Guardrail Serve
The serve action deploys a guardrail function as a request/response processor on Kubernetes. A Task is created by calling run() on the Function; task parameters are passed through that call.
Overview
Guardrail functions are specialized Python handlers that process inbound requests, outbound responses, or both. They are intended for validation, filtering, enrichment, or policy enforcement around an upstream service.
Quick example
function = dh.new_function(
name="my-guardrail-function",
kind="guardrail",
code_src="guardrail.py",
handler="process",
python_version="PYTHON3_10",
processing_mode="preprocessor"
)
run = function.run(
action="serve",
replicas=1,
service_type="ClusterIP"
)
Parameters
Function Parameters
Must be specified when creating the function.
| Name | Type | Description |
|---|---|---|
| project | str | Project name. Required only when creating from the library; otherwise MUST NOT be set. |
| name | str | Name that identifies the object. Required. |
| kind | str | Function kind. Must be guardrail. Required. |
| uuid | str | Object ID in UUID4 format. |
| description | str | Description of the object. |
| labels | list[str] | List of labels. |
| embedded | bool | Whether the object should be embedded in the project. |
| code_src | str | URI pointing to the source code. |
| code | str | Source code provided as plain text. |
| base64 | str | Source code encoded as base64. |
| handler | str | Function entrypoint. |
| init_function | str | Init function name for remote execution. |
| python_version | str | Python version to use. Required. |
| lang | str | Source code language (informational). |
| image | str | Container image used to execute the function. |
| base_image | str | Base image (name:tag) used to build the execution image. |
| requirements | list | List of pip requirements to install into the execution image. |
| processing_mode | str | Guardrail processing mode. Required. |
Python Versions
The Python runtime supports versions 3.10, 3.11, 3.12, and 3.13 expressed as:
PYTHON3_10PYTHON3_11PYTHON3_12PYTHON3_13
Init Function
The init function is the entrypoint used by the Nuclio init wrapper. Specify the init function name via the init_function parameter.
Base Image
The base image is the image (name:tag) used as the foundation when building the execution image for the function.
Requirements
Requirements are a list of strings representing packages to be installed by pip in the image where the function will be executed.
Processing Mode
The processing mode determines where the guardrail is applied in the request/response lifecycle:
preprocessor: modifies or validates incoming traffic before forwarding it upstreampostprocessor: modifies or validates outgoing traffic before returning it to the clientwrapprocessor: can inspect both request and response and can short-circuit the flow when needed
Task Parameters
Can only be specified when calling function.run().
| Name | Type | Description |
|---|---|---|
| action | str | Task action. Required. Must be serve |
| volumes | list[dict] | List of volumes. |
| resources | dict | Resource limits/requests. |
| envs | list[dict] | Environment variables. |
| secrets | list[str] | List of secret names. |
| profile | str | Profile template. |
| replicas | int | Number of replicas. |
| service_type | str | Kubernetes service type. |
| service_name | str | Name assigned to the created service. |
Run Parameters
Can only be specified when calling function.run().
| Name | Type | Description |
|---|---|---|
| init_parameters | dict | Parameters supplied to the init function. |