diff --git a/configure/ols-configuring-openshift-lightspeed.adoc b/configure/ols-configuring-openshift-lightspeed.adoc index e95499d5d8c8..722dc0149db9 100644 --- a/configure/ols-configuring-openshift-lightspeed.adoc +++ b/configure/ols-configuring-openshift-lightspeed.adoc @@ -17,6 +17,7 @@ include::modules/ols-creating-the-credentials-secret-using-web-console.adoc[leve include::modules/ols-creating-lightspeed-custom-resource-file-using-web-console.adoc[leveloffset=+1] include::modules/ols-creating-the-credentials-secret-using-cli.adoc[leveloffset=+1] include::modules/ols-creating-lightspeed-custom-resource-file-using-cli.adoc[leveloffset=+1] +include::modules/ols-configuring-lightspeed-with-a-trust-provider-certificate-for-the-llm.adoc[leveloffset=+2] include::modules/ols-verifying-openshift-lightspeed-deployment.adoc[leveloffset=+1] include::modules/ols-about-lightspeed-and-role-based-access-control.adoc[leveloffset=+1] include::modules/ols-granting-access-to-individual-users.adoc[leveloffset=+2] diff --git a/modules/ols-0-3-0-release-notes.adoc b/modules/ols-0-3-0-release-notes.adoc new file mode 100644 index 000000000000..e15b96b89e29 --- /dev/null +++ b/modules/ols-0-3-0-release-notes.adoc @@ -0,0 +1,14 @@ +// Module included in the following assemblies: +// release_notes/ols-release-notes.adoc + +:_mod-docs-content-type: REFERENCE +[id="ols-0-3-0-release-notes_{context}"] += {ols-long} version 0.3.0 + +{ols-official} 0.3.0 is now available on {ocp-product-title} 4.15 or later. + +[IMPORTANT] +==== +{ols-long} is designed for FIPS. OpenShift Lightspeed uses the RHEL cryptographic libraries that have been submitted to NIST for FIPS 140-2/140-3 Validation on the x86_64 architecture. +For more information about the NIST validation program, see link:https://csrc.nist.gov/Projects/cryptographic-module-validation-program/validated-modules[Cryptographic] Module Validation Program. For the latest NIST status for the individual versions of RHEL cryptographic libraries that have been submitted for validation, see link:https://access.redhat.com/articles/compliance_activities_and_gov_standards#fips-140-2-and-fips-140-3-2[Compliance] Activities and Government Standards. +==== \ No newline at end of file diff --git a/modules/ols-configuring-lightspeed-with-a-trust-provider-certificate-for-the-llm-using-console.adoc b/modules/ols-configuring-lightspeed-with-a-trust-provider-certificate-for-the-llm-using-console.adoc new file mode 100644 index 000000000000..e922dbdca4ad --- /dev/null +++ b/modules/ols-configuring-lightspeed-with-a-trust-provider-certificate-for-the-llm-using-console.adoc @@ -0,0 +1,73 @@ +// This module is used in the following assemblies: + +// * configure/ols-configuring-openshift-lightspeed.adoc + +:_mod-docs-content-type: PROCEDURE +[id="ols-configuring-openshift-lightspeed-with-a-trust-certificate-required-by-llm-provider-using-console_{context}"] += Configuring {ols-long} with a trust provider certificate for the LLM using the web console + +This procedure explains how to configure {ols-long} with a trust provider certificate for the Large Language Model (LLM) provider using the . + +[NOTE] +==== +If the LLM provider you are using requires a trust certificate to authenticate the {ols-long} service you must perform this procedure. If the LLM provider does not require a trust certificate to authenticate the service then you should skip this procedure. +==== + +.Prerequisties + +* You are logged in to the {ocp-product-title} web console as `cluster-admin`. + +* The {ols-long} Operator is installed. + +.Procedure + +. Click *Add* in the upper-right corner of the {ocp-product-title} web console. + +. Copy the contents of the certificate file and paste it into a file called `caCertFileName`. + +. Click *Create*. + +. Click *Add* in the upper-right corner of the {ocp-product-title} web console. + +. Create a `ConfigMap` object called `trusted-certs`. ++ +.Example file +[source,terminal] +---- +kind: ConfigMap +apiVersion: v1 +metadata: + name: trusted-certs + namespace: openshift-lightspeed +data: + caCertFileName: | + -----BEGIN CERTIFICATE----- + . + . + . + -----END CERTIFICATE----- +---- + +. Update the `OLSConfig` custom resource file to include the name of the `ConfigMap` object that contains one or more CA certificates required to connect to your LLM provider. ++ +.Example {rhelai} CR file +[source,yaml,subs="attributes,verbatim"] +---- +apiVersion: ols.openshift.io/v1alpha1 +kind: OLSConfig +metadata: + name: cluster +spec: + ols: + defaultProvider: rhelai + defaultModel: models/granite-7b-redhat-lab + additionalCAConfigMapRef: + name: trusted-certs +---- + + . Create the custom CR. ++ +[source,terminal] +---- +$ oc apply -f +---- diff --git a/modules/ols-configuring-lightspeed-with-a-trust-provider-certificate-for-the-llm.adoc b/modules/ols-configuring-lightspeed-with-a-trust-provider-certificate-for-the-llm.adoc new file mode 100644 index 000000000000..b6776702a7d1 --- /dev/null +++ b/modules/ols-configuring-lightspeed-with-a-trust-provider-certificate-for-the-llm.adoc @@ -0,0 +1,66 @@ +// This module is used in the following assemblies: + +// * configure/ols-configuring-openshift-lightspeed.adoc + +:_mod-docs-content-type: PROCEDURE +[id="ols-configuring-openshift-lightspeed-with-a-trust-certificate-required-by-llm-provider_{context}"] += Configuring {ols-long} with a trust provider certificate for the LLM + +This procedure explains how to configure {ols-long} with a trust provider certificate for the Large Language Model (LLM) provider. + +[NOTE] +==== +If the LLM provider you are using requires a trust certificate to authenticate the {ols-long} service you must perform this procedure. If the LLM provider does not require a trust certificate to authenticate the service then you should skip this procedure. +==== + +.Procedure + +. Copy the contents of the certificate file and paste it into a file called `caCertFileName`. + +. Create a `ConfigMap` object called `trusted-certs` by running the following command: ++ +[source,terminal] +---- +$ oc create configmap trusted-certs --from-file=caCertFileName +---- ++ +.Example output +[source,terminal] +---- +kind: ConfigMap +apiVersion: v1 +metadata: + name: trusted-certs + namespace: openshift-lightspeed +data: + caCertFileName: | + -----BEGIN CERTIFICATE----- + . + . + . + -----END CERTIFICATE----- +---- + +. Update the `OLSConfig` custom resource file to include the name of the `ConfigMap` object that contains one or more CA certificates required to connect to your LLM provider. ++ +.Example {rhelai} CR file +[source,yaml,subs="attributes,verbatim"] +---- +apiVersion: ols.openshift.io/v1alpha1 +kind: OLSConfig +metadata: + name: cluster +spec: + ols: + defaultProvider: rhelai + defaultModel: models/granite-7b-redhat-lab + additionalCAConfigMapRef: + name: trusted-certs +---- + + . Create the custom CR. ++ +[source,terminal] +---- +$ oc apply -f +---- diff --git a/modules/ols-creating-lightspeed-custom-resource-file-using-cli.adoc b/modules/ols-creating-lightspeed-custom-resource-file-using-cli.adoc index ad3e5c15fd44..0f7cec8f83ee 100644 --- a/modules/ols-creating-lightspeed-custom-resource-file-using-cli.adoc +++ b/modules/ols-creating-lightspeed-custom-resource-file-using-cli.adoc @@ -6,7 +6,7 @@ [id="ols-creating-lightspeed-custom-resource-file-using-cli_{context}"] = Creating the Lightspeed custom resource file using the CLI -The Custom Resource (CR) file contains information that the Operator uses to deploy {ols-long}. The specific content of the CR file is unique for each LLM provider. Choose the configuration file that matches your LLM provider. +The Custom Resource (CR) file contains information that the Operator uses to deploy {ols-long}. The specific content of the CR file is unique for each Large Language Model (LLM) provider. Choose the configuration file that matches your LLM provider. .Prerequisites @@ -60,6 +60,8 @@ spec: ols: defaultProvider: rhelai defaultModel: models/granite-7b-redhat-lab + additionalCAConfigMapRef: + name: openshift-service-ca.crt ---- <1> The URL endpoint must end with `v1` to be valid. For example, `\https://http://3.23.103.8:8000/v1`. + diff --git a/modules/ols-creating-lightspeed-custom-resource-file-using-web-console.adoc b/modules/ols-creating-lightspeed-custom-resource-file-using-web-console.adoc index bb4e601d0de7..164fbcd4413d 100644 --- a/modules/ols-creating-lightspeed-custom-resource-file-using-web-console.adoc +++ b/modules/ols-creating-lightspeed-custom-resource-file-using-web-console.adoc @@ -6,7 +6,7 @@ [id="ols-creating-lightspeed-custom-resource-file-using-web-console_{context}"] = Creating the Lightspeed custom resource file using the web console -The Custom Resource (CR) file contains information that the Operator uses to deploy {ols-long}. The specific content of the CR file is unique for each LLM provider. Choose the configuration file that matches your LLM provider. +The Custom Resource (CR) file contains information that the Operator uses to deploy {ols-long}. The specific content of the CR file is unique for each Large Language Model (LLM) provider. Choose the configuration file that matches your LLM provider. .Prerequisites @@ -80,7 +80,7 @@ spec: models: - name: granite-8b-code-instruct-128k name: red_hat_openshift_ai - type: rhoai_vllm + type: rhoai_vllm url: <1> ols: defaultProvider: red_hat_openshift_ai diff --git a/release_notes/ols-release-notes.adoc b/release_notes/ols-release-notes.adoc index 00bde211a735..5a3ae1414d27 100644 --- a/release_notes/ols-release-notes.adoc +++ b/release_notes/ols-release-notes.adoc @@ -8,6 +8,7 @@ toc::[] The release notes highlight what is new and what has changed with each {ols-official} release. +include::modules/ols-0-3-0-release-notes.adoc[leveloffset=+1] include::modules/ols-0-2-1-release-notes.adoc[leveloffset=+1] include::modules/ols-0-2-0-release-notes.adoc[leveloffset=+1] include::modules/ols-0-1-7-release-notes.adoc[leveloffset=+1]