ModelConfig

Base URL for the Anthropic API (overrides default)

Maximum tokens to generate

Temperature for sampling

Top-k sampling parameter

Top-p sampling parameter

The project location

Maximum tokens to generate

The project ID

Stop sequences

Temperature

Top-k sampling parameter

Top-p sampling parameter

API version for the Azure OpenAI API

Azure AD token for authentication

Deployment name for the Azure OpenAI API

Endpoint for the Azure OpenAI API

Maximum tokens to generate

Temperature for sampling

Top-p sampling parameter

AdditionalModelRequestFields passes model-specific parameters to Bedrock's additionalModelRequestFields in the Converse API. Use this for provider-specific options that are not part of the standard InferenceConfiguration block, such as Claude extended thinking or top_k. Values are forwarded as-is to the API. Example: {"top_k": 5, "thinking": {"type": "enabled", "budget_tokens": 16000}}

CacheTTL controls how long Bedrock retains a cached prefix when PromptCaching is enabled. Only meaningful when PromptCaching is true. - "5m" (default): Bedrock's standard 5-minute sliding cache. Each cache hit refreshes the window. Supported by all prompt-caching models. - "1h": extended-TTL caching, useful for tasks whose Converse calls are spaced more than 5 minutes apart. NOTE: "1h" is NOT strictly better than "5m". Extended-TTL cache writes are billed at a higher per-token rate than 5-minute writes, and 1h is supported on a narrower set of models. Only choose "1h" when calls are spaced far enough apart that a 5-minute cache would expire between them; otherwise the higher write cost is wasted. See the AWS prompt-caching docs above.

PromptCaching enables Bedrock prompt caching by appending a CachePoint block at the end of the Converse request's `system` content array and the end of the `toolConfig.tools` array. Bedrock will cache the prefix up to and including those cache points across requests in the same region for roughly 5 minutes after first use, billing the cached portion at a reduced rate on cache hits. Recommended for tool-using agents that make many Converse calls per task with a stable system prompt and tool set — the per-call input token count can drop by 70-90% on hit. Has no effect on models that don't support caching; the marker is ignored by Bedrock for those. See https://docs.aws.amazon.com/bedrock/latest/userguide/prompt-caching.html for the current list of supported models and minimum prefix sizes.

AWS region where the Bedrock model is available (e.g., us-east-1, us-west-2)

Candidate count

The project location

Maximum output tokens

The project ID

Response mime type

Stop sequences

Temperature

Top-k sampling parameter

Top-p sampling parameter

Host for the Ollama API

Options for the Ollama API

Base URL for the OpenAI API (overrides default)

Frequency penalty

Maximum tokens to generate

N value

Organization ID for the OpenAI API

Presence penalty

Reasoning effort

Seed value

Temperature for sampling

Timeout

Top-p sampling parameter

OAuth2 token endpoint URL (e.g., https://tenant.authentication.eu10.hana.ondemand.com)

Base URL for the SAP AI Core API (e.g., https://api.ai.prod.eu-central-1.aws.ml.hana.ondemand.com)

Resource group in SAP AI Core

CACertSecretKey is the key within the Secret that contains the CA certificate data (PEM-encoded). Required when CACertSecretRef is set — admission rejects ref-without-key regardless of DisableVerify (see the TLSConfig-level XValidation rules).

CACertSecretRef is a reference to a Kubernetes Secret containing CA certificate(s) in PEM format. The Secret must be in the same namespace as the resource referencing it (ModelConfig, RemoteMCPServer, or any future consumer of TLSConfig). When set, the certificate will be used to verify the upstream's SSL certificate.

DisableSystemCAs disables the use of system CA certificates. When false (default), system CA certificates are used for verification (safe behavior). When true, only the custom CA from CACertSecretRef is trusted. This allows strict security policies where only corporate CAs should be trusted.

DisableVerify disables SSL certificate verification entirely. When false (default), SSL certificates are verified. When true, SSL certificate verification is disabled. WARNING: This should ONLY be used in development/testing environments. Production deployments MUST use proper certificates.

lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.

message is a human readable message indicating details about the transition. This may be an empty string.

observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.

reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.

status of the condition, one of True, False, Unknown.

type of condition in CamelCase or in foo.example.com/CamelCase.