Provider CRD
The Provider custom resource defines a reusable LLM provider configuration that can be referenced by multiple AgentRuntimes. This enables centralized credential management and consistent model configuration across agents.
API Version
Section titled “API Version”apiVersion: omnia.altairalabs.ai/v1alpha1kind: ProviderSpec Fields
Section titled “Spec Fields”The LLM provider type.
| Value | Description |
|---|---|
claude | Anthropic’s Claude models |
openai | OpenAI’s GPT models |
gemini | Google’s Gemini models |
auto | Auto-detect based on available credentials |
spec: type: claudeThe model identifier to use. If not specified, the provider’s default model is used.
| Provider | Example Models |
|---|---|
| Claude | claude-sonnet-4-20250514, claude-opus-4-20250514 |
| OpenAI | gpt-4o, gpt-4-turbo, gpt-3.5-turbo |
| Gemini | gemini-pro, gemini-1.5-pro |
spec: type: claude model: claude-sonnet-4-20250514secretRef
Section titled “secretRef”Reference to a Secret containing API credentials.
| Field | Type | Required | Description |
|---|---|---|---|
secretRef.name | string | Yes | Name of the Secret |
secretRef.key | string | No | Specific key to use (auto-detected if omitted) |
spec: secretRef: name: llm-credentialsIf key is not specified, the controller looks for provider-appropriate keys:
- Claude:
ANTHROPIC_API_KEYorapi-key - OpenAI:
OPENAI_API_KEYorapi-key - Gemini:
GEMINI_API_KEYorapi-key
baseURL
Section titled “baseURL”Override the provider’s default API endpoint. Useful for proxies, Azure OpenAI, or self-hosted models.
spec: type: openai baseURL: https://my-openai-proxy.internal/v1defaults
Section titled “defaults”Tuning parameters applied to all requests using this provider.
| Field | Type | Range | Description |
|---|---|---|---|
temperature | string | 0.0-2.0 | Controls randomness (lower = more focused) |
topP | string | 0.0-1.0 | Nucleus sampling threshold |
maxTokens | integer | - | Maximum tokens in response |
spec: defaults: temperature: "0.7" topP: "0.9" maxTokens: 4096pricing
Section titled “pricing”Custom pricing for cost tracking. If not specified, PromptKit’s built-in pricing is used.
| Field | Type | Description |
|---|---|---|
inputCostPer1K | string | Cost per 1000 input tokens |
outputCostPer1K | string | Cost per 1000 output tokens |
cachedCostPer1K | string | Cost per 1000 cached tokens |
spec: pricing: inputCostPer1K: "0.003" outputCostPer1K: "0.015" cachedCostPer1K: "0.0003"validateCredentials
Section titled “validateCredentials”When enabled, the controller validates credentials with the provider during reconciliation.
spec: validateCredentials: trueStatus Fields
Section titled “Status Fields”| Value | Description |
|---|---|
Ready | Provider is configured and credentials are valid |
Error | Configuration error or invalid credentials |
conditions
Section titled “conditions”| Type | Description |
|---|---|
Ready | Overall readiness of the Provider |
SecretValid | Referenced Secret exists and contains required key |
CredentialsValidated | Credentials validated with provider (if enabled) |
lastValidatedAt
Section titled “lastValidatedAt”Timestamp of the last successful credential validation (only set when validateCredentials: true).
Complete Example
Section titled “Complete Example”apiVersion: v1kind: Secretmetadata: name: anthropic-credentials namespace: agentsstringData: ANTHROPIC_API_KEY: "sk-ant-api03-..."---apiVersion: omnia.altairalabs.ai/v1alpha1kind: Providermetadata: name: claude-production namespace: agentsspec: type: claude model: claude-sonnet-4-20250514
secretRef: name: anthropic-credentials
defaults: temperature: "0.7" maxTokens: 4096
pricing: inputCostPer1K: "0.003" outputCostPer1K: "0.015"
validateCredentials: trueUsing Provider in AgentRuntime
Section titled “Using Provider in AgentRuntime”Reference a Provider from an AgentRuntime using providerRef:
apiVersion: omnia.altairalabs.ai/v1alpha1kind: AgentRuntimemetadata: name: my-agentspec: promptPackRef: name: my-prompts
providerRef: name: claude-production namespace: agents # Optional, defaults to same namespace
facade: type: websocket port: 8080Multiple Providers
Section titled “Multiple Providers”You can create multiple Provider resources for different use cases:
# Production provider with Claude SonnetapiVersion: omnia.altairalabs.ai/v1alpha1kind: Providermetadata: name: claude-productionspec: type: claude model: claude-sonnet-4-20250514 secretRef: name: prod-credentials defaults: temperature: "0.3" # More deterministic---apiVersion: omnia.altairalabs.ai/v1alpha1kind: Providermetadata: name: claude-developmentspec: type: claude model: claude-haiku-20250514 secretRef: name: dev-credentials defaults: temperature: "0.7"Cross-Namespace References
Section titled “Cross-Namespace References”Providers can be referenced across namespaces:
apiVersion: omnia.altairalabs.ai/v1alpha1kind: AgentRuntimemetadata: name: my-agent namespace: app-teamspec: providerRef: name: shared-claude-provider namespace: shared-providers # Provider in different namespaceNote: Ensure appropriate RBAC permissions are configured for cross-namespace access.