From f2b33e0ee06031e378a54493e8998e81ab4dbbe4 Mon Sep 17 00:00:00 2001 From: Tim O'Keefe Date: Tue, 3 Mar 2026 09:59:07 -0500 Subject: [PATCH 1/4] OLS-2706: Vale checks for modules in configuration assembly - part 2 --- ...ls-disabling-ocp-documentation-rag-database.adoc | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/modules/ols-disabling-ocp-documentation-rag-database.adoc b/modules/ols-disabling-ocp-documentation-rag-database.adoc index d183626b1eef..2c0211a52694 100644 --- a/modules/ols-disabling-ocp-documentation-rag-database.adoc +++ b/modules/ols-disabling-ocp-documentation-rag-database.adoc @@ -3,17 +3,17 @@ :_mod-docs-content-type: PROCEDURE [id="disabling-ocp-index_{context}"] -= Disabling the {ocp-product-title} documentation RAG database += Disabling the {ocp-product-title} documentation retrieval-augmented generation (RAG) database [role="_abstract"] -Disable the default {ocp-product-title} documentation in the `OLSConfig` custom resource (CR) to prevent the service from using the built-in database that contains the {ocp-product-title} documentation. +Disable the default {ocp-product-title} documentation in the `OLSConfig` custom resource (CR) to prevent the service from using the built-in database that has the {ocp-product-title} documentation. -Then, the only Retrieval-Augmented Generation (RAG) databases {ols-long} uses are the ones that you provide to the service using the BYO Knowledge feature. +Then, the only retrieval-augmented generation (RAG) databases {ols-long} uses are the ones that you provide to the service by using the BYO Knowledge feature. .Prerequisites -* You are logged in to the {ocp-product-title} web console as a user account with permission to create a cluster-scoped CR file, such as a user with the `cluster-admin` role. +* You have logged in to the {ocp-product-title} web console as a user account with permission to create a cluster-scoped CR file, such as a user with the `cluster-admin` role. * You have installed the {ols-long} Operator. @@ -37,8 +37,7 @@ Then, the only Retrieval-Augmented Generation (RAG) databases {ols-long} uses ar . Insert the `spec.ols.byokRAGOnly` YAML code. + -.Example `OLSconfig` CR file -[source,yaml,subs="attributes,verbatim"] +[source,yaml] ---- apiVersion: ols.openshift.io/v1alpha1 kind: OLSConfig @@ -48,6 +47,6 @@ spec: ols: byokRAGOnly: true <1> ---- -<1> Specify `true` so that {ols-long} only uses RAG databases that you create using the BYO Knowledge feature. When `true`, {ols-long} does not use the default RAG database that contains the {ocp-product-title} documentation. +* `spec.ols.byokRAGOnly` specifies if the Service limits responses by using only the information found in the local documentation that you provide. Specify `true` so that {ols-long} only uses RAG databases that you create by using the BYO Knowledge feature. When `true`, {ols-long} does not use the default RAG database that contains the {ocp-product-title} documentation. . Click *Save*. \ No newline at end of file From fda6b0c3c8e79cedd78ce8c3c48101cfcf281c88 Mon Sep 17 00:00:00 2001 From: Tim O'Keefe Date: Tue, 3 Mar 2026 10:44:24 -0500 Subject: [PATCH 2/4] OLS-2706: updated files for vale checks --- modules/ols-about-document-title-and-url.adoc | 4 ++-- .../ols-providing-custom-knowledge-to-the-llm.adoc | 13 +++++++------ 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/modules/ols-about-document-title-and-url.adoc b/modules/ols-about-document-title-and-url.adoc index df64489c0352..907b83ad2d3c 100644 --- a/modules/ols-about-document-title-and-url.adoc +++ b/modules/ols-about-document-title-and-url.adoc @@ -9,7 +9,7 @@ Display the source titles and URLs {ols-long} uses to verify the accuracy of generated responses and access the original documentation for additional context. -In the retrieval-augmented generation (RAG) database, titles and URLs accompany documents as metadata. The BYO Knowledge tool can obtain the title and url attributes from YAML frontmatter if they reside in the Markdown files that the tool processes. +In the retrieval-augmented generation (RAG) database, titles and URLs accompany documents as metadata. The BYO Knowledge tool obtains the title and URL attributes from metadata if they reside in the Markdown files that the tool processes. [source,markdown] ---- @@ -22,4 +22,4 @@ url: "https://docs.gimp.org/3.0/en/gimp-using-layers.html" ... ---- -If a Markdown file does not have frontmatter with the `title` and `url` attributes, the first top-level Markdown heading, for example `# Introduction to Layers`, becomes the title and the file path becomes the URL. \ No newline at end of file +If a Markdown file does not have metadata with the `title` and `url` attributes, the first top-level Markdown heading, for example `# Introduction to Layers`, becomes the title and the file path becomes the URL. \ No newline at end of file diff --git a/modules/ols-providing-custom-knowledge-to-the-llm.adoc b/modules/ols-providing-custom-knowledge-to-the-llm.adoc index 7774afbccb94..2175b269082e 100644 --- a/modules/ols-providing-custom-knowledge-to-the-llm.adoc +++ b/modules/ols-providing-custom-knowledge-to-the-llm.adoc @@ -13,16 +13,17 @@ The examples in this procedure use `quay.io` as the remote container image regis :FeatureName: The BYO Knowledge tool include::snippets/technology-preview.adoc[] +:FeatureName!: .Prerequisites -* You are logged in to the {ocp-product-title} web console as a user account that has permission to create a cluster-scoped custom resource (CR) file, such as a user with the `cluster-admin` role. +* You have logged in to the {ocp-product-title} web console as a user account that has permission to create a cluster-scoped custom resource (CR) file, such as a user with the `cluster-admin` role. * You have an LLM provider available for use with the {ols-long} Service. * You have installed the {ols-long} Operator. -* The custom information you want to add resides as a collection of Markdown files with `.md` extensions. No other file format is supported. +* Your custom information consists of Markdown files with `.md` extensions. The tool does not support other file formats. * You have logged in to `registry.redhat.io` by using Podman. @@ -68,7 +69,7 @@ localhost/my-byok-image latest be7d1770bf10 1 minute ... ---- -. Tag the local image with a name and destination so that the image can be pushed to the container image registry by running the following command: +. Tag the local image with a name and destination so that you can push the image to the container image registry by running the following command: + [source,terminal] ---- @@ -82,7 +83,7 @@ $ podman tag localhost/my-byok-image:latest quay.io//my-byok-image:lat $ podman push quay.io//my-byok-image:latest ---- -. Modify the `OLSconfig` CR to deploy the newly created RAG database alongside the existing one: +. Update the `OLSconfig` CR to deploy the newly created RAG database alongside the existing one: .. In the {ocp-product-title} web console, click *Operators* -> *Installed Operators*. @@ -94,7 +95,7 @@ $ podman push quay.io//my-byok-image:latest .. Click the *YAML* tab. -.. Insert the `spec.ols.rag` yaml code: +.. Insert the `spec.ols.rag` YAML code: + [source,yaml] ---- @@ -108,7 +109,7 @@ spec: - image: quay.io//my-byok-image:latest ---- + -* `spec.ols.rag.image` specifies the tag for the image that was pushed to the image registry so that the {ols-long} Operator can access the custom content. The {ols-long} Operator can work with more than one RAG database that you create. +* `spec.ols.rag.image` specifies the tag for the image that you pushed to the image registry so that the {ols-long} Operator can access the custom content. The {ols-long} Operator can work with more than one RAG database that you create. . Optional: Specify pull secrets in the `OLSSpec` section of the `OLSConfig` CR file. These secrets provide authentication for remote registries. Use this optional field if your RAG BYO Knowledge images reside in a private registry that the standard cluster-wide pull secret cannot access. + From 69f521842e9d1e4ed378776926e31768b0605d1e Mon Sep 17 00:00:00 2001 From: Tim O'Keefe Date: Tue, 3 Mar 2026 13:41:06 -0500 Subject: [PATCH 3/4] OLS-2706: testing example layout --- ...-credentials-secret-using-web-console.adoc | 22 ++++++++++++------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/modules/ols-creating-the-credentials-secret-using-web-console.adoc b/modules/ols-creating-the-credentials-secret-using-web-console.adoc index dde74587d6e0..f83cef878132 100644 --- a/modules/ols-creating-the-credentials-secret-using-web-console.adoc +++ b/modules/ols-creating-the-credentials-secret-using-web-console.adoc @@ -10,7 +10,7 @@ Use the {ocp-product-title} web console to store the API token that {ols-long} uses to authenticate with the large language model (LLM) provider. -Alternatively, {azure-official} also supports authentication using {entra-id}. +Alternatively, {azure-official} also supports authentication by using {entra-id}. .Prerequisites @@ -22,14 +22,15 @@ Alternatively, {azure-official} also supports authentication using {entra-id}. . Click the *Quick create* (image:fa-plus-circle.png[title="Quick create menu"]) menu in the upper-right corner of the {ocp-short-name} web console and select *Import YAML*. -. Paste the YAML content for the LLM provider that you are using into the text area of the web console. +. Paste the YAML content for your LLM provider into the text area of the web console. + [NOTE] ==== The YAML parameter is always `apitoken` regardless of what the LLM provider calls the access details. ==== + +.. Use the following example for the OpenAI LLM. + -.Credential secret for LLM provider [source,yaml,subs="attributes,verbatim"] ---- apiVersion: v1 @@ -42,8 +43,9 @@ stringData: apitoken: <1> ---- <1> The `api_token` is not `base64` encoded. + +.. Use the following example to create the credential secret for the {rhelai} LLM. + -.Credential secret for {rhelai} [source,yaml,subs="attributes,verbatim"] ---- apiVersion: v1 @@ -56,8 +58,9 @@ metadata: type: Opaque ---- <1> The `api_token` must be `base64` encoded when stored in a secret. + +.. Use the following example to create the credential secret for the {rhelai} LLM. + -.Credential secret for {rhoai} [source,yaml,subs="attributes,verbatim"] ---- apiVersion: v1 @@ -70,8 +73,9 @@ metadata: type: Opaque ---- <1> The `api_token` must be `base64` encoded when stored in a secret. + +.. Use the following example to create the credential secret for the {watsonx} LLM. + -.Credential secret for {watsonx} [source,yaml,subs="attributes,verbatim"] ---- apiVersion: v1 @@ -84,8 +88,9 @@ metadata: type: Opaque ---- <1> The `api_token` must be `base64` encoded when stored in a secret. + +.. Use the following example to create the credential secret for the {azure-official} {openai} LLM. + -.Credential secret for {azure-official} {openai} [source,yaml,subs="attributes,verbatim"] ---- apiVersion: v1 @@ -100,8 +105,9 @@ type: Opaque <1> The `api_token` must be `base64` encoded when stored in a secret. + Alternatively, for {azure-openai} you can use {entra-id} to authenticate your LLM provider. {entra-id} users must configure the required roles for their {azure-openai} resource. For more information, see the official Microsoft link:https://learn.microsoft.com/en-us/azure/ai-services/openai/how-to/role-based-access-control#cognitive-services-openai-contributor[Cognitive Services OpenAI Contributor](Microsoft Azure OpenAI Service documentation). + +.. Optional: As another option with {azure-openai} you can use {entra-id} to authenticate your LLM provider. {entra-id} users must configure the required roles for their {azure-openai} resource. For more information, see the official Microsoft link:https://learn.microsoft.com/en-us/azure/ai-services/openai/how-to/role-based-access-control#cognitive-services-openai-contributor[Cognitive Services OpenAI Contributor](Microsoft Azure OpenAI Service documentation). Use the following example to authenticate by using {entra-id}. + -.Credential secret for {entra-id} [source,yaml,subs="attributes,verbatim"] ---- apiVersion: v1 From cfdcf2ef6a31b199a53e03b41cd6f90a9b943de7 Mon Sep 17 00:00:00 2001 From: Tim O'Keefe Date: Tue, 3 Mar 2026 15:04:42 -0500 Subject: [PATCH 4/4] OLS-2706: updated files --- ...htspeed-and-role-based-access-control.adoc | 10 +++--- modules/ols-about-the-byo-knowledge-tool.adoc | 8 ++--- ...-a-trusted-ca-certificate-for-the-llm.adoc | 14 ++++---- ...tspeed-custom-resource-file-using-cli.adoc | 11 +++--- ...-credentials-secret-using-web-console.adoc | 36 ++++++++++--------- ...s-filtering-and-redacting-information.adoc | 18 +++++----- ...s-granting-access-to-individual-users.adoc | 10 +++--- .../ols-granting-access-to-user-group.adoc | 10 +++--- 8 files changed, 58 insertions(+), 59 deletions(-) diff --git a/modules/ols-about-lightspeed-and-role-based-access-control.adoc b/modules/ols-about-lightspeed-and-role-based-access-control.adoc index bace044a1de7..0a27174c53f7 100644 --- a/modules/ols-about-lightspeed-and-role-based-access-control.adoc +++ b/modules/ols-about-lightspeed-and-role-based-access-control.adoc @@ -1,14 +1,14 @@ -// This module is used in the following assemblies: -// configure/ols-configuring-openshift-lightspeed.adoc +// Module included in the following assemblies: +// * lightspeed-docs-main/configure/ols-configuring-openshift-lightspeed.adoc :_mod-docs-content-type: CONCEPT [id="ols-about-lightspeed-and-role-based-access-control_{context}"] -= About Lightspeed and Role-Based Access Control (RBAC) += About Lightspeed and role-based access control (RBAC) [role="_abstract"] -Use Role-Based Access Control (RBAC) to manage system security by assigning permissions to specific roles rather than individual users. +Use role-based access control (RBAC) to manage system security by assigning permissions to specific roles rather than individual users. -{ols-long} RBAC is binary. By default, not all cluster users have access to the {ols-long} interface. Access must be granted by a user who can grant permissions. All users of an {ocp-short-name} cluster with {ols-long} installed can see the {ols-long} button; however, only users with permissions can submit questions to {ols-long}. +{ols-long} RBAC is binary. By default, not all cluster users have access to the {ols-long} interface. Only users with administrative rights can grant access. All users of an {ocp-short-name} cluster with {ols-long} installed can see the {ols-long} button; however, only users with permissions can submit questions to {ols-long}. If you want to evaluate the RBAC features of {ols-long}, your cluster will need users other than the `kubeadmin` account. The `kubeadmin` account always has access to {ols-long}. \ No newline at end of file diff --git a/modules/ols-about-the-byo-knowledge-tool.adoc b/modules/ols-about-the-byo-knowledge-tool.adoc index f77bad128aad..b84a1afbcf95 100644 --- a/modules/ols-about-the-byo-knowledge-tool.adoc +++ b/modules/ols-about-the-byo-knowledge-tool.adoc @@ -9,7 +9,7 @@ Enhance {ols-long} responses by using the BYO Knowledge tool to create a retrieval-augmented generation (RAG) database that includes documentation specific to your organization. -When you create a RAG database, you customize the {ols-long} service for your environment. For example, a network administrator can develop a standard operating procedure (SOP) that is used to provision an {ocp-product-title} cluster. Then, the network administrator can use the BYO Knowledge tool to enhance the knowledge available to the LLM by including information from the SOP. +When you create a RAG database, you customize the {ols-long} service for your environment. For example, a network administrator can use a standard operating procedure (SOP) to provision an {ocp-product-title} cluster. Then, the network administrator can use the BYO Knowledge tool to enhance the knowledge available to the LLM by including information from the SOP. To bring your own knowledge to an LLM, you complete the following steps: @@ -17,11 +17,11 @@ To bring your own knowledge to an LLM, you complete the following steps: * Use the BYO Knowledge tool to package the content as a container image. * Push the container image to an image registry, such as `quay.io`. * Update the `OLSConfig` custom resource file to list the image that you pushed to the image registry. -* Access the {ols-long} virtual assistant and submit a question that is associated with the custom knowledge that you made available to the LLM. +* Access the {ols-long} virtual assistant and submit a question associated with the custom knowledge that you made available to the LLM. + [NOTE] ==== -When you use the BYO Knowledge tool, the documents that you make available to the LLM are sent to the LLM provider. +When you use the BYO Knowledge tool, you provide documents directly to the LLM provider. ==== -{ols-long} supports automatic updates of BYO Knowledge images that use floating tags, such as `latest`. If over time a BYO Knowledge image tag points to different underlying images, {ols-long} detects those changes and updates the corresponding BYO Knowledge database accordingly. This feature is built using OpenShift `ImageStream` objects. {ocp-product-title} clusters check for updates to `ImageStream` objects every 15 minutes. \ No newline at end of file +{ols-long} supports automatic updates of BYO Knowledge images that use floating tags, such as `latest`. If over time a BYO Knowledge image tag points to different underlying images, {ols-long} detects those changes and updates the corresponding BYO Knowledge database accordingly. This feature uses OpenShift `ImageStream` objects. {ocp-product-title} clusters check for updates to `ImageStream` objects every 15 minutes. \ No newline at end of file diff --git a/modules/ols-configuring-lightspeed-with-a-trusted-ca-certificate-for-the-llm.adoc b/modules/ols-configuring-lightspeed-with-a-trusted-ca-certificate-for-the-llm.adoc index bbd7f124ed68..cfa1fefaaa0d 100644 --- a/modules/ols-configuring-lightspeed-with-a-trusted-ca-certificate-for-the-llm.adoc +++ b/modules/ols-configuring-lightspeed-with-a-trusted-ca-certificate-for-the-llm.adoc @@ -1,6 +1,5 @@ -// This module is used in the following assemblies: - -// * configure/ols-configuring-openshift-lightspeed.adoc +// Module included in the following assemblies: +// * lightspeed-docs-main/configure/ols-configuring-openshift-lightspeed.adoc :_mod-docs-content-type: PROCEDURE [id="ols-configuring-lightspeed-with-a-trusted-ca-certificate-for-the-llm_{context}"] @@ -42,11 +41,11 @@ data: . -----END CERTIFICATE----- ---- -<1> Specify the CA certificates required to connect to your LLM provider. You can include one or more certificates. -. Update the `OLSConfig` custom resource file to include the name of the `ConfigMap` object you just created. +* `data.caCertFileName` specifies the CA certificates required to connect to your LLM provider. You can include one or more certificates within this block to ensure secure communication. + +. Update the `OLSConfig` custom resource (CR) file to include the name of the `ConfigMap` object you just created. The following example uses {rhelai} as the LLM provider. + -.Example {rhelai} CR file [source,yaml,subs="attributes,verbatim"] ---- apiVersion: ols.openshift.io/v1alpha1 @@ -60,7 +59,8 @@ spec: additionalCAConfigMapRef: name: trusted-certs <1> ---- -<1> Specifies the name of `ConfigMap` object. + +* `spec.ols.additionalCAConfigMapRef.name` specifies the name of `ConfigMap` object. . Create the custom CR. + diff --git a/modules/ols-creating-lightspeed-custom-resource-file-using-cli.adoc b/modules/ols-creating-lightspeed-custom-resource-file-using-cli.adoc index 96acf16f24e1..b51b24322085 100644 --- a/modules/ols-creating-lightspeed-custom-resource-file-using-cli.adoc +++ b/modules/ols-creating-lightspeed-custom-resource-file-using-cli.adoc @@ -1,10 +1,9 @@ -// This module is used in the following assemblies: - -// * configure/ols-configuring-openshift-lightspeed.adoc +// Module included in the following assemblies: +// * lightspeed-docs-main/configure/ols-configuring-openshift-lightspeed.adoc :_mod-docs-content-type: PROCEDURE [id="ols-creating-lightspeed-custom-resource-file-using-cli_{context}"] -= Creating the Lightspeed custom resource file using the CLI += Creating the Lightspeed custom resource file by using the CLI [role="_abstract"] @@ -14,7 +13,7 @@ The specific content of the CR file is unique for each large language model (LLM .Prerequisites -* You have access to the {oc-first} and are logged in as a user with the `cluster-admin` role. Alternatively, you are logged in to a user account that has permission to create a cluster-scoped CR file. +* You have access to the {oc-first} and have logged in as a user with the `cluster-admin` role. As another option, you have logged in to a user account that has permission to create a cluster-scoped CR file. * You have an LLM provider available for use with the {ols-long} Service. @@ -22,7 +21,7 @@ The specific content of the CR file is unique for each large language model (LLM .Procedure -. Create an `OLSConfig` file that contains the YAML content for the LLM provider you use. +. Create an `OLSConfig` file that has the YAML content for the LLM provider you use. + .OpenAI CR file [source,yaml,subs="attributes,verbatim"] diff --git a/modules/ols-creating-the-credentials-secret-using-web-console.adoc b/modules/ols-creating-the-credentials-secret-using-web-console.adoc index f83cef878132..0283569779f7 100644 --- a/modules/ols-creating-the-credentials-secret-using-web-console.adoc +++ b/modules/ols-creating-the-credentials-secret-using-web-console.adoc @@ -1,6 +1,5 @@ -// This module is used in the following assemblies: - -// * configure/ols-configuring-openshift-lightspeed.adoc +// Module included in the following assemblies: +// * lightspeed-docs-main/configure/ols-configuring-openshift-lightspeed.adoc :_mod-docs-content-type: PROCEDURE [id="ols-creating-the-credentials-secret-using-web-console_{context}"] @@ -10,11 +9,11 @@ Use the {ocp-product-title} web console to store the API token that {ols-long} uses to authenticate with the large language model (LLM) provider. -Alternatively, {azure-official} also supports authentication by using {entra-id}. +As another option, {azure-official} also supports authentication by using {entra-id}. .Prerequisites -* You are logged in to the {ocp-product-title} web console as a user with the `cluster-admin` role. Alternatively, you are logged in to a user account that has permission to create a secret to store the Provider tokens. +* You have logged in to the {ocp-product-title} web console as a user with the `cluster-admin` role. As another option, you have logged in to a user account that has permission to create a secret to store the Provider tokens. * You have installed the {ols-long} Operator. @@ -40,9 +39,10 @@ metadata: namespace: openshift-lightspeed type: Opaque stringData: - apitoken: <1> + apitoken: ---- -<1> The `api_token` is not `base64` encoded. + +* The `api_token` is not `base64` encoded. .. Use the following example to create the credential secret for the {rhelai} LLM. + @@ -50,14 +50,15 @@ stringData: ---- apiVersion: v1 data: - apitoken: <1> + apitoken: kind: Secret metadata: name: rhelai-api-keys namespace: openshift-lightspeed type: Opaque ---- -<1> The `api_token` must be `base64` encoded when stored in a secret. + +* The `api_token` must be `base64` encoded when stored in a secret. .. Use the following example to create the credential secret for the {rhelai} LLM. + @@ -65,14 +66,15 @@ type: Opaque ---- apiVersion: v1 data: - apitoken: <1> + apitoken: kind: Secret metadata: name: rhoai-api-keys namespace: openshift-lightspeed type: Opaque ---- -<1> The `api_token` must be `base64` encoded when stored in a secret. + +* The `api_token` must be `base64` encoded when stored in a secret. .. Use the following example to create the credential secret for the {watsonx} LLM. + @@ -80,14 +82,15 @@ type: Opaque ---- apiVersion: v1 data: - apitoken: <1> + apitoken: kind: Secret metadata: name: watsonx-api-keys namespace: openshift-lightspeed type: Opaque ---- -<1> The `api_token` must be `base64` encoded when stored in a secret. + +* The `api_token` must be `base64` encoded when stored in a secret. .. Use the following example to create the credential secret for the {azure-official} {openai} LLM. + @@ -95,16 +98,15 @@ type: Opaque ---- apiVersion: v1 data: - apitoken: <1> + apitoken: kind: Secret metadata: name: azure-api-keys namespace: openshift-lightspeed type: Opaque ---- -<1> The `api_token` must be `base64` encoded when stored in a secret. -+ -Alternatively, for {azure-openai} you can use {entra-id} to authenticate your LLM provider. {entra-id} users must configure the required roles for their {azure-openai} resource. For more information, see the official Microsoft link:https://learn.microsoft.com/en-us/azure/ai-services/openai/how-to/role-based-access-control#cognitive-services-openai-contributor[Cognitive Services OpenAI Contributor](Microsoft Azure OpenAI Service documentation). + +* The `api_token` must be `base64` encoded when stored in a secret. .. Optional: As another option with {azure-openai} you can use {entra-id} to authenticate your LLM provider. {entra-id} users must configure the required roles for their {azure-openai} resource. For more information, see the official Microsoft link:https://learn.microsoft.com/en-us/azure/ai-services/openai/how-to/role-based-access-control#cognitive-services-openai-contributor[Cognitive Services OpenAI Contributor](Microsoft Azure OpenAI Service documentation). Use the following example to authenticate by using {entra-id}. + diff --git a/modules/ols-filtering-and-redacting-information.adoc b/modules/ols-filtering-and-redacting-information.adoc index b737c0706ccf..b43d19b9565c 100644 --- a/modules/ols-filtering-and-redacting-information.adoc +++ b/modules/ols-filtering-and-redacting-information.adoc @@ -1,5 +1,5 @@ -// This module is used in the following assemblies: -// configure/ols-configuring-openshift-lightspeed.adoc +// Module included in the following assemblies: +// * lightspeed-docs-main/configure/ols-configuring-openshift-lightspeed.adoc :_mod-docs-content-type: PROCEDURE [id="ols-filtering-and-redacting-information_{context}"] @@ -7,14 +7,14 @@ [role="_abstract"] -Configure sensitive data filtering in {ols-long} to redact private information before it is sent to the large language model (LLM) provider. +Configure sensitive data filtering in {ols-long} to redact private information before sending it to the large language model (LLM) provider. [NOTE] ==== -You should test your regular expressions against sample data to confirm that they identify the information you want to filter or redact, and that they do not identify information you want to send to the LLM. There are several third-party websites that you can use to test your regular expressions. When using third-party sites, you should practice caution with regards to sharing your private data. Alternatively, you can test the regular expressions locally using Python. In Python, it is possible to design very computationally-expensive regular expressions. Using several complex expressions as query filters can adversely impact the performance of {ols-long}. +You should test your regular expressions against sample data to confirm that they identify the information you want to filter or redact, and that they do not identify information you want to send to the LLM. There are several third-party websites that you can use to test your regular expressions. When using third-party sites, you should practice caution with regards to sharing your private data. As another option, you can test the regular expressions locally using Python. In Python, it is possible to design very computationally-expensive regular expressions. Using several complex expressions as query filters can adversely impact the performance of {ols-long}. ==== -This example shows how to modify the `OLSConfig` custom resource (CR) file to redact IP addresses, but you can also filter or redact other types of sensitive information. +This example shows how update the `OLSConfig` custom resource (CR) file to redact IP addresses, but you can also filter or redact other types of sensitive information. [NOTE] ==== @@ -23,7 +23,7 @@ If you configure filtering or redacting in the `OLSConfig` CR file, and you conf .Prerequisites -* You are logged in to the {ocp-product-title} web console as a user with the `cluster-admin` role. +* You have logged in to the {ocp-product-title} web console as a user with the `cluster-admin` role. * You have access to the {oc-first}. @@ -31,11 +31,9 @@ If you configure filtering or redacting in the `OLSConfig` CR file, and you conf .Procedure -. Modify the `OLSConfig` CR file and create an entry for each regular expression to filter. The following example redacts IP addresses: +. Update the `OLSConfig` CR file and create an entry for each regular expression to filter. The following example redacts IP addresses: + -.Example custom resource file -+ -[source,yaml,subs="attributes,verbatim"] +[source,yaml] ---- spec: ols: diff --git a/modules/ols-granting-access-to-individual-users.adoc b/modules/ols-granting-access-to-individual-users.adoc index 6de9044e9ec8..a7f3f1bf195a 100644 --- a/modules/ols-granting-access-to-individual-users.adoc +++ b/modules/ols-granting-access-to-individual-users.adoc @@ -1,5 +1,5 @@ -// This module is used in the following assemblies: -// configure/ols-configuring-openshift-lightspeed.adoc +// Module included in the following assemblies: +// * lightspeed-docs-main/configure/ols-configuring-openshift-lightspeed.adoc :_mod-docs-content-type: CONCEPT [id="ols-granting-access-to-individual-users_{context}"] @@ -7,11 +7,11 @@ [role="_abstract"] -Grant system permissions to an individual user to provide the specific access required for specialized tasks while maintaining the principle of least privilege. +Grant system permissions to an individual user to allow the specific access required for specialized tasks while maintaining the principle of least privilege. .Prerequisites -* You are logged in to the {ocp-product-title} web console as a user with the `cluster-admin` role. Alternatively, you are logged in as a user with the ability to grant permissions. +* You have logged in to the {ocp-product-title} web console as a user with the `cluster-admin` role. As another option, you have logged in as a user with the ability to grant permissions. * You have deployed the {ols-long} service. @@ -27,7 +27,7 @@ $ oc adm policy add-cluster-role-to-user \ lightspeed-operator-query-access ---- + -Alternatively, you can use a YAML file when granting access to an individual user by using the following command: +As another option, you can use a YAML file when granting access to an individual user by using the following command: + [source,terminal] ---- diff --git a/modules/ols-granting-access-to-user-group.adoc b/modules/ols-granting-access-to-user-group.adoc index e7d4e9828223..e507d35127f9 100644 --- a/modules/ols-granting-access-to-user-group.adoc +++ b/modules/ols-granting-access-to-user-group.adoc @@ -1,5 +1,5 @@ -// This module is used in the following assemblies: -// configure/ols-configuring-openshift-lightspeed.adoc +// Module included in the following assemblies: +// * lightspeed-docs-main/configure/ols-configuring-openshift-lightspeed.adoc :_mod-docs-content-type: CONCEPT [id="ols-agranting-access-to-user-group_{context}"] @@ -7,13 +7,13 @@ [role="_abstract"] -Grant access to the {ols-long} service for multiple users simultaneously by assigning permissions to a user group. +Grant access to the {ols-long} service for many users simultaneously by assigning permissions to a user group. If your cluster has more advanced identity management configured, including user groups, you can grant all users of a specific group access to the {ols-long} service. .Prerequisites -* You are logged in to the {ocp-product-title} web console as a user with the `cluster-admin` role. Alternatively, you are logged in as a user with the ability to grant permissions. +* You have logged in to the {ocp-product-title} web console as a user with the `cluster-admin` role. As another option, you have logged in as a user with the ability to grant permissions. * You have deployed the {ols-long} service. @@ -29,7 +29,7 @@ $ oc adm policy add-cluster-role-to-group \ lightspeed-operator-query-access ---- + -Alternatively, you can use a YAML file when granting access to a user group by using the following command: +As another option, you can use a YAML file when granting access to a user group by using the following command: + [source,terminal] ----