API Reference¶

Packages¶

agentic.prototype.x-k8s.io/v0alpha0

agentic.prototype.x-k8s.io/v0alpha0¶

Resource Types¶

XAccessPolicy
XBackend

AccessPolicySpec¶

AccessPolicySpec defines the desired state of AccessPolicy.

Field	Description	Default	Validation
`targetRefs` LocalPolicyTargetReferenceWithSectionName array	TargetRefs specifies the targets of the AccessPolicy. An AccessPolicy must target at least one resource.		MaxItems: 10 MinItems: 1 Required: {}
`rules` AccessRule array	Rules defines a list of rules to be applied to the target. An AccessPolicy must have at least one rule.		MaxItems: 10 MinItems: 1 Required: {}

AccessPolicyStatus¶

AccessPolicyStatus defines the observed state of AccessPolicy.

Appears in: - XAccessPolicy

Field	Description	Default	Validation
`ancestors` PolicyAncestorStatus array	Ancestors is a list of ancestor resources (usually Backend) that are associated with the policy, and the status of the policy with respect to each ancestor. This field is inherited from the Gateway API Policy status definition. For more details, see the upstream documentation: https://gateway-api.sigs.k8s.io/reference/spec/#policyancestorstatus		MaxItems: 16 Required: {}

AccessRule¶

AccessRule specifies an authorization rule for the targeted backend. If the tool list is empty, the rule denies access to all tools from Source.

Appears in: - AccessPolicySpec

Field	Description	Validation
`name` string	Name specifies the name of the rule.	MaxLength: 253 MinLength: 1 Pattern: `^[a-z0-9]([-a-z0-9][a-z0-9])?(\.[a-z0-9]([-a-z0-9][a-z0-9])?)*$` Required: {}
`source` Source	Source specifies the source of the request.	Required: {}
`authorization` AuthorizationRule	Authorization specifies the authorization rule to be applied to requests from the source.	Optional: {}

AuthorizationRule¶

Appears in: - AccessRule

Field	Description	Validation
`type` AuthorizationRuleType		Enum: [InlineTools ExternalAuth] Required: {}
`tools` string array	Tools specifies a list of tools inline.	Optional: {}
`externalAuth` HTTPExternalAuthFilter	ExternalAuth specifies an external auth filter to be used for authorization. Support: Extended	Optional: {}

AuthorizationRuleType¶

Underlying type: string

AuthorizationRuleType identifies a type of authorization rule.

Validation: - Enum: [InlineTools ExternalAuth]

Appears in: - AuthorizationRule

Field	Description
`InlineTools`	AuthorizationRuleTypeInlineTools is used to identify authorization rules declared as an inline list of authorized tools.
`ExternalAuth`	AuthorizationRuleTypeExternalAuth is used to identify authorization rules evaluated by an external auth service.

AuthorizationSourceSPIFFE¶

Underlying type: string

Validation: - Pattern: ^spiffe://[a-z0-9._-]+(?:/[A-Za-z0-9._-]+)*$

Appears in: - Source

AuthorizationSourceServiceAccount¶

Appears in: - Source

Field	Description	Default	Validation
`namespace` string	Namespace is the namespace of the ServiceAccount If not specified, current namespace (the namespace of the policy) is used.		Optional: {}
`name` string	Name is the name of the ServiceAccount.		Required: {}

AuthorizationSourceType¶

Underlying type: string

AuthorizationSourceType identifies a type of source for authorization.

Validation: - Enum: [ServiceAccount SPIFFE]

Appears in: - Source

Field	Description
`SPIFFE`	AuthorizationSourceTypeSPIFFE is used to identify a request matches a SPIFFE Identity.
`ServiceAccount`	AuthorizationSourceTypeServiceAccount is used to identify a request matches a ServiceAccount from within the cluster.

BackendSpec¶

BackendSpec defines the desired state of Backend.

Appears in: - XBackend

Field	Description	Default	Validation
`mcp` MCPBackend	MCP defines a MCP backend.		ExactlyOneOf: [serviceName hostname] Required: {}

BackendStatus¶

BackendStatus defines the observed state of Backend.

Appears in: - XBackend

Field	Description	Default	Validation
`conditions` Condition array	conditions represent the current state of the Backend resource. Each condition has a unique type and reflects the status of a specific aspect of the resource. Standard condition types include: - "Available": the resource is fully functional - "Progressing": the resource is being created or updated - "Degraded": the resource failed to reach or maintain its desired state The status of each condition is one of True, False, or Unknown.		Optional: {}

MCPBackend¶

MCPBackend describes a MCP Backend. ServiceName and Hostname cannot be defined at the same time.

Validation: - ExactlyOneOf: [serviceName hostname]

Appears in: - BackendSpec

Field	Description	Default	Validation
`serviceName` string	ServiceName defines the Kubernetes Service name of a MCP backend.		Optional: {}
`hostname` string	Hostname defines the hostname of the external MCP service to connect to.		Optional: {}
`port` integer	Port defines the port of the backend endpoint.		Maximum: 65535 Minimum: 1 Required: {}
`path` string	Path is the URL path of the MCP backend for MCP traffic. A MCP backend may serve both MCP traffic and non-MCP traffic. If not specified, the default is /mcp.	/mcp	Optional: {}

Source¶

Source specifies the source of a request.

Type must be set to indicate the type of source type. Similarly, either SPIFFE or Serviceaccount can be set based on the type.

Appears in: - AccessRule

Field	Description	Validation
`type` AuthorizationSourceType		Enum: [ServiceAccount SPIFFE] Required: {}
`spiffe` AuthorizationSourceSPIFFE	spiffe specifies an identity that is matched by this rule. spiffe identities must be specified as SPIFFE-formatted URIs following the pattern: spiffe:/// The exact workload identifier structure is implementation-specific. spiffe identities for authorization can be derived in various ways by the underlying implementation. Common methods include: - From peer mTLS certificates: The identity is extracted from the client's mTLS certificate presented during connection establishment. - From IP-to-identity mappings: The implementation might maintain a dynamic mapping between source IP addresses (pod IPs) and their associated identities (e.g., Service Account, SPIFFE IDs). - From JWTs or other request-level authentication tokens. Note for reviewers: While this GEP primarily focuses on identity-based authorization where identity is often established at the transport layer, some implementations might derive identity from authenticated tokens or sources within the request itself.	Pattern: `^spiffe://[a-z0-9._-]+(?:/[A-Za-z0-9._-]+)*$` Optional: {}
`serviceAccount` AuthorizationSourceServiceAccount	ServiceAccount specifies a Kubernetes Service Account that is matched by this rule. A request originating from a pod associated with this serviceaccount will match the rule. The ServiceAccount listed here is expected to exist within the same trust domain as the targeted workload. Cross-trust-domain access should instead be expressed using the `SPIFFE` field.	Optional: {}

XAccessPolicy¶

XAccessPolicy is the Schema for the accesspolicies API.

Field	Description	Validation
`apiVersion` string	`agentic.prototype.x-k8s.io/v0alpha0`
`kind` string	`XAccessPolicy`
`metadata` ObjectMeta	Refer to Kubernetes API documentation for fields of `metadata`.	Optional: {}
`spec` AccessPolicySpec	spec defines the desired state of AccessPolicy.	Required: {}
`status` AccessPolicyStatus	status defines the observed state of AccessPolicy.	Optional: {}

XBackend¶

XBackend is the Schema for the backends API.

Field	Description	Validation
`apiVersion` string	`agentic.prototype.x-k8s.io/v0alpha0`
`kind` string	`XBackend`
`metadata` ObjectMeta	Refer to Kubernetes API documentation for fields of `metadata`.	Optional: {}
`spec` BackendSpec	spec defines the desired state of Backend.	Required: {}
`status` BackendStatus	status defines the observed state of Backend.	Optional: {}