ModelConfig v1alpha2

apiVersion string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata object

spec object

ModelConfigSpec defines the desired state of ModelConfig.

anthropic object

Anthropic-specific configuration

baseUrl string

Base URL for the Anthropic API (overrides default)

maxTokens integer

Maximum tokens to generate

temperature string

Temperature for sampling

topK integer

Top-k sampling parameter

topP string

Top-p sampling parameter

anthropicVertexAI object

Anthropic-specific configuration

location string required

The project location

maxTokens integer

Maximum tokens to generate

projectID string required

The project ID

stopSequences []string

Stop sequences

temperature string

Temperature

topK string

Top-k sampling parameter

topP string

Top-p sampling parameter

apiKeyPassthrough boolean

APIKeyPassthrough enables forwarding the Bearer token from incoming A2A requests directly to the LLM provider as the API key. This is useful for organizations with federated identity that want to avoid separate secret management. Mutually exclusive with apiKeySecret.

apiKeySecret string

The name of the secret that contains the API key. Must be a reference to the name of a secret in the same namespace as the referencing ModelConfig

apiKeySecretKey string

The key in the secret that contains the API key

azureOpenAI object

Azure OpenAI-specific configuration

apiVersion string required

API version for the Azure OpenAI API

azureAdToken string

Azure AD token for authentication

azureDeployment string

Deployment name for the Azure OpenAI API

azureEndpoint string required

Endpoint for the Azure OpenAI API

maxTokens integer

Maximum tokens to generate

temperature string

Temperature for sampling

topP string

Top-p sampling parameter

bedrock object

AWS Bedrock-specific configuration

region string required

AWS region where the Bedrock model is available (e.g., us-east-1, us-west-2)

defaultHeaders object

gemini object

Gemini-specific configuration

geminiVertexAI object

Gemini Vertex AI-specific configuration

candidateCount integer

Candidate count

location string required

The project location

maxOutputTokens integer

Maximum output tokens

projectID string required

The project ID

responseMimeType string

Response mime type

stopSequences []string

Stop sequences

temperature string

Temperature

topK string

Top-k sampling parameter

topP string

Top-p sampling parameter

model string required

ollama object

Ollama-specific configuration

host string

Host for the Ollama API

options object

Options for the Ollama API

openAI object

OpenAI-specific configuration

baseUrl string

Base URL for the OpenAI API (overrides default)

frequencyPenalty string

Frequency penalty

maxTokens integer

Maximum tokens to generate

n integer

N value

organization string

Organization ID for the OpenAI API

presencePenalty string

Presence penalty

reasoningEffort string

Reasoning effort

enum: minimal, low, medium, high

seed integer

Seed value

temperature string

Temperature for sampling

timeout integer

Timeout

topP string

Top-p sampling parameter

provider string required

The provider of the model

enum: Anthropic, OpenAI, AzureOpenAI, Ollama, Gemini, GeminiVertexAI, AnthropicVertexAI, Bedrock

tls object

TLS configuration for provider connections. Enables agents to connect to internal LiteLLM gateways or other providers that use self-signed certificates or custom certificate authorities.

caCertSecretKey string

CACertSecretKey is the key within the Secret that contains the CA certificate data. This field follows the same pattern as APIKeySecretKey. Required when CACertSecretRef is set (unless DisableVerify is true).

caCertSecretRef string

CACertSecretRef is a reference to a Kubernetes Secret containing CA certificate(s) in PEM format. The Secret must be in the same namespace as the ModelConfig. When set, the certificate will be used to verify the provider's SSL certificate. This field follows the same pattern as APIKeySecret.

disableSystemCAs boolean

DisableSystemCAs disables the use of system CA certificates. When false (default), system CA certificates are used for verification (safe behavior). When true, only the custom CA from CACertSecretRef is trusted. This allows strict security policies where only corporate CAs should be trusted.

disableVerify boolean

DisableVerify disables SSL certificate verification entirely. When false (default), SSL certificates are verified. When true, SSL certificate verification is disabled. WARNING: This should ONLY be used in development/testing environments. Production deployments MUST use proper certificates.

status object

ModelConfigStatus defines the observed state of ModelConfig.

conditions []object required

lastTransitionTime string required

lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.

format: date-time

message string required

message is a human readable message indicating details about the transition. This may be an empty string.

maxLength: 32768

observedGeneration integer

observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.

format: int64

minimum: 0

reason string required

reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.

pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$

minLength: 1

maxLength: 1024

status string required

status of the condition, one of True, False, Unknown.

enum: True, False, Unknown

type string required

type of condition in CamelCase or in foo.example.com/CamelCase.

pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$

maxLength: 316

observedGeneration integer required

format: int64

secretHash string

The secret hash stores a hash of any secrets required by the model config (i.e. api key, tls cert) to ensure agents referencing this model config detect changes to these secrets and restart if necessary.