Chapter 2. OLSConfig API reference

llm

object

LLMSpec defines the desired state of the large language model (LLM).

ols

object

OLSSpec defines the desired state of OLS deployment.

olsDataCollector

object

OLSDataCollectorSpec defines allowed OLS data collector configuration.

providers

array

apiVersion

string

API Version for Azure OpenAI provider

credentialsSecretRef

object

The name of the secret object that stores API provider credentials

deploymentName

string

Azure OpenAI deployment name

models

array

List of models from the provider

name

string

Provider name

projectID

string

Watsonx Project ID

tlsSecurityProfile

object

TLS Security Profile used by connection to provider

type

string

Provider type

url

string

Provider API URL

name

string

Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

contextWindowSize

integer

Defines the model’s context window size. Default is specific to provider/model.

name

string

Model name

parameters

object

Model API parameters

url

string

Model API URL

maxTokensForResponse

integer

Max tokens for response

custom

``

custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this:

ciphers:

- ECDHE-ECDSA-CHACHA20-POLY1305

- ECDHE-RSA-CHACHA20-POLY1305

- ECDHE-RSA-AES128-GCM-SHA256

- ECDHE-ECDSA-AES128-GCM-SHA256

minTLSVersion: VersionTLS11

intermediate

``

intermediate is a TLS security profile based on:

https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29

and looks like this (yaml):

ciphers:

- TLS_AES_128_GCM_SHA256

- TLS_AES_256_GCM_SHA384

- TLS_CHACHA20_POLY1305_SHA256

- ECDHE-ECDSA-AES128-GCM-SHA256

- ECDHE-RSA-AES128-GCM-SHA256

- ECDHE-ECDSA-AES256-GCM-SHA384

- ECDHE-RSA-AES256-GCM-SHA384

- ECDHE-ECDSA-CHACHA20-POLY1305

- ECDHE-RSA-CHACHA20-POLY1305

- DHE-RSA-AES128-GCM-SHA256

- DHE-RSA-AES256-GCM-SHA384

minTLSVersion: VersionTLS12

modern

``

modern is a TLS security profile based on:

https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility

and looks like this (yaml):

ciphers:

- TLS_AES_128_GCM_SHA256

- TLS_AES_256_GCM_SHA384

- TLS_CHACHA20_POLY1305_SHA256

minTLSVersion: VersionTLS13

old

``

old is a TLS security profile based on:

https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility

and looks like this (yaml):

ciphers:

- TLS_AES_128_GCM_SHA256

- TLS_AES_256_GCM_SHA384

- TLS_CHACHA20_POLY1305_SHA256

- ECDHE-ECDSA-AES128-GCM-SHA256

- ECDHE-RSA-AES128-GCM-SHA256

- ECDHE-ECDSA-AES256-GCM-SHA384

- ECDHE-RSA-AES256-GCM-SHA384

- ECDHE-ECDSA-CHACHA20-POLY1305

- ECDHE-RSA-CHACHA20-POLY1305

- DHE-RSA-AES128-GCM-SHA256

- DHE-RSA-AES256-GCM-SHA384

- DHE-RSA-CHACHA20-POLY1305

- ECDHE-ECDSA-AES128-SHA256

- ECDHE-RSA-AES128-SHA256

- ECDHE-ECDSA-AES128-SHA

- ECDHE-RSA-AES128-SHA

- ECDHE-ECDSA-AES256-SHA384

- ECDHE-RSA-AES256-SHA384

- ECDHE-ECDSA-AES256-SHA

- ECDHE-RSA-AES256-SHA

- DHE-RSA-AES128-SHA256

- DHE-RSA-AES256-SHA256

- AES128-GCM-SHA256

- AES256-GCM-SHA384

- AES128-SHA256

- AES256-SHA256

- AES128-SHA

- AES256-SHA

- DES-CBC3-SHA

minTLSVersion: VersionTLS10

type

string

type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. Old, Intermediate and Modern are TLS security profiles based on:

https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations

The profiles are intent based, so they might change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list might be reduced.

Note that the Modern profile is currently not supported because it is not yet well adopted by common software libraries.

additionalCAConfigMapRef

object

Additional CA certificates for TLS communication between OLS service and LLM Provider

conversationCache

object

Conversation cache settings

defaultModel

string

Default model for usage

defaultProvider

string

Default provider for usage

deployment

object

OLS deployment settings

introspectionEnabled

boolean

Enable introspection features

logLevel

string

Log level. Valid options are DEBUG, INFO, WARNING, ERROR and CRITICAL. Default: "INFO".

queryFilters

array

Query filters

tlsConfig

object

TLS configuration of the Lightspeed backend’s HTTPS endpoint

tlsSecurityProfile

object

TLS Security Profile used by API endpoints

userDataCollection

object

User data collection switches

name

string

Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

postgres

object

PostgresSpec defines the desired state of Postgres.

type

string

Conversation cache type. Default: "postgres"

credentialsSecret

string

Secret that holds postgres credentials

dbName

string

Postgres database name

maxConnections

integer

Postgres maxconnections. Default: "2000"

sharedBuffers

integer-or-string

Postgres sharedbuffers

user

string

Postgres user name

api

object

API container settings.

console

object

Console container settings.

dataCollector

object

Data Collector container settings.

replicas

integer

Defines the number of desired OLS pods. Default: "1"

nodeSelector

object (string)

resources

object

ResourceRequirements describes the compute resource requirements.

tolerations

array

claims

array

Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.

This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.

This field is immutable. It can only be set for containers.

limits

integer-or-string

Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/

requests

integer-or-string

Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/

name

string

Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.

request

string

Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.

effect

string

Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.

key

string

Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.

operator

string

Operator represents a key’s relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.

tolerationSeconds

integer

TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.

value

string

Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.

caCertificate

string

Certificate Authority (CA) certificate used by the console proxy endpoint.

nodeSelector

object (string)

replicas

integer

Defines the number of desired Console pods. Default: "1"

resources

object

ResourceRequirements describes the compute resource requirements.

tolerations

array

claims

array

Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.

This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.

This field is immutable. It can only be set for containers.

limits

integer-or-string

Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/

requests

integer-or-string

Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/

name

string

Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.

request

string

Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.

effect

string

Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.

key

string

Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.

operator

string

Operator represents a key’s relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.

tolerationSeconds

integer

TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.

value

string

Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.

resources

object

ResourceRequirements describes the compute resource requirements.

claims

array

Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.

This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.

This field is immutable. It can only be set for containers.

limits

integer-or-string

Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/

requests

integer-or-string

Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/

name

string

Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.

request

string

Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.

name

string

Filter name.

pattern

string

Filter pattern.

replaceWith

string

Replacement for the matched pattern.

keyCertSecretRef

object

KeySecretRef is the secret that holds the TLS key.

name

string

Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

custom

``

custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this:

ciphers:

- ECDHE-ECDSA-CHACHA20-POLY1305

- ECDHE-RSA-CHACHA20-POLY1305

- ECDHE-RSA-AES128-GCM-SHA256

- ECDHE-ECDSA-AES128-GCM-SHA256

minTLSVersion: VersionTLS11

intermediate

``

intermediate is a TLS security profile based on:

https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29

and looks like this (yaml):

ciphers:

- TLS_AES_128_GCM_SHA256

- TLS_AES_256_GCM_SHA384

- TLS_CHACHA20_POLY1305_SHA256

- ECDHE-ECDSA-AES128-GCM-SHA256

- ECDHE-RSA-AES128-GCM-SHA256

- ECDHE-ECDSA-AES256-GCM-SHA384

- ECDHE-RSA-AES256-GCM-SHA384

- ECDHE-ECDSA-CHACHA20-POLY1305

- ECDHE-RSA-CHACHA20-POLY1305

- DHE-RSA-AES128-GCM-SHA256

- DHE-RSA-AES256-GCM-SHA384

minTLSVersion: VersionTLS12

modern

``

modern is a TLS security profile based on:

https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility

and looks like this (yaml):

ciphers:

- TLS_AES_128_GCM_SHA256

- TLS_AES_256_GCM_SHA384

- TLS_CHACHA20_POLY1305_SHA256

minTLSVersion: VersionTLS13

old

``

old is a TLS security profile based on:

https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility

and looks like this (yaml):

ciphers:

- TLS_AES_128_GCM_SHA256

- TLS_AES_256_GCM_SHA384

- TLS_CHACHA20_POLY1305_SHA256

- ECDHE-ECDSA-AES128-GCM-SHA256

- ECDHE-RSA-AES128-GCM-SHA256

- ECDHE-ECDSA-AES256-GCM-SHA384

- ECDHE-RSA-AES256-GCM-SHA384

- ECDHE-ECDSA-CHACHA20-POLY1305

- ECDHE-RSA-CHACHA20-POLY1305

- DHE-RSA-AES128-GCM-SHA256

- DHE-RSA-AES256-GCM-SHA384

- DHE-RSA-CHACHA20-POLY1305

- ECDHE-ECDSA-AES128-SHA256

- ECDHE-RSA-AES128-SHA256

- ECDHE-ECDSA-AES128-SHA

- ECDHE-RSA-AES128-SHA

- ECDHE-ECDSA-AES256-SHA384

- ECDHE-RSA-AES256-SHA384

- ECDHE-ECDSA-AES256-SHA

- ECDHE-RSA-AES256-SHA

- DHE-RSA-AES128-SHA256

- DHE-RSA-AES256-SHA256

- AES128-GCM-SHA256

- AES256-GCM-SHA384

- AES128-SHA256

- AES256-SHA256

- AES128-SHA

- AES256-SHA

- DES-CBC3-SHA

minTLSVersion: VersionTLS10

type

string

type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. Old, Intermediate and Modern are TLS security profiles based on:

https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations

The profiles are intent based, so they might change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list might be reduced.

Note that the Modern profile is currently not supported because it is not yet well adopted by common software libraries.

feedbackDisabled

boolean

transcriptsDisabled

boolean

logLevel

string

Log level. Valid options are DEBUG, INFO, WARNING, ERROR and CRITICAL. Default: "INFO".