Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 1. Enabling AI safety with Guardrails

The TrustyAI Guardrails Orchestrator service is a tool to invoke detections on text generation inputs and outputs, as well as standalone detections.

It is underpinned by the open-source project FMS-Guardrails Orchestrator from IBM. You can deploy the Guardrails Orchestrator service through a Custom Resource Definition (CRD) that is managed by the TrustyAI Operator.

The following sections describe the Guardrails components, how to deploy them and provide example use cases of how to protect your AI applications using these tools:

Understanding detectors

Explore the available detector types in the Guardrails framework. Currently supported detectors are:

  • The built-in detector: Out-of-the-box guardrailing algorithms for quick setup and easy experimentation.
  • Hugging Face detectors: Text classification models for guardrailing, such as ibm-granite/granite-guardian-hap-38m or any other text classifier from Hugging Face.
Configuring the Orchestrator
Configure the Orchestrator to communicate with available detectors and your generation model.
Configuring the Guardrails Gateway
Define preset guardrail pipelines with corresponding unique endpoints.
Deploying the Orchestrator
Create a Guardrails Orchestrator to begin securing your Large Language Model (LLM) deployments.
Automatically configuring Guardrails using AutoConfig
Automatically configure Guardrails based on available resources in your namespace.
Monitoring user-inputs to your LLM
Enable a safer LLM by filtering hateful, profane, or toxic inputs.
Enabling the OpenTelemetry exporter for metrics and tracing
Provide observability for the security and governance mechanisms of AI applications.

1.1. Understanding detectors
Copy link

The Guardrails framework uses "detector" servers to contain guardrailing logic. Any server that provides the IBM /detectors API is compatible with the Guardrails framework. The main endpoint for a detector server is the /api/v1/text/contents, and the payload looks like the following: 

curl $ENDPOINT/api/v1/text/contents -d /
"{
  \"contents\": [
    \"Some message\"
  ],
  \"detector_params\": {}
}"
Copy to Clipboard Toggle word wrap

1.1.1. Built-in Detector
Copy link

The Guardrails framework provides a set of “built-in” detectors out-of-the-box, which provides a number of detection algorithms. The built-in detector currently provides the following algorithms:

regex
  • us-social-security-number - detect US social security numbers
  • credit-card - detect credit card numbers
  • email - detect email addresses
  • ipv4 - detect IPv4 addresses
  • ipv6 - detect IP6 addresses
  • us-phone-number - detect US phone numbers
  • uk-post-code - detect UK post codes
  • $CUSTOM_REGEX - use a custom regex to define your own detector
file_type
  • json - detect valid JSON
  • xml - detect valid XML
  • yaml - detect valid YAML
  • json-with-schema:$SCHEMA - detect whether the text content satisfies a provided JSON schema. To specify a schema, replace $SCHEMA with a JSON schema
  • xml-with-schema:$SCHEMA - detect whether the text content satisfies a provided XML schema. To specify a schema, replace $SCHEMA with an XML Schema Definition (XSD)
  • yaml-with-schema:$SCHEMA - detect whether the text content satisfies a provided XML schema. To specify a schema, replace $SCHEMA with a JSON schema (not a YAML schema)
custom

Developer preview

  • Custom detectors defined via a custom_detectors.py file.

    The detector algorithm can be chosen with detector_params, by first choosing the top-level taxonomy (e.g., regex or file_type) and then providing a list of the desired algorithms from within that category. In the following example, both the credit-card and email algorithms are run against the provided message: 

{
  "contents": [
    "Some message"
  ],
  "detector_params": {
    "regex": ["credit-card", "email"]
  }
}
Copy to Clipboard Toggle word wrap

1.1.2. The Hugging Face Detector serving runtime
Copy link

To use Hugging Face AutoModelsForSequenceClassification as detectors within the Guardrails Orchestrator, you need to first configure a Hugging Face serving runtime.

The guardrails-detector-huggingface-runtime is a KServe serving runtime for Hugging Face predictive text models. This allows models such as the ibm-granite/granite-guardian-hap-38m to be used within the TrustyAI Guardrails ecosystem.

Example custom serving runtime

This YAML file contains an example of a custom serving Huggingface runtime: 

apiVersion: serving.kserve.io/v1alpha1
kind: ServingRuntime
metadata:
  name: guardrails-detector-runtime
  annotations:
    openshift.io/display-name: Guardrails Detector ServingRuntime for KServe
    opendatahub.io/recommended-accelerators: '["nvidia.com/gpu"]'
  labels:
    opendatahub.io/dashboard: 'true'
spec:
  annotations:
    prometheus.io/port: '8080'
    prometheus.io/path: '/metrics'
  multiModel: false
  supportedModelFormats:
    - autoSelect: true
      name: guardrails-detector-huggingface
  containers:
    - name: kserve-container
      image: quay.io/trustyai/guardrails-detector-huggingface-runtime:v0.2.0
      command:
        - uvicorn
        - app:app
      args:
        - "--workers=1"
        - "--host=0.0.0.0"
        - "--port=8000"
        - "--log-config=/common/log_conf.yaml"
      env:
        - name: MODEL_DIR
          value: /mnt/models
        - name: HF_HOME
          value: /tmp/hf_home
        - name: SAFE_LABELS
          value: "[0]"
      ports:
        - containerPort: 8000
          protocol: TCP
Copy to Clipboard Toggle word wrap

The above serving runtime example matches the default template used with Red Hat OpenShift AI, and should suffice for the majority of use-cases. The main relevant configuration parameter is the SAFE_LABELS environment variable. This specifies which prediction label or labels from the AutoModelForSequenceClassification constitute a "safe" response and therefore should not trigger guardrailing. For example, if [0, 1] is specified as SAFE_LABELS for a four-class model, a predicted label of 0 or 1 is considered "safe", while a predicted label of 2 or 3 triggers guardrailing. The default value is [0].

Expand
Table 1.1. Template configuration
PropertyValue

Template Name

guardrails-detector-huggingface-serving-template

Runtime Name

guardrails-detector-huggingface-runtime

Display Name

Hugging Face Detector ServingRuntime for KServe

Model Format

guardrails-detector-hf-runtime

Expand
Table 1.2. Server configuration
ComponentConfigurationValue

Server

uvicorn

app:app

Port

Container

8000

Metrics Port

Prometheus

8080

Metrics Path

Prometheus

/metrics

Log Config

Path

/common/log_conf.yaml

Expand
Table 1.3. Parameters
ParameterDefaultDescription

guardrails-detector-huggingface-runtime-image

-

Container image (required)

MODEL_DIR

/mnt/models

Model mount path

HF_HOME

/tmp/hf_home

HuggingFace cache

SAFE_LABELS

[0]

A JSON-formatted list

--workers

1

Number of Uvicorn workers

--host

0.0.0.0

Server bind address

--port

8000

Server port

Expand
Table 1.4. Parameters for API endpoints
EndpointMethodDescriptionContent-TypeHeaders

/health

GET

Health check endpoint

-

-

/api/v1/text/contents

POST

Content detection endpoint

application/json

3 types: * application/json * detector-id: {detector_name} * Content-Type: application/json

1.2. Orchestrator Configuration Parameters
Copy link

The first step in deploying the Guardrails framework is to first define your Orchestrator configuration with a Config Map. This serves as a registry of the components in the system, namely by specifying the model-to-be-guardrailed and the available detector servers.

Here is an example version of an Orchestrator configuration file:

Example orchestrator_configmap.yaml

kind: ConfigMap
apiVersion: v1
metadata:
  name: orchestrator-config
data:
  config.yaml: |
    chat_generation:
      service:
        hostname: <generation_hostname>
        port: <generation_service_port>
        api_token: <api_token_env_var>
        tls: <tls_config_1_name>
    detectors:
      <detector_server_1_name>:
        type: text_contents
        service:
            hostname: "127.0.0.1"
            port: 8080
        chunker_id: whole_doc_chunker
        default_threshold: 0.5
      <detector_server_2_name>:
        type: text_contents
        service:
          hostname: <other_detector_hostname>
          port: <detector_server_port>
          api_token: <api_token_env_var>
          tls: <some_other_detector_tls>
        chunker_id: whole_doc_chunker
        default_threshold: 0.5
    tls:
      - <tls_config_1_name>:
          cert_path: /etc/tls/<path_1>/tls.crt
          key_path: /etc/tls/<path_1>/tls.key
          ca_path: /etc/tls/ca/service-ca.crt
      - <tls_config_2_name>:
          cert_path: /etc/tls/<path_2>/tls.crt
          key_path: /etc/tls/<path_2>/tls.key
          ca_path: /etc/tls/ca/service-ca.crt
    passthrough_headers:
      - "authorization"
      - "content-type"
Copy to Clipboard Toggle word wrap

Expand
Table 1.5. Orchestrator configuration parameters
ParameterDescription

chat_generation

Describes the generation model to be guardrailed. Requires a service configuration, see below.

service

A service configuration. Throughout the Orchestrator config, all external services are described using the service configuration, which contains the following fields:

  • hostname - The hostname of the service
  • port - The port of the service
  • api_token (Optional) - The name of an environment variable that holds the authentication token for the service. The token value is read from the environment variable at runtime. For example, if set to MODEL_TOKEN, the Orchestrator reads the token from the $MODEL_TOKEN environment variable.
  • tls (Optional) - The name of the TLS configuration (specified later in the configuration) to use for this service. If provided, the Orchestrator communicates with this service with HTTPS.

detectors

The detectors section is where the detector servers available to the Orchestrator are specified. Provide some unique name for the detector server as the key to each entry, and then the following values are required:

  • type - The kind of detector server. For now, the only supported kind within RHOAI is text_contents

  • service - The service configuration for the detector server, see the service section above for details. Note, if you want to use the built-in detector, the service configuration should always be 

    service:
    hostname: "127.0.0.1"
    port: 8080
    Copy to Clipboard Toggle word wrap
  • chunker_id- The chunker to use for this detector server. For now, the only supported chunker is whole_doc_chunker
  • default_threshold- The threshold to pass to the detector server. The threshold can be used by the detector servers to determine their sensitivity, and recommended values vary by detector algorithm. A safe starting point for this is a value of 0.5.

<detector_server_name>

Each key in the detector section defines the name of the detector server. This can be any string, but you’ll need to reference these names later, so pick memorable and descriptive names.

tls

The tls section defines TLS configurations. The names of these configurations can then be used as values within service.tls in your service configurations (see the service section above). A TLS configuration consists of the following fields:

  • cert_path - The path to a .crt file inside the Guardrails Orchestrator container.
  • key_path - The path to a .key file inside the Guardrails Orchestrator container.

  • ca_path - The path to CA certificate .crt file on the Guardrails Orchestrator container. The default Openshift Serving CA will be mounted at /etc/tls/ca/service-ca.crt, we recommend using this as your ca_path.

    See the tlsSecrets section of the GuardrailsOrchestrator Custom Resource in Deploying the Guardrails Orchestrator to learn how to mount custom TLS files into the Guardrails Orchestrator container.

passthrough_headers

Defines which headers from your requests to the Guardrails Orchestrator get sent onwards to the various services specified in this configuration. If you want to ensure that the Orchestrator can talk to authenticated services, include "authorization" and "content-type" in your passthrough header list.

1.3. Guardrails Gateway Config Parameters
Copy link

The Guardrails gateway provides a mechanism for defining preset detector pipelines and creating a unique, endpoint-per-pipeline preset. To use the Guardrails gateway, create a Guardrails Gateway configuration with a Config Map.

Example gateway_configmap.yaml

kind: ConfigMap
apiVersion: v1
metadata:
  name: guardrails-gateway-config
data:
  config.yaml: |
    detectors:
      - name: <built_in_detector_name>
        server: <built_in_detector_server_name>
        input: <boolean>
        output: <boolean>
        detector_params:
          <detector_taxonomy>:
            - <detector_name>
      - name: <detector_2_name>
        detector_params: {}
    routes:
      - name: <preset_1_name>
        detectors:
          - <detector_name>
          - <detector_name>
          - ...
          - <detector_name>
      - name: passthrough
        detectors:
Copy to Clipboard Toggle word wrap

Expand
ParameterDescription

detectors

The list of detector servers and parameters to use inside your Guardrails Gateway presets. The following fields are available:

  • name - The name of your detector server. This key is later used when defining your preset routes in the route section of the configuration. If no server value is provided, this name must match a detector server name given in your Orchestrator Config. If server is specified, the name field can be any string.
  • server (optional) - The server name from your Orchestrator Config to use for this particular detector config.This field is useful if you want to create multiple detector parameter configurations that use the same underlying detector server, e.g., to use the built-in detector with different algorithms for different presets.
  • input - Whether this detector should operate over user inputs (prompts). Available values are true or false
  • output - Whether this detector should operate over model outputs. Available values are true or false
  • detector_params - The parameters that should be passed to the detector endpoint. See detector server documentation for more information.

routes

Define Guardrail pipeline presets according to combinations of available detectors. Each preset route requires the following fields:

  • name - The name of the route preset. A corresponding /<name>/v1/chat/completions endpoint is available in the created Guardrails Gateway server. For example, in the example configuration above, /passthrough/v1/chat/completions/ is an available endpoint.
  • detectors - The list of detectors that should be used in this particular pipeline preset. Please see the note below regarding using multiple detectors from the same underlying server.
Note

The Guardrails Gateway only provides the /v1/chat/completions API for each route preset. The older /v1/completions API is not supported.

Note

In the routes presets configuration, each input and output detector in the detectors list must use a unique server. For example, if we have the following detectors, the routes preset configuration is invalid because it uses two input: true detectors from the serverA server: 

- name: detector1
  server: serverA
  input: true
  output: false
- name: detector2
  server: serverA
  input: true
  output: false
- name: detector3
  server: serverA
  input: false
  output: true
Copy to Clipboard Toggle word wrap 
routes:
  - name: route1
    detectors:
      - detector1
      - detector2
Copy to Clipboard Toggle word wrap

However, the following routes preset configuration is valid, because while both detectors use serverA, detector1 is only an input detector, while detector3 is only an output detector, and therefore does not conflict: 

routes:
  - name: route1
    detectors:
      - detector1
      - detector3
Copy to Clipboard Toggle word wrap

The following routes preset is also valid, because, while two input detectors from serverA are used, they are not used in the same route preset: 

routes:
  - name: route1
    detectors:
      - detector1
  - name: route2
    detectors:
      - detector2
Copy to Clipboard Toggle word wrap

1.4. Deploying the Guardrails Orchestrator
Copy link

You can deploy a Guardrails Orchestrator instance in your namespace to monitor elements, such as user inputs to your Large Language Model (LLM).

Prerequisites

  • You have cluster administrator privileges for your OpenShift cluster.

  • You have installed the OpenShift CLI (oc) as described in the appropriate documentation for your cluster:

  • You are familiar with how to create a configMap for monitoring a user-defined workflow. You perform similar steps in this procedure. See Understanding config maps.
  • You have configured KServe to use RawDeployment mode. For more information, see Deploying models on the single-model serving platform.
  • You have the TrustyAI component in your OpenShift AI DataScienceCluster set to Managed.
  • You have a large language model (LLM) for chat generation or text classification, or both, deployed in your namespace.

  1. Deploy your Orchestrator config map: 

    $ oc apply -f <ORCHESTRATOR CONFIGMAP>.yaml -n <TEST_NAMESPACE>
    Copy to Clipboard Toggle word wrap

  2. Optional: Deploy your Guardrails gateway config map: 

    $ oc apply -f <GUARDRAILS GATEWAY CONFIGMAP>.yaml -n <TEST_NAMESPACE>
    Copy to Clipboard Toggle word wrap

  3. Create a Guardrails Orchestrator custom resource. Make sure that the orchestratorConfig and guardrailsGatewayConfig match the names of the resources you created in steps 1 and 2.

    Example orchestrator_cr.yaml CR

    apiVersion: trustyai.opendatahub.io/v1alpha1
kind: GuardrailsOrchestrator
metadata:
  name: guardrails-orchestrator-sample
  annotations:
    security.opendatahub.io/enable-auth: "true"
spec:
  orchestratorConfig: <orchestrator_configmap>
  guardrailsGatewayConfig: <guardrails_gateway_configmap>
  customDetectorsConfig:  <custom_detectors_config>
  autoConfig:
    - <auto_config_settings>
  enableBuiltInDetectors: True
  enableGuardrailsGateway: True
  logLevel: INFO
  tlsSecrets:
    - <tls_secret_1_to_mount>
    - ...
    - <tls_secret_2_to_mount>
  otelExporter:
    - <open_telemetry_config>
  env:
    - name: MODEL_TOKEN
      valueFrom:
        secretKeyRef:
          name: api-token-secret
          key: token
  replicas: 1
    Copy to Clipboard Toggle word wrap

    If desired, the TrustyAI controller can automatically generate an orchestratorConfig and guardrailsGatewayConfig based on the available resources in your namespace. To access this, include the autoConfig parameter inside your Custom Resource, and see Auto Configuring Guardrails for documentation on its usage.

    Expand
    Table 1.6. Annotations from example orchestrator_cr.yaml CR
    AnnotationDescription

    security.opendatahub.io/enable-auth (optional)

    Boolean value to control whether the Guardrails Orchestrator routes will be authenticated by using the kube-rbac-proxy. If set to true, the created routes to the Guardrails Orchestrator, Guardrails Gateway, and built-in detectors will all require authentication headers in the form Authentication: Bearer $xyz for access.

    Expand
    Table 1.7. Parameters from example orchestrator_cr.yaml CR
    ParameterDescription

    orchestratorConfig (optional)

    The name of the ConfigMap object that contains generator, detector, and chunker arguments. If using autoConfig, this field can be omitted.

    guardrailsGatewayConfig (optional)

    The name of the ConfigMap object that specifies gateway configurations. This field can be omitted if you are not using the Guardrails Gateway or are using autoConfig.

    customDetectorsConfig (optional)

    This feature is in development preview.

    autoConfig (optional)

    A list of paired name and value arguments to define how the Guardrails AutoConfig. Any manually-specified configuration files in orchestratorConfig or guardrailsGatewayConfig takes precedence over the automatically-generated configuration files.

    • inferenceServiceToGuardrail - The name of the inference service you want to guardrail. This should exactly match the model name provided when deploying the model. For a list of valid names, you can run oc get isvc -n $NAMESPACE

    • detectorServiceLabelToMatch - A string label to use when searching for available detector servers. All inference services in your namespace with the label $detectorServiceLabelToMatch: true is automatically configured as a detector.

      See Auto Configuring Guardrails for more information.

    enableBuiltInDetectors (optional)

    A boolean value to inject the built-in detector sidecar container into the Orchestrator pod. The built-in detector is a lightweight HTTP server containing a number of available guardrailing algorithms.

    enableGuardrailsGateway (optional)

    A boolean value to enable controlled interaction with the Orchestrator service by enforcing stricter access to its exposed endpoints. It provides a mechanism of configuring detector pipelines, and then provides a unique /v1/chat/completions endpoint per configured detector pipeline.

    disableOrchestrator (optional)

    A boolean value to control whether the Guardrails Orchestrator is included in the deployment. This is intended for standalone built-in detector use cases, such as when you wish to interface with the built-in detectors but do not need orchestration capabilities, for example, when using llama-stack. If disableOrchestrator is set to true, then enableBuiltInDetectors must be also set to true.

    otelExporter (optional)

    A list of paired name and value arguments for configuring OpenTelemetry traces or metrics, or both:

    • otlpProtocol - Sets the protocol for all the OpenTelemetry protocol (OTLP) endpoints. Valid values are grpc (default) or http
    • otlpTracesEndpoint - Sets the OTLP endpoint. Default values are localhost:4317 for grpc and localhost:4318 for http
    • otlpMetricsEndpoint - Overrides the default OTLP metrics endpoint
    • enableTraces - Whether to enable tracing data export, default false
    • enableMetrics - Whether to enable metrics data export, default false

    logLevel (optional)

    The log level to be used in the Guardrails Orchestrator- available values are Error, Warn, Info (default), Debug, and Trace.

    tlsSecrets (optional)

    A list of names of Secret objects to mount to the Guardrails Orchestrator container. All secrets provided here are mounted into the directory /etc/tls/$SECRET_NAME for use in your Orchestrator config TLS configuration. Each secret should contain a tls.crt and a tls.key field.

    env (optional)

    A list of environment variables to set in the Guardrails Orchestrator deployment containers. These environment variables are created for every non-kube-rbac-proxy container, including the orchestrator, gateway, and built-in-detectors containers. You can use environment variables to pass API tokens and other configuration values. For more information on defining environment variables, see Define Environment Variables for a Container.

    replicas

    The number of Orchestrator pods to create.

  4. Deploy the Orchestrator CR, which creates a service account, deployment, service, and route object in your namespace: 

    oc apply -f orchestrator_cr.yaml -n <TEST_NAMESPACE>
    Copy to Clipboard Toggle word wrap

Verification

  1. Confirm that the Orchestrator and LLM pods are running: 

    $ oc get pods -n <TEST_NAMESPACE>
    Copy to Clipboard Toggle word wrap

    Example response

    NAME                                       READY   STATUS    RESTARTS   AGE
guardrails-orchestrator-sample             3/3     Running   0          3h53m
    Copy to Clipboard Toggle word wrap

  2. Query the /health endpoint of the Orchestrator route to check the current status of the detector and generator services. If a 200 OK response is returned, the services are functioning normally: 

    $ GORCH_ROUTE_HEALTH=$(oc get routes guardrails-orchestrator-sample-health -o jsonpath='{.spec.host}' -n <TEST_NAMESPACE)
    Copy to Clipboard Toggle word wrap 
    $ curl -v https://$GORCH_ROUTE_HEALTH/health
    Copy to Clipboard Toggle word wrap

    Example response

    *   Trying ::1:8034...
* connect to ::1 port 8034 failed: Connection refused
*   Trying 127.0.0.1:8034...
* Connected to localhost (127.0.0.1) port 8034 (#0)
> GET /health HTTP/1.1
> Host: localhost:8034
> User-Agent: curl/7.76.1
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< content-type: application/json
< content-length: 36
< date: Fri, 31 Jan 2025 14:04:25 GMT
<
* Connection #0 to host localhost left intact
{"fms-guardrails-orchestr8":"0.1.0"}
    Copy to Clipboard Toggle word wrap

1.5. Auto-configuring Guardrails
Copy link

Auto-configuration simplifies the Guardrails setup process by automatically identifying available detector servers in your namespace, handling TLS configuration, and generating configuration files for a Guardrails Orchestrator deployment. For example, if any of the detectors or generation services use HTTPS, their credentials are automatically discovered, mounted, and used. Additionally, the Orchestrator is automatically configured to forward all necessary authentication token headers.

Prerequisites

  • Each detector service you intend to use has an OpenShift label applied in the resource metadata. For example, metadata.labels.<label_name>: 'true'. Choose a descriptive name for the label as it is required for auto-configuration.
  • You have set up the inference service to which you intend to apply Guardrails.

  • You have installed the OpenShift CLI (oc) as described in the appropriate documentation for your cluster:

Procedure

  1. Create a GuardrailsOrchestrator CR with the autoConfig configuration. For example, create a YAML file named guardrails_orchestrator_auto_cr.yaml with the following contents:

    Example guardrails_orchestrator_auto_cr.yaml CR

    apiVersion: trustyai.opendatahub.io/v1alpha1
kind: GuardrailsOrchestrator
metadata:
  name: guardrails-orchestrator
  annotations:
    security.opendatahub.io/enable-auth: 'true'
spec:
  autoConfig:
    inferenceServiceToGuardrail: <inference_service_name>
    detectorServiceLabelToMatch: <detector_service_label>
  enableBuiltInDetectors: true
  enableGuardrailsGateway: true
  replicas: 1
    Copy to Clipboard Toggle word wrap

    • inferenceServiceToGuardrail: Specifies the name of the vLLM inference service to protect with Guardrails.

    • detectorServiceLabelToMatch: Specifies the label that you applied to each of your detector servers in the metadata.labels specification for the detector. The Guardrails Orchestrator ConfigMap automatically updates to reflect detectors in your namespace that match the label set in the detectorServiceLabelToMatch field.

      If enableGuardrailsGateway is true, a template Guardrails gateway config called <ORCHESTRATOR_NAME>-gateway-auto-config is generated. You can modify this file to tailor your Guardrails Gateway setup as desired. The Guardrails Orchestrator automatically deploys when changes are detected. Once modified, the label trustyai/has-diverged-from-auto-config is applied. To revert the file back to the auto-generated starting point, simply delete it and the original auto-generated file is recreated.

      If enableBuiltInDetectors is true, the built-in detector server is automatically added to your Orchestrator configuration under the same built-in-detector, and a sample configuration is included in the auto-generated Guardrails gateway config if desired.

  2. Deploy the Orchestrator custom resource. This step creates a service account, deployment, service, and route object in your namespace. 

    oc apply -f guardrails_orchestrator_auto_cr.yaml -n <your_namespace>
    Copy to Clipboard Toggle word wrap

Verification

You can verify that the GuardrailsOrchestrator CR and corresponding automatically-generated configuration objects were successfully created in your namespace by running the following commands:

  1. Confirm that the GuardrailsOrchestrator CR was created: 

    $ oc get guardrailsorchestrator -n <your_namespace>
    Copy to Clipboard Toggle word wrap

  2. View the automatically generated Guardrails Orchestrator ConfigMaps: 

    $ oc get configmap -n <your_namespace> | grep auto-config
    Copy to Clipboard Toggle word wrap

  3. You can then view the automatically generated configmap: 

    $ oc get configmap/<auto-generated config map name> -n <your_namespace> -o yaml
    Copy to Clipboard Toggle word wrap

1.6. Configuring the OpenTelemetry exporter
Copy link

You can configure the OpenTelemetry exporter to collect traces and metrics from the GuardrailsOrchestrator service. This enables you to monitor and observe the service behavior in your environment.

Prerequisites

  • You have installed the Tempo Operator from the OperatorHub.
  • You have installed the Red Hat build of OpenTelemetry from the OperatorHub.

Procedure

  1. Enable user workload monitoring to observe telemetry data in OpenShift: 

    $ oc -n openshift-monitoring patch configmap cluster-monitoring-config --type merge -p '{"data":{"config.yaml":"enableUserWorkload: true\n"}}'
    Copy to Clipboard Toggle word wrap

  2. Deploy a MinIO instance to serve as the storage backend for Tempo:

    1. Create a YAML file named minio.yaml with the following content:

      Example minio.yaml configuration

      apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: minio-pvc
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 10Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: minio
spec:
  replicas: 1
  selector:
    matchLabels:
      app: minio
  template:
    metadata:
      labels:
        app: minio
    spec:
      containers:
      - name: minio
        image: quay.io/minio/minio:latest
        args:
        - server
        - /data
        - --console-address
        - :9001
        env:
        - name: MINIO_ROOT_USER
          value: "minio"
        - name: MINIO_ROOT_PASSWORD
          value: "minio123"
        ports:
        - containerPort: 9000
          name: api
        - containerPort: 9001
          name: console
        volumeMounts:
        - name: data
          mountPath: /data
      volumes:
      - name: data
        persistentVolumeClaim:
          claimName: minio-pvc
---
apiVersion: v1
kind: Service
metadata:
  name: minio
spec:
  ports:
  - port: 9000
    targetPort: 9000
    name: api
  - port: 9001
    targetPort: 9001
    name: console
  selector:
    app: minio
      Copy to Clipboard Toggle word wrap

    2. Apply the MinIO configuration: 

      $ oc apply -f minio.yaml
      Copy to Clipboard Toggle word wrap

    3. Verify that the MinIO pod is running: 

      $ oc get pods -l app=minio
      Copy to Clipboard Toggle word wrap

      Example output

      NAME                     READY   STATUS    RESTARTS   AGE
minio-5f8c9d7b6d-abc12   1/1     Running   0          30s
      Copy to Clipboard Toggle word wrap

  3. Create a TempoStack instance:

    1. Create a secret for MinIO credentials: 

      $ oc create secret generic tempo-s3-secret \
  --from-literal=endpoint=http://minio:9000 \
  --from-literal=bucket=tempo \
  --from-literal=access_key_id=minio \
  --from-literal=access_key_secret=minio123
      Copy to Clipboard Toggle word wrap

    2. Create a bucket in MinIO for Tempo storage: 

      $ oc run -i --tty --rm minio-client --image=quay.io/minio/mc:latest --restart=Never -- \
  sh -c "mc alias set minio http://minio:9000 minio minio123 && mc mb minio/tempo"
      Copy to Clipboard Toggle word wrap

    3. Create a YAML file named tempo.yaml with the following content:

      Example tempo.yaml configuration

      apiVersion: tempo.grafana.com/v1alpha1
kind: TempoStack
metadata:
  name: <tempo_stack_name>
spec:
  storage:
    secret:
      name: tempo-s3-secret
      type: s3
  storageSize: 1Gi
  resources:
    total:
      limits:
        memory: 2Gi
        cpu: 2000m
  template:
    queryFrontend:
      jaegerQuery:
        enabled: true
      Copy to Clipboard Toggle word wrap

    4. Apply the Tempo configuration: 

      $ oc apply -f tempo.yaml
      Copy to Clipboard Toggle word wrap

    5. Verify that the TempoStack pods are running: 

      $ oc get pods -l app.kubernetes.io/instance=<tempo_stack_name>
      Copy to Clipboard Toggle word wrap

      Example output

      NAME                                            READY   STATUS    RESTARTS   AGE
tempo-sample-compactor-0                        1/1     Running   0          2m
tempo-sample-distributor-7d9c8f5b6d-xyz12       1/1     Running   0          2m
tempo-sample-ingester-0                         1/1     Running   0          2m
tempo-sample-querier-5f8c9d7b6d-abc34           1/1     Running   0          2m
tempo-sample-query-frontend-6c7d8e9f7g-def56    1/1     Running   0          2m
      Copy to Clipboard Toggle word wrap

  4. Configure the OpenTelemetry instance to send telemetry data to the Tempo distributor:

    1. Create a YAML file named opentelemetry.yaml with the following content:

      Example opentelemetry.yaml configuration

      apiVersion: opentelemetry.io/v1beta1
kind: OpenTelemetryCollector
metadata:
  name: <otelcol_name>
spec:
  observability:
    metrics:
      enableMetrics: true
  deploymentUpdateStrategy: {}
  config:
    exporters:
      debug: null
      otlp:
        endpoint: 'tempo-<tempo_stack_name>-distributor:4317'
        tls:
          insecure: true
      prometheus:
        add_metric_suffixes: false
        endpoint: '0.0.0.0:8889'
        resource_to_telemetry_conversion:
          enabled: true
    processors:
      batch:
        send_batch_size: 10000
        timeout: 10s
      memory_limiter:
        check_interval: 1s
        limit_percentage: 75
        spike_limit_percentage: 15
    receivers:
      otlp:
        protocols:
          grpc:
            endpoint: '0.0.0.0:4317'
          http:
            endpoint: '0.0.0.0:4318'
    service:
      pipelines:
        metrics:
          exporters:
            - prometheus
            - debug
          processors:
            - batch
          receivers:
            - otlp
        traces:
          exporters:
            - otlp
            - debug
          processors:
            - batch
          receivers:
            - otlp
      telemetry:
        metrics:
          readers:
            - pull:
                exporter:
                  prometheus:
                    host: 0.0.0.0
                    port: 8888
  mode: deployment
      Copy to Clipboard Toggle word wrap

      The OpenTelemetry collector configuration defines the Tempo distributor and Prometheus services as exporters, which means that the OpenTelemetry collector sends telemetry data to these backends.

    2. Apply the OpenTelemetry configuration: 

      $ oc apply -f opentelemetry.yaml
      Copy to Clipboard Toggle word wrap

    3. Verify that the OpenTelemetry collector pod is running: 

      $ oc get pods -l app.kubernetes.io/name=<otelcol_name>-collector
      Copy to Clipboard Toggle word wrap

      Example output

      NAME                                      READY   STATUS    RESTARTS   AGE
<otelcol_name>-collector-7d9c8f5b6d-abc12   1/1     Running   0          45s
      Copy to Clipboard Toggle word wrap

  5. Define a GuardrailsOrchestrator custom resource object to specify the otelExporter configurations in a YAML file named orchestrator_otel_cr.yaml:

    Example orchestrator_otel_cr.yaml object with OpenTelemetry configured

    apiVersion: trustyai.opendatahub.io/v1alpha1
kind: GuardrailsOrchestrator
metadata:
  name: gorch-test
spec:
  orchestratorConfig: "fms-orchestr8-config-nlp"
  replicas: 1
  otelExporter:
    otlpProtocol: grpc
    1 
    
    otlpTracesEndpoint: http://<otelcol_name>-collector.<namespace>.svc.cluster.local:4317
    2 
    
    otlpMetricsEndpoint: http://<otelcol_name>-collector.<namespace>.svc.cluster.local:4317
    3 
    
    enableMetrics: true
    4 
    
    enableTracing: true
    5
    Copy to Clipboard Toggle word wrap

    • orchestratorConfig: This references the config map that you created when deploying the Guardrails Orchestrator service.
    • otlpProtocol: The protocol for sending traces and metrics data. Valid values are grpc or http.
    • otlpTracesEndpoint: The hostname and port for exporting trace data to the OpenTelemetry collector.
    • otlpMetricsEndpoint: The hostname and port for exporting metrics data to the OpenTelemetry collector.
    • enableMetrics: Set to true to enable exporting metrics data.
    • enableTracing: Set to true to enable exporting trace data.

  6. Deploy the orchestrator custom resource: 

    $ oc apply -f orchestrator_otel_cr.yaml
    Copy to Clipboard Toggle word wrap

Verification

Send a request to the guardrails service and verify your OpenTelemetry configuration.

  1. Observe traces using the Jaeger UI:

    1. Access the Jaeger UI by port-forwarding the Tempo traces service: 

      $ oc port-forward svc/tempo-<tempo_stack_name>-query-frontend 16686:16686
      Copy to Clipboard Toggle word wrap
    2. In a separate browser window, navigate to http://localhost:16686.
    3. Under Service, select fms_guardrails_orchestr8 and click Find Traces.

  2. Observe metrics using the OpenShift Metrics UI:

    1. In the Administrator perspective within the OpenShift web console, select Observe > Metrics and query one of the following metrics:

      • incoming_request_count
      • success_request_count
      • server_error_response_count
      • client_response_count
      • client_request_duration

1.7. Guardrails metrics
Copy link

Use Guardrails metrics to track functions and outputs of your Guardrails deployment and understand how your model is working.

Metrics are included as standard in your Guardrails deployment. They are sent to Prometheus in the form of outputs. They include features such as the number of requests for a particular guardrail function and the cumulative run time of a function.

Expand
Table 1.8. Guardrails metrics
MetricLabelsDescription

trustyai_guardrails_orchestrators

  • orchestrator_namespace: the namespace in which the orchestrator was deployed
  • using_built_in_detectors: boolean, whether the built_in detectors server is enabled for this orchestrator
  • using_sidecar_gateway: boolean, whether the sidecar gateway server is enabled for this orchestrator

Tracks the total number of guardrails orchestrators that have been deployed into the cluster, grouped by attributes of the orchestrator.

trustyai_guardrails_detections

  • detector_kind: the class of detector, for example “regex” or “sequence_classifier”
  • detector_name: the name of individual detection function, for example “credit-card” or “granite-guardian-hap-38m”

The total number of requests to a particular guardrail function that have resulted in a flagged detection.

trustyai_guardrails_requests

  • detector_kind: the class of detector, for example regex or sequence_classifier
  • detector_name: the name of individual detection function, for example credit-card or granite-guardian-hap-38m

The total number of requests to a particular guardrail function.

trustyai_guardrails_errors

  • detector_kind: the class of detector, for example regex or sequence_classifier
  • detector_name: the name of individual detection function, for example credit-card or granite-guardian-hap-38m

The total number of requests to a particular guardrail function that have been unable to produce a meaningful result due to an internal error of some kind.

trustyai_guardrails_runtime

  • detector_kind: the class of detector, for example regex or sequence_classifier
  • detector_name: the name of individual detection function, for example credit-card or granite-guardian-hap-38m

The cumulative runtime in seconds of a particular guardrail function, as the total latency that the guardrail function has induced over its lifespan.

Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2026 Red HatBack to top