enum:
None, Buffered, BufferedPartial, FullDuplexStreamed
responseHeaderMode
string
Whether response headers are sent to the external processor.
Defaults to `Send`.
enum:
Send, Skip
responseTrailerMode
string
Whether response trailers are sent to the external processor.
Defaults to `Send`.
enum:
Skip, SendprocessingOptions object
How request and response phases are sent to ext_proc.
allowModeOverride
boolean
Allows ext_proc `mode_override` values from matching header responses to update
subsequent request/response processing phases for this exchange. Defaults to `false`.
requestBodyMode
string
How request bodies are sent to the external processor.
`Buffered` buffers the full body and returns an error if it exceeds 8KB.
`BufferedPartial` buffers up to 8KB and sends the buffered prefix if the
body exceeds that limit. Defaults to `FullDuplexStreamed`.
enum:
None, Buffered, BufferedPartial, FullDuplexStreamed
requestHeaderMode
string
Whether request headers are sent to the external processor.
Defaults to `Send`.
enum:
Send, Skip
requestTrailerMode
string
Whether request trailers are sent to the external processor.
Defaults to `Send`.
enum:
Skip, Send
responseBodyMode
string
How response bodies are sent to the external processor.
`Buffered` buffers the full body and returns an error if it exceeds 8KB.
`BufferedPartial` buffers up to 8KB and sends the buffered prefix if the
body exceeds that limit. Defaults to `FullDuplexStreamed`.
enum:
None, Buffered, BufferedPartial, FullDuplexStreamed
responseHeaderMode
string
Whether response headers are sent to the external processor.
Defaults to `Send`.
enum:
Send, Skip
responseTrailerMode
string
Whether response trailers are sent to the external processor.
Defaults to `Send`.
enum:
Skip, SendheaderModifiers object
Request and response header modification policy.
request object
Header changes to apply before forwarding a request.
add []object
Add adds the given header(s) (name, value) to the request
before the action. It appends to any existing values associated
with the header name.
Input:
GET /foo HTTP/1.1
my-header: foo
Config:
add:
- name: "my-header"
value: "bar,baz"
Output:
GET /foo HTTP/1.1
my-header: foo,bar,baz
maxItems:
16
name
string required
Name is the name of the HTTP Header to be matched. Name matching MUST be
case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
If multiple entries specify equivalent header names, the first entry with
an equivalent name MUST be considered for a match. Subsequent entries
with an equivalent header name MUST be ignored. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered
equivalent.
pattern:
^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$minLength:
1maxLength:
256
value
string required
Value is the value of HTTP Header to be matched.
<gateway:experimental:description>
Must consist of printable US-ASCII characters, optionally separated
by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2
</gateway:experimental:description>
<gateway:experimental:validation:Pattern=`^[!-~]+([\t ]?[!-~]+)*$`>
minLength:
1maxLength:
4096
remove
[]string
Remove the given header(s) from the HTTP request before the action. The
value of Remove is a list of HTTP header names. Note that the header
names are case-insensitive (see
https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
Input:
GET /foo HTTP/1.1
my-header1: foo
my-header2: bar
my-header3: baz
Config:
remove: ["my-header1", "my-header3"]
Output:
GET /foo HTTP/1.1
my-header2: bar
maxItems:
16set []object
Set overwrites the request with the given header (name, value)
before the action.
Input:
GET /foo HTTP/1.1
my-header: foo
Config:
set:
- name: "my-header"
value: "bar"
Output:
GET /foo HTTP/1.1
my-header: bar
maxItems:
16
name
string required
Name is the name of the HTTP Header to be matched. Name matching MUST be
case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
If multiple entries specify equivalent header names, the first entry with
an equivalent name MUST be considered for a match. Subsequent entries
with an equivalent header name MUST be ignored. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered
equivalent.
pattern:
^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$minLength:
1maxLength:
256
value
string required
Value is the value of HTTP Header to be matched.
<gateway:experimental:description>
Must consist of printable US-ASCII characters, optionally separated
by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2
</gateway:experimental:description>
<gateway:experimental:validation:Pattern=`^[!-~]+([\t ]?[!-~]+)*$`>
minLength:
1maxLength:
4096response object
Header changes to apply before returning a response.
add []object
Add adds the given header(s) (name, value) to the request
before the action. It appends to any existing values associated
with the header name.
Input:
GET /foo HTTP/1.1
my-header: foo
Config:
add:
- name: "my-header"
value: "bar,baz"
Output:
GET /foo HTTP/1.1
my-header: foo,bar,baz
maxItems:
16
name
string required
Name is the name of the HTTP Header to be matched. Name matching MUST be
case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
If multiple entries specify equivalent header names, the first entry with
an equivalent name MUST be considered for a match. Subsequent entries
with an equivalent header name MUST be ignored. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered
equivalent.
pattern:
^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$minLength:
1maxLength:
256
value
string required
Value is the value of HTTP Header to be matched.
<gateway:experimental:description>
Must consist of printable US-ASCII characters, optionally separated
by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2
</gateway:experimental:description>
<gateway:experimental:validation:Pattern=`^[!-~]+([\t ]?[!-~]+)*$`>
minLength:
1maxLength:
4096
remove
[]string
Remove the given header(s) from the HTTP request before the action. The
value of Remove is a list of HTTP header names. Note that the header
names are case-insensitive (see
https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
Input:
GET /foo HTTP/1.1
my-header1: foo
my-header2: bar
my-header3: baz
Config:
remove: ["my-header1", "my-header3"]
Output:
GET /foo HTTP/1.1
my-header2: bar
maxItems:
16set []object
Set overwrites the request with the given header (name, value)
before the action.
Input:
GET /foo HTTP/1.1
my-header: foo
Config:
set:
- name: "my-header"
value: "bar"
Output:
GET /foo HTTP/1.1
my-header: bar
maxItems:
16
name
string required
Name is the name of the HTTP Header to be matched. Name matching MUST be
case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
If multiple entries specify equivalent header names, the first entry with
an equivalent name MUST be considered for a match. Subsequent entries
with an equivalent header name MUST be ignored. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered
equivalent.
pattern:
^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$minLength:
1maxLength:
256
value
string required
Value is the value of HTTP Header to be matched.
<gateway:experimental:description>
Must consist of printable US-ASCII characters, optionally separated
by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2
</gateway:experimental:description>
<gateway:experimental:validation:Pattern=`^[!-~]+([\t ]?[!-~]+)*$`>
minLength:
1maxLength:
4096hostRewrite object
How to rewrite the `Host` header for requests.
If the `HTTPRoute` `urlRewrite` filter already specifies a host rewrite,
this setting is ignored.
mode
string required
Hostname rewrite mode.
The following may be specified:
* `Auto`: automatically set the `Host` header based on the destination.
* `None`: do not rewrite the `Host` header. The original `Host` header
will be passed through.
This setting defaults to `Auto` when connecting to hostname-based
`Backend` types, and `None` otherwise, for `Service` or IP-based
backends.
enum:
Auto, NonejwtAuthentication object
Authenticates users based on JWT tokens.
location object
Where JWT credentials are read from.
If omitted, credentials are read from the `Authorization` header with the `Bearer ` prefix.
cookie object
name
string required
minLength:
1maxLength:
256
expression
string
CEL expression that extracts the credential from the request.
minLength:
1maxLength:
16384header object
name
string required
HTTPHeaderName is the name of an HTTP header.
Valid values include:
* "Authorization"
* "Set-Cookie"
Invalid values include:
- ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
headers are not currently supported by this type.
- "/invalid" - "/ " is an invalid character
pattern:
^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$minLength:
1maxLength:
256
prefix
string
minLength:
1maxLength:
256queryParameter object
name
string required
minLength:
1maxLength:
256mcp object
Enables MCP OAuth metadata endpoint handling
and MCP-specific authentication behavior on top of standard JWT validation.
When set, the gateway will serve the MCP OAuth metadata discovery endpoints.
clientId
string
Client ID to use for short-circuiting Dynamic Client Registration.
If set, the gateway will not proxy registration requests to the IDP and instead return this client ID.
provider
string
Identity provider to use for MCP authentication flows.
enum:
Auth0, Keycloak, Okta
resourceMetadata
object
Metadata to use for MCP resources,
served at the MCP OAuth metadata endpoints.
mode
string
Validation mode for JWT authentication.
enum:
Optional, Permissive, Strictproviders []object required
minItems:
1maxItems:
64
audiences
[]string
Allowed audiences that are allowed
access. This corresponds to the `aud` claim
([RFC 7519 §4.1.3](https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.3)).
If unset, any audience is allowed.
minItems:
1maxItems:
64
issuer
string required
IdP that issued the JWT. This corresponds to the
`iss` claim ([RFC 7519 §4.1.1](https://tools.ietf.org/html/rfc7519#section-4.1.1)).
minLength:
1maxLength:
256jwks object required
JSON Web Key Set used to validate the signature of the
JWT.
inline
string
Inline JSON Web Key Set used to validate the
signature of the JWT.
minLength:
2maxLength:
65536remote object
How to reach the JSON Web Key Set from a remote
address.
backendRef object required
Remote JWKS server to reach.
Supported types are `Service` and static `Backend`. An
`AgentgatewayPolicy` containing backend TLS config can then be attached
to the `Service` or `Backend` in order to set TLS options for a
connection to the remote `jwks` source.
group
string
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
pattern:
^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$maxLength:
253
kind
string
Kind is the Kubernetes resource kind of the referent. For example
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
pattern:
^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$minLength:
1maxLength:
63
name
string required
Name is the name of the referent.
minLength:
1maxLength:
253
namespace
string
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
pattern:
^[a-z0-9]([-a-z0-9]*[a-z0-9])?$minLength:
1maxLength:
63
port
integer
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
format:
int32minimum:
1maximum:
65535
cacheDuration
string
jwksPath
string required
Path to the IdP `jwks` endpoint, relative to the root, commonly
`".well-known/jwks.json"`.
minLength:
1maxLength:
2000
phase
string
The phase to apply the traffic policy to. If the phase is `PreRouting`,
the `targetRef` must be a `Gateway` or a `Listener`. `PreRouting` is
typically used only when a policy needs to influence the routing
decision.
Even when using `PostRouting` mode, the policy can target the
`Gateway` or `Listener`. This is a helper for applying the policy to all
routes under that `Gateway` or `Listener`, and follows the merging logic
described above.
Note: `PreRouting` and `PostRouting` rules do not merge together. These
are independent execution phases. That is, all `PreRouting` rules will
merge and execute, then all `PostRouting` rules will merge and execute.
If unset, this defaults to `PostRouting`.
enum:
PostRouting, PreRoutingrateLimit object
Rate limiting configuration for the policy.
This limits the rate at which requests are processed.
conditional []object
Conditional policy execution. Set this or the top-level rateLimit fields.
The first matching policy will be executed.
A single policy may be provided without a condition set; if so, it must be the last policy and will be the fallback
in case no conditions are met.
minItems:
1maxItems:
16
condition
string
CEL expression that must evaluate to true for this policy to execute.
minLength:
1maxLength:
16384policy object required
Policy to apply when the condition matches.
global object
Global rate limiting policy using an external service.
backendRef object required
Rate limit server to reach.
Supported types: `Service` and `Backend`.
group
string
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
pattern:
^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$maxLength:
253
kind
string
Kind is the Kubernetes resource kind of the referent. For example
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
pattern:
^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$minLength:
1maxLength:
63
name
string required
Name is the name of the referent.
minLength:
1maxLength:
253
namespace
string
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
pattern:
^[a-z0-9]([-a-z0-9]*[a-z0-9])?$minLength:
1maxLength:
63
port
integer
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
format:
int32minimum:
1maximum:
65535descriptors []object required
Dimensions for rate limiting. These values are
passed to the rate limit service which applies configured limits based
on them. Each descriptor represents a single rate limit rule with one or
more entries.
minItems:
1maxItems:
16
cost
string
Common Expression Language (`CEL`) expression that determines
the cost of the request for this descriptor. If unset, `Requests` costs
default to 1, and `Tokens` costs default to the total token count.
`Tokens` cost are evaluated after the request has completed. For non-streaming requests, `request`, `llm`, and
`response` fields are all available; for streaming requests, `response` is not available (however, all LLM
attributes are in `llm`). For `Requests`, cost is computed during the request phase.
See https://agentgateway.dev/docs/standalone/latest/reference/cel/ for more info.
minLength:
1maxLength:
16384entries []object required
Individual components that make up this descriptor.
minItems:
1maxItems:
16
expression
string required
Common Expression Language (`CEL`) expression that
defines the value for the descriptor.
For example, to rate limit based on the Client IP: `source.address`.
See https://agentgateway.dev/docs/standalone/latest/reference/cel/ for more info.
minLength:
1maxLength:
16384
name
string required
Name of the descriptor.
minLength:
1maxLength:
64
unit
string
Cost unit. If unspecified,
`Requests` is used.
enum:
Requests, Tokens
domain
string required
Domain under which this limit should apply.
This is an arbitrary string that enables a rate limit server to distinguish between different applications.
minLength:
1maxLength:
256
failureMode
string
Behavior when the remote rate limit service is
unavailable or returns an error. `FailOpen` allows the request to continue.
`FailClosed` (default) denies the request.
enum:
FailClosed, FailOpenlocal []object
Local rate limiting policy.
minItems:
1maxItems:
16
burst
integer
Allowance of requests above the request-per-unit
that should be allowed within a short period of time.
format:
int32
requests
integer
Number of HTTP requests per unit of time that
are allowed. Requests exceeding this limit will fail with a `429`
error.
format:
int32minimum:
1
tokens
integer
Number of LLM tokens per unit of time that are
allowed. Requests exceeding this limit will fail with a `429` error.
Both input and output tokens are counted. However, token counts are not known until the request completes. As a
result, token-based rate limits will apply to future requests only.
format:
int32minimum:
1
unit
string required
Unit of time for the limit.
enum:
Hours, Minutes, Secondsglobal object
Global rate limiting policy using an external service.
backendRef object required
Rate limit server to reach.
Supported types: `Service` and `Backend`.
group
string
Group is the group of the referent. For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API group is inferred.
pattern:
^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$maxLength:
253
kind
string
Kind is the Kubernetes resource kind of the referent. For example
"Service".
Defaults to "Service" when not specified.
ExternalName services can refer to CNAME DNS records that may live
outside of the cluster and as such are difficult to reason about in
terms of conformance. They also may not be safe to forward to (see
CVE-2021-25740 for more information). Implementations SHOULD NOT
support ExternalName Services.
Support: Core (Services with a type other than ExternalName)
Support: Implementation-specific (Services with type ExternalName)
pattern:
^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$minLength:
1maxLength:
63
name
string required
Name is the name of the referent.
minLength:
1maxLength:
253
namespace
string
Namespace is the namespace of the backend. When unspecified, the local
namespace is inferred.
Note that when a namespace different than the local namespace is specified,
a ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
documentation for details.
Support: Core
pattern:
^[a-z0-9]([-a-z0-9]*[a-z0-9])?$minLength:
1maxLength:
63
port
integer
Port specifies the destination port number to use for this resource.
Port is required when the referent is a Kubernetes Service. In this
case, the port number is the service port number, not the target port.
For other resources, destination port might be derived from the referent
resource or this field.
format:
int32minimum:
1maximum:
65535descriptors []object required
Dimensions for rate limiting. These values are
passed to the rate limit service which applies configured limits based
on them. Each descriptor represents a single rate limit rule with one or
more entries.
minItems:
1maxItems:
16
cost
string
Common Expression Language (`CEL`) expression that determines
the cost of the request for this descriptor. If unset, `Requests` costs
default to 1, and `Tokens` costs default to the total token count.
`Tokens` cost are evaluated after the request has completed. For non-streaming requests, `request`, `llm`, and
`response` fields are all available; for streaming requests, `response` is not available (however, all LLM
attributes are in `llm`). For `Requests`, cost is computed during the request phase.
See https://agentgateway.dev/docs/standalone/latest/reference/cel/ for more info.
minLength:
1maxLength:
16384entries []object required
Individual components that make up this descriptor.
minItems:
1maxItems:
16
expression
string required
Common Expression Language (`CEL`) expression that
defines the value for the descriptor.
For example, to rate limit based on the Client IP: `source.address`.
See https://agentgateway.dev/docs/standalone/latest/reference/cel/ for more info.
minLength:
1maxLength:
16384
name
string required
Name of the descriptor.
minLength:
1maxLength:
64
unit
string
Cost unit. If unspecified,
`Requests` is used.
enum:
Requests, Tokens
domain
string required
Domain under which this limit should apply.
This is an arbitrary string that enables a rate limit server to distinguish between different applications.
minLength:
1maxLength:
256
failureMode
string
Behavior when the remote rate limit service is
unavailable or returns an error. `FailOpen` allows the request to continue.
`FailClosed` (default) denies the request.
enum:
FailClosed, FailOpenlocal []object
Local rate limiting policy.
minItems:
1maxItems:
16
burst
integer
Allowance of requests above the request-per-unit
that should be allowed within a short period of time.
format:
int32
requests
integer
Number of HTTP requests per unit of time that
are allowed. Requests exceeding this limit will fail with a `429`
error.
format:
int32minimum:
1
tokens
integer
Number of LLM tokens per unit of time that are
allowed. Requests exceeding this limit will fail with a `429` error.
Both input and output tokens are counted. However, token counts are not known until the request completes. As a
result, token-based rate limits will apply to future requests only.
format:
int32minimum:
1
unit
string required
Unit of time for the limit.
enum:
Hours, Minutes, Secondsretry object
Retry policy.
attempts
integer
Attempts specifies the maximum number of times an individual request
from the gateway to a backend should be retried.
If the maximum number of retries has been attempted without a successful
response from the backend, the Gateway MUST return an error.
When this field is unspecified, the number of times to attempt to retry
a backend request is implementation-specific.
Support: Extended
minimum:
1
backoff
string
Backoff specifies the minimum duration a Gateway should wait between
retry attempts and is represented in Gateway API Duration formatting.
For example, setting the `rules[].retry.backoff` field to the value
`100ms` will cause a backend request to first be retried approximately
100 milliseconds after timing out or receiving a response code configured
to be retriable.
An implementation MAY use an exponential or alternative backoff strategy
for subsequent retry attempts, MAY cap the maximum backoff duration to
some amount greater than the specified minimum, and MAY add arbitrary
jitter to stagger requests, as long as unsuccessful backend requests are
not retried before the configured minimum duration.
If a Request timeout (`rules[].timeouts.request`) is configured on the
route, the entire duration of the initial request and any retry attempts
MUST not exceed the Request timeout duration. If any retry attempts are
still in progress when the Request timeout duration has been reached,
these SHOULD be canceled if possible and the Gateway MUST immediately
return a timeout error.
If a BackendRequest timeout (`rules[].timeouts.backendRequest`) is
configured on the route, any retry attempts which reach the configured
BackendRequest timeout duration without a response SHOULD be canceled if
possible and the Gateway should wait for at least the specified backoff
duration before attempting to retry the backend request again.
If a BackendRequest timeout is _not_ configured on the route, retry
attempts MAY time out after an implementation default duration, or MAY
remain pending until a configured Request timeout or implementation
default duration for total request time is reached.
When this field is unspecified, the time to wait between retry attempts
is implementation-specific.
Support: Extended
pattern:
^([0-9]{1,5}(h|m|s|ms)){1,4}$
codes
[]integer
Codes defines the HTTP response status codes for which a backend request
should be retried.
Support: Extended
condition
string
`condition` is a CEL expression evaluated against each response to decide
whether to retry. A response is retried when its status code is in `codes` or
this expression evaluates to `true`.
minLength:
1maxLength:
16384
precondition
string
`precondition` is a CEL expression evaluated against the request before any
attempt is made. When it evaluates to `false`, retries are disabled and only
the initial attempt is made, for example `request.method == "GET"`.
Retrying requires buffering the request body in memory for replay, so this lets
us skip that cost when the request is known to be non-retriable (for example
streaming uploads or long-lived connections like websockets).
minLength:
1maxLength:
16384timeouts object
Request timeouts.
It is applicable to `HTTPRoute` resources and ignored for other targeted
kinds.
request
string
Timeout for an individual request from the gateway to a backend. This covers the time from when
the request first starts being sent from the gateway to when the full response has been received from the backend.
transformation object
Mutates and transforms requests and responses
before forwarding them to the destination.
conditional []object
Conditional policy execution. Set this or the top-level transformation fields.
The first matching policy will be executed.
A single policy may be provided without a condition set; if so, it must be the last policy and will be the fallback
in case no conditions are met.
minItems:
1maxItems:
16
condition
string
CEL expression that must evaluate to true for this policy to execute.
minLength:
1maxLength:
16384policy object required
Policy to apply when the condition matches.
request object
Request transformation settings.
add []object
Headers to add to the request and what each value
should be set to. If there is already a header with these values then
append the value as an extra entry.
minItems:
1maxItems:
16
name
string required
The name of the header to add.
pattern:
^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$minLength:
1maxLength:
256
value
string required
CEL expression that generates the output value for
the header.
minLength:
1maxLength:
16384
body
string
HTTP body transformation.
minLength:
1maxLength:
16384
metadata
object
Stores CEL-evaluated values under the `metadata` CEL variable
for subsequent policy evaluations. `metadata` is evaluated before header
or body transformations.
remove
[]string
Header names to remove from the request or
response.
minItems:
1maxItems:
16set []object
Headers to set and the values to use.
minItems:
1maxItems:
16
name
string required
The name of the header to add.
pattern:
^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$minLength:
1maxLength:
256
value
string required
CEL expression that generates the output value for
the header.
minLength:
1maxLength:
16384response object
Response transformation settings.
add []object
Headers to add to the request and what each value
should be set to. If there is already a header with these values then
append the value as an extra entry.
minItems:
1maxItems:
16
name
string required
The name of the header to add.
pattern:
^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$minLength:
1maxLength:
256
value
string required
CEL expression that generates the output value for
the header.
minLength:
1maxLength:
16384
body
string
HTTP body transformation.
minLength:
1maxLength:
16384
metadata
object
Stores CEL-evaluated values under the `metadata` CEL variable
for subsequent policy evaluations. `metadata` is evaluated before header
or body transformations.
remove
[]string
Header names to remove from the request or
response.
minItems:
1maxItems:
16set []object
Headers to set and the values to use.
minItems:
1maxItems:
16
name
string required
The name of the header to add.
pattern:
^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$minLength:
1maxLength:
256
value
string required
CEL expression that generates the output value for
the header.
minLength:
1maxLength:
16384request object
Request transformation settings.
add []object
Headers to add to the request and what each value
should be set to. If there is already a header with these values then
append the value as an extra entry.
minItems:
1maxItems:
16
name
string required
The name of the header to add.
pattern:
^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$minLength:
1maxLength:
256
value
string required
CEL expression that generates the output value for
the header.
minLength:
1maxLength:
16384
body
string
HTTP body transformation.
minLength:
1maxLength:
16384
metadata
object
Stores CEL-evaluated values under the `metadata` CEL variable
for subsequent policy evaluations. `metadata` is evaluated before header
or body transformations.
remove
[]string
Header names to remove from the request or
response.
minItems:
1maxItems:
16set []object
Headers to set and the values to use.
minItems:
1maxItems:
16
name
string required
The name of the header to add.
pattern:
^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$minLength:
1maxLength:
256
value
string required
CEL expression that generates the output value for
the header.
minLength:
1maxLength:
16384response object
Response transformation settings.
add []object
Headers to add to the request and what each value
should be set to. If there is already a header with these values then
append the value as an extra entry.
minItems:
1maxItems:
16
name
string required
The name of the header to add.
pattern:
^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$minLength:
1maxLength:
256
value
string required
CEL expression that generates the output value for
the header.
minLength:
1maxLength:
16384
body
string
HTTP body transformation.
minLength:
1maxLength:
16384
metadata
object
Stores CEL-evaluated values under the `metadata` CEL variable
for subsequent policy evaluations. `metadata` is evaluated before header
or body transformations.
remove
[]string
Header names to remove from the request or
response.
minItems:
1maxItems:
16set []object
Headers to set and the values to use.
minItems:
1maxItems:
16
name
string required
The name of the header to add.
pattern:
^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$minLength:
1maxLength:
256
value
string required
CEL expression that generates the output value for
the header.
minLength:
1maxLength:
16384status object
Current policy status.
ancestors []object required
Ancestors is a list of ancestor resources (usually Gateways) that are
associated with the policy, and the status of the policy with respect to
each ancestor. When this policy attaches to a parent, the controller that
manages the parent and the ancestors MUST add an entry to this list when
the controller first sees the policy and SHOULD update the entry as
appropriate when the relevant ancestor is modified.
Note that choosing the relevant ancestor is left to the Policy designers;
an important part of Policy design is designing the right object level at
which to namespace this status.
Note also that implementations MUST ONLY populate ancestor status for
the Ancestor resources they are responsible for. Implementations MUST
use the ControllerName field to uniquely identify the entries in this list
that they are responsible for.
Note that to achieve this, the list of PolicyAncestorStatus structs
MUST be treated as a map with a composite key, made up of the AncestorRef
and ControllerName fields combined.
A maximum of 16 ancestors will be represented in this list. An empty list
means the Policy is not relevant for any ancestors.
If this slice is full, implementations MUST NOT add further entries.
Instead they MUST consider the policy unimplementable and signal that
on any related resources such as the ancestor that would be referenced
here. For example, if this list was full on BackendTLSPolicy, no
additional Gateways would be able to reference the Service targeted by
the BackendTLSPolicy.
maxItems:
16ancestorRef object required
AncestorRef corresponds with a ParentRef in the spec that this
PolicyAncestorStatus struct describes the status of.
group
string
Group is the group of the referent.
When unspecified, "gateway.networking.k8s.io" is inferred.
To set the core API group (such as for a "Service" kind referent),
Group must be explicitly set to "" (empty string).
Support: Core
pattern:
^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$maxLength:
253
kind
string
Kind is kind of the referent.
There are two kinds of parent resources with "Core" support:
* Gateway (Gateway conformance profile)
* Service (Mesh conformance profile, ClusterIP Services only)
Support for other resources is Implementation-Specific.
pattern:
^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$minLength:
1maxLength:
63
name
string required
Name is the name of the referent.
Support: Core
minLength:
1maxLength:
253
namespace
string
Namespace is the namespace of the referent. When unspecified, this refers
to the local namespace of the Route.
Note that there are specific rules for ParentRefs which cross namespace
boundaries. Cross-namespace references are only valid if they are explicitly
allowed by something in the namespace they are referring to. For example:
Gateway has the AllowedRoutes field, and ReferenceGrant provides a
generic way to enable any other kind of cross-namespace reference.
<gateway:experimental:description>
ParentRefs from a Route to a Service in the same namespace are "producer"
routes, which apply default routing rules to inbound connections from
any namespace to the Service.
ParentRefs from a Route to a Service in a different namespace are
"consumer" routes, and these routing rules are only applied to outbound
connections originating from the same namespace as the Route, for which
the intended destination of the connections are a Service targeted as a
ParentRef of the Route.
</gateway:experimental:description>
Support: Core
pattern:
^[a-z0-9]([-a-z0-9]*[a-z0-9])?$minLength:
1maxLength:
63
port
integer
Port is the network port this Route targets. It can be interpreted
differently based on the type of parent resource.
When the parent resource is a Gateway, this targets all listeners
listening on the specified port that also support this kind of Route(and
select this Route). It's not recommended to set `Port` unless the
networking behaviors specified in a Route must apply to a specific port
as opposed to a listener(s) whose port(s) may be changed. When both Port
and SectionName are specified, the name and port of the selected listener
must match both specified values.
<gateway:experimental:description>
When the parent resource is a Service, this targets a specific port in the
Service spec. When both Port (experimental) and SectionName are specified,
the name and port of the selected port must match both specified values.
</gateway:experimental:description>
Implementations MAY choose to support other parent resources.
Implementations supporting other types of parent resources MUST clearly
document how/if Port is interpreted.
For the purpose of status, an attachment is considered successful as
long as the parent resource accepts it partially. For example, Gateway
listeners can restrict which Routes can attach to them by Route kind,
namespace, or hostname. If 1 of 2 Gateway listeners accept attachment
from the referencing Route, the Route MUST be considered successfully
attached. If no Gateway listeners accept attachment from this Route,
the Route MUST be considered detached from the Gateway.
Support: Extended
format:
int32minimum:
1maximum:
65535
sectionName
string
SectionName is the name of a section within the target resource. In the
following resources, SectionName is interpreted as the following:
* Gateway: Listener name. When both Port (experimental) and SectionName
are specified, the name and port of the selected listener must match
both specified values.
* Service: Port name. When both Port (experimental) and SectionName
are specified, the name and port of the selected listener must match
both specified values.
Implementations MAY choose to support attaching Routes to other resources.
If that is the case, they MUST clearly document how SectionName is
interpreted.
When unspecified (empty string), this will reference the entire resource.
For the purpose of status, an attachment is considered successful if at
least one section in the parent resource accepts it. For example, Gateway
listeners can restrict which Routes can attach to them by Route kind,
namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from
the referencing Route, the Route MUST be considered successfully
attached. If no Gateway listeners accept attachment from this Route, the
Route MUST be considered detached from the Gateway.
Support: Core
pattern:
^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$minLength:
1maxLength:
253conditions []object required
Conditions describes the status of the Policy with respect to the given Ancestor.
<gateway:util:excludeFromCRD>
Notes for implementors:
Conditions are a listType `map`, which means that they function like a
map with a key of the `type` field _in the k8s apiserver_.
This means that implementations must obey some rules when updating this
section.
* Implementations MUST perform a read-modify-write cycle on this field
before modifying it. That is, when modifying this field, implementations
must be confident they have fetched the most recent version of this field,
and ensure that changes they make are on that recent version.
* Implementations MUST NOT remove or reorder Conditions that they are not
directly responsible for. For example, if an implementation sees a Condition
with type `special.io/SomeField`, it MUST NOT remove, change or update that
Condition.
* Implementations MUST always _merge_ changes into Conditions of the same Type,
rather than creating more than one Condition of the same Type.
* Implementations MUST always update the `observedGeneration` field of the
Condition to the `metadata.generation` of the Gateway at the time of update creation.
* If the `observedGeneration` of a Condition is _greater than_ the value the
implementation knows about, then it MUST NOT perform the update on that Condition,
but must wait for a future reconciliation and status update. (The assumption is that
the implementation's copy of the object is stale and an update will be re-triggered
if relevant.)
</gateway:util:excludeFromCRD>
minItems:
1maxItems:
8
lastTransitionTime
string required
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format:
date-time
message
string required
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength:
32768
observedGeneration
integer
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format:
int64minimum:
0
reason
string required
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
pattern:
^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$minLength:
1maxLength:
1024
status
string required
status of the condition, one of True, False, Unknown.
enum:
True, False, Unknown
type
string required
type of condition in CamelCase or in foo.example.com/CamelCase.
pattern:
^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$maxLength:
316
controllerName
string required
ControllerName is a domain/path string that indicates the name of the
controller that wrote this status. This corresponds with the
controllerName field on GatewayClass.
Example: "example.net/gateway-controller".
The format of this field is DOMAIN "/" PATH, where DOMAIN and PATH are
valid Kubernetes names
(https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
Controllers MUST populate this field when writing status. Controllers should ensure that
entries to status populated with their ControllerName are cleaned up when they are no
longer necessary.
pattern:
^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$minLength:
1maxLength:
253No matches. Try .spec.backend for an exact path