Add proxy support for kagent-adk

[iplay88keys]

Description

Add global Proxy configuration to allow for defining proxies for declarative adk agents.

This proxy configuration is used for:

• Agents as tools
• Services as MCP Tools
• MCPServer resources

Each of these proxied requests includes a header with the original destination hostname: X-Host.

Notes:

• The proxy needs to be configured to route based on the X-Host header.
• Traffic from controller -> agent, agent -> controller, and agent -> LLM are not included.
• Only declarative adk agents are configured with the proxies

Usage

Global Proxy Configuration

Configure proxy URLs globally via Helm values:

proxy:
  # Proxy URL for internally-built k8s URLs
  url: "http://proxy.kagent.svc.cluster.local:8080"

Proxy setup:

• A gateway proxy
• If defining the A2A proxy, the following need to be routed through the proxy:
  • Each agent referenced as a tool
• If defining the egress proxy, the following need to be routed through the proxy:
  • Each mcp server/tool

Details

URL Rewriting & Host Header Support

• When a proxy is configured, target URLs are rewritten to use the proxy while preserving the original path
• Automatically sets the X-Host header to the original target hostname (without port) for proxy routing purposes
• Original request paths are preserved when routing through proxies
• This is important when it comes to agent cards:
  • We configure the second agent as a tool with the proxy url and host header
  • The initial request to the agent (for the agent card) goes through the proxy
  • By default, adk uses the url returned in the agent card
  • This URL will be rewritten automatically to match the proxy with the original url as a host header

[EItanya]

These changes are looking great so far, I don't have any specific comments about the code so far, but I have a couple of over arching comments about the implementation. I think the names of the different proxies are a bit confusing, agent, and egressare very generic. I think we should just have oneproxy_urlsetting and apply it to all hostnames which are internal to k8s. I specifically mention internal tok8sbecause it seems a bit odd that we would apply aproxy_urlto theRemoteMCPServer, when that resource already allows you to set a custom host of your own. The proxy is most useful when kagent` is building urls based on information internal to the system, rather than information supplied by the user. The times when we build the URLs are:

1. Agents as tools
2. Services as MCP Tools
3. MCPServer resources

Maybe we have a separate setting to apply this config to RemoteMCPServer, but in general the intended API for addressing Services is directly rather than the RemoteMCPServer.

Happy to discuss more if you have any questions

[yuval-k]

i don't think we want any visible changes in the agent card. ideally using a proxy should be internal to the agent