Skip to search

AgentgatewayPolicy

agentgateway.dev / v1alpha1

apiVersion: agentgateway.dev/v1alpha1 kind: AgentgatewayPolicy metadata: name: example
View raw schema
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
metadata object
spec object required
Desired policy configuration.
backend object
Settings for how to connect to destination backends. A backend policy can target a `Gateway` (optionally, with a `sectionName` indicating the listener), `ListenerSet`, `Route` (optionally, with a `sectionName` indicating the route rule), or a `Service` or `Backend` (optionally, with a `sectionName` indicating the port for `Service`, or sub-backend for `Backend`). Note that a backend policy applies when connecting to a specific destination backend. Targeting a higher level resource, like `Gateway`, is just a way to easily apply a policy to a group of backends. When multiple policies are selected for a given request, they are merged on a field-level basis, but not a deep merge. Precedence is given to more precise policies: `Gateway` < `Listener` < `Route` < `Route Rule` < `Backend` or `Service`. For example, if a `Gateway` policy sets `tcp` and `tls`, and a `Backend` policy sets `tls`, the effective policy would be `tcp` from the `Gateway`, and `tls` from the `Backend`.
ai object
Settings for AI workloads. This is only applicable when connecting to a `Backend` of type `ai`.
defaults []object
Defaults to merge with user input fields. If the field is already set, the field in the request is used.
minItems: 1
maxItems: 64
field string required
Name of the field.
maxLength: 256
value object required
Default value for the field. This can be any JSON data type.
modelAliases object
Maps friendly model names to actual provider model names. Example: `{"fast": "gpt-3.5-turbo", "smart": "gpt-4-turbo"}`. Note: This field is only applicable when using the agentgateway data plane.
overrides []object
Overrides to merge with user input fields. If the field is already set, the field is overwritten.
minItems: 1
maxItems: 64
field string required
Name of the field.
maxLength: 256
value object required
Default value for the field. This can be any JSON data type.
prompt object
Enriches requests sent to the LLM provider by appending and prepending system prompts. This can be configured only for LLM providers that use the `CHAT` or `CHAT_STREAMING` API route type.
append []object
Messages to append to the prompt sent by the client.
content string required
String content of the message.
role string required
Role of the message. The available roles depend on the backend LLM provider model, such as `SYSTEM` or `USER` in the OpenAI API.
prepend []object
Messages to prepend to the prompt sent by the client.
content string required
String content of the message.
role string required
Role of the message. The available roles depend on the backend LLM provider model, such as `SYSTEM` or `USER` in the OpenAI API.
promptCaching object
Automatic prompt caching for supported providers, currently AWS Bedrock. Reduces API costs by caching static content like system prompts and tool definitions. Only applicable for Bedrock Claude 3+ and Nova models.
cacheMessageOffset integer
Shifts the message cache point further back in the conversation. 0 (default) places it at the second-to-last message. Higher values move it N additional messages towards the start, clamped to bounds.
minimum: 0
cacheMessages boolean
Enables caching for conversation messages. Caches all messages in the conversation for cost savings.
cacheSystem boolean
Enables caching for system prompts. Inserts a cache point after all system messages.
cacheTools boolean
Enables caching for tool definitions. Inserts a cache point after all tool specifications.
minTokens integer
Minimum estimated token count before caching is enabled. Uses rough heuristic (word count × 1.3) to estimate tokens. Bedrock requires at least 1,024 tokens for caching to be effective.
minimum: 0
promptGuard object
Guardrails for LLM requests and responses.
request []object
Prompt guards to apply to requests sent by the client.
minItems: 1
maxItems: 8
bedrockGuardrails object
AWS Bedrock Guardrails settings for prompt guarding.
identifier string required
Identifier of the Guardrail policy to use for the backend.
minLength: 1
maxLength: 256
policies object
Policies for communicating with AWS Bedrock Guardrails.
auth object
Settings for managing authentication to the backend.
aws object
Explicit AWS authentication method for the backend. When omitted, default AWS SDK credential discovery is used.
assumeRole object
AWS STS AssumeRole settings to use before signing backend requests. Ambient AWS credentials are used as the source credentials for STS.
roleArn string required
AWS IAM role ARN to assume.
pattern: ^arn:aws[a-z-]*:iam::[0-9]{12}:role/.+$
minLength: 1
secretRef object
Credential source, defaulting to a Kubernetes `Secret`, containing the AWS credentials. When using the default Secret resolver, the `Secret` must have keys `accessKey`, `secretKey`, and optionally `sessionToken`.
group string
The API group of the referenced credential. Empty selects the core API group.
kind string
The kind of the referenced credential. Empty defaults to `Secret`.
name string required
The name of the referenced credential.
minLength: 1
maxLength: 253
serviceName string
AWS SigV4 signing service name, for example `bedrock`, `bedrock-agentcore`, or `execute-api`). If unset, typed AWS backends may provide this automatically.
minLength: 1
maxLength: 256
azure object
Azure authentication method for the backend.
managedIdentity object
Managed identity authentication settings.
clientId string required
objectId string required
resourceId string required
secretRef object
Credential source, defaulting to a Kubernetes `Secret`, containing the Azure credentials. When using the default Secret resolver, the `Secret` must have keys `clientID`, `tenantID`, and `clientSecret`.
group string
The API group of the referenced credential. Empty selects the core API group.
kind string
The kind of the referenced credential. Empty defaults to `Secret`.
name string required
The name of the referenced credential.
minLength: 1
maxLength: 253
gcp object
Google authentication method for the backend. When omitted, default Google credential discovery is used.
audience string
Explicit `aud` value for the ID token. Only valid with `IdToken` type. If not set, the `aud` is automatically derived from the backend hostname.
minLength: 1
maxLength: 256
secretRef object
Credential source, defaulting to a Kubernetes `Secret`, containing ADC-compatible Google credential JSON. When using the default Secret resolver, this must be stored in the `credentials.json` key. When omitted, ambient credentials are used.
group string
The API group of the referenced credential. Empty selects the core API group.
kind string
The kind of the referenced credential. Empty defaults to `Secret`.
name string required
The name of the referenced credential.
minLength: 1
maxLength: 253
type string
The type of token to generate. To authenticate to GCP services, generally an `AccessToken` is used. To authenticate to Cloud Run, an `IdToken` is used.
enum: AccessToken, IdToken
key string
Inline key to use as the value of the `Authorization` header. This option is the least secure; usage of a `Secret` is preferred.
maxLength: 2048
location object
Where backend credentials are inserted. If omitted, credentials are written to the `Authorization` header with the `Bearer ` prefix. This applies to `key`, `secretRef`, and `passthrough`.
cookie object
name string required
minLength: 1
maxLength: 256
header object
name string required
HTTPHeaderName is the name of an HTTP header. Valid values include: * "Authorization" * "Set-Cookie" Invalid values include: - ":method" - ":" is an invalid character. This means that HTTP/2 pseudo headers are not currently supported by this type. - "/invalid" - "/ " is an invalid character
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
minLength: 1
maxLength: 256
prefix string
minLength: 1
maxLength: 256
queryParameter object
name string required
minLength: 1
maxLength: 256
passthrough object
Passes through an existing token that has been sent by the client and validated. Other policies, like JWT and API key authentication, will strip the original client credentials. Passthrough backend authentication causes the original token to be added back into the request. If there are no client authentication policies on the request, the original token would be unchanged, so this would have no effect.
secretRef object
Credential source, defaulting to a Kubernetes `Secret`, storing the key to use as the authorization value. When using the default Secret resolver, this must be stored in the `Authorization` key.
group string
The API group of the referenced credential. Empty selects the core API group.
kind string
The kind of the referenced credential. Empty defaults to `Secret`.
name string required
The name of the referenced credential.
minLength: 1
maxLength: 253
http object
Settings for managing HTTP requests to the backend.
requestTimeout string
Deadline for receiving a response from the backend.
version string
HTTP protocol version to use when connecting to the backend. If not specified, the version is automatically determined: * `Service` types can specify it with `appProtocol` on the `Service` port. * If traffic is identified as gRPC, `HTTP2` is used. * If the incoming traffic was plaintext HTTP, the original protocol will be used. * If the incoming traffic was HTTPS, `HTTP1` will be used. This is because most clients will transparently upgrade HTTPS traffic to `HTTP2`, even if the backend doesn't support it.
enum: HTTP1, HTTP2
tcp object
Settings for managing TCP connections to the backend.
connectTimeout string
Deadline for establishing a connection to the destination.
keepalive object
Settings for enabling TCP keepalives on the connection.
interval string
Time between keepalive probes. If unset, this defaults to 180s.
retries integer
Maximum number of keepalive probes to send before dropping the connection. If unset, this defaults to 9.
format: int32
minimum: 1
maximum: 64
time string
Time a connection needs to be idle before keepalive probes start being sent. If unset, this defaults to 180s.
tls object
Settings for managing TLS connections to the backend. If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to validate the server, and the SNI will automatically be set based on the destination.
alpnProtocols []string
Application-Layer Protocol Negotiation (`ALPN`) value to use in the TLS handshake. If not present, defaults to `["h2", "http/1.1"]`.
minItems: 1
maxItems: 16
caCertificateRefs []object
CA certificate `ConfigMap` to use to verify the server certificate. If unset, the system's trusted certificates are used.
maxItems: 1
name string
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
insecureSkipVerify string
Originates TLS but skips verification of the backend's certificate. WARNING: This is an insecure option that should only be used if the risks are understood. There are two modes: * `All` disables all TLS verification. * `Hostname` verifies the CA certificate is trusted, but ignores any mismatch of hostname or SANs. Note that this method is still insecure; prefer setting `verifySubjectAltNames` to customize the valid hostnames if possible.
enum: All, Hostname
keyExchangeGroups []string
Ordered list of key exchange groups for a TLS connection. For example: `X25519_MLKEM768,X25519`.
mtlsCertificateRef []object
Enables mutual TLS to the backend, using the specified key (`tls.key`) and cert (`tls.crt`) from the referenced credential source, defaulting to a Kubernetes `Secret`. An optional `ca.cert` field, if present, will be used to verify the server certificate. If `caCertificateRefs` is also specified, the `caCertificateRefs` field takes priority. If unspecified, no client certificate will be used.
maxItems: 1
group string
The API group of the referenced credential. Empty selects the core API group.
kind string
The kind of the referenced credential. Empty defaults to `Secret`.
name string required
The name of the referenced credential.
minLength: 1
maxLength: 253
sni string
Server Name Indicator (`SNI`) to use in the TLS handshake. If unset, the `SNI` is automatically set based on the destination hostname.
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
minLength: 1
maxLength: 253
verifySubjectAltNames []string
Subject Alternative Names (`SAN`) to verify in the server certificate. If not present, the destination hostname is automatically used.
minItems: 1
maxItems: 16
tunnel object
Settings for managing tunnel connections, with behavior like `HTTPS_PROXY`, to the backend.
backendRef object required
Proxy server to reach. Supported types: `Service` and `Backend`.
group string
Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred.
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
maxLength: 253
kind string
Kind is the Kubernetes resource kind of the referent. For example "Service". Defaults to "Service" when not specified. ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. Support: Core (Services with a type other than ExternalName) Support: Implementation-specific (Services with type ExternalName)
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
minLength: 1
maxLength: 63
name string required
Name is the name of the referent.
minLength: 1
maxLength: 253
namespace string
Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. Support: Core
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
minLength: 1
maxLength: 63
port integer
Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field.
format: int32
minimum: 1
maximum: 65535
region string required
AWS region where the guardrail is deployed, for example `us-west-2`).
minLength: 1
maxLength: 256
version string required
Version of the Guardrail policy to use for the backend.
minLength: 1
maxLength: 256
googleModelArmor object
Google Model Armor settings for prompt guarding.
location string
Google Cloud location, for example `us-central1`. Defaults to `us-central1` if not specified.
minLength: 1
maxLength: 256
policies object
Policies for communicating with Google Model Armor.
auth object
Settings for managing authentication to the backend.
aws object
Explicit AWS authentication method for the backend. When omitted, default AWS SDK credential discovery is used.
assumeRole object
AWS STS AssumeRole settings to use before signing backend requests. Ambient AWS credentials are used as the source credentials for STS.
roleArn string required
AWS IAM role ARN to assume.
pattern: ^arn:aws[a-z-]*:iam::[0-9]{12}:role/.+$
minLength: 1
secretRef object
Credential source, defaulting to a Kubernetes `Secret`, containing the AWS credentials. When using the default Secret resolver, the `Secret` must have keys `accessKey`, `secretKey`, and optionally `sessionToken`.
group string
The API group of the referenced credential. Empty selects the core API group.
kind string
The kind of the referenced credential. Empty defaults to `Secret`.
name string required
The name of the referenced credential.
minLength: 1
maxLength: 253
serviceName string
AWS SigV4 signing service name, for example `bedrock`, `bedrock-agentcore`, or `execute-api`). If unset, typed AWS backends may provide this automatically.
minLength: 1
maxLength: 256
azure object
Azure authentication method for the backend.
managedIdentity object
Managed identity authentication settings.
clientId string required
objectId string required
resourceId string required
secretRef object
Credential source, defaulting to a Kubernetes `Secret`, containing the Azure credentials. When using the default Secret resolver, the `Secret` must have keys `clientID`, `tenantID`, and `clientSecret`.
group string
The API group of the referenced credential. Empty selects the core API group.
kind string
The kind of the referenced credential. Empty defaults to `Secret`.
name string required
The name of the referenced credential.
minLength: 1
maxLength: 253
gcp object
Google authentication method for the backend. When omitted, default Google credential discovery is used.
audience string
Explicit `aud` value for the ID token. Only valid with `IdToken` type. If not set, the `aud` is automatically derived from the backend hostname.
minLength: 1
maxLength: 256
secretRef object
Credential source, defaulting to a Kubernetes `Secret`, containing ADC-compatible Google credential JSON. When using the default Secret resolver, this must be stored in the `credentials.json` key. When omitted, ambient credentials are used.
group string
The API group of the referenced credential. Empty selects the core API group.
kind string
The kind of the referenced credential. Empty defaults to `Secret`.
name string required
The name of the referenced credential.
minLength: 1
maxLength: 253
type string
The type of token to generate. To authenticate to GCP services, generally an `AccessToken` is used. To authenticate to Cloud Run, an `IdToken` is used.
enum: AccessToken, IdToken
key string
Inline key to use as the value of the `Authorization` header. This option is the least secure; usage of a `Secret` is preferred.
maxLength: 2048
location object
Where backend credentials are inserted. If omitted, credentials are written to the `Authorization` header with the `Bearer ` prefix. This applies to `key`, `secretRef`, and `passthrough`.
cookie object
name string required
minLength: 1
maxLength: 256
header object
name string required
HTTPHeaderName is the name of an HTTP header. Valid values include: * "Authorization" * "Set-Cookie" Invalid values include: - ":method" - ":" is an invalid character. This means that HTTP/2 pseudo headers are not currently supported by this type. - "/invalid" - "/ " is an invalid character
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
minLength: 1
maxLength: 256
prefix string
minLength: 1
maxLength: 256
queryParameter object
name string required
minLength: 1
maxLength: 256
passthrough object
Passes through an existing token that has been sent by the client and validated. Other policies, like JWT and API key authentication, will strip the original client credentials. Passthrough backend authentication causes the original token to be added back into the request. If there are no client authentication policies on the request, the original token would be unchanged, so this would have no effect.
secretRef object
Credential source, defaulting to a Kubernetes `Secret`, storing the key to use as the authorization value. When using the default Secret resolver, this must be stored in the `Authorization` key.
group string
The API group of the referenced credential. Empty selects the core API group.
kind string
The kind of the referenced credential. Empty defaults to `Secret`.
name string required
The name of the referenced credential.
minLength: 1
maxLength: 253
http object
Settings for managing HTTP requests to the backend.
requestTimeout string
Deadline for receiving a response from the backend.
version string
HTTP protocol version to use when connecting to the backend. If not specified, the version is automatically determined: * `Service` types can specify it with `appProtocol` on the `Service` port. * If traffic is identified as gRPC, `HTTP2` is used. * If the incoming traffic was plaintext HTTP, the original protocol will be used. * If the incoming traffic was HTTPS, `HTTP1` will be used. This is because most clients will transparently upgrade HTTPS traffic to `HTTP2`, even if the backend doesn't support it.
enum: HTTP1, HTTP2
tcp object
Settings for managing TCP connections to the backend.
connectTimeout string
Deadline for establishing a connection to the destination.
keepalive object
Settings for enabling TCP keepalives on the connection.
interval string
Time between keepalive probes. If unset, this defaults to 180s.
retries integer
Maximum number of keepalive probes to send before dropping the connection. If unset, this defaults to 9.
format: int32
minimum: 1
maximum: 64
time string
Time a connection needs to be idle before keepalive probes start being sent. If unset, this defaults to 180s.
tls object
Settings for managing TLS connections to the backend. If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to validate the server, and the SNI will automatically be set based on the destination.
alpnProtocols []string
Application-Layer Protocol Negotiation (`ALPN`) value to use in the TLS handshake. If not present, defaults to `["h2", "http/1.1"]`.
minItems: 1
maxItems: 16
caCertificateRefs []object
CA certificate `ConfigMap` to use to verify the server certificate. If unset, the system's trusted certificates are used.
maxItems: 1
name string
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
insecureSkipVerify string
Originates TLS but skips verification of the backend's certificate. WARNING: This is an insecure option that should only be used if the risks are understood. There are two modes: * `All` disables all TLS verification. * `Hostname` verifies the CA certificate is trusted, but ignores any mismatch of hostname or SANs. Note that this method is still insecure; prefer setting `verifySubjectAltNames` to customize the valid hostnames if possible.
enum: All, Hostname
keyExchangeGroups []string
Ordered list of key exchange groups for a TLS connection. For example: `X25519_MLKEM768,X25519`.
mtlsCertificateRef []object
Enables mutual TLS to the backend, using the specified key (`tls.key`) and cert (`tls.crt`) from the referenced credential source, defaulting to a Kubernetes `Secret`. An optional `ca.cert` field, if present, will be used to verify the server certificate. If `caCertificateRefs` is also specified, the `caCertificateRefs` field takes priority. If unspecified, no client certificate will be used.
maxItems: 1
group string
The API group of the referenced credential. Empty selects the core API group.
kind string
The kind of the referenced credential. Empty defaults to `Secret`.
name string required
The name of the referenced credential.
minLength: 1
maxLength: 253
sni string
Server Name Indicator (`SNI`) to use in the TLS handshake. If unset, the `SNI` is automatically set based on the destination hostname.
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
minLength: 1
maxLength: 253
verifySubjectAltNames []string
Subject Alternative Names (`SAN`) to verify in the server certificate. If not present, the destination hostname is automatically used.
minItems: 1
maxItems: 16
tunnel object
Settings for managing tunnel connections, with behavior like `HTTPS_PROXY`, to the backend.
backendRef object required
Proxy server to reach. Supported types: `Service` and `Backend`.
group string
Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred.
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
maxLength: 253
kind string
Kind is the Kubernetes resource kind of the referent. For example "Service". Defaults to "Service" when not specified. ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. Support: Core (Services with a type other than ExternalName) Support: Implementation-specific (Services with type ExternalName)
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
minLength: 1
maxLength: 63
name string required
Name is the name of the referent.
minLength: 1
maxLength: 253
namespace string
Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. Support: Core
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
minLength: 1
maxLength: 63
port integer
Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field.
format: int32
minimum: 1
maximum: 65535
projectId string required
Google Cloud project ID.
minLength: 1
maxLength: 256
templateId string required
Template ID for Google Model Armor.
minLength: 1
maxLength: 256
openAIModeration object
Passes prompt data through the OpenAI Moderations endpoint. See https://developers.openai.com/api/reference/resources/moderations for more information.
model string
Moderation model to use. For example, `omni-moderation`.
policies object
Policies for communicating with OpenAI.
auth object
Settings for managing authentication to the backend.
aws object
Explicit AWS authentication method for the backend. When omitted, default AWS SDK credential discovery is used.
assumeRole object
AWS STS AssumeRole settings to use before signing backend requests. Ambient AWS credentials are used as the source credentials for STS.
roleArn string required
AWS IAM role ARN to assume.
pattern: ^arn:aws[a-z-]*:iam::[0-9]{12}:role/.+$
minLength: 1
secretRef object
Credential source, defaulting to a Kubernetes `Secret`, containing the AWS credentials. When using the default Secret resolver, the `Secret` must have keys `accessKey`, `secretKey`, and optionally `sessionToken`.
group string
The API group of the referenced credential. Empty selects the core API group.
kind string
The kind of the referenced credential. Empty defaults to `Secret`.
name string required
The name of the referenced credential.
minLength: 1
maxLength: 253
serviceName string
AWS SigV4 signing service name, for example `bedrock`, `bedrock-agentcore`, or `execute-api`). If unset, typed AWS backends may provide this automatically.
minLength: 1
maxLength: 256
azure object
Azure authentication method for the backend.
managedIdentity object
Managed identity authentication settings.
clientId string required
objectId string required
resourceId string required
secretRef object
Credential source, defaulting to a Kubernetes `Secret`, containing the Azure credentials. When using the default Secret resolver, the `Secret` must have keys `clientID`, `tenantID`, and `clientSecret`.
group string
The API group of the referenced credential. Empty selects the core API group.
kind string
The kind of the referenced credential. Empty defaults to `Secret`.
name string required
The name of the referenced credential.
minLength: 1
maxLength: 253
gcp object
Google authentication method for the backend. When omitted, default Google credential discovery is used.
audience string
Explicit `aud` value for the ID token. Only valid with `IdToken` type. If not set, the `aud` is automatically derived from the backend hostname.
minLength: 1
maxLength: 256
secretRef object
Credential source, defaulting to a Kubernetes `Secret`, containing ADC-compatible Google credential JSON. When using the default Secret resolver, this must be stored in the `credentials.json` key. When omitted, ambient credentials are used.
group string
The API group of the referenced credential. Empty selects the core API group.
kind string
The kind of the referenced credential. Empty defaults to `Secret`.
name string required
The name of the referenced credential.
minLength: 1
maxLength: 253
type string
The type of token to generate. To authenticate to GCP services, generally an `AccessToken` is used. To authenticate to Cloud Run, an `IdToken` is used.
enum: AccessToken, IdToken
key string
Inline key to use as the value of the `Authorization` header. This option is the least secure; usage of a `Secret` is preferred.
maxLength: 2048
location object
Where backend credentials are inserted. If omitted, credentials are written to the `Authorization` header with the `Bearer ` prefix. This applies to `key`, `secretRef`, and `passthrough`.
cookie object
name string required
minLength: 1
maxLength: 256
header object
name string required
HTTPHeaderName is the name of an HTTP header. Valid values include: * "Authorization" * "Set-Cookie" Invalid values include: - ":method" - ":" is an invalid character. This means that HTTP/2 pseudo headers are not currently supported by this type. - "/invalid" - "/ " is an invalid character
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
minLength: 1
maxLength: 256
prefix string
minLength: 1
maxLength: 256
queryParameter object
name string required
minLength: 1
maxLength: 256
passthrough object
Passes through an existing token that has been sent by the client and validated. Other policies, like JWT and API key authentication, will strip the original client credentials. Passthrough backend authentication causes the original token to be added back into the request. If there are no client authentication policies on the request, the original token would be unchanged, so this would have no effect.
secretRef object
Credential source, defaulting to a Kubernetes `Secret`, storing the key to use as the authorization value. When using the default Secret resolver, this must be stored in the `Authorization` key.
group string
The API group of the referenced credential. Empty selects the core API group.
kind string
The kind of the referenced credential. Empty defaults to `Secret`.
name string required
The name of the referenced credential.
minLength: 1
maxLength: 253
http object
Settings for managing HTTP requests to the backend.
requestTimeout string
Deadline for receiving a response from the backend.
version string
HTTP protocol version to use when connecting to the backend. If not specified, the version is automatically determined: * `Service` types can specify it with `appProtocol` on the `Service` port. * If traffic is identified as gRPC, `HTTP2` is used. * If the incoming traffic was plaintext HTTP, the original protocol will be used. * If the incoming traffic was HTTPS, `HTTP1` will be used. This is because most clients will transparently upgrade HTTPS traffic to `HTTP2`, even if the backend doesn't support it.
enum: HTTP1, HTTP2
tcp object
Settings for managing TCP connections to the backend.
connectTimeout string
Deadline for establishing a connection to the destination.
keepalive object
Settings for enabling TCP keepalives on the connection.
interval string
Time between keepalive probes. If unset, this defaults to 180s.
retries integer
Maximum number of keepalive probes to send before dropping the connection. If unset, this defaults to 9.
format: int32
minimum: 1
maximum: 64
time string
Time a connection needs to be idle before keepalive probes start being sent. If unset, this defaults to 180s.
tls object
Settings for managing TLS connections to the backend. If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to validate the server, and the SNI will automatically be set based on the destination.
alpnProtocols []string
Application-Layer Protocol Negotiation (`ALPN`) value to use in the TLS handshake. If not present, defaults to `["h2", "http/1.1"]`.
minItems: 1
maxItems: 16
caCertificateRefs []object
CA certificate `ConfigMap` to use to verify the server certificate. If unset, the system's trusted certificates are used.
maxItems: 1
name string
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
insecureSkipVerify string
Originates TLS but skips verification of the backend's certificate. WARNING: This is an insecure option that should only be used if the risks are understood. There are two modes: * `All` disables all TLS verification. * `Hostname` verifies the CA certificate is trusted, but ignores any mismatch of hostname or SANs. Note that this method is still insecure; prefer setting `verifySubjectAltNames` to customize the valid hostnames if possible.
enum: All, Hostname
keyExchangeGroups []string
Ordered list of key exchange groups for a TLS connection. For example: `X25519_MLKEM768,X25519`.
mtlsCertificateRef []object
Enables mutual TLS to the backend, using the specified key (`tls.key`) and cert (`tls.crt`) from the referenced credential source, defaulting to a Kubernetes `Secret`. An optional `ca.cert` field, if present, will be used to verify the server certificate. If `caCertificateRefs` is also specified, the `caCertificateRefs` field takes priority. If unspecified, no client certificate will be used.
maxItems: 1
group string
The API group of the referenced credential. Empty selects the core API group.
kind string
The kind of the referenced credential. Empty defaults to `Secret`.
name string required
The name of the referenced credential.
minLength: 1
maxLength: 253
sni string
Server Name Indicator (`SNI`) to use in the TLS handshake. If unset, the `SNI` is automatically set based on the destination hostname.
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
minLength: 1
maxLength: 253
verifySubjectAltNames []string
Subject Alternative Names (`SAN`) to verify in the server certificate. If not present, the destination hostname is automatically used.
minItems: 1
maxItems: 16
tunnel object
Settings for managing tunnel connections, with behavior like `HTTPS_PROXY`, to the backend.
backendRef object required
Proxy server to reach. Supported types: `Service` and `Backend`.
group string
Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred.
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
maxLength: 253
kind string
Kind is the Kubernetes resource kind of the referent. For example "Service". Defaults to "Service" when not specified. ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. Support: Core (Services with a type other than ExternalName) Support: Implementation-specific (Services with type ExternalName)
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
minLength: 1
maxLength: 63
name string required
Name is the name of the referent.
minLength: 1
maxLength: 253
namespace string
Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. Support: Core
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
minLength: 1
maxLength: 63
port integer
Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field.
format: int32
minimum: 1
maximum: 65535
regex object
Regular expression (regex) matching for prompt guards and data masking.
action string
The action to take if a regex pattern is matched in a request or response. This setting applies only to request matches. `PromptguardResponse` matches are always masked by default. Defaults to `Mask`.
enum: Mask, Reject
builtins []string
Built-in regex patterns to match against the request or response. Matches and built-ins are additive.
matches []string
Regex patterns to match against the request or response. Matches and built-ins are additive.
response object
Custom response message to return to the client. If not specified, defaults to `The request was rejected due to inappropriate content`.
message string
Custom response message to return to the client. If not specified, defaults to `The request was rejected due to inappropriate content`.
statusCode integer
Status code to return to the client. Defaults to 403.
format: int32
minimum: 200
maximum: 599
webhook object
Webhook that receives requests for prompt guarding.
backendRef object required
Webhook server to reach. Supported types: Service and Backend.
group string
Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred.
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
maxLength: 253
kind string
Kind is the Kubernetes resource kind of the referent. For example "Service". Defaults to "Service" when not specified. ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. Support: Core (Services with a type other than ExternalName) Support: Implementation-specific (Services with type ExternalName)
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
minLength: 1
maxLength: 63
name string required
Name is the name of the referent.
minLength: 1
maxLength: 253
namespace string
Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. Support: Core
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
minLength: 1
maxLength: 63
port integer
Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field.
format: int32
minimum: 1
maximum: 65535
failureMode string
Behavior when the webhook guardrail is unavailable or returns an error. `FailOpen` allows the request to continue. `FailClosed` (default) rejects the request.
enum: FailClosed, FailOpen
forwardHeaderMatches []object
HTTP header matches used to select the headers to forward to the webhook. Request headers are used when forwarding requests and response headers are used when forwarding responses. By default, no headers are forwarded.
name string required
Name is the name of the HTTP Header to be matched. Name matching MUST be case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). If multiple entries specify equivalent header names, only the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, "foo" and "Foo" are considered equivalent. When a header is repeated in an HTTP request, it is implementation-specific behavior as to how this is represented. Generally, proxies should follow the guidance from the RFC: https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding processing a repeated header, with special handling for "Set-Cookie".
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
minLength: 1
maxLength: 256
type string
Type specifies how to match against the value of the header. Support: Core (Exact) Support: Implementation-specific (RegularExpression) Since RegularExpression HeaderMatchType has implementation-specific conformance, implementations can support POSIX, PCRE or any other dialects of regular expressions. Please read the implementation's documentation to determine the supported dialect.
enum: Exact, RegularExpression
value string required
Value is the value of HTTP Header to be matched. <gateway:experimental:description> Must consist of printable US-ASCII characters, optionally separated by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2 </gateway:experimental:description> <gateway:experimental:validation:Pattern=`^[!-~]+([\t ]?[!-~]+)*$`>
minLength: 1
maxLength: 4096
response []object
Prompt guards to apply to responses returned by the LLM provider.
minItems: 1
maxItems: 8
bedrockGuardrails object
AWS Bedrock Guardrails settings for prompt guarding.
identifier string required
Identifier of the Guardrail policy to use for the backend.
minLength: 1
maxLength: 256
policies object
Policies for communicating with AWS Bedrock Guardrails.
auth object
Settings for managing authentication to the backend.
aws object
Explicit AWS authentication method for the backend. When omitted, default AWS SDK credential discovery is used.
assumeRole object
AWS STS AssumeRole settings to use before signing backend requests. Ambient AWS credentials are used as the source credentials for STS.
roleArn string required
AWS IAM role ARN to assume.
pattern: ^arn:aws[a-z-]*:iam::[0-9]{12}:role/.+$
minLength: 1
secretRef object
Credential source, defaulting to a Kubernetes `Secret`, containing the AWS credentials. When using the default Secret resolver, the `Secret` must have keys `accessKey`, `secretKey`, and optionally `sessionToken`.
group string
The API group of the referenced credential. Empty selects the core API group.
kind string
The kind of the referenced credential. Empty defaults to `Secret`.
name string required
The name of the referenced credential.
minLength: 1
maxLength: 253
serviceName string
AWS SigV4 signing service name, for example `bedrock`, `bedrock-agentcore`, or `execute-api`). If unset, typed AWS backends may provide this automatically.
minLength: 1
maxLength: 256
azure object
Azure authentication method for the backend.
managedIdentity object
Managed identity authentication settings.
clientId string required
objectId string required
resourceId string required
secretRef object
Credential source, defaulting to a Kubernetes `Secret`, containing the Azure credentials. When using the default Secret resolver, the `Secret` must have keys `clientID`, `tenantID`, and `clientSecret`.
group string
The API group of the referenced credential. Empty selects the core API group.
kind string
The kind of the referenced credential. Empty defaults to `Secret`.
name string required
The name of the referenced credential.
minLength: 1
maxLength: 253
gcp object
Google authentication method for the backend. When omitted, default Google credential discovery is used.
audience string
Explicit `aud` value for the ID token. Only valid with `IdToken` type. If not set, the `aud` is automatically derived from the backend hostname.
minLength: 1
maxLength: 256
secretRef object
Credential source, defaulting to a Kubernetes `Secret`, containing ADC-compatible Google credential JSON. When using the default Secret resolver, this must be stored in the `credentials.json` key. When omitted, ambient credentials are used.
group string
The API group of the referenced credential. Empty selects the core API group.
kind string
The kind of the referenced credential. Empty defaults to `Secret`.
name string required
The name of the referenced credential.
minLength: 1
maxLength: 253
type string
The type of token to generate. To authenticate to GCP services, generally an `AccessToken` is used. To authenticate to Cloud Run, an `IdToken` is used.
enum: AccessToken, IdToken
key string
Inline key to use as the value of the `Authorization` header. This option is the least secure; usage of a `Secret` is preferred.
maxLength: 2048
location object
Where backend credentials are inserted. If omitted, credentials are written to the `Authorization` header with the `Bearer ` prefix. This applies to `key`, `secretRef`, and `passthrough`.
cookie object
name string required
minLength: 1
maxLength: 256
header object
name string required
HTTPHeaderName is the name of an HTTP header. Valid values include: * "Authorization" * "Set-Cookie" Invalid values include: - ":method" - ":" is an invalid character. This means that HTTP/2 pseudo headers are not currently supported by this type. - "/invalid" - "/ " is an invalid character
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
minLength: 1
maxLength: 256
prefix string
minLength: 1
maxLength: 256
queryParameter object
name string required
minLength: 1
maxLength: 256
passthrough object
Passes through an existing token that has been sent by the client and validated. Other policies, like JWT and API key authentication, will strip the original client credentials. Passthrough backend authentication causes the original token to be added back into the request. If there are no client authentication policies on the request, the original token would be unchanged, so this would have no effect.
secretRef object
Credential source, defaulting to a Kubernetes `Secret`, storing the key to use as the authorization value. When using the default Secret resolver, this must be stored in the `Authorization` key.
group string
The API group of the referenced credential. Empty selects the core API group.
kind string
The kind of the referenced credential. Empty defaults to `Secret`.
name string required
The name of the referenced credential.
minLength: 1
maxLength: 253
http object
Settings for managing HTTP requests to the backend.
requestTimeout string
Deadline for receiving a response from the backend.
version string
HTTP protocol version to use when connecting to the backend. If not specified, the version is automatically determined: * `Service` types can specify it with `appProtocol` on the `Service` port. * If traffic is identified as gRPC, `HTTP2` is used. * If the incoming traffic was plaintext HTTP, the original protocol will be used. * If the incoming traffic was HTTPS, `HTTP1` will be used. This is because most clients will transparently upgrade HTTPS traffic to `HTTP2`, even if the backend doesn't support it.
enum: HTTP1, HTTP2
tcp object
Settings for managing TCP connections to the backend.
connectTimeout string
Deadline for establishing a connection to the destination.
keepalive object
Settings for enabling TCP keepalives on the connection.
interval string
Time between keepalive probes. If unset, this defaults to 180s.
retries integer
Maximum number of keepalive probes to send before dropping the connection. If unset, this defaults to 9.
format: int32
minimum: 1
maximum: 64
time string
Time a connection needs to be idle before keepalive probes start being sent. If unset, this defaults to 180s.
tls object
Settings for managing TLS connections to the backend. If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to validate the server, and the SNI will automatically be set based on the destination.
alpnProtocols []string
Application-Layer Protocol Negotiation (`ALPN`) value to use in the TLS handshake. If not present, defaults to `["h2", "http/1.1"]`.
minItems: 1
maxItems: 16
caCertificateRefs []object
CA certificate `ConfigMap` to use to verify the server certificate. If unset, the system's trusted certificates are used.
maxItems: 1
name string
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
insecureSkipVerify string
Originates TLS but skips verification of the backend's certificate. WARNING: This is an insecure option that should only be used if the risks are understood. There are two modes: * `All` disables all TLS verification. * `Hostname` verifies the CA certificate is trusted, but ignores any mismatch of hostname or SANs. Note that this method is still insecure; prefer setting `verifySubjectAltNames` to customize the valid hostnames if possible.
enum: All, Hostname
keyExchangeGroups []string
Ordered list of key exchange groups for a TLS connection. For example: `X25519_MLKEM768,X25519`.
mtlsCertificateRef []object
Enables mutual TLS to the backend, using the specified key (`tls.key`) and cert (`tls.crt`) from the referenced credential source, defaulting to a Kubernetes `Secret`. An optional `ca.cert` field, if present, will be used to verify the server certificate. If `caCertificateRefs` is also specified, the `caCertificateRefs` field takes priority. If unspecified, no client certificate will be used.
maxItems: 1
group string
The API group of the referenced credential. Empty selects the core API group.
kind string
The kind of the referenced credential. Empty defaults to `Secret`.
name string required
The name of the referenced credential.
minLength: 1
maxLength: 253
sni string
Server Name Indicator (`SNI`) to use in the TLS handshake. If unset, the `SNI` is automatically set based on the destination hostname.
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
minLength: 1
maxLength: 253
verifySubjectAltNames []string
Subject Alternative Names (`SAN`) to verify in the server certificate. If not present, the destination hostname is automatically used.
minItems: 1
maxItems: 16
tunnel object
Settings for managing tunnel connections, with behavior like `HTTPS_PROXY`, to the backend.
backendRef object required
Proxy server to reach. Supported types: `Service` and `Backend`.
group string
Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred.
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
maxLength: 253
kind string
Kind is the Kubernetes resource kind of the referent. For example "Service". Defaults to "Service" when not specified. ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. Support: Core (Services with a type other than ExternalName) Support: Implementation-specific (Services with type ExternalName)
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
minLength: 1
maxLength: 63
name string required
Name is the name of the referent.
minLength: 1
maxLength: 253
namespace string
Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. Support: Core
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
minLength: 1
maxLength: 63
port integer
Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field.
format: int32
minimum: 1
maximum: 65535
region string required
AWS region where the guardrail is deployed, for example `us-west-2`).
minLength: 1
maxLength: 256
version string required
Version of the Guardrail policy to use for the backend.
minLength: 1
maxLength: 256
googleModelArmor object
Google Model Armor settings for prompt guarding.
location string
Google Cloud location, for example `us-central1`. Defaults to `us-central1` if not specified.
minLength: 1
maxLength: 256
policies object
Policies for communicating with Google Model Armor.
auth object
Settings for managing authentication to the backend.
aws object
Explicit AWS authentication method for the backend. When omitted, default AWS SDK credential discovery is used.
assumeRole object
AWS STS AssumeRole settings to use before signing backend requests. Ambient AWS credentials are used as the source credentials for STS.
roleArn string required
AWS IAM role ARN to assume.
pattern: ^arn:aws[a-z-]*:iam::[0-9]{12}:role/.+$
minLength: 1
secretRef object
Credential source, defaulting to a Kubernetes `Secret`, containing the AWS credentials. When using the default Secret resolver, the `Secret` must have keys `accessKey`, `secretKey`, and optionally `sessionToken`.
group string
The API group of the referenced credential. Empty selects the core API group.
kind string
The kind of the referenced credential. Empty defaults to `Secret`.
name string required
The name of the referenced credential.
minLength: 1
maxLength: 253
serviceName string
AWS SigV4 signing service name, for example `bedrock`, `bedrock-agentcore`, or `execute-api`). If unset, typed AWS backends may provide this automatically.
minLength: 1
maxLength: 256
azure object
Azure authentication method for the backend.
managedIdentity object
Managed identity authentication settings.
clientId string required
objectId string required
resourceId string required
secretRef object
Credential source, defaulting to a Kubernetes `Secret`, containing the Azure credentials. When using the default Secret resolver, the `Secret` must have keys `clientID`, `tenantID`, and `clientSecret`.
group string
The API group of the referenced credential. Empty selects the core API group.
kind string
The kind of the referenced credential. Empty defaults to `Secret`.
name string required
The name of the referenced credential.
minLength: 1
maxLength: 253
gcp object
Google authentication method for the backend. When omitted, default Google credential discovery is used.
audience string
Explicit `aud` value for the ID token. Only valid with `IdToken` type. If not set, the `aud` is automatically derived from the backend hostname.
minLength: 1
maxLength: 256
secretRef object
Credential source, defaulting to a Kubernetes `Secret`, containing ADC-compatible Google credential JSON. When using the default Secret resolver, this must be stored in the `credentials.json` key. When omitted, ambient credentials are used.
group string
The API group of the referenced credential. Empty selects the core API group.
kind string
The kind of the referenced credential. Empty defaults to `Secret`.
name string required
The name of the referenced credential.
minLength: 1
maxLength: 253
type string
The type of token to generate. To authenticate to GCP services, generally an `AccessToken` is used. To authenticate to Cloud Run, an `IdToken` is used.
enum: AccessToken, IdToken
key string
Inline key to use as the value of the `Authorization` header. This option is the least secure; usage of a `Secret` is preferred.
maxLength: 2048
location object
Where backend credentials are inserted. If omitted, credentials are written to the `Authorization` header with the `Bearer ` prefix. This applies to `key`, `secretRef`, and `passthrough`.
cookie object
name string required
minLength: 1
maxLength: 256
header object
name string required
HTTPHeaderName is the name of an HTTP header. Valid values include: * "Authorization" * "Set-Cookie" Invalid values include: - ":method" - ":" is an invalid character. This means that HTTP/2 pseudo headers are not currently supported by this type. - "/invalid" - "/ " is an invalid character
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
minLength: 1
maxLength: 256
prefix string
minLength: 1
maxLength: 256
queryParameter object
name string required
minLength: 1
maxLength: 256
passthrough object
Passes through an existing token that has been sent by the client and validated. Other policies, like JWT and API key authentication, will strip the original client credentials. Passthrough backend authentication causes the original token to be added back into the request. If there are no client authentication policies on the request, the original token would be unchanged, so this would have no effect.
secretRef object
Credential source, defaulting to a Kubernetes `Secret`, storing the key to use as the authorization value. When using the default Secret resolver, this must be stored in the `Authorization` key.
group string
The API group of the referenced credential. Empty selects the core API group.
kind string
The kind of the referenced credential. Empty defaults to `Secret`.
name string required
The name of the referenced credential.
minLength: 1
maxLength: 253
http object
Settings for managing HTTP requests to the backend.
requestTimeout string
Deadline for receiving a response from the backend.
version string
HTTP protocol version to use when connecting to the backend. If not specified, the version is automatically determined: * `Service` types can specify it with `appProtocol` on the `Service` port. * If traffic is identified as gRPC, `HTTP2` is used. * If the incoming traffic was plaintext HTTP, the original protocol will be used. * If the incoming traffic was HTTPS, `HTTP1` will be used. This is because most clients will transparently upgrade HTTPS traffic to `HTTP2`, even if the backend doesn't support it.
enum: HTTP1, HTTP2
tcp object
Settings for managing TCP connections to the backend.
connectTimeout string
Deadline for establishing a connection to the destination.
keepalive object
Settings for enabling TCP keepalives on the connection.
interval string
Time between keepalive probes. If unset, this defaults to 180s.
retries integer
Maximum number of keepalive probes to send before dropping the connection. If unset, this defaults to 9.
format: int32
minimum: 1
maximum: 64
time string
Time a connection needs to be idle before keepalive probes start being sent. If unset, this defaults to 180s.
tls object
Settings for managing TLS connections to the backend. If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to validate the server, and the SNI will automatically be set based on the destination.
alpnProtocols []string
Application-Layer Protocol Negotiation (`ALPN`) value to use in the TLS handshake. If not present, defaults to `["h2", "http/1.1"]`.
minItems: 1
maxItems: 16
caCertificateRefs []object
CA certificate `ConfigMap` to use to verify the server certificate. If unset, the system's trusted certificates are used.
maxItems: 1
name string
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
insecureSkipVerify string
Originates TLS but skips verification of the backend's certificate. WARNING: This is an insecure option that should only be used if the risks are understood. There are two modes: * `All` disables all TLS verification. * `Hostname` verifies the CA certificate is trusted, but ignores any mismatch of hostname or SANs. Note that this method is still insecure; prefer setting `verifySubjectAltNames` to customize the valid hostnames if possible.
enum: All, Hostname
keyExchangeGroups []string
Ordered list of key exchange groups for a TLS connection. For example: `X25519_MLKEM768,X25519`.
mtlsCertificateRef []object
Enables mutual TLS to the backend, using the specified key (`tls.key`) and cert (`tls.crt`) from the referenced credential source, defaulting to a Kubernetes `Secret`. An optional `ca.cert` field, if present, will be used to verify the server certificate. If `caCertificateRefs` is also specified, the `caCertificateRefs` field takes priority. If unspecified, no client certificate will be used.
maxItems: 1
group string
The API group of the referenced credential. Empty selects the core API group.
kind string
The kind of the referenced credential. Empty defaults to `Secret`.
name string required
The name of the referenced credential.
minLength: 1
maxLength: 253
sni string
Server Name Indicator (`SNI`) to use in the TLS handshake. If unset, the `SNI` is automatically set based on the destination hostname.
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
minLength: 1
maxLength: 253
verifySubjectAltNames []string
Subject Alternative Names (`SAN`) to verify in the server certificate. If not present, the destination hostname is automatically used.
minItems: 1
maxItems: 16
tunnel object
Settings for managing tunnel connections, with behavior like `HTTPS_PROXY`, to the backend.
backendRef object required
Proxy server to reach. Supported types: `Service` and `Backend`.
group string
Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred.
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
maxLength: 253
kind string
Kind is the Kubernetes resource kind of the referent. For example "Service". Defaults to "Service" when not specified. ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. Support: Core (Services with a type other than ExternalName) Support: Implementation-specific (Services with type ExternalName)
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
minLength: 1
maxLength: 63
name string required
Name is the name of the referent.
minLength: 1
maxLength: 253
namespace string
Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. Support: Core
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
minLength: 1
maxLength: 63
port integer
Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field.
format: int32
minimum: 1
maximum: 65535
projectId string required
Google Cloud project ID.
minLength: 1
maxLength: 256
templateId string required
Template ID for Google Model Armor.
minLength: 1
maxLength: 256
regex object
Regular expression (regex) matching for prompt guards and data masking.
action string
The action to take if a regex pattern is matched in a request or response. This setting applies only to request matches. `PromptguardResponse` matches are always masked by default. Defaults to `Mask`.
enum: Mask, Reject
builtins []string
Built-in regex patterns to match against the request or response. Matches and built-ins are additive.
matches []string
Regex patterns to match against the request or response. Matches and built-ins are additive.
response object
Custom response message to return to the client. If not specified, defaults to `The response was rejected due to inappropriate content`.
message string
Custom response message to return to the client. If not specified, defaults to `The request was rejected due to inappropriate content`.
statusCode integer
Status code to return to the client. Defaults to 403.
format: int32
minimum: 200
maximum: 599
webhook object
Webhook that receives responses for prompt guarding.
backendRef object required
Webhook server to reach. Supported types: Service and Backend.
group string
Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred.
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
maxLength: 253
kind string
Kind is the Kubernetes resource kind of the referent. For example "Service". Defaults to "Service" when not specified. ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. Support: Core (Services with a type other than ExternalName) Support: Implementation-specific (Services with type ExternalName)
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
minLength: 1
maxLength: 63
name string required
Name is the name of the referent.
minLength: 1
maxLength: 253
namespace string
Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. Support: Core
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
minLength: 1
maxLength: 63
port integer
Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field.
format: int32
minimum: 1
maximum: 65535
failureMode string
Behavior when the webhook guardrail is unavailable or returns an error. `FailOpen` allows the request to continue. `FailClosed` (default) rejects the request.
enum: FailClosed, FailOpen
forwardHeaderMatches []object
HTTP header matches used to select the headers to forward to the webhook. Request headers are used when forwarding requests and response headers are used when forwarding responses. By default, no headers are forwarded.
name string required
Name is the name of the HTTP Header to be matched. Name matching MUST be case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). If multiple entries specify equivalent header names, only the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, "foo" and "Foo" are considered equivalent. When a header is repeated in an HTTP request, it is implementation-specific behavior as to how this is represented. Generally, proxies should follow the guidance from the RFC: https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding processing a repeated header, with special handling for "Set-Cookie".
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
minLength: 1
maxLength: 256
type string
Type specifies how to match against the value of the header. Support: Core (Exact) Support: Implementation-specific (RegularExpression) Since RegularExpression HeaderMatchType has implementation-specific conformance, implementations can support POSIX, PCRE or any other dialects of regular expressions. Please read the implementation's documentation to determine the supported dialect.
enum: Exact, RegularExpression
value string required
Value is the value of HTTP Header to be matched. <gateway:experimental:description> Must consist of printable US-ASCII characters, optionally separated by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2 </gateway:experimental:description> <gateway:experimental:validation:Pattern=`^[!-~]+([\t ]?[!-~]+)*$`>
minLength: 1
maxLength: 4096
streaming string
Apply prompt guards to streaming responses and realtime websocket messages. Defaults to disabled to preserve streaming throughput unless explicitly enabled.
enum: Enabled
routes object
Rules for identifying the type of traffic to handle. The keys are URL path suffixes matched using ends-with comparison, for example `"/v1/chat/completions"`. The special `*` wildcard matches any path. If not specified, all traffic defaults to `completions` type.
transformations []object
CEL transformations to compute and set fields in the request body. The expression result overwrites any existing value for that field. This has a higher priority than `overrides` if both are set for the same key.
minItems: 1
maxItems: 64
expression string required
CEL expression used to compute the field value.
minLength: 1
maxLength: 16384
field string required
Name of the field to set.
maxLength: 256
auth object
Settings for managing authentication to the backend.
aws object
Explicit AWS authentication method for the backend. When omitted, default AWS SDK credential discovery is used.
assumeRole object
AWS STS AssumeRole settings to use before signing backend requests. Ambient AWS credentials are used as the source credentials for STS.
roleArn string required
AWS IAM role ARN to assume.
pattern: ^arn:aws[a-z-]*:iam::[0-9]{12}:role/.+$
minLength: 1
secretRef object
Credential source, defaulting to a Kubernetes `Secret`, containing the AWS credentials. When using the default Secret resolver, the `Secret` must have keys `accessKey`, `secretKey`, and optionally `sessionToken`.
group string
The API group of the referenced credential. Empty selects the core API group.
kind string
The kind of the referenced credential. Empty defaults to `Secret`.
name string required
The name of the referenced credential.
minLength: 1
maxLength: 253
serviceName string
AWS SigV4 signing service name, for example `bedrock`, `bedrock-agentcore`, or `execute-api`). If unset, typed AWS backends may provide this automatically.
minLength: 1
maxLength: 256
azure object
Azure authentication method for the backend.
managedIdentity object
Managed identity authentication settings.
clientId string required
objectId string required
resourceId string required
secretRef object
Credential source, defaulting to a Kubernetes `Secret`, containing the Azure credentials. When using the default Secret resolver, the `Secret` must have keys `clientID`, `tenantID`, and `clientSecret`.
group string
The API group of the referenced credential. Empty selects the core API group.
kind string
The kind of the referenced credential. Empty defaults to `Secret`.
name string required
The name of the referenced credential.
minLength: 1
maxLength: 253
gcp object
Google authentication method for the backend. When omitted, default Google credential discovery is used.
audience string
Explicit `aud` value for the ID token. Only valid with `IdToken` type. If not set, the `aud` is automatically derived from the backend hostname.
minLength: 1
maxLength: 256
secretRef object
Credential source, defaulting to a Kubernetes `Secret`, containing ADC-compatible Google credential JSON. When using the default Secret resolver, this must be stored in the `credentials.json` key. When omitted, ambient credentials are used.
group string
The API group of the referenced credential. Empty selects the core API group.
kind string
The kind of the referenced credential. Empty defaults to `Secret`.
name string required
The name of the referenced credential.
minLength: 1
maxLength: 253
type string
The type of token to generate. To authenticate to GCP services, generally an `AccessToken` is used. To authenticate to Cloud Run, an `IdToken` is used.
enum: AccessToken, IdToken
key string
Inline key to use as the value of the `Authorization` header. This option is the least secure; usage of a `Secret` is preferred.
maxLength: 2048
location object
Where backend credentials are inserted. If omitted, credentials are written to the `Authorization` header with the `Bearer ` prefix. This applies to `key`, `secretRef`, and `passthrough`.
cookie object
name string required
minLength: 1
maxLength: 256
header object
name string required
HTTPHeaderName is the name of an HTTP header. Valid values include: * "Authorization" * "Set-Cookie" Invalid values include: - ":method" - ":" is an invalid character. This means that HTTP/2 pseudo headers are not currently supported by this type. - "/invalid" - "/ " is an invalid character
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
minLength: 1
maxLength: 256
prefix string
minLength: 1
maxLength: 256
queryParameter object
name string required
minLength: 1
maxLength: 256
passthrough object
Passes through an existing token that has been sent by the client and validated. Other policies, like JWT and API key authentication, will strip the original client credentials. Passthrough backend authentication causes the original token to be added back into the request. If there are no client authentication policies on the request, the original token would be unchanged, so this would have no effect.
secretRef object
Credential source, defaulting to a Kubernetes `Secret`, storing the key to use as the authorization value. When using the default Secret resolver, this must be stored in the `Authorization` key.
group string
The API group of the referenced credential. Empty selects the core API group.
kind string
The kind of the referenced credential. Empty defaults to `Secret`.
name string required
The name of the referenced credential.
minLength: 1
maxLength: 253
extAuth object
External authentication configuration for requests sent to this backend.
backendRef object
External Authorization server to reach. Supported types: `Service` and `Backend`.
group string
Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred.
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
maxLength: 253
kind string
Kind is the Kubernetes resource kind of the referent. For example "Service". Defaults to "Service" when not specified. ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. Support: Core (Services with a type other than ExternalName) Support: Implementation-specific (Services with type ExternalName)
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
minLength: 1
maxLength: 63
name string required
Name is the name of the referent.
minLength: 1
maxLength: 253
namespace string
Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. Support: Core
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
minLength: 1
maxLength: 63
port integer
Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field.
format: int32
minimum: 1
maximum: 65535
cache object
Caches gRPC authorization results. WARNING: the safety of this feature depends on the cache key accurately capturing every request property that the authorization service uses to make a decision. For example, if the service returns different results based on both path and authorization header, both must be included in `key`; otherwise, one request may incorrectly reuse another request's authorization result. If any key expression fails to evaluate or produces an unsupported value, the request is still sent to the authorization service, but its result is not read from or written to the cache.
key []string required
Ordered list of CEL expressions evaluated against the request to construct the cache key.
minItems: 1
maxItems: 16
maxEntries integer
Maximum number of authorization results to keep in the cache. If unset, this defaults to 10000.
format: int32
minimum: 1
ttl string required
Duration string, such as `5m`, or a CEL expression that returns the duration that cached authorization results may be reused, or a timestamp when the cached authorization result expires. The expression is evaluated after the authorization response has been applied to the request.
minLength: 1
maxLength: 16384
failureMode string
Behavior when the external authorization service is unavailable or returns an error. "FailOpen" allows the request to continue. "FailClosed" (default) denies the request.
enum: FailClosed, FailOpen
forwardBody object
Whether to include the HTTP body in the authorization request. If enabled, the request body will be buffered.
maxSize string | integer required
Largest body, in bytes, that will be buffered and sent to the authorization server. If the body size is larger than `maxSize`, then the request will be rejected with a response.
string pattern: ^[+-]?([0-9]+(\.[0-9]*)?|\.[0-9]+)(([KMGTPE]i)|[numkMGTPE]|[eE](\+?0*([0-9]|1[0-8])|-0*[0-9]))?$
string minLength: 1
string maxLength: 32
grpc object
Uses the gRPC External Authorization [protocol](https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/auth/v3/external_auth.proto) should be used.
contextExtensions object
Additional arbitrary key-value pairs to send to the authorization server in the `context_extensions` field.
requestMetadata object
Metadata to send to the authorization server. This maps to the `metadata_context.filter_metadata` field of the request, and allows dynamic CEL expressions. If unset, by default the `envoy.filters.http.jwt_authn` key is set if the JWT policy is used as well, for compatibility.
http object
Uses HTTP to connect to the authorization server. The authorization server must return a `200` status code, otherwise the request is considered an authorization failure.
addRequestHeaders object
Additional headers to add to the request to the authorization server. While `allowedRequestHeaders` just passes the original headers through, `addRequestHeaders` allows defining custom headers based on CEL expressions.
allowedRequestHeaders []string
Additional headers from the client request that will be sent to the authorization server. If unset, the following headers are sent by default: `Authorization`.
maxItems: 64
allowedResponseHeaders []string
Headers from the authorization response that will be copied into the request to the backend.
maxItems: 64
path string
Path to send to the authorization server. If unset, this defaults to the original request path. This is a CEL expression, which allows customizing the path based on the incoming request. For example, to add a prefix, use `"/prefix/" + request.path`.
minLength: 1
maxLength: 16384
redirect string
Optional expression that determines a path to redirect to on authorization failure. This is useful to redirect to a sign-in page.
minLength: 1
maxLength: 16384
responseMetadata object
Metadata fields to construct from the authorization response. These will be included under the `extauthz` variable in future CEL expressions. Setting this is useful for things like logging usernames, without needing to include them as headers to the backend, as `allowedResponseHeaders` would.
health object
Settings for passive and active health checking.
eviction object
Settings for evicting unhealthy backends.
consecutiveFailures integer
Number of consecutive unhealthy responses required before the backend is evicted. For example, a value of 5 means the backend must receive 5 unhealthy responses in a row before being evicted. When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met. When neither is set, a single unhealthy response can trigger eviction.
format: int32
minimum: 0
duration string
Base time a backend should be evicted after being marked unhealthy. Subsequent evictions use multiplicative backoff (duration * times_evicted). If all endpoints are evicted, the load balancer falls back to returning evicted endpoints rather than failing entirely. If unset, defaults to `3s`.
healthThreshold integer
EWMA health score threshold, expressed as 0 to 100. When set, a backend is only evicted if its computed health drops below this value after an unhealthy response. For example, 50 means the backend is evicted when its EWMA health falls below 50% following failures. Unlike consecutiveFailures (which counts consecutive failures), this uses a sliding-window average so a single success in a stream of failures can delay eviction. When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met. When neither is set, a single unhealthy response triggers eviction.
format: int32
minimum: 0
maximum: 100
restoreHealth integer
Health score from 0 to 100 assigned to a backend when it returns from eviction. For gradual recovery, set below 100; for full recovery immediately, set 100. If unset, the backend resumes with the health it had when evicted.
format: int32
minimum: 0
maximum: 100
unhealthyCondition string
CEL expression that determines whether a response indicates an unhealthy backend. When the expression evaluates to true, the backend is considered unhealthy and may be evicted. For example, to evict on 5xx responses: `response.code >= 500`. When unset, any 5xx response, or a connection failure, is treated as unhealthy. This default lowers the backend's health score but does not trigger eviction on its own.
minLength: 1
maxLength: 16384
http object
Settings for managing HTTP requests to the backend.
requestTimeout string
Deadline for receiving a response from the backend.
version string
HTTP protocol version to use when connecting to the backend. If not specified, the version is automatically determined: * `Service` types can specify it with `appProtocol` on the `Service` port. * If traffic is identified as gRPC, `HTTP2` is used. * If the incoming traffic was plaintext HTTP, the original protocol will be used. * If the incoming traffic was HTTPS, `HTTP1` will be used. This is because most clients will transparently upgrade HTTPS traffic to `HTTP2`, even if the backend doesn't support it.
enum: HTTP1, HTTP2
mcp object
Settings for MCP workloads. This is only applicable when connecting to a `Backend` of type `mcp`.
authentication object
MCP backend-specific authentication rules. This field is deprecated; prefer to use traffic policy `jwtAuthentication.mcp`, which ensures authentication runs before other policies such as transformation and rate limiting.
audiences []string
Allowed audiences that are allowed access. This corresponds to the `aud` claim ([RFC 7519 §4.1.3](https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.3)). If unset, any audience is allowed.
minItems: 1
maxItems: 64
clientId string
Client ID to use for short-circuiting Dynamic Client Registration. If set, the gateway will not proxy registration requests to the IDP and instead return this client ID.
issuer string
IdP that issued the JWT. This corresponds to the `iss` claim ([RFC 7519 §4.1.1](https://tools.ietf.org/html/rfc7519#section-4.1.1)).
minLength: 1
maxLength: 256
jwks object required
Remote JSON Web Key used to validate the signature of the JWT.
backendRef object required
Remote JWKS server to reach. Supported types are `Service` and static `Backend`. An `AgentgatewayPolicy` containing backend TLS config can then be attached to the `Service` or `Backend` in order to set TLS options for a connection to the remote `jwks` source.
group string
Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred.
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
maxLength: 253
kind string
Kind is the Kubernetes resource kind of the referent. For example "Service". Defaults to "Service" when not specified. ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. Support: Core (Services with a type other than ExternalName) Support: Implementation-specific (Services with type ExternalName)
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
minLength: 1
maxLength: 63
name string required
Name is the name of the referent.
minLength: 1
maxLength: 253
namespace string
Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. Support: Core
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
minLength: 1
maxLength: 63
port integer
Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field.
format: int32
minimum: 1
maximum: 65535
cacheDuration string
jwksPath string required
Path to the IdP `jwks` endpoint, relative to the root, commonly `".well-known/jwks.json"`.
minLength: 1
maxLength: 2000
mode string
Validation mode for JWT authentication.
enum: Optional, Permissive, Strict
provider string
Identity provider to use for authentication.
enum: Auth0, Keycloak, Okta
resourceMetadata object
Metadata to use for MCP resources.
authorization object
MCP backend authorization. Unlike authorization at the HTTP level, which rejects unauthorized requests with a `403` error, this policy works at the `MCPBackend` level. List operations, such as `list_tools`, will have each item evaluated. Items that do not meet the rule will be filtered. Get or call operations, such as `call_tool`, will evaluate the specific item and reject requests that do not meet the rule.
action string
The effect of this rule when it matches. If unspecified, defaults to `Allow`. `Require` rules are cumulative: all require rules must match.
enum: Allow, Deny, Require
policy object required
The authorization rule to evaluate. * `Allow`: any matching allow rule allows the request. * `Require`: every require rule must match for the request to be allowed. * `Deny`: any matching deny rule denies the request. A CEL expression that fails to evaluate does not match. Prefer `Require` for deny-by-default behavior. If at least one `Allow` rule is configured, requests are denied unless at least one allow rule matches.
matchExpressions []string required
CEL expressions that must all evaluate to true for the rule to match.
minItems: 1
maxItems: 256
guardrails object
`guardrails` routes selected JSON-RPC methods through a remote policy server.
processors []object required
`processors` is the ordered list of policy processors applied to matched methods. Processors run in the order listed; the first to reject a request short-circuits the chain.
minItems: 1
maxItems: 16
methods object required
`methods` is the allowlist of JSON-RPC methods (e.g. `tools/call`, `tools/list`) routed through this processor, keyed by method name with the phase it runs in. Keys may be exact, a prefix wildcard (`tools/*`), a suffix wildcard (`*/list`), or `*` for all methods; the most specific match wins. Methods matching no key, including unknown ones, bypass this processor.
remote object
`remote` configures a gRPC policy server.
allowedRequestHeaders []string
`allowedRequestHeaders` lists the incoming request headers forwarded to the policy server in `McpRequest.headers`. If empty, all headers and pseudo-headers (`:authority`, `:method`, ...) are forwarded. Matching is case-insensitive.
maxItems: 64
backendRef object required
`backendRef` references the remote guardrails policy server. Supported types: `Service` and `Backend`.
group string
Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred.
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
maxLength: 253
kind string
Kind is the Kubernetes resource kind of the referent. For example "Service". Defaults to "Service" when not specified. ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. Support: Core (Services with a type other than ExternalName) Support: Implementation-specific (Services with type ExternalName)
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
minLength: 1
maxLength: 63
name string required
Name is the name of the referent.
minLength: 1
maxLength: 253
namespace string
Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. Support: Core
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
minLength: 1
maxLength: 63
port integer
Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field.
format: int32
minimum: 1
maximum: 65535
disallowedRequestHeaders []string
`disallowedRequestHeaders` lists header names never forwarded to the policy server, even if listed in `allowedRequestHeaders`. Matching is case-insensitive.
maxItems: 64
failureMode string
`failureMode` controls behavior when the policy server is unreachable or returns an error. `FailOpen` allows the request; `FailClosed` (default) denies it.
enum: FailClosed, FailOpen
metadata object
`metadata` is static or CEL-evaluated context surfaced to the policy server as fields of the `metadata_context` google.protobuf.Struct, keyed by config key. Values are CEL expressions.
tcp object
Settings for managing TCP connections to the backend.
connectTimeout string
Deadline for establishing a connection to the destination.
keepalive object
Settings for enabling TCP keepalives on the connection.
interval string
Time between keepalive probes. If unset, this defaults to 180s.
retries integer
Maximum number of keepalive probes to send before dropping the connection. If unset, this defaults to 9.
format: int32
minimum: 1
maximum: 64
time string
Time a connection needs to be idle before keepalive probes start being sent. If unset, this defaults to 180s.
tls object
Settings for managing TLS connections to the backend. If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to validate the server, and the SNI will automatically be set based on the destination.
alpnProtocols []string
Application-Layer Protocol Negotiation (`ALPN`) value to use in the TLS handshake. If not present, defaults to `["h2", "http/1.1"]`.
minItems: 1
maxItems: 16
caCertificateRefs []object
CA certificate `ConfigMap` to use to verify the server certificate. If unset, the system's trusted certificates are used.
maxItems: 1
name string
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
insecureSkipVerify string
Originates TLS but skips verification of the backend's certificate. WARNING: This is an insecure option that should only be used if the risks are understood. There are two modes: * `All` disables all TLS verification. * `Hostname` verifies the CA certificate is trusted, but ignores any mismatch of hostname or SANs. Note that this method is still insecure; prefer setting `verifySubjectAltNames` to customize the valid hostnames if possible.
enum: All, Hostname
keyExchangeGroups []string
Ordered list of key exchange groups for a TLS connection. For example: `X25519_MLKEM768,X25519`.
mtlsCertificateRef []object
Enables mutual TLS to the backend, using the specified key (`tls.key`) and cert (`tls.crt`) from the referenced credential source, defaulting to a Kubernetes `Secret`. An optional `ca.cert` field, if present, will be used to verify the server certificate. If `caCertificateRefs` is also specified, the `caCertificateRefs` field takes priority. If unspecified, no client certificate will be used.
maxItems: 1
group string
The API group of the referenced credential. Empty selects the core API group.
kind string
The kind of the referenced credential. Empty defaults to `Secret`.
name string required
The name of the referenced credential.
minLength: 1
maxLength: 253
sni string
Server Name Indicator (`SNI`) to use in the TLS handshake. If unset, the `SNI` is automatically set based on the destination hostname.
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
minLength: 1
maxLength: 253
verifySubjectAltNames []string
Subject Alternative Names (`SAN`) to verify in the server certificate. If not present, the destination hostname is automatically used.
minItems: 1
maxItems: 16
transformation object
Mutates and transforms requests and responses sent to and from the backend.
request object
Request transformation settings.
add []object
Headers to add to the request and what each value should be set to. If there is already a header with these values then append the value as an extra entry.
minItems: 1
maxItems: 16
name string required
The name of the header to add.
pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
minLength: 1
maxLength: 256
value string required
CEL expression that generates the output value for the header.
minLength: 1
maxLength: 16384
body string
HTTP body transformation.
minLength: 1
maxLength: 16384
metadata object
Stores CEL-evaluated values under the `metadata` CEL variable for subsequent policy evaluations. `metadata` is evaluated before header or body transformations.
remove []string
Header names to remove from the request or response.
minItems: 1
maxItems: 16
set []object
Headers to set and the values to use.
minItems: 1
maxItems: 16
name string required
The name of the header to add.
pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
minLength: 1
maxLength: 256
value string required
CEL expression that generates the output value for the header.
minLength: 1
maxLength: 16384
response object
Response transformation settings.
add []object
Headers to add to the request and what each value should be set to. If there is already a header with these values then append the value as an extra entry.
minItems: 1
maxItems: 16
name string required
The name of the header to add.
pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
minLength: 1
maxLength: 256
value string required
CEL expression that generates the output value for the header.
minLength: 1
maxLength: 16384
body string
HTTP body transformation.
minLength: 1
maxLength: 16384
metadata object
Stores CEL-evaluated values under the `metadata` CEL variable for subsequent policy evaluations. `metadata` is evaluated before header or body transformations.
remove []string
Header names to remove from the request or response.
minItems: 1
maxItems: 16
set []object
Headers to set and the values to use.
minItems: 1
maxItems: 16
name string required
The name of the header to add.
pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
minLength: 1
maxLength: 256
value string required
CEL expression that generates the output value for the header.
minLength: 1
maxLength: 16384
tunnel object
Settings for managing tunnel connections, with behavior like `HTTPS_PROXY`, to the backend.
backendRef object required
Proxy server to reach. Supported types: `Service` and `Backend`.
group string
Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred.
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
maxLength: 253
kind string
Kind is the Kubernetes resource kind of the referent. For example "Service". Defaults to "Service" when not specified. ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. Support: Core (Services with a type other than ExternalName) Support: Implementation-specific (Services with type ExternalName)
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
minLength: 1
maxLength: 63
name string required
Name is the name of the referent.
minLength: 1
maxLength: 253
namespace string
Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. Support: Core
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
minLength: 1
maxLength: 63
port integer
Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field.
format: int32
minimum: 1
maximum: 65535
frontend object
Settings for how to handle incoming traffic. A frontend policy can only target a `Gateway`. `Listener` and `ListenerSet` are not valid targets. When multiple policies are selected for a given request, they are merged on a field-level basis, but not a deep merge. For example, policy A sets `tcp` and `tls`, and policy B sets `tls`; the effective policy would be `tcp` from policy A, and `tls` from policy B.
accessLog object
Access logging configuration.
attributes object
Customizations to the key-value pairs that are logged.
add []object
Additional key-value pairs to add to each entry. The value is a CEL expression. If the CEL expression fails to evaluate, the pair will be excluded.
minItems: 1
expression string required
A Common Expression Language (CEL) expression.
minLength: 1
maxLength: 16384
name string required
minLength: 1
maxLength: 256
remove []string
Default fields to remove. For example, `http.method`.
minItems: 1
maxItems: 32
filter string
CEL expression used to filter logs. A log will only be emitted if the expression evaluates to `true`.
minLength: 1
maxLength: 16384
otlp object
OTLP access log export to an OpenTelemetry-compatible backend.
backendRef object required
OTLP server to send access logs to. Supported types: `Service` and `AgentgatewayBackend`.
group string
Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred.
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
maxLength: 253
kind string
Kind is the Kubernetes resource kind of the referent. For example "Service". Defaults to "Service" when not specified. ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. Support: Core (Services with a type other than ExternalName) Support: Implementation-specific (Services with type ExternalName)
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
minLength: 1
maxLength: 63
name string required
Name is the name of the referent.
minLength: 1
maxLength: 253
namespace string
Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. Support: Core
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
minLength: 1
maxLength: 63
port integer
Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field.
format: int32
minimum: 1
maximum: 65535
path string
OTLP/HTTP path to use. This is only applicable when `protocol` is `HTTP`. If unset, this defaults to `/v1/logs`.
minLength: 1
maxLength: 1024
protocol string
OTLP protocol variant to use.
enum: GRPC, HTTP
connect object
Settings for downstream HTTP CONNECT handling. If unset, CONNECT requests are rejected with Method Not Allowed.
mode string required
Whether downstream CONNECT requests are accepted.
enum: Deny, Route, Tunnel
http object
Settings for managing incoming HTTP requests.
http1HeaderCase string
Controls HTTP/1 request header name casing when encoding responses on the same connection. This only applies to `HTTP/1`. If a request is HTTP/2 in either the incoming or outgoing request, this will be ignored. HTTP/2 requests are always lower case. Modifying the headers from other policies may result in the original case being lost.
enum: Lowercase, Preserve
http1IdleTimeout string
Timeout before an unused connection is closed. If unset, this defaults to 10 minutes.
http1MaxHeaders integer
Maximum number of headers allowed in `HTTP/1.1` requests. If unset, this defaults to 100.
format: int32
minimum: 1
maximum: 4096
http2ConnectionWindowSize string | integer
Initial window size for connection-level flow control for received data.
string pattern: ^[+-]?([0-9]+(\.[0-9]*)?|\.[0-9]+)(([KMGTPE]i)|[numkMGTPE]|[eE](\+?0*([0-9]|1[0-8])|-0*[0-9]))?$
string minLength: 1
string maxLength: 32
http2FrameSize string | integer
Maximum frame size to use. If unset, this defaults to `16kb`.
string pattern: ^[+-]?([0-9]+(\.[0-9]*)?|\.[0-9]+)(([KMGTPE]i)|[numkMGTPE]|[eE](\+?0*([0-9]|1[0-8])|-0*[0-9]))?$
string minLength: 1
string maxLength: 32
http2KeepaliveInterval string
http2KeepaliveTimeout string
http2MaxHeaderSize string | integer
Maximum aggregate size of decoded HTTP/2 request headers. If unset, this defaults to `16Ki`.
string pattern: ^[+-]?([0-9]+(\.[0-9]*)?|\.[0-9]+)(([KMGTPE]i)|[numkMGTPE]|[eE](\+?0*([0-9]|1[0-8])|-0*[0-9]))?$
string minLength: 1
string maxLength: 32
http2WindowSize string | integer
Initial window size for stream-level flow control for received data.
string pattern: ^[+-]?([0-9]+(\.[0-9]*)?|\.[0-9]+)(([KMGTPE]i)|[numkMGTPE]|[eE](\+?0*([0-9]|1[0-8])|-0*[0-9]))?$
string minLength: 1
string maxLength: 32
maxBufferSize string | integer
Maximum HTTP body size that will be buffered into memory. Bodies will only be buffered for policies which require buffering. If unset, this defaults to `2mb`.
string pattern: ^[+-]?([0-9]+(\.[0-9]*)?|\.[0-9]+)(([KMGTPE]i)|[numkMGTPE]|[eE](\+?0*([0-9]|1[0-8])|-0*[0-9]))?$
string minLength: 1
string maxLength: 32
maxConnectionDuration string
Maximum time a connection is allowed to remain open. After this duration, the connection is gracefully closed after the current in-flight request completes. Useful for ensuring even traffic distribution behind load balancers during scaling events.
metrics object
Custom Prometheus metric label configuration. CEL expressions are evaluated per-request and added as labels to all Prometheus metrics exposed by agentgateway.
attributes object required
Customizations to the labels that are added to Prometheus metrics.
add []object
Additional key-value pairs to add as custom labels to all Prometheus metrics. The value is a CEL expression evaluated per-request. If the CEL expression fails to evaluate, the label value is set to "unknown". WARNING: High-cardinality labels (e.g., per-user IDs) can significantly increase Prometheus storage and memory usage. Prefer low-cardinality dimensions like team or environment.
minItems: 1
maxItems: 16
expression string required
A Common Expression Language (CEL) expression.
minLength: 1
maxLength: 16384
name string required
minLength: 1
maxLength: 256
networkAuthorization object
CEL authorization on downstream network connections. This runs before protocol handling and is intended for L4 access control, for example using `source.address` with `cidr(...).containsIP(...)`.
action string
The effect of this rule when it matches. If unspecified, defaults to `Allow`. `Require` rules are cumulative: all require rules must match.
enum: Allow, Deny, Require
policy object required
The authorization rule to evaluate. * `Allow`: any matching allow rule allows the request. * `Require`: every require rule must match for the request to be allowed. * `Deny`: any matching deny rule denies the request. A CEL expression that fails to evaluate does not match. Prefer `Require` for deny-by-default behavior. If at least one `Allow` rule is configured, requests are denied unless at least one allow rule matches.
matchExpressions []string required
CEL expressions that must all evaluate to true for the rule to match.
minItems: 1
maxItems: 256
proxyProtocol object
Settings for downstream PROXY protocol handling. If configured, incoming connections may require a PROXY header before normal protocol handling. This can also be configured to allow both PROXY and non-PROXY traffic on the same listener.
mode string
Whether PROXY headers are required or optional. If unset, this defaults to `Strict`.
enum: Optional, Strict
version string
PROXY protocol version to accept. If unset, this defaults to `V2`.
enum: All, V1, V2
tcp object
Settings for managing incoming TCP connections.
keepalive object
Settings for enabling TCP keepalives on the connection.
interval string
Time between keepalive probes. If unset, this defaults to 180s.
retries integer
Maximum number of keepalive probes to send before dropping the connection. If unset, this defaults to 9.
format: int32
minimum: 1
maximum: 64
time string
Time a connection needs to be idle before keepalive probes start being sent. If unset, this defaults to 180s.
tls object
Settings for managing incoming TLS connections.
alpnProtocols []string
Application-Layer Protocol Negotiation (`ALPN`) value to use in the TLS handshake. If not present, defaults to `["h2", "http/1.1"]`.
minItems: 1
maxItems: 16
cipherSuites []string
Cipher suites for a TLS listener. The value is a comma-separated list of cipher suites, for example `TLS13_AES_256_GCM_SHA384,TLS13_AES_128_GCM_SHA256`. Use this in the TLS options field of a TLS listener.
handshakeTimeout string
Deadline for a TLS handshake to complete. If unset, this defaults to `15s`.
keyExchangeGroups []string
Ordered list of key exchange groups for a TLS listener. For example: `X25519_MLKEM768,X25519`.
maxProtocolVersion string
Maximum TLS version to support.
enum: 1.2, 1.3
minProtocolVersion string
Minimum TLS version to support.
enum: 1.2, 1.3
tracing object
OpenTelemetry tracing settings.
attributes object
Customizations to the key-value pairs that are included in the trace.
add []object
Additional key-value pairs to add to each entry. The value is a CEL expression. If the CEL expression fails to evaluate, the pair will be excluded.
minItems: 1
expression string required
A Common Expression Language (CEL) expression.
minLength: 1
maxLength: 16384
name string required
minLength: 1
maxLength: 256
remove []string
Default fields to remove. For example, `http.method`.
minItems: 1
maxItems: 32
backendRef object required
OTLP server to reach. Supported types: `Service` and `AgentgatewayBackend`.
group string
Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred.
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
maxLength: 253
kind string
Kind is the Kubernetes resource kind of the referent. For example "Service". Defaults to "Service" when not specified. ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. Support: Core (Services with a type other than ExternalName) Support: Implementation-specific (Services with type ExternalName)
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
minLength: 1
maxLength: 63
name string required
Name is the name of the referent.
minLength: 1
maxLength: 253
namespace string
Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. Support: Core
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
minLength: 1
maxLength: 63
port integer
Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field.
format: int32
minimum: 1
maximum: 65535
clientSampling string
Expression that determines the amount of client sampling. Client sampling determines whether to initiate a new trace span if the incoming request does have a trace already. This should evaluate to a float between `0.0` and `1.0`, or a boolean (`true` or `false`). If unspecified, client sampling is `100%` enabled.
minLength: 1
maxLength: 16384
path string
OTLP path to use. This is only applicable when `protocol` is `HTTP`. If unset, this defaults to `/v1/traces`.
minLength: 1
maxLength: 1024
protocol string
OTLP protocol variant to use.
enum: GRPC, HTTP
randomSampling string
Expression that determines the amount of random sampling. Random sampling will initiate a new trace span if the incoming request does not have a trace initiated already. This should evaluate to a float between `0.0` and `1.0`, or a boolean (`true` or `false`). If unspecified, random sampling is disabled.
minLength: 1
maxLength: 16384
resources []object
Entity producing telemetry and resources resources to be included in the trace.
expression string required
A Common Expression Language (CEL) expression.
minLength: 1
maxLength: 16384
name string required
minLength: 1
maxLength: 256
strategy object
Policy merge and conflict resolution strategy. Strategy settings apply to the policy object as a whole. Individual strategy fields may only be valid for specific policy kinds; for example, inheritance is only valid when this policy contains traffic settings.
inheritance string
Controls whether less-specific traffic policies prevent more-specific traffic policies from contributing to the effective policy. This field is only valid on traffic policies. Frontend and backend policy merging does not use inheritance. When unset or set to `Default`, traffic policy fields are merged by specificity, with more-specific attachment points such as routes and route rules able to override fields from less-specific attachment points such as gateways and listeners. In other words, this policy provides `Default`s that can be overridden. For example, you may provide a `Default` timeout policy for the entire Gateway that is overridden by specific routes. When set to `Override`, this policy blocks traffic policies at more-specific attachment points from being included in the effective policy. This is useful when a gateway-level policy must remain authoritative for all routes below it.
enum: Default, Override
targetRefs []object
Target resources to attach the policy to.
minItems: 1
maxItems: 16
group string required
The API group of the target resource. For Kubernetes Gateway API resources, the group is `gateway.networking.k8s.io`.
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
maxLength: 253
kind string required
The API kind of the target resource, such as `Gateway` or `HTTPRoute`.
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
minLength: 1
maxLength: 63
name string required
The name of the target resource.
minLength: 1
maxLength: 253
sectionName string
The named section of the target resource.
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
minLength: 1
maxLength: 253
targetSelectors []object
Target selectors used to select resources to attach the policy to.
minItems: 1
maxItems: 16
group string required
The API group of the target resource. For Kubernetes Gateway API resources, the group is `gateway.networking.k8s.io`.
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
maxLength: 253
kind string required
The API kind of the target resource, such as `Gateway` or `HTTPRoute`.
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
minLength: 1
maxLength: 63
matchLabels object required
Labels that must be present on each selected target resource.
sectionName string
The named section of each selected target resource.
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
minLength: 1
maxLength: 253
traffic object
Settings for how to process traffic. A traffic policy can target a `Gateway` (optionally, with a `sectionName` indicating the listener), `ListenerSet`, or `Route` (optionally, with a `sectionName` indicating the route rule). When multiple policies are selected for a given request, they are merged on a field-level basis, but not a deep merge. Precedence is given to more precise policies: `Gateway` < `Listener` < `Route` < `Route Rule`. For example, policy A sets `timeouts` and `retries`, and policy B sets `retries`; the effective policy would be `timeouts` from policy A, and `retries` from policy B.
apiKeyAuthentication object
Authenticates users based on a configured API key.
location object
Where API keys are read from. If omitted, credentials are read from the `Authorization` header with the `Bearer ` prefix.
cookie object
name string required
minLength: 1
maxLength: 256
expression string
CEL expression that extracts the credential from the request.
minLength: 1
maxLength: 16384
header object
name string required
HTTPHeaderName is the name of an HTTP header. Valid values include: * "Authorization" * "Set-Cookie" Invalid values include: - ":method" - ":" is an invalid character. This means that HTTP/2 pseudo headers are not currently supported by this type. - "/invalid" - "/ " is an invalid character
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
minLength: 1
maxLength: 256
prefix string
minLength: 1
maxLength: 256
queryParameter object
name string required
minLength: 1
maxLength: 256
mode string
Validation mode for API key authentication.
enum: Optional, Permissive, Strict
secretRef object
Credential source, defaulting to a Kubernetes `Secret`, storing a set of API keys. If there are many Secret-backed keys, `secretSelector` can be used instead. Each entry in the credential data represents one API key. The key is an arbitrary identifier. The value can either be: * A string representing the API key. * A JSON object with two fields, `key` and `metadata`. `key` contains the API key. `metadata` contains arbitrary JSON metadata associated with the key, which may be used by other policies. For example, you may write an authorization policy allowing `apiKey.group == 'sales'`. Example: apiVersion: v1 kind: Secret metadata: name: api-key stringData: client1: | { "key": "k-123", "metadata": { "group": "sales", "created_at": "2024-10-01T12:00:00Z" } } client2: "k-456"
group string
The API group of the referenced credential. Empty selects the core API group.
kind string
The kind of the referenced credential. Empty defaults to `Secret`.
name string required
The name of the referenced credential.
minLength: 1
maxLength: 253
secretSelector object
Selects multiple Kubernetes `Secret` resources containing API keys. It is Secret-only; use `secretRef` for other credential kinds. If the same key is defined in multiple secrets, the behavior is undefined. Each entry in the `Secret` data represents one API key. The key is an arbitrary identifier. The value can either be: * A string representing the API key. * A JSON object with two fields, `key` and `metadata`. `key` contains the API key. `metadata` contains arbitrary JSON metadata associated with the key, which may be used by other policies. For example, you may write an authorization policy allowing `apiKey.group == 'sales'`. Example: apiVersion: v1 kind: Secret metadata: name: api-key stringData: client1: | { "key": "k-123", "metadata": { "group": "sales", "created_at": "2024-10-01T12:00:00Z" } } client2: "k-456"
matchLabels object required
Labels that must be present on each selected Secret.
authorization object
Access rules based on roles and permissions. If multiple authorization rules are applied across different policies, at the same or different attachment points, all rules are merged.
action string
The effect of this rule when it matches. If unspecified, defaults to `Allow`. `Require` rules are cumulative: all require rules must match.
enum: Allow, Deny, Require
policy object required
The authorization rule to evaluate. * `Allow`: any matching allow rule allows the request. * `Require`: every require rule must match for the request to be allowed. * `Deny`: any matching deny rule denies the request. A CEL expression that fails to evaluate does not match. Prefer `Require` for deny-by-default behavior. If at least one `Allow` rule is configured, requests are denied unless at least one allow rule matches.
matchExpressions []string required
CEL expressions that must all evaluate to true for the rule to match.
minItems: 1
maxItems: 256
basicAuthentication object
Authenticates users based on the `Basic` authentication scheme (RFC 7617), where a username and password are encoded in the request.
location object
Where Basic credentials are read from. If omitted, credentials are read from the `Authorization` header with the `Basic ` prefix.
cookie object
name string required
minLength: 1
maxLength: 256
expression string
CEL expression that extracts the credential from the request.
minLength: 1
maxLength: 16384
header object
name string required
HTTPHeaderName is the name of an HTTP header. Valid values include: * "Authorization" * "Set-Cookie" Invalid values include: - ":method" - ":" is an invalid character. This means that HTTP/2 pseudo headers are not currently supported by this type. - "/invalid" - "/ " is an invalid character
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
minLength: 1
maxLength: 256
prefix string
minLength: 1
maxLength: 256
queryParameter object
name string required
minLength: 1
maxLength: 256
mode string
Validation mode for basic authentication.
enum: Optional, Strict
realm string
`realm` value to return in the `WWW-Authenticate` header for failed authentication requests. If unset, `Restricted` will be used.
secretRef object
Credential source, defaulting to a Kubernetes `Secret`, storing the `.htaccess` file. When using the default Secret resolver, the `Secret` must have a key named `.htaccess`, and should contain the complete `.htaccess` file. Note: passwords should be the hash of the password, not the raw password. Use the `htpasswd` or similar commands to generate a hash. MD5, bcrypt, crypt, and SHA-1 are supported. Example: apiVersion: v1 kind: Secret metadata: name: basic-auth stringData: .htaccess: | alice:$apr1$3zSE0Abt$IuETi4l5yO87MuOrbSE4V. bob:$apr1$Ukb5LgRD$EPY2lIfY.A54jzLELNIId/
group string
The API group of the referenced credential. Empty selects the core API group.
kind string
The kind of the referenced credential. Empty defaults to `Secret`.
name string required
The name of the referenced credential.
minLength: 1
maxLength: 253
users []string
Inline list of username and password pairs that will be accepted. Each entry represents one line of the `htpasswd` format: https://httpd.apache.org/docs/2.4/programs/htpasswd.html. Note: passwords should be the hash of the password, not the raw password. Use the `htpasswd` or similar commands to generate a hash. MD5, bcrypt, crypt, and SHA-1 are supported. Example: users: - "user1:$apr1$ivPt0D4C$DmRhnewfHRSrb3DQC.WHC." - "user2:$2y$05$r3J4d3VepzFkedkd/q1vI.pBYIpSqjfN0qOARV3ScUHysatnS0cL2"
minItems: 1
maxItems: 256
buffer object
Buffers request and response bodies. Buffered bodies are accumulated in memory by the proxy until completion before being forwarded. This changes the proxies default behavior, which streams bodies. Warning: large bodies can lead to excessive memory usage in the proxy. Utilize with care, or with strict limits.
request object
Request body buffering settings.
maxBytes string | integer
Maximum number of bytes to buffer from the request or response body. If unset, defaults to the global proxy setting, which defaults to 2Mi.
string pattern: ^[+-]?([0-9]+(\.[0-9]*)?|\.[0-9]+)(([KMGTPE]i)|[numkMGTPE]|[eE](\+?0*([0-9]|1[0-8])|-0*[0-9]))?$
string minLength: 1
string maxLength: 32
response object
Response body buffering settings.
maxBytes string | integer
Maximum number of bytes to buffer from the request or response body. If unset, defaults to the global proxy setting, which defaults to 2Mi.
string pattern: ^[+-]?([0-9]+(\.[0-9]*)?|\.[0-9]+)(([KMGTPE]i)|[numkMGTPE]|[eE](\+?0*([0-9]|1[0-8])|-0*[0-9]))?$
string minLength: 1
string maxLength: 32
cors object
CORS configuration for the policy.
allowCredentials boolean
AllowCredentials indicates whether the actual cross-origin request allows to include credentials. When set to true, the gateway will include the `Access-Control-Allow-Credentials` response header with value true (case-sensitive). When set to false or omitted the gateway will omit the header `Access-Control-Allow-Credentials` entirely (this is the standard CORS behavior). Support: Extended
allowHeaders []string
AllowHeaders indicates which HTTP request headers are supported for accessing the requested resource. Header names are not case-sensitive. Multiple header names in the value of the `Access-Control-Allow-Headers` response header are separated by a comma (","). When the `allowHeaders` field is configured with one or more headers, the gateway must return the `Access-Control-Allow-Headers` response header which value is present in the `allowHeaders` field. If any header name in the `Access-Control-Request-Headers` request header is not included in the list of header names specified by the response header `Access-Control-Allow-Headers`, it will present an error on the client side. If any header name in the `Access-Control-Allow-Headers` response header does not recognize by the client, it will also occur an error on the client side. A wildcard indicates that the requests with all HTTP headers are allowed. If the configuration contains the wildcard `*` in `allowHeaders` and `allowCredentials` is set to `false`, the `Access-Control-Allow-Headers` response header may either contain the wildcard `*` or echo the value of the `Access-Control-Request-Headers` request header. If the configuration contains the wildcard `*` in `allowHeaders` and `allowCredentials` is set to `true`, the gateway must not return `*` in the `Access-Control-Allow-Headers` response header. Instead, it must return one or more header names matching the value of the `Access-Control-Request-Headers` request header. If the `Access-Control-Request-Headers` header is not present in the request, the gateway must omit the `Access-Control-Allow-Headers` response header. Support: Extended
maxItems: 64
allowMethods []string
AllowMethods indicates which HTTP methods are supported for accessing the requested resource. Valid values are any method defined by RFC9110, along with the special value `*`, which represents all HTTP methods are allowed. Method names are case-sensitive, so these values are also case-sensitive. (See https://www.rfc-editor.org/rfc/rfc2616#section-5.1.1) Multiple method names in the value of the `Access-Control-Allow-Methods` response header are separated by a comma (","). A CORS-safelisted method is a method that is `GET`, `HEAD`, or `POST`. (See https://fetch.spec.whatwg.org/#cors-safelisted-method) The CORS-safelisted methods are always allowed, regardless of whether they are specified in the `allowMethods` field. When the `allowMethods` field is configured with one or more methods, the gateway must return the `Access-Control-Allow-Methods` response header which value is present in the `allowMethods` field. If the HTTP method of the `Access-Control-Request-Method` request header is not included in the list of methods specified by the response header `Access-Control-Allow-Methods`, it will present an error on the client side. If the configuration contains the wildcard `*` in `allowMethods` and `allowCredentials` is set to `false`, the `Access-Control-Allow-Methods` response header may either contain the wildcard `*` or echo the value of the `Access-Control-Request-Method` request header. If the configuration contains the wildcard `*` in `allowMethods` and `allowCredentials` is set to `true`, the gateway must not return `*` in the `Access-Control-Allow-Methods` response header. Instead, it must return a single HTTP method matching the value of the `Access-Control-Request-Method` request header. If the `Access-Control-Request-Method` header is not present in the request, the gateway must omit the `Access-Control-Allow-Methods` response header. Support: Extended
maxItems: 9
allowOrigins []string
AllowOrigins indicates whether the response can be shared with requested resource from the given `Origin`. The `Origin` consists of a scheme and a host, with an optional port, and takes the form `<scheme>://<host>(:<port>)`. Valid values for scheme are: `http` and `https`. Valid values for port are any integer between 1 and 65535 (the list of available TCP/UDP ports). Note that, if not included, port `80` is assumed for `http` scheme origins, and port `443` is assumed for `https` origins. This may affect origin matching. The host part of the origin may contain the wildcard character `*`. These wildcard characters behave as follows: * `*` is a greedy match to the _left_, including any number of DNS labels to the left of its position. This also means that `*` will include any number of period `.` characters to the left of its position. * A wildcard by itself matches all hosts. An origin value that includes _only_ the `*` character indicates requests from all `Origin`s are allowed. When the `allowOrigins` field is configured with multiple origins, it means the server supports clients from multiple origins. If the request `Origin` matches the configured allowed origins, the gateway must return the given `Origin` and sets value of the header `Access-Control-Allow-Origin` same as the `Origin` header provided by the client. The status code of a successful response to a "preflight" request is always an OK status (i.e., 204 or 200). If the request `Origin` does not match the configured allowed origins, the gateway returns 204/200 response but doesn't set the relevant cross-origin response headers. Alternatively, the gateway responds with 403 status to the "preflight" request is denied, coupled with omitting the CORS headers. The cross-origin request fails on the client side. Therefore, the client doesn't attempt the actual cross-origin request. Conversely, if the request `Origin` matches one of the configured allowed origins, the gateway sets the response header `Access-Control-Allow-Origin` to the same value as the `Origin` header provided by the client. If the configuration contains the wildcard `*` in `allowOrigins` and `allowCredentials` is set to `false`, the `Access-Control-Allow-Origin` response header may either contain the wildcard `*` or echo the value of the `Origin` request header. If the configuration contains the wildcard `*` in `allowOrigins` and `allowCredentials` is set to `true`, the gateway must not return `*` in the `Access-Control-Allow-Origin` response header. Instead, it must return a single origin matching the value of the `Origin` request header. Support: Extended
maxItems: 64
exposeHeaders []string
ExposeHeaders indicates which HTTP response headers can be exposed to client-side scripts in response to a cross-origin request. A CORS-safelisted response header is an HTTP header in a CORS response that it is considered safe to expose to the client scripts. The CORS-safelisted response headers include the following headers: `Cache-Control` `Content-Language` `Content-Length` `Content-Type` `Expires` `Last-Modified` `Pragma` (See https://fetch.spec.whatwg.org/#cors-safelisted-response-header-name) The CORS-safelisted response headers are exposed to client by default. When an HTTP header name is specified using the `exposeHeaders` field, this additional header will be exposed as part of the response to the client. Header names are not case-sensitive. Multiple header names in the value of the `Access-Control-Expose-Headers` response header are separated by a comma (","). A wildcard indicates that the responses with all HTTP headers are exposed to clients. If the configuration contains the wildcard `*` in `exposeHeaders` and `allowCredentials` is set to `false`, the `Access-Control-Expose-Headers` response header can contain the wildcard `*`. If the configuration contains the wildcard `*` in `exposeHeaders` and `allowCredentials` is set to `true`, the gateway cannot use the `*` in the `Access-Control-Expose-Headers` response header. Support: Extended
maxItems: 64
maxAge integer
MaxAge indicates the duration (in seconds) for the client to cache the results of a "preflight" request. The information provided by the `Access-Control-Allow-Methods` and `Access-Control-Allow-Headers` response headers can be cached by the client until the time specified by `Access-Control-Max-Age` elapses. The default value of `Access-Control-Max-Age` response header is 5 (seconds). When the `MaxAge` field is unspecified, the gateway sets the response header "Access-Control-Max-Age: 5" by default.
format: int32
minimum: 1
csrf object
Cross-Site Request Forgery (CSRF) policy for this traffic policy. The CSRF policy has the following behavior: * Safe methods (`GET`, `HEAD`, `OPTIONS`) are automatically allowed. * Requests without `Sec-Fetch-Site` or `Origin` headers are assumed to be same-origin or non-browser requests and are allowed. * Otherwise, the `Sec-Fetch-Site` header is checked, with a fallback to comparing the `Origin` header to the `Host` header.
additionalOrigins []string
Additional source origins that will be allowed in addition to the destination origin. The `Origin` consists of a scheme and a host, with an optional port, and takes the form `<scheme>://<host>(:<port>)`.
minItems: 1
maxItems: 16
directResponse object
Sends a direct response to the client.
body string
Content to return in the HTTP response body. The maximum length of the body is restricted to prevent excessively large responses. If this field is omitted, no body is included in the response.
minLength: 1
maxLength: 4096
bodyExpression string
CEL expression that produces the HTTP response body. Strings and bytes are written directly; other values are serialized as JSON. If this field is omitted, no expression body is included in the response.
minLength: 1
maxLength: 16384
conditional []object
Conditional policy execution. Set this or the top-level directResponse fields. The first matching policy will be executed. A single policy may be provided without a condition set; if so, it must be the last policy and will be the fallback in case no conditions are met.
minItems: 1
maxItems: 16
condition string
CEL expression that must evaluate to true for this policy to execute.
minLength: 1
maxLength: 16384
policy object required
Policy to apply when the condition matches.
body string
Content to return in the HTTP response body. The maximum length of the body is restricted to prevent excessively large responses. If this field is omitted, no body is included in the response.
minLength: 1
maxLength: 4096
bodyExpression string
CEL expression that produces the HTTP response body. Strings and bytes are written directly; other values are serialized as JSON. If this field is omitted, no expression body is included in the response.
minLength: 1
maxLength: 16384
headers []object
Response headers to set on the direct response.
minItems: 1
maxItems: 16
name string required
The name of the header to set.
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
minLength: 1
maxLength: 256
value string required
CEL expression that generates the output value for the header.
minLength: 1
maxLength: 16384
status integer
HTTP status code to return.
format: int32
minimum: 200
maximum: 599
headers []object
Response headers to set on the direct response.
minItems: 1
maxItems: 16
name string required
The name of the header to set.
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
minLength: 1
maxLength: 256
value string required
CEL expression that generates the output value for the header.
minLength: 1
maxLength: 16384
status integer
HTTP status code to return.
format: int32
minimum: 200
maximum: 599
extAuth object
External authentication configuration for the policy. This selects the external server to send requests to for authentication. An extAuth policy can be conditionally set by nesting configuration under the `conditional` field.
backendRef object
External Authorization server to reach. Supported types: `Service` and `Backend`.
group string
Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred.
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
maxLength: 253
kind string
Kind is the Kubernetes resource kind of the referent. For example "Service". Defaults to "Service" when not specified. ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. Support: Core (Services with a type other than ExternalName) Support: Implementation-specific (Services with type ExternalName)
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
minLength: 1
maxLength: 63
name string required
Name is the name of the referent.
minLength: 1
maxLength: 253
namespace string
Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. Support: Core
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
minLength: 1
maxLength: 63
port integer
Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field.
format: int32
minimum: 1
maximum: 65535
cache object
Caches gRPC authorization results. WARNING: the safety of this feature depends on the cache key accurately capturing every request property that the authorization service uses to make a decision. For example, if the service returns different results based on both path and authorization header, both must be included in `key`; otherwise, one request may incorrectly reuse another request's authorization result. If any key expression fails to evaluate or produces an unsupported value, the request is still sent to the authorization service, but its result is not read from or written to the cache.
key []string required
Ordered list of CEL expressions evaluated against the request to construct the cache key.
minItems: 1
maxItems: 16
maxEntries integer
Maximum number of authorization results to keep in the cache. If unset, this defaults to 10000.
format: int32
minimum: 1
ttl string required
Duration string, such as `5m`, or a CEL expression that returns the duration that cached authorization results may be reused, or a timestamp when the cached authorization result expires. The expression is evaluated after the authorization response has been applied to the request.
minLength: 1
maxLength: 16384
conditional []object
Conditional policy execution. Set this or the top-level extAuth fields. The first matching policy will be executed. A single policy may be provided without a condition set; if so, it must be the last policy and will be the fallback in case no conditions are met.
minItems: 1
maxItems: 16
condition string
CEL expression that must evaluate to true for this policy to execute.
minLength: 1
maxLength: 16384
policy object required
Policy to apply when the condition matches.
backendRef object
External Authorization server to reach. Supported types: `Service` and `Backend`.
group string
Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred.
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
maxLength: 253
kind string
Kind is the Kubernetes resource kind of the referent. For example "Service". Defaults to "Service" when not specified. ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. Support: Core (Services with a type other than ExternalName) Support: Implementation-specific (Services with type ExternalName)
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
minLength: 1
maxLength: 63
name string required
Name is the name of the referent.
minLength: 1
maxLength: 253
namespace string
Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. Support: Core
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
minLength: 1
maxLength: 63
port integer
Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field.
format: int32
minimum: 1
maximum: 65535
cache object
Caches gRPC authorization results. WARNING: the safety of this feature depends on the cache key accurately capturing every request property that the authorization service uses to make a decision. For example, if the service returns different results based on both path and authorization header, both must be included in `key`; otherwise, one request may incorrectly reuse another request's authorization result. If any key expression fails to evaluate or produces an unsupported value, the request is still sent to the authorization service, but its result is not read from or written to the cache.
key []string required
Ordered list of CEL expressions evaluated against the request to construct the cache key.
minItems: 1
maxItems: 16
maxEntries integer
Maximum number of authorization results to keep in the cache. If unset, this defaults to 10000.
format: int32
minimum: 1
ttl string required
Duration string, such as `5m`, or a CEL expression that returns the duration that cached authorization results may be reused, or a timestamp when the cached authorization result expires. The expression is evaluated after the authorization response has been applied to the request.
minLength: 1
maxLength: 16384
failureMode string
Behavior when the external authorization service is unavailable or returns an error. "FailOpen" allows the request to continue. "FailClosed" (default) denies the request.
enum: FailClosed, FailOpen
forwardBody object
Whether to include the HTTP body in the authorization request. If enabled, the request body will be buffered.
maxSize string | integer required
Largest body, in bytes, that will be buffered and sent to the authorization server. If the body size is larger than `maxSize`, then the request will be rejected with a response.
string pattern: ^[+-]?([0-9]+(\.[0-9]*)?|\.[0-9]+)(([KMGTPE]i)|[numkMGTPE]|[eE](\+?0*([0-9]|1[0-8])|-0*[0-9]))?$
string minLength: 1
string maxLength: 32
grpc object
Uses the gRPC External Authorization [protocol](https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/auth/v3/external_auth.proto) should be used.
contextExtensions object
Additional arbitrary key-value pairs to send to the authorization server in the `context_extensions` field.
requestMetadata object
Metadata to send to the authorization server. This maps to the `metadata_context.filter_metadata` field of the request, and allows dynamic CEL expressions. If unset, by default the `envoy.filters.http.jwt_authn` key is set if the JWT policy is used as well, for compatibility.
http object
Uses HTTP to connect to the authorization server. The authorization server must return a `200` status code, otherwise the request is considered an authorization failure.
addRequestHeaders object
Additional headers to add to the request to the authorization server. While `allowedRequestHeaders` just passes the original headers through, `addRequestHeaders` allows defining custom headers based on CEL expressions.
allowedRequestHeaders []string
Additional headers from the client request that will be sent to the authorization server. If unset, the following headers are sent by default: `Authorization`.
maxItems: 64
allowedResponseHeaders []string
Headers from the authorization response that will be copied into the request to the backend.
maxItems: 64
path string
Path to send to the authorization server. If unset, this defaults to the original request path. This is a CEL expression, which allows customizing the path based on the incoming request. For example, to add a prefix, use `"/prefix/" + request.path`.
minLength: 1
maxLength: 16384
redirect string
Optional expression that determines a path to redirect to on authorization failure. This is useful to redirect to a sign-in page.
minLength: 1
maxLength: 16384
responseMetadata object
Metadata fields to construct from the authorization response. These will be included under the `extauthz` variable in future CEL expressions. Setting this is useful for things like logging usernames, without needing to include them as headers to the backend, as `allowedResponseHeaders` would.
failureMode string
Behavior when the external authorization service is unavailable or returns an error. "FailOpen" allows the request to continue. "FailClosed" (default) denies the request.
enum: FailClosed, FailOpen
forwardBody object
Whether to include the HTTP body in the authorization request. If enabled, the request body will be buffered.
maxSize string | integer required
Largest body, in bytes, that will be buffered and sent to the authorization server. If the body size is larger than `maxSize`, then the request will be rejected with a response.
string pattern: ^[+-]?([0-9]+(\.[0-9]*)?|\.[0-9]+)(([KMGTPE]i)|[numkMGTPE]|[eE](\+?0*([0-9]|1[0-8])|-0*[0-9]))?$
string minLength: 1
string maxLength: 32
grpc object
Uses the gRPC External Authorization [protocol](https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/auth/v3/external_auth.proto) should be used.
contextExtensions object
Additional arbitrary key-value pairs to send to the authorization server in the `context_extensions` field.
requestMetadata object
Metadata to send to the authorization server. This maps to the `metadata_context.filter_metadata` field of the request, and allows dynamic CEL expressions. If unset, by default the `envoy.filters.http.jwt_authn` key is set if the JWT policy is used as well, for compatibility.
http object
Uses HTTP to connect to the authorization server. The authorization server must return a `200` status code, otherwise the request is considered an authorization failure.
addRequestHeaders object
Additional headers to add to the request to the authorization server. While `allowedRequestHeaders` just passes the original headers through, `addRequestHeaders` allows defining custom headers based on CEL expressions.
allowedRequestHeaders []string
Additional headers from the client request that will be sent to the authorization server. If unset, the following headers are sent by default: `Authorization`.
maxItems: 64
allowedResponseHeaders []string
Headers from the authorization response that will be copied into the request to the backend.
maxItems: 64
path string
Path to send to the authorization server. If unset, this defaults to the original request path. This is a CEL expression, which allows customizing the path based on the incoming request. For example, to add a prefix, use `"/prefix/" + request.path`.
minLength: 1
maxLength: 16384
redirect string
Optional expression that determines a path to redirect to on authorization failure. This is useful to redirect to a sign-in page.
minLength: 1
maxLength: 16384
responseMetadata object
Metadata fields to construct from the authorization response. These will be included under the `extauthz` variable in future CEL expressions. Setting this is useful for things like logging usernames, without needing to include them as headers to the backend, as `allowedResponseHeaders` would.
extProc object
External processing configuration for the policy.
backendRef object
External Processor server to reach. Supported types: `Service` and `Backend`.
group string
Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred.
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
maxLength: 253
kind string
Kind is the Kubernetes resource kind of the referent. For example "Service". Defaults to "Service" when not specified. ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. Support: Core (Services with a type other than ExternalName) Support: Implementation-specific (Services with type ExternalName)
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
minLength: 1
maxLength: 63
name string required
Name is the name of the referent.
minLength: 1
maxLength: 253
namespace string
Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. Support: Core
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
minLength: 1
maxLength: 63
port integer
Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field.
format: int32
minimum: 1
maximum: 65535
conditional []object
Conditional policy execution. Set this or the top-level extProc fields. The first matching policy will be executed. A single policy may be provided without a condition set; if so, it must be the last policy and will be the fallback in case no conditions are met.
minItems: 1
maxItems: 16
condition string
CEL expression that must evaluate to true for this policy to execute.
minLength: 1
maxLength: 16384
policy object required
Policy to apply when the condition matches.
backendRef object
External Processor server to reach. Supported types: `Service` and `Backend`.
group string
Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred.
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
maxLength: 253
kind string
Kind is the Kubernetes resource kind of the referent. For example "Service". Defaults to "Service" when not specified. ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. Support: Core (Services with a type other than ExternalName) Support: Implementation-specific (Services with type ExternalName)
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
minLength: 1
maxLength: 63
name string required
Name is the name of the referent.
minLength: 1
maxLength: 253
namespace string
Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. Support: Core
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
minLength: 1
maxLength: 63
port integer
Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field.
format: int32
minimum: 1
maximum: 65535
processingOptions object
How request and response phases are sent to ext_proc.
allowModeOverride boolean
Allows ext_proc `mode_override` values from matching header responses to update subsequent request/response processing phases for this exchange. Defaults to `false`.
requestBodyMode string
How request bodies are sent to the external processor. `Buffered` buffers the full body and returns an error if it exceeds 8KB. `BufferedPartial` buffers up to 8KB and sends the buffered prefix if the body exceeds that limit. Defaults to `FullDuplexStreamed`.
enum: None, Buffered, BufferedPartial, FullDuplexStreamed
requestHeaderMode string
Whether request headers are sent to the external processor. Defaults to `Send`.
enum: Send, Skip
requestTrailerMode string
Whether request trailers are sent to the external processor. Defaults to `Send`.
enum: Skip, Send
responseBodyMode string
How response bodies are sent to the external processor. `Buffered` buffers the full body and returns an error if it exceeds 8KB. `BufferedPartial` buffers up to 8KB and sends the buffered prefix if the body exceeds that limit. Defaults to `FullDuplexStreamed`.
enum: None, Buffered, BufferedPartial, FullDuplexStreamed
responseHeaderMode string
Whether response headers are sent to the external processor. Defaults to `Send`.
enum: Send, Skip
responseTrailerMode string
Whether response trailers are sent to the external processor. Defaults to `Send`.
enum: Skip, Send
processingOptions object
How request and response phases are sent to ext_proc.
allowModeOverride boolean
Allows ext_proc `mode_override` values from matching header responses to update subsequent request/response processing phases for this exchange. Defaults to `false`.
requestBodyMode string
How request bodies are sent to the external processor. `Buffered` buffers the full body and returns an error if it exceeds 8KB. `BufferedPartial` buffers up to 8KB and sends the buffered prefix if the body exceeds that limit. Defaults to `FullDuplexStreamed`.
enum: None, Buffered, BufferedPartial, FullDuplexStreamed
requestHeaderMode string
Whether request headers are sent to the external processor. Defaults to `Send`.
enum: Send, Skip
requestTrailerMode string
Whether request trailers are sent to the external processor. Defaults to `Send`.
enum: Skip, Send
responseBodyMode string
How response bodies are sent to the external processor. `Buffered` buffers the full body and returns an error if it exceeds 8KB. `BufferedPartial` buffers up to 8KB and sends the buffered prefix if the body exceeds that limit. Defaults to `FullDuplexStreamed`.
enum: None, Buffered, BufferedPartial, FullDuplexStreamed
responseHeaderMode string
Whether response headers are sent to the external processor. Defaults to `Send`.
enum: Send, Skip
responseTrailerMode string
Whether response trailers are sent to the external processor. Defaults to `Send`.
enum: Skip, Send
headerModifiers object
Request and response header modification policy.
request object
Header changes to apply before forwarding a request.
add []object
Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. Input: GET /foo HTTP/1.1 my-header: foo Config: add: - name: "my-header" value: "bar,baz" Output: GET /foo HTTP/1.1 my-header: foo,bar,baz
maxItems: 16
name string required
Name is the name of the HTTP Header to be matched. Name matching MUST be case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, "foo" and "Foo" are considered equivalent.
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
minLength: 1
maxLength: 256
value string required
Value is the value of HTTP Header to be matched. <gateway:experimental:description> Must consist of printable US-ASCII characters, optionally separated by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2 </gateway:experimental:description> <gateway:experimental:validation:Pattern=`^[!-~]+([\t ]?[!-~]+)*$`>
minLength: 1
maxLength: 4096
remove []string
Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz Config: remove: ["my-header1", "my-header3"] Output: GET /foo HTTP/1.1 my-header2: bar
maxItems: 16
set []object
Set overwrites the request with the given header (name, value) before the action. Input: GET /foo HTTP/1.1 my-header: foo Config: set: - name: "my-header" value: "bar" Output: GET /foo HTTP/1.1 my-header: bar
maxItems: 16
name string required
Name is the name of the HTTP Header to be matched. Name matching MUST be case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, "foo" and "Foo" are considered equivalent.
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
minLength: 1
maxLength: 256
value string required
Value is the value of HTTP Header to be matched. <gateway:experimental:description> Must consist of printable US-ASCII characters, optionally separated by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2 </gateway:experimental:description> <gateway:experimental:validation:Pattern=`^[!-~]+([\t ]?[!-~]+)*$`>
minLength: 1
maxLength: 4096
response object
Header changes to apply before returning a response.
add []object
Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. Input: GET /foo HTTP/1.1 my-header: foo Config: add: - name: "my-header" value: "bar,baz" Output: GET /foo HTTP/1.1 my-header: foo,bar,baz
maxItems: 16
name string required
Name is the name of the HTTP Header to be matched. Name matching MUST be case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, "foo" and "Foo" are considered equivalent.
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
minLength: 1
maxLength: 256
value string required
Value is the value of HTTP Header to be matched. <gateway:experimental:description> Must consist of printable US-ASCII characters, optionally separated by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2 </gateway:experimental:description> <gateway:experimental:validation:Pattern=`^[!-~]+([\t ]?[!-~]+)*$`>
minLength: 1
maxLength: 4096
remove []string
Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz Config: remove: ["my-header1", "my-header3"] Output: GET /foo HTTP/1.1 my-header2: bar
maxItems: 16
set []object
Set overwrites the request with the given header (name, value) before the action. Input: GET /foo HTTP/1.1 my-header: foo Config: set: - name: "my-header" value: "bar" Output: GET /foo HTTP/1.1 my-header: bar
maxItems: 16
name string required
Name is the name of the HTTP Header to be matched. Name matching MUST be case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, "foo" and "Foo" are considered equivalent.
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
minLength: 1
maxLength: 256
value string required
Value is the value of HTTP Header to be matched. <gateway:experimental:description> Must consist of printable US-ASCII characters, optionally separated by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2 </gateway:experimental:description> <gateway:experimental:validation:Pattern=`^[!-~]+([\t ]?[!-~]+)*$`>
minLength: 1
maxLength: 4096
hostRewrite object
How to rewrite the `Host` header for requests. If the `HTTPRoute` `urlRewrite` filter already specifies a host rewrite, this setting is ignored.
mode string required
Hostname rewrite mode. The following may be specified: * `Auto`: automatically set the `Host` header based on the destination. * `None`: do not rewrite the `Host` header. The original `Host` header will be passed through. This setting defaults to `Auto` when connecting to hostname-based `Backend` types, and `None` otherwise, for `Service` or IP-based backends.
enum: Auto, None
jwtAuthentication object
Authenticates users based on JWT tokens.
location object
Where JWT credentials are read from. If omitted, credentials are read from the `Authorization` header with the `Bearer ` prefix.
cookie object
name string required
minLength: 1
maxLength: 256
expression string
CEL expression that extracts the credential from the request.
minLength: 1
maxLength: 16384
header object
name string required
HTTPHeaderName is the name of an HTTP header. Valid values include: * "Authorization" * "Set-Cookie" Invalid values include: - ":method" - ":" is an invalid character. This means that HTTP/2 pseudo headers are not currently supported by this type. - "/invalid" - "/ " is an invalid character
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
minLength: 1
maxLength: 256
prefix string
minLength: 1
maxLength: 256
queryParameter object
name string required
minLength: 1
maxLength: 256
mcp object
Enables MCP OAuth metadata endpoint handling and MCP-specific authentication behavior on top of standard JWT validation. When set, the gateway will serve the MCP OAuth metadata discovery endpoints.
clientId string
Client ID to use for short-circuiting Dynamic Client Registration. If set, the gateway will not proxy registration requests to the IDP and instead return this client ID.
provider string
Identity provider to use for MCP authentication flows.
enum: Auth0, Keycloak, Okta
resourceMetadata object
Metadata to use for MCP resources, served at the MCP OAuth metadata endpoints.
mode string
Validation mode for JWT authentication.
enum: Optional, Permissive, Strict
providers []object required
minItems: 1
maxItems: 64
audiences []string
Allowed audiences that are allowed access. This corresponds to the `aud` claim ([RFC 7519 §4.1.3](https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.3)). If unset, any audience is allowed.
minItems: 1
maxItems: 64
issuer string required
IdP that issued the JWT. This corresponds to the `iss` claim ([RFC 7519 §4.1.1](https://tools.ietf.org/html/rfc7519#section-4.1.1)).
minLength: 1
maxLength: 256
jwks object required
JSON Web Key Set used to validate the signature of the JWT.
inline string
Inline JSON Web Key Set used to validate the signature of the JWT.
minLength: 2
maxLength: 65536
remote object
How to reach the JSON Web Key Set from a remote address.
backendRef object required
Remote JWKS server to reach. Supported types are `Service` and static `Backend`. An `AgentgatewayPolicy` containing backend TLS config can then be attached to the `Service` or `Backend` in order to set TLS options for a connection to the remote `jwks` source.
group string
Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred.
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
maxLength: 253
kind string
Kind is the Kubernetes resource kind of the referent. For example "Service". Defaults to "Service" when not specified. ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. Support: Core (Services with a type other than ExternalName) Support: Implementation-specific (Services with type ExternalName)
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
minLength: 1
maxLength: 63
name string required
Name is the name of the referent.
minLength: 1
maxLength: 253
namespace string
Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. Support: Core
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
minLength: 1
maxLength: 63
port integer
Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field.
format: int32
minimum: 1
maximum: 65535
cacheDuration string
jwksPath string required
Path to the IdP `jwks` endpoint, relative to the root, commonly `".well-known/jwks.json"`.
minLength: 1
maxLength: 2000
phase string
The phase to apply the traffic policy to. If the phase is `PreRouting`, the `targetRef` must be a `Gateway` or a `Listener`. `PreRouting` is typically used only when a policy needs to influence the routing decision. Even when using `PostRouting` mode, the policy can target the `Gateway` or `Listener`. This is a helper for applying the policy to all routes under that `Gateway` or `Listener`, and follows the merging logic described above. Note: `PreRouting` and `PostRouting` rules do not merge together. These are independent execution phases. That is, all `PreRouting` rules will merge and execute, then all `PostRouting` rules will merge and execute. If unset, this defaults to `PostRouting`.
enum: PostRouting, PreRouting
rateLimit object
Rate limiting configuration for the policy. This limits the rate at which requests are processed.
conditional []object
Conditional policy execution. Set this or the top-level rateLimit fields. The first matching policy will be executed. A single policy may be provided without a condition set; if so, it must be the last policy and will be the fallback in case no conditions are met.
minItems: 1
maxItems: 16
condition string
CEL expression that must evaluate to true for this policy to execute.
minLength: 1
maxLength: 16384
policy object required
Policy to apply when the condition matches.
global object
Global rate limiting policy using an external service.
backendRef object required
Rate limit server to reach. Supported types: `Service` and `Backend`.
group string
Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred.
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
maxLength: 253
kind string
Kind is the Kubernetes resource kind of the referent. For example "Service". Defaults to "Service" when not specified. ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. Support: Core (Services with a type other than ExternalName) Support: Implementation-specific (Services with type ExternalName)
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
minLength: 1
maxLength: 63
name string required
Name is the name of the referent.
minLength: 1
maxLength: 253
namespace string
Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. Support: Core
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
minLength: 1
maxLength: 63
port integer
Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field.
format: int32
minimum: 1
maximum: 65535
descriptors []object required
Dimensions for rate limiting. These values are passed to the rate limit service which applies configured limits based on them. Each descriptor represents a single rate limit rule with one or more entries.
minItems: 1
maxItems: 16
cost string
Common Expression Language (`CEL`) expression that determines the cost of the request for this descriptor. If unset, `Requests` costs default to 1, and `Tokens` costs default to the total token count. `Tokens` cost are evaluated after the request has completed. For non-streaming requests, `request`, `llm`, and `response` fields are all available; for streaming requests, `response` is not available (however, all LLM attributes are in `llm`). For `Requests`, cost is computed during the request phase. See https://agentgateway.dev/docs/standalone/latest/reference/cel/ for more info.
minLength: 1
maxLength: 16384
entries []object required
Individual components that make up this descriptor.
minItems: 1
maxItems: 16
expression string required
Common Expression Language (`CEL`) expression that defines the value for the descriptor. For example, to rate limit based on the Client IP: `source.address`. See https://agentgateway.dev/docs/standalone/latest/reference/cel/ for more info.
minLength: 1
maxLength: 16384
name string required
Name of the descriptor.
minLength: 1
maxLength: 64
unit string
Cost unit. If unspecified, `Requests` is used.
enum: Requests, Tokens
domain string required
Domain under which this limit should apply. This is an arbitrary string that enables a rate limit server to distinguish between different applications.
minLength: 1
maxLength: 256
failureMode string
Behavior when the remote rate limit service is unavailable or returns an error. `FailOpen` allows the request to continue. `FailClosed` (default) denies the request.
enum: FailClosed, FailOpen
local []object
Local rate limiting policy.
minItems: 1
maxItems: 16
burst integer
Allowance of requests above the request-per-unit that should be allowed within a short period of time.
format: int32
requests integer
Number of HTTP requests per unit of time that are allowed. Requests exceeding this limit will fail with a `429` error.
format: int32
minimum: 1
tokens integer
Number of LLM tokens per unit of time that are allowed. Requests exceeding this limit will fail with a `429` error. Both input and output tokens are counted. However, token counts are not known until the request completes. As a result, token-based rate limits will apply to future requests only.
format: int32
minimum: 1
unit string required
Unit of time for the limit.
enum: Hours, Minutes, Seconds
global object
Global rate limiting policy using an external service.
backendRef object required
Rate limit server to reach. Supported types: `Service` and `Backend`.
group string
Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred.
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
maxLength: 253
kind string
Kind is the Kubernetes resource kind of the referent. For example "Service". Defaults to "Service" when not specified. ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. Support: Core (Services with a type other than ExternalName) Support: Implementation-specific (Services with type ExternalName)
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
minLength: 1
maxLength: 63
name string required
Name is the name of the referent.
minLength: 1
maxLength: 253
namespace string
Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. Support: Core
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
minLength: 1
maxLength: 63
port integer
Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field.
format: int32
minimum: 1
maximum: 65535
descriptors []object required
Dimensions for rate limiting. These values are passed to the rate limit service which applies configured limits based on them. Each descriptor represents a single rate limit rule with one or more entries.
minItems: 1
maxItems: 16
cost string
Common Expression Language (`CEL`) expression that determines the cost of the request for this descriptor. If unset, `Requests` costs default to 1, and `Tokens` costs default to the total token count. `Tokens` cost are evaluated after the request has completed. For non-streaming requests, `request`, `llm`, and `response` fields are all available; for streaming requests, `response` is not available (however, all LLM attributes are in `llm`). For `Requests`, cost is computed during the request phase. See https://agentgateway.dev/docs/standalone/latest/reference/cel/ for more info.
minLength: 1
maxLength: 16384
entries []object required
Individual components that make up this descriptor.
minItems: 1
maxItems: 16
expression string required
Common Expression Language (`CEL`) expression that defines the value for the descriptor. For example, to rate limit based on the Client IP: `source.address`. See https://agentgateway.dev/docs/standalone/latest/reference/cel/ for more info.
minLength: 1
maxLength: 16384
name string required
Name of the descriptor.
minLength: 1
maxLength: 64
unit string
Cost unit. If unspecified, `Requests` is used.
enum: Requests, Tokens
domain string required
Domain under which this limit should apply. This is an arbitrary string that enables a rate limit server to distinguish between different applications.
minLength: 1
maxLength: 256
failureMode string
Behavior when the remote rate limit service is unavailable or returns an error. `FailOpen` allows the request to continue. `FailClosed` (default) denies the request.
enum: FailClosed, FailOpen
local []object
Local rate limiting policy.
minItems: 1
maxItems: 16
burst integer
Allowance of requests above the request-per-unit that should be allowed within a short period of time.
format: int32
requests integer
Number of HTTP requests per unit of time that are allowed. Requests exceeding this limit will fail with a `429` error.
format: int32
minimum: 1
tokens integer
Number of LLM tokens per unit of time that are allowed. Requests exceeding this limit will fail with a `429` error. Both input and output tokens are counted. However, token counts are not known until the request completes. As a result, token-based rate limits will apply to future requests only.
format: int32
minimum: 1
unit string required
Unit of time for the limit.
enum: Hours, Minutes, Seconds
retry object
Retry policy.
attempts integer
Attempts specifies the maximum number of times an individual request from the gateway to a backend should be retried. If the maximum number of retries has been attempted without a successful response from the backend, the Gateway MUST return an error. When this field is unspecified, the number of times to attempt to retry a backend request is implementation-specific. Support: Extended
minimum: 1
backoff string
Backoff specifies the minimum duration a Gateway should wait between retry attempts and is represented in Gateway API Duration formatting. For example, setting the `rules[].retry.backoff` field to the value `100ms` will cause a backend request to first be retried approximately 100 milliseconds after timing out or receiving a response code configured to be retriable. An implementation MAY use an exponential or alternative backoff strategy for subsequent retry attempts, MAY cap the maximum backoff duration to some amount greater than the specified minimum, and MAY add arbitrary jitter to stagger requests, as long as unsuccessful backend requests are not retried before the configured minimum duration. If a Request timeout (`rules[].timeouts.request`) is configured on the route, the entire duration of the initial request and any retry attempts MUST not exceed the Request timeout duration. If any retry attempts are still in progress when the Request timeout duration has been reached, these SHOULD be canceled if possible and the Gateway MUST immediately return a timeout error. If a BackendRequest timeout (`rules[].timeouts.backendRequest`) is configured on the route, any retry attempts which reach the configured BackendRequest timeout duration without a response SHOULD be canceled if possible and the Gateway should wait for at least the specified backoff duration before attempting to retry the backend request again. If a BackendRequest timeout is _not_ configured on the route, retry attempts MAY time out after an implementation default duration, or MAY remain pending until a configured Request timeout or implementation default duration for total request time is reached. When this field is unspecified, the time to wait between retry attempts is implementation-specific. Support: Extended
pattern: ^([0-9]{1,5}(h|m|s|ms)){1,4}$
codes []integer
Codes defines the HTTP response status codes for which a backend request should be retried. Support: Extended
condition string
`condition` is a CEL expression evaluated against each response to decide whether to retry. A response is retried when its status code is in `codes` or this expression evaluates to `true`.
minLength: 1
maxLength: 16384
precondition string
`precondition` is a CEL expression evaluated against the request before any attempt is made. When it evaluates to `false`, retries are disabled and only the initial attempt is made, for example `request.method == "GET"`. Retrying requires buffering the request body in memory for replay, so this lets us skip that cost when the request is known to be non-retriable (for example streaming uploads or long-lived connections like websockets).
minLength: 1
maxLength: 16384
timeouts object
Request timeouts. It is applicable to `HTTPRoute` resources and ignored for other targeted kinds.
request string
Timeout for an individual request from the gateway to a backend. This covers the time from when the request first starts being sent from the gateway to when the full response has been received from the backend.
transformation object
Mutates and transforms requests and responses before forwarding them to the destination.
conditional []object
Conditional policy execution. Set this or the top-level transformation fields. The first matching policy will be executed. A single policy may be provided without a condition set; if so, it must be the last policy and will be the fallback in case no conditions are met.
minItems: 1
maxItems: 16
condition string
CEL expression that must evaluate to true for this policy to execute.
minLength: 1
maxLength: 16384
policy object required
Policy to apply when the condition matches.
request object
Request transformation settings.
add []object
Headers to add to the request and what each value should be set to. If there is already a header with these values then append the value as an extra entry.
minItems: 1
maxItems: 16
name string required
The name of the header to add.
pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
minLength: 1
maxLength: 256
value string required
CEL expression that generates the output value for the header.
minLength: 1
maxLength: 16384
body string
HTTP body transformation.
minLength: 1
maxLength: 16384
metadata object
Stores CEL-evaluated values under the `metadata` CEL variable for subsequent policy evaluations. `metadata` is evaluated before header or body transformations.
remove []string
Header names to remove from the request or response.
minItems: 1
maxItems: 16
set []object
Headers to set and the values to use.
minItems: 1
maxItems: 16
name string required
The name of the header to add.
pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
minLength: 1
maxLength: 256
value string required
CEL expression that generates the output value for the header.
minLength: 1
maxLength: 16384
response object
Response transformation settings.
add []object
Headers to add to the request and what each value should be set to. If there is already a header with these values then append the value as an extra entry.
minItems: 1
maxItems: 16
name string required
The name of the header to add.
pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
minLength: 1
maxLength: 256
value string required
CEL expression that generates the output value for the header.
minLength: 1
maxLength: 16384
body string
HTTP body transformation.
minLength: 1
maxLength: 16384
metadata object
Stores CEL-evaluated values under the `metadata` CEL variable for subsequent policy evaluations. `metadata` is evaluated before header or body transformations.
remove []string
Header names to remove from the request or response.
minItems: 1
maxItems: 16
set []object
Headers to set and the values to use.
minItems: 1
maxItems: 16
name string required
The name of the header to add.
pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
minLength: 1
maxLength: 256
value string required
CEL expression that generates the output value for the header.
minLength: 1
maxLength: 16384
request object
Request transformation settings.
add []object
Headers to add to the request and what each value should be set to. If there is already a header with these values then append the value as an extra entry.
minItems: 1
maxItems: 16
name string required
The name of the header to add.
pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
minLength: 1
maxLength: 256
value string required
CEL expression that generates the output value for the header.
minLength: 1
maxLength: 16384
body string
HTTP body transformation.
minLength: 1
maxLength: 16384
metadata object
Stores CEL-evaluated values under the `metadata` CEL variable for subsequent policy evaluations. `metadata` is evaluated before header or body transformations.
remove []string
Header names to remove from the request or response.
minItems: 1
maxItems: 16
set []object
Headers to set and the values to use.
minItems: 1
maxItems: 16
name string required
The name of the header to add.
pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
minLength: 1
maxLength: 256
value string required
CEL expression that generates the output value for the header.
minLength: 1
maxLength: 16384
response object
Response transformation settings.
add []object
Headers to add to the request and what each value should be set to. If there is already a header with these values then append the value as an extra entry.
minItems: 1
maxItems: 16
name string required
The name of the header to add.
pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
minLength: 1
maxLength: 256
value string required
CEL expression that generates the output value for the header.
minLength: 1
maxLength: 16384
body string
HTTP body transformation.
minLength: 1
maxLength: 16384
metadata object
Stores CEL-evaluated values under the `metadata` CEL variable for subsequent policy evaluations. `metadata` is evaluated before header or body transformations.
remove []string
Header names to remove from the request or response.
minItems: 1
maxItems: 16
set []object
Headers to set and the values to use.
minItems: 1
maxItems: 16
name string required
The name of the header to add.
pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
minLength: 1
maxLength: 256
value string required
CEL expression that generates the output value for the header.
minLength: 1
maxLength: 16384
status object
Current policy status.
ancestors []object required
Ancestors is a list of ancestor resources (usually Gateways) that are associated with the policy, and the status of the policy with respect to each ancestor. When this policy attaches to a parent, the controller that manages the parent and the ancestors MUST add an entry to this list when the controller first sees the policy and SHOULD update the entry as appropriate when the relevant ancestor is modified. Note that choosing the relevant ancestor is left to the Policy designers; an important part of Policy design is designing the right object level at which to namespace this status. Note also that implementations MUST ONLY populate ancestor status for the Ancestor resources they are responsible for. Implementations MUST use the ControllerName field to uniquely identify the entries in this list that they are responsible for. Note that to achieve this, the list of PolicyAncestorStatus structs MUST be treated as a map with a composite key, made up of the AncestorRef and ControllerName fields combined. A maximum of 16 ancestors will be represented in this list. An empty list means the Policy is not relevant for any ancestors. If this slice is full, implementations MUST NOT add further entries. Instead they MUST consider the policy unimplementable and signal that on any related resources such as the ancestor that would be referenced here. For example, if this list was full on BackendTLSPolicy, no additional Gateways would be able to reference the Service targeted by the BackendTLSPolicy.
maxItems: 16
ancestorRef object required
AncestorRef corresponds with a ParentRef in the spec that this PolicyAncestorStatus struct describes the status of.
group string
Group is the group of the referent. When unspecified, "gateway.networking.k8s.io" is inferred. To set the core API group (such as for a "Service" kind referent), Group must be explicitly set to "" (empty string). Support: Core
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
maxLength: 253
kind string
Kind is kind of the referent. There are two kinds of parent resources with "Core" support: * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, ClusterIP Services only) Support for other resources is Implementation-Specific.
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
minLength: 1
maxLength: 63
name string required
Name is the name of the referent. Support: Core
minLength: 1
maxLength: 253
namespace string
Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. <gateway:experimental:description> ParentRefs from a Route to a Service in the same namespace are "producer" routes, which apply default routing rules to inbound connections from any namespace to the Service. ParentRefs from a Route to a Service in a different namespace are "consumer" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. </gateway:experimental:description> Support: Core
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
minLength: 1
maxLength: 63
port integer
Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. <gateway:experimental:description> When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. </gateway:experimental:description> Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. Support: Extended
format: int32
minimum: 1
maximum: 65535
sectionName string
SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: * Gateway: Listener name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. * Service: Port name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. Support: Core
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
minLength: 1
maxLength: 253
conditions []object required
Conditions describes the status of the Policy with respect to the given Ancestor. <gateway:util:excludeFromCRD> Notes for implementors: Conditions are a listType `map`, which means that they function like a map with a key of the `type` field _in the k8s apiserver_. This means that implementations must obey some rules when updating this section. * Implementations MUST perform a read-modify-write cycle on this field before modifying it. That is, when modifying this field, implementations must be confident they have fetched the most recent version of this field, and ensure that changes they make are on that recent version. * Implementations MUST NOT remove or reorder Conditions that they are not directly responsible for. For example, if an implementation sees a Condition with type `special.io/SomeField`, it MUST NOT remove, change or update that Condition. * Implementations MUST always _merge_ changes into Conditions of the same Type, rather than creating more than one Condition of the same Type. * Implementations MUST always update the `observedGeneration` field of the Condition to the `metadata.generation` of the Gateway at the time of update creation. * If the `observedGeneration` of a Condition is _greater than_ the value the implementation knows about, then it MUST NOT perform the update on that Condition, but must wait for a future reconciliation and status update. (The assumption is that the implementation's copy of the object is stale and an update will be re-triggered if relevant.) </gateway:util:excludeFromCRD>
minItems: 1
maxItems: 8
lastTransitionTime string required
lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
message string required
message is a human readable message indicating details about the transition. This may be an empty string.
maxLength: 32768
observedGeneration integer
observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
format: int64
minimum: 0
reason string required
reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
minLength: 1
maxLength: 1024
status string required
status of the condition, one of True, False, Unknown.
enum: True, False, Unknown
type string required
type of condition in CamelCase or in foo.example.com/CamelCase.
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
maxLength: 316
controllerName string required
ControllerName is a domain/path string that indicates the name of the controller that wrote this status. This corresponds with the controllerName field on GatewayClass. Example: "example.net/gateway-controller". The format of this field is DOMAIN "/" PATH, where DOMAIN and PATH are valid Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). Controllers MUST populate this field when writing status. Controllers should ensure that entries to status populated with their ControllerName are cleaned up when they are no longer necessary.
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
minLength: 1
maxLength: 253

No matches. Try .spec.backend for an exact path