Egress with agw

[npolshakova]

Draft prototype for agent-substrate#126 with agentgateway.

Goal is to start with ActorTemplate.spec.egressPolicy only and focus on workload-intent use cases. We may later want to add standalone EgressPolicy later when global, namespace, or actor-specific policy becomes necessary.

Testing

Setup

hack/install-ate-kind.sh --deploy-ate-system --router=agentgateway
hack/install-ate-kind.sh --deploy-demo-counter

Create actor:

kubectl ate create actor my-counter-egress --template ate-demo-counter/counter

Port-forward router:

kubectl port-forward -n ate-system svc/atenet-router 8000:80

With this egress policy on ActorTemplate:

apiVersion: ate.dev/v1alpha1
kind: ActorTemplate
metadata:
  name: counter
  namespace: ate-demo-counter
spec:
  containers:
  - command:
    - /ko-app/counter
    image: localhost:5001/counter-7b2c368808ac33f45c7ab87955715526@sha256:af50a1849d08a9841fc802879bd65642cfaf20fea5263f66eaa806d4398fe41a
    name: counter
  egressPolicy:
    allow:
    - name: kube-dns
      ports:
      - port: 53
        protocol: UDP
      - port: 53
        protocol: TCP
      to:
      - ipBlock:
          cidr: 10.96.0.10/32
    - name: example
      ports:
      - port: 80
        protocol: TCP
      - port: 443
        protocol: TCP
      to:
      - host: example.com
    audit:
      logs: true
    defaultAction: Deny
  pauseImage: registry.k8s.io/pause:3.10.2@sha256:f548e0e8e3dc1896ca956272154dde3314e8cc4fde0a57577ee9fa1c63f5baf4
  runsc:
    amd64:
      sha256Hash: a397be1abc2420d26bce6c70e6e2ff96c73aaaab929756c56f5e2089ea842b63
      url: gs://gvisor/releases/nightly/2026-05-19/x86_64/runsc
    arm64:
      sha256Hash: 1ba2366ae2efceba166046f51a4104f9261c9cb72c6db8f5b3fe2dc57dea86b9
      url: gs://gvisor/releases/nightly/2026-05-19/aarch64/runsc
  snapshotsConfig:
    location: gs://ate-snapshots/ate-demo-counter/
  workerPoolRef:
    name: counter
    namespace: ate-demo-counter
status:
  conditions:
  - lastTransitionTime: "2026-06-03T21:33:11Z"
    message: Actor template is ready for use
    reason: Ready
    status: "True"
    type: Ready
  goldenActorID: 61086d07-c811-4355-ac76-b01fb0b40c89
  goldenSnapshot: gs://ate-snapshots/ate-demo-counter/61086d07-c811-4355-ac76-b01fb0b40c89/2026-06-03T21:33:11Z-K4RJGWVL5YLWJQAHOYDSVNVN4J
  phase: Ready
  takeGoldenSnapshotAt: "2026-06-03T21:33:11Z"

Request to http://example.com/ or https://example.com/ will work:

❯   curl -i \
    -H "Host: my-counter-policy.actors.resources.substrate.ate.dev" \
    "http://localhost:8000/egress?url=https://example.com/"
HTTP/1.1 200 OK
date: Wed, 03 Jun 2026 21:33:25 GMT
content-length: 571
content-type: text/plain; charset=utf-8

egress url: https://example.com/
status: 200
body_prefix:
<!doctype html><html lang="en"><head><title>Example Domain</title><meta name="viewport" content="width=device-width, initial-scale=1"><style>body{background:#eee;width:60vw;margin:15vh auto;font-family:system-ui,sans-serif}h1{font-size:1.5em}div{opacity:0.8}a:link,a:visited{color:#348}</style></head><body><div><h1>Example Domain</h1><p>This domain is for use in documentation examples without needing permission. Avoid use in operations.</p><p><a href="https://iana.org/domains/example">Learn more</a></p></div

But other requests will get 502:

❯   curl -i \
    -H "Host: my-counter-policy.actors.resources.substrate.ate.dev" \
    "http://localhost:8000/egress?url=https://www.google.com/generate_204"
HTTP/1.1 502 Bad Gateway
content-type: text/plain; charset=utf-8
x-content-type-options: nosniff
date: Wed, 03 Jun 2026 21:33:59 GMT
content-length: 85

Get "https://www.google.com/generate_204": dial tcp 142.251.152.119:443: i/o timeout

The logs will show the egress policy is resolved:

❯   kubectl logs -n ate-demo-counter \
    -l ate.dev/worker-pool=counter \
    -c ateom \
    --tail=200 | grep "Resolved egress policy host"
{"time":"2026-06-03T21:33:19.586841094Z","level":"INFO","msg":"Resolved egress policy host","host":"example.com","ip":"104.20.23.154","ate.dev/trace-id":"c81ee4b3c293a397a820aaa80cfc6a2e"}
{"time":"2026-06-03T21:33:19.58686126Z","level":"INFO","msg":"Resolved egress policy host","host":"example.com","ip":"172.66.147.243","ate.dev/trace-id":"c81ee4b3c293a397a820aaa80cfc6a2e"}