Navigation :

Ai

Package: ai.options.gloo.solo.io

Types:

Enums:

- [ApiJsonSchema](#apijsonschema)

Source File: github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/ai/ai.proto

SingleAuthToken

The authorization token that the AI gateway uses to access the LLM provider API. This token is automatically sent in a request header, depending on the LLM provider.

The AI API is supported only in Gloo Gateway (Kubernetes Gateway API). It is not supported with the Gloo Edge API.

"inline": string
"secretRef": .core.solo.io.ResourceRef
"passthrough": .ai.options.gloo.solo.io.SingleAuthToken.Passthrough
Field Type Description
inline string Provide the token directly in the configuration for the Upstream. This option is the least secure. Only use this option for quick tests such as trying out AI Gateway. Only one of inline, secretRef, or passthrough can be set.
secretRef .core.solo.io.ResourceRef Store the API key in a Kubernetes secret in the same namespace as the Upstream. Then, refer to the secret in the Upstream configuration. This option is more secure than an inline token, because the API key is encoded and you can restrict access to secrets through RBAC rules. You might use this option in proofs of concept, controlled development and staging environments, or well-controlled prod environments that use secrets. Only one of secretRef, inline, or passthrough can be set.
passthrough .ai.options.gloo.solo.io.SingleAuthToken.Passthrough Passthrough the existing token. This token can either come directly from the client, or be generated by an OIDC flow early in the request lifecycle. This option is useful for backends which have federated identity setup and can re-use the token from the client. Currently, this token must exist in the Authorization header. Only one of passthrough, inline, or secretRef can be set.

Passthrough

Configuration for passthrough of the existing token. Currently, specifying an empty object (passthrough: {}) indicates that passthrough will be used for auth.

The AI API is supported only in Gloo Gateway (Kubernetes Gateway API). It is not supported with the Gloo Edge API.
Field Type Description

UpstreamSpec

When you deploy the Gloo AI Gateway, you can use the spec.ai section of the Upstream resource to represent a backend for a logical Large Language Model (LLM) provider. This section configures the LLM provider that the AI Gateway routes requests to, and how the gateway should authenticate with the provider. Note that other Gloo AI Gateway LLM features, such as prompt guards and prompt enrichment, are configured at the route level in the spec.options.ai section of the RouteOptions resource.

To get started, see About Gloo AI Gateway. For more information about the Upstream resource, see the API reference.

The AI API is supported only in Gloo Gateway (Kubernetes Gateway API). It is not supported with the Gloo Edge API.

"openai": .ai.options.gloo.solo.io.UpstreamSpec.OpenAI
"mistral": .ai.options.gloo.solo.io.UpstreamSpec.Mistral
"anthropic": .ai.options.gloo.solo.io.UpstreamSpec.Anthropic
"azureOpenai": .ai.options.gloo.solo.io.UpstreamSpec.AzureOpenAI
"multi": .ai.options.gloo.solo.io.UpstreamSpec.MultiPool
"gemini": .ai.options.gloo.solo.io.UpstreamSpec.Gemini
"vertexAi": .ai.options.gloo.solo.io.UpstreamSpec.VertexAI
"bedrock": .ai.options.gloo.solo.io.UpstreamSpec.Bedrock
Field Type Description
openai .ai.options.gloo.solo.io.UpstreamSpec.OpenAI Configure an OpenAI backend. Only one of openai, mistral, anthropic, azureOpenai, multi, gemini, vertexAi, or bedrock can be set.
mistral .ai.options.gloo.solo.io.UpstreamSpec.Mistral Configure a Mistral AI backend. Only one of mistral, openai, anthropic, azureOpenai, multi, gemini, vertexAi, or bedrock can be set.
anthropic .ai.options.gloo.solo.io.UpstreamSpec.Anthropic Configure an Anthropic backend. Only one of anthropic, openai, mistral, azureOpenai, multi, gemini, vertexAi, or bedrock can be set.
azureOpenai .ai.options.gloo.solo.io.UpstreamSpec.AzureOpenAI Configure an Azure OpenAI backend. Only one of azureOpenai, openai, mistral, anthropic, multi, gemini, vertexAi, or bedrock can be set.
multi .ai.options.gloo.solo.io.UpstreamSpec.MultiPool Configure backends for multiple LLM providers in one logical endpoint. Only one of multi, openai, mistral, anthropic, azureOpenai, gemini, vertexAi, or bedrock can be set.
gemini .ai.options.gloo.solo.io.UpstreamSpec.Gemini Configure a Gemini backend. Only one of gemini, openai, mistral, anthropic, azureOpenai, multi, vertexAi, or bedrock can be set.
vertexAi .ai.options.gloo.solo.io.UpstreamSpec.VertexAI Configure a Vertex AI backend. Only one of vertexAi, openai, mistral, anthropic, azureOpenai, multi, gemini, or bedrock can be set.
bedrock .ai.options.gloo.solo.io.UpstreamSpec.Bedrock Configure a Bedrock backend. Only one of bedrock, openai, mistral, anthropic, azureOpenai, multi, gemini, or vertexAi can be set.

PathOverride

Override the path used to send requests to the LLM provider. For example, you might need to go through a proxy and, as such, have a different path than the default for the LLM provider.

"fullPath": string
"basePath": string
Field Type Description
fullPath string Override the complete path and query parameters(if any) for the Chat request that is sent to the LLM provider. Any query parameters in this setting are preserved and sent to the LLM provider. The query parameters in the original request will be removed when this option is used. For the OpenAI platform API passthrough feature (such as to endpoints like /v1/embeddings), this setting is ignored. Instead, use the base_path setting. Only one of fullPath or basePath can be set.
basePath string Instead of replacing the full path, prepend this base_path to the request path that is sent to the LLM provider. The OpenAI platform API passthrough feature supports customizing the base path, as such, you might use this setting if your provider is a proxy to OpenAI or otherwise supports the OpenAI API on a different path. For example, you can change the expected path of requests to the /v1/* APIs to /openai/v1/* APIs by setting the base path to /openai. Only one of basePath or fullPath can be set.

CustomHost

Send requests to a custom host and port, such as to proxy the request and customize the chat completion path, or to use a different backend that is API-compliant with the upstream version.

The AI API is supported only in Gloo Gateway (Kubernetes Gateway API). It is not supported with the Gloo Edge API.

"host": string
"port": int
"hostname": .google.protobuf.StringValue
"pathOverride": .ai.options.gloo.solo.io.UpstreamSpec.PathOverride
Field Type Description
host string Custom host or IP address to send the traffic requests to.
port int Custom port to send the traffic requests to.
hostname .google.protobuf.StringValue Optional: hostname used to set the SNI (if is secure connection) and the host request header. If hostname is not set, host will be used instead.
pathOverride .ai.options.gloo.solo.io.UpstreamSpec.PathOverride Optional: override of the request path and query parameters to the custom host.

OpenAI

Settings for the OpenAI LLM provider.

The AI API is supported only in Gloo Gateway (Kubernetes Gateway API). It is not supported with the Gloo Edge API.

"authToken": .ai.options.gloo.solo.io.SingleAuthToken
"customHost": .ai.options.gloo.solo.io.UpstreamSpec.CustomHost
"model": string
Field Type Description
authToken .ai.options.gloo.solo.io.SingleAuthToken The authorization token that the AI gateway uses to access the OpenAI API. This token is automatically sent in the Authorization header of the request and prefixed with Bearer.
customHost .ai.options.gloo.solo.io.UpstreamSpec.CustomHost Optional: Send requests to a custom host and port, such as to proxy the request, or to use a different backend that is API-compliant with the upstream version.
model string Optional: Override the model name, such as gpt-4o-mini. If unset, the model name is taken from the request. This setting can be useful when setting up model failover within the same LLM provider.

AzureOpenAI

Settings for the Azure OpenAI LLM provider. To find the values for the endpoint, deployment name, and API version, you can check the fields of an API request, such as https://{endpoint}/openai/deployments/{deployment_name}/chat/completions?api-version={api_version}.

The AI API is supported only in Gloo Gateway (Kubernetes Gateway API). It is not supported with the Gloo Edge API.

"authToken": .ai.options.gloo.solo.io.SingleAuthToken
"endpoint": string
"deploymentName": string
"apiVersion": string
Field Type Description
authToken .ai.options.gloo.solo.io.SingleAuthToken The authorization token that the AI gateway uses to access the Azure OpenAI API. This token is automatically sent in the api-key header of the request.
endpoint string The endpoint for the Azure OpenAI API to use, such as my-endpoint.openai.azure.com. If the scheme is included, it is stripped.
deploymentName string The name of the Azure OpenAI model deployment to use. For more information, see the Azure OpenAI model docs.
apiVersion string The version of the Azure OpenAI API to use. For more information, see the Azure OpenAI API version reference.

Gemini

Settings for the Gemini LLM provider. To find the values for the model and API version, you can check the fields of an API request, such as https://generativelanguage.googleapis.com/{version}/models/{model}:generateContent?key={api_key}.

The AI API is supported only in Gloo Gateway (Kubernetes Gateway API). It is not supported with the Gloo Edge API.

"authToken": .ai.options.gloo.solo.io.SingleAuthToken
"model": string
"apiVersion": string
Field Type Description
authToken .ai.options.gloo.solo.io.SingleAuthToken The authorization token that the AI gateway uses to access the Gemini API. This token is automatically sent in the x-goog-api-key header of the request.
model string The Gemini model to use. For more information, see the Gemini models docs.
apiVersion string The version of the Gemini API to use. For more information, see the Gemini API version docs.

VertexAI

Settings for the Vertex AI LLM provider. To find the values for the project ID, project location, and publisher, you can check the fields of an API request, such as https://{LOCATION}-aiplatform.googleapis.com/{VERSION}/projects/{PROJECT_ID}/locations/{LOCATION}/publishers/{PROVIDER}/<model-path>.

The AI API is supported only in Gloo Gateway (Kubernetes Gateway API). It is not supported with the Gloo Edge API.

"authToken": .ai.options.gloo.solo.io.SingleAuthToken
"model": string
"apiVersion": string
"projectId": string
"location": string
"modelPath": string
"publisher": .ai.options.gloo.solo.io.UpstreamSpec.VertexAI.Publisher
"jsonSchema": .ai.options.gloo.solo.io.ApiJsonSchema
Field Type Description
authToken .ai.options.gloo.solo.io.SingleAuthToken The authorization token that the AI gateway uses to access the Vertex AI API. This token is automatically sent in the key header of the request.
model string The Vertex AI model to use. For more information, see the Vertex AI model docs.
apiVersion string The version of the Vertex AI API to use. For more information, see the Vertex AI API reference.
projectId string The ID of the Google Cloud Project that you use for the Vertex AI.
location string The location of the Google Cloud Project that you use for the Vertex AI.
modelPath string Optional: The model path to route to. Defaults to the Gemini model path, generateContent.
publisher .ai.options.gloo.solo.io.UpstreamSpec.VertexAI.Publisher The type of publisher model to use. Currently, only Google is supported.
jsonSchema .ai.options.gloo.solo.io.ApiJsonSchema Optional: Specify the API json schema the model uses, default to GEMINI if not set.

Publisher

The type of publisher model to use. Currently, only Google is supported.

The AI API is supported only in Gloo Gateway (Kubernetes Gateway API). It is not supported with the Gloo Edge API.

Name Description
GOOGLE

Mistral

Settings for the Mistral AI LLM provider.

The AI API is supported only in Gloo Gateway (Kubernetes Gateway API). It is not supported with the Gloo Edge API.

"authToken": .ai.options.gloo.solo.io.SingleAuthToken
"customHost": .ai.options.gloo.solo.io.UpstreamSpec.CustomHost
"model": string
Field Type Description
authToken .ai.options.gloo.solo.io.SingleAuthToken The authorization token that the AI gateway uses to access the OpenAI API. This token is automatically sent in the Authorization header of the request and prefixed with Bearer.
customHost .ai.options.gloo.solo.io.UpstreamSpec.CustomHost Optional: Send requests to a custom host and port, such as to proxy the request, or to use a different backend that is API-compliant with the upstream version.
model string Optional: Override the model name. If unset, the model name is taken from the request. This setting can be useful when testing model failover scenarios.

Anthropic

Settings for the Anthropic LLM provider.

The AI API is supported only in Gloo Gateway (Kubernetes Gateway API). It is not supported with the Gloo Edge API.

"authToken": .ai.options.gloo.solo.io.SingleAuthToken
"customHost": .ai.options.gloo.solo.io.UpstreamSpec.CustomHost
"version": string
"model": string
Field Type Description
authToken .ai.options.gloo.solo.io.SingleAuthToken The authorization token that the AI gateway uses to access the Anthropic API. This token is automatically sent in the x-api-key header of the request.
customHost .ai.options.gloo.solo.io.UpstreamSpec.CustomHost Optional: Send requests to a custom host and port, such as to proxy the request, or to use a different backend that is API-compliant with the upstream version.
version string Optional: The version string used to override the anthropic-version header to pass to the Anthropic API. Note: This does not control the api version (eg /v1) in the url. For more information, see the Anthropic API versioning docs.
model string Optional: Override the model name. If unset, the model name is taken from the request. This setting can be useful when testing model failover scenarios.

Bedrock

Settings for the Bedrock LLM provider

The AI API is supported only in Gloo Gateway (Kubernetes Gateway API). It is not supported with the Gloo Edge API.

"credentialProvider": .ai.options.gloo.solo.io.UpstreamSpec.AwsCredentialProvider
"customHost": .ai.options.gloo.solo.io.UpstreamSpec.CustomHost
"model": string
"region": string
Field Type Description
credentialProvider .ai.options.gloo.solo.io.UpstreamSpec.AwsCredentialProvider The authorization config used to access authenticated AWS Bedrock services.
customHost .ai.options.gloo.solo.io.UpstreamSpec.CustomHost Optional: Send requests to a custom host and port, such as to proxy the request, or to use a different backend that is API-compliant with the upstream version. Note: For AWS Bedrock, if custom_host is set, host_rewrite will be used to override the Host header before signing the request.
model string Optional: Sets the model-id name. If unset, the model name is taken from the request.
region string Required: region string. The region is a string for the standard AWS region for the service that hosts the HTTP endpoint. The AWS_SIGV4 signing algorithm is currently used by default. For more regions, see the AWS docs https://docs.aws.amazon.com/general/latest/gr/rande.html Example: us-west-2 NOTE: Multiple regions are not currently supported.

AwsCredentialProvider

AwsCredentialProvider provider for signing the request.

The AI API is supported only in Gloo Gateway (Kubernetes Gateway API). It is not supported with the Gloo Edge API.

"secretRef": .core.solo.io.ResourceRef
"inline": .ai.options.gloo.solo.io.UpstreamSpec.AWSInline
Field Type Description
secretRef .core.solo.io.ResourceRef Store the AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and the optional AWS_SESSION_TOKEN in a Kubernetes secret in the same namespace as the Upstream. Then, refer to the secret in the Upstream configuration. Only one of secretRef or inline can be set.
inline .ai.options.gloo.solo.io.UpstreamSpec.AWSInline Uses inlined AWS credentials forAWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and the optional AWS_SESSION_TOKEN. Only one of inline or secretRef can be set.

AWSInline

Configuration to use an inline AWS credential. This is an equivalent to setting the well-known environment variables AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and the optional AWS_SESSION_TOKEN.

The AI API is supported only in Gloo Gateway (Kubernetes Gateway API). It is not supported with the Gloo Edge API.

"accessKeyId": string
"secretAccessKey": string
"sessionToken": string
Field Type Description
accessKeyId string The AWS access key ID, which identifies the user and account.
secretAccessKey string The AWS secret access key, which is used to sign the request.
sessionToken string The AWS session token. This value is required only when using temporary credentials, such as from STS or an assumed role.

MultiPool

Configure backends for multiple hosts or models from the same provider in one Upstream resource. This method can be useful for creating one logical endpoint that is backed by multiple hosts or models.

The AI API is supported only in Gloo Gateway (Kubernetes Gateway API). It is not supported with the Gloo Edge API.

In the priorities section, the order of pool entries defines the priority of the backend endpoints. The pool entries can either define a list of backends or a single backend. Note: Only two levels of nesting are permitted. Any nested entries after the second level are ignored.

multi:
  priorities:
  - pool:
    - azureOpenai:
        deploymentName: gpt-4o-mini
        apiVersion: 2024-02-15-preview
        endpoint: ai-gateway.openai.azure.com
        authToken:
          secretRef:
            name: azure-secret
            namespace: gloo-system
  - pool:
    - azureOpenai:
        deploymentName: gpt-4o-mini-2
        apiVersion: 2024-02-15-preview
        endpoint: ai-gateway-2.openai.azure.com
        authToken:
          secretRef:
            name: azure-secret-2
            namespace: gloo-system

"priorities": []ai.options.gloo.solo.io.UpstreamSpec.MultiPool.Priority
Field Type Description
priorities []ai.options.gloo.solo.io.UpstreamSpec.MultiPool.Priority The order of pool entries within this section defines the priority of the backend endpoints.

Backend

An entry represeting an LLM provider backend that the AI Gateway routes requests to.

The AI API is supported only in Gloo Gateway (Kubernetes Gateway API). It is not supported with the Gloo Edge API.

"openai": .ai.options.gloo.solo.io.UpstreamSpec.OpenAI
"mistral": .ai.options.gloo.solo.io.UpstreamSpec.Mistral
"anthropic": .ai.options.gloo.solo.io.UpstreamSpec.Anthropic
"azureOpenai": .ai.options.gloo.solo.io.UpstreamSpec.AzureOpenAI
"gemini": .ai.options.gloo.solo.io.UpstreamSpec.Gemini
"vertexAi": .ai.options.gloo.solo.io.UpstreamSpec.VertexAI
"bedrock": .ai.options.gloo.solo.io.UpstreamSpec.Bedrock
Field Type Description
openai .ai.options.gloo.solo.io.UpstreamSpec.OpenAI Configure an OpenAI backend. Only one of openai, mistral, anthropic, azureOpenai, gemini, vertexAi, or bedrock can be set.
mistral .ai.options.gloo.solo.io.UpstreamSpec.Mistral Configure a Mistral AI backend. Only one of mistral, openai, anthropic, azureOpenai, gemini, vertexAi, or bedrock can be set.
anthropic .ai.options.gloo.solo.io.UpstreamSpec.Anthropic Configure an Anthropic backend. Only one of anthropic, openai, mistral, azureOpenai, gemini, vertexAi, or bedrock can be set.
azureOpenai .ai.options.gloo.solo.io.UpstreamSpec.AzureOpenAI Configure an Azure OpenAI backend. Only one of azureOpenai, openai, mistral, anthropic, gemini, vertexAi, or bedrock can be set.
gemini .ai.options.gloo.solo.io.UpstreamSpec.Gemini Configure a Gemini backend. Only one of gemini, openai, mistral, anthropic, azureOpenai, vertexAi, or bedrock can be set.
vertexAi .ai.options.gloo.solo.io.UpstreamSpec.VertexAI Configure a Vertex AI backend. Only one of vertexAi, openai, mistral, anthropic, azureOpenai, gemini, or bedrock can be set.
bedrock .ai.options.gloo.solo.io.UpstreamSpec.Bedrock Configure a Bedrock backend. Only one of bedrock, openai, mistral, anthropic, azureOpenai, gemini, or vertexAi can be set.

Priority

The order of pool entries within this section defines the priority of the backend endpoints.

The AI API is supported only in Gloo Gateway (Kubernetes Gateway API). It is not supported with the Gloo Edge API.

"pool": []ai.options.gloo.solo.io.UpstreamSpec.MultiPool.Backend
Field Type Description
pool []ai.options.gloo.solo.io.UpstreamSpec.MultiPool.Backend A list of LLM provider backends within a single endpoint pool entry.

RouteSettings

When you deploy the Gloo AI Gateway, you can use the spec.options.ai section of the RouteOptions resource to configure the behavior of the LLM provider on the level of individual routes. These route settings, such as prompt enrichment, retrieval augmented generation (RAG), and semantic caching, are applicable only for routes that send requests to an LLM provider backend.

For more information about the RouteOptions resource, see the API reference.

The AI API is supported only in Gloo Gateway (Kubernetes Gateway API). It is not supported with the Gloo Edge API.

"promptEnrichment": .ai.options.gloo.solo.io.AIPromptEnrichment
"promptGuard": .ai.options.gloo.solo.io.AIPromptGuard
"rag": .ai.options.gloo.solo.io.RAG
"semanticCache": .ai.options.gloo.solo.io.SemanticCache
"defaults": []ai.options.gloo.solo.io.FieldDefault
"routeType": .ai.options.gloo.solo.io.RouteSettings.RouteType
Field Type Description
promptEnrichment .ai.options.gloo.solo.io.AIPromptEnrichment Enrich requests sent to the LLM provider by appending and prepending system prompts. This can be configured only for LLM providers that use the CHAT API route type.
promptGuard .ai.options.gloo.solo.io.AIPromptGuard Set up prompt guards to block unwanted requests to the LLM provider and mask sensitive data. Prompt guards can be used to reject requests based on the content of the prompt, as well as mask responses based on the content of the response.
rag .ai.options.gloo.solo.io.RAG Retrieval augmented generation (RAG) is a technique of providing relevant context by retrieving relevant data from one or more context datasets and augmenting the prompt with the retrieved information. This can be used to improve the quality of the generated text.
semanticCache .ai.options.gloo.solo.io.SemanticCache Cache previous model responses to provide faster responses to similar requests in the future. Results might vary depending on the embedding mechanism used, as well as the similarity threshold set.
defaults []ai.options.gloo.solo.io.FieldDefault Provide defaults to merge with user input fields. Defaults do not override the user input fields, unless you explicitly set override to true.
routeType .ai.options.gloo.solo.io.RouteSettings.RouteType The type of route to the LLM provider API. Currently, CHAT and CHAT_STREAMING are supported.

RouteType

The type of route to the LLM provider API.

The AI API is supported only in Gloo Gateway (Kubernetes Gateway API). It is not supported with the Gloo Edge API.

Name Description
CHAT The LLM generates the full response before responding to a client.
CHAT_STREAMING Stream responses to a client, which allows the LLM to stream out tokens as they are generated.

FieldDefault

Provide defaults to merge with user input fields. Defaults do not override the user input fields, unless you explicitly set override to true.

The AI API is supported only in Gloo Gateway (Kubernetes Gateway API). It is not supported with the Gloo Edge API.

Example overriding the system field for Anthropic:

# Anthropic doesn't support a system chat type
defaults:
- field: "system"
  value: "answer all questions in french"

Example setting the temperature and overriding max_tokens:

defaults:
- field: "temperature"
  value: 0.5
- field: "max_tokens"
  value: 100

"field": string
"value": .google.protobuf.Value
"override": bool
Field Type Description
field string The name of the field.
value .google.protobuf.Value The field default value, which can be any JSON Data Type.
override bool Whether to override the field’s value if it already exists. Defaults to false.

Postgres

Configuration settings for a Postgres datastore.

The AI API is supported only in Gloo Gateway (Kubernetes Gateway API). It is not supported with the Gloo Edge API.

"connectionString": string
"collectionName": string
Field Type Description
connectionString string Connection string to the Postgres database. For example, to use a vector database deployed to your cluster, your connection string might look similar to postgresql+psycopg://gloo:gloo@vector-db.default.svc.cluster.local:5432/gloo.
collectionName string Name of the collection table to use.

Embedding

Configuration of the API used to generate the embedding.

The AI API is supported only in Gloo Gateway (Kubernetes Gateway API). It is not supported with the Gloo Edge API.

"openai": .ai.options.gloo.solo.io.Embedding.OpenAI
"azureOpenai": .ai.options.gloo.solo.io.Embedding.AzureOpenAI
Field Type Description
openai .ai.options.gloo.solo.io.Embedding.OpenAI Embedding settings for the OpenAI provider. Only one of openai or azureOpenai can be set.
azureOpenai .ai.options.gloo.solo.io.Embedding.AzureOpenAI Embedding settings for the Azure OpenAI provider. Only one of azureOpenai or openai can be set.

OpenAI

Embedding settings for the OpenAI provider.

The AI API is supported only in Gloo Gateway (Kubernetes Gateway API). It is not supported with the Gloo Edge API.

"authToken": .ai.options.gloo.solo.io.SingleAuthToken
Field Type Description
authToken .ai.options.gloo.solo.io.SingleAuthToken The authorization token that the AI gateway uses to access the OpenAI API. This token is automatically sent in the Authorization header of the request and prefixed with Bearer.

AzureOpenAI

Embedding settings for the Azure OpenAI provider.

The AI API is supported only in Gloo Gateway (Kubernetes Gateway API). It is not supported with the Gloo Edge API.

"authToken": .ai.options.gloo.solo.io.SingleAuthToken
"apiVersion": string
"endpoint": string
"deploymentName": string
Field Type Description
authToken .ai.options.gloo.solo.io.SingleAuthToken The authorization token that the AI gateway uses to access the Azure OpenAI API. This token is automatically sent in the api-key header of the request.
apiVersion string The version of the Azure OpenAI API to use. For more information, see the Azure OpenAI API version reference.
endpoint string The endpoint for the Azure OpenAI API to use, such as my-endpoint.openai.azure.com. If the scheme is not included, it is added.
deploymentName string The name of the Azure OpenAI model deployment to use. For more information, see the Azure OpenAI model docs.

SemanticCache

Cache previous model responses to provide faster responses to similar requests in the future. Results might vary depending on the embedding mechanism used, as well as the similarity threshold set. Semantic caching reduces the number of requests to the LLM provider, improves the response time, and reduces costs.

The AI API is supported only in Gloo Gateway (Kubernetes Gateway API). It is not supported with the Gloo Edge API.

Example configuring a route to use a redis datastore and OpenAI for RAG:

semanticCache:
  datastore:
    redis:
      connectionString: redis://172.17.0.1:6379
  embedding:
    openai:
      authToken:
        secretRef:
          name: openai-secret
          namespace: gloo-system

"datastore": .ai.options.gloo.solo.io.SemanticCache.DataStore
"embedding": .ai.options.gloo.solo.io.Embedding
"ttl": int
"mode": .ai.options.gloo.solo.io.SemanticCache.Mode
"distanceThreshold": float
Field Type Description
datastore .ai.options.gloo.solo.io.SemanticCache.DataStore Data store from which to cache the request and response pairs.
embedding .ai.options.gloo.solo.io.Embedding Model to use to retrieve the embedding mechanism.
ttl int Time before data in the cache is considered expired.
mode .ai.options.gloo.solo.io.SemanticCache.Mode The caching mode to use for the request and response lifecycle. Supported values include READ_WRITE or READ_ONLY.
distanceThreshold float Distance score threshold value between 0.0 and 1.0 that determines how similar two queries must be in order to return a cached result. The lower the number, the more similar the queries must be for a cache hit. +kubebuilder:validation:Minimum=0 +kubebuilder:validation:Maximum=1.

Redis

Settings for a Redis database.

The AI API is supported only in Gloo Gateway (Kubernetes Gateway API). It is not supported with the Gloo Edge API.

"connectionString": string
"scoreThreshold": float
Field Type Description
connectionString string Connection string to the Redis database, such as redis://172.17.0.1:6379.
scoreThreshold float Similarity score threshold value between 0.0 and 1.0 that determines how similar two queries must be in order to return a cached result. The lower the number, the more similar the queries must be for a cache hit. +kubebuilder:validation:Minimum=0 +kubebuilder:validation:Maximum=1 Deprecated: Prefer setting the distance threshold in the RouteOptions.SemanticCache resource.

Weaviate

Settings for a Weaviate database.

The AI API is supported only in Gloo Gateway (Kubernetes Gateway API). It is not supported with the Gloo Edge API.

"host": string
"httpPort": int
"grpcPort": int
"insecure": bool
Field Type Description
host string Connection string to the Weaviate database. Do not include the scheme. For example, the format weaviate.my-ns.svc.cluster.local is correct. The format http://weaviate.my-ns.svc.cluster.local, which includes the scheme, is incorrect.
httpPort int HTTP port to use. If unset, defaults to 8080.
grpcPort int GRPC port to use. If unset, defaults to 50051.
insecure bool Whether to use a secure connection. Defaults to true.

DataStore

Data store from which to cache the request and response pairs.

The AI API is supported only in Gloo Gateway (Kubernetes Gateway API). It is not supported with the Gloo Edge API.

"redis": .ai.options.gloo.solo.io.SemanticCache.Redis
"weaviate": .ai.options.gloo.solo.io.SemanticCache.Weaviate
Field Type Description
redis .ai.options.gloo.solo.io.SemanticCache.Redis Settings for a Redis database. Only one of redis or weaviate can be set.
weaviate .ai.options.gloo.solo.io.SemanticCache.Weaviate Settings for a Weaviate database. Only one of weaviate or redis can be set.

Mode

The caching mode to use for the request and response lifecycle.

The AI API is supported only in Gloo Gateway (Kubernetes Gateway API). It is not supported with the Gloo Edge API.

Name Description
READ_WRITE Read and write to the cache as a part of the request and response lifecycle.
READ_ONLY Only read from the cache, and do not write to it. Data is written to the cache outside of the request and response cycle.

RAG

Retrieval augmented generation (RAG) is a technique of providing relevant context by retrieving relevant data from one or more context datasets and augmenting the prompt with the retrieved information. This can be used to improve the quality of the generated text.

The AI API is supported only in Gloo Gateway (Kubernetes Gateway API). It is not supported with the Gloo Edge API.

The same embedding mechanism that was used for the initial creation of the context datasets must be used for the prompt.

Example configuring a route to use a postgres datastore and OpenAI for RAG:

rag:
  datastore:
    postgres:
      connectionString: postgresql+psycopg://gloo:gloo@172.17.0.1:6024/gloo
      collectionName: default
  embedding:
    openai:
      authToken:
        secretRef:
          name: openai-secret
          namespace: gloo-system

For an extended example that includes deploying a vector database with a context dataset, check out the Retrieval augmented generation (RAG) tutorial.

"datastore": .ai.options.gloo.solo.io.RAG.DataStore
"embedding": .ai.options.gloo.solo.io.Embedding
"promptTemplate": string
Field Type Description
datastore .ai.options.gloo.solo.io.RAG.DataStore Data store from which to fetch the context embeddings.
embedding .ai.options.gloo.solo.io.Embedding Model to use to retrieve the context embeddings.
promptTemplate string Template to use to embed the returned context.

DataStore

The AI API is supported only in Gloo Gateway (Kubernetes Gateway API). It is not supported with the Gloo Edge API.

"postgres": .ai.options.gloo.solo.io.Postgres
Field Type Description
postgres .ai.options.gloo.solo.io.Postgres Configuration settings for a Postgres datastore.

AIPromptEnrichment

Enrich requests sent to the LLM provider by appending and prepending system prompts. This can be configured only for LLM providers that use the CHAT API type.

The AI API is supported only in Gloo Gateway (Kubernetes Gateway API). It is not supported with the Gloo Edge API.

Prompt enrichment allows you to add additional context to the prompt before sending it to the model. Unlike RAG or other dynamic context methods, prompt enrichment is static and is applied to every request.

Note: Some providers, including Anthropic, do not support SYSTEM role messages, and instead have a dedicated system field in the input JSON. In this case, use the defaults setting to set the system field.

The following example prepends a system prompt of Answer all questions in French. and appends Describe the painting as if you were a famous art critic from the 17th century. to each request that is sent to the openai HTTPRoute.

apiVersion: gateway.solo.io/v1
kind: RouteOption
metadata:
  name: openai-opt
  namespace: gloo-system
spec:
  targetRefs:
  - group: gateway.networking.k8s.io
    kind: HTTPRoute
    name: openai
  options:
    ai:
      promptEnrichment:
        prepend:
        - role: SYSTEM
          content: "Answer all questions in French."
        append:
        - role: USER
          content: "Describe the painting as if you were a famous art critic from the 17th century."

"prepend": []ai.options.gloo.solo.io.AIPromptEnrichment.Message
"append": []ai.options.gloo.solo.io.AIPromptEnrichment.Message
Field Type Description
prepend []ai.options.gloo.solo.io.AIPromptEnrichment.Message A list of messages to be prepended to the prompt sent by the client.
append []ai.options.gloo.solo.io.AIPromptEnrichment.Message A list of messages to be appended to the prompt sent by the client.

Message

An entry for a message to prepend or append to each prompt.

The AI API is supported only in Gloo Gateway (Kubernetes Gateway API). It is not supported with the Gloo Edge API.

"role": string
"content": string
Field Type Description
role string Role of the message. The available roles depend on the backend LLM provider model, such as SYSTEM or USER in the OpenAI API.
content string String content of the message.

AIPromptGuard

Set up prompt guards to block unwanted requests to the LLM provider and mask sensitive data. Prompt guards can be used to reject requests based on the content of the prompt, as well as mask responses based on the content of the response.

The AI API is supported only in Gloo Gateway (Kubernetes Gateway API). It is not supported with the Gloo Edge API.

This example rejects any request prompts that contain the string “credit card”, and masks any credit card numbers in the response.

promptGuard:
  request:
    customResponse: 
      message: "Rejected due to inappropriate content"
    regex:
      action: REJECT
      matches:
      - pattern: "credit card"
        name: "CC"
  response:
    regex:
      builtins:
      - CREDIT_CARD
      action: MASK

"request": .ai.options.gloo.solo.io.AIPromptGuard.Request
"response": .ai.options.gloo.solo.io.AIPromptGuard.Response
Field Type Description
request .ai.options.gloo.solo.io.AIPromptGuard.Request Prompt guards to apply to requests sent by the client.
response .ai.options.gloo.solo.io.AIPromptGuard.Response Prompt guards to apply to responses returned by the LLM provider.

Regex

Regular expression (regex) matching for prompt guards and data masking.

The AI API is supported only in Gloo Gateway (Kubernetes Gateway API). It is not supported with the Gloo Edge API.

"matches": []ai.options.gloo.solo.io.AIPromptGuard.Regex.RegexMatch
"builtins": []ai.options.gloo.solo.io.AIPromptGuard.Regex.BuiltIn
"action": .ai.options.gloo.solo.io.AIPromptGuard.Regex.Action
Field Type Description
matches []ai.options.gloo.solo.io.AIPromptGuard.Regex.RegexMatch A list of regex patterns to match against the request or response. Matches and built-ins are additive.
builtins []ai.options.gloo.solo.io.AIPromptGuard.Regex.BuiltIn A list of built-in regex patterns to match against the request or response. Matches and built-ins are additive.
action .ai.options.gloo.solo.io.AIPromptGuard.Regex.Action The action to take if a regex pattern is matched in a request or response. This setting applies only to request matches. Response matches are always masked by default.

RegexMatch

Regular expression (regex) matching for prompt guards and data masking.

The AI API is supported only in Gloo Gateway (Kubernetes Gateway API). It is not supported with the Gloo Edge API.

"pattern": string
"name": string
Field Type Description
pattern string The regex pattern to match against the request or response.
name string An optional name for this match, which can be used for debugging purposes.

BuiltIn

Built-in regex patterns for specific types of strings in prompts. For example, if you specify CREDIT_CARD, any credit card numbers in the request or response are matched.

The AI API is supported only in Gloo Gateway (Kubernetes Gateway API). It is not supported with the Gloo Edge API.

Name Description
SSN Default regex matching for Social Security numbers.
CREDIT_CARD Default regex matching for credit card numbers.
PHONE_NUMBER Default regex matching for phone numbers.
EMAIL Default regex matching for email addresses.

Action

The action to take if a regex pattern is matched in a request or response. This setting applies only to request matches. Response matches are always masked by default.

The AI API is supported only in Gloo Gateway (Kubernetes Gateway API). It is not supported with the Gloo Edge API.

Name Description
MASK Mask the matched data in the request.
REJECT Reject the request if the regex matches content in the request.

Webhook

Configure a webhook to forward requests or responses to for prompt guarding.

The AI API is supported only in Gloo Gateway (Kubernetes Gateway API). It is not supported with the Gloo Edge API.

"host": string
"port": int
"forwardHeaders": []ai.options.gloo.solo.io.AIPromptGuard.Webhook.HeaderMatch
Field Type Description
host string Host to send the traffic to.
port int Port to send the traffic to.
forwardHeaders []ai.options.gloo.solo.io.AIPromptGuard.Webhook.HeaderMatch Headers to forward with the request to the webhook.

HeaderMatch

Describes how to match a given string in HTTP headers. Match is case-sensitive.

The AI API is supported only in Gloo Gateway (Kubernetes Gateway API). It is not supported with the Gloo Edge API.

"key": string
"matchType": .ai.options.gloo.solo.io.AIPromptGuard.Webhook.HeaderMatch.MatchType
Field Type Description
key string The header key string to match against.
matchType .ai.options.gloo.solo.io.AIPromptGuard.Webhook.HeaderMatch.MatchType The type of match to use.

MatchType

The header string match type.

The AI API is supported only in Gloo Gateway (Kubernetes Gateway API). It is not supported with the Gloo Edge API.

Name Description
EXACT The string must match exactly the specified string.
PREFIX The string must have the specified prefix.
SUFFIX The string must have the specified suffix.
CONTAINS The header string must contain the specified string.
REGEX The string must match the specified RE2-style regular expression pattern.

Moderation

Pass prompt data through an external moderation model endpoint, which compares the request prompt input to predefined content rules. Any requests that are routed through Gloo AI Gateway pass through the moderation model that you specify. If the content is identified as harmful according to the model’s content rules, the request is automatically rejected.

You can configure an moderation endpoint either as a standalone prompt guard setting or in addition to other request and response guard settings.

The AI API is supported only in Gloo Gateway (Kubernetes Gateway API). It is not supported with the Gloo Edge API.

"openai": .ai.options.gloo.solo.io.AIPromptGuard.Moderation.OpenAI
Field Type Description
openai .ai.options.gloo.solo.io.AIPromptGuard.Moderation.OpenAI Configure an OpenAI moderation endpoint.

OpenAI

Configure an OpenAI moderation endpoint.

The AI API is supported only in Gloo Gateway (Kubernetes Gateway API). It is not supported with the Gloo Edge API.

"model": string
"authToken": .ai.options.gloo.solo.io.SingleAuthToken
Field Type Description
model string The name of the OpenAI moderation model to use. Defaults to omni-moderation-latest.
authToken .ai.options.gloo.solo.io.SingleAuthToken The authorization token that the AI gateway uses to access the OpenAI moderation model.

Request

Prompt guards to apply to requests sent by the client.

The AI API is supported only in Gloo Gateway (Kubernetes Gateway API). It is not supported with the Gloo Edge API.

"customResponse": .ai.options.gloo.solo.io.AIPromptGuard.Request.CustomResponse
"regex": .ai.options.gloo.solo.io.AIPromptGuard.Regex
"webhook": .ai.options.gloo.solo.io.AIPromptGuard.Webhook
"moderation": .ai.options.gloo.solo.io.AIPromptGuard.Moderation
Field Type Description
customResponse .ai.options.gloo.solo.io.AIPromptGuard.Request.CustomResponse A custom response message to return to the client. If not specified, defaults to “The request was rejected due to inappropriate content”.
regex .ai.options.gloo.solo.io.AIPromptGuard.Regex Regular expression (regex) matching for prompt guards and data masking.
webhook .ai.options.gloo.solo.io.AIPromptGuard.Webhook Configure a webhook to forward requests to for prompt guarding.
moderation .ai.options.gloo.solo.io.AIPromptGuard.Moderation Pass prompt data through an external moderation model endpoint, which compares the request prompt input to predefined content rules.

CustomResponse

A custom response to return to the client if request content is matched against a regex pattern and the action is REJECT.

The AI API is supported only in Gloo Gateway (Kubernetes Gateway API). It is not supported with the Gloo Edge API.

"message": string
"statusCode": int
Field Type Description
message string A custom response message to return to the client. If not specified, defaults to “The request was rejected due to inappropriate content”.
statusCode int The status code to return to the client.

Response

Prompt guards to apply to responses returned by the LLM provider.

The AI API is supported only in Gloo Gateway (Kubernetes Gateway API). It is not supported with the Gloo Edge API.

"regex": .ai.options.gloo.solo.io.AIPromptGuard.Regex
"webhook": .ai.options.gloo.solo.io.AIPromptGuard.Webhook
Field Type Description
regex .ai.options.gloo.solo.io.AIPromptGuard.Regex Regular expression (regex) matching for prompt guards and data masking.
webhook .ai.options.gloo.solo.io.AIPromptGuard.Webhook Configure a webhook to forward responses to for prompt guarding.

ApiJsonSchema

Description:

The AI API is supported only in Gloo Gateway (Kubernetes Gateway API). It is not supported with the Gloo Edge API.

Name Description
NOT_SET
ANTHROPIC
GEMINI
OPENAI