Documentation
Agentgateway
About

About

Agentgateway is an open source, highly available, highly scalable, and enterprise-grade data plane that provides AI connectivity for agents and tools in any environment. You can use kgateway as the control plane to quickly spin up and manage the lifecycle of agentgateway proxies in Kubernetes environments. The control plane translates Kubernetes Gateway API and kgateway custom resources into proxy configuration for the agentgateway data plane.

Agentgateway supports many agent connectivity use cases, including the following:

  • Agent-to-agent (A2A)
  • Model Context Protocol (MCP)
  • REST APIs as agent-native tools
  • AI routing to cloud and local large language models (LLMs)
  • Support for the Gateway API Inference Extension project

Architecture

For more information about how kgateway integrates with agentgateway, see the Architecture topic.

For more information about agentgateway resources, see the Agentgateway docs.

Agentgateway resource configuration

Review the following table to understand how to configure agentgateway resources in kgateway.

Agentgateway resource Description Configured in kgateway by
Bind The set of port bindings that associate gateway listeners with specific network ports. The bind has a unique key in the format port/namespace/name, such as 8080/default/my-gateway with the value being the port number, such as 8080. Created automatically based on the Gateway and each unique port across Gateway listeners or ListenerSets.
Port The port to listen on. Each port has a set of listeners that in turn have their own routes with policies and backends. Ports in a Gateway or ListenerSet.
Listener Listener configuration for how agentgateway accepts and processes incoming requests.
  • Unique key for the listener
  • Name that maps to the section name from the Gateway listener
  • Bind key of the bind that the listener is part of
  • Gateway name
  • Hostname that the listener accepts traffic for
  • Protocol (HTTP, HTTPS, TCP, TLS)
  • TLS configuration details such as certificates and termination modes
Listeners can each have their own set of routes with policies and backends.		 Listeners in a Gateway or ListenerSet.
Route Routing rules for how agentgateway routes incoming requests to the appropriate backend.
  • Unique key in the format: namespace.name.rule.match
  • Route name in the format: namespace/name
  • Listener key of the listener that the route is part of
  • Rule name from the source route
  • Traffic matching criteria (path, headers, method, query params) that are derived from the Gateway API routing resources
  • Filters that transform request and responses, such as header modification, redirects, rewrites, mirroring, and other policies
  • Target backend services with load balancing and health checking
  • Hostnames that the route serves traffic for
 Routing resources such as HTTPRoute, GRPCRoute, TCPRoute, and TLSRoute.
Backend The backing destination where traffic is routed. Unlike other resources, backends are global resources (not per-gateway) that are applied to all Gateways that use agentgateway. Each backend has a unique name in the format: namespace/name. Backend types include AI for model-specific LLM provider configuration, static host or IP addresses, and virtual MCP servers, including A2A use cases. Services and Backends.
Target The details of the backend, such as the tools in an MCP backend. Services and Backends.
Policies Policies for how agentgateway processes incoming requests.
  • Request Header Modifier: Add, set, or remove HTTP request headers.
  • Response Header Modifier: Add, set, or remove HTTP response headers.
  • Request Redirect: Redirect incoming requests to a different scheme, authority, path, or status code.
  • URL Rewrite: Rewrite the authority or path of requests before forwarding.
  • Request Mirror: Mirror a percentage of requests to an additional backend for testing or analysis.
  • CORS: Configure Cross-Origin Resource Sharing (CORS) settings for allowed origins, headers, methods, and credentials.
  • A2A: Enable agent-to-agent (A2A) communication features.
  • Backend Auth: Set up authentication for backend services such as passthrough, key, GCP, AWS, and so on.
  • Timeout: Set request and backend timeouts.
  • Retry: Configure retry attempts, backoff, and which response codes should trigger retries.
 Policies in HTTPRoutes and Backends.

Feature enablement

To use agentgateway features, you must enable the agentgateway feature in kgateway. Additionally, to route to AI providers, enable the AI Gateway feature alongside AI gateway.

Example command:

helm upgrade -i -n kgateway-system kgateway oci://cr.kgateway.dev/kgateway-dev/charts/kgateway \
     --set gateway.aiExtension.enabled=true \
     --set agentGateway.enabled=true \
     --version v$NEW_VERSION
Routes