Installing Semantic Guardrails
This section describes the steps to install Semantic Guardrails.
1. Installing Data Discovery
For PII detection, it is recommended to install Data Discovery services before installing Semantic Guardrails.
For more information about installing Data Discovery service, refer to Installing Data Discovery.
To verify the Data Discovery service status, run the following command.
kubectl get pods -n data-discovery
2. Preparing and Installing
To install Semantic Guardrails, you must have access to the v1.1.1 helmchart.
To install the helm chart, run the following command.
helm upgrade semantic-guardrails \
oci://<container_registry_path>/semantic-guardrails/1.1/helm/semantic-guardrails \
--install --namespace pty-semantic-guardrails \
--version 1.1.1 \
--create-namespace
Note: In some deployments the above permission is managed by ProductConfiguration in the Helmchart.
If you create the user after installing SGR, you may have to redeploy the SGR helmchart afterwards.
3. Creating an SGR User
SGR users need the semantic_guardrails_user role with can_create_token permissions to access the API.
For more information on assigning roles, refer to Policy Management Command Line Interface (CLI) Reference.
To create a user, run the following command.
# Auto-discover gateway host from the cluster
GW_HOST=$(kubectl get gateway pty-main -n api-gateway -o jsonpath='{.status.addresses[0].value}')
ADMIN_USER="admin"
ADMIN_PASS="Admin123!"
# Obtain an admin token
TOKEN=$(curl -sk -X POST "https://${GW_HOST}/pty/v1/auth/login/token" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "loginname=${ADMIN_USER}&password=${ADMIN_PASS}" \
-D - -o /dev/null | grep -i 'pty_access_jwt_token' | awk '{print $2}' | tr -d '\r\n')
echo $TOKEN
# Add `can_create_token` as a permission to the `semantic_guardrails_user` role.
# This only needs to be done **once per deployment** (not per user).
curl -sk -X PUT "https://${GW_HOST}/pty/v1/auth/roles" \
-H "Authorization: Bearer ${TOKEN}" \
-H "Content-Type: application/json" \
-d '{
"name": "semantic_guardrails_user",
"permissions": ["semantic_guardrails_administrator", "can_create_token"]
}'
# Create User
curl -sk -X POST "https://${GW_HOST}/pty/v1/auth/users" \
-H "Authorization: Bearer ${TOKEN}" \
-H "Content-Type: application/json" \
-d '{
"username": "semantic_guardrails_username",
"password": "Admin123!",
"roles": [
"semantic_guardrails_user"
]
}'
4. Verifying Deployment Status
To verify the deployment status, run the following command.
kubectl get pods -n pty-semantic-guardrails
After Semantic Guardrails feature is successfully deployed, the expected output is as follows.
NAME READY STATUS RESTARTS AGE
semantic-guardrails-deployment-xxxxxxxxxx-xxxxx 1/1 Running 0 2m
5. Verifying the Service Status
To verify the service status, run the following command.
kubectl get svc -n pty-semantic-guardrails
After Semantic Guardrails feature is successfully deployed, the expected output is as follows.
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
semantic-guardrails-service ClusterIP 172.20.109.155 <none> 8001/TCP 3h
Feedback
Was this page helpful?