d8d66583f8
* Bump provider version * Fix inventories * Ignore certificates in inventories * Add header to cloud run recipe * Optimize file copy for example-based tests * Remove local references
Agent Gateway
The module facilitates the deployments of Agent Gateways.
- API
- Minimal Gateway deployment
- PSC-I: attach to an existing service attachment
- Connect to self-managed proxies
- Context
- Variables
- Outputs
API
In order to use this module you first need to enable the networkservices.googleapis.com API.
Minimal Gateway deployment
In order to deploy a gateway, you need to specify a name, a region and the direction it needs to apply to.
module "agent-gateway" {
source = "./fabric/modules/agent-gateway"
name = "my-gateway"
project_id = "my-project-id"
region = "europe-west1"
access_path = "CLIENT_TO_AGENT" # can be also: ingress, or egress (or AGENT_TO_ANYWHERE)
}
# tftest inventory=minimal.yaml
PSC-I: attach to an existing service attachment
If it's a egress (or AGENT_TO_ANYWHERE) agent, you can attach with a PSC interface to an existing service attachment.
module "agent-gateway" {
source = "./fabric/modules/agent-gateway"
name = "my-gateway"
project_id = "my-project-id"
region = "europe-west1"
access_path = "AGENT_TO_ANYWHERE"
networking_config = {
psc_i_network_attachment_id = "projects/my-project-id/regions/europe-west1/serviceAttachments/my-sa"
}
}
# tftest inventory=psc-i.yaml
Connect to self-managed proxies
You can connect to compatible proxies you manage, by specifying the proxy uri.
module "agent-gateway" {
source = "./fabric/modules/agent-gateway"
name = "my-gateway"
project_id = "my-project-id"
region = "europe-west1"
is_google_managed = false
proxy_uri = "my-proxy-uri"
}
# tftest inventory=proxy.yaml
Context
The module supports the contexts interpolation. For example:
module "agent-gateway" {
source = "./fabric/modules/agent-gateway"
name = "my-gateway"
project_id = "$project_ids:main"
region = "$locations:primary"
access_path = "AGENT_TO_ANYWHERE"
networking_config = {
psc_i_network_attachment_id = "$psc_network_attachments:my-sa"
}
context = {
locations = {
primary = "europe-west1"
}
project_ids = {
main = "my-prj-id"
}
psc_network_attachments = {
my-sa = "projects/my-project-id/regions/europe-west1/serviceAttachments/my-sa"
}
}
}
# tftest inventory=context.yaml
Variables
| name | description | type | required | default |
|---|---|---|---|---|
| name | The name of the Agent Gateway. | string |
✓ | |
| project_id | The ID of the project where the data stores and the agents will be created. | string |
✓ | |
| region | The region where the agent gateway is created. | string |
✓ | |
| access_path | The direction the gateway applies to: ingress (CLIENT_TO_AGENT) or egress (AGENT_TO_ANYWHERE) (if var.is_google_managed = false). | string |
null |
|
| context | Context-specific interpolations. | object({…}) |
{} |
|
| description | The description of the Agent Gateway. | string |
"Terraform managed." |
|
| is_google_managed | Whether the Agent Gateway is Google or self-managed. | bool |
true |
|
| labels | Labels to associate to the Agent Gateway. | map(string) |
null |
|
| networking_config | The Agent Gateway networking configuration. | object({…}) |
{} |
|
| protocols | The protocols managed by the Agent Gateway. | list(string) |
["MCP"] |
|
| proxy_uri | The uri of a compatible self-managed proxy (if var.is_google_managed = false). | string |
null |
|
| registries | A list of Agent Registries containing the agents, MCP servers and tools governed by the Agent Gateway. Note: Currently limited to project-scoped registries Must be of format //agentregistry.googleapis.com/{version}/projects/{{project}}/locations/{{location}}. | list(string) |
null |
Outputs
| name | description | sensitive |
|---|---|---|
| agent_gateway | The Agent Gateway object. | |
| id | The Agent Gateway id. |