Stats
Actions
Tags
From envoy-ai-gateway-adopters
Envoy AI Gateway fundamentals — CRDs, resource hierarchy, API schemas, and provider authentication
How this skill is triggered — by the user, by Claude, or both
Slash command
/envoy-ai-gateway-adopters:aigw-fundamentalsThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Envoy AI Gateway extends Envoy Gateway to provide a unified API gateway for generative AI services. It translates between client-facing APIs (e.g., OpenAI-compatible) and backend-specific APIs (OpenAI, Anthropic, AWS Bedrock, Azure OpenAI, GCP Vertex AI, Cohere, etc.).
Envoy AI Gateway extends Envoy Gateway to provide a unified API gateway for generative AI services. It translates between client-facing APIs (e.g., OpenAI-compatible) and backend-specific APIs (OpenAI, Anthropic, AWS Bedrock, Azure OpenAI, GCP Vertex AI, Cohere, etc.).
GatewayClass (Gateway API)
-> Gateway (Gateway API)
-> AIGatewayRoute (AI Gateway CRD)
-> rules with matches + backendRefs
-> AIServiceBackend (AI Gateway CRD)
-> Backend (Envoy Gateway) or InferencePool (Gateway API extension)
| CRD | Purpose |
|---|---|
| AIGatewayRoute | Binds AI backends to a Gateway. Defines routing rules (header matches, e.g. x-ai-eg-model), backend refs, timeouts, and optional LLM cost capture. Generates HTTPRoute and HTTPRouteFilter under the hood. |
| AIServiceBackend | Describes a single AI backend: its API schema and the Envoy Gateway Backend it attaches to. backendRef must be a Backend (gateway.envoyproxy.io); it cannot reference a Kubernetes Service directly. Use a Backend with FQDN endpoints (e.g., to a K8s service DNS) for in-cluster backends. |
| BackendSecurityPolicy | Backend authentication: API key, AWS credentials, Azure credentials, GCP credentials, Anthropic API key. Attaches to AIServiceBackend or InferencePool. Only one BackendSecurityPolicy can target a given AIServiceBackend or InferencePool; multiple policies cause reconciliation failure. |
| GatewayConfig | Gateway-scoped ExtProc config (resources, env vars). Reference via annotation aigateway.envoyproxy.io/gateway-config: <name> on the Gateway. Same namespace as Gateway. |
| MCPRoute | Model Context Protocol routing for MCP tools. |
| QuotaPolicy | Rate limiting and quota management. |
gateway.networking.k8s.io/v1 with Envoy Gateway v1.6+)connection.bufferLimit (e.g., 50Mi) because default 32KiB is too small for AI requests.Supported values (from ai-gateway codebase):
matches to route by model.group: inference.networking.k8s.io, kind: InferencePool) for self-hosted models.priority in backendRefs for failover (lower number = higher priority).weight for traffic splitting across backends.| Type | Use Case |
|---|---|
| APIKey | OpenAI, generic API key in Authorization header |
| AnthropicAPIKey | Anthropic (x-api-key header) |
| AzureAPIKey | Azure OpenAI (api-key header) |
| AzureCredentials | Azure OpenAI with OAuth/client secret |
| AWSCredentials | AWS Bedrock (IRSA, Pod Identity, or credentials file) |
| GCPCredentials | GCP Vertex AI (service account or workload identity) |
my-backend-openai-apikeyx-ai-eg-model for routing.npx claudepluginhub missberg/envoy-skills --plugin envoy-ai-gateway-adoptersConfigures TrueFoundry AI Gateway for unified OpenAI-compatible LLM access, provider account integrations, content safety guardrails, and request observability (traces, costs, errors).
Provides expert guidance for Vercel AI Gateway configuration: model routing, provider failover, cost tracking, unified API for multiple AI providers like OpenAI, Anthropic, Gemini.
Configures Azure API Management as an AI Gateway to govern AI models, MCP tools, and agents with policies for semantic caching, token limits, content safety, and load balancing.