API reference

Review the API reference documentation for kgateway with the agentgateway data plane.

Looking for the Envoy data plane APIs instead? See the kgateway with Envoy API docs.

Packages

agentgateway.dev/v1alpha1

agentgateway.dev/v1alpha1

Resource Types

AgentgatewayBackend
AgentgatewayParameters
AgentgatewayPolicy

AIBackend

AIBackend specifies the AI backend configuration

Validation:

ExactlyOneOf: [provider groups]

Appears in:

AgentgatewayBackendSpec

Field	Description	Default	Validation
`provider` LLMProvider	provider specifies configuration for how to reach the configured LLM provider.		ExactlyOneOf: [openai azureopenai anthropic gemini vertexai bedrock] Optional: {}
`groups` PriorityGroup array	groups specifies a list of groups in priority order where each group defines a set of LLM providers. The priority determines the priority of the backend endpoints chosen. Note: provider names must be unique across all providers in all priority groups. Backend policies may target a specific provider by name using targetRefs[].sectionName. Example configuration with two priority groups: `yaml<br />groups:<br />- providers:<br /> - azureopenai:<br /> deploymentName: gpt-4o-mini<br /> apiVersion: 2024-02-15-preview<br /> endpoint: ai-gateway.openai.azure.com<br />- providers:<br /> - azureopenai:<br /> deploymentName: gpt-4o-mini-2<br /> apiVersion: 2024-02-15-preview<br /> endpoint: ai-gateway-2.openai.azure.com<br /> policies:<br /> auth:<br /> secretRef:<br /> name: azure-secret<br />`		MaxItems: 32 MinItems: 1 Optional: {}

AIPromptEnrichment

AIPromptEnrichment defines the config to enrich requests sent to the LLM provider by appending and prepending system prompts.

Prompt enrichment allows you to add additional context to the prompt before sending it to the model. Unlike RAG or other dynamic context methods, prompt enrichment is static and is applied to every request.

Note: Some providers, including Anthropic, do not support SYSTEM role messages, and instead have a dedicated system field in the input JSON. In this case, use the defaults setting to set the system field.

The following example prepends a system prompt of Answer all questions in French. and appends Describe the painting as if you were a famous art critic from the 17th century. to each request that is sent to the openai HTTPRoute.


	name: openai-opt
	namespace: kgateway-system

spec:

	targetRefs:
	- group: gateway.networking.k8s.io
	  kind: HTTPRoute
	  name: openai
	ai:
	    promptEnrichment:
	      prepend:
	      - role: SYSTEM
	        content: "Answer all questions in French."
	      append:
	      - role: USER
	        content: "Describe the painting as if you were a famous art critic from the 17th century."

Appears in:

BackendAI

Field	Description	Default	Validation
`prepend` Message array	A list of messages to be prepended to the prompt sent by the client.		Optional: {}
`append` Message array	A list of messages to be appended to the prompt sent by the client.		Optional: {}

AIPromptGuard

AIPromptGuard configures a prompt guards to block unwanted requests to the LLM provider and mask sensitive data. Prompt guards can be used to reject requests based on the content of the prompt, as well as mask responses based on the content of the response.

This example rejects any request prompts that contain the string “credit card”, and masks any credit card numbers in the response.

promptGuard:

	request:
	- response:
	    message: "Rejected due to inappropriate content"
	  regex:
	    action: REJECT
	    matches:
	    - pattern: "credit card"
	      name: "CC"
	response:
	- regex:
	    builtins:
	    - CREDIT_CARD
	    action: MASK

Validation:

AtLeastOneOf: [request response]

Appears in:

BackendAI

Field	Description	Default	Validation
`request` PromptguardRequest array	Prompt guards to apply to requests sent by the client.		ExactlyOneOf: [regex webhook openAIModeration] MaxItems: 8 MinItems: 1 Optional: {}
`response` PromptguardResponse array	Prompt guards to apply to responses returned by the LLM provider.		ExactlyOneOf: [regex webhook] MaxItems: 8 MinItems: 1 Optional: {}

APIKeyAuthentication

Validation:

ExactlyOneOf: [secretRef secretSelector]

Appears in:

Traffic

Field	Description	Default	Validation
`mode` APIKeyAuthenticationMode	Validation mode for api key authentication.	Strict	Enum: [Strict Optional] Optional: {}
`secretRef` LocalObjectReference	secretRef references a Kubernetes secret storing a set of API Keys. If there are many keys, ‘secretSelector’ can be used instead. Each entry in the Secret represents one API Key. The key is an arbitrary identifier. The value can either be: * A string, representing the API Key. * A JSON object, with two fields, `key` and `metadata`. `key` contains the API Key. `metadata` contains arbitrary JSON metadata associated with the key, which may be used by other policies. For example, you may write an authorization policy allow `apiKey.group == 'sales'`. Example: apiVersion: v1 kind: Secret metadata: name: api-key stringData: client1: \| { “key”: “k-123”, “metadata”: { “group”: “sales”, “created_at”: “2024-10-01T12:00:00Z”, } } client2: “k-456”		Optional: {}
`secretSelector` SecretSelector	secretSelector selects multiple secrets containing API Keys. If the same key is defined in multiple secrets, the behavior is undefined. Each entry in the Secret represents one API Key. The key is an arbitrary identifier. The value can either be: * A string, representing the API Key. * A JSON object, with two fields, `key` and `metadata`. `key` contains the API Key. `metadata` contains arbitrary JSON metadata associated with the key, which may be used by other policies. For example, you may write an authorization policy allow `apiKey.group == 'sales'`. Example: apiVersion: v1 kind: Secret metadata: name: api-key stringData: client1: \| { “key”: “k-123”, “metadata”: { “group”: “sales”, “created_at”: “2024-10-01T12:00:00Z”, } } client2: “k-456”		Optional: {}

APIKeyAuthenticationMode

Underlying type: string

Validation:

Enum: [Strict Optional]

Appears in:

APIKeyAuthentication

Field	Description
`Strict`	A valid API Key must be present. This is the default option.
`Optional`	If an API Key exists, validate it. Warning: this allows requests without an API Key!

AWSGuardrailConfig

Appears in:

BedrockConfig

Field	Description	Default	Validation
`identifier` ShortString	GuardrailIdentifier is the identifier of the Guardrail policy to use for the backend.		MaxLength: 256 MinLength: 1 Required: {}
`version` ShortString	GuardrailVersion is the version of the Guardrail policy to use for the backend.		MaxLength: 256 MinLength: 1 Required: {}

AccessLog

accessLogs specifies how per-request access logs are emitted.

Appears in:

Frontend

Field	Description	Default	Validation
`filter` CELExpression	filter specifies a CEL expression that is used to filter logs. A log will only be emitted if the expression evaluates to ’true’.		MaxLength: 16384 MinLength: 1 Optional: {}
`attributes` LogTracingAttributes	attributes specifies customizations to the key-value pairs that are logged		AtLeastOneOf: [remove add] Optional: {}

Action

Underlying type: string

Action to take if a regex pattern is matched in a request or response. This setting applies only to request matches. PromptguardResponse matches are always masked by default.

Validation:

Enum: [Mask Reject]

Appears in:

Regex

Field	Description
`Mask`	Mask the matched data in the request.
`Reject`	Reject the request if the regex matches content in the request.

AgentExtAuthGRPC

Appears in:

ExtAuth

Field	Description	Default	Validation
`contextExtensions` object (keys:string, values:string)	contextExtensions specifies additional arbitrary key-value pairs to send to the authorization server in the `context_extensions` field.		MaxProperties: 64 Optional: {}
`requestMetadata` object (keys:string, values:CELExpression)	requestMetadata specifies metadata to be sent to the authorization server. This maps to the `metadata_context.filter_metadata` field of the request, and allows dynamic CEL expressions. If unset, by default the `envoy.filters.http.jwt_authn` key is set if the JWT policy is used as well, for compatibility.		MaxProperties: 64 Optional: {}

AgentExtAuthHTTP

Appears in:

ExtAuth

Field	Description	Validation
`path` CELExpression	path specifies the path to send to the authorization server. If unset, this defaults to the original request path. This is a CEL expression, which allows customizing the path based on the incoming request. For example, to add a prefix: `path: '"/prefix/" + request.path'`.	MaxLength: 16384 MinLength: 1 Optional: {}
`redirect` CELExpression	redirect defines an optional expression to determine a path to redirect to on authorization failure. This is useful to redirect to a sign-in page.	MaxLength: 16384 MinLength: 1 Optional: {}
`allowedRequestHeaders` ShortString array	allowedRequestHeaders specifies what additional headers from the client request will be sent to the authorization server. If unset, the following headers are sent by default: `Authorization`.	MaxItems: 64 MaxLength: 256 MinLength: 1 Optional: {}
`addRequestHeaders` object (keys:string, values:CELExpression)	addRequestHeaders specifies what additional headers to add to the request to the authorization server. While allowedRequestHeaders just passes the original headers through, addRequestHeaders allows defining custom headers based on CEL Expressions.	MaxProperties: 64 Optional: {}
`allowedResponseHeaders` ShortString array	allowedResponseHeaders specifies what headers from the authorization response will be copied into the request to the backend.	MaxItems: 64 MaxLength: 256 MinLength: 1 Optional: {}
`responseMetadata` object (keys:string, values:CELExpression)	responseMetadata specifies what metadata fields should be constructed from the authorization response. These will be included under the `extauthz` variable in future CEL expressions. Setting this is useful to do things like logging usernames, without needing to include them as headers to the backend (as `allowedResponseHeaders` would).	MaxProperties: 64 Optional: {}

AgentgatewayBackend

Field	Description	Validation
`apiVersion` string	`agentgateway.dev/v1alpha1`
`kind` string	`AgentgatewayBackend`
`kind` string	Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds	Optional: {}
`apiVersion` string	APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources	Optional: {}
`metadata` ObjectMeta	Refer to Kubernetes API documentation for fields of `metadata`.	Optional: {}
`spec` AgentgatewayBackendSpec	spec defines the desired state of AgentgatewayBackend.	ExactlyOneOf: [ai static dynamicForwardProxy mcp] Required: {}
`status` AgentgatewayBackendStatus	status defines the current state of AgentgatewayBackend.	Optional: {}

AgentgatewayBackendSpec

Validation:

ExactlyOneOf: [ai static dynamicForwardProxy mcp]

Appears in:

AgentgatewayBackend

Field	Description	Validation
`static` StaticBackend	static represents a static hostname.	Optional: {}
`ai` AIBackend	ai represents a LLM backend.	ExactlyOneOf: [provider groups] Optional: {}
`mcp` MCPBackend	mcp represents an MCP backend	Optional: {}
`dynamicForwardProxy` DynamicForwardProxyBackend	dynamicForwardProxy configures the proxy to dynamically send requests to the destination based on the incoming request HTTP host header, or TLS SNI for TLS traffic. Note: this Backend type enables users to send trigger the proxy to send requests to arbitrary destinations. Proper access controls must be put in place when using this backend type.	Optional: {}
`policies` BackendFull	policies controls policies for communicating with this backend. Policies may also be set in AgentgatewayPolicy; policies are merged on a field-level basis, with policies on the Backend (this field) taking precedence.	AtLeastOneOf: [tcp tls http auth mcp ai] Optional: {}

AgentgatewayBackendStatus

AgentgatewayBackend defines the observed state of AgentgatewayBackend.

Appears in:

AgentgatewayBackend

Field	Description	Default	Validation
`conditions` Condition array	Conditions is the list of conditions for the backend.		MaxItems: 8 Optional: {}

AgentgatewayParameters

AgentgatewayParameters are configuration that is used to dynamically provision the agentgateway data plane. Labels and annotations that apply to all resources may be specified at a higher level; see https://gateway-api.sigs.k8s.io/reference/spec/#gatewayinfrastructure

Field	Description	Validation
`apiVersion` string	`agentgateway.dev/v1alpha1`
`kind` string	`AgentgatewayParameters`
`kind` string	Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds	Optional: {}
`apiVersion` string	APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources	Optional: {}
`metadata` ObjectMeta	Refer to Kubernetes API documentation for fields of `metadata`.	Optional: {}
`spec` AgentgatewayParametersSpec	spec defines the desired state of AgentgatewayParameters.	Required: {}
`status` AgentgatewayParametersStatus	status defines the current state of AgentgatewayParameters.	Optional: {}

AgentgatewayParametersConfigs

Appears in:

AgentgatewayParametersSpec

Field	Description	Validation
`logging` AgentgatewayParametersLogging	logging configuration for Agentgateway. By default, all logs are set to “info” level.	Optional: {}
`rawConfig` JSON	rawConfig provides an opaque mechanism to configure the agentgateway config file (the agentgateway binary has a ‘-f’ option to specify a config file, and this is that file). This will be merged with configuration derived from typed fields like AgentgatewayParametersLogging.Format, and those typed fields will take precedence. Example: rawConfig: binds: - port: 3000 listeners: - routes: - policies: cors: allowOrigins: - “*" allowHeaders: - mcp-protocol-version - content-type - cache-control backends: - mcp: targets: - name: everything stdio: cmd: npx args: ["@modelcontextprotocol/server-everything”]	Type: object Optional: {}
`image` Image	The agentgateway container image. See https://kubernetes.io/docs/concepts/containers/images/ for details. Default values, which may be overridden individually: registry: cr.agentgateway.dev repository: agentgateway tag: pullPolicy: <omitted, relying on Kubernetes defaults which depend on the tag>	Optional: {}
`env` EnvVar array	The container environment variables. These override any existing values. If you want to delete an environment variable entirely, use `$patch: delete` with AgentgatewayParametersOverlays instead. Note that variable expansion does apply, but is highly discouraged – to set dependent environment variables, you can use $(VAR_NAME), but it’s highly discouraged. `$$(VAR_NAME)` avoids expansion and results in a literal `$(VAR_NAME)`.	Optional: {}
`resources` ResourceRequirements	The compute resources required by this container. See https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ for details.	Optional: {}
`shutdown` ShutdownSpec	Shutdown delay configuration. How graceful planned or unplanned data plane changes happen is in tension with how quickly rollouts of the data plane complete. How long a data plane pod must wait for shutdown to be perfectly graceful depends on how you have configured your Gateways.	Optional: {}
`istio` IstioSpec	Configure Istio integration. If enabled, Agentgateway can natively connect to Istio enabled pods with mTLS.	Optional: {}

AgentgatewayParametersLogging

Appears in:

AgentgatewayParametersConfigs
AgentgatewayParametersSpec

Field	Description	Default	Validation
`level` string	Logging level in standard RUST_LOG syntax, e.g. ‘info’, the default, or by module, comma-separated. E.g., “rmcp=warn,hickory_server::server::server_future=off,typespec_client_core::http::policies::logging=warn”		Optional: {}
`format` AgentgatewayParametersLoggingFormat			Enum: [json text] Optional: {}

AgentgatewayParametersLoggingFormat

Underlying type: string

The default logging format is text.

Validation:

Enum: [json text]

Appears in:

AgentgatewayParametersLogging

Field	Description
`json`
`text`

AgentgatewayParametersOverlays

Appears in:

AgentgatewayParametersSpec

Field	Description	Validation
`deployment` KubernetesResourceOverlay	deployment allows specifying overrides for the generated Deployment resource.	Optional: {}
`service` KubernetesResourceOverlay	service allows specifying overrides for the generated Service resource.	Optional: {}
`serviceAccount` KubernetesResourceOverlay	serviceAccount allows specifying overrides for the generated ServiceAccount resource.	Optional: {}
`podDisruptionBudget` KubernetesResourceOverlay	podDisruptionBudget allows creating a PodDisruptionBudget for the agentgateway proxy. If absent, no PDB is created. If present, a PDB is created with its selector automatically configured to target the agentgateway proxy Deployment. The metadata and spec fields from this overlay are applied to the generated PDB.	Optional: {}
`horizontalPodAutoscaler` KubernetesResourceOverlay	horizontalPodAutoscaler allows creating a HorizontalPodAutoscaler for the agentgateway proxy. If absent, no HPA is created. If present, an HPA is created with its scaleTargetRef automatically configured to target the agentgateway proxy Deployment. The metadata and spec fields from this overlay are applied to the generated HPA.	Optional: {}

AgentgatewayParametersSpec

Appears in:

AgentgatewayParameters

Field	Description	Validation
`logging` AgentgatewayParametersLogging	logging configuration for Agentgateway. By default, all logs are set to “info” level.	Optional: {}
`rawConfig` JSON	rawConfig provides an opaque mechanism to configure the agentgateway config file (the agentgateway binary has a ‘-f’ option to specify a config file, and this is that file). This will be merged with configuration derived from typed fields like AgentgatewayParametersLogging.Format, and those typed fields will take precedence. Example: rawConfig: binds: - port: 3000 listeners: - routes: - policies: cors: allowOrigins: - “*" allowHeaders: - mcp-protocol-version - content-type - cache-control backends: - mcp: targets: - name: everything stdio: cmd: npx args: ["@modelcontextprotocol/server-everything”]	Type: object Optional: {}
`image` Image	The agentgateway container image. See https://kubernetes.io/docs/concepts/containers/images/ for details. Default values, which may be overridden individually: registry: cr.agentgateway.dev repository: agentgateway tag: pullPolicy: <omitted, relying on Kubernetes defaults which depend on the tag>	Optional: {}
`env` EnvVar array	The container environment variables. These override any existing values. If you want to delete an environment variable entirely, use `$patch: delete` with AgentgatewayParametersOverlays instead. Note that variable expansion does apply, but is highly discouraged – to set dependent environment variables, you can use $(VAR_NAME), but it’s highly discouraged. `$$(VAR_NAME)` avoids expansion and results in a literal `$(VAR_NAME)`.	Optional: {}
`resources` ResourceRequirements	The compute resources required by this container. See https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ for details.	Optional: {}
`shutdown` ShutdownSpec	Shutdown delay configuration. How graceful planned or unplanned data plane changes happen is in tension with how quickly rollouts of the data plane complete. How long a data plane pod must wait for shutdown to be perfectly graceful depends on how you have configured your Gateways.	Optional: {}
`istio` IstioSpec	Configure Istio integration. If enabled, Agentgateway can natively connect to Istio enabled pods with mTLS.	Optional: {}
`deployment` KubernetesResourceOverlay	deployment allows specifying overrides for the generated Deployment resource.	Optional: {}
`service` KubernetesResourceOverlay	service allows specifying overrides for the generated Service resource.	Optional: {}
`serviceAccount` KubernetesResourceOverlay	serviceAccount allows specifying overrides for the generated ServiceAccount resource.	Optional: {}
`podDisruptionBudget` KubernetesResourceOverlay	podDisruptionBudget allows creating a PodDisruptionBudget for the agentgateway proxy. If absent, no PDB is created. If present, a PDB is created with its selector automatically configured to target the agentgateway proxy Deployment. The metadata and spec fields from this overlay are applied to the generated PDB.	Optional: {}
`horizontalPodAutoscaler` KubernetesResourceOverlay	horizontalPodAutoscaler allows creating a HorizontalPodAutoscaler for the agentgateway proxy. If absent, no HPA is created. If present, an HPA is created with its scaleTargetRef automatically configured to target the agentgateway proxy Deployment. The metadata and spec fields from this overlay are applied to the generated HPA.	Optional: {}

AgentgatewayParametersStatus

The current conditions of the AgentgatewayParameters. This is not currently implemented.

Appears in:

AgentgatewayParameters

AgentgatewayPolicy

Field	Description	Validation
`apiVersion` string	`agentgateway.dev/v1alpha1`
`kind` string	`AgentgatewayPolicy`
`kind` string	Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds	Optional: {}
`apiVersion` string	APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources	Optional: {}
`metadata` ObjectMeta	Refer to Kubernetes API documentation for fields of `metadata`.	Optional: {}
`spec` AgentgatewayPolicySpec	spec defines the desired state of AgentgatewayPolicy.	ExactlyOneOf: [targetRefs targetSelectors] Required: {}
`status` PolicyStatus	status defines the current state of AgentgatewayPolicy.	Optional: {}

AgentgatewayPolicySpec

Validation:

ExactlyOneOf: [targetRefs targetSelectors]

Appears in:

AgentgatewayPolicy

Field	Description	Validation
`targetRefs` LocalPolicyTargetReferenceWithSectionName array	targetRefs specifies the target resources by reference to attach the policy to.	MaxItems: 16 MinItems: 1 Optional: {}
`targetSelectors` LocalPolicyTargetSelectorWithSectionName array	targetSelectors specifies the target selectors to select resources to attach the policy to.	MaxItems: 16 MinItems: 1 Optional: {}
`frontend` Frontend	frontend defines settings for how to handle incoming traffic. A frontend policy can only target a Gateway. Listener and ListenerSet are not valid targets. When multiple policies are selected for a given request, they are merged on a field-level basis, but not a deep merge. For example, policy A sets ’tcp’ and ’tls’, and policy B sets ’tls’, the effective policy would be ’tcp’ from policy A, and ’tls’ from policy B.	Optional: {}
`traffic` Traffic	traffic defines settings for how process traffic. A traffic policy can target a Gateway (optionally, with a sectionName indicating the listener), ListenerSet, Route (optionally, with a sectionName indicating the route rule). When multiple policies are selected for a given request, they are merged on a field-level basis, but not a deep merge. Precedence is given to more precise policies: Gateway < Listener < Route < Route Rule. For example, policy A sets ’timeouts’ and ‘retries’, and policy B sets ‘retries’, the effective policy would be ’timeouts’ from policy A, and ‘retries’ from policy B.	Optional: {}
`backend` BackendFull	backend defines settings for how to connect to destination backends. A backend policy can target a Gateway (optionally, with a sectionName indicating the listener), ListenerSet, Route (optionally, with a sectionName indicating the route rule), or a Service/Backend (optionally, with a sectionName indicating the port (for Service) or sub-backend (for Backend). Note that a backend policy applies when connecting to a specific destination backend. Targeting a higher level resource, like Gateway, is just a way to easily apply a policy to a group of backends. When multiple policies are selected for a given request, they are merged on a field-level basis, but not a deep merge. Precedence is given to more precise policies: Gateway < Listener < Route < Route Rule < Backend/Service. For example, if a Gateway policy sets ’tcp’ and ’tls’, and a Backend policy sets ’tls’, the effective policy would be ‘tcp’ from the Gateway, and ’tls’ from the Backend.	AtLeastOneOf: [tcp tls http auth mcp ai] Optional: {}

AnthropicConfig

AnthropicConfig settings for the Anthropic LLM provider.

Appears in:

LLMProvider
NamedLLMProvider

Field	Description	Default	Validation
`model` ShortString	Optional: Override the model name, such as `gpt-4o-mini`. If unset, the model name is taken from the request.		MaxLength: 256 MinLength: 1 Optional: {}

AttributeAdd

Appears in:

LogTracingAttributes

Field	Description	Default	Validation
`name` ShortString			MaxLength: 256 MinLength: 1 Required: {}
`expression` CELExpression			MaxLength: 16384 MinLength: 1 Required: {}

AwsAuth

AwsAuth specifies the authentication method to use for the backend.

Appears in:

BackendAuth

Field	Description	Default	Validation
`secretRef` LocalObjectReference	SecretRef references a Kubernetes Secret containing the AWS credentials. The Secret must have keys “accessKey”, “secretKey”, and optionally “sessionToken”.		Required: {}

AzureOpenAIConfig

AzureOpenAIConfig settings for the Azure OpenAI LLM provider.

Appears in:

LLMProvider
NamedLLMProvider

Field	Description	Validation
`endpoint` ShortString	The endpoint for the Azure OpenAI API to use, such as `my-endpoint.openai.azure.com`. If the scheme is included, it is stripped.	MaxLength: 256 MinLength: 1 Required: {}
`deploymentName` ShortString	The name of the Azure OpenAI model deployment to use. For more information, see the Azure OpenAI model docs. This is required if ApiVersion is not ‘v1’. For v1, the model can be set in the request.	MaxLength: 256 MinLength: 1 Optional: {}
`apiVersion` TinyString	The version of the Azure OpenAI API to use. For more information, see the Azure OpenAI API version reference. If unset, defaults to “v1”	MaxLength: 64 MinLength: 1 Optional: {}

BackendAI

Validation:

AtLeastOneOf: [prompt promptGuard defaults overrides modelAliases promptCaching routes]

Appears in:

BackendFull
BackendWithAI

Field	Description	Validation
`prompt` AIPromptEnrichment	Enrich requests sent to the LLM provider by appending and prepending system prompts. This can be configured only for LLM providers that use the `CHAT` or `CHAT_STREAMING` API route type.	Optional: {}
`promptGuard` AIPromptGuard	promptGuard enables adding guardrails to LLM requests and responses.	AtLeastOneOf: [request response] Optional: {}
`defaults` FieldDefault array	Provide defaults to merge with user input fields. If the field is already set, the field in the request is used.	MaxItems: 64 MinItems: 1 Optional: {}
`overrides` FieldDefault array	Provide overrides to merge with user input fields. If the field is already set, the field will be overwritten.	MaxItems: 64 MinItems: 1 Optional: {}
`modelAliases` object (keys:string, values:string)	ModelAliases maps friendly model names to actual provider model names. Example: {“fast”: “gpt-3.5-turbo”, “smart”: “gpt-4-turbo”} Note: This field is only applicable when using the agentgateway data plane.	MaxProperties: 64 Optional: {}
`promptCaching` PromptCachingConfig	promptCaching enables automatic prompt caching for supported providers (AWS Bedrock). Reduces API costs by caching static content like system prompts and tool definitions. Only applicable for Bedrock Claude 3+ and Nova models.	Optional: {}
`routes` object (keys:string, values:RouteType)	routes defines how to identify the type of traffic to handle. The keys are URL path suffixes matched using ends-with comparison (e.g., “/v1/chat/completions”). The special “*” wildcard matches any path. If not specified, all traffic defaults to “completions” type.	Optional: {}

BackendAuth

Validation:

ExactlyOneOf: [key secretRef passthrough aws gcp]

Appears in:

BackendFull
BackendSimple
BackendWithAI
BackendWithMCP

Field	Description	Validation
`key` string	key provides an inline key to use as the value of the Authorization header. This option is the least secure; usage of a Secret is preferred.	MaxLength: 2048 Optional: {}
`secretRef` LocalObjectReference	secretRef references a Kubernetes secret storing the key to use the authorization value. This must be stored in the ‘Authorization’ key.	Optional: {}
`passthrough` BackendAuthPassthrough	passthrough passes through an existing token that has been sent by the client and validated. Other policies, like JWT and API Key authentication, will strip the original client credentials. Passthrough backend authentication causes the original token to be added back into the request. If there are no client authentication policies on the request, the original token would be unchanged, so this would have no effect.	Optional: {}
`aws` AwsAuth	Auth specifies an explicit AWS authentication method for the backend. When omitted, we will try to use the default AWS SDK authentication methods.	Optional: {}
`gcp` GcpAuth	Auth specifies to use a Google authentication method for the backend. When omitted, we will try to use the default AWS SDK authentication methods.	Optional: {}

BackendAuthPassthrough

Appears in:

BackendAuth

BackendFull

Validation:

AtLeastOneOf: [tcp tls http auth mcp ai]

Appears in:

AgentgatewayBackendSpec
AgentgatewayPolicySpec

Field	Description	Validation
`tcp` BackendTCP	tcp defines settings for managing TCP connections to the backend.	Optional: {}
`tls` BackendTLS	tls defines settings for managing TLS connections to the backend. If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to validate the server, and the SNI will automatically be set based on the destination.	AtMostOneOf: [verifySubjectAltNames insecureSkipVerify] Optional: {}
`http` BackendHTTP	http defines settings for managing HTTP requests to the backend.	Optional: {}
`auth` BackendAuth	auth defines settings for managing authentication to the backend	ExactlyOneOf: [key secretRef passthrough aws gcp] Optional: {}
`ai` BackendAI	ai specifies settings for AI workloads. This is only applicable when connecting to a Backend of type ‘ai’.	AtLeastOneOf: [prompt promptGuard defaults overrides modelAliases promptCaching routes] Optional: {}
`mcp` BackendMCP	mcp specifies settings for MCP workloads. This is only applicable when connecting to a Backend of type ‘mcp’.	AtLeastOneOf: [authorization authentication] Optional: {}

BackendHTTP

Appears in:

BackendFull
BackendSimple
BackendWithAI
BackendWithMCP

Field	Description	Default	Validation
`version` HTTPVersion	version specifies the HTTP protocol version to use when connecting to the backend. If not specified, the version is automatically determined: * Service types can specify it with ‘appProtocol’ on the Service port. * If traffic is identified as gRPC, HTTP2 is used. * If the incoming traffic was plaintext HTTP, the original protocol will be used. * If the incoming traffic was HTTPS, HTTP1 will be used. This is because most clients will transparently upgrade HTTPS traffic to HTTP2, even if the backend doesn’t support it		Enum: [HTTP1 HTTP2] Optional: {}
`requestTimeout` Duration	requestTimeout specifies the deadline for receiving a response from the backend.		Optional: {}

BackendMCP

Validation:

AtLeastOneOf: [authorization authentication]

Appears in:

BackendFull
BackendWithMCP

Field	Description	Default	Validation
`authorization` Authorization	authorization defines MCPBackend level authorization. Unlike authorization at the HTTP level, which will reject unauthorized requests with a 403 error, this policy works at the MCPBackend level. List operations, such as list_tools, will have each item evaluated. Items that do not meet the rule will be filtered. Get or call operations, such as call_tool, will evaluate the specific item and reject requests that do not meet the rule.		Optional: {}
`authentication` MCPAuthentication	authentication defines MCPBackend specific authentication rules.		Optional: {}

BackendSimple

Appears in:

BackendFull
BackendWithAI
BackendWithMCP
OpenAIModeration

Field	Description	Validation
`tcp` BackendTCP	tcp defines settings for managing TCP connections to the backend.	Optional: {}
`tls` BackendTLS	tls defines settings for managing TLS connections to the backend. If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to validate the server, and the SNI will automatically be set based on the destination.	AtMostOneOf: [verifySubjectAltNames insecureSkipVerify] Optional: {}
`http` BackendHTTP	http defines settings for managing HTTP requests to the backend.	Optional: {}
`auth` BackendAuth	auth defines settings for managing authentication to the backend	ExactlyOneOf: [key secretRef passthrough aws gcp] Optional: {}

BackendTCP

Appears in:

BackendFull
BackendSimple
BackendWithAI
BackendWithMCP

Field	Description	Default	Validation
`keepalive` Keepalive	keepAlive defines settings for enabling TCP keepalives on the connection.		Optional: {}
`connectTimeout` Duration	connectTimeout defines the deadline for establishing a connection to the destination.		Optional: {}

BackendTLS

Validation:

AtMostOneOf: [verifySubjectAltNames insecureSkipVerify]

Appears in:

BackendFull
BackendSimple
BackendWithAI
BackendWithMCP

Field	Description	Validation
`mtlsCertificateRef` LocalObjectReference array	mtlsCertificateRef enables mutual TLS to the backend, using the specified key (tls.key) and cert (tls.crt) from the refenced Secret. An optional ‘ca.cert’ field, if present, will be used to verify the server certificate if present. If caCertificateRefs is also specified, the caCertificateRefs field takes priority. If unspecified, no client certificate will be used.	MaxItems: 1 Optional: {}
`caCertificateRefs` LocalObjectReference array	caCertificateRefs defines the CA certificate ConfigMap to use to verify the server certificate. If unset, the system’s trusted certificates are used.	MaxItems: 1 Optional: {}
`insecureSkipVerify` InsecureTLSMode	insecureSkipVerify originates TLS but skips verification of the backend’s certificate. WARNING: This is an insecure option that should only be used if the risks are understood. There are two modes: * All disables all TLS verification * Hostname verifies the CA certificate is trusted, but ignores any mismatch of hostname/SANs. Note that this method is still insecure; prefer setting verifySubjectAltNames to customize the valid hostnames if possible.	Enum: [All Hostname] Optional: {}
`sni` SNI	sni specifies the Server Name Indicator (SNI) to be used in the TLS handshake. If unset, the SNI is automatically set based on the destination hostname.	MaxLength: 253 MinLength: 1 Pattern: `^[a-z0-9]([-a-z0-9][a-z0-9])?(\.[a-z0-9]([-a-z0-9][a-z0-9])?)*$` Optional: {}
`verifySubjectAltNames` ShortString array	verifySubjectAltNames specifies the Subject Alternative Names (SAN) to verify in the server certificate. If not present, the destination hostname is automatically used.	MaxItems: 16 MaxLength: 256 MinItems: 1 MinLength: 1 Optional: {}
`alpnProtocols` TinyString	alpnProtocols sets the Application Level Protocol Negotiation (ALPN) value to use in the TLS handshake. If not present, defaults to [“h2”, “http/1.1”].	MaxItems: 16 MaxLength: 64 MinItems: 1 MinLength: 1 Optional: {}

BackendWithAI

Validation:

AtLeastOneOf: [tcp tls http auth ai]

Appears in:

NamedLLMProvider

Field	Description	Validation
`tcp` BackendTCP	tcp defines settings for managing TCP connections to the backend.	Optional: {}
`tls` BackendTLS	tls defines settings for managing TLS connections to the backend. If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to validate the server, and the SNI will automatically be set based on the destination.	AtMostOneOf: [verifySubjectAltNames insecureSkipVerify] Optional: {}
`http` BackendHTTP	http defines settings for managing HTTP requests to the backend.	Optional: {}
`auth` BackendAuth	auth defines settings for managing authentication to the backend	ExactlyOneOf: [key secretRef passthrough aws gcp] Optional: {}
`ai` BackendAI	ai specifies settings for AI workloads. This is only applicable when connecting to a Backend of type ‘ai’.	AtLeastOneOf: [prompt promptGuard defaults overrides modelAliases promptCaching routes] Optional: {}

BackendWithMCP

Validation:

AtLeastOneOf: [tcp tls http auth mcp]

Appears in:

McpTarget

Field	Description	Validation
`tcp` BackendTCP	tcp defines settings for managing TCP connections to the backend.	Optional: {}
`tls` BackendTLS	tls defines settings for managing TLS connections to the backend. If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to validate the server, and the SNI will automatically be set based on the destination.	AtMostOneOf: [verifySubjectAltNames insecureSkipVerify] Optional: {}
`http` BackendHTTP	http defines settings for managing HTTP requests to the backend.	Optional: {}
`auth` BackendAuth	auth defines settings for managing authentication to the backend	ExactlyOneOf: [key secretRef passthrough aws gcp] Optional: {}
`mcp` BackendMCP	mcp specifies settings for MCP workloads. This is only applicable when connecting to a Backend of type ‘mcp’.	AtLeastOneOf: [authorization authentication] Optional: {}

BasicAuthentication

Validation:

ExactlyOneOf: [users secretRef]

Appears in:

Traffic

Field	Description	Default	Validation
`mode` BasicAuthenticationMode	validation mode for basic auth authentication.	Strict	Enum: [Strict Optional] Optional: {}
`realm` string	realm specifies the ‘realm’ to return in the WWW-Authenticate header for failed authentication requests. If unset, “Restricted” will be used.		Optional: {}
`users` string array	users provides an inline list of username/password pairs that will be accepted. Each entry represents one line of the htpasswd format: https://httpd.apache.org/docs/2.4/programs/htpasswd.html. Note: passwords should be the hash of the password, not the raw password. Use the `htpasswd` or similar commands to generate a hash. MD5, bcrypt, crypt, and SHA-1 are supported. Example: users: - “user1:$apr1$ivPt0D4C$DmRhnewfHRSrb3DQC.WHC." - “user2:$2y$05$r3J4d3VepzFkedkd/q1vI.pBYIpSqjfN0qOARV3ScUHysatnS0cL2”		MaxItems: 256 MinItems: 1 Optional: {}
`secretRef` LocalObjectReference	secretRef references a Kubernetes secret storing the .htaccess file. The Secret must have a key named ‘.htaccess’, and should contain the complete .htaccess file. Note: passwords should be the hash of the password, not the raw password. Use the `htpasswd` or similar commands to generate a hash. MD5, bcrypt, crypt, and SHA-1 are supported. Example: apiVersion: v1 kind: Secret metadata: name: basic-auth stringData: .htaccess: \| alice:$apr1$3zSE0Abt$IuETi4l5yO87MuOrbSE4V. bob:$apr1$Ukb5LgRD$EPY2lIfY.A54jzLELNIId/		Optional: {}

BasicAuthenticationMode

Underlying type: string

Validation:

Enum: [Strict Optional]

Appears in:

BasicAuthentication

Field	Description
`Strict`	A valid username and password must be present. This is the default option.
`Optional`	If a username and password exists, validate it. Warning: this allows requests without a username!

BedrockConfig

Appears in:

LLMProvider
NamedLLMProvider

Field	Description	Default	Validation
`region` string	Region is the AWS region to use for the backend. Defaults to us-east-1 if not specified.	us-east-1	MaxLength: 63 MinLength: 1 Pattern: `^[a-z0-9-]+$` Optional: {}
`model` ShortString	Optional: Override the model name, such as `gpt-4o-mini`. If unset, the model name is taken from the request.		MaxLength: 256 MinLength: 1 Optional: {}
`guardrail` AWSGuardrailConfig	Guardrail configures the Guardrail policy to use for the backend. See https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails.html If not specified, the AWS Guardrail policy will not be used.		Optional: {}

BuiltIn

Underlying type: string

BuiltIn regex patterns for specific types of strings in prompts. For example, if you specify CreditCard, any credit card numbers in the request or response are matched.

Validation:

Enum: [Ssn CreditCard PhoneNumber Email CaSin]

Appears in:

Regex

Field	Description
`Ssn`	Default regex matching for Social Security numbers.
`CreditCard`	Default regex matching for credit card numbers.
`PhoneNumber`	Default regex matching for phone numbers.
`Email`	Default regex matching for email addresses.
`CaSin`	Default regex matching for Canadian Social Insurance Numbers.

CORS

Appears in:

Traffic

CSRF

Appears in:

Traffic

Field	Description	Default	Validation
`additionalOrigins` ShortString array	additionalOrigin specifies additional source origins that will be allowed in addition to the destination origin. The `Origin` consists of a scheme and a host, with an optional port, and takes the form `<scheme>://<host>(:<port>)`.		MaxItems: 16 MaxLength: 256 MinItems: 1 MinLength: 1 Optional: {}

CipherSuite

Underlying type: string

Validation:

Enum: [TLS13_AES_256_GCM_SHA384 TLS13_AES_128_GCM_SHA256 TLS13_CHACHA20_POLY1305_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256]

Appears in:

FrontendTLS

Field	Description
`TLS13_AES_256_GCM_SHA384`	TLS 1.3 cipher suites
`TLS13_AES_128_GCM_SHA256`
`TLS13_CHACHA20_POLY1305_SHA256`
`TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384`	TLS 1.2 cipher suites
`TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`
`TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256`
`TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`
`TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`
`TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256`

CustomResponse

CustomResponse configures a response to return to the client if request content is matched against a regex pattern and the action is REJECT.

Validation:

AtLeastOneOf: [message statusCode]

Appears in:

PromptguardRequest
PromptguardResponse

Field	Description	Default	Validation
`message` string	A custom response message to return to the client. If not specified, defaults to “The request was rejected due to inappropriate content”.	The request was rejected due to inappropriate content	Optional: {}
`statusCode` integer	The status code to return to the client. Defaults to 403.	403	Maximum: 599 Minimum: 200 Optional: {}

DirectResponse

DirectResponse defines the policy to send a direct response to the client.

Appears in:

Traffic

Field	Description	Default	Validation
`status` integer	StatusCode defines the HTTP status code to return for this route.		Maximum: 599 Minimum: 200 Required: {}
`body` string	Body defines the content to be returned in the HTTP response body. The maximum length of the body is restricted to prevent excessively large responses. If this field is omitted, no body is included in the response.		MaxLength: 4096 MinLength: 1 Optional: {}

DynamicForwardProxyBackend

Appears in:

AgentgatewayBackendSpec

ExtAuth

Validation:

ExactlyOneOf: [grpc http]

Appears in:

Traffic

Field	Description	Validation
`backendRef` BackendObjectReference	backendRef references the External Authorization server to reach. Supported types: Service and Backend.	Required: {}
`grpc` AgentExtAuthGRPC	grpc specifies that the gRPC External Authorization protocol should be used.	Optional: {}
`http` AgentExtAuthHTTP	http specifies that the HTTP protocol should be used for connecting to the authorization server. The authorization server must return a `200` status code, otherwise the request is considered an authorization failure.	Optional: {}
`forwardBody` ExtAuthBody	forwardBody configures whether to include the HTTP body in the request. If enabled, the request body will be buffered.	Optional: {}

ExtAuthBody

Appears in:

ExtAuth

Field	Description	Default	Validation
`maxSize` integer	maxSize specifies how large in bytes the largest body that will be buffered and sent to the authorization server. If the body size is larger than maxSize, then the request will be rejected with a response.		Minimum: 1 Required: {}

ExtProc

Appears in:

Traffic

Field	Description	Default	Validation
`backendRef` BackendObjectReference	backendRef references the External Processor server to reach. Supported types: Service and Backend.		Required: {}

FieldDefault

FieldDefault provides default values for specific fields in the JSON request body sent to the LLM provider. These defaults are merged with the user-provided request to ensure missing fields are populated.

User input fields here refer to the fields in the JSON request body that a client sends when making a request to the LLM provider. Defaults set here do not override those user-provided values unless you explicitly set override to true.

Example: Setting a default system field for Anthropic, which does not support system role messages:

defaults:
  - field: "system"
    value: "answer all questions in French"

Example: Setting a default temperature and overriding max_tokens:

defaults:
  - field: "temperature"
    value: "0.5"
  - field: "max_tokens"
    value: "100"
    override: true

Example: Setting custom lists fields:

defaults:
  - field: "custom_integer_list"
    value: [1,2,3]

overrides:
  - field: "custom_string_list"
    value: ["one","two","three"]

Note: The field values correspond to keys in the JSON request body, not fields in this CRD.

Appears in:

BackendAI

Field	Description	Default	Validation
`field` ShortString	The name of the field.		MaxLength: 256 MinLength: 1 Required: {}
`value` JSON	The field default value, which can be any JSON Data Type.		Required: {}

Frontend

Appears in:

AgentgatewayPolicySpec

Field	Description	Validation
`tcp` FrontendTCP	tcp defines settings on managing incoming TCP connections.	AtLeastOneOf: [keepalive] Optional: {}
`tls` FrontendTLS	tls defines settings on managing incoming TLS connections.	AtLeastOneOf: [handshakeTimeout] Optional: {}
`http` FrontendHTTP	http defines settings on managing incoming HTTP requests.	AtLeastOneOf: [maxBufferSize http1MaxHeaders http1IdleTimeout http2WindowSize http2ConnectionWindowSize http2FrameSize http2KeepaliveInterval http2KeepaliveTimeout] Optional: {}
`accessLog` AccessLog	AccessLoggingConfig contains access logging configuration	Optional: {}
`tracing` Tracing	Tracing contains various settings for OpenTelemetry tracer.	Optional: {}

FrontendHTTP

Validation:

AtLeastOneOf: [maxBufferSize http1MaxHeaders http1IdleTimeout http2WindowSize http2ConnectionWindowSize http2FrameSize http2KeepaliveInterval http2KeepaliveTimeout]

Appears in:

Frontend

Field	Description	Validation
`maxBufferSize` integer	maxBufferSize defines the maximum size HTTP body that will be buffered into memory. Bodies will only be buffered for policies which require buffering. If unset, this defaults to 2mb.	Minimum: 1 Optional: {}
`http1MaxHeaders` integer	http1MaxHeaders defines the maximum number of headers that are allowed in HTTP/1.1 requests. If unset, this defaults to 100.	Maximum: 4096 Minimum: 1 Optional: {}
`http1IdleTimeout` Duration	http1IdleTimeout defines the timeout before an unused connection is closed. If unset, this defaults to 10 minutes.	Optional: {}
`http2WindowSize` integer	http2WindowSize indicates the initial window size for stream-level flow control for received data.	Minimum: 1 Optional: {}
`http2ConnectionWindowSize` integer	http2ConnectionWindowSize indicates the initial window size for connection-level flow control for received data.	Minimum: 1 Optional: {}
`http2FrameSize` integer	http2FrameSize sets the maximum frame size to use. If unset, this defaults to 16kb	Maximum: 1.677215e+06 Minimum: 16384 Optional: {}
`http2KeepaliveInterval` Duration		Optional: {}
`http2KeepaliveTimeout` Duration		Optional: {}

FrontendTCP

Validation:

AtLeastOneOf: [keepalive]

Appears in:

Frontend

Field	Description	Default	Validation
`keepalive` Keepalive	keepalive defines settings for enabling TCP keepalives on the connection.		Optional: {}

FrontendTLS

Validation:

AtLeastOneOf: [handshakeTimeout]

Appears in:

Frontend

Field	Description	Validation
`handshakeTimeout` Duration	handshakeTimeout specifies the deadline for a TLS handshake to complete. If unset, this defaults to 15s.	Optional: {}
`alpnProtocols` TinyString	alpnProtocols sets the Application Level Protocol Negotiation (ALPN) value to use in the TLS handshake. If not present, defaults to [“h2”, “http/1.1”].	MaxItems: 16 MaxLength: 64 MinItems: 1 MinLength: 1 Optional: {}
`minProtocolVersion` TLSVersion	MinTLSVersion configures the minimum TLS version to support.	Enum: [1.2 1.3] Optional: {}
`maxProtocolVersion` TLSVersion	MaxTLSVersion configures the maximum TLS version to support.	Enum: [1.2 1.3] Optional: {}
`cipherSuites` CipherSuite array	CipherSuites configures the list of cipher suites for a TLS listener. The value is a comma-separated list of cipher suites, e.g “TLS13_AES_256_GCM_SHA384,TLS13_AES_128_GCM_SHA256”. Use in the TLS options field of a TLS listener.	Enum: [TLS13_AES_256_GCM_SHA384 TLS13_AES_128_GCM_SHA256 TLS13_CHACHA20_POLY1305_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256] Optional: {}

GcpAuth

gcp specifies how to authenticate on Google Cloud Platform

Appears in:

BackendAuth

Field	Description	Default	Validation
`type` GcpAuthType	The type of token to generate. To authenticate to GCP services, generally an AccessToken is used. To authenticate to CloudRun, an IdToken is used.		Enum: [AccessToken IdToken] Optional: {}
`audience` ShortString	audience allows explicitly configuring the `aud` of the ID Token. Ony valid with `IdToken` type. If not set, the aud is automatically derived from the backend hostname.		MaxLength: 256 MinLength: 1 Optional: {}

GcpAuthType

Underlying type: string

Validation:

Enum: [AccessToken IdToken]

Appears in:

GcpAuth

Field	Description
`AccessToken`
`IdToken`

GeminiConfig

GeminiConfig settings for the Gemini LLM provider.

Appears in:

LLMProvider
NamedLLMProvider

Field	Description	Default	Validation
`model` ShortString	Optional: Override the model name, such as `gemini-2.5-pro`. If unset, the model name is taken from the request.		MaxLength: 256 MinLength: 1 Optional: {}

GlobalRateLimit

Appears in:

RateLimits

Field	Description	Validation
`backendRef` BackendObjectReference	backendRef references the Rate Limit server to reach. Supported types: Service and Backend.	Required: {}
`domain` ShortString	domain specifies the domain under which this limit should apply. This is an arbitrary string that enables a rate limit server to distinguish between different applications.	MaxLength: 256 MinLength: 1 Required: {}
`descriptors` RateLimitDescriptor array	Descriptors define the dimensions for rate limiting. These values are passed to the rate limit service which applies configured limits based on them. Each descriptor represents a single rate limit rule with one or more entries.	MaxItems: 16 MinItems: 1 Required: {}

HTTPVersion

Underlying type: string

Appears in:

BackendHTTP

Field	Description
`HTTP1`
`HTTP2`

HeaderName

Underlying type: string

An HTTP Header Name.

Validation:

MaxLength: 256
MinLength: 1
Pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$

Appears in:

HeaderTransformation
Transform

HeaderTransformation

Appears in:

Transform

Field	Description	Default	Validation
`name` HeaderName	the name of the header to add.		MaxLength: 256 MinLength: 1 Pattern: `^:?[A-Za-z0-9!#$%&'*+\-.^_\x60\|~]+$` Required: {}
`value` CELExpression	value is the CEL expression to apply to generate the output value for the header.		MaxLength: 16384 MinLength: 1 Required: {}

HostnameRewrite

Appears in:

Traffic

Field	Description	Default	Validation
`mode` HostnameRewriteMode	mode sets the hostname rewrite mode. The following may be specified: * Auto: automatically set the Host header based on the destination. * None: do not rewrite the Host header. The original Host header will be passed through. This setting defaults to Auto when connecting to hostname-based Backend types, and None otherwise (for Service or IP-based Backends).		Required: {}

HostnameRewriteMode

Underlying type: string

Appears in:

HostnameRewrite

Field	Description
`Auto`
`None`

Image

A container image. See https://kubernetes.io/docs/concepts/containers/images/ for details.

Appears in:

AgentgatewayParametersConfigs
AgentgatewayParametersSpec

Field	Description	Validation
`registry` string	The image registry.	Optional: {}
`repository` string	The image repository (name).	Optional: {}
`tag` string	The image tag.	Optional: {}
`digest` string	The hash digest of the image, e.g. `sha256:12345...`	Optional: {}
`pullPolicy` PullPolicy	The image pull policy for the container. See https://kubernetes.io/docs/concepts/containers/images//#image-pull-policy for details.	Optional: {}

InsecureTLSMode

Underlying type: string

Appears in:

BackendTLS

Field	Description
`All`	InsecureTLSModeInsecure disables all TLS verification
`Hostname`	InsecureTLSModeHostname enables verifying the CA certificate, but disables verification of the hostname/SAN. Note this is still, generally, very “insecure” as the name suggests.

IstioSpec

Appears in:

AgentgatewayParametersConfigs
AgentgatewayParametersSpec

Field	Description	Default	Validation
`caAddress` string	The address of the Istio CA. If unset, defaults to `https://istiod.istio-system.svc:15012`.		Optional: {}
`trustDomain` string	The Istio trust domain. If not set, defaults to `cluster.local`.		Optional: {}

JWKS

Validation:

ExactlyOneOf: [remote inline]

Appears in:

JWTProvider

Field	Description	Default	Validation
`remote` RemoteJWKS	remote specifies how to reach the JSON Web Key Set from a remote address.		Optional: {}
`inline` string	inline specifies an inline JSON Web Key Set used validate the signature of the JWT.		MaxLength: 65536 MinLength: 2 Optional: {}

JWTAuthentication

Appears in:

Traffic

Field	Description	Default	Validation
`mode` JWTAuthenticationMode	validation mode for JWT authentication.	Strict	Enum: [Strict Optional Permissive] Optional: {}
`providers` JWTProvider array			MaxItems: 64 MinItems: 1 Required: {}

JWTAuthenticationMode

Underlying type: string

Validation:

Enum: [Strict Optional Permissive]

Appears in:

JWTAuthentication
MCPAuthentication

Field	Description
`Strict`	A valid token, issued by a configured issuer, must be present. This is the default option.
`Optional`	If a token exists, validate it. Warning: this allows requests without a JWT token!
`Permissive`	Requests are never rejected. This is useful for usage of claims in later steps (authorization, logging, etc). Warning: this allows requests without a JWT token!

JWTProvider

Appears in:

JWTAuthentication

Field	Description	Validation
`issuer` ShortString	issuer identifies the IdP that issued the JWT. This corresponds to the ‘iss’ claim (https://tools.ietf.org/html/rfc7519#section-4.1.1).	MaxLength: 256 MinLength: 1 Required: {}
`audiences` string array	audiences specifies the list of allowed audiences that are allowed access. This corresponds to the ‘aud’ claim (https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.3). If unset, any audience is allowed.	MaxItems: 64 MinItems: 1 Optional: {}
`jwks` JWKS	jwks defines the JSON Web Key Set used to validate the signature of the JWT.	ExactlyOneOf: [remote inline] Required: {}

Keepalive

TCP Keepalive settings

Appears in:

BackendTCP
FrontendTCP

Field	Description	Validation
`retries` integer	retries specifies the maximum number of keep-alive probes to send before dropping the connection. If unset, this defaults to 9.	Maximum: 64 Minimum: 1 Optional: {}
`time` Duration	time specifies the number of seconds a connection needs to be idle before keep-alive probes start being sent. If unset, this defaults to 180s.	Optional: {}
`interval` Duration	interval specifies the number of seconds between keep-alive probes. If unset, this defaults to 180s.	Optional: {}

LLMProvider

LLMProvider specifies the target large language model provider that the backend should route requests to.

Validation:

ExactlyOneOf: [openai azureopenai anthropic gemini vertexai bedrock]

Appears in:

AIBackend
NamedLLMProvider

Field	Description	Validation
`openai` OpenAIConfig	OpenAI provider	Optional: {}
`azureopenai` AzureOpenAIConfig	Azure OpenAI provider	Optional: {}
`anthropic` AnthropicConfig	Anthropic provider	Optional: {}
`gemini` GeminiConfig	Gemini provider	Optional: {}
`vertexai` VertexAIConfig	Vertex AI provider	Optional: {}
`bedrock` BedrockConfig	Bedrock provider	Optional: {}
`host` ShortString	Host specifies the hostname to send the requests to. If not specified, the default hostname for the provider is used.	MaxLength: 256 MinLength: 1 Optional: {}
`port` integer	Port specifies the port to send the requests to.	Maximum: 65535 Minimum: 1 Optional: {}
`path` LongString	Path specifies the URL path to use for the LLM provider API requests. This is useful when you need to route requests to a different API endpoint while maintaining compatibility with the original provider’s API structure. If not specified, the default path for the provider is used.	MaxLength: 1024 MinLength: 1 Optional: {}

LocalRateLimit

Policy for local rate limiting. Local rate limits are handled locally on a per-proxy basis, without co-ordination between instances of the proxy.

Validation:

ExactlyOneOf: [requests tokens]

Appears in:

RateLimits

Field	Description	Validation
`requests` integer	requests specifies the number of HTTP requests per unit of time that are allowed. Requests exceeding this limit will fail with a 429 error.	Minimum: 1 Optional: {}
`tokens` integer	tokens specifies the number of LLM tokens per unit of time that are allowed. Requests exceeding this limit will fail with a 429 error. Both input and output tokens are counted. However, token counts are not known until the request completes. As a result, token-based rate limits will apply to future requests only.	Minimum: 1 Optional: {}
`unit` LocalRateLimitUnit	unit specifies the unit of time that requests are limited based on.	Enum: [Seconds Minutes Hours] Required: {}
`burst` integer	burst specifies an allowance of requests above the request-per-unit that should be allowed within a short period of time.	Optional: {}

LocalRateLimitUnit

Underlying type: string

Appears in:

LocalRateLimit

Field	Description
`Seconds`
`Minutes`
`Hours`

LogTracingAttributes

Validation:

AtLeastOneOf: [remove add]

Appears in:

AccessLog
Tracing

Field	Description	Default	Validation
`remove` TinyString array	remove lists the default fields that should be removed. For example, “http.method”.		MaxItems: 32 MaxLength: 64 MinItems: 1 MinLength: 1 Optional: {}
`add` AttributeAdd array	add specifies additional key-value pairs to be added to each entry. The value is a CEL expression. If the CEL expression fails to evaluate, the pair will be excluded.		MinItems: 1 Optional: {}

MCPAuthentication

Appears in:

BackendMCP

Field	Description	Validation
`resourceMetadata` object (keys:string, values:JSON)	ResourceMetadata defines the metadata to use for MCP resources.	Optional: {}
`provider` McpIDP	McpIDP specifies the identity provider to use for authentication	Enum: [Auth0 Keycloak] Optional: {}
`issuer` ShortString	Issuer identifies the IdP that issued the JWT. This corresponds to the ‘iss’ claim (https://tools.ietf.org/html/rfc7519#section-4.1.1).	MaxLength: 256 MinLength: 1 Optional: {}
`audiences` string array	audiences specify the list of allowed audiences that are allowed access. This corresponds to the ‘aud’ claim (https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.3). If unset, any audience is allowed.	MaxItems: 64 MinItems: 1 Optional: {}
`jwks` RemoteJWKS	jwks defines the remote JSON Web Key used to validate the signature of the JWT.	Required: {}
`mode` JWTAuthenticationMode	validation mode for JWT authentication.	Enum: [Strict Optional Permissive] Optional: {}

MCPBackend

MCPBackend configures mcp backends

Appears in:

AgentgatewayBackendSpec

Field	Description	Default	Validation
`targets` McpTargetSelector array	Targets is a list of MCPBackend targets to use for this backend. Policies targeting MCPBackend targets must use targetRefs[].sectionName to select the target by name.		ExactlyOneOf: [selector static] MaxItems: 32 MinItems: 1 Required: {}
`sessionRouting` SessionRouting	SessionRouting configures MCP session behavior for requests. Defaults to Stateful if not set.		Enum: [Stateful Stateless] Optional: {}

MCPProtocol

Underlying type: string

MCPProtocol defines the protocol to use for the MCPBackend target

Validation:

Enum: [StreamableHTTP SSE]

Appears in:

McpTarget

Field	Description
`StreamableHTTP`	MCPProtocolStreamableHTTP specifies Streamable HTTP must be used as the protocol
`SSE`	MCPProtocolSSE specifies Server-Sent Events (SSE) must be used as the protocol

McpIDP

Underlying type: string

Appears in:

MCPAuthentication

Field	Description
`Auth0`
`Keycloak`

McpSelector

Validation:

AtLeastOneOf: [namespaces services]

Appears in:

McpTargetSelector

Field	Description	Default	Validation
`namespaces` LabelSelector	namespace is the label selector in which namespaces Services should be selected from. If unset, only the namespace of the AgentgatewayBackend is searched.		Optional: {}
`services` LabelSelector	services is the label selector for which Services should be selected.		Optional: {}

McpTarget

McpTarget defines a single MCPBackend target configuration.

Appears in:

McpTargetSelector

Field	Description	Validation
`host` ShortString	Host is the hostname or IP address of the MCPBackend target.	MaxLength: 256 MinLength: 1 Required: {}
`port` integer	Port is the port number of the MCPBackend target.	Maximum: 65535 Minimum: 1 Required: {}
`path` LongString	Path is the URL path of the MCPBackend target endpoint. Defaults to “/sse” for SSE protocol or “/mcp” for StreamableHTTP protocol if not specified.	MaxLength: 1024 MinLength: 1 Optional: {}
`protocol` MCPProtocol	Protocol is the protocol to use for the connection to the MCPBackend target.	Enum: [StreamableHTTP SSE] Optional: {}
`policies` BackendWithMCP	policies controls policies for communicating with this backend. Policies may also be set in AgentgatewayPolicy, or in the top level AgentgatewayBackend. Policies are merged on a field-level basis, with order: AgentgatewayPolicy «br />AgentgatewayBackend < AgentgatewayBackend MCP (this field).	AtLeastOneOf: [tcp tls http auth mcp] Optional: {}

McpTargetSelector

McpTargetSelector defines the MCPBackend target to use for this backend.

Validation:

ExactlyOneOf: [selector static]

Appears in:

MCPBackend

Field	Description	Validation
`name` SectionName	Name of the MCPBackend target.	Required: {}
`selector` McpSelector	selector is a label selector is the selector to use to select Services. If policies are needed on a per-service basis, AgentgatewayPolicy can target the desired Service.	AtLeastOneOf: [namespaces services] Optional: {}
`static` McpTarget	static configures a static MCP destination. When connecting to in-cluster Services, it is recommended to use ‘selector’ instead.	Optional: {}

Message

An entry for a message to prepend or append to each prompt.

Appears in:

AIPromptEnrichment

Field	Description	Default	Validation
`role` string	Role of the message. The available roles depend on the backend LLM provider model, such as `SYSTEM` or `USER` in the OpenAI API.		Required: {}
`content` string	String content of the message.		Required: {}

NamedLLMProvider

Appears in:

PriorityGroup

Field	Description	Validation
`name` SectionName	Name of the provider. Policies can target this provider by name.	Required: {}
`policies` BackendWithAI	policies controls policies for communicating with this backend. Policies may also be set in AgentgatewayPolicy, or in the top level AgentgatewayBackend. policies are merged on a field-level basis, with order: AgentgatewayPolicy «br />AgentgatewayBackend < AgentgatewayBackend LLM provider (this field).	AtLeastOneOf: [tcp tls http auth ai] Optional: {}
`openai` OpenAIConfig	OpenAI provider	Optional: {}
`azureopenai` AzureOpenAIConfig	Azure OpenAI provider	Optional: {}
`anthropic` AnthropicConfig	Anthropic provider	Optional: {}
`gemini` GeminiConfig	Gemini provider	Optional: {}
`vertexai` VertexAIConfig	Vertex AI provider	Optional: {}
`bedrock` BedrockConfig	Bedrock provider	Optional: {}
`host` ShortString	Host specifies the hostname to send the requests to. If not specified, the default hostname for the provider is used.	MaxLength: 256 MinLength: 1 Optional: {}
`port` integer	Port specifies the port to send the requests to.	Maximum: 65535 Minimum: 1 Optional: {}
`path` LongString	Path specifies the URL path to use for the LLM provider API requests. This is useful when you need to route requests to a different API endpoint while maintaining compatibility with the original provider’s API structure. If not specified, the default path for the provider is used.	MaxLength: 1024 MinLength: 1 Optional: {}

OpenAIConfig

OpenAIConfig settings for the OpenAI LLM provider.

Appears in:

LLMProvider
NamedLLMProvider

Field	Description	Default	Validation
`model` ShortString	Optional: Override the model name, such as `gpt-4o-mini`. If unset, the model name is taken from the request.		MaxLength: 256 MinLength: 1 Optional: {}

OpenAIModeration

Appears in:

PromptguardRequest

Field	Description	Default	Validation
`model` string	model specifies the moderation model to use. For example, `omni-moderation`.		Optional: {}
`policies` BackendSimple	policies controls policies for communicating with OpenAI.		Optional: {}

PolicyPhase

Underlying type: string

Validation:

Enum: [PreRouting PostRouting]

Appears in:

Traffic

Field	Description
`PreRouting`
`PostRouting`

PriorityGroup

Appears in:

AIBackend

Field	Description	Default	Validation
`providers` NamedLLMProvider array	providers specifies a list of LLM providers within this group. Each provider is treated equally in terms of priority, with automatic weighting based on health.		MaxItems: 32 MinItems: 1 Required: {}

PromptCachingConfig

PromptCachingConfig configures automatic prompt caching for supported LLM providers. Currently only AWS Bedrock supports this feature (Claude 3+ and Nova models).

When enabled, the gateway automatically inserts cache points at strategic locations to reduce API costs. Bedrock charges lower rates for cached tokens (90% discount).

Example:

promptCaching:
  cacheSystem: true       # Cache system prompts
  cacheMessages: true     # Cache conversation history
  cacheTools: false       # Don't cache tool definitions
  minTokens: 1024         # Only cache if ≥1024 tokens

Cost savings example:

Without caching: 10,000 tokens × $3/MTok = $0.03
With caching (90% cached): 1,000 × $3/MTok + 9,000 × $0.30/MTok = $0.0057 (81% savings)

Appears in:

BackendAI

Field	Description	Default	Validation
`cacheSystem` boolean	CacheSystem enables caching for system prompts. Inserts a cache point after all system messages.	true	Optional: {}
`cacheMessages` boolean	CacheMessages enables caching for conversation messages. Caches all messages in the conversation for cost savings.	true	Optional: {}
`cacheTools` boolean	CacheTools enables caching for tool definitions. Inserts a cache point after all tool specifications.	false	Optional: {}
`minTokens` integer	MinTokens specifies the minimum estimated token count before caching is enabled. Uses rough heuristic (word count × 1.3) to estimate tokens. Bedrock requires at least 1,024 tokens for caching to be effective.	1024	Minimum: 0 Optional: {}

PromptguardRequest

PromptguardRequest defines the prompt guards to apply to requests sent by the client.

Validation:

ExactlyOneOf: [regex webhook openAIModeration]

Appears in:

AIPromptGuard

Field	Description	Validation
`response` CustomResponse	A custom response message to return to the client. If not specified, defaults to “The request was rejected due to inappropriate content”.	AtLeastOneOf: [message statusCode] Optional: {}
`regex` Regex	Regular expression (regex) matching for prompt guards and data masking.	Optional: {}
`webhook` Webhook	Configure a webhook to forward requests to for prompt guarding.	Optional: {}
`openAIModeration` OpenAIModeration	openAIModeration passes prompt data through the OpenAI Moderations endpoint. See https://developers.openai.com/api/reference/resources/moderations for more information.	Optional: {}

PromptguardResponse

PromptguardResponse configures the response that the prompt guard applies to responses returned by the LLM provider.

Validation:

ExactlyOneOf: [regex webhook]

Appears in:

AIPromptGuard

Field	Description	Validation
`response` CustomResponse	A custom response message to return to the client. If not specified, defaults to “The response was rejected due to inappropriate content”.	AtLeastOneOf: [message statusCode] Optional: {}
`regex` Regex	Regular expression (regex) matching for prompt guards and data masking.	Optional: {}
`webhook` Webhook	Configure a webhook to forward responses to for prompt guarding.	Optional: {}

RateLimitDescriptor

Appears in:

GlobalRateLimit

Field	Description	Default	Validation
`entries` RateLimitDescriptorEntry array	entries are the individual components that make up this descriptor.		MaxItems: 16 MinItems: 1 Required: {}
`unit` RateLimitUnit	unit defines what to use as the cost function. If unspecified, Requests is used.		Enum: [Requests Tokens] Optional: {}

RateLimitDescriptorEntry

A descriptor entry defines a single entry in a rate limit descriptor.

Appears in:

RateLimitDescriptor

Field	Description	Default	Validation
`name` TinyString	name specifies the name of the descriptor.		MaxLength: 64 MinLength: 1 Required: {}
`expression` CELExpression	expression is a Common Expression Language (CEL) expression that defines the value for the descriptor. For example, to rate limit based on the Client IP: `source.address`. See https://agentgateway.dev/docs/standalone/latest/reference/cel/ for more info.		MaxLength: 16384 MinLength: 1 Required: {}

RateLimitUnit

Underlying type: string

Appears in:

RateLimitDescriptor

Field	Description
`Tokens`
`Requests`

RateLimits

Validation:

AtLeastOneOf: [local global]

Appears in:

Traffic

Field	Description	Default	Validation
`local` LocalRateLimit array	Local defines a local rate limiting policy.		ExactlyOneOf: [requests tokens] MaxItems: 16 MinItems: 1 Optional: {}
`global` GlobalRateLimit	Global defines a global rate limiting policy using an external service.		Optional: {}

Regex

Regex configures the regular expression (regex) matching for prompt guards and data masking.

Appears in:

PromptguardRequest
PromptguardResponse

Field	Description	Default	Validation
`matches` LongString array	A list of regex patterns to match against the request or response. Matches and built-ins are additive.		MaxLength: 1024 MinLength: 1 Optional: {}
`builtins` BuiltIn array	A list of built-in regex patterns to match against the request or response. Matches and built-ins are additive.		Enum: [Ssn CreditCard PhoneNumber Email CaSin] Optional: {}
`action` Action	The action to take if a regex pattern is matched in a request or response. This setting applies only to request matches. PromptguardResponse matches are always masked by default. Defaults to `Mask`.	Mask	Enum: [Mask Reject] Optional: {}

RemoteJWKS

Appears in:

JWKS
MCPAuthentication

Field	Description	Default	Validation
`jwksPath` string	Path to IdP jwks endpoint, relative to the root, commonly “.well-known/jwks.json”.		MaxLength: 2000 MinLength: 1 Required: {}
`cacheDuration` Duration		5m	Optional: {}
`backendRef` BackendObjectReference	backendRef references the remote JWKS server to reach. Supported types are Service and (static) Backend. An AgentgatewayPolicy containing backend tls config can then be attached to the service/backend in order to set tls options for a connection to the remote jwks source.		Required: {}

ResourceAdd

Appears in:

Tracing

Field	Description	Default	Validation
`name` ShortString			MaxLength: 256 MinLength: 1 Required: {}
`expression` CELExpression			MaxLength: 16384 MinLength: 1 Required: {}

Retry

Retry defines the retry policy

Appears in:

Traffic

RouteType

Underlying type: string

RouteType specifies how the AI gateway should process incoming requests based on the URL path and the API format expected.

Validation:

Enum: [Completions Messages Models Passthrough Responses AnthropicTokenCount Embeddings]

Appears in:

BackendAI

Field	Description
`Completions`	RouteTypeCompletions processes OpenAI /v1/chat/completions format requests
`Messages`	RouteTypeMessages processes Anthropic /v1/messages format requests
`Models`	RouteTypeModels handles /v1/models endpoint (returns available models)
`Passthrough`	RouteTypePassthrough sends requests to upstream as-is without LLM processing
`Responses`	RouteTypeResponses processes OpenAI /v1/responses format requests
`AnthropicTokenCount`	RouteTypeAnthropicTokenCount processes Anthropic /v1/messages/count_tokens format requests
`Embeddings`	RouteTypeEmbeddings processes OpenAI /v1/embeddings format requests
`Realtime`	RouteTypeRealtime processes OpenAI /v1/realtime requests

SecretSelector

Appears in:

APIKeyAuthentication

Field	Description	Default	Validation
`matchLabels` object (keys:string, values:string)	Label selector to select the target resource.		Required: {}

SessionRouting

Underlying type: string

Validation:

Enum: [Stateful Stateless]

Appears in:

MCPBackend

Field	Description
`Stateful`	Stateful mode creates an MCP session (via mcp-session-id) and internally ensures requests for that session are routed to a consistent backend replica.
`Stateless`

ShutdownSpec

Appears in:

AgentgatewayParametersConfigs
AgentgatewayParametersSpec

Field	Description	Default	Validation
`min` integer	Minimum time (in seconds) to wait before allowing Agentgateway to terminate. Refer to the CONNECTION_MIN_TERMINATION_DEADLINE environment variable for details.		Maximum: 3.1536e+07 Minimum: 0 Required: {}
`max` integer	Maximum time (in seconds) to wait before allowing Agentgateway to terminate. Refer to the TERMINATION_GRACE_PERIOD_SECONDS environment variable for details.		Maximum: 3.1536e+07 Minimum: 0 Required: {}

StaticBackend

Appears in:

AgentgatewayBackendSpec

Field	Description	Default	Validation
`host` ShortString	host to connect to.		MaxLength: 256 MinLength: 1 Required: {}
`port` integer	port to connect to.		Maximum: 65535 Minimum: 1 Required: {}

TLSVersion

Underlying type: string

Validation:

Enum: [1.2 1.3]

Appears in:

FrontendTLS

Field	Description
`1.2`	agentgateway currently only supports TLS 1.2 and TLS 1.3
`1.3`

Timeouts

Appears in:

Traffic

Field	Description	Default	Validation
`request` Duration	request specifies a timeout for an individual request from the gateway to a backend. This covers the time from when the request first starts being sent from the gateway to when the full response has been received from the backend.		Optional: {}

Tracing

Appears in:

Frontend

Field	Description	Default	Validation
`backendRef` BackendObjectReference	backendRef references the OTLP server to reach. Supported types: Service and AgentgatewayBackend.		Required: {}
`protocol` TracingProtocol	protocol specifies the OTLP protocol variant to use.	HTTP	Enum: [HTTP GRPC] Optional: {}
`attributes` LogTracingAttributes	attributes specify customizations to the key-value pairs that are included in the trace.		AtLeastOneOf: [remove add] Optional: {}
`resources` ResourceAdd array	resources describe the entity producing telemetry and specify the resources to be included in the trace.		Optional: {}
`randomSampling` CELExpression	randomSampling is an expression to determine the amount of random sampling. Random sampling will initiate a new trace span if the incoming request does not have a trace initiated already. This should evaluate to a float between 0.0-1.0, or a boolean (true/false) If unspecified, random sampling is disabled.		MaxLength: 16384 MinLength: 1 Optional: {}
`clientSampling` CELExpression	clientSampling is an expression to determine the amount of client sampling. Client sampling determines whether to initiate a new trace span if the incoming request does have a trace already. This should evaluate to a float between 0.0-1.0, or a boolean (true/false) If unspecified, client sampling is 100% enabled.		MaxLength: 16384 MinLength: 1 Optional: {}

TracingProtocol

Underlying type: string

Appears in:

Tracing

Field	Description
`HTTP`
`GRPC`

Traffic

Appears in:

AgentgatewayPolicySpec

Field	Description	Validation
`phase` PolicyPhase	The phase to apply the traffic policy to. If the phase is PreRouting, the targetRef must be a Gateway or a Listener. PreRouting is typically used only when a policy needs to influence the routing decision. Even when using PostRouting mode, the policy can target the Gateway/Listener. This is a helper for applying the policy to all routes under that Gateway/Listener, and follows the merging logic described above. Note: PreRouting and PostRouting rules do not merge together. These are independent execution phases. That is, all PreRouting rules will merge and execute, then all PostRouting rules will merge and execute. If unset, this defaults to PostRouting.	Enum: [PreRouting PostRouting] Optional: {}
`transformation` Transformation	transformation is used to mutate and transform requests and responses before forwarding them to the destination.	AtLeastOneOf: [request response] Optional: {}
`extProc` ExtProc	extProc specifies the external processing configuration for the policy.	Optional: {}
`extAuth` ExtAuth	extAuth specifies the external authentication configuration for the policy. This controls what external server to send requests to for authentication.	ExactlyOneOf: [grpc http] Optional: {}
`rateLimit` RateLimits	rateLimit specifies the rate limiting configuration for the policy. This controls the rate at which requests are allowed to be processed.	AtLeastOneOf: [local global] Optional: {}
`cors` CORS	cors specifies the CORS configuration for the policy.	Optional: {}
`csrf` CSRF	csrf specifies the Cross-Site Request Forgery (CSRF) policy for this traffic policy. The CSRF policy has the following behavior: * Safe methods (GET, HEAD, OPTIONS) are automatically allowed * Requests without Sec-Fetch-Site or Origin headers are assumed to be same-origin or non-browser requests and are allowed. * Otherwise, the Sec-Fetch-Site header is checked, with a fallback to comparing the Origin header to the Host header.	Optional: {}
`headerModifiers` HeaderModifiers	headerModifiers defines the policy to modify request and response headers.	Optional: {}
`hostRewrite` HostnameRewrite	hostRewrite specifies how to rewrite the Host header for requests. If the HTTPRoute `urlRewrite` filter already specifies a host rewrite, this setting is ignored.	Enum: [Auto None] Optional: {}
`timeouts` Timeouts	timeouts defines the timeouts for requests It is applicable to HTTPRoutes and ignored for other targeted kinds.	Optional: {}
`retry` Retry	retry defines the policy for retrying requests.	Optional: {}
`authorization` Authorization	authorization specifies the access rules based on roles and permissions. If multiple authorization rules are applied across different policies (at the same, or different, attahcment points), all rules are merged.	Optional: {}
`jwtAuthentication` JWTAuthentication	jwtAuthentication authenticates users based on JWT tokens.	Optional: {}
`basicAuthentication` BasicAuthentication	basicAuthentication authenticates users based on the “Basic” authentication scheme (RFC 7617), where a username and password are encoded in the request.	ExactlyOneOf: [users secretRef] Optional: {}
`apiKeyAuthentication` APIKeyAuthentication	apiKeyAuthentication authenticates users based on a configured API Key.	ExactlyOneOf: [secretRef secretSelector] Optional: {}
`directResponse` DirectResponse	direct response configures the policy to send a direct response to the client.	Optional: {}

Transform

Validation:

AtLeastOneOf: [set add remove body]

Appears in:

Transformation

Field	Description	Validation
`set` HeaderTransformation array	set is a list of headers and the value they should be set to.	MaxItems: 16 MinItems: 1 Optional: {}
`add` HeaderTransformation array	add is a list of headers to add to the request and what that value should be set to. If there is already a header with these values then append the value as an extra entry.	MaxItems: 16 MinItems: 1 Optional: {}
`remove` HeaderName array	Remove is a list of header names to remove from the request/response.	MaxItems: 16 MaxLength: 256 MinItems: 1 MinLength: 1 Pattern: `^:?[A-Za-z0-9!#$%&'*+\-.^_\x60\|~]+$` Optional: {}
`body` CELExpression	body controls manipulation of the HTTP body.	MaxLength: 16384 MinLength: 1 Optional: {}

Transformation

Validation:

AtLeastOneOf: [request response]

Appears in:

Traffic

Field	Description	Default	Validation
`request` Transform	request is used to modify the request path.		AtLeastOneOf: [set add remove body] Optional: {}
`response` Transform	response is used to modify the response path.		AtLeastOneOf: [set add remove body] Optional: {}

VertexAIConfig

VertexAIConfig settings for the Vertex AI LLM provider.

Appears in:

LLMProvider
NamedLLMProvider

Field	Description	Validation
`model` ShortString	Optional: Override the model name, such as `gpt-4o-mini`. If unset, the model name is taken from the request.	MaxLength: 256 MinLength: 1 Optional: {}
`projectId` TinyString	The ID of the Google Cloud Project that you use for the Vertex AI.	MaxLength: 64 MinLength: 1 Required: {}
`region` TinyString	The location of the Google Cloud Project that you use for the Vertex AI.	MaxLength: 64 MinLength: 1 Required: {}

Webhook

Webhook configures a webhook to forward requests or responses to for prompt guarding.

Appears in:

PromptguardRequest
PromptguardResponse

Field	Description	Default	Validation
`backendRef` BackendObjectReference	backendRef references the webhook server to reach. Supported types: Service and Backend.		Required: {}
`forwardHeaderMatches` HTTPHeaderMatch array	ForwardHeaderMatches defines a list of HTTP header matches that will be used to select the headers to forward to the webhook. Request headers are used when forwarding requests and response headers are used when forwarding responses. By default, no headers are forwarded.		Optional: {}

Shared Types

The following types are defined in the shared package and used across multiple APIs.

Authorization

Authorization defines the configuration for role-based access control.

Field	Type	Description
`policy`	AuthorizationPolicy	Policy specifies the Authorization rule to evaluate. A policy matches when any of the conditions evaluates to true. Required.
`action`	AuthorizationPolicyAction	Action defines whether the rule allows or denies the request if matched. If unspecified, the default is “Allow”.

AuthorizationPolicy

AuthorizationPolicy defines a single Authorization rule.

Field	Type	Description
`matchExpressions`	[]CELExpression	MatchExpressions defines a set of conditions that must be satisfied for the rule to match. These expression should be in the form of a Common Expression Language (CEL) expression. Required.

AuthorizationPolicyAction

Underlying type: string

AuthorizationPolicyAction defines the action to take when the RBACPolicies matches.

CELExpression

Underlying type: string

CELExpression represents a Common Expression Language (CEL) expression.

Validation:

MinLength=1
MaxLength=16384

HeaderModifiers

HeaderModifiers can be used to define the policy to modify request and response headers.

Validation:

AtLeastOneOf=request;response

Field	Type	Description
`request`	*gwv1.HTTPHeaderFilter	Request modifies request headers.
`response`	*gwv1.HTTPHeaderFilter	Response modifies response headers.

KubernetesResourceOverlay

KubernetesResourceOverlay provides a mechanism to customize generated Kubernetes resources using Strategic Merge Patch semantics. # Overlay Application Order Overlays are applied after all typed configuration fields have been processed. The full merge order is: 1. GatewayClass typed configuration fields (e.g., replicas, image settings from parametersRef) 2. Gateway typed configuration fields (from infrastructure.parametersRef) 3. GatewayClass overlays are applied 4. Gateway overlays are applied This ordering means Gateway-level configuration overrides GatewayClass-level configuration at each stage. For example, if both levels set the same label, the Gateway value wins.

Field	Type	Description
`metadata`	*ObjectMetadata	metadata defines a subset of object metadata to be customized. Labels and annotations are merged with existing values. If both GatewayClass and Gateway parameters define the same label or annotation key, the Gateway value takes precedence (applied second).
`spec`	*apiextensionsv1.JSON	Spec provides an opaque mechanism to configure the resource Spec. This field accepts a complete or partial Kubernetes resource spec (e.g., PodSpec, ServiceSpec) and will be merged with the generated configuration using Strategic Merge Patch semantics. # Application Order Overlays are applied after all typed configuration fields from both levels. The full merge order is: 1. GatewayClass typed configuration fields 2. Gateway typed configuration fields 3. GatewayClass overlays 4. Gateway overlays (can override all previous values) # Strategic Merge Patch & Deletion Guide This merge strategy allows you to override individual fields, merge lists, or delete items without needing to provide the entire resource definition. 1. Replacing Values (Scalars): Simple fields (strings, integers, booleans) in your config will overwrite the generated defaults. 2. Merging Lists (Append/Merge): Lists with “merge keys” (like `containers` which merges on `name`, or `tolerations` which merges on `key`) will append your items to the generated list, or update existing items if keys match. 3. Deleting Fields or List Items ($patch: delete): To remove a field or list item from the generated resource, use the `$patch: delete` directive. This works for both map fields and list items, and is the recommended approach because it works with both client-side and server-side apply. spec: template: spec: # Delete pod-level securityContext securityContext: $patch: delete # Delete nodeSelector nodeSelector: $patch: delete containers: # Be sure to use the correct proxy name here or you will add a container instead of modifying a container: - name: proxy-name # Delete container-level securityContext securityContext: $patch: delete 4. Null Values (server-side apply only): Setting a field to `null` can also remove it, but this ONLY works with `kubectl apply --server-side` or equivalent. With regular client-side `kubectl apply`, null values are stripped by kubectl before reaching the API server, so the deletion won’t occur. Prefer `$patch: delete` for consistent behavior across both apply modes. spec: template: spec: nodeSelector: null # Removes nodeSelector (server-side apply only!) 5. Replacing Maps Entirely ($patch: replace): To replace an entire map with your values (instead of merging), use `$patch: replace`. This removes all existing keys and replaces them with only your specified keys. spec: template: spec: nodeSelector: $patch: replace custom-key: custom-value 6. Replacing Lists Entirely ($patch: replace): If you want to strictly define a list and ignore all generated defaults, use `$patch: replace`. service: spec: ports: - $patch: replace - name: http port: 80 targetPort: 8080 protocol: TCP - name: https port: 443 targetPort: 8443 protocol: TCP

LongString

Underlying type: string

Validation:

MinLength=1
MaxLength=1024

ObjectMetadata

ObjectMetadata contains labels and annotations for metadata overlays.

Field	Type	Description
`labels`	map[string]string	Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
`annotations`	map[string]string	Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/

PolicyAncestorStatus

Field	Type	Description
`ancestorRef`	gwv1.ParentReference	AncestorRef corresponds with a ParentRef in the spec that this PolicyAncestorStatus struct describes the status of. Required.
`controllerName`	string	ControllerName is a domain/path string that indicates the name of the controller that wrote this status. This corresponds with the controllerName field on GatewayClass. Example: “example.net/gateway-controller”. The format of this field is DOMAIN “/” PATH, where DOMAIN and PATH are valid Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). Controllers MUST populate this field when writing status. Controllers should ensure that entries to status populated with their ControllerName are cleaned up when they are no longer necessary. Required.
`conditions`	[]metav1.Condition	Conditions describes the status of the Policy with respect to the given Ancestor.

PolicyStatus

Field	Type	Description
`conditions`	[]metav1.Condition
`ancestors`	[]PolicyAncestorStatus	Required.

SNI

Underlying type: string

Validation:

MinLength=1
MaxLength=253
Pattern=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$

ShortString

Underlying type: string

Validation:

MinLength=1
MaxLength=256

TinyString

Underlying type: string

Validation:

MinLength=1
MaxLength=64

CEL expressions