[FEATURE | API DESIGN] Use nested structure for ModelConfig ApiKey CRDΒ #1130
Description
π Prerequisites
- I have searched the existing issues to avoid creating a duplicate
- By submitting this issue, you agree to follow our Code of Conduct
π Feature Summary
Update the CRD for ModelConfig to nest the ApiKey Secret
β Problem Statement / Motivation
We have implemented a new secret ref for ModelConfigs - TLS CA certs, which follow a nested approach modelconfig.spec.tls.(secret). Setting up a api key which also is a secret follows a different approach modelconfig.spec.(secret).
For anyone new to kagent this could be confusing and easy to forget that both follow different structure to set their secrets. We should match their definitions to avoid confusion.
π‘ Proposed Solution
Update ModelConfig CRD from:
spec:
apiKeySecret: xyz
apiKeySecretKey: xyzto
spec:
apiKey:
secretRef: xyz
secretKey: xyzThen:
- Mark existing apiKey config as
deprecated. - During translation use the new setup, falling back to old if unset.
- If the user is using old ModelConfig, log a warning.
π Alternatives Considered
No response
π― Affected Service(s)
None
π Additional Context
This would be a breaking change, but we can mark the existing CRD fields as Deprecated (with a planned removal) and log so that users know to move to new definition.
While we may want to avoid breaking changes (although technically not breaking if we deprecate it first), it's better to get this in sooner so less users are impacted as the userbase grows.
π Are you willing to contribute?
- I am willing to submit a PR for this feature