API reference

Review the API reference documentation for kgateway with the agentgateway data plane.

Looking for the Envoy data plane APIs instead? See the kgateway with Envoy API docs.

Packages

agentgateway.dev/v1alpha1

agentgateway.dev/v1alpha1

Resource Types

AgentgatewayBackend
AgentgatewayParameters
AgentgatewayPolicy

AIBackend

AIBackend specifies the AI backend configuration

Validation:

ExactlyOneOf: [provider groups]

Appears in:

AgentgatewayBackendSpec

Field	Description	Default	Validation
`provider` LLMProvider	`provider` specifies configuration for how to reach the configured LLM provider.		ExactlyOneOf: [openai azureopenai anthropic gemini vertexai bedrock] Optional: {}
`groups` PriorityGroup array	`groups` specifies a list of groups in priority order where each group defines a set of LLM providers. The priority determines the priority of the backend endpoints chosen. Note: provider names must be unique across all providers in all priority groups. Backend policies may target a specific provider by name using `targetRefs[].sectionName`. Example configuration with two priority groups: groups: - providers: - azureopenai: deploymentName: gpt-4o-mini apiVersion: 2024-02-15-preview endpoint: ai-gateway.openai.azure.com - providers: - azureopenai: deploymentName: gpt-4o-mini-2 apiVersion: 2024-02-15-preview endpoint: ai-gateway-2.openai.azure.com policies: auth: secretRef: name: azure-secret		MaxItems: 8 MinItems: 1 Optional: {}

AIPromptEnrichment

AIPromptEnrichment defines the config to enrich requests sent to the LLM provider by appending and prepending system prompts.

Prompt enrichment allows you to add additional context to the prompt before sending it to the model. Unlike RAG or other dynamic context methods, prompt enrichment is static and is applied to every request.

Note: Some providers, including Anthropic, do not support SYSTEM role messages, and instead have a dedicated system field in the input JSON. In this case, use the defaults setting to set the system field.

The following example prepends a system prompt of Answer all questions in French. and appends Describe the painting as if you were a famous art critic from the 17th century. to each request that is sent to the openai HTTPRoute.

name: openai-opt
namespace: agentgateway-system

spec:

targetRefs:
- group: gateway.networking.k8s.io
  kind: HTTPRoute
  name: openai
ai:
    promptEnrichment:
      prepend:
      - role: SYSTEM
        content: "Answer all questions in French."
      append:
      - role: USER
        content: "Describe the painting as if you were a famous art critic from the 17th century."

Appears in:

BackendAI

Field	Description	Default	Validation
`prepend` Message array	A list of messages to be prepended to the prompt sent by the client.		Optional: {}
`append` Message array	A list of messages to be appended to the prompt sent by the client.		Optional: {}

AIPromptGuard

AIPromptGuard configures a prompt guards to block unwanted requests to the LLM provider and mask sensitive data. Prompt guards can be used to reject requests based on the content of the prompt, as well as mask responses based on the content of the response.

This example rejects any request prompts that contain the string “credit card”, and masks any credit card numbers in the response.

promptGuard:
	request:
	- response:
	    message: "Rejected due to inappropriate content"
	  regex:
	    action: REJECT
	    matches:
	    - pattern: "credit card"
	      name: "CC"
	response:
	- regex:
	    builtins:
	    - CREDIT_CARD
	    action: MASK

Appears in:

BackendAI

Field	Description	Default	Validation
`request` PromptguardRequest array	Prompt guards to apply to requests sent by the client.		ExactlyOneOf: [regex webhook openAIModeration bedrockGuardrails googleModelArmor] MaxItems: 8 MinItems: 1 Optional: {}
`response` PromptguardResponse array	Prompt guards to apply to responses returned by the LLM provider.		ExactlyOneOf: [regex webhook bedrockGuardrails googleModelArmor] MaxItems: 8 MinItems: 1 Optional: {}

APIKeyAuthentication

Validation:

ExactlyOneOf: [secretRef secretSelector]

Appears in:

Traffic

Field	Description	Default	Validation
`mode` APIKeyAuthenticationMode	`mode` is the validation mode for API key authentication.	Strict	Enum: [Strict Optional] Optional: {}
`secretRef` LocalObjectReference	`secretRef` references a Kubernetes `Secret` storing a set of API keys. If there are many keys, `secretSelector` can be used instead. Each entry in the `Secret` represents one API key. The key is an arbitrary identifier. The value can either be: * A string representing the API key. * A JSON object with two fields, `key` and `metadata`. `key` contains the API key. `metadata` contains arbitrary JSON metadata associated with the key, which may be used by other policies. For example, you may write an authorization policy allowing `apiKey.group == 'sales'`. Example: apiVersion: v1 kind: Secret metadata: name: api-key stringData: client1: \| { “key”: “k-123”, “metadata”: { “group”: “sales”, “created_at”: “2024-10-01T12:00:00Z” } } client2: “k-456”		Optional: {}
`secretSelector` SecretSelector	`secretSelector` selects multiple `Secret` resources containing API keys. If the same key is defined in multiple secrets, the behavior is undefined. Each entry in the `Secret` represents one API key. The key is an arbitrary identifier. The value can either be: * A string representing the API key. * A JSON object with two fields, `key` and `metadata`. `key` contains the API key. `metadata` contains arbitrary JSON metadata associated with the key, which may be used by other policies. For example, you may write an authorization policy allowing `apiKey.group == 'sales'`. Example: apiVersion: v1 kind: Secret metadata: name: api-key stringData: client1: \| { “key”: “k-123”, “metadata”: { “group”: “sales”, “created_at”: “2024-10-01T12:00:00Z” } } client2: “k-456”		Optional: {}

APIKeyAuthenticationMode

Underlying type: string

Validation:

Enum: [Strict Optional]

Appears in:

APIKeyAuthentication

Field	Description
`Strict`	A valid API Key must be present. This is the default option.
`Optional`	If an API Key exists, validate it. Warning: this allows requests without an API Key!

AWSGuardrailConfig

Appears in:

BedrockConfig

Field	Description	Default	Validation
`identifier` ShortString	GuardrailIdentifier is the identifier of the Guardrail policy to use for the backend.		MaxLength: 256 MinLength: 1 Required: {}
`version` ShortString	GuardrailVersion is the version of the Guardrail policy to use for the backend.		MaxLength: 256 MinLength: 1 Required: {}

AccessLog

AccessLog specifies how per-request access logs are emitted.

Appears in:

Frontend

Field	Description	Validation
`filter` CELExpression	`filter` specifies a CEL expression that is used to filter logs. A log will only be emitted if the expression evaluates to `true`.	Optional: {}
`attributes` LogTracingAttributes	`attributes` specifies customizations to the key-value pairs that are logged.	Optional: {}
`otlp` OtlpAccessLog	`otlp` configures OTLP access log export to an OpenTelemetry-compatible backend.	Optional: {}

Action

Underlying type: string

Action to take if a regex pattern is matched in a request or response. This setting applies only to request matches. PromptguardResponse matches are always masked by default.

Validation:

Enum: [Mask Reject]

Appears in:

Regex

Field	Description
`Mask`	Mask the matched data in the request.
`Reject`	Reject the request if the regex matches content in the request.

AgentExtAuthGRPC

Appears in:

ExtAuth

Field	Description	Default	Validation
`contextExtensions` object (keys:string, values:string)	`contextExtensions` specifies additional arbitrary key-value pairs to send to the authorization server in the `context_extensions` field.		MaxProperties: 64 Optional: {}
`requestMetadata` object (keys:string, values:CELExpression)	`requestMetadata` specifies metadata to be sent to the authorization server. This maps to the `metadata_context.filter_metadata` field of the request, and allows dynamic CEL expressions. If unset, by default the `envoy.filters.http.jwt_authn` key is set if the JWT policy is used as well, for compatibility.		MaxProperties: 64 Optional: {}

AgentExtAuthHTTP

Appears in:

ExtAuth

Field	Description	Validation
`path` CELExpression	`path` specifies the path to send to the authorization server. If unset, this defaults to the original request path. This is a CEL expression, which allows customizing the path based on the incoming request. For example, to add a prefix, use `"/prefix/" + request.path`.	Optional: {}
`redirect` CELExpression	`redirect` defines an optional expression to determine a path to redirect to on authorization failure. This is useful to redirect to a sign-in page.	Optional: {}
`allowedRequestHeaders` ShortString array	`allowedRequestHeaders` specifies what additional headers from the client request will be sent to the authorization server. If unset, the following headers are sent by default: `Authorization`.	MaxItems: 64 MaxLength: 256 MinLength: 1 Optional: {}
`addRequestHeaders` object (keys:string, values:CELExpression)	`addRequestHeaders` specifies what additional headers to add to the request to the authorization server. While `allowedRequestHeaders` just passes the original headers through, `addRequestHeaders` allows defining custom headers based on CEL expressions.	MaxProperties: 64 Optional: {}
`allowedResponseHeaders` ShortString array	`allowedResponseHeaders` specifies what headers from the authorization response will be copied into the request to the backend.	MaxItems: 64 MaxLength: 256 MinLength: 1 Optional: {}
`responseMetadata` object (keys:string, values:CELExpression)	`responseMetadata` specifies what metadata fields should be constructed from the authorization response. These will be included under the `extauthz` variable in future CEL expressions. Setting this is useful for things like logging usernames, without needing to include them as headers to the backend, as `allowedResponseHeaders` would.	MaxProperties: 64 Optional: {}

AgentgatewayBackend

Field	Description	Validation
`apiVersion` string	`agentgateway.dev/v1alpha1`
`kind` string	`AgentgatewayBackend`
`kind` string	Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds	Optional: {}
`apiVersion` string	APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources	Optional: {}
`metadata` ObjectMeta	Refer to Kubernetes API documentation for fields of `metadata`.	Optional: {}
`spec` AgentgatewayBackendSpec	spec defines the desired state of AgentgatewayBackend.	ExactlyOneOf: [ai static dynamicForwardProxy mcp aws] Required: {}
`status` AgentgatewayBackendStatus	status defines the current state of AgentgatewayBackend.	Optional: {}

AgentgatewayBackendSpec

Validation:

ExactlyOneOf: [ai static dynamicForwardProxy mcp aws]

Appears in:

AgentgatewayBackend

Field	Description	Validation
`static` StaticBackend	static represents a static hostname.	Optional: {}
`ai` AIBackend	ai represents a LLM backend.	ExactlyOneOf: [provider groups] Optional: {}
`mcp` MCPBackend	mcp represents an MCP backend	Optional: {}
`dynamicForwardProxy` DynamicForwardProxyBackend	dynamicForwardProxy configures the proxy to dynamically send requests to the destination based on the incoming request HTTP host header, or TLS SNI for TLS traffic. Note: this Backend type enables users to send trigger the proxy to send requests to arbitrary destinations. Proper access controls must be put in place when using this backend type.	Optional: {}
`aws` AwsBackend	aws represents an AWS service backend (AgentCore, etc.).	ExactlyOneOf: [agentCore] Optional: {}
`policies` BackendFull	policies controls policies for communicating with this backend. Policies may also be set in AgentgatewayPolicy; policies are merged on a field-level basis, with policies on the Backend (this field) taking precedence.	Optional: {}

AgentgatewayBackendStatus

AgentgatewayBackend defines the observed state of AgentgatewayBackend.

Appears in:

AgentgatewayBackend

Field	Description	Default	Validation
`conditions` Condition array	Conditions is the list of conditions for the backend.		MaxItems: 8 Optional: {}

AgentgatewayParameters

AgentgatewayParameters are configuration that is used to dynamically provision the agentgateway data plane. Labels and annotations that apply to all resources may be specified at a higher level; see https://gateway-api.sigs.k8s.io/reference/spec/#gatewayinfrastructure

Field	Description	Validation
`apiVersion` string	`agentgateway.dev/v1alpha1`
`kind` string	`AgentgatewayParameters`
`kind` string	Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds	Optional: {}
`apiVersion` string	APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources	Optional: {}
`metadata` ObjectMeta	Refer to Kubernetes API documentation for fields of `metadata`.	Optional: {}
`spec` AgentgatewayParametersSpec	spec defines the desired state of AgentgatewayParameters.	Required: {}
`status` AgentgatewayParametersStatus	status defines the current state of AgentgatewayParameters.	Optional: {}

AgentgatewayParametersConfigs

Appears in:

AgentgatewayParametersSpec

Field	Description	Validation
`logging` AgentgatewayParametersLogging	`logging` configuration for Agentgateway. By default, all logs are set to `info` level.	Optional: {}
`rawConfig` JSON	`rawConfig` provides an opaque mechanism to configure the `agentgateway` config file. The `agentgateway` binary has a `-f` option to specify a config file, and this field supplies that file. This will be merged with configuration derived from typed fields like `logging.format`, and those typed fields will take precedence. Example: rawConfig: binds: - port: 3000 listeners: - routes: - policies: cors: allowOrigins: - “*" allowHeaders: - mcp-protocol-version - content-type - cache-control backends: - mcp: targets: - name: everything stdio: cmd: npx args: ["@modelcontextprotocol/server-everything”]	Type: object Optional: {}
`image` Image	The agentgateway container image. See https://kubernetes.io/docs/concepts/containers/images for details. Default values, which may be overridden individually: registry: cr.agentgateway.dev repository: agentgateway tag: pullPolicy: <omitted, relying on Kubernetes defaults which depend on the tag>	Optional: {}
`env` EnvVar array	The container environment variables. These override any existing values. If you want to delete an environment variable entirely, use `$patch: delete` with `AgentgatewayParametersOverlays` instead. Note that variable expansion does apply, but is highly discouraged – to set dependent environment variables, you can use `$(VAR_NAME)`, but it’s highly discouraged. `$$(VAR_NAME)` avoids expansion and results in a literal `$(VAR_NAME)`. If `SESSION_KEY` is specified, it takes precedence over the controller-managed per-`Gateway` session key `Secret`.	Optional: {}
`resources` ResourceRequirements	The compute resources required by this container. See https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ for details.	Optional: {}
`shutdown` ShutdownSpec	Shutdown delay configuration. How graceful planned or unplanned data plane changes happen is in tension with how quickly rollouts of the data plane complete. How long a data plane pod must wait for shutdown to be perfectly graceful depends on how you have configured your `Gateway` resources.	Optional: {}
`istio` IstioSpec	Configure Istio integration. If enabled, Agentgateway can natively connect to Istio enabled pods with mTLS.	Optional: {}

AgentgatewayParametersLogging

Appears in:

AgentgatewayParametersConfigs
AgentgatewayParametersSpec

Field	Description	Default	Validation
`level` string	Logging level in standard `RUST_LOG` syntax, for example `info` (the default), or a comma-separated per-module setting such as `rmcp=warn,hickory_server::server::server_future=off,typespec_client_core::http::policies::logging=warn`.		Optional: {}
`format` AgentgatewayParametersLoggingFormat			Enum: [json text] Optional: {}

AgentgatewayParametersLoggingFormat

Underlying type: string

The default logging format is text.

Validation:

Enum: [json text]

Appears in:

AgentgatewayParametersLogging

Field	Description
`json`
`text`

AgentgatewayParametersOverlays

Appears in:

AgentgatewayParametersSpec

Field	Description	Validation
`deployment` KubernetesResourceOverlay	`deployment` allows specifying overrides for the generated `Deployment` resource.	Optional: {}
`service` KubernetesResourceOverlay	`service` allows specifying overrides for the generated `Service` resource.	Optional: {}
`serviceAccount` KubernetesResourceOverlay	`serviceAccount` allows specifying overrides for the generated `ServiceAccount` resource.	Optional: {}
`podDisruptionBudget` KubernetesResourceOverlay	`podDisruptionBudget` allows creating a `PodDisruptionBudget` for the agentgateway proxy. If absent, no PDB is created. If present, a PDB is created with its selector automatically configured to target the agentgateway proxy `Deployment`. The `metadata` and `spec` fields from this overlay are applied to the generated PDB.	Optional: {}
`horizontalPodAutoscaler` KubernetesResourceOverlay	`horizontalPodAutoscaler` allows creating a `HorizontalPodAutoscaler` for the agentgateway proxy. If absent, no HPA is created. If present, an HPA is created with its `scaleTargetRef` automatically configured to target the agentgateway proxy `Deployment`. The `metadata` and `spec` fields from this overlay are applied to the generated HPA.	Optional: {}

AgentgatewayParametersSpec

Appears in:

AgentgatewayParameters

Field	Description	Validation
`logging` AgentgatewayParametersLogging	`logging` configuration for Agentgateway. By default, all logs are set to `info` level.	Optional: {}
`rawConfig` JSON	`rawConfig` provides an opaque mechanism to configure the `agentgateway` config file. The `agentgateway` binary has a `-f` option to specify a config file, and this field supplies that file. This will be merged with configuration derived from typed fields like `logging.format`, and those typed fields will take precedence. Example: rawConfig: binds: - port: 3000 listeners: - routes: - policies: cors: allowOrigins: - “*" allowHeaders: - mcp-protocol-version - content-type - cache-control backends: - mcp: targets: - name: everything stdio: cmd: npx args: ["@modelcontextprotocol/server-everything”]	Type: object Optional: {}
`image` Image	The agentgateway container image. See https://kubernetes.io/docs/concepts/containers/images for details. Default values, which may be overridden individually: registry: cr.agentgateway.dev repository: agentgateway tag: pullPolicy: <omitted, relying on Kubernetes defaults which depend on the tag>	Optional: {}
`env` EnvVar array	The container environment variables. These override any existing values. If you want to delete an environment variable entirely, use `$patch: delete` with `AgentgatewayParametersOverlays` instead. Note that variable expansion does apply, but is highly discouraged – to set dependent environment variables, you can use `$(VAR_NAME)`, but it’s highly discouraged. `$$(VAR_NAME)` avoids expansion and results in a literal `$(VAR_NAME)`. If `SESSION_KEY` is specified, it takes precedence over the controller-managed per-`Gateway` session key `Secret`.	Optional: {}
`resources` ResourceRequirements	The compute resources required by this container. See https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ for details.	Optional: {}
`shutdown` ShutdownSpec	Shutdown delay configuration. How graceful planned or unplanned data plane changes happen is in tension with how quickly rollouts of the data plane complete. How long a data plane pod must wait for shutdown to be perfectly graceful depends on how you have configured your `Gateway` resources.	Optional: {}
`istio` IstioSpec	Configure Istio integration. If enabled, Agentgateway can natively connect to Istio enabled pods with mTLS.	Optional: {}
`deployment` KubernetesResourceOverlay	`deployment` allows specifying overrides for the generated `Deployment` resource.	Optional: {}
`service` KubernetesResourceOverlay	`service` allows specifying overrides for the generated `Service` resource.	Optional: {}
`serviceAccount` KubernetesResourceOverlay	`serviceAccount` allows specifying overrides for the generated `ServiceAccount` resource.	Optional: {}
`podDisruptionBudget` KubernetesResourceOverlay	`podDisruptionBudget` allows creating a `PodDisruptionBudget` for the agentgateway proxy. If absent, no PDB is created. If present, a PDB is created with its selector automatically configured to target the agentgateway proxy `Deployment`. The `metadata` and `spec` fields from this overlay are applied to the generated PDB.	Optional: {}
`horizontalPodAutoscaler` KubernetesResourceOverlay	`horizontalPodAutoscaler` allows creating a `HorizontalPodAutoscaler` for the agentgateway proxy. If absent, no HPA is created. If present, an HPA is created with its `scaleTargetRef` automatically configured to target the agentgateway proxy `Deployment`. The `metadata` and `spec` fields from this overlay are applied to the generated HPA.	Optional: {}

AgentgatewayParametersStatus

The current conditions of the AgentgatewayParameters. This is not currently implemented.

Appears in:

AgentgatewayParameters

AgentgatewayPolicy

Field	Description	Validation
`apiVersion` string	`agentgateway.dev/v1alpha1`
`kind` string	`AgentgatewayPolicy`
`kind` string	Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds	Optional: {}
`apiVersion` string	APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources	Optional: {}
`metadata` ObjectMeta	Refer to Kubernetes API documentation for fields of `metadata`.	Optional: {}
`spec` AgentgatewayPolicySpec	spec defines the desired state of AgentgatewayPolicy.	ExactlyOneOf: [targetRefs targetSelectors] Required: {}
`status` PolicyStatus	status defines the current state of AgentgatewayPolicy.	Optional: {}

AgentgatewayPolicySpec

Validation:

ExactlyOneOf: [targetRefs targetSelectors]

Appears in:

AgentgatewayPolicy

Field	Description	Validation
`targetRefs` LocalPolicyTargetReferenceWithSectionName array	`targetRefs` specifies the target resources by reference to attach the policy to.	MaxItems: 16 MinItems: 1 Optional: {}
`targetSelectors` LocalPolicyTargetSelectorWithSectionName array	`targetSelectors` specifies the target selectors used to select resources to attach the policy to.	MaxItems: 16 MinItems: 1 Optional: {}
`frontend` Frontend	frontend defines settings for how to handle incoming traffic. A frontend policy can only target a `Gateway`. `Listener` and `ListenerSet` are not valid targets. When multiple policies are selected for a given request, they are merged on a field-level basis, but not a deep merge. For example, policy A sets `tcp` and `tls`, and policy B sets `tls`; the effective policy would be `tcp` from policy A, and `tls` from policy B.	Optional: {}
`traffic` Traffic	traffic defines settings for how process traffic. A traffic policy can target a `Gateway` (optionally, with a `sectionName` indicating the listener), `ListenerSet`, or `Route` (optionally, with a `sectionName` indicating the route rule). When multiple policies are selected for a given request, they are merged on a field-level basis, but not a deep merge. Precedence is given to more precise policies: `Gateway` «br />`Listener` < `Route` < `Route Rule`. For example, policy A sets `timeouts` and `retries`, and policy B sets `retries`; the effective policy would be `timeouts` from policy A, and `retries` from policy B.	Optional: {}
`backend` BackendFull	backend defines settings for how to connect to destination backends. A backend policy can target a `Gateway` (optionally, with a `sectionName` indicating the listener), `ListenerSet`, `Route` (optionally, with a `sectionName` indicating the route rule), or a `Service` or `Backend` (optionally, with a `sectionName` indicating the port for `Service`, or sub-backend for `Backend`). Note that a backend policy applies when connecting to a specific destination backend. Targeting a higher level resource, like `Gateway`, is just a way to easily apply a policy to a group of backends. When multiple policies are selected for a given request, they are merged on a field-level basis, but not a deep merge. Precedence is given to more precise policies: `Gateway` «br />`Listener` < `Route` < `Route Rule` < `Backend` or `Service`. For example, if a `Gateway` policy sets `tcp` and `tls`, and a `Backend` policy sets `tls`, the effective policy would be `tcp` from the `Gateway`, and `tls` from the `Backend`.	Optional: {}

AnthropicConfig

AnthropicConfig settings for the Anthropic LLM provider.

Appears in:

LLMProvider
NamedLLMProvider

Field	Description	Default	Validation
`model` ShortString	Optional: Override the model name, such as `gpt-4o-mini`. If unset, the model name is taken from the request.		MaxLength: 256 MinLength: 1 Optional: {}

AttributeAdd

Appears in:

LogTracingAttributes

Field	Description	Default	Validation
`name` ShortString			MaxLength: 256 MinLength: 1 Required: {}
`expression` CELExpression			Required: {}

AwsAgentCoreBackend

AwsAgentCoreBackend configures Amazon Bedrock AgentCore.

Appears in:

AwsBackend

Field	Description	Default	Validation
`agentRuntimeArn` string	agentRuntimeArn is the ARN of the AgentCore runtime.		Required: {}
`qualifier` string	qualifier optionally specifies the alias or version qualifier.		Optional: {}

AwsAuth

AwsAuth specifies the authentication method to use for the backend.

Appears in:

BackendAuth

Field	Description	Default	Validation
`secretRef` LocalObjectReference	`secretRef` references a Kubernetes `Secret` containing the AWS credentials. The `Secret` must have keys `accessKey`, `secretKey`, and optionally `sessionToken`.		Required: {}

AwsBackend

AwsBackend configures an AWS service backend.

Validation:

ExactlyOneOf: [agentCore]

Appears in:

AgentgatewayBackendSpec

Field	Description	Default	Validation
`agentCore` AwsAgentCoreBackend	agentCore configures Amazon Bedrock AgentCore as a backend.		Optional: {}

AzureAuth

Appears in:

BackendAuth

Field	Description	Default	Validation
`secretRef` LocalObjectReference	`secretRef` references a Kubernetes `Secret` containing the Azure credentials. The `Secret` must have keys `clientId`, `tenantId`, and `clientSecret`.		Optional: {}
`managedIdentity` AzureManagedIdentity	Details for managed identity authentication		Optional: {}

AzureManagedIdentity

Appears in:

AzureAuth

Field	Description	Default	Validation
`clientId` string			Required: {}
`objectId` string			Required: {}
`resourceId` string			Required: {}

AzureOpenAIConfig

AzureOpenAIConfig settings for the Azure OpenAI LLM provider.

Appears in:

LLMProvider
NamedLLMProvider

Field	Description	Validation
`endpoint` ShortString	The endpoint for the Azure OpenAI API to use, such as `my-endpoint.openai.azure.com`. If the scheme is included, it is stripped.	MaxLength: 256 MinLength: 1 Required: {}
`deploymentName` ShortString	The name of the Azure OpenAI model deployment to use. For more information, see the Azure OpenAI model docs. This is required if `apiVersion` is not `v1`. For `v1`, the model can be set in the request.	MaxLength: 256 MinLength: 1 Optional: {}
`apiVersion` TinyString	The version of the Azure OpenAI API to use. For more information, see the Azure OpenAI API version reference. If unset, defaults to `v1`.	MaxLength: 64 MinLength: 1 Optional: {}

BackendAI

Appears in:

BackendFull
BackendWithAI

Field	Description	Validation
`prompt` AIPromptEnrichment	Enrich requests sent to the LLM provider by appending and prepending system prompts. This can be configured only for LLM providers that use the `CHAT` or `CHAT_STREAMING` API route type.	Optional: {}
`promptGuard` AIPromptGuard	`promptGuard` enables adding guardrails to LLM requests and responses.	Optional: {}
`defaults` FieldDefault array	Provide defaults to merge with user input fields. If the field is already set, the field in the request is used.	MaxItems: 64 MinItems: 1 Optional: {}
`overrides` FieldDefault array	Provide overrides to merge with user input fields. If the field is already set, the field will be overwritten.	MaxItems: 64 MinItems: 1 Optional: {}
`transformations` FieldTransformation array	Provide CEL transformations to compute and set fields in the request body. The expression result overwrites any existing value for that field. This has a higher priority than `overrides` if both are set for the same key.	MaxItems: 64 MinItems: 1 Optional: {}
`modelAliases` object (keys:string, values:string)	ModelAliases maps friendly model names to actual provider model names. Example: `\{"fast": "gpt-3.5-turbo", "smart": "gpt-4-turbo"\}`. Note: This field is only applicable when using the agentgateway data plane.	MaxProperties: 64 Optional: {}
`promptCaching` PromptCachingConfig	`promptCaching` enables automatic prompt caching for supported providers, currently AWS Bedrock. Reduces API costs by caching static content like system prompts and tool definitions. Only applicable for Bedrock Claude 3+ and Nova models.	Optional: {}
`routes` object (keys:string, values:RouteType)	`routes` defines how to identify the type of traffic to handle. The keys are URL path suffixes matched using ends-with comparison, for example `"/v1/chat/completions"`. The special `*` wildcard matches any path. If not specified, all traffic defaults to `completions` type.	Optional: {}

BackendAuth

Validation:

ExactlyOneOf: [key secretRef passthrough aws azure gcp]

Appears in:

BackendFull
BackendSimple
BackendWithAI

Field	Description	Validation
`key` string	`key` provides an inline key to use as the value of the `Authorization` header. This option is the least secure; usage of a `Secret` is preferred.	MaxLength: 2048 Optional: {}
`secretRef` LocalObjectReference	`secretRef` references a Kubernetes `Secret` storing the key to use as the authorization value. This must be stored in the `Authorization` key.	Optional: {}
`passthrough` BackendAuthPassthrough	`passthrough` passes through an existing token that has been sent by the client and validated. Other policies, like JWT and API key authentication, will strip the original client credentials. Passthrough backend authentication causes the original token to be added back into the request. If there are no client authentication policies on the request, the original token would be unchanged, so this would have no effect.	Optional: {}
`aws` AwsAuth	Auth specifies an explicit AWS authentication method for the backend. When omitted, we will try to use the default AWS SDK authentication methods.	Optional: {}
`azure` AzureAuth	Azure specifies an Azure authentication method for the backend.	Optional: {}
`gcp` GcpAuth	Auth specifies to use a Google authentication method for the backend. When omitted, we will try to use the default AWS SDK authentication methods.	Optional: {}

BackendAuthPassthrough

Appears in:

BackendAuth

BackendEviction

BackendEviction defines settings for evicting unhealthy backends.

Appears in:

Health

Field	Description	Default	Validation
`duration` Duration	Duration specifies the base time a backend should be evicted after being marked unhealthy. Subsequent evictions use multiplicative backoff (duration * times_evicted). If all endpoints are evicted, the load balancer falls back to returning evicted endpoints rather than failing entirely. If unset, defaults to `3s`.	3s	Optional: {}
`restoreHealth` integer	RestoreHealth is the health score (0–100) assigned to a backend when it returns from eviction. For gradual recovery, set below 100; for full recovery immediately, set 100. If unset, the backend resumes with the health it had when evicted.		Maximum: 100 Minimum: 0 Optional: {}
`consecutiveFailures` integer	ConsecutiveFailures is the number of consecutive unhealthy responses required before the backend is evicted. For example, a value of 5 means the backend must receive 5 unhealthy responses in a row before being evicted. When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met. When neither is set, a single unhealthy response can trigger eviction.		Minimum: 0 Optional: {}
`healthThreshold` integer	HealthThreshold is the EWMA (exponentially-weighted moving average) health score threshold, expressed as 0–100. When set, a backend is only evicted if its computed health drops below this value after an unhealthy response. For example, 50 means the backend is evicted when its EWMA health falls below 50% following failures. Unlike consecutiveFailures (which counts consecutive failures), this uses a sliding-window average so a single success in a stream of failures can delay eviction. When both consecutiveFailures and healthThreshold are set, the backend is evicted when either condition is met. When neither is set, a single unhealthy response triggers eviction.		Maximum: 100 Minimum: 0 Optional: {}

BackendFull

Appears in:

AgentgatewayBackendSpec
AgentgatewayPolicySpec

Field	Description	Validation
`tcp` BackendTCP	tcp defines settings for managing TCP connections to the backend.	Optional: {}
`tls` BackendTLS	tls defines settings for managing TLS connections to the backend. If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to validate the server, and the SNI will automatically be set based on the destination.	AtMostOneOf: [verifySubjectAltNames insecureSkipVerify] Optional: {}
`http` BackendHTTP	http defines settings for managing HTTP requests to the backend.	Optional: {}
`tunnel` BackendTunnel	`tunnel` defines settings for managing tunnel connections (with behavior like `HTTPS_PROXY`) to the backend.	Optional: {}
`transformation` Transformation	transformation is used to mutate and transform requests and responses sent to and from the backend.	Optional: {}
`auth` BackendAuth	`auth` defines settings for managing authentication to the backend.	ExactlyOneOf: [key secretRef passthrough aws azure gcp] Optional: {}
`health` Health	health defines settings for passive and active health checking.	Optional: {}
`ai` BackendAI	`ai` specifies settings for AI workloads. This is only applicable when connecting to a `Backend` of type `ai`.	Optional: {}
`mcp` BackendMCP	`mcp` specifies settings for MCP workloads. This is only applicable when connecting to a `Backend` of type `mcp`. This field is deprecated; prefer to use traffic policy `jwtAuthentication.mcp`, which ensures authentication runs before other policies such as transformation and rate limiting.	Optional: {}

BackendHTTP

Appears in:

BackendFull
BackendSimple
BackendWithAI

Field	Description	Default	Validation
`version` HTTPVersion	`version` specifies the HTTP protocol version to use when connecting to the backend. If not specified, the version is automatically determined: * `Service` types can specify it with `appProtocol` on the `Service` port. * If traffic is identified as gRPC, `HTTP2` is used. * If the incoming traffic was plaintext HTTP, the original protocol will be used. * If the incoming traffic was HTTPS, `HTTP1` will be used. This is because most clients will transparently upgrade HTTPS traffic to `HTTP2`, even if the backend doesn’t support it.		Enum: [HTTP1 HTTP2] Optional: {}
`requestTimeout` Duration	requestTimeout specifies the deadline for receiving a response from the backend.		Optional: {}

BackendMCP

Appears in:

BackendFull

Field	Description	Default	Validation
`authorization` Authorization	authorization defines MCPBackend level authorization. Unlike authorization at the HTTP level, which will reject unauthorized requests with a `403` error, this policy works at the `MCPBackend` level. List operations, such as `list_tools`, will have each item evaluated. Items that do not meet the rule will be filtered. Get or call operations, such as `call_tool`, will evaluate the specific item and reject requests that do not meet the rule.		Optional: {}
`authentication` MCPAuthentication	`authentication` defines `MCPBackend`-specific authentication rules.		Optional: {}

BackendSimple

Appears in:

BackendFull
BackendWithAI
BedrockGuardrails
GoogleModelArmor
McpTarget
OpenAIModeration

Field	Description	Validation
`tcp` BackendTCP	tcp defines settings for managing TCP connections to the backend.	Optional: {}
`tls` BackendTLS	tls defines settings for managing TLS connections to the backend. If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to validate the server, and the SNI will automatically be set based on the destination.	AtMostOneOf: [verifySubjectAltNames insecureSkipVerify] Optional: {}
`http` BackendHTTP	http defines settings for managing HTTP requests to the backend.	Optional: {}
`tunnel` BackendTunnel	`tunnel` defines settings for managing tunnel connections (with behavior like `HTTPS_PROXY`) to the backend.	Optional: {}
`transformation` Transformation	transformation is used to mutate and transform requests and responses sent to and from the backend.	Optional: {}
`auth` BackendAuth	`auth` defines settings for managing authentication to the backend.	ExactlyOneOf: [key secretRef passthrough aws azure gcp] Optional: {}
`health` Health	health defines settings for passive and active health checking.	Optional: {}

BackendTCP

Appears in:

BackendFull
BackendSimple
BackendWithAI

Field	Description	Default	Validation
`keepalive` Keepalive	`keepAlive` defines settings for enabling TCP keepalives on the connection.		Optional: {}
`connectTimeout` Duration	`connectTimeout` defines the deadline for establishing a connection to the destination.		Optional: {}

BackendTLS

Validation:

AtMostOneOf: [verifySubjectAltNames insecureSkipVerify]

Appears in:

BackendFull
BackendSimple
BackendWithAI

Field	Description	Validation
`mtlsCertificateRef` LocalObjectReference array	`mtlsCertificateRef` enables mutual TLS to the backend, using the specified key (`tls.key`) and cert (`tls.crt`) from the referenced `Secret`. An optional `ca.cert` field, if present, will be used to verify the server certificate. If `caCertificateRefs` is also specified, the `caCertificateRefs` field takes priority. If unspecified, no client certificate will be used.	MaxItems: 1 Optional: {}
`caCertificateRefs` LocalObjectReference array	`caCertificateRefs` defines the CA certificate `ConfigMap` to use to verify the server certificate. If unset, the system’s trusted certificates are used.	MaxItems: 1 Optional: {}
`insecureSkipVerify` InsecureTLSMode	insecureSkipVerify originates TLS but skips verification of the backend’s certificate. WARNING: This is an insecure option that should only be used if the risks are understood. There are two modes: * `All` disables all TLS verification. * `Hostname` verifies the CA certificate is trusted, but ignores any mismatch of hostname or SANs. Note that this method is still insecure; prefer setting `verifySubjectAltNames` to customize the valid hostnames if possible.	Enum: [All Hostname] Optional: {}
`sni` SNI	`sni` specifies the Server Name Indicator (`SNI`) to be used in the TLS handshake. If unset, the `SNI` is automatically set based on the destination hostname.	MaxLength: 253 MinLength: 1 Pattern: `^[a-z0-9]([-a-z0-9][a-z0-9])?(\.[a-z0-9]([-a-z0-9][a-z0-9])?)*$` Optional: {}
`verifySubjectAltNames` ShortString array	`verifySubjectAltNames` specifies the Subject Alternative Names (`SAN`) to verify in the server certificate. If not present, the destination hostname is automatically used.	MaxItems: 16 MaxLength: 256 MinItems: 1 MinLength: 1 Optional: {}
`alpnProtocols` TinyString	`alpnProtocols` sets the Application-Layer Protocol Negotiation (`ALPN`) value to use in the TLS handshake. If not present, defaults to `["h2", "http/1.1"]`.	MaxItems: 16 MaxLength: 64 MinItems: 1 MinLength: 1 Optional: {}

BackendTunnel

Appears in:

BackendFull
BackendSimple
BackendWithAI

Field	Description	Default	Validation
`backendRef` BackendObjectReference	`backendRef` references the proxy server to reach. Supported types: `Service` and `Backend`.		Required: {}

BackendWithAI

Appears in:

NamedLLMProvider

Field	Description	Validation
`tcp` BackendTCP	tcp defines settings for managing TCP connections to the backend.	Optional: {}
`tls` BackendTLS	tls defines settings for managing TLS connections to the backend. If this field is set, TLS will be initiated to the backend; the system trusted CA certificates will be used to validate the server, and the SNI will automatically be set based on the destination.	AtMostOneOf: [verifySubjectAltNames insecureSkipVerify] Optional: {}
`http` BackendHTTP	http defines settings for managing HTTP requests to the backend.	Optional: {}
`tunnel` BackendTunnel	`tunnel` defines settings for managing tunnel connections (with behavior like `HTTPS_PROXY`) to the backend.	Optional: {}
`transformation` Transformation	transformation is used to mutate and transform requests and responses sent to and from the backend.	Optional: {}
`auth` BackendAuth	`auth` defines settings for managing authentication to the backend.	ExactlyOneOf: [key secretRef passthrough aws azure gcp] Optional: {}
`health` Health	health defines settings for passive and active health checking.	Optional: {}
`ai` BackendAI	`ai` specifies settings for AI workloads. This is only applicable when connecting to a `Backend` of type `ai`.	Optional: {}

BasicAuthentication

Validation:

ExactlyOneOf: [users secretRef]

Appears in:

Traffic

Field	Description	Default	Validation
`mode` BasicAuthenticationMode	`mode` is the validation mode for basic auth authentication.	Strict	Enum: [Strict Optional] Optional: {}
`realm` string	`realm` specifies the `realm` to return in the `WWW-Authenticate` header for failed authentication requests. If unset, `Restricted` will be used.		Optional: {}
`users` string array	`users` provides an inline list of username and password pairs that will be accepted. Each entry represents one line of the `htpasswd` format: https://httpd.apache.org/docs/2.4/programs/htpasswd.html. Note: passwords should be the hash of the password, not the raw password. Use the `htpasswd` or similar commands to generate a hash. MD5, bcrypt, crypt, and SHA-1 are supported. Example: users: - “user1:$apr1$ivPt0D4C$DmRhnewfHRSrb3DQC.WHC." - “user2:$2y$05$r3J4d3VepzFkedkd/q1vI.pBYIpSqjfN0qOARV3ScUHysatnS0cL2”		MaxItems: 256 MinItems: 1 Optional: {}
`secretRef` LocalObjectReference	`secretRef` references a Kubernetes `Secret` storing the `.htaccess` file. The `Secret` must have a key named `.htaccess`, and should contain the complete `.htaccess` file. Note: passwords should be the hash of the password, not the raw password. Use the `htpasswd` or similar commands to generate a hash. MD5, bcrypt, crypt, and SHA-1 are supported. Example: apiVersion: v1 kind: Secret metadata: name: basic-auth stringData: .htaccess: \| alice:$apr1$3zSE0Abt$IuETi4l5yO87MuOrbSE4V. bob:$apr1$Ukb5LgRD$EPY2lIfY.A54jzLELNIId/		Optional: {}

BasicAuthenticationMode

Underlying type: string

Validation:

Enum: [Strict Optional]

Appears in:

BasicAuthentication

Field	Description
`Strict`	A valid username and password must be present. This is the default option.
`Optional`	If a username and password exists, validate it. Warning: this allows requests without a username!

BedrockConfig

Appears in:

LLMProvider
NamedLLMProvider

Field	Description	Default	Validation
`region` string	Region is the AWS region to use for the backend. Defaults to `us-east-1` if not specified.	us-east-1	MaxLength: 63 MinLength: 1 Pattern: `^[a-z0-9-]+$` Optional: {}
`model` ShortString	Optional: Override the model name, such as `gpt-4o-mini`. If unset, the model name is taken from the request.		MaxLength: 256 MinLength: 1 Optional: {}
`guardrail` AWSGuardrailConfig	`guardrail` configures the Guardrail policy to use for the backend. See https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails.html. If not specified, the AWS Guardrail policy will not be used.		Optional: {}

BedrockGuardrails

Appears in:

PromptguardRequest
PromptguardResponse

Field	Description	Validation
`identifier` ShortString	GuardrailIdentifier is the identifier of the Guardrail policy to use for the backend.	MaxLength: 256 MinLength: 1 Required: {}
`version` ShortString	GuardrailVersion is the version of the Guardrail policy to use for the backend.	MaxLength: 256 MinLength: 1 Required: {}
`region` ShortString	Region is the AWS region where the guardrail is deployed (for example, `us-west-2`).	MaxLength: 256 MinLength: 1 Required: {}
`policies` BackendSimple	policies controls policies for communicating with AWS Bedrock Guardrails.	Optional: {}

BuiltIn

Underlying type: string

Built-in regex patterns for specific types of strings in prompts. For example, if you specify CreditCard, any credit card numbers in the request or response are matched.

Validation:

Enum: [Ssn CreditCard PhoneNumber Email CaSin]

Appears in:

Regex

Field	Description
`Ssn`	Default regex matching for Social Security numbers.
`CreditCard`	Default regex matching for credit card numbers.
`PhoneNumber`	Default regex matching for phone numbers.
`Email`	Default regex matching for email addresses.
`CaSin`	Default regex matching for Canadian Social Insurance Numbers.

CORS

Appears in:

Traffic

CSRF

Appears in:

Traffic

Field	Description	Default	Validation
`additionalOrigins` ShortString array	`additionalOrigins` specifies additional source origins that will be allowed in addition to the destination origin. The `Origin` consists of a scheme and a host, with an optional port, and takes the form `<scheme>://<host>(:<port>)`.		MaxItems: 16 MaxLength: 256 MinItems: 1 MinLength: 1 Optional: {}

CipherSuite

Underlying type: string

Validation:

Enum: [TLS13_AES_256_GCM_SHA384 TLS13_AES_128_GCM_SHA256 TLS13_CHACHA20_POLY1305_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256]

Appears in:

FrontendTLS

Field	Description
`TLS13_AES_256_GCM_SHA384`	TLS 1.3 cipher suites
`TLS13_AES_128_GCM_SHA256`
`TLS13_CHACHA20_POLY1305_SHA256`
`TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384`	TLS 1.2 cipher suites
`TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`
`TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256`
`TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`
`TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`
`TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256`

CustomResponse

CustomResponse configures a response to return to the client if request content is matched against a regex pattern and the action is REJECT.

Appears in:

PromptguardRequest
PromptguardResponse

Field	Description	Default	Validation
`message` string	A custom response message to return to the client. If not specified, defaults to `The request was rejected due to inappropriate content`.	The request was rejected due to inappropriate content	Optional: {}
`statusCode` integer	The status code to return to the client. Defaults to 403.	403	Maximum: 599 Minimum: 200 Optional: {}

DirectResponse

DirectResponse defines the policy to send a direct response to the client.

Appears in:

Traffic

Field	Description	Default	Validation
`status` integer	StatusCode defines the HTTP status code to return for this route.		Maximum: 599 Minimum: 200 Required: {}
`body` string	Body defines the content to be returned in the HTTP response body. The maximum length of the body is restricted to prevent excessively large responses. If this field is omitted, no body is included in the response.		MaxLength: 4096 MinLength: 1 Optional: {}

DynamicForwardProxyBackend

Appears in:

AgentgatewayBackendSpec

ExtAuth

Validation:

ExactlyOneOf: [grpc http]

Appears in:

Traffic

Field	Description	Validation
`backendRef` BackendObjectReference	`backendRef` references the External Authorization server to reach. Supported types: `Service` and `Backend`.	Required: {}
`failureMode` FailureMode	FailureMode controls behavior when the external authorization service is unavailable or returns an error. “FailOpen” allows the request to continue. “FailClosed” (default) denies the request.	Enum: [FailOpen FailClosed] Optional: {}
`grpc` AgentExtAuthGRPC	grpc specifies that the gRPC External Authorization protocol should be used.	Optional: {}
`http` AgentExtAuthHTTP	`http` specifies that the HTTP protocol should be used for connecting to the authorization server. The authorization server must return a `200` status code, otherwise the request is considered an authorization failure.	Optional: {}
`forwardBody` ExtAuthBody	`forwardBody` configures whether to include the HTTP body in the request. If enabled, the request body will be buffered.	Optional: {}

ExtAuthBody

Appears in:

ExtAuth

Field	Description	Default	Validation
`maxSize` integer	`maxSize` specifies, in bytes, the largest body that will be buffered and sent to the authorization server. If the body size is larger than `maxSize`, then the request will be rejected with a response.		Minimum: 1 Required: {}

ExtProc

Appears in:

Traffic

Field	Description	Default	Validation
`backendRef` BackendObjectReference	`backendRef` references the External Processor server to reach. Supported types: `Service` and `Backend`.		Required: {}

FailureMode

Underlying type: string

Validation:

Enum: [FailOpen FailClosed]

Appears in:

ExtAuth
GlobalRateLimit
MCPBackend

Field	Description
`FailClosed`	FailClosed fails the entire MCP session if any target fails.
`FailOpen`	FailOpen skips failed targets and continues serving from healthy ones.

FieldDefault

FieldDefault provides default values for specific fields in the JSON request body sent to the LLM provider. These defaults are merged with the user-provided request to ensure missing fields are populated.

User input fields here refer to the fields in the JSON request body that a client sends when making a request to the LLM provider. Defaults set here do not override those user-provided values unless you explicitly set override to true.

Example: Setting a default system field for Anthropic, which does not support system role messages:

defaults:
  - field: "system"
    value: "answer all questions in French"

Example: Setting a default temperature and overriding max_tokens:

defaults:
  - field: "temperature"
    value: "0.5"
  - field: "max_tokens"
    value: "100"
    override: true

Example: Setting custom lists fields:

defaults:
  - field: "custom_integer_list"
    value: [1,2,3]

overrides:
  - field: "custom_string_list"
    value: ["one","two","three"]

Note: The field values correspond to keys in the JSON request body, not fields in this CRD.

Appears in:

BackendAI

Field	Description	Default	Validation
`field` ShortString	The name of the field.		MaxLength: 256 MinLength: 1 Required: {}
`value` JSON	The field default value, which can be any JSON Data Type.		Required: {}

FieldTransformation

FieldTransformation maps a request JSON field to a CEL expression string. The expression is evaluated against the current request body and its result is assigned to the configured field.

Appears in:

BackendAI

Field	Description	Default	Validation
`field` ShortString	The name of the field to set.		MaxLength: 256 MinLength: 1 Required: {}
`expression` CELExpression	CEL expression used to compute the field value.		Required: {}

Frontend

Appears in:

AgentgatewayPolicySpec

Field	Description	Validation
`tcp` FrontendTCP	tcp defines settings on managing incoming TCP connections.	Optional: {}
`networkAuthorization` Authorization	networkAuthorization defines CEL authorization on downstream network connections. This runs before protocol handling and is intended for L4 access control, for example using `source.address` with `cidr(...).containsIP(...)`.	Optional: {}
`tls` FrontendTLS	tls defines settings on managing incoming TLS connections.	Optional: {}
`http` FrontendHTTP	http defines settings on managing incoming HTTP requests.	Optional: {}
`accessLog` AccessLog	`accessLog` contains access logging configuration.	Optional: {}
`tracing` Tracing	`tracing` contains various settings for the OpenTelemetry tracer.	Optional: {}

FrontendHTTP

Appears in:

Frontend

Field	Description	Validation
`maxBufferSize` integer	`maxBufferSize` defines the maximum HTTP body size that will be buffered into memory. Bodies will only be buffered for policies which require buffering. If unset, this defaults to `2mb`.	Minimum: 1 Optional: {}
`http1MaxHeaders` integer	`http1MaxHeaders` defines the maximum number of headers that are allowed in `HTTP/1.1` requests. If unset, this defaults to 100.	Maximum: 4096 Minimum: 1 Optional: {}
`http1IdleTimeout` Duration	`http1IdleTimeout` defines the timeout before an unused connection is closed. If unset, this defaults to 10 minutes.	Optional: {}
`http2WindowSize` integer	`http2WindowSize` indicates the initial window size for stream-level flow control for received data.	Minimum: 1 Optional: {}
`http2ConnectionWindowSize` integer	`http2ConnectionWindowSize` indicates the initial window size for connection-level flow control for received data.	Minimum: 1 Optional: {}
`http2FrameSize` integer	`http2FrameSize` sets the maximum frame size to use. If unset, this defaults to `16kb`.	Maximum: 1.677215e+06 Minimum: 16384 Optional: {}
`http2KeepaliveInterval` Duration		Optional: {}
`http2KeepaliveTimeout` Duration		Optional: {}

FrontendTCP

Appears in:

Frontend

Field	Description	Default	Validation
`keepalive` Keepalive	keepalive defines settings for enabling TCP keepalives on the connection.		Optional: {}

FrontendTLS

Appears in:

Frontend

Field	Description	Validation
`handshakeTimeout` Duration	`handshakeTimeout` specifies the deadline for a TLS handshake to complete. If unset, this defaults to `15s`.	Optional: {}
`alpnProtocols` TinyString	`alpnProtocols` sets the Application-Layer Protocol Negotiation (`ALPN`) value to use in the TLS handshake. If not present, defaults to `["h2", "http/1.1"]`.	MaxItems: 16 MaxLength: 64 MinItems: 1 MinLength: 1 Optional: {}
`minProtocolVersion` TLSVersion	MinTLSVersion configures the minimum TLS version to support.	Enum: [1.2 1.3] Optional: {}
`maxProtocolVersion` TLSVersion	MaxTLSVersion configures the maximum TLS version to support.	Enum: [1.2 1.3] Optional: {}
`cipherSuites` CipherSuite array	CipherSuites configures the list of cipher suites for a TLS listener. The value is a comma-separated list of cipher suites, for example `TLS13_AES_256_GCM_SHA384,TLS13_AES_128_GCM_SHA256`. Use this in the TLS options field of a TLS listener.	Enum: [TLS13_AES_256_GCM_SHA384 TLS13_AES_128_GCM_SHA256 TLS13_CHACHA20_POLY1305_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256] Optional: {}

GcpAuth

GcpAuth specifies how to authenticate on Google Cloud Platform.

Appears in:

BackendAuth

Field	Description	Default	Validation
`type` GcpAuthType	The type of token to generate. To authenticate to GCP services, generally an `AccessToken` is used. To authenticate to Cloud Run, an `IdToken` is used.		Enum: [AccessToken IdToken] Optional: {}
`audience` ShortString	`audience` allows explicitly configuring the `aud` of the ID token. Only valid with `IdToken` type. If not set, the `aud` is automatically derived from the backend hostname.		MaxLength: 256 MinLength: 1 Optional: {}

GcpAuthType

Underlying type: string

Validation:

Enum: [AccessToken IdToken]

Appears in:

GcpAuth

Field	Description
`AccessToken`
`IdToken`

GeminiConfig

GeminiConfig settings for the Gemini LLM provider.

Appears in:

LLMProvider
NamedLLMProvider

Field	Description	Default	Validation
`model` ShortString	Optional: Override the model name, such as `gemini-2.5-pro`. If unset, the model name is taken from the request.		MaxLength: 256 MinLength: 1 Optional: {}

GlobalRateLimit

Appears in:

RateLimits

Field	Description	Validation
`backendRef` BackendObjectReference	`backendRef` references the rate limit server to reach. Supported types: `Service` and `Backend`.	Required: {}
`failureMode` FailureMode	`failureMode` controls behavior when the remote rate limit service is unavailable or returns an error. `FailOpen` allows the request to continue. `FailClosed` (default) denies the request.	Enum: [FailOpen FailClosed] Optional: {}
`domain` ShortString	`domain` specifies the domain under which this limit should apply. This is an arbitrary string that enables a rate limit server to distinguish between different applications.	MaxLength: 256 MinLength: 1 Required: {}
`descriptors` RateLimitDescriptor array	`descriptors` define the dimensions for rate limiting. These values are passed to the rate limit service which applies configured limits based on them. Each descriptor represents a single rate limit rule with one or more entries.	MaxItems: 16 MinItems: 1 Required: {}

GoogleModelArmor

Appears in:

PromptguardRequest
PromptguardResponse

Field	Description	Default	Validation
`templateId` ShortString	TemplateID is the template ID for Google Model Armor.		MaxLength: 256 MinLength: 1 Required: {}
`projectId` ShortString	ProjectID is the Google Cloud project ID.		MaxLength: 256 MinLength: 1 Required: {}
`location` ShortString	Location is the Google Cloud location (for example, `us-central1`). Defaults to `us-central1` if not specified.	us-central1	MaxLength: 256 MinLength: 1 Optional: {}
`policies` BackendSimple	policies controls policies for communicating with Google Model Armor.		Optional: {}

HTTPVersion

Underlying type: string

Appears in:

BackendHTTP

Field	Description
`HTTP1`
`HTTP2`

HeaderName

Underlying type: string

An HTTP Header Name.

Validation:

MaxLength: 256
MinLength: 1
Pattern: ^:?[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$

Appears in:

HeaderTransformation
Transform

HeaderTransformation

Appears in:

Transform

Field	Description	Default	Validation
`name` HeaderName	The name of the header to add.		MaxLength: 256 MinLength: 1 Pattern: `^:?[A-Za-z0-9!#$%&'*+\-.^_\x60\|~]+$` Required: {}
`value` CELExpression	`value` is the CEL expression to apply to generate the output value for the header.		Required: {}

Health

Appears in:

BackendFull
BackendSimple
BackendWithAI

Field	Description	Default	Validation
`unhealthyCondition` CELExpression	UnhealthyCondition is a CEL expression that determines whether a response indicates an unhealthy backend. When the expression evaluates to true, the backend is considered unhealthy and may be evicted. For example, to evict on 5xx responses: `response.code >= 500`. When unset, any 5xx response, or a connection failure, is treated as unhealthy. This default lowers the backend’s health score but does not trigger eviction on its own.		Optional: {}
`eviction` BackendEviction	Eviction defines settings for evicting unhealthy backends.		Optional: {}

HostnameRewrite

Appears in:

Traffic

Field	Description	Default	Validation
`mode` HostnameRewriteMode	`mode` sets the hostname rewrite mode. The following may be specified: * `Auto`: automatically set the `Host` header based on the destination. * `None`: do not rewrite the `Host` header. The original `Host` header will be passed through. This setting defaults to `Auto` when connecting to hostname-based `Backend` types, and `None` otherwise, for `Service` or IP-based backends.		Enum: [Auto None] Required: {}

HostnameRewriteMode

Underlying type: string

Appears in:

HostnameRewrite

Field	Description
`Auto`
`None`

Image

A container image. See https://kubernetes.io/docs/concepts/containers/images for details.

Appears in:

AgentgatewayParametersConfigs
AgentgatewayParametersSpec

Field	Description	Validation
`registry` string	The image registry.	Optional: {}
`repository` string	The image repository (name).	Optional: {}
`tag` string	The image tag.	Optional: {}
`digest` string	The hash digest of the image, e.g. `sha256:12345...`	Optional: {}
`pullPolicy` PullPolicy	The image pull policy for the container. See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy for details.	Optional: {}

InsecureTLSMode

Underlying type: string

Appears in:

BackendTLS

Field	Description
`All`	InsecureTLSModeInsecure disables all TLS verification
`Hostname`	InsecureTLSModeHostname enables verifying the CA certificate, but disables verification of the hostname/SAN. Note this is still, generally, very “insecure” as the name suggests.

IstioSpec

Appears in:

AgentgatewayParametersConfigs
AgentgatewayParametersSpec

Field	Description	Default	Validation
`caAddress` string	The address of the Istio CA. If unset, defaults to `https://istiod.istio-system.svc:15012`.		Optional: {}
`trustDomain` string	The Istio trust domain. If not set, defaults to `cluster.local`.		Optional: {}

JWKS

Validation:

ExactlyOneOf: [remote inline]

Appears in:

JWTProvider

Field	Description	Default	Validation
`remote` RemoteJWKS	`remote` specifies how to reach the JSON Web Key Set from a remote address.		Optional: {}
`inline` string	`inline` specifies an inline JSON Web Key Set used to validate the signature of the JWT.		MaxLength: 65536 MinLength: 2 Optional: {}

JWTAuthentication

Appears in:

Traffic

Field	Description	Default	Validation
`mode` JWTAuthenticationMode	`mode` is the validation mode for JWT authentication.	Strict	Enum: [Strict Optional Permissive] Optional: {}
`providers` JWTProvider array			MaxItems: 64 MinItems: 1 Required: {}
`mcp` JWTMCPConfig	`mcp` optionally enables MCP OAuth metadata endpoint handling and MCP-specific authentication behavior on top of standard JWT validation. When set, the gateway will serve the MCP OAuth metadata discovery endpoints.		Optional: {}

JWTAuthenticationMode

Underlying type: string

Validation:

Enum: [Strict Optional Permissive]

Appears in:

JWTAuthentication
MCPAuthentication

Field	Description
`Strict`	A valid token, issued by a configured issuer, must be present. This is the default option.
`Optional`	If a token exists, validate it. Warning: this allows requests without a JWT token!
`Permissive`	Requests are never rejected. This is useful for usage of claims in later steps (authorization, logging, etc). Warning: this allows requests without a JWT token!

JWTMCPConfig

JWTMCPConfig holds MCP-specific extensions for JWT authentication.

Appears in:

JWTAuthentication

Field	Description	Default	Validation
`resourceMetadata` object (keys:string, values:JSON)	`resourceMetadata` defines the metadata to use for MCP resources, served at the MCP OAuth metadata endpoints.		Optional: {}
`provider` McpIDP	`provider` specifies the identity provider to use for MCP authentication flows.		Enum: [Auth0 Keycloak] Optional: {}

JWTProvider

Appears in:

JWTAuthentication

Field	Description	Validation
`issuer` ShortString	`issuer` identifies the IdP that issued the JWT. This corresponds to the `iss` claim (https://tools.ietf.org/html/rfc7519#section-4.1.1).	MaxLength: 256 MinLength: 1 Required: {}
`audiences` string array	`audiences` specifies the list of allowed audiences that are allowed access. This corresponds to the `aud` claim (https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.3). If unset, any audience is allowed.	MaxItems: 64 MinItems: 1 Optional: {}
`jwks` JWKS	`jwks` defines the JSON Web Key Set used to validate the signature of the JWT.	ExactlyOneOf: [remote inline] Required: {}

Keepalive

TCP keepalive settings.

Appears in:

BackendTCP
FrontendTCP

Field	Description	Validation
`retries` integer	retries specifies the maximum number of keep-alive probes to send before dropping the connection. If unset, this defaults to 9.	Maximum: 64 Minimum: 1 Optional: {}
`time` Duration	time specifies the number of seconds a connection needs to be idle before keep-alive probes start being sent. If unset, this defaults to 180s.	Optional: {}
`interval` Duration	interval specifies the number of seconds between keep-alive probes. If unset, this defaults to 180s.	Optional: {}

LLMProvider

LLMProvider specifies the target large language model provider that the backend should route requests to.

Validation:

ExactlyOneOf: [openai azureopenai anthropic gemini vertexai bedrock]

Appears in:

AIBackend
NamedLLMProvider

Field	Description	Validation
`openai` OpenAIConfig	OpenAI provider	Optional: {}
`azureopenai` AzureOpenAIConfig	Azure OpenAI provider	Optional: {}
`anthropic` AnthropicConfig	Anthropic provider	Optional: {}
`gemini` GeminiConfig	Gemini provider	Optional: {}
`vertexai` VertexAIConfig	Vertex AI provider	Optional: {}
`bedrock` BedrockConfig	Bedrock provider	Optional: {}
`host` ShortString	Host specifies the hostname to send the requests to. If not specified, the default hostname for the provider is used.	MaxLength: 256 MinLength: 1 Optional: {}
`port` integer	Port specifies the port to send the requests to.	Maximum: 65535 Minimum: 1 Optional: {}
`path` LongString	Path specifies the URL path to use for the LLM provider API requests. This is useful when you need to route requests to a different API endpoint while maintaining compatibility with the original provider’s API structure. If not specified, the default path for the provider is used.	MaxLength: 1024 MinLength: 1 Optional: {}
`pathPrefix` LongString	PathPrefix overrides the default base path prefix (e.g. “/v1”) for upstream requests. Path translation for cross-format requests still applies using this prefix. Only supported for OpenAI and Anthropic providers.	MaxLength: 1024 MinLength: 1 Optional: {}

LocalRateLimit

Policy for local rate limiting. Local rate limits are handled locally on a per-proxy basis, without co-ordination between instances of the proxy.

Validation:

ExactlyOneOf: [requests tokens]

Appears in:

RateLimits

Field	Description	Validation
`requests` integer	`requests` specifies the number of HTTP requests per unit of time that are allowed. Requests exceeding this limit will fail with a `429` error.	Minimum: 1 Optional: {}
`tokens` integer	`tokens` specifies the number of LLM tokens per unit of time that are allowed. Requests exceeding this limit will fail with a `429` error. Both input and output tokens are counted. However, token counts are not known until the request completes. As a result, token-based rate limits will apply to future requests only.	Minimum: 1 Optional: {}
`unit` LocalRateLimitUnit	`unit` specifies the unit of time that requests are limited on.	Enum: [Seconds Minutes Hours] Required: {}
`burst` integer	`burst` specifies an allowance of requests above the request-per-unit that should be allowed within a short period of time.	Optional: {}

LocalRateLimitUnit

Underlying type: string

Appears in:

LocalRateLimit

Field	Description
`Seconds`
`Minutes`
`Hours`

LogTracingAttributes

Appears in:

AccessLog
Tracing

Field	Description	Default	Validation
`remove` TinyString array	`remove` lists the default fields that should be removed. For example, `http.method`.		MaxItems: 32 MaxLength: 64 MinItems: 1 MinLength: 1 Optional: {}
`add` AttributeAdd array	`add` specifies additional key-value pairs to be added to each entry. The value is a CEL expression. If the CEL expression fails to evaluate, the pair will be excluded.		MinItems: 1 Optional: {}

MCPAuthentication

Appears in:

BackendMCP

Field	Description	Default	Validation
`resourceMetadata` object (keys:string, values:JSON)	ResourceMetadata defines the metadata to use for MCP resources.		Optional: {}
`provider` McpIDP	`provider` specifies the identity provider to use for authentication.		Enum: [Auth0 Keycloak] Optional: {}
`issuer` ShortString	`issuer` identifies the IdP that issued the JWT. This corresponds to the `iss` claim (https://tools.ietf.org/html/rfc7519#section-4.1.1).		MaxLength: 256 MinLength: 1 Optional: {}
`audiences` string array	`audiences` specifies the list of allowed audiences that are allowed access. This corresponds to the `aud` claim (https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.3). If unset, any audience is allowed.		MaxItems: 64 MinItems: 1 Optional: {}
`jwks` RemoteJWKS	`jwks` defines the remote JSON Web Key used to validate the signature of the JWT.		Required: {}
`mode` JWTAuthenticationMode	`mode` is the validation mode for JWT authentication.	Strict	Enum: [Strict Optional Permissive] Optional: {}

MCPBackend

MCPBackend configures mcp backends.

Appears in:

AgentgatewayBackendSpec

Field	Description	Validation
`targets` McpTargetSelector array	`targets` is a list of MCP targets to use for this backend. Policies targeting MCP targets must use `targetRefs[].sectionName` to select the target by name.	ExactlyOneOf: [selector static] MaxItems: 32 MinItems: 1 Required: {}
`sessionRouting` SessionRouting	`sessionRouting` configures MCP session behavior for requests. Defaults to `Stateful` if not set.	Enum: [Stateful Stateless] Optional: {}
`failureMode` FailureMode	`failureMode` controls behavior when MCP targets fail to initialize or become unavailable at runtime. `FailOpen` skips failed targets and continues serving from healthy ones. `FailClosed` (default) fails the entire session if any target fails.	Enum: [FailOpen FailClosed] Optional: {}

MCPProtocol

Underlying type: string

MCPProtocol defines the protocol to use for the MCPBackend target.

Validation:

Enum: [StreamableHTTP SSE]

Appears in:

McpTarget

Field	Description
`StreamableHTTP`	MCPProtocolStreamableHTTP specifies that `StreamableHTTP` must be used as the protocol.
`SSE`	MCPProtocolSSE specifies that Server-Sent Events (`SSE`) must be used as the protocol.

McpIDP

Underlying type: string

Appears in:

JWTMCPConfig
MCPAuthentication

Field	Description
`Auth0`
`Keycloak`

McpSelector

Appears in:

McpTargetSelector

Field	Description	Default	Validation
`namespaces` LabelSelector	`namespace` is the label selector for namespaces that `Service` resources should be selected from. If unset, only the namespace of the `AgentgatewayBackend` is searched.		Optional: {}
`services` LabelSelector	`services` is the label selector for which `Service` resources should be selected.		Optional: {}

McpTarget

McpTarget defines a single MCPBackend target configuration.

Validation:

ExactlyOneOf: [host backendRef]

Appears in:

McpTargetSelector

Field	Description	Validation
`host` ShortString	Host is the hostname or IP address of the MCP target.	MaxLength: 256 MinLength: 1 Optional: {}
`backendRef` LocalObjectReference	`backendRef` references a namespace-local `Service` resource by name. When set, this replaces `host` only; `port`, `path`, and `protocol` remain configured on this target.	Optional: {}
`port` integer	Port is the port number of the MCP target.	Maximum: 65535 Minimum: 1 Required: {}
`path` LongString	Path is the URL path of the MCP target endpoint. Defaults to `"/sse"` for the `SSE` protocol or `"/mcp"` for the `StreamableHTTP` protocol if not specified.	MaxLength: 1024 MinLength: 1 Optional: {}
`protocol` MCPProtocol	Protocol is the protocol to use for the connection to the MCP target.	Enum: [StreamableHTTP SSE] Optional: {}
`policies` BackendSimple	`policies` controls policies for communicating with this backend. Policies may also be set in `AgentgatewayPolicy`, or in the top-level `AgentgatewayBackend`. Policies are merged on a field-level basis, with order: `AgentgatewayPolicy` < `AgentgatewayBackend` < `AgentgatewayBackend` MCP (this field). This field may only be used with host-based static targets, not `backendRef`.	Optional: {}

McpTargetSelector

McpTargetSelector defines the MCPBackend target to use for this backend.

Validation:

ExactlyOneOf: [selector static]

Appears in:

MCPBackend

Field	Description	Validation
`name` SectionName	Name of the MCP target.	Required: {}
`selector` McpSelector	`selector` is the label selector used to select `Service` resources. If policies are needed on a per-service basis, `AgentgatewayPolicy` can target the desired `Service`.	Optional: {}
`static` McpTarget	`static` configures a static MCP destination. When connecting to in-cluster `Service` resources, it is recommended to use `selector` instead.	ExactlyOneOf: [host backendRef] Optional: {}

Message

An entry for a message to prepend or append to each prompt.

Appears in:

AIPromptEnrichment

Field	Description	Default	Validation
`role` string	Role of the message. The available roles depend on the backend LLM provider model, such as `SYSTEM` or `USER` in the OpenAI API.		Required: {}
`content` string	String content of the message.		Required: {}

NamedLLMProvider

Appears in:

PriorityGroup

Field	Description	Validation
`name` SectionName	Name of the provider. Policies can target this provider by name.	Required: {}
`policies` BackendWithAI	`policies` controls policies for communicating with this backend. Policies may also be set in `AgentgatewayPolicy`, or in the top-level `AgentgatewayBackend`. Policies are merged on a field-level basis, with order: `AgentgatewayPolicy` < `AgentgatewayBackend` < `AgentgatewayBackend` LLM provider (this field).	Optional: {}
`openai` OpenAIConfig	OpenAI provider	Optional: {}
`azureopenai` AzureOpenAIConfig	Azure OpenAI provider	Optional: {}
`anthropic` AnthropicConfig	Anthropic provider	Optional: {}
`gemini` GeminiConfig	Gemini provider	Optional: {}
`vertexai` VertexAIConfig	Vertex AI provider	Optional: {}
`bedrock` BedrockConfig	Bedrock provider	Optional: {}
`host` ShortString	Host specifies the hostname to send the requests to. If not specified, the default hostname for the provider is used.	MaxLength: 256 MinLength: 1 Optional: {}
`port` integer	Port specifies the port to send the requests to.	Maximum: 65535 Minimum: 1 Optional: {}
`path` LongString	Path specifies the URL path to use for the LLM provider API requests. This is useful when you need to route requests to a different API endpoint while maintaining compatibility with the original provider’s API structure. If not specified, the default path for the provider is used.	MaxLength: 1024 MinLength: 1 Optional: {}
`pathPrefix` LongString	PathPrefix overrides the default base path prefix (e.g. “/v1”) for upstream requests. Path translation for cross-format requests still applies using this prefix. Only supported for OpenAI and Anthropic providers.	MaxLength: 1024 MinLength: 1 Optional: {}

OTLPProtocol

Underlying type: string

Appears in:

OtlpAccessLog
Tracing

Field	Description
`HTTP`
`GRPC`

OpenAIConfig

OpenAIConfig settings for the OpenAI LLM provider.

Appears in:

LLMProvider
NamedLLMProvider

Field	Description	Default	Validation
`model` ShortString	Optional: Override the model name, such as `gpt-4o-mini`. If unset, the model name is taken from the request.		MaxLength: 256 MinLength: 1 Optional: {}

OpenAIModeration

Appears in:

PromptguardRequest

Field	Description	Default	Validation
`model` string	`model` specifies the moderation model to use. For example, `omni-moderation`.		Optional: {}
`policies` BackendSimple	policies controls policies for communicating with OpenAI.		Optional: {}

OtlpAccessLog

OtlpAccessLog defines configuration for shipping access logs to an OpenTelemetry-compatible backend via OTLP.

Appears in:

AccessLog

Field	Description	Default	Validation
`backendRef` BackendObjectReference	`backendRef` references the OTLP server to send access logs to. Supported types: `Service` and `AgentgatewayBackend`.		Required: {}
`protocol` OTLPProtocol	`protocol` specifies the OTLP protocol variant to use.	GRPC	Enum: [HTTP GRPC] Optional: {}
`path` LongString	`path` specifies the OTLP/HTTP path to use. This is only applicable when `protocol` is `HTTP`. If unset, this defaults to `/v1/logs`.		MaxLength: 1024 MinLength: 1 Optional: {}

PolicyPhase

Underlying type: string

Validation:

Enum: [PreRouting PostRouting]

Appears in:

Traffic

Field	Description
`PreRouting`
`PostRouting`

PriorityGroup

Appears in:

AIBackend

Field	Description	Default	Validation
`providers` NamedLLMProvider array	providers specifies a list of LLM providers within this group. Each provider is treated equally in terms of priority, with automatic weighting based on health.		MaxItems: 16 MinItems: 1 Required: {}

PromptCachingConfig

PromptCachingConfig configures automatic prompt caching for supported LLM providers. Currently only AWS Bedrock supports this feature (Claude 3+ and Nova models).

When enabled, the gateway automatically inserts cache points at strategic locations to reduce API costs. Bedrock charges lower rates for cached tokens (90% discount).

Example:

promptCaching:
  cacheSystem: true
  cacheMessages: true
  cacheTools: false

Cost savings example:

Without caching: 10,000 tokens × $3/MTok = $0.03
With caching (90% cached): 1,000 × $3/MTok + 9,000 × $0.30/MTok = $0.0057 (81% savings)

Appears in:

BackendAI

Field	Description	Default	Validation
`cacheSystem` boolean	CacheSystem enables caching for system prompts. Inserts a cache point after all system messages.	true	Optional: {}
`cacheMessages` boolean	CacheMessages enables caching for conversation messages. Caches all messages in the conversation for cost savings.	true	Optional: {}
`cacheTools` boolean	CacheTools enables caching for tool definitions. Inserts a cache point after all tool specifications.	false	Optional: {}
`minTokens` integer	MinTokens specifies the minimum estimated token count before caching is enabled. Uses rough heuristic (word count × 1.3) to estimate tokens. Bedrock requires at least 1,024 tokens for caching to be effective.	1024	Minimum: 0 Optional: {}
`cacheMessageOffset` integer	CacheMessageOffset shifts the message cache point further back in the conversation. 0 (default) places it at the second-to-last message. Higher values move it N additional messages towards the start, clamped to bounds.	0	Minimum: 0 Optional: {}

PromptguardRequest

PromptguardRequest defines the prompt guards to apply to requests sent by the client.

Validation:

ExactlyOneOf: [regex webhook openAIModeration bedrockGuardrails googleModelArmor]

Appears in:

AIPromptGuard

Field	Description	Validation
`response` CustomResponse	A custom response message to return to the client. If not specified, defaults to `The request was rejected due to inappropriate content`.	Optional: {}
`regex` Regex	Regular expression (regex) matching for prompt guards and data masking.	Optional: {}
`webhook` Webhook	Configure a webhook to forward requests to for prompt guarding.	Optional: {}
`openAIModeration` OpenAIModeration	`openAIModeration` passes prompt data through the OpenAI Moderations endpoint. See https://developers.openai.com/api/reference/resources/moderations for more information.	Optional: {}
`bedrockGuardrails` BedrockGuardrails	`bedrockGuardrails` configures AWS Bedrock Guardrails for prompt guarding.	Optional: {}
`googleModelArmor` GoogleModelArmor	`googleModelArmor` configures Google Model Armor for prompt guarding.	Optional: {}

PromptguardResponse

PromptguardResponse configures the response that the prompt guard applies to responses returned by the LLM provider.

Validation:

ExactlyOneOf: [regex webhook bedrockGuardrails googleModelArmor]

Appears in:

AIPromptGuard

Field	Description	Validation
`response` CustomResponse	A custom response message to return to the client. If not specified, defaults to `The response was rejected due to inappropriate content`.	Optional: {}
`regex` Regex	Regular expression (regex) matching for prompt guards and data masking.	Optional: {}
`webhook` Webhook	Configure a webhook to forward responses to for prompt guarding.	Optional: {}
`bedrockGuardrails` BedrockGuardrails	`bedrockGuardrails` configures AWS Bedrock Guardrails for prompt guarding.	Optional: {}
`googleModelArmor` GoogleModelArmor	`googleModelArmor` configures Google Model Armor for prompt guarding.	Optional: {}

RateLimitDescriptor

Appears in:

GlobalRateLimit

Field	Description	Default	Validation
`entries` RateLimitDescriptorEntry array	`entries` are the individual components that make up this descriptor.		MaxItems: 16 MinItems: 1 Required: {}
`unit` RateLimitUnit	`unit` defines what to use as the cost function. If unspecified, `Requests` is used.		Enum: [Requests Tokens] Optional: {}

RateLimitDescriptorEntry

A descriptor entry defines a single entry in a rate limit descriptor.

Appears in:

RateLimitDescriptor

Field	Description	Default	Validation
`name` TinyString	`name` specifies the name of the descriptor.		MaxLength: 64 MinLength: 1 Required: {}
`expression` CELExpression	`expression` is a Common Expression Language (`CEL`) expression that defines the value for the descriptor. For example, to rate limit based on the Client IP: `source.address`. See https://agentgateway.dev/docs/standalone/latest/reference/cel/ for more info.		Required: {}

RateLimitUnit

Underlying type: string

Appears in:

RateLimitDescriptor

Field	Description
`Tokens`
`Requests`

RateLimits

Appears in:

Traffic

Field	Description	Default	Validation
`local` LocalRateLimit array	Local defines a local rate limiting policy.		ExactlyOneOf: [requests tokens] MaxItems: 16 MinItems: 1 Optional: {}
`global` GlobalRateLimit	Global defines a global rate limiting policy using an external service.		Optional: {}

Regex

Regex configures the regular expression (regex) matching for prompt guards and data masking.

Appears in:

PromptguardRequest
PromptguardResponse

Field	Description	Default	Validation
`matches` LongString array	A list of regex patterns to match against the request or response. Matches and built-ins are additive.		MaxLength: 1024 MinLength: 1 Optional: {}
`builtins` BuiltIn array	A list of built-in regex patterns to match against the request or response. Matches and built-ins are additive.		Enum: [Ssn CreditCard PhoneNumber Email CaSin] Optional: {}
`action` Action	The action to take if a regex pattern is matched in a request or response. This setting applies only to request matches. `PromptguardResponse` matches are always masked by default. Defaults to `Mask`.	Mask	Enum: [Mask Reject] Optional: {}

RemoteJWKS

Appears in:

JWKS
MCPAuthentication

Field	Description	Default	Validation
`jwksPath` string	Path to the IdP `jwks` endpoint, relative to the root, commonly `".well-known/jwks.json"`.		MaxLength: 2000 MinLength: 1 Required: {}
`cacheDuration` Duration		5m	Optional: {}
`backendRef` BackendObjectReference	`backendRef` references the remote JWKS server to reach. Supported types are `Service` and static `Backend`. An `AgentgatewayPolicy` containing backend TLS config can then be attached to the `Service` or `Backend` in order to set TLS options for a connection to the remote `jwks` source.		Required: {}

ResourceAdd

Appears in:

Tracing

Field	Description	Default	Validation
`name` ShortString			MaxLength: 256 MinLength: 1 Required: {}
`expression` CELExpression			Required: {}

Retry

Retry defines the retry policy.

Appears in:

Traffic

RouteType

Underlying type: string

RouteType specifies how the AI gateway should process incoming requests based on the URL path and the API format expected.

Validation:

Enum: [Completions Messages Models Passthrough Detect Responses AnthropicTokenCount Embeddings Realtime]

Appears in:

BackendAI

Field	Description
`Completions`	RouteTypeCompletions processes OpenAI `/v1/chat/completions` format requests.
`Messages`	RouteTypeMessages processes Anthropic `/v1/messages` format requests.
`Models`	RouteTypeModels handles the `/v1/models` endpoint.
`Passthrough`	RouteTypePassthrough sends requests upstream as-is without LLM processing.
`Detect`	RouteTypeDetect sends requests as-is but attempts to extract request/response metadata for telemetry and rate limiting.
`Responses`	RouteTypeResponses processes OpenAI `/v1/responses` format requests.
`AnthropicTokenCount`	RouteTypeAnthropicTokenCount processes Anthropic `/v1/messages/count_tokens` format requests.
`Embeddings`	RouteTypeEmbeddings processes OpenAI `/v1/embeddings` format requests.
`Realtime`	RouteTypeRealtime processes OpenAI `/v1/realtime` requests.

SecretSelector

Appears in:

APIKeyAuthentication

Field	Description	Default	Validation
`matchLabels` object (keys:string, values:string)	Label selector to select the target resource.		Required: {}

SessionRouting

Underlying type: string

Validation:

Enum: [Stateful Stateless]

Appears in:

MCPBackend

Field	Description
`Stateful`	`Stateful` mode creates an MCP session (via `mcp-session-id`) and internally ensures requests for that session are routed to a consistent backend replica.
`Stateless`

ShutdownSpec

Appears in:

AgentgatewayParametersConfigs
AgentgatewayParametersSpec

Field	Description	Default	Validation
`min` integer	Minimum time (in seconds) to wait before allowing Agentgateway to terminate. Refer to the `CONNECTION_MIN_TERMINATION_DEADLINE` environment variable for details.		Maximum: 3.1536e+07 Minimum: 0 Required: {}
`max` integer	Maximum time (in seconds) to wait before allowing Agentgateway to terminate. Refer to the `TERMINATION_GRACE_PERIOD_SECONDS` environment variable for details.		Maximum: 3.1536e+07 Minimum: 0 Required: {}

StaticBackend

Appears in:

AgentgatewayBackendSpec

Field	Description	Default	Validation
`host` ShortString	host to connect to.		MaxLength: 256 MinLength: 1 Required: {}
`port` integer	port to connect to.		Maximum: 65535 Minimum: 1 Required: {}

TLSVersion

Underlying type: string

Validation:

Enum: [1.2 1.3]

Appears in:

FrontendTLS

Field	Description
`1.2`	agentgateway currently only supports `TLS 1.2` and `TLS 1.3`.
`1.3`

Timeouts

Appears in:

Traffic

Field	Description	Default	Validation
`request` Duration	request specifies a timeout for an individual request from the gateway to a backend. This covers the time from when the request first starts being sent from the gateway to when the full response has been received from the backend.		Optional: {}

Tracing

Appears in:

Frontend

Field	Description	Default	Validation
`backendRef` BackendObjectReference	`backendRef` references the OTLP server to reach. Supported types: `Service` and `AgentgatewayBackend`.		Required: {}
`protocol` OTLPProtocol	`protocol` specifies the OTLP protocol variant to use.	GRPC	Enum: [HTTP GRPC] Optional: {}
`path` LongString	`path` specifies the OTLP path to use. This is only applicable when `protocol` is `HTTP`. If unset, this defaults to `/v1/traces`.		MaxLength: 1024 MinLength: 1 Optional: {}
`attributes` LogTracingAttributes	`attributes` specifies customizations to the key-value pairs that are included in the trace.		Optional: {}
`resources` ResourceAdd array	`resources` describes the entity producing telemetry and specifies the resources to be included in the trace.		Optional: {}
`randomSampling` CELExpression	`randomSampling` is an expression to determine the amount of random sampling. Random sampling will initiate a new trace span if the incoming request does not have a trace initiated already. This should evaluate to a float between `0.0` and `1.0`, or a boolean (`true` or `false`). If unspecified, random sampling is disabled.		Optional: {}
`clientSampling` CELExpression	`clientSampling` is an expression to determine the amount of client sampling. Client sampling determines whether to initiate a new trace span if the incoming request does have a trace already. This should evaluate to a float between `0.0` and `1.0`, or a boolean (`true` or `false`). If unspecified, client sampling is `100%` enabled.		Optional: {}

Traffic

Appears in:

AgentgatewayPolicySpec

Field	Description	Validation
`phase` PolicyPhase	The phase to apply the traffic policy to. If the phase is `PreRouting`, the `targetRef` must be a `Gateway` or a `Listener`. `PreRouting` is typically used only when a policy needs to influence the routing decision. Even when using `PostRouting` mode, the policy can target the `Gateway` or `Listener`. This is a helper for applying the policy to all routes under that `Gateway` or `Listener`, and follows the merging logic described above. Note: `PreRouting` and `PostRouting` rules do not merge together. These are independent execution phases. That is, all `PreRouting` rules will merge and execute, then all `PostRouting` rules will merge and execute. If unset, this defaults to `PostRouting`.	Enum: [PreRouting PostRouting] Optional: {}
`transformation` Transformation	transformation is used to mutate and transform requests and responses before forwarding them to the destination.	Optional: {}
`extProc` ExtProc	extProc specifies the external processing configuration for the policy.	Optional: {}
`extAuth` ExtAuth	extAuth specifies the external authentication configuration for the policy. This controls what external server to send requests to for authentication.	ExactlyOneOf: [grpc http] Optional: {}
`rateLimit` RateLimits	rateLimit specifies the rate limiting configuration for the policy. This controls the rate at which requests are allowed to be processed.	Optional: {}
`cors` CORS	cors specifies the CORS configuration for the policy.	Optional: {}
`csrf` CSRF	csrf specifies the Cross-Site Request Forgery (CSRF) policy for this traffic policy. The CSRF policy has the following behavior: * Safe methods (`GET`, `HEAD`, `OPTIONS`) are automatically allowed. * Requests without `Sec-Fetch-Site` or `Origin` headers are assumed to be same-origin or non-browser requests and are allowed. * Otherwise, the `Sec-Fetch-Site` header is checked, with a fallback to comparing the `Origin` header to the `Host` header.	Optional: {}
`headerModifiers` HeaderModifiers	headerModifiers defines the policy to modify request and response headers.	Optional: {}
`hostRewrite` HostnameRewrite	`hostRewrite` specifies how to rewrite the `Host` header for requests. If the `HTTPRoute` `urlRewrite` filter already specifies a host rewrite, this setting is ignored.	Optional: {}
`timeouts` Timeouts	`timeouts` defines the timeouts for requests. It is applicable to `HTTPRoute` resources and ignored for other targeted kinds.	Optional: {}
`retry` Retry	retry defines the policy for retrying requests.	Optional: {}
`authorization` Authorization	`authorization` specifies the access rules based on roles and permissions. If multiple authorization rules are applied across different policies (at the same, or different, attahcment points), all rules are merged.	Optional: {}
`jwtAuthentication` JWTAuthentication	`jwtAuthentication` authenticates users based on JWT tokens.	Optional: {}
`basicAuthentication` BasicAuthentication	`basicAuthentication` authenticates users based on the `Basic` authentication scheme (RFC 7617), where a username and password are encoded in the request.	ExactlyOneOf: [users secretRef] Optional: {}
`apiKeyAuthentication` APIKeyAuthentication	`apiKeyAuthentication` authenticates users based on a configured API key.	ExactlyOneOf: [secretRef secretSelector] Optional: {}
`directResponse` DirectResponse	`directResponse` configures the policy to send a direct response to the client.	Optional: {}

Transform

Appears in:

Transformation

Field	Description	Validation
`set` HeaderTransformation array	`set` is a list of headers and the value they should be set to.	MaxItems: 16 MinItems: 1 Optional: {}
`add` HeaderTransformation array	`add` is a list of headers to add to the request and what that value should be set to. If there is already a header with these values then append the value as an extra entry.	MaxItems: 16 MinItems: 1 Optional: {}
`remove` HeaderName array	`remove` is a list of header names to remove from the request or response.	MaxItems: 16 MaxLength: 256 MinItems: 1 MinLength: 1 Pattern: `^:?[A-Za-z0-9!#$%&'*+\-.^_\x60\|~]+$` Optional: {}
`body` CELExpression	`body` controls manipulation of the HTTP body.	Optional: {}
`metadata` object (keys:string, values:CELExpression)	Refer to Kubernetes API documentation for fields of `metadata`.	MaxProperties: 16 MinProperties: 1 Optional: {}

Transformation

Appears in:

BackendFull
BackendSimple
BackendWithAI
Traffic

Field	Description	Default	Validation
`request` Transform	`request` is used to modify the request path.		Optional: {}
`response` Transform	`response` is used to modify the response path.		Optional: {}

VertexAIConfig

VertexAIConfig settings for the Vertex AI LLM provider.

Appears in:

LLMProvider
NamedLLMProvider

Field	Description	Default	Validation
`model` ShortString	Optional: Override the model name, such as `gpt-4o-mini`. If unset, the model name is taken from the request.		MaxLength: 256 MinLength: 1 Optional: {}
`projectId` TinyString	The ID of the Google Cloud Project that you use for the Vertex AI.		MaxLength: 64 MinLength: 1 Required: {}
`region` TinyString	The location of the Google Cloud Project that you use for the Vertex AI. Defaults to `global` if not specified.	global	MaxLength: 64 MinLength: 1 Optional: {}

Webhook

Webhook configures a webhook to forward requests or responses to for prompt guarding.

Appears in:

PromptguardRequest
PromptguardResponse

Field	Description	Default	Validation
`backendRef` BackendObjectReference	backendRef references the webhook server to reach. Supported types: Service and Backend.		Required: {}
`forwardHeaderMatches` HTTPHeaderMatch array	ForwardHeaderMatches defines a list of HTTP header matches that will be used to select the headers to forward to the webhook. Request headers are used when forwarding requests and response headers are used when forwarding responses. By default, no headers are forwarded.		Optional: {}

Shared Types

The following types are defined in the shared package and used across multiple APIs.

Authorization

Authorization defines the configuration for role-based access control.

Field	Type	Description
`policy`	AuthorizationPolicy	`policy` specifies the authorization rule to evaluate. * For `Allow` rules: any policy allows the request. * For `Require` rules: all policies must match for the request to be allowed. * For `Deny` rules: any matching policy denies the request. Note: a CEL expression that fails to evaluate is not considered to match, making this a risky policy; prefer to use `Require`. The presence of at least one `Allow` rule triggers a deny-by-default policy, requiring at least 1 match to allow. With no rules, all requires are allowed. Required.
`action`	AuthorizationPolicyAction	`action` defines whether the rule allows, denies, or requires the request if matched. If unspecified, the default is `Allow`. Require policies are conjunctive across merged policies: all require policies must match.

AuthorizationPolicy

AuthorizationPolicy defines a single authorization rule.

Field	Type	Description
`matchExpressions`	[]CELExpression	MatchExpressions defines a set of conditions that must be satisfied for the rule to match. These expressions should be in the form of a Common Expression Language (`CEL`) expression. Required.

AuthorizationPolicyAction

Underlying type: string

AuthorizationPolicyAction defines the action to take when the RBACPolicies matches.

CELExpression

Underlying type: string

CELExpression represents a Common Expression Language (CEL) expression.

Validation:

MinLength=1
MaxLength=16384

HeaderModifiers

HeaderModifiers can be used to define the policy to modify request and response headers.

Validation:

AtLeastOneFieldSet

Field	Type	Description
`request`	*gwv1.HTTPHeaderFilter	Request modifies request headers.
`response`	*gwv1.HTTPHeaderFilter	Response modifies response headers.

KubernetesResourceOverlay

KubernetesResourceOverlay provides a mechanism to customize generated Kubernetes resources using Strategic Merge Patch semantics. # Overlay Application Order Overlays are applied after all typed configuration fields have been processed. The full merge order is: 1. GatewayClass typed configuration fields, for example replicas or image settings from parametersRef 2. Gateway typed configuration fields from infrastructure.parametersRef 3. GatewayClass overlays are applied 4. Gateway overlays are applied This ordering means Gateway-level configuration overrides GatewayClass-level configuration at each stage. For example, if both levels set the same label, the Gateway value wins.

Field	Type	Description
`metadata`	*ObjectMetadata	`metadata` defines a subset of object metadata to be customized. `labels` and `annotations` are merged with existing values. If both `GatewayClass` and `Gateway` parameters define the same label or annotation key, the `Gateway` value takes precedence (applied second).
`spec`	*apiextensionsv1.JSON	`spec` provides an opaque mechanism to configure the resource spec. This field accepts a complete or partial Kubernetes resource spec, such as `PodSpec` or `ServiceSpec`, and will be merged with the generated configuration using Strategic Merge Patch semantics. # Application Order Overlays are applied after all typed configuration fields from both levels. The full merge order is: 1. `GatewayClass` typed configuration fields 2. `Gateway` typed configuration fields 3. `GatewayClass` overlays 4. `Gateway` overlays (can override all previous values) # Strategic Merge Patch & Deletion Guide This merge strategy allows you to override individual fields, merge lists, or delete items without needing to provide the entire resource definition. 1. Replacing Values (Scalars): Simple fields (strings, integers, booleans) in your config will overwrite the generated defaults. 2. Merging Lists (Append/Merge): Lists with “merge keys”, like `containers` which merges on `name`, or `tolerations` which merges on `key`, will append your items to the generated list, or update existing items if keys match. 3. Deleting Fields or List Items ($patch: delete): To remove a field or list item from the generated resource, use the `$patch: delete` directive. This works for both map fields and list items, and is the recommended approach because it works with both client-side and server-side apply. spec: template: spec: # Delete pod-level securityContext securityContext: $patch: delete # Delete nodeSelector nodeSelector: $patch: delete containers: # Be sure to use the correct proxy name here or you will add a # container instead of modifying a container. - name: proxy-name # Delete container-level securityContext securityContext: $patch: delete 4. Null Values (server-side apply only): Setting a field to `null` can also remove it, but this ONLY works with `kubectl apply --server-side` or equivalent. With regular client-side `kubectl apply`, null values are stripped by kubectl before reaching the API server, so the deletion won’t occur. Prefer `$patch: delete` for consistent behavior across both apply modes. spec: template: spec: nodeSelector: null # Removes nodeSelector (server-side apply only!) 5. Replacing Maps Entirely ($patch: replace): To replace an entire map with your values (instead of merging), use `$patch: replace`. This removes all existing keys and replaces them with only your specified keys. spec: template: spec: nodeSelector: $patch: replace custom-key: custom-value 6. Replacing Lists Entirely ($patch: replace): If you want to strictly define a list and ignore all generated defaults, use `$patch: replace`. service: spec: ports: - $patch: replace - name: http port: 80 targetPort: 8080 protocol: TCP - name: https port: 443 targetPort: 8443 protocol: TCP

LongString

Underlying type: string

Validation:

MinLength=1
MaxLength=1024

ObjectMetadata

ObjectMetadata contains labels and annotations for metadata overlays.

Field	Type	Description
`labels`	map[string]string	Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
`annotations`	map[string]string	Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations

PolicyAncestorStatus

Field	Type	Description
`ancestorRef`	gwv1.ParentReference	AncestorRef corresponds with a ParentRef in the spec that this PolicyAncestorStatus struct describes the status of. Required.
`controllerName`	string	ControllerName is a domain/path string that indicates the name of the controller that wrote this status. This corresponds with the `controllerName` field on `GatewayClass`. Example: `example.net/gateway-controller`. The format of this field is `DOMAIN "/" PATH`, where `DOMAIN` and `PATH` are valid Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). Controllers MUST populate this field when writing status. Controllers should ensure that entries in status populated with their `ControllerName` are cleaned up when they are no longer necessary. Required.
`conditions`	[]metav1.Condition	Conditions describes the status of the Policy with respect to the given Ancestor.

PolicyStatus

Field	Type	Description
`conditions`	[]metav1.Condition
`ancestors`	[]PolicyAncestorStatus	Required.

SNI

Underlying type: string

Validation:

MinLength=1
MaxLength=253
Pattern=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$

ShortString

Underlying type: string

Validation:

MinLength=1
MaxLength=256

TinyString

Underlying type: string

Validation:

MinLength=1
MaxLength=64

CEL expressions