Interceptor Containers
Introduction
DIAL uses interceptors as a middleware that modifies incoming or outgoing requests to/from apps and AI models according to a specific logic enabling PII obfuscation, guardrails, safety checks, and beyond.
Refer to Interceptors to learn more.
Ways of adding interceptors in DIAL
Use Interceptors SDK to create custom interceptors.
- Use endpoints of your custom interceptors to add interceptors directly using the External Endpoint source type.
- Define and configure Interceptor Templates and use them as a source type to create interceptors.
- You can also deploy custom interceptors using Docker Images, create containers, which you can use as a source type to create interceptors.
Main Screen
In Interceptor Containers, you can manage containers for interceptors within the DIAL system. You can create new containers based on Internal Interceptor images or External Docker Image Reference, start and stop running containers as needed, edit configuration settings, and view logs and events for troubleshooting.
Interceptor containers grid
| Column | Description |
|---|---|
| Display Name | Name of the container rendered on UI. |
| Description | Brief description of the container. |
| Status | Current status of the container (e.g., Running, Stopped). |
| ID | Unique identifier of the container. |
| Source type | Type of the container source: Docker Image Reference (for containers created based on external Docker images) or Internal Interceptor Image (for containers created based on DIAL self-hosted images). |
| Source Name | The name of the container source: either Docker image name or ID of the internal image. |
| Container URL | URL to access the running container. |
| Author | Email address of the creator of the container. |
| Topics | Tags that associate the container with one or more topics or categories. |
| Creation Time | Container creation timestamp. |
| Updated Time | Timestamp of the last update. |
| Actions | Buttons to manage the selected interceptor container: - Open in a new tab: Use to open the container configuration screen in a new tab in your browser. - Duplicate: Use to duplicate the interceptor container. - Stop/Run: Use to start and stop a container. - Delete: Use to remove the container. |
Create
On the main screen, you can add new interceptor containers based on based on Internal Interceptor images or External Docker Image Reference.
When a new container is created, you can use it as a source type to create interceptors.
To create a new interceptor container:
- Click Create on the main screen and select to create a container from Internal Interceptor Image or External Docker Image Reference.
- From Internal Interceptor Image: Select the desired Interceptor Image from the list and pick its installed version from the list (labeled with green indicator).
- External Docker Image Reference: Provide the URI of the external Docker image you want to use.
- Specify ID, Display Name and Description properties and click Finish to create the container.
- The screen with the container configuration is displayed. You can modify the configuration as needed, run, stop or delete the container.
Configuration
Click any interceptor container on the main screen to open its configuration screen.
On the configuration screen, you can view and edit the selected interceptor container settings, start and stop the container, view logs and events, or delete the container.
Note: Configuration fields are disabled for editing when the container is in a transition state (pending or stopping).
Actions
In the header of the Configuration screen, you can find the following action buttons:
| Action | Description |
|---|---|
| Create Interceptor | Available for running containers. Click to create a new interceptor using this selected interceptor container. |
| Run/Stop | Click to start or stop the interceptor container. |
| Delete | Click to delete the interceptor container. Note: This will effect interceptors created based on the deleted container. |
To Create Interceptor
You can use a running interceptor container to create a new interceptor in DIAL. Once created, the interceptor appears in Entities/Interceptors and can be used by DIAL applications, tool and models or as a global interceptor.
- In the Configuration screen of the running interceptor container, click the Create Interceptor button in the header.
- In the Create Interceptor dialog, fill in the form fields:
- ID: Unique identifier for the interceptor. Auto-populated according to the selected container.
- Display Name: Enter a name for the interceptor. Auto-populated according to the selected container.
- Description: Provide a brief description of the interceptor.
- Click the Create button to submit the form and create the interceptor. Repeat these steps to create more interceptors if needed.
Properties
In the Properties tab, you can view and edit the selected interceptor container settings.
Fields description
| Property | Required | Editable | Description |
|---|---|---|---|
| ID | - | No | Unique read-only identifier for the interceptor container. Must be between 2 and 36 characters long. Can contain only lowercase Latin letters, numbers, and hyphens. |
| Source Type | - | No | Type of the container source: Docker Image (for containers created based on external Docker images) or Internal Interceptor Image (for containers created based on DIAL self-hosted images). |
| Creation Time | - | No | Creation timestamp. |
| Updated Time | - | No | Timestamp of the last update. |
| Status | - | No | Current status of the interceptor container (e.g., Running, Stopped). |
| URL | - | No | URL to access the running interceptor container. |
| Restarts | - | No | Restart counter for launching containers. Use to identify crash loops. You can find details in the Execution Log. |
| Display Name | Yes | Yes | Name of the interceptor container rendered in UI. Must be between 2 and 255 characters long. |
| Description | No | Yes | Brief description of the interceptor container. |
| Maintainer | No | Yes | Email address of the maintainer of the interceptor container. |
| Topics | No | Yes | Topics are semantic labels that you can assign to containers (e.g. "finance", "support") for better navigation on UI. Click to display a list of available topics. You can add your own custom topics to the list following these rules: - The topic name must not exceed 255 characters. - The topic name must not contain leading or trailing spaces. |
| Docker Image Reference | Conditional | Yes | Reference of the external Docker image used to create the container. Available if the external Docker image was used to create the container. Disabled if the internal image was used to create the container. |
| Interceptor Image | Conditional | Yes | Internal Interceptor image from which the interceptor container was created. Click to display the list of available images where you can change the source image for the container. Note: The container is redeployed when source image changes. |
| Endpoint Configuration | No | Yes | Configuration details for the endpoints exposed by the interceptor container. Note: Changes to these settings can be applied to a running container. Saving changes will trigger a restart in RollingUpdate mode. |
| Autoscaling | No | Yes | Parameters to dynamically adjust interceptor container replicas based on demand. - Automatic scale to zero: Use to define criteria to reduce replicas to zero to save resources. For new interceptor containers, this option is enabled by default with a 5-minute inactivity delay before scaling to zero. - Min and Max Replicas: Sets the minimum and maximum number of instances that can run, ensuring availability and controlling costs. For new interceptor containers, the default range is 0 to 1 replica. - Pending requests to trigger autoscaling: Specifies the number of queued requests required to trigger scaling up, helping maintain performance during traffic spikes. Important: Existing interceptor containers keep their current autoscaling configuration. |
| Environment Variables | No | Yes | Environment variables set for the interceptor container. Note: Changes to these settings can be applied to a running container. Saving changes will trigger a restart in RollingUpdate mode. - Name: Must be between 1 and 253 characters long. Can contain only letters, numbers, dots (.), hyphens (-), and underscores (_).- Value: Must be between 1 and 253 characters long. Can contain only letters, numbers, dots (.), hyphens (-), and underscores (_). |
| Resources | No | Yes | Resource limits and requests for the interceptor container. Note: Changes to these settings can be applied to a running container. Saving changes will trigger a restart in RollingUpdate mode. Validation rules: - Values must be numeric and greater than 0. - Maximum allowed values for cpu, memory, and nvidia.com/gpu are defined on the backend via environment variables.- For each matching resource key (e.g. cpu), the value in limits must not be less than the value in requests. |
| Configuration | No | Yes | Command that defines the executable and its options to launch the container. Arguments provide extra parameters for customization during startup. |
| Startup probe | No | Yes | Use this configuration to enable and configure the Startup Probe - it is a type of health check specifically designed to signal that the application inside the container is ready to begin serving traffic. - Type: HTTP (Performs an HTTP GET request to a specified path and port on the container. The probe is considered successful if the response has a status code between 200 and 399.); TCP (Attempts to establish a TCP connection to the specified port. The probe is successful if the connection is established.). - Port: The network port on the container to which the probe will connect or send the request. - Path: Path to call inside the container. Available for HTTP type. - Initial delay seconds: The number of seconds to wait after the container starts before performing the first probe. This allows the application time to initialize before health checks begin. - Period seconds: The interval (in seconds) between consecutive probe checks. This determines how frequently Kubernetes will perform the probe. - Timeout seconds: The maximum number of seconds allowed for a single probe check to complete. If the probe does not return within this time, it is considered a failure. - Failure threshold: The number of consecutive failed probe attempts before Kubernetes considers the startup probe to have failed, which may result in the container being restarted or marked as failed. |
Advanced users with technical expertise can work with the container properties in a JSON editor view mode. It is useful for advanced scenarios of bulk updates, copy/paste between environments, or tweaking settings not exposed on UI.
Firewall settings
The whitelist domains setting specifies which external domains the interceptor container is allowed to connect to. This setting controls outgoing traffic from the container, ensuring that it can only communicate with trusted domains (for example, your company’s website or specific client applications).
Domain name requirements: Enter the domain name without protocol, e.g., github.com. Each domain must have at least one dot, labels can include letters, numbers, and hyphens (1–63 chars, not starting or ending with a hyphen), and the top-level domain must be at least 2 letters. Domain name must not include leading or trailing hyphens in labels.
Execution log
In the Execution Log tab, you can view real-time logs generated by the selected interceptor container. This log provides insights into the container's operations, including any errors or important events that occur during its execution.
When container starts with more than one pod, you can see logs for each of them:
In case of issues, health indicators are displayed to help identify problems:
| Indicator | Description |
|---|---|
| Restarts | Restart counter for launching containers. Use to identify crash loops. |
| Last restarted at | Timestamp of the last container restart. |
| Last reason | Restart failure reason. |
Events
In the Events tab, you can view a log of significant events related to the selected interceptor container, such as start and stop actions, errors, and other system messages.
Audit
In the Audit tab, you can review activity, usage, and operational metrics for the selected interceptor container, including configuration changes and runtime actions.
Note: This tab mimics the functionality available in the global Activity section, but is scoped specifically to the selected interceptor container.