Incorporated comments

Author: pabel-rh

modules/openshift-ai-connector-for-rhdh/proc-setting-up-openshift-ai-connector-for-rhdh-with-rhoai.adoc

@@ -48,7 +48,7 @@ metadata:
     argocd.argoproj.io/sync-wave: "0"
 rules:
   - apiGroups:
-      - apiextensions.k8s.sio
+      - apiextensions.k8s.io
     resources:
       - customresourcedefinitions
     verbs:
@@ -91,11 +91,11 @@ subjects:
     name: rhdh-rhoai-connector
     namespace: ai-rhdh
 ----
-** `Role` and `RoleBinding` to allow ConfigMap updates within the {product-very-short} namespace. For example:
+** `Role` and `RoleBinding` to allow ConfigMap updates within the {product-very-short} namespace (`ai-rhdh`). For example:
 +
 [source,yaml]
 ----
-# Example for `Role`
+# Example for `Role` in the {product-very-short} namespace (ai-rhdh)
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
@@ -109,25 +109,26 @@ rules:
 +
 [source,yaml]
 ----
-# Example for `RoleBinding`
+# Example for `RoleBinding` in the {product-very-short} namespace (ai-rhdh)
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
-  name: rhdh-rhoai-dashboard-permissions
-  namespace: rhoai-model-registries
+  name: rhdh-rhoai-connector
+  namespace: ai-rhdh
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
-  name: registry-user-modelregistry-public
+  name: rhdh-rhoai-connector
 subjects:
-  - apiGroup: rbac.authorization.k8s.io
-    kind: Group
-    name: system:serviceaccounts:ai-rhdh
+  - kind: ServiceAccount
+    name: rhdh-rhoai-connector
+    namespace: ai-rhdh
 ----
-** `RoleBinding` in the {rhoai-short} namespace to grant the {product-very-short} `ServiceAccount` read permissions to the model registry data (binding to `registry-user-modelregistry-public`).
+** `RoleBinding` in the {rhoai-short} namespace (`rhoai-model-registries`) to grant the {product-very-short} `ServiceAccount` read permissions to the model registry data (binding to `registry-user-modelregistry-public`).
 +
 [source,yaml]
 ----
+# Example for `RoleBinding` in the {rhoai-short} namespace (rhoai-model-registries)
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
@@ -173,7 +174,14 @@ plugins:
 ** If {product-very-short} was installed using the Operator, modify your {product-very-short} custom resource (CR) instance.
 ** If {product-very-short} was installed using the Helm charts, modify the *Deployment* specification.
 
-. The system relies on three sidecar containers ({openshift-ai-connector-name}) running alongside the `backstage-backend` container. Add these sidecar containers to your configuration referencing the `rhdh-rhoai-connector-token` Secret:
+. The system relies on three sidecar containers ({openshift-ai-connector-name}) running alongside the `backstage-backend` container. 
++
+[NOTE]
+====
+During startup, you may see non-critical log errors, such as `connection refused` or `in cluster config error: open /var/run/secrets/kubernetes.io/serviceaccount/token: no such file or directory`, in the sidecar logs (in the `location` container). These errors are expected during the initial setup and do not indicate a failure, provided the container eventually becomes healthy.
+====
+
+Add these sidecar containers to your configuration referencing the `rhdh-rhoai-connector-token` Secret:
 ** `location`: Provides the REST API for {product-very-short} plugins to fetch model metadata.
 ** `storage-rest`: Maintains a cache of AI Model metadata in a ConfigMap called `bac-import-model`.
 ** `rhoai-normalizer`: Acts as a Kubernetes controller and {rhoai-short} client, normalizing {rhoai-short} metadata for the connector. The following code block is an example:
@@ -184,7 +192,6 @@ spec:
   template:
     spec:
       containers:
-        - name: backstage-backend
         - env:
             - name: NORMALIZER_FORMAT
               value: JsonArrayFormat
@@ -200,7 +207,6 @@ spec:
             - secretRef:
                 name: rhdh-rhoai-connector-token
           image: quay.io/redhat-ai-dev/model-catalog-location-service@sha256:4f6ab6624a29f627f9f861cfcd5d18177d46aa2c67a81a75a1502c49bc2ff012
-
           imagePullPolicy: Always
           name: location
           ports:
@@ -210,8 +216,8 @@ spec:
           volumeMounts:
             - mountPath: /opt/app-root/src/dynamic-plugins-root
               name: dynamic-plugins-root
-            workingDir: /opt/app-root/src
-          - env:
+          workingDir: /opt/app-root/src
+        - env:
             - name: NORMALIZER_FORMAT
               value: JsonArrayFormat
             - name: STORAGE_TYPE
@@ -230,14 +236,13 @@ spec:
             - secretRef:
                 name: rhdh-rhoai-connector-token
           image: quay.io/redhat-ai-dev/model-catalog-storage-rest@sha256:398095e7469e86d84b1196371286363f4b7668aa3e26370b4d78cb8d4ace1dc9
-
           imagePullPolicy: Always
           name: storage-rest
           volumeMounts:
             - mountPath: /opt/app-root/src/dynamic-plugins-root
               name: dynamic-plugins-root
-            workingDir: /opt/app-root/src
-          - env:
+          workingDir: /opt/app-root/src
+        - env:
             - name: NORMALIZER_FORMAT
               value: JsonArrayFormat
             - name: POD_IP
@@ -252,13 +257,14 @@ spec:
             - secretRef:
                 name: rhdh-rhoai-connector-token
           image: quay.io/redhat-ai-dev/model-catalog-rhoai-normalizer@sha256:fe6c05d57495d6217c4d584940ec552c3727847ff60f39f5d04f94be024576d8
-
           imagePullPolicy: Always
           name: rhoai-normalizer
           volumeMounts:
             - mountPath: /opt/app-root/src/dynamic-plugins-root
               name: dynamic-plugins-root
-            workingDir: /opt/app-root/src
+          workingDir: /opt/app-root/src
+          args:
+            - '--metrics-address=:8081'
 ----
 
 . Enable `Connector` in your `{product-very-short}{my-app-config-file}` file.
@@ -271,7 +277,7 @@ providers:
     development:
       baseUrl: http://localhost:9090
 ----
-
++
 where:
 
 `modelCatalog`:: Specifies the name of the provider.