Stay organized with collections
Save and categorize content based on your preferences.
Model Armor can be integrated with Google Kubernetes Engine (GKE) through
Service Extensions.
Service Extensions allow you to add custom logic to network traffic
processing paths. Traffic extensions are a specific type of service extensions
that let you integrate external services to process traffic. These extensions
can be attached to various Google Cloud services, including load balancers.
You can configure a service extension on application load balancers, including
GKE inference gateways,
to screen traffic to and from a GKE cluster. This ensures that
all interactions with the AI models are protected by Model Armor. For
more information, see Configure a traffic extension to call a Model Armor service.
How it works
You configure a service extension on a load balancer that routes traffic to
an LLM hosted in your GKE cluster. This configuration
specifies that Model Armor should be used to screen prompts and responses.
When prompts and responses reach the load balancer, the
service extension calls the Model Armor service.
Model Armor then applies security policies to the prompts and
responses, identifying and blocking any malicious or harmful content.
Only prompts and responses that pass the Model Armor checks are
allowed through to the GKE cluster or back to you.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[],[],null,["| **Preview**\n|\n|\n| This feature is subject to the \"Pre-GA Offerings Terms\" in the General Service Terms section\n| of the [Service Specific Terms](/terms/service-terms#1).\n|\n| Pre-GA features are available \"as is\" and might have limited support.\n|\n| For more information, see the\n| [launch stage descriptions](/products#product-launch-stages).\n\nModel Armor can be integrated with Google Kubernetes Engine (GKE) through\n[Service Extensions](/service-extensions/docs/integration-with-google-services).\nService Extensions allow you to add custom logic to network traffic\nprocessing paths. Traffic extensions are a specific type of service extensions\nthat let you integrate external services to process traffic. These extensions\ncan be attached to various Google Cloud services, including load balancers.\nYou can configure a service extension on application load balancers, including\n[GKE inference gateways](/kubernetes-engine/docs/concepts/about-gke-inference-gateway),\nto screen traffic to and from a GKE cluster. This ensures that\nall interactions with the AI models are protected by Model Armor. For\nmore information, see [Configure a traffic extension to call a Model Armor service](/service-extensions/docs/configure-extensions-to-google-services#configure-traffic-ma).\n\nHow it works\n\n1. You configure a service extension on a load balancer that routes traffic to an LLM hosted in your GKE cluster. This configuration specifies that Model Armor should be used to screen prompts and responses.\n2. When prompts and responses reach the load balancer, the service extension calls the Model Armor service.\n3. Model Armor then applies security policies to the prompts and responses, identifying and blocking any malicious or harmful content.\n4. Only prompts and responses that pass the Model Armor checks are allowed through to the GKE cluster or back to you."]]
