Skip to content

[Feat] Translate BackendConfigPolicy TLS certs for AgentGateway #12633

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 21 commits into
base: main
Choose a base branch
from
Open

[Feat] Translate BackendConfigPolicy TLS certs for AgentGateway #12633

wants to merge 21 commits into from
+1,330 −37

Conversation

@inFocus7
Copy link
Contributor

@inFocus7 inFocus7 commented Oct 15, 2025
edited
Loading

Question: When unsupported fields are set, do we still want to translate the valid portions? Or not? (PR does the former). If the former, would we want to mark the status as Accepted? Or not accepted? (PR does latter - confusing, but if marked as accepted, it may be easy to miss the message)

Resolved merge conflict + stats updates & ran locally. It worked, but I noticed the following behavior:
When I delete a BackendConfigPolicy resource, I get the following error logs. They are not breaking, as far as I could tell, but could be confusing. I'm not sure if a similar behavior occurs with other resources we run through the status syncer.

{"time":"2025-10-24T14:03:22.92939934Z","level":"info","msg":"push debounce stable","component":"krtxds","id":11,"debouncedEvents":1,"lastChange":"100.207917ms","lastPush":"100.207833ms","cause":"policy/kgateway-system/egress-client-cert-attachment:backendtls:kgateway-system/vllm-backend/backend"}
{"time":"2025-10-24T14:03:22.929438632Z","level":"info","msg":"XDS: Pushing","component":"krtxds","clients":1,"version":"2025-10-24T14:03:22Z/11"}
{"time":"2025-10-24T14:03:22.929522632Z","level":"info","msg":"push response","component":"krtxds","type":"type.googleapis.com/agentgateway.dev.resource.Resource","reason":"","node":"agentgateway~1.1.1.1~egress-gateway-84c58bbbdf-nhk4p.kgateway-system~kgateway-system.svc.cluster.local","resources":1,"removed":0,"size":"3.4kB"}
{"time":"2025-10-24T14:03:46.535732462Z","level":"error","msg":"error updating status","component":"agentgateway/syncer","kind":"backendConfigPolicy","resource":"kgateway-system/egress-client-cert-attachment","error":"backendconfigpolicies.gateway.kgateway.dev \"egress-client-cert-attachment\" not found"}
{"time":"2025-10-24T14:03:46.636221712Z","level":"info","msg":"push debounce stable","component":"krtxds","id":12,"debouncedEvents":1,"lastChange":"101.839125ms","lastPush":"101.839042ms","cause":"policy/kgateway-system/egress-client-cert-attachment:backendtls:kgateway-system/vllm-backend/backend"}
{"time":"2025-10-24T14:03:46.636303587Z","level":"info","msg":"XDS: Pushing","component":"krtxds","clients":1,"version":"2025-10-24T14:03:46Z/12"}
{"time":"2025-10-24T14:03:46.636421754Z","level":"info","msg":"push response","component":"krtxds","type":"type.googleapis.com/agentgateway.dev.resource.Resource","reason":"","node":"agentgateway~1.1.1.1~egress-gateway-84c58bbbdf-nhk4p.kgateway-system~kgateway-system.svc.cluster.local","resources":0,"removed":1,"size":"0B"}
{"time":"2025-10-24T14:03:46.730916754Z","level":"error","msg":"error updating status","component":"agentgateway/syncer","kind":"backendConfigPolicy","resource":"kgateway-system/egress-client-cert-attachment","error":"backendconfigpolicies.gateway.kgateway.dev \"egress-client-cert-attachment\" not found"}
{"time":"2025-10-24T14:03:47.00943867Z","level":"error","msg":"error updating status","component":"agentgateway/syncer","kind":"backendConfigPolicy","resource":"kgateway-system/egress-client-cert-attachment","error":"backendconfigpolicies.gateway.kgateway.dev \"egress-client-cert-attachment\" not found"}
{"time":"2025-10-24T14:03:47.491224379Z","level":"error","msg":"error updating status","component":"agentgateway/syncer","kind":"backendConfigPolicy","resource":"kgateway-system/egress-client-cert-attachment","error":"backendconfigpolicies.gateway.kgateway.dev \"egress-client-cert-attachment\" not found"}
{"time":"2025-10-24T14:03:48.354486171Z","level":"error","msg":"error updating status","component":"agentgateway/syncer","kind":"backendConfigPolicy","resource":"kgateway-system/egress-client-cert-attachment","error":"backendconfigpolicies.gateway.kgateway.dev \"egress-client-cert-attachment\" not found"}
{"time":"2025-10-24T14:03:48.354531879Z","level":"error","msg":"failed to sync status after retries","component":"agentgateway/syncer","kind":"backendConfigPolicy","resource":"kgateway-system/egress-client-cert-attachment","error":"All attempts fail:\n#1: backendconfigpolicies.gateway.kgateway.dev \"egress-client-cert-attachment\" not found\n#2: backendconfigpolicies.gateway.kgateway.dev \"egress-client-cert-attachment\" not found\n#3: backendconfigpolicies.gateway.kgateway.dev \"egress-client-cert-attachment\" not found\n#4: backendconfigpolicies.gateway.kgateway.dev \"egress-client-cert-attachment\" not found\n#5: backendconfigpolicies.gateway.kgateway.dev \"egress-client-cert-attachment\" not found","policy":"kgateway-system/egress-client-cert-attachment"}

Description

This adds partial translation support for BackendConfigPolicy in the agentgateway plugin.

  • Adds WithSectionName to BackendConfigPolicy to fall in line with BackendTLSPolicy logic.
    • NOT a breaking change, as it wraps original fields and adds optional sectionName.
    • Note: can remove if we have concern over its usage through normal kgateway proxy.
  • Adds BackendConfigPolicy translation as its own plugin.
    • explicitly sets insecure: true to disable mtls. from local testing, when it was not set, i got invalid peer certificate: UnknownIssuer.
    • sets up status reporting similar to traffic_policy
  • Adds tests for existing BackendTLSPolicy and BackendConfigPolicy translation

Note: partial support because the BackendConfigPolicy has additional configuration whose translation isn't set here. We are only translating the TLS portion for now.

Examples

fully valid

apiVersion: gateway.kgateway.dev/v1alpha1
kind: BackendConfigPolicy
metadata:
  name: egress-client-cert-attachment
  namespace: kgateway-system
spec:
  targetRefs:
  - group: gateway.kgateway.dev
    kind: Backend
    name: vllm-backend
  tls:
    secretRef:
      name: egress-client-cert
    sni: internal-llm.ai
status:
  ancestors:
  - ancestorRef:
      group: gateway.kgateway.dev
      kind: Backend
      name: vllm-backend
      namespace: kgateway-system
    conditions:
    - lastTransitionTime: "2025-10-21T16:54:09Z"
      message: Policy accepted
      reason: Valid
      status: "True"
      type: Accepted
    - lastTransitionTime: "2025-10-21T16:54:09Z"
      message: Attached to all targets
      reason: Attached
      status: "True"
      type: Attached
    controllerName: kgateway.dev/agentgateway

invalid (bad targetRef)

apiVersion: gateway.kgateway.dev/v1alpha1
kind: BackendConfigPolicy
metadata:
  name: egress-client-cert-attachment
  namespace: kgateway-system
spec:
  targetRefs:
  - group: gateway.kgateway.dev
    kind: Backend
    name: vllm-backend-2
  tls:
    secretRef:
      name: egress-client-cert
    sni: internal-llm.ai
status:
  ancestors:
  - ancestorRef:
      group: gateway.kgateway.dev
      kind: Backend
      name: vllm-backend-2
      namespace: kgateway-system
    conditions:
    - lastTransitionTime: "2025-10-21T16:54:54Z"
      message: Backend vllm-backend-2 not found
      reason: Invalid
      status: "False"
      type: Accepted
    controllerName: kgateway.dev/agentgateway

partially valid - single bad targetRef

apiVersion: gateway.kgateway.dev/v1alpha1
kind: BackendConfigPolicy
metadata:
  name: egress-client-cert-attachment
  namespace: kgateway-system
spec:
  targetRefs:
  - group: gateway.kgateway.dev
    kind: Backend
    name: vllm-backend
  - group: gateway.kgateway.dev
    kind: Backend
    name: vllm-backend-2
  tls:
    secretRef:
      name: egress-client-cert
    sni: internal-llm.ai
status:
  ancestors:
  - ancestorRef:
      group: gateway.kgateway.dev
      kind: Backend
      name: vllm-backend-2
      namespace: kgateway-system
    conditions:
    - lastTransitionTime: "2025-10-21T16:55:13Z"
      message: Backend vllm-backend-2 not found
      reason: Invalid
      status: "False"
      type: Accepted
    controllerName: kgateway.dev/agentgateway
  - ancestorRef:
      group: gateway.kgateway.dev
      kind: Backend
      name: vllm-backend
      namespace: kgateway-system
    conditions:
    - lastTransitionTime: "2025-10-21T16:55:13Z"
      message: Policy accepted
      reason: Valid
      status: "True"
      type: Accepted
    - lastTransitionTime: "2025-10-21T16:55:13Z"
      message: Attached to all targets
      reason: Attached
      status: "True"
      type: Attached
    controllerName: kgateway.dev/agentgateway

partially valid - using parameter we currently do not translate

apiVersion: gateway.kgateway.dev/v1alpha1
kind: BackendConfigPolicy
metadata:
  name: egress-client-cert-attachment
  namespace: kgateway-system
spec:
  targetRefs:
  - group: gateway.kgateway.dev
    kind: Backend
    name: vllm-backend
  tls:
    secretRef:
      name: egress-client-cert
    simpleTLS: true
    sni: internal-llm.ai
status:
  ancestors:
  - ancestorRef:
      group: gateway.kgateway.dev
      kind: Backend
      name: vllm-backend
      namespace: kgateway-system
    conditions:
    - lastTransitionTime: "2025-10-21T16:55:28Z"
      message: 'unsupported fields: TLS.SimpleTLS'
      reason: Invalid
      status: "False"
      type: Accepted
    - lastTransitionTime: "2025-10-21T16:55:28Z"
      message: Attached to all targets
      reason: Attached
      status: "True"
      type: Attached
    controllerName: kgateway.dev/agentgateway

Limitations

TargetSelectors

TargetSelector support. Currently, this is only translating TargetRefs, this way there is a 1:1 match with BackendTLSPolicy selection. This allows us to easily merge the selections as-needed.

todo: look if it'd be easy to set this up now that tls & config aren't being merged

Non-TLS Cert Fields

These changes are solely focused on adding support for TLS client certs through the agentgateway proxy. There are still a number of other fields part of the BackendConfigPolicy that need translated for full BCP support.

There is a status message for usage of unsupported fields.

Change Type

/kind new_feature

Changelog

Add support for translating `BackendConfigPolicy`'s TLS certificate configuration for agentgateway

Additional Notes

demo-bcp.mp4

@github-actions github-actions bot added kind/feature Categorizes issue or PR as related to a new feature. release-note labels Oct 15, 2025
@inFocus7 inFocus7 marked this pull request as ready for review October 15, 2025 20:24
Copilot AI review requested due to automatic review settings October 15, 2025 20:24
Copilot AI reviewed Oct 15, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds support for translating BackendConfigPolicy in the agentgateway plugin by merging it with existing BackendTLSPolicy functionality. This allows both policies to be processed together into a single AgentGateway BackendTLS policy that handles both TLS origination and validation.

  • Adds BackendConfigPolicy translation and processing in the agentgateway plugin
  • Implements merging logic for TLS and Config policies targeting the same backend
  • Adds WithSectionName support to BackendConfigPolicy to match BackendTLSPolicy behavior

Reviewed Changes

Copilot reviewed 9 out of 10 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
pkg/agentgateway/plugins/collection.go Adds BackendConfigPolicy collection registration and synchronization
pkg/agentgateway/plugins/backend_tls_plugin.go Implements BackendConfigPolicy translation and merging with BackendTLSPolicy
pkg/agentgateway/plugins/backend_tls_plugin_test.go Comprehensive test coverage for policy translation and merging
api/v1alpha1/backend_config_policy_types.go Updates BackendConfigPolicy to use target refs with section names
install/helm/kgateway-crds/templates/gateway.kgateway.dev_backendconfigpolicies.yaml Adds sectionName field to CRD schema
api/v1alpha1/zz_generated.deepcopy.go Updates generated code for new target reference types
api/applyconfiguration/api/v1alpha1/backendconfigpolicyspec.go Updates apply configuration for new types
internal/kgateway/extensions2/plugins/backendconfigpolicy/plugin.go Updates to use target refs with section names

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

pkg/agentgateway/plugins/backend_tls_plugin.go Outdated
Comment on lines 366 to 383
if bcfg.Spec.TLS.Files != nil {
// For file-based TLS, we need to read the files from the filesystem
if bcfg.Spec.TLS.Files.TLSCertificate != nil && *bcfg.Spec.TLS.Files.TLSCertificate != "" {
certData, err := os.ReadFile(*bcfg.Spec.TLS.Files.TLSCertificate)
if err != nil {
return nil, fmt.Errorf("error reading TLS certificate file %s: %w", *bcfg.Spec.TLS.Files.TLSCertificate, err)
}
cert = wrapperspb.Bytes(certData)
}

if bcfg.Spec.TLS.Files.TLSKey != nil && *bcfg.Spec.TLS.Files.TLSKey != "" {
keyData, err := os.ReadFile(*bcfg.Spec.TLS.Files.TLSKey)
if err != nil {
return nil, fmt.Errorf("error reading TLS key file %s: %w", *bcfg.Spec.TLS.Files.TLSKey, err)
}
key = wrapperspb.Bytes(keyData)
}
}
Copy link

Copilot AI Oct 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reading arbitrary files from the filesystem using os.ReadFile() without path validation poses a security risk. Consider implementing path validation or restricting file access to specific directories to prevent directory traversal attacks.

Copilot uses AI. Check for mistakes.
@inFocus7
remove TODOs
21ac165 
Signed-off-by: Fabian Gonzalez <[email protected]>
@inFocus7
Copy link
Contributor Author

inFocus7 commented Oct 16, 2025

The code gen check fails, although I ran generated-code and `generate-all. I forget which is the more encompassing one that does all generation. Not sure which other target I should run 🤔

@jmcguire98
Copy link
Contributor

jmcguire98 commented Oct 16, 2025
edited
Loading

The code gen check fails, although I ran generated-code and `generate-all. I forget which is the more encompassing one that does all generation. Not sure which other target I should run 🤔

I think running

make generated-code

should cover at least some of the diff here so not sure why that's not working, but I think

make go-generate-apis

should work here as well

@inFocus7 inFocus7 changed the title [Feat] Support BackendConfigPolicy Translation in AgentGateway Plugin [Feat] Translate BackendConfigPolicy TLS certs for AgentGateway Oct 21, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

kind/feature Categorizes issue or PR as related to a new feature. release-note

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@inFocus7 @jmcguire98