envoyproxy · mathetake · Jan 8, 2025 · Dec 12, 2024 · Dec 12, 2024 · Dec 10, 2024
@@ -144,3 +144,74 @@ const (
 	// This can be used to describe the routing behavior in HTTPRoute referenced by LLMRoute.
 	LLMModelHeaderKey = "x-envoy-ai-gateway-llm-model"
 )
+
+// LLMProviderType specifies the type of the LLMProviderPolicy.
+type LLMProviderType string
+
+const (
+	LLMProviderTypeAPIKey LLMProviderType = "APIKey"
+)
+
+// +kubebuilder:object:root=true
+
+// LLMProviderPolicy specifies the provider specific configuration.
+type LLMProviderPolicy struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+	Spec              LLMProviderPolicySpec `json:"spec,omitempty"`
+}
+
+// LLMProviderPolicySpec specifies a provider (e.g.AWS Bedrock, Azure etc.) specific-configuration like auth
+type LLMProviderPolicySpec struct {
+	// BackendRefs lists the LLMBackends that this provider policy will apply
+	// The namespace is "local", i.e. the same namespace as the LLMRoute.
+	//
+	BackendRefs []egv1a1.BackendRef `json:"backendRefs,omitempty"`
+
+	// Type specifies the type of the provider. Currently, only "APIKey" and "AWSBedrock" are supported.
+	//
+	// +kubebuilder:validation:Enum=APIKey;AWSBedrock
+	Type LLMProviderType `json:"type"`
+
+	// APIKey specific configuration. The API key will be injected into the Authorization header.
+	// +optional
+	APIKey *LLMProviderAPIKey `json:"apiKey,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// LLMProviderPolicyList contains a list of LLMProviderPolicy
+type LLMProviderPolicyList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []LLMProviderPolicy `json:"items"`
+}
+
+// LLMProviderAPIKey specifies the API key.
+type LLMProviderAPIKey struct {
+	// Type specifies the type of the API key. Currently, "SecretRef" and "Inline" are supported.
+	// This defaults to "SecretRef".
+	//
+	// +kubebuilder:validation:Enum=SecretRef;Inline
+	// +kubebuilder:default=SecretRef
+	Type LLMProviderAPIKeyType `json:"type"`
+
+	// SecretRef is the reference to the secret containing the API key.
+	// ai-gateway must be given the permission to read this secret.
+	// The key of the secret should be "apiKey".
+	//
+	// +optional
+	SecretRef *gwapiv1.SecretObjectReference `json:"secretRef"`
+
+	// Inline specifies the inline API key.
+	//
+	// +optional
+	Inline *string `json:"inline,omitempty"`
+
+	// BackendRefs lists the LLMBackends that this API Key will apply
+	//
+	BackendRefs []egv1a1.BackendRef `json:"backendRefs"`
+}
+
+// LLMProviderAPIKeyType specifies the type of LLMProviderAPIKey.
+type LLMProviderAPIKeyType string
@@ -8,6 +8,7 @@ import (
 func init() {
 	SchemeBuilder.Register(&LLMRoute{}, &LLMRouteList{})
 	SchemeBuilder.Register(&LLMBackend{}, &LLMBackendList{})
+	SchemeBuilder.Register(&LLMProviderPolicy{}, &LLMProviderPolicyList{})
 }
 
 const GroupName = "aigateway.envoyproxy.io"