v1alpha1

package
v0.1.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 14, 2025 License: Apache-2.0 Imports: 8 Imported by: 0

Documentation

Overview

Package v1alpha1 contains API schema definitions for the aigateway.envoyproxy.io API group.

+kubebuilder:object:generate=true +groupName=aigateway.envoyproxy.io

Index

Constants

View Source 
const (
	// AIGatewayFilterMetadataNamespace is the namespace for the ai-gateway filter metadata.
	AIGatewayFilterMetadataNamespace = "io.envoy.ai_gateway"
)
View Source 
const (
	// AIModelHeaderKey is the header key whose value is extracted from the request by the ai-gateway.
	// This can be used to describe the routing behavior in HTTPRoute referenced by AIGatewayRoute.
	AIModelHeaderKey = "x-ai-eg-model"
)
View Source 
const GroupName = "aigateway.envoyproxy.io"

Variables

View Source 
var (

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
	SchemeBuilder = &scheme.Builder{GroupVersion: schemeGroupVersion}

	// AddToScheme adds the types in this group-version to the given scheme.
	AddToScheme = SchemeBuilder.AddToScheme
)

Functions

This section is empty.

Types

type AIGatewayFilterConfig 

type AIGatewayFilterConfig struct {
	// Type specifies the type of the filter configuration.
	//
	// Currently, only ExternalProcessor is supported, and default is ExternalProcessor.
	//
	// +kubebuilder:default=ExternalProcessor
	Type AIGatewayFilterConfigType `json:"type"`

	// ExternalProcessor is the configuration for the external processor filter.
	// This is optional, and if not set, the default values of Deployment spec will be used.
	//
	// +optional
	ExternalProcessor *AIGatewayFilterConfigExternalProcessor `json:"externalProcessor,omitempty"`
}

func (*AIGatewayFilterConfig) DeepCopy 

func (in *AIGatewayFilterConfig) DeepCopy() *AIGatewayFilterConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AIGatewayFilterConfig.

func (*AIGatewayFilterConfig) DeepCopyInto 

func (in *AIGatewayFilterConfig) DeepCopyInto(out *AIGatewayFilterConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AIGatewayFilterConfigExternalProcessor 

type AIGatewayFilterConfigExternalProcessor struct {
	// Replicas is the number of desired pods of the external processor deployment.
	//
	// +optional
	Replicas *int32 `json:"replicas,omitempty"`
	// Resources required by the external processor container.
	// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
	//
	// +optional
	Resources *corev1.ResourceRequirements `json:"resources,omitempty"`
}

func (*AIGatewayFilterConfigExternalProcessor) DeepCopy 

func (in *AIGatewayFilterConfigExternalProcessor) DeepCopy() *AIGatewayFilterConfigExternalProcessor

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AIGatewayFilterConfigExternalProcessor.

func (*AIGatewayFilterConfigExternalProcessor) DeepCopyInto 

func (in *AIGatewayFilterConfigExternalProcessor) DeepCopyInto(out *AIGatewayFilterConfigExternalProcessor)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AIGatewayFilterConfigType 

type AIGatewayFilterConfigType string

AIGatewayFilterConfigType specifies the type of the filter configuration.

+kubebuilder:validation:Enum=ExternalProcessor;DynamicModule 

const (
	AIGatewayFilterConfigTypeExternalProcessor AIGatewayFilterConfigType = "ExternalProcessor"
	AIGatewayFilterConfigTypeDynamicModule     AIGatewayFilterConfigType = "DynamicModule" // Reserved for https://github.com/envoyproxy/ai-gateway/issues/90
)

type AIGatewayRoute 

type AIGatewayRoute struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`
	// Spec defines the details of the AIGatewayRoute.
	Spec AIGatewayRouteSpec `json:"spec,omitempty"`
}

AIGatewayRoute combines multiple AIServiceBackends and attaching them to Gateway(s) resources.

This serves as a way to define a "unified" AI API for a Gateway which allows downstream clients to use a single schema API to interact with multiple AI backends.

The schema field is used to determine the structure of the requests that the Gateway will receive. And then the Gateway will route the traffic to the appropriate AIServiceBackend based on the output schema of the AIServiceBackend while doing the other necessary jobs like upstream authentication, rate limit, etc.

For Advanced Users: Envoy AI Gateway will generate the following k8s resources corresponding to the AIGatewayRoute:

  • Deployment, Service, and ConfigMap of the k8s API for the AI Gateway filter. The name of these resources are `ai-eg-route-extproc-${name}`.
  • HTTPRoute of the Gateway API as a top-level resource to bind all backends. The name of the HTTPRoute is the same as the AIGatewayRoute.
  • EnvoyExtensionPolicy of the Envoy Gateway API to attach the AI Gateway filter into the HTTPRoute. The name of the EnvoyExtensionPolicy is `ai-eg-route-extproc-${name}` which is the same as the Deployment, etc.
  • HTTPRouteFilter of the Envoy Gateway API per namespace for automatic hostname rewrite. The name of the HTTPRouteFilter is `ai-eg-host-rewrite`.

All of these resources are created in the same namespace as the AIGatewayRoute. Note that this is the implementation detail subject to change. If you want to customize the default behavior of the Envoy AI Gateway, you can use these resources as a reference and create your own resources. Alternatively, you can use EnvoyPatchPolicy API of the Envoy Gateway to patch the generated resources. For example, you can insert a custom filter into the filter chain.

func (*AIGatewayRoute) DeepCopy 

func (in *AIGatewayRoute) DeepCopy() *AIGatewayRoute

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AIGatewayRoute.

func (*AIGatewayRoute) DeepCopyInto 

func (in *AIGatewayRoute) DeepCopyInto(out *AIGatewayRoute)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AIGatewayRoute) DeepCopyObject 

func (in *AIGatewayRoute) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type AIGatewayRouteList 

type AIGatewayRouteList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []AIGatewayRoute `json:"items"`
}

AIGatewayRouteList contains a list of AIGatewayRoute.

func (*AIGatewayRouteList) DeepCopy 

func (in *AIGatewayRouteList) DeepCopy() *AIGatewayRouteList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AIGatewayRouteList.

func (*AIGatewayRouteList) DeepCopyInto 

func (in *AIGatewayRouteList) DeepCopyInto(out *AIGatewayRouteList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AIGatewayRouteList) DeepCopyObject 

func (in *AIGatewayRouteList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type AIGatewayRouteRule 

type AIGatewayRouteRule struct {
	// BackendRefs is the list of AIServiceBackend that this rule will route the traffic to.
	// Each backend can have a weight that determines the traffic distribution.
	//
	// The namespace of each backend is "local", i.e. the same namespace as the AIGatewayRoute.
	//
	// +optional
	// +kubebuilder:validation:MaxItems=128
	BackendRefs []AIGatewayRouteRuleBackendRef `json:"backendRefs,omitempty"`

	// Matches is the list of AIGatewayRouteMatch that this rule will match the traffic to.
	// This is a subset of the HTTPRouteMatch in the Gateway API. See for the details:
	// https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io%2fv1.HTTPRouteMatch
	//
	// +optional
	// +kubebuilder:validation:MaxItems=128
	Matches []AIGatewayRouteRuleMatch `json:"matches,omitempty"`
}

AIGatewayRouteRule is a rule that defines the routing behavior of the AIGatewayRoute.

func (*AIGatewayRouteRule) DeepCopy 

func (in *AIGatewayRouteRule) DeepCopy() *AIGatewayRouteRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AIGatewayRouteRule.

func (*AIGatewayRouteRule) DeepCopyInto 

func (in *AIGatewayRouteRule) DeepCopyInto(out *AIGatewayRouteRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AIGatewayRouteRuleBackendRef 

type AIGatewayRouteRuleBackendRef struct {
	// Name is the name of the AIServiceBackend.
	//
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:MinLength=1
	Name string `json:"name"`

	// Weight is the weight of the AIServiceBackend. This is exactly the same as the weight in
	// the BackendRef in the Gateway API. See for the details:
	// https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io%2fv1.BackendRef
	//
	// Default is 1.
	//
	// +optional
	// +kubebuilder:validation:Minimum=0
	// +kubebuilder:default=1
	Weight int `json:"weight,omitempty"`
}

AIGatewayRouteRuleBackendRef is a reference to a AIServiceBackend with a weight.

func (*AIGatewayRouteRuleBackendRef) DeepCopy 

func (in *AIGatewayRouteRuleBackendRef) DeepCopy() *AIGatewayRouteRuleBackendRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AIGatewayRouteRuleBackendRef.

func (*AIGatewayRouteRuleBackendRef) DeepCopyInto 

func (in *AIGatewayRouteRuleBackendRef) DeepCopyInto(out *AIGatewayRouteRuleBackendRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AIGatewayRouteRuleMatch 

type AIGatewayRouteRuleMatch struct {
	// Headers specifies HTTP request header matchers. See HeaderMatch in the Gateway API for the details:
	// https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io%2fv1.HTTPHeaderMatch
	//
	// Currently, only the exact header matching is supported.
	//
	// +listType=map
	// +listMapKey=name
	// +optional
	// +kubebuilder:validation:MaxItems=16
	// +kubebuilder:validation:XValidation:rule="self.all(match, match.type != 'RegularExpression')", message="currently only exact match is supported"
	Headers []gwapiv1.HTTPHeaderMatch `json:"headers,omitempty"`
}

func (*AIGatewayRouteRuleMatch) DeepCopy 

func (in *AIGatewayRouteRuleMatch) DeepCopy() *AIGatewayRouteRuleMatch

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AIGatewayRouteRuleMatch.

func (*AIGatewayRouteRuleMatch) DeepCopyInto 

func (in *AIGatewayRouteRuleMatch) DeepCopyInto(out *AIGatewayRouteRuleMatch)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AIGatewayRouteSpec 

type AIGatewayRouteSpec struct {
	// TargetRefs are the names of the Gateway resources this AIGatewayRoute is being attached to.
	//
	// +kubebuilder:validation:MinItems=1
	// +kubebuilder:validation:MaxItems=128
	TargetRefs []gwapiv1a2.LocalPolicyTargetReferenceWithSectionName `json:"targetRefs"`
	// APISchema specifies the API schema of the input that the target Gateway(s) will receive.
	// Based on this schema, the ai-gateway will perform the necessary transformation to the
	// output schema specified in the selected AIServiceBackend during the routing process.
	//
	// Currently, the only supported schema is OpenAI as the input schema.
	//
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:XValidation:rule="self.name == 'OpenAI'"
	APISchema VersionedAPISchema `json:"schema"`
	// Rules is the list of AIGatewayRouteRule that this AIGatewayRoute will match the traffic to.
	// Each rule is a subset of the HTTPRoute in the Gateway API (https://gateway-api.sigs.k8s.io/api-types/httproute/).
	//
	// AI Gateway controller will generate a HTTPRoute based on the configuration given here with the additional
	// modifications to achieve the necessary jobs, notably inserting the AI Gateway filter responsible for
	// the transformation of the request and response, etc.
	//
	// In the matching conditions in the AIGatewayRouteRule, `x-ai-eg-model` header is available
	// if we want to describe the routing behavior based on the model name. The model name is extracted
	// from the request content before the routing decision.
	//
	// How multiple rules are matched is the same as the Gateway API. See for the details:
	// https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io%2fv1.HTTPRoute
	//
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:MaxItems=128
	Rules []AIGatewayRouteRule `json:"rules"`

	// FilterConfig is the configuration for the AI Gateway filter inserted in the generated HTTPRoute.
	//
	// An AI Gateway filter is responsible for the transformation of the request and response
	// as well as the routing behavior based on the model name extracted from the request content, etc.
	//
	// Currently, the filter is only implemented as an external processor filter, which might be
	// extended to other types of filters in the future. See https://github.com/envoyproxy/ai-gateway/issues/90
	FilterConfig *AIGatewayFilterConfig `json:"filterConfig,omitempty"`

	// LLMRequestCosts specifies how to capture the cost of the LLM-related request, notably the token usage.
	// The AI Gateway filter will capture each specified number and store it in the Envoy's dynamic
	// metadata per HTTP request. The namespaced key is "io.envoy.ai_gateway",
	//
	// For example, let's say we have the following LLMRequestCosts configuration:
	// “`yaml
	//	llmRequestCosts:
	//	- metadataKey: llm_input_token
	//	  type: InputToken
	//	- metadataKey: llm_output_token
	//	  type: OutputToken
	//	- metadataKey: llm_total_token
	//	  type: TotalToken
	// “`
	// Then, with the following BackendTrafficPolicy of Envoy Gateway, you can have three
	// rate limit buckets for each unique x-user-id header value. One bucket is for the input token,
	// the other is for the output token, and the last one is for the total token.
	// Each bucket will be reduced by the corresponding token usage captured by the AI Gateway filter.
	//
	// “`yaml
	//	apiVersion: gateway.envoyproxy.io/v1alpha1
	//	kind: BackendTrafficPolicy
	//	metadata:
	//	  name: some-example-token-rate-limit
	//	  namespace: default
	//	spec:
	//	  targetRefs:
	//	  - group: gateway.networking.k8s.io
	//	     kind: HTTPRoute
	//	     name: usage-rate-limit
	//	  rateLimit:
	//	    type: Global
	//	    global:
	//	      rules:
	//	        - clientSelectors:
	//	            # Do the rate limiting based on the x-user-id header.
	//	            - headers:
	//	                - name: x-user-id
	//	                  type: Distinct
	//	          limit:
	//	            # Configures the number of "tokens" allowed per hour.
	//	            requests: 10000
	//	            unit: Hour
	//	          cost:
	//	            request:
	//	              from: Number
	//	              # Setting the request cost to zero allows to only check the rate limit budget,
	//	              # and not consume the budget on the request path.
	//	              number: 0
	//	            # This specifies the cost of the response retrieved from the dynamic metadata set by the AI Gateway filter.
	//	            # The extracted value will be used to consume the rate limit budget, and subsequent requests will be rate limited
	//	            # if the budget is exhausted.
	//	            response:
	//	              from: Metadata
	//	              metadata:
	//	                namespace: io.envoy.ai_gateway
	//	                key: llm_input_token
	//	        - clientSelectors:
	//	            - headers:
	//	                - name: x-user-id
	//	                  type: Distinct
	//	          limit:
	//	            requests: 10000
	//	            unit: Hour
	//	          cost:
	//	            request:
	//	              from: Number
	//	              number: 0
	//	            response:
	//	              from: Metadata
	//	              metadata:
	//	                namespace: io.envoy.ai_gateway
	//	                key: llm_output_token
	//	        - clientSelectors:
	//	            - headers:
	//	                - name: x-user-id
	//	                  type: Distinct
	//	          limit:
	//	            requests: 10000
	//	            unit: Hour
	//	          cost:
	//	            request:
	//	              from: Number
	//	              number: 0
	//	            response:
	//	              from: Metadata
	//	              metadata:
	//	                namespace: io.envoy.ai_gateway
	//	                key: llm_total_token
	// “`
	// +optional
	// +kubebuilder:validation:MaxItems=36
	LLMRequestCosts []LLMRequestCost `json:"llmRequestCosts,omitempty"`
}

AIGatewayRouteSpec details the AIGatewayRoute configuration.

func (*AIGatewayRouteSpec) DeepCopy 

func (in *AIGatewayRouteSpec) DeepCopy() *AIGatewayRouteSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AIGatewayRouteSpec.

func (*AIGatewayRouteSpec) DeepCopyInto 

func (in *AIGatewayRouteSpec) DeepCopyInto(out *AIGatewayRouteSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AIServiceBackend 

type AIServiceBackend struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`
	// Spec defines the details of AIServiceBackend.
	Spec AIServiceBackendSpec `json:"spec,omitempty"`
}

AIServiceBackend is a resource that represents a single backend for AIGatewayRoute. A backend is a service that handles traffic with a concrete API specification.

A AIServiceBackend is "attached" to a Backend which is either a k8s Service or a Backend resource of the Envoy Gateway.

When a backend with an attached AIServiceBackend is used as a routing target in the AIGatewayRoute (more precisely, the HTTPRouteSpec defined in the AIGatewayRoute), the ai-gateway will generate the necessary configuration to do the backend specific logic in the final HTTPRoute.

func (*AIServiceBackend) DeepCopy 

func (in *AIServiceBackend) DeepCopy() *AIServiceBackend

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AIServiceBackend.

func (*AIServiceBackend) DeepCopyInto 

func (in *AIServiceBackend) DeepCopyInto(out *AIServiceBackend)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AIServiceBackend) DeepCopyObject 

func (in *AIServiceBackend) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type AIServiceBackendList 

type AIServiceBackendList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []AIServiceBackend `json:"items"`
}

AIServiceBackendList contains a list of AIServiceBackends.

func (*AIServiceBackendList) DeepCopy 

func (in *AIServiceBackendList) DeepCopy() *AIServiceBackendList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AIServiceBackendList.

func (*AIServiceBackendList) DeepCopyInto 

func (in *AIServiceBackendList) DeepCopyInto(out *AIServiceBackendList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AIServiceBackendList) DeepCopyObject 

func (in *AIServiceBackendList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type AIServiceBackendSpec 

type AIServiceBackendSpec struct {
	// APISchema specifies the API schema of the output format of requests from
	// Envoy that this AIServiceBackend can accept as incoming requests.
	// Based on this schema, the ai-gateway will perform the necessary transformation for
	// the pair of AIGatewayRouteSpec.APISchema and AIServiceBackendSpec.APISchema.
	//
	// This is required to be set.
	//
	// +kubebuilder:validation:Required
	APISchema VersionedAPISchema `json:"schema"`
	// BackendRef is the reference to the Backend resource that this AIServiceBackend corresponds to.
	//
	// A backend can be of either k8s Service or Backend resource of Envoy Gateway.
	//
	// This is required to be set.
	//
	// +kubebuilder:validation:Required
	BackendRef gwapiv1.BackendObjectReference `json:"backendRef"`

	// BackendSecurityPolicyRef is the name of the BackendSecurityPolicy resources this backend
	// is being attached to.
	//
	// +optional
	BackendSecurityPolicyRef *gwapiv1.LocalObjectReference `json:"backendSecurityPolicyRef,omitempty"`

	// Timeouts defines the timeouts that can be configured for an HTTP request.
	//
	// +optional
	Timeouts *gwapiv1.HTTPRouteTimeouts `json:"timeouts,omitempty"`
}

AIServiceBackendSpec details the AIServiceBackend configuration.

func (*AIServiceBackendSpec) DeepCopy 

func (in *AIServiceBackendSpec) DeepCopy() *AIServiceBackendSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AIServiceBackendSpec.

func (*AIServiceBackendSpec) DeepCopyInto 

func (in *AIServiceBackendSpec) DeepCopyInto(out *AIServiceBackendSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type APISchema 

type APISchema string

APISchema defines the API schema. 

const (
	// APISchemaOpenAI is the OpenAI schema.
	//
	// https://github.com/openai/openai-openapi
	APISchemaOpenAI APISchema = "OpenAI"
	// APISchemaAWSBedrock is the AWS Bedrock schema.
	//
	// https://docs.aws.amazon.com/bedrock/latest/APIReference/API_Operations_Amazon_Bedrock_Runtime.html
	APISchemaAWSBedrock APISchema = "AWSBedrock"
)

type AWSCredentialsFile 

type AWSCredentialsFile struct {
	// SecretRef is the reference to the credential file.
	//
	// The secret should contain the AWS credentials file keyed on "credentials".
	SecretRef *gwapiv1.SecretObjectReference `json:"secretRef"`

	// Profile is the profile to use in the credentials file.
	//
	// +kubebuilder:default=default
	Profile string `json:"profile,omitempty"`
}

AWSCredentialsFile specifies the credentials file to use for the AWS provider. Envoy reads the secret file, and the profile to use is specified by the Profile field.

func (*AWSCredentialsFile) DeepCopy 

func (in *AWSCredentialsFile) DeepCopy() *AWSCredentialsFile

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSCredentialsFile.

func (*AWSCredentialsFile) DeepCopyInto 

func (in *AWSCredentialsFile) DeepCopyInto(out *AWSCredentialsFile)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AWSOIDCExchangeToken 

type AWSOIDCExchangeToken struct {
	// OIDC is used to obtain oidc tokens via an SSO server which will be used to exchange for temporary AWS credentials.
	//
	// +kubebuilder:validation:Required
	OIDC egv1a1.OIDC `json:"oidc"`

	// GrantType is the method application gets access token.
	//
	// +optional
	GrantType string `json:"grantType,omitempty"`

	// Aud defines the audience that this ID Token is intended for.
	//
	// +optional
	Aud string `json:"aud,omitempty"`

	// AwsRoleArn is the AWS IAM Role with the permission to use specific resources in AWS account
	// which maps to the temporary AWS security credentials exchanged using the authentication token issued by OIDC provider.
	//
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:MinLength=1
	AwsRoleArn string `json:"awsRoleArn"`
}

AWSOIDCExchangeToken specifies credentials to obtain oidc token from a sso server. For AWS, the controller will query STS to obtain AWS AccessKeyId, SecretAccessKey, and SessionToken, and store them in a temporary credentials file.

func (*AWSOIDCExchangeToken) DeepCopy 

func (in *AWSOIDCExchangeToken) DeepCopy() *AWSOIDCExchangeToken

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSOIDCExchangeToken.

func (*AWSOIDCExchangeToken) DeepCopyInto 

func (in *AWSOIDCExchangeToken) DeepCopyInto(out *AWSOIDCExchangeToken)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type BackendSecurityPolicy 

type BackendSecurityPolicy struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`
	Spec              BackendSecurityPolicySpec `json:"spec,omitempty"`
}

BackendSecurityPolicy specifies configuration for authentication and authorization rules on the traffic exiting the gateway to the backend.

func (*BackendSecurityPolicy) DeepCopy 

func (in *BackendSecurityPolicy) DeepCopy() *BackendSecurityPolicy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackendSecurityPolicy.

func (*BackendSecurityPolicy) DeepCopyInto 

func (in *BackendSecurityPolicy) DeepCopyInto(out *BackendSecurityPolicy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*BackendSecurityPolicy) DeepCopyObject 

func (in *BackendSecurityPolicy) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type BackendSecurityPolicyAPIKey 

type BackendSecurityPolicyAPIKey struct {
	// SecretRef is the reference to the secret containing the API key.
	// ai-gateway must be given the permission to read this secret.
	// The key of the secret should be "apiKey".
	SecretRef *gwapiv1.SecretObjectReference `json:"secretRef"`
}

BackendSecurityPolicyAPIKey specifies the API key.

func (*BackendSecurityPolicyAPIKey) DeepCopy 

func (in *BackendSecurityPolicyAPIKey) DeepCopy() *BackendSecurityPolicyAPIKey

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackendSecurityPolicyAPIKey.

func (*BackendSecurityPolicyAPIKey) DeepCopyInto 

func (in *BackendSecurityPolicyAPIKey) DeepCopyInto(out *BackendSecurityPolicyAPIKey)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type BackendSecurityPolicyAWSCredentials 

type BackendSecurityPolicyAWSCredentials struct {
	// Region specifies the AWS region associated with the policy.
	//
	// +kubebuilder:validation:MinLength=1
	Region string `json:"region"`

	// CredentialsFile specifies the credentials file to use for the AWS provider.
	//
	// +optional
	CredentialsFile *AWSCredentialsFile `json:"credentialsFile,omitempty"`

	// OIDCExchangeToken specifies the oidc configurations used to obtain an oidc token. The oidc token will be
	// used to obtain temporary credentials to access AWS.
	//
	// +optional
	OIDCExchangeToken *AWSOIDCExchangeToken `json:"oidcExchangeToken,omitempty"`
}

BackendSecurityPolicyAWSCredentials contains the supported authentication mechanisms to access aws

func (*BackendSecurityPolicyAWSCredentials) DeepCopy 

func (in *BackendSecurityPolicyAWSCredentials) DeepCopy() *BackendSecurityPolicyAWSCredentials

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackendSecurityPolicyAWSCredentials.

func (*BackendSecurityPolicyAWSCredentials) DeepCopyInto 

func (in *BackendSecurityPolicyAWSCredentials) DeepCopyInto(out *BackendSecurityPolicyAWSCredentials)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type BackendSecurityPolicyList 

type BackendSecurityPolicyList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []BackendSecurityPolicy `json:"items"`
}

BackendSecurityPolicyList contains a list of BackendSecurityPolicy

func (*BackendSecurityPolicyList) DeepCopy 

func (in *BackendSecurityPolicyList) DeepCopy() *BackendSecurityPolicyList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackendSecurityPolicyList.

func (*BackendSecurityPolicyList) DeepCopyInto 

func (in *BackendSecurityPolicyList) DeepCopyInto(out *BackendSecurityPolicyList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*BackendSecurityPolicyList) DeepCopyObject 

func (in *BackendSecurityPolicyList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type BackendSecurityPolicySpec 

type BackendSecurityPolicySpec struct {
	// Type specifies the auth mechanism used to access the provider. Currently, only "APIKey", AND "AWSCredentials" are supported.
	//
	// +kubebuilder:validation:Enum=APIKey;AWSCredentials
	Type BackendSecurityPolicyType `json:"type"`

	// APIKey is a mechanism to access a backend(s). The API key will be injected into the Authorization header.
	//
	// +optional
	APIKey *BackendSecurityPolicyAPIKey `json:"apiKey,omitempty"`

	// AWSCredentials is a mechanism to access a backend(s). AWS specific logic will be applied.
	//
	// +optional
	AWSCredentials *BackendSecurityPolicyAWSCredentials `json:"awsCredentials,omitempty"`
}

BackendSecurityPolicySpec specifies authentication rules on access the provider from the Gateway. Only one mechanism to access a backend(s) can be specified.

Only one type of BackendSecurityPolicy can be defined. +kubebuilder:validation:MaxProperties=2

func (*BackendSecurityPolicySpec) DeepCopy 

func (in *BackendSecurityPolicySpec) DeepCopy() *BackendSecurityPolicySpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackendSecurityPolicySpec.

func (*BackendSecurityPolicySpec) DeepCopyInto 

func (in *BackendSecurityPolicySpec) DeepCopyInto(out *BackendSecurityPolicySpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type BackendSecurityPolicyType 

type BackendSecurityPolicyType string

BackendSecurityPolicyType specifies the type of auth mechanism used to access a backend. 

const (
	BackendSecurityPolicyTypeAPIKey         BackendSecurityPolicyType = "APIKey"
	BackendSecurityPolicyTypeAWSCredentials BackendSecurityPolicyType = "AWSCredentials"
)

type LLMRequestCost 

type LLMRequestCost struct {
	// MetadataKey is the key of the metadata to store this cost of the request.
	//
	// +kubebuilder:validation:Required
	MetadataKey string `json:"metadataKey"`
	// Type specifies the type of the request cost. The default is "OutputToken",
	// and it uses "output token" as the cost. The other types are "InputToken", "TotalToken",
	// and "CEL".
	//
	// +kubebuilder:validation:Enum=OutputToken;InputToken;TotalToken;CEL
	Type LLMRequestCostType `json:"type"`
	// CEL is the CEL expression to calculate the cost of the request.
	// The CEL expression must return a signed or unsigned integer. If the
	// return value is negative, it will be error.
	//
	// The expression can use the following variables:
	//
	//	* model: the model name extracted from the request content. Type: string.
	//	* backend: the backend name in the form of "name.namespace". Type: string.
	//	* input_tokens: the number of input tokens. Type: unsigned integer.
	//	* output_tokens: the number of output tokens. Type: unsigned integer.
	//	* total_tokens: the total number of tokens. Type: unsigned integer.
	//
	// For example, the following expressions are valid:
	//
	// 	* "model == 'llama' ?  input_tokens + output_token * 0.5 : total_tokens"
	//	* "backend == 'foo.default' ?  input_tokens + output_tokens : total_tokens"
	//	* "input_tokens + output_tokens + total_tokens"
	//	* "input_tokens * output_tokens"
	//
	// +optional
	CEL *string `json:"cel,omitempty"`
}

LLMRequestCost configures each request cost.

func (*LLMRequestCost) DeepCopy 

func (in *LLMRequestCost) DeepCopy() *LLMRequestCost

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LLMRequestCost.

func (*LLMRequestCost) DeepCopyInto 

func (in *LLMRequestCost) DeepCopyInto(out *LLMRequestCost)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type LLMRequestCostType 

type LLMRequestCostType string

LLMRequestCostType specifies the type of the LLMRequestCost. 

const (
	// LLMRequestCostTypeInputToken is the cost type of the input token.
	LLMRequestCostTypeInputToken LLMRequestCostType = "InputToken"
	// LLMRequestCostTypeOutputToken is the cost type of the output token.
	LLMRequestCostTypeOutputToken LLMRequestCostType = "OutputToken"
	// LLMRequestCostTypeTotalToken is the cost type of the total token.
	LLMRequestCostTypeTotalToken LLMRequestCostType = "TotalToken"
	// LLMRequestCostTypeCEL is for calculating the cost using the CEL expression.
	LLMRequestCostTypeCEL LLMRequestCostType = "CEL"
)

type VersionedAPISchema 

type VersionedAPISchema struct {
	// Name is the name of the API schema of the AIGatewayRoute or AIServiceBackend.
	//
	// +kubebuilder:validation:Enum=OpenAI;AWSBedrock
	Name APISchema `json:"name"`

	// Version is the version of the API schema.
	Version string `json:"version,omitempty"`
}

VersionedAPISchema defines the API schema of either AIGatewayRoute (the input) or AIServiceBackend (the output).

This allows the ai-gateway to understand the input and perform the necessary transformation depending on the API schema pair (input, output).

Note that this is vendor specific, and the stability of the API schema is not guaranteed by the ai-gateway, but by the vendor via proper versioning.

func (*VersionedAPISchema) DeepCopy 

func (in *VersionedAPISchema) DeepCopy() *VersionedAPISchema

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VersionedAPISchema.

func (*VersionedAPISchema) DeepCopyInto 

func (in *VersionedAPISchema) DeepCopyInto(out *VersionedAPISchema)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.