Info alert:Important Notice

Please note that more information about the previous v2 releases can be found here. You can use "Find a release" search bar to search for a particular release.

Monitoring data science models

Table of Contents

Overview of model monitoring
Configuring TrustyAI
Setting up TrustyAI for your project
Monitoring model bias
Monitoring data drift
Using explainability
Evaluating large language models
Bias monitoring tutorial - Gender bias example

Overview of model monitoring

To ensure that machine-learning models are transparent, fair, and reliable, data scientists can use TrustyAI in Open Data Hub to monitor their data science models.

Data scientists can monitor their data science models in Open Data Hub for the following metrics:

Bias: Check for unfair patterns or biases in data and model predictions to ensure your model’s decisions are unbiased.
Data drift: Detect changes in input data distributions over time by comparing the latest real-world data to the original training data. Comparing the data identifies shifts or deviations that could impact model performance, ensuring that the model remains accurate and reliable.
Explainability: Understand how your model makes its predictions and decisions.
LLM evaluation: Monitor your Large Language Models (LLMs) against a range of metrics, in order to ensure the accuracy and quality of its output.

Configuring TrustyAI

To configure model monitoring with TrustyAI for data scientists to use in Open Data Hub, a cluster administrator does the following tasks:

Configure monitoring for the model serving platform
Enable the TrustyAI component in the Open Data Hub Operator
Configure TrustyAI to use a database, if you want to use your database instead of a PVC for storage with TrustyAI
Install the TrustyAI service on each data science project that contains models that the data scientists want to monitor

Configuring monitoring for your model serving platform

Open Data Hub provides the following model serving platforms:

Single-model serving platform: For deploying large models such as large language models (LLMs), Open Data Hub includes a single model serving platform that is based on the KServe component. Each model is deployed from its own model server. Use the single model serving platform in situations where you need to deploy, monitor, scale, and maintain large models that require increased resources.
Multi-model serving platform: For deploying small and medium-sized models, Open Data Hub includes a multi-model serving platform that is based on the ModelMesh component. On the multi-model serving platform, you can deploy multiple models on the same model server. Each of the deployed models shares the server resources. This approach can be useful on Open Data Hub clusters that have finite compute resources or pods.

The process for configuring monitoring for either a single (KServe) or a multi-model (ModelMesh) serving platform is the same.

Prerequisites

You have cluster administrator privileges for your OpenShift Container Platform cluster.
You have downloaded and installed the OpenShift command-line interface (CLI). See Installing the OpenShift CLI.
You are familiar with creating a config map for monitoring a user-defined workflow. You will perform similar steps in this procedure.
You are familiar with enabling monitoring for user-defined projects in OpenShift. You will perform similar steps in this procedure.
You have assigned the monitoring-rules-view role to users that will monitor metrics.

Procedure

In a terminal window, if you are not already logged in to your OpenShift cluster as a cluster administrator, log in to the OpenShift CLI as shown in the following example:
```
$ oc login <openshift_cluster_url> -u <admin_username> -p <password>
```
Define a ConfigMap object in a YAML file called uwm-cm-conf.yaml with the following contents:
```
apiVersion: v1
kind: ConfigMap
metadata:
  name: user-workload-monitoring-config
  namespace: openshift-user-workload-monitoring
data:
  config.yaml: |
    prometheus:
      logLevel: debug
      retention: 15d
```
The user-workload-monitoring-config object configures the components that monitor user-defined projects. Observe that the retention time is set to the recommended value of 15 days.
Apply the configuration to create the user-workload-monitoring-config object.
```
$ oc apply -f uwm-cm-conf.yaml
```
Define another ConfigMap object in a YAML file called uwm-cm-enable.yaml with the following contents:
```
apiVersion: v1
kind: ConfigMap
metadata:
  name: cluster-monitoring-config
  namespace: openshift-monitoring
data:
  config.yaml: |
    enableUserWorkload: true
```
The cluster-monitoring-config object enables monitoring for user-defined projects.
Apply the configuration to create the cluster-monitoring-config object.
```
$ oc apply -f uwm-cm-enable.yaml
```

Enabling the TrustyAI component

To allow your data scientists to use model monitoring with TrustyAI, you must enable the TrustyAI component in Open Data Hub.

Prerequisites

You have cluster administrator privileges for your OpenShift Container Platform cluster.
You have access to the data science cluster.
You have installed Open Data Hub.

Procedure

In the OpenShift Container Platform console, click Operators → Installed Operators.
Search for the Open Data Hub Operator, and then click the Operator name to open the Operator details page.
Click the Data Science Cluster tab.
Click the default instance name (for example, default-dsc) to open the instance details page.
Click the YAML tab to show the instance specifications.
In the spec:components section, set the managementState field for the trustyai component to Managed:
```
 trustyai:
    managementState: Managed
```
Click Save.

Verification

Check the status of the trustyai-service-operator pod:

In the OpenShift Container Platform console, from the Project list, select opendatahub.
Click Workloads → Deployments.
Search for the trustyai-service-operator-contoller-manager deployment. Check the status:
1. Click the deployment name to open the deployment details page.
2. Click the Pods tab.
3. View the pod status.
  
  When the status of the trustyai-service-operator-controller-manager-<pod-id> pod is Running, the pod is ready to use.

Configuring TrustyAI with a database

If you have a relational database in your OpenShift Container Platform cluster such as MySQL or MariaDB, you can configure TrustyAI to use your database instead of a persistent volume claim (PVC). Using a database instead of a PVC for storage can improve scalability, performance, and data management in TrustyAI. Provide TrustyAI with a database configuration secret before deployment. You can create a secret or specify the name of an existing Kubernetes secret within your project.

Prerequisites

You have cluster administrator privileges for your OpenShift Container Platform cluster.
You have downloaded and installed the OpenShift command-line interface (CLI). See Installing the OpenShift CLI.
You have enabled the TrustyAI component, as described in Enabling the TrustyAI component.
The data scientist has created a data science project, as described in Creating a data science project, that contains the models that the data scientist wants to monitor.
If you are configuring the TrustyAI service with an external MySQL database, your database must already be in your cluster and use at least MySQL version 5.x. However, Red Hat recommends that you use MySQL version 8.x.
If you are configuring the TrustyAI service with a MariaDB database, your database must already be in your cluster and use MariaDB version 10.3 or later. However, Red Hat recommends that you use at least MariaDB version 10.5.

Note	The transport security layer (TLS) protocol does not work with the MariaDB operator 0.29 or later versions.

Procedure

In a terminal window, if you are not already logged in to your OpenShift cluster as a cluster administrator, log in to the OpenShift CLI as shown in the following example:
```
$ oc login <openshift_cluster_url> -u <admin_username> -p <password>
```
Optional: If you want to use a TLS connection between TrustyAI and the database, create a TrustyAI service database TLS secret that uses the same certificates that you want to use for the database.
1. Create a YAML file to contain your TLS secret and add the following code:
  apiVersion: v1 kind: Secret metadata: name: <service_name>-db-tls type: kubernetes.io/tls data: tls.crt: | <TLS CERTIFICATE> tls.key: | <TLS KEY>
2. Save the file with the file name <service_name>-db-tls.yaml. For example, if your service name is trustyai-service, save the file as trustyai-service-db-tls.yaml.
3. Apply the YAML file in the data science project that contains the models that the data scientist wants to monitor:
  $ oc apply -f <service_name>-db-tls.yaml -n <project_name>
Create a secret (or specify an existing one) that has your database credentials.
1. Create a YAML file to contain your secret and add the following code:
  apiVersion: v1 kind: Secret metadata: name: db-credentials type: Opaque stringData: databaseKind: <mariadb> (1) databaseUsername: <TrustyAI_username> (2) databasePassword: <TrustyAI_password> (3) databaseService: mariadb-service (4) databasePort: 3306 (5) databaseGeneration: update (6) databaseName: trustyai_service (7)
  1. The only currently supported databaseKind value is mariadb.
  2. The username you want TrustyAI to use when interfacing with the database.
  3. The password that TrustyAI must use when connecting to the database.
  4. The Kubernetes (K8s) service that TrustyAI must use when connecting to the database (the default mariadb) .
  5. The port that TrustyAI must use when connecting to the database (default is 3306).
  6. The database schema generation strategy to be used by TrustyAI. It is the setting for the quarkus.hibernate-orm.database.generation argument, which determines how TrustyAI interacts with the database on its initial connection. Set to none, create, drop-and-create, drop, update, or validate.
  7. The name of the individual database within the database service that the username and password authenticate to, as well as the specific database name that TrustyAI should read and write to on the database server.
2. Save the file with the file name db-credentials.yaml. You will need this name later when you install or change the TrustyAI service.
3. Apply the YAML file in the data science project that contains the models that the data scientist wants to monitor:
  $ oc apply -f db-credentials.yaml -n <project_name>
If you are installing TrustyAI for the first time on a project, continue to Installing the TrustyAI service for a project.

If you already installed TrustyAI on a project, you can migrate the existing TrustyAI service from using a PVC to using a database.
1. Create a YAML file to update the TrustyAI service custom resource (CR) and add the following code:
  apiVersion: trustyai.opendatahub.io/v1alpha1 kind: TrustyAIService metadata: annotations: trustyai.opendatahub.io/db-migration: "true" (1) name: trustyai-service (2) spec: storage: format: "DATABASE" (3) folder: "/inputs" (4) size: "1Gi" (5) databaseConfigurations: <database_secret_credentials> (6) data: filename: "data.csv" (7) metrics: schedule: "5s" (8)
  1. Set to true to prompt the migration from PVC to database storage.
  2. The name of the TrustyAI service instance.
  3. The storage format for the data. Set this field to DATABASE.
  4. The location within the PVC where you were storing the data. This must match the value specified in the existing CR.
  5. The size of the data to request.
  6. The name of the secret with your database credentials that you created in an earlier step. For example, db-credentials.
  7. The suffix for the existing stored data files. This must match the value specified in the existing CR.
  8. The interval at which to calculate the metrics. The default is 5s. The duration is specified with the ISO-8601 format. For example, 5s for 5 seconds, 5m for 5 minutes, and 5h for 5 hours.
2. Save the file. For example, trustyai_crd.yaml.
3. Apply the new TrustyAI service CR to the data science project that contains the models that the data scientist wants to monitor:
  $ oc apply -f trustyai_crd.yaml -n <project_name>

Installing the TrustyAI service for a project

Install the TrustyAI service on a data science project to provide access to its features for all models deployed within that project. An instance of the TrustyAI service is required for each data science project, or namespace, that contains models that the data scientists want to monitor.

Use the Open Data Hub dashboard or the OpenShift command-line interface (CLI) to install an instance of the TrustyAI service.

Note	Install only one instance of the TrustyAI service in a project. Multiple instances in the same project can result in unexpected behavior. Installing TrustyAI into a namespace where non-OVMS models are deployed can cause errors in the TrustyAI service.

Installing the TrustyAI service by using the dashboard

You can use the Open Data Hub dashboard to install an instance of the TrustyAI service.

Prerequisites

A cluster administrator has configured monitoring for the model serving platform, as described in Configuring monitoring for the multi-model serving platform.
A cluster administrator has enabled the TrustyAI component, as described in Enabling the TrustyAI component.
If you are using TrustyAI with a database instead of PVC, a cluster administrator has configured TrustyAI to use the database, as described in Configuring TrustyAI with a database.
The data scientist has created a data science project, as described in Creating a data science project, that contains the models that the data scientist wants to monitor.
You have logged in to Open Data Hub as a user with Open Data Hub administrator privileges.

Procedure

From the Open Data Hub dashboard, click Data Science Projects.

The Data Science Projects page opens.
Click the name of the project that contains the models that the data scientist wants to monitor.

The project details page opens.
Click the Settings tab.
Select the Enable model bias monitoring checkbox.

Verification

In the OpenShift Container Platform web console, click Workloads → Pods.
From the project list, select the project in which you installed TrustyAI.
Confirm that the Pods list includes a running pod for the TrustyAI service. The pod has a naming pattern similar to the following example:
```
trustyai-service-5d45b5884f-96h5z
```

Installing the TrustyAI service by using the CLI

You can use the OpenShift command-line interface (CLI) to install an instance of the TrustyAI service.

Prerequisites

You have cluster administrator privileges for your OpenShift Container Platform cluster.
You have downloaded and installed the OpenShift command-line interface (CLI). See Installing the OpenShift CLI.
You have configured monitoring for the model serving platform, as described in Configuring monitoring for the multi-model serving platform.
You have enabled the TrustyAI component, as described in Enabling the TrustyAI component.
If you are using TrustyAI with a database instead of PVC, you have configured TrustyAI to use the database, as described in Configuring TrustyAI with a database.
The data scientist has created a data science project, as described in Creating a data science project, that contains the models that the data scientist wants to monitor.

Procedure

Open a new terminal window.
Follow these steps to log in to your OpenShift Container Platform cluster as a cluster administrator:
1. In the OpenShift Container Platform web console, click your user name and select Copy login command.
2. After you have logged in, click Display token.
3. Copy the Log in with this token command and paste it in the OpenShift command-line interface (CLI).
  $ oc login --token=<token> --server=<openshift_cluster_url>
Navigate to the data science project that contains the models that the data scientist wants to monitor.
```
oc project <project_name>
```
For example:
```
oc project my-project
```
Create a TrustyAIService custom resource (CR) file, for example trustyai_crd.yaml:
Example CR file for TrustyAI using a database
```
apiVersion: trustyai.opendatahub.io/v1alpha1
kind: TrustyAIService
metadata:
  name: trustyai-service (1)
spec:
  storage:
	  format: "DATABASE" (2)
	  size: "1Gi" (3)
	  databaseConfigurations: <database_secret_credentials> (4)
  metrics:
  	schedule: "5s" (5)
```
1. The name of the TrustyAI service instance.
2. The storage format for the data, either DATABASE or PVC (persistent volume claim). Red Hat recommends that you use a database setup for better scalability, performance, and data management in TrustyAI.
3. The size of the data to request.
4. The name of the secret with your database credentials that you created in Configuring TrustyAI with a database. For example, db-credentials.
5. The interval at which to calculate the metrics. The default is 5s. The duration is specified with the ISO-8601 format. For example, 5s for 5 seconds, 5m for 5 minutes, and 5h for 5 hours.
Example CR file for TrustyAI using a PVC
```
apiVersion: trustyai.opendatahub.io/v1alpha1
kind: TrustyAIService
metadata:
  name: trustyai-service (1)
spec:
  storage:
	  format: "PVC" (2)
	  folder: "/inputs" (3)
	  size: "1Gi" (4)
  data:
	  filename: "data.csv" (5)
	  format: "CSV" (6)
  metrics:
  	schedule: "5s" (7)
  	batchSize: 5000 (8)
```
1. The name of the TrustyAI service instance.
2. The storage format for the data, either DATABASE or PVC (persistent volume claim).
3. The location within the PVC where you want to store the data.
4. The size of the PVC to request.
5. The suffix for the stored data files.
6. The format of the data. Currently, only comma-separated value (CSV) format is supported.
7. The interval at which to calculate the metrics. The default is 5s. The duration is specified with the ISO-8601 format. For example, 5s for 5 seconds, 5m for 5 minutes, and 5h for 5 hours.
8. (Optional) The observation’s historical window size to use for metrics calculation. The default is 5000, which means that the metrics are calculated using the 5,000 latest inferences.
Add the TrustyAI service’s CR to your project:
```
oc apply -f trustyai_crd.yaml
```
This command returns output similar to the following:
```
trusty-service created
```

Verification

Verify that you installed the TrustyAI service:

oc get pods | grep trustyai

You should see a response similar to the following:

trustyai-service-5d45b5884f-96h5z             1/1     Running

Setting up TrustyAI for your project

To set up model monitoring with TrustyAI for a data science project, a data scientist does the following tasks:

Authenticate the TrustyAI service
Send training data to TrustyAI for bias or data drift monitoring
Label your data fields (optional)

After setting up, a data scientist can create and view bias and data drift metrics for deployed models.

Authenticating the TrustyAI service

To access TrustyAI service external endpoints, you must provide OAuth proxy (oauth-proxy) authentication. You must obtain a user token, or a token from a service account with sufficient privileges, and then pass the token to the TrustyAI service when using curl commands.

Prerequisites

You installed the OpenShift command line interface (oc) as described in Installing the OpenShift CLI.
Your OpenShift cluster administrator added you as a user to the OpenShift Container Platform cluster and has installed the TrustyAI service for the data science project that contains the deployed models.

Procedure

Open a new terminal window.
Follow these steps to log in to your OpenShift Container Platform cluster:
1. In the upper-right corner of the OpenShift web console, click your user name and select Copy login command.
2. After you have logged in, click Display token.
3. Copy the Log in with this token command and paste it in the OpenShift command-line interface (CLI).
  $ oc login --token=<token> --server=<openshift_cluster_url>
Enter the following command to set a user token variable on OpenShift Container Platform:
```
export TOKEN=$(oc whoami -t)
```

Verification

Enter the following command to check the user token variable:
```
echo $TOKEN
```

Next step

When running curl commands, pass the token to the TrustyAI service using the Authorization header. For example:

curl -H "Authorization: Bearer $TOKEN" $TRUSTY_ROUTE

Sending training data to TrustyAI

To use TrustyAI for bias monitoring or data drift detection, you must send training data for your model to TrustyAI.

Prerequisites

Your OpenShift cluster administrator added you as a user to the OpenShift Container Platform cluster and has installed the TrustyAI service for the data science project that contains the deployed models.
You authenticated the TrustyAI service as described in Authenticating the TrustyAI service.
Your deployed model is registered with TrustyAI.

Verify that the TrustyAI service has registered your deployed model, as follows:
1. In the OpenShift Container Platform web console, navigate to Workloads → Pods.
2. From the project list, select the project that contains your deployed model.
3. Select the pod for your serving platform (for example, modelmesh-serving-ovms-1.x-xxxxx).
4. On the Environment tab, verify that the MM_PAYLOAD_PROCESSORS environment variable is set.

Procedure

Set the TRUSTY_ROUTE variable to the external route for the TrustyAI service pod.

TRUSTY_ROUTE=https://$(oc get route/trustyai-service --template={{.spec.host}})

Get the inference endpoints for the deployed model, as described in Accessing the inference endpoint for a deployed model.
Send data to this endpoint. For more information, see the KServe v2 Inference Protocol documentation.

Verification

Follow these steps to view cluster metrics and verify that TrustyAI is receiving data.

Log in to the OpenShift Container Platform web console.
Switch to the Developer perspective.
In the left menu, click Observe.
On the Metrics page, click the Select query list and then select Custom query.
In the Expression field, enter trustyai_model_observations_total and press Enter. Your model should be listed and reporting observed inferences.
Optional: Select a time range from the list above the graph. For example, select 5m.

Labeling data fields

After you send model training data to TrustyAI, you might want to apply a set of name mappings to your inputs and outputs so that the field names are meaningful and easier to work with.

Prerequisites

Your OpenShift cluster administrator added you as a user to the OpenShift Container Platform cluster and has installed the TrustyAI service for the data science project that contains the deployed models.
You sent training data to TrustyAI as described in Sending training data to TrustyAI.

Procedure

Open a new terminal window.
Follow these steps to log in to your OpenShift Container Platform cluster:
1. In the upper-right corner of the OpenShift web console, click your user name and select Copy login command.
2. After you have logged in, click Display token.
3. Copy the Log in with this token command and paste it in the OpenShift command-line interface (CLI).
  $ oc login --token=<token> --server=<openshift_cluster_url>

In the OpenShift CLI, get the route to the TrustyAI service:

TRUSTY_ROUTE=https://$(oc get route/trustyai-service --template={{.spec.host}})

To examine TrustyAI’s model metadata, query the /info endpoint:
```
curl -H "Authorization: Bearer $TOKEN" $TRUSTY_ROUTE/info | jq ".[0].data"
```
This outputs a JSON file containing the following information for each model:
- The names, data types, and positions of input fields and output fields.
- The observed field values.
- The total number of input-output pairs observed.

Use POST /info/names to apply name mappings to the fields, similar to the following example.

Change the model-name, original-name, and Prediction values to those used in your model. Change the New name values to the labels that you want to use.

curl -sk -H "Authorization: Bearer $TOKEN" -X POST --location $TRUSTY_ROUTE/info/names \
  -H "Content-Type: application/json"   \
  -d "{
    \"modelId\": \"model-name\",
    \"inputMapping\":
      {
        \"original-name-0\": \"New name 0\",
        \"original-name-1\": \"New name 1\",
        \"original-name-2\": \"New name 2\",
        \"original-name-3\": \"New name 3\",
      },
    \"outputMapping\": {
      \"predict-0\": \"Prediction 0\"
    }
  }"

For another example, see https://github.com/trustyai-explainability/odh-trustyai-demos/blob/main/2-BiasMonitoring/kserve-demo/scripts/apply_name_mapping.sh.

Verification

A "Feature and output name mapping successfully applied" message is displayed.

Monitoring model bias

As a data scientist, you might want to monitor your machine learning models for bias. This means monitoring for algorithmic deficiencies that might skew the outcomes or decisions that the model produces. Importantly, this type of monitoring helps you to ensure that the model is not biased against particular protected groups or features.

Open Data Hub provides a set of metrics that help you to monitor your models for bias. You can use the Open Data Hub interface to choose an available metric and then configure model-specific details such as a protected attribute, the privileged and unprivileged groups, the outcome you want to monitor, and a threshold for bias. You then see a chart of the calculated values for a specified number of model inferences.

For more information about the specific bias metrics, see Supported bias metrics.

Creating a bias metric

To monitor a deployed model for bias, you must first create bias metrics. When you create a bias metric, you specify details relevant to your model such as a protected attribute, privileged and unprivileged groups, a model outcome and a value that you want to monitor, and the acceptable threshold for bias.

For information about the specific bias metrics, see Supported bias metrics.

For the complete list of TrustyAI metrics, see TrustyAI service API.

You can create a bias metric for a model by using the Open Data Hub dashboard or by using the OpenShift command-line interface (CLI).

Creating a bias metric by using the dashboard

You can use the Open Data Hub dashboard to create a bias metric for a model.

Prerequisites

You are familiar with the bias metrics that Open Data Hub supports and how to interpret them.
You are familiar with the specific data set schema and understand the names and meanings of the inputs and outputs.
Your OpenShift cluster administrator added you as a user to the OpenShift Container Platform cluster and has installed the TrustyAI service for the data science project that contains the deployed models.
You set up TrustyAI for your data science project, as described in Setting up TrustyAI for your project.

Procedure

Optional: To set the TRUSTY_ROUTE variable, follow these steps.
1. In a terminal window, log in to the OpenShift cluster where Open Data Hub is deployed.
  oc login
2. Set the TRUSTY_ROUTE variable to the external route for the TrustyAI service pod.
  TRUSTY_ROUTE=https://$(oc get route/trustyai-service --template={{.spec.host}})
In the left menu of the Open Data Hub dashboard, click Model Serving.
On the Deployed models page, select your project from the drop-down list.
Click the name of the model that you want to configure bias metrics for.
On the metrics page for the model, click the Model bias tab.
Click Configure.

In the Configure bias metrics dialog, complete the following steps to configure bias metrics:

In the Metric name field, type a unique name for your bias metric. Note that you cannot change the name of this metric later.
From the Metric type list, select one of the metrics types that are available in Open Data Hub.

In the Protected attribute field, type the name of an attribute in your model that you want to monitor for bias.

Tip	You can use a `curl` command to query the metadata endpoint and view input attribute names and values. For example: `curl -H "Authorization: Bearer $TOKEN" $TRUSTY_ROUTE/info \| jq ".[0].data.inputSchema"`

In the Privileged value field, type the name of a privileged group for the protected attribute that you specified.
In the Unprivileged value field, type the name of an unprivileged group for the protected attribute that you specified.

In the Output field, type the name of the model outcome that you want to monitor for bias.

Tip	You can use a `curl` command to query the metadata endpoint and view output attribute names and values. For example: `curl -H "Authorization: Bearer $TOKEN" $TRUSTY_ROUTE/info \| jq ".[0].data.outputSchema"`

In the Output value field, type the value of the outcome that you want to monitor for bias.
In the Violation threshold field, type the bias threshold for your selected metric type. This threshold value defines how far the specified metric can be from the fairness value for your metric, before the model is considered biased.
In the Metric batch size field, type the number of model inferences that Open Data Hub includes each time it calculates the metric.

Ensure that the values you entered are correct.

Note	You cannot edit a model bias metric configuration after you create it. Instead, you can duplicate a metric and then edit (configure) it; however, the history of the original metric is not applied to the copy.

Click Configure.

Verification

The Bias metric configuration page shows the bias metrics that you configured for your model.

Next step

To view metrics, on the Bias metric configuration page, click View metrics in the upper-right corner.

Creating a bias metric by using the CLI

You can use the OpenShift command-line interface (CLI) to create a bias metric for a model.

Prerequisites

You are familiar with the bias metrics that Open Data Hub supports and how to interpret them.
You are familiar with the specific data set schema and understand the names and meanings of the inputs and outputs.
Your OpenShift cluster administrator added you as a user to the OpenShift Container Platform cluster and has installed the TrustyAI service for the data science project that contains the deployed models.
You set up TrustyAI for your data science project, as described in Setting up TrustyAI for your project.

Procedure

In a terminal window, log in to the OpenShift cluster where Open Data Hub is deployed.
```
oc login
```

Set the TRUSTY_ROUTE variable to the external route for the TrustyAI service pod.

TRUSTY_ROUTE=https://$(oc get route/trustyai-service --template={{.spec.host}})

Optionally, get the full list of TrustyAI service endpoints and payloads.

curl -H "Authorization: Bearer $TOKEN" --location $TRUSTY_ROUTE/q/openapi

Use POST /metrics/group/fairness/spd/request to schedule a recurring bias monitoring metric with the following syntax and payload structure:

Syntax:
```
curl -sk -H "Authorization: Bearer $TOKEN" -X POST --location $TRUSTY_ROUTE/metrics/spd/request \
 --header 'Content-Type: application/json' \
 --data <payload>
```
Payload structure:

modelId

The name of the model to query.

protectedAttribute

The name of the feature that distinguishes the groups that you are checking for fairness.

privilegedAttribute

The suspected favored (positively biased) class.

unprivilegedAttribute

The suspected unfavored (negatively biased) class.

outcomeName

The name of the output that provides the output you are examining for fairness.

favorableOutcome

The value of the outcomeName output that describes the favorable or desired model prediction.

batchSize

The number of previous inferences to include in the calculation.

For example:

curl -sk -H "Authorization: Bearer $TOKEN" -X POST --location $TRUSTY_ROUTE/metrics/group/fairness/spd/ \
     --header 'Content-Type: application/json' \
     --data "{
                 \"modelId\": \"demo-loan-nn-onnx-alpha\",
                 \"protectedAttribute\": \"Is Male-Identifying?\",
                 \"privilegedAttribute\": 1.0,
                 \"unprivilegedAttribute\": 0.0,
                 \"outcomeName\": \"Will Default?\",
                 \"favorableOutcome\": 0,
                 \"batchSize\": 5000
             }"

Verification

The bias metrics request should return output similar to the following:

{
   "timestamp":"2023-10-24T12:06:04.586+00:00",
   "type":"metric",
   "value":-0.0029676404469311524,
   "namedValues":null,
   "specificDefinition":"The SPD of -0.002968 indicates that the likelihood of Group:Is Male-Identifying?=1.0 receiving Outcome:Will Default?=0 was -0.296764 percentage points lower than that of Group:Is Male-Identifying?=0.0.",
   "name":"SPD",
   "id":"d2707d5b-cae9-41aa-bcd3-d950176cbbaf",
   "thresholds":{"lowerBound":-0.1,"upperBound":0.1,"outsideBounds":false}
}

The specificDefinition field helps you understand the real-world interpretation of these metric values. For this example, the model is fair over the Is Male-Identifying? field, with the rate of positive outcome only differing by about -0.3%.

Duplicating a bias metric

If you want to edit an existing metric, you can duplicate (copy) it in the Open Data Hub interface and then edit the values in the copy. However, note that the history of the original metric is not applied to the copy.

Prerequisites

You are familiar with the bias metrics that Open Data Hub supports and how to interpret them.
You are familiar with the specific data set schema and understand the names and meanings of the inputs and outputs.
There is an existing bias metric that you want to duplicate.

Procedure

In the left menu of the Open Data Hub dashboard, click Model Serving.
On the Deployed models page, click the name of the model with the bias metric that you want to duplicate.
On the metrics page for the model, click the Model bias tab.
Click Configure.
On the Bias metric configuration page, click the action menu (⋮) next to the metric that you want to copy and then click Duplicate.
In the Configure bias metric dialog, follow these steps:
1. In the Metric name field, type a unique name for your bias metric. Note that you cannot change the name of this metric later.
2. Change the values of the fields as needed. For a description of these fields, see Creating a bias metric by using the dashboard.
Ensure that the values you entered are correct, and then click Configure.

Verification

The Bias metric configuration page shows the bias metrics that you configured for your model.

Next step

To view metrics, on the Bias metric configuration page, click View metrics in the upper-right corner.

Deleting a bias metric

You can delete a bias metric for a model by using the Open Data Hub dashboard or by using the OpenShift command-line interface (CLI).

Deleting a bias metric by using the dashboard

You can use the Open Data Hub dashboard to delete a bias metric for a model.

Prerequisites

You have logged in to Open Data Hub.
There is an existing bias metric that you want to delete.

Procedure

In the left menu of the Open Data Hub dashboard, click Model Serving.
On the Deployed models page, click the name of the model with the bias metric that you want to delete.
On the metrics page for the model, click the Model bias tab.
Click Configure.
Click the action menu (⋮) next to the metric that you want to delete and then click Delete.
In the Delete bias metric dialog, type the metric name to confirm the deletion.

Note

You cannot undo deleting a bias metric.
Click Delete bias metric.

Verification

The Bias metric configuration page does not show the bias metric that you deleted.

Deleting a bias metric by using the CLI

You can use the OpenShift command-line interface (CLI) to delete a bias metric for a model.

Prerequisites

You have installed the OpenShift CLI (oc).
You have a user token for authentication as described in Authenticating the TrustyAI service.
There is an existing bias metric that you want to delete.

Procedure

Open a new terminal window.
Follow these steps to log in to your OpenShift Container Platform cluster:
1. In the upper-right corner of the OpenShift web console, click your user name and select Copy login command.
2. After you have logged in, click Display token.
3. Copy the Log in with this token command and paste it in the OpenShift command-line interface (CLI).
  $ oc login --token=<token> --server=<openshift_cluster_url>

In the OpenShift CLI, get the route to the TrustyAI service:

TRUSTY_ROUTE=https://$(oc get route/trustyai-service --template={{.spec.host}})

Optional: To list all currently active requests for a metric, use GET /metrics/{{metric}}/requests. For example, to list all currently scheduled SPD metrics, type:
```
curl -H "Authorization: Bearer $TOKEN" -X GET --location "$TRUSTY_ROUTE/metrics/spd/requests"
```
Alternatively, to list all currently scheduled metric requests, use GET /metrics/all/requests.
```
curl -H "Authorization: Bearer $TOKEN" -X GET --location "$TRUSTY_ROUTE/metrics/all/requests"
```

To delete a metric, send an HTTP DELETE request to the /metrics/$METRIC/request endpoint to stop the periodic calculation, including the id of periodic task that you want to cancel in the payload. For example:

curl -H "Authorization: Bearer $TOKEN" -X DELETE --location "$TRUSTY_ROUTE/metrics/spd/request" \
    -H "Content-Type: application/json" \
    -d "{
          \"requestId\": \"3281c891-e2a5-4eb3-b05d-7f3831acbb56\"
        }"

Verification

Use GET /metrics/{{metric}}/requests to list all currently active requests for the metric and verify the metric that you deleted is not shown. For example:

curl -H "Authorization: Bearer $TOKEN" -X GET --location "$TRUSTY_ROUTE/metrics/spd/requests"

Viewing bias metrics for a model

After you create bias monitoring metrics, you can use the Open Data Hub dashboard to view and update the metrics that you configured.

Prerequisite

You configured bias metrics for your model as described in Creating a bias metric.

Procedure

In the Open Data Hub dashboard, click Model Serving.
On the Deployed models page, click the name of a model that you want to view bias metrics for.
On the metrics page for the model, click the Model bias tab.
To update the metrics shown on the page, follow these steps:
1. In the Metrics to display section, use the Select a metric list to select a metric to show on the page.
  
  Note
  Each time you select a metric to show on the page, an additional Select a metric list appears. This enables you to show multiple metrics on the page.
2. From the Time range list in the upper-right corner, select a value.
3. From the Refresh interval list in the upper-right corner, select a value.
  
  The metrics page shows the metrics that you selected.
Optional: To remove one or more metrics from the page, in the Metrics to display section, perform one of the following actions:
- To remove an individual metric, click the cancel icon (✖) next to the metric name.
- To remove all metrics, click the cancel icon (✖) in the Select a metric list.
Optional: To return to configuring bias metrics for the model, on the metrics page, click Configure in the upper-right corner.

Verification

The metrics page shows the metrics selections that you made.

Supported bias metrics

Open Data Hub supports the following bias metrics:

Statistical Parity Difference

Statistical Parity Difference (SPD) is the difference in the probability of a favorable outcome prediction between unprivileged and privileged groups. The formal definition of SPD is the following:

ŷ = 1 is the favorable outcome.
Dᵤ and Dₚ are the unprivileged and privileged group data.

You can interpret SPD values as follows:

A value of 0 means that the model is behaving fairly for a selected attribute (for example, race, gender).
A value in the range -0.1 to 0.1 means that the model is reasonably fair for a selected attribute. Instead, you can attribute the difference in probability to other factors, such as the sample size.
A value outside the range -0.1 to 0.1 indicates that the model is unfair for a selected attribute.
A negative value indicates that the model has bias against the unprivileged group.
A positive value indicates that the model has bias against the privileged group.

Disparate Impact Ratio

Disparate Impact Ratio (DIR) is the ratio of the probability of a favorable outcome prediction for unprivileged groups to that of privileged groups. The formal definition of DIR is the following:

ŷ = 1 is the favorable outcome.
Dᵤ and Dₚ are the unprivileged and privileged group data.

The threshold to identify bias depends on your own criteria and specific use case.

For example, if your threshold for identifying bias is represented by a DIR value below 0.8 or above 1.2, you can interpret the DIR values as follows:

A value of 1 means that the model is fair for a selected attribute.
A value of between 0.8 and 1.2 means that the model is reasonably fair for a selected attribute.
A value below 0.8 or above 1.2 indicates bias.

Monitoring data drift

As a data scientist, you might want to monitor your deployed models for data drift. Data drift refers to changes in the distribution or properties of incoming data that differ significantly from the data on which the model was originally trained. Detecting data drift helps ensure that your models continue to perform as expected and that they remain accurate and reliable.

You can use data drift monitoring metrics from TrustyAI in Open Data Hub to provide a quantitative measure of the alignment between the training data and the inference data.

For information about the specific data drift metrics, see Supported drift metrics.

Creating a drift metric

To monitor a deployed model for data drift, you must first create drift metrics.

For information about the specific data drift metrics, see Supported drift metrics.

For the complete list of TrustyAI metrics, see TrustyAI service API.

Creating a drift metric by using the CLI

You can use the OpenShift command-line interface (CLI) to create a data drift metric for a model.

Prerequisites

You are familiar with the specific data set schema and understand the relevant inputs and outputs.
Your OpenShift cluster administrator added you as a user to the OpenShift Container Platform cluster and has installed the TrustyAI service for the data science project that contains the deployed models.
You set up TrustyAI for your data science project, as described in Setting up TrustyAI for your project.

Procedure

Open a new terminal window.
Follow these steps to log in to your OpenShift Container Platform cluster:
1. In the upper-right corner of the OpenShift web console, click your user name and select Copy login command.
2. After you have logged in, click Display token.
3. Copy the Log in with this token command and paste it in the OpenShift command-line interface (CLI).
  $ oc login --token=<token> --server=<openshift_cluster_url>

Set the TRUSTY_ROUTE variable to the external route for the TrustyAI service pod.

TRUSTY_ROUTE=https://$(oc get route/trustyai-service --template={{.spec.host}})

Optionally, get the full list of TrustyAI service endpoints and payloads.

curl -H "Authorization: Bearer $TOKEN" --location $TRUSTY_ROUTE/q/openapi

Use POST /metrics/drift/meanshift/request to schedule a recurring drift monitoring metric with the following syntax and payload structure:

Syntax:
```
curl -k -H "Authorization: Bearer $TOKEN" -X POST --location $TRUSTY_ROUTE/metrics/drift/meanshift/request \
 --header 'Content-Type: application/json' \
 --data <payload>
```
Payload structure:

modelId

The name of the model to monitor.

referenceTag

The data to use as the reference distribution.

For example:

curl -k -H "Authorization: Bearer $TOKEN" -X POST --location $TRUSTY_ROUTE/metrics/drift/meanshift/request \
     --header 'Content-Type: application/json' \
     --data "{
                 \"modelId\": \"gaussian-credit-model\",
                 \"referenceTag\": \"TRAINING\"
             }"

Deleting a drift metric by using the CLI

You can use the OpenShift command-line interface (CLI) to delete a drift metric for a model.

Prerequisites

You have installed the OpenShift CLI (oc).
You have a user token for authentication as described in Authenticating the TrustyAI service.
There is an existing drift metric that you want to delete.

Procedure

Open a new terminal window.
Follow these steps to log in to your OpenShift Container Platform cluster:
1. In the OpenShift Container Platform web console, click your user name and select Copy login command.
2. After you have logged in, click Display token.
3. Copy the Log in with this token command and paste it in the OpenShift command-line interface (CLI).
  $ oc login --token=<token> --server=<openshift_cluster_url>

In the OpenShift CLI, get the route to the TrustyAI service:

TRUSTY_ROUTE=https://$(oc get route/trustyai-service --template={{.spec.host}})

Optional: To list all currently active requests for a metric, use GET /metrics/{{metric}}/requests. For example, to list all currently scheduled MeanShift metrics, type:
```
curl -k -H "Authorization: Bearer $TOKEN" -X GET --location "$TRUSTY_ROUTE/metrics/drift/meanshift/requests"
```
Alternatively, to list all currently scheduled metric requests, use GET /metrics/all/requests.
```
curl -H "Authorization: Bearer $TOKEN" -X GET --location "$TRUSTY_ROUTE/metrics/all/requests"
```

curl -k -H "Authorization: Bearer $TOKEN" -X DELETE --location "$TRUSTY_ROUTE/metrics/drift/meanshift/request" \
    -H "Content-Type: application/json" \
    -d "{
          \"requestId\": \"$id\"
        }"

Verification

Use GET /metrics/{{metric}}/requests to list all currently active requests for the metric and verify the metric that you deleted is not shown. For example:

curl -H "Authorization: Bearer $TOKEN" -X GET --location "$TRUSTY_ROUTE/metrics/drift/meanshift/requests"

Viewing data drift metrics for a model

After you create data drift monitoring metrics, use the OpenShift Container Platform web console to view and update the metrics that you configured.

Prerequisites

You have been assigned the monitoring-rules-view role. For more information, see Granting users permission to configure monitoring for user-defined projects.
You are familiar with how to monitor project metrics in the OpenShift Container Platform web console. For more information, see Monitoring your project metrics.

Procedure

Log in to the OpenShift Container Platform web console.
Switch to the Developer perspective.
In the left menu, click Observe.
As described in Monitoring your project metrics, use the web console to run queries for trustyai_* metrics.

Supported drift metrics

Open Data Hub supports the following data drift metrics:

MeanShift: The MeanShift metric calculates the per-column probability that the data values in a test data set are from the same distribution as those in a training data set (assuming that the values are normally distributed). This metric measures the difference in the means of specific features between the two datasets.

MeanShift is useful for identifying straightforward changes in data distributions, such as when the entire distribution has shifted to the left or right along the feature axis.

This metric returns the probability that the distribution seen in the "real world" data is derived from the same distribution as the reference data. The closer the value is to 0, the more likely there is to be significant drift.
FourierMMD: The FourierMMD metric provides the probability that the data values in a test data set have drifted from the training data set distribution, assuming that the computed Maximum Mean Discrepancy (MMD) values are normally distributed. This metric compares the empirical distributions of the data sets by using an MMD measure in the Fourier domain.

FourierMMD is useful for detecting subtle shifts in data distributions that might be overlooked by simpler statistical measures.

This metric returns the probability that the distribution seen in the "real world" data has drifted from the reference data. The closer the value is to 1, the more likely there is to be significant drift.
KSTest: The KSTest metric calculates two Kolmogorov-Smirnov tests for each column to determine whether the data sets are derived from the same distributions. This metric measures the maximum distance between the empirical cumulative distribution functions (CDFs) of the data sets, without assuming any specific underlying distribution.

KSTest is useful for detecting changes in distribution shape, location, and scale.

This metric returns the probability that the distribution seen in the "real world" data is derived from the same distribution as the reference data. The closer the value is to 0, the more likely there is to be significant drift.
ApproxKSTest: The ApproxKSTest metric performs an approximate Kolmogorov-Smirnov test, ensuring that the maximum error is 6*epsilon compared to an exact KSTest.

ApproxKSTest is useful for detecting changes in distributions for large data sets where performing an exact KSTest might be computationally expensive.

This metric returns the probability that the distribution seen in the "real world" data is derived from the same distribution as the reference data. The closer the value is to 0, the more likely there is to be significant drift.

Using explainability

As a data scientist, you can learn how your machine learning model makes its predictions and decisions. You can use explainers from TrustyAI to provide saliency explanations for model inferences in Open Data Hub.

For information about the specific explainers, see Supported explainers.

Requesting a LIME explanation

To understand how a model makes its predictions and decisions, you can use a Local Interpretable Model-agnostic Explanations (LIME) explainer. LIME explains a model’s predictions by showing how much each feature affected the outcome. For example, for a model predicting not to target a user for a marketing campaign, LIME provides a list of weights, both positive and negative, indicating how each feature influenced the model’s outcome.

For more information, see Supported explainers.

Requesting a LIME explanation by using the CLI

You can use the OpenShift command-line interface (CLI) to request a LIME explanation.

Prerequisites

Your OpenShift cluster administrator added you as a user to the OpenShift Container Platform cluster and has installed the TrustyAI service for the data science project that contains the deployed models.
You authenticated the TrustyAI service, as described in Authenticating the TrustyAI service.
You have real-world data from the deployed models.
You installed the OpenShift command line interface (oc) as described in Installing the OpenShift CLI.

Procedure

Open a new terminal window.
Follow these steps to log in to your OpenShift Container Platform cluster:
1. In the upper-right corner of the OpenShift web console, click your user name and select Copy login command.
2. After you have logged in, click Display token.
3. Copy the Log in with this token command and paste it in the OpenShift command-line interface (CLI).
  $ oc login --token=<token> --server=<openshift_cluster_url>

Set an environment variable to define the external route for the TrustyAI service pod.

export TRUSTY_ROUTE=$(oc get route trustyai-service -n $NAMESPACE -o jsonpath='{.spec.host}')

Set an environment variable to define the name of your model.
```
export MODEL="model-name"
```

Use GET /info/inference/ids/${MODEL} to get a list of all inference IDs within your model inference data set.

curl -skv -H "Authorization: Bearer ${TOKEN}" \
   https://${TRUSTY_ROUTE}/info/inference/ids/${MODEL}?type=organic

You see output similar to the following:

[
  {
    "id":"a3d3d4a2-93f6-4a23-aedb-051416ecf84f",
    "timestamp":"2024-06-25T09:06:28.75701201"
  }
]

Set environment variables to define the two latest inference IDs (highest and lowest predictions).

export ID_LOWEST=$(curl -s ${TRUSTY_ROUTE}/info/inference/ids/${MODEL}?type=organic | jq -r '.[-1].id')

export ID_HIGHEST=$(curl -s ${TRUSTY_ROUTE}/info/inference/ids/${MODEL}?type=organic | jq -r '.[-2].id')

Use POST /explainers/local/lime to request the LIME explanation with the following syntax and payload structure:

Sytnax:
```
curl -sk -H "Authorization: Bearer ${TOKEN}" -X POST \
 -H "Content-Type: application/json" \
 -d <payload>
```
Payload structure:

PredictionId

The inference ID.

config

The configuration for the LIME explanation, including model and explainer parameters. For more information, see Model configuration parameters and LIME explainer configuration parameters.

For example:

echo "Requesting LIME for lowest"
curl -s -H "Authorization: Bearer ${TOKEN}" -X POST \
    -H "Content-Type: application/json" \
    -d "{
        \"predictionId\": \"$ID_LOWEST\",
        \"config\": {
            \"model\": { (1)
                \"target\": \"modelmesh-serving:8033\", (2)
                \"name\": \"${MODEL}\",
                \"version\": \"v1\"
            },
            \"explainer\": { (3)
              \"n_samples\": 50,
              \"normalize_weights\": \"false\",
              \"feature_selection\": \"false\"
            }
        }
    }" \
    ${TRUSTYAI_ROUTE}/explainers/local/lime

echo "Requesting LIME for highest"
curl -sk -H "Authorization: Bearer ${TOKEN}" -X POST \
    -H "Content-Type: application/json" \
    -d "{
        \"predictionId\": \"$ID_HIGHEST\",
        \"config\": {
            \"model\": { (1)
                \"target\": \"modelmesh-serving:8033\", (2)
                \"name\": \"${MODEL}\",
                \"version\": \"v1\"
            },
            \"explainer\": { (3)
              \"n_samples\": 50,
              \"normalize_weights\": \"false\",
              \"feature_selection\": \"false\"
            }
        }
    }" \
    ${TRUSTYAI_ROUTE}/explainers/local/lime

Specifies configuration for the model. For more information about the model configuration options, see Model configuration parameters.
Specifies the model server service URL. This field only accepts model servers in the same namespace as the TrustyAI service, with or without protocol or port number.
- http[s]://service[:port]
- service[:port]
Specifies the configuration for the explainer. For more information about the explainer configuration parameters, see LIME explainer configuration parameters.

Requesting a SHAP explanation

To understand how a model makes its predictions and decisions, you can use a SHapley Additive exPlanations (SHAP) explainer. SHAP explains a model’s prediction by showing a detailed breakdown of each feature’s contribution to the final outcome. For example, for a model predicting the price of a house, SHAP provides a list of how much each feature contributed (in monetary value) to the final price.

For more information, see Supported explainers.

Requesting a SHAP explanation by using the CLI

You can use the OpenShift command-line interface (CLI) to request a SHAP explanation.

Prerequisites

Your OpenShift cluster administrator added you as a user to the OpenShift Container Platform cluster and has installed the TrustyAI service for the data science project that contains the deployed models.
You authenticated the TrustyAI service, as described in Authenticating the TrustyAI service.
You have real-world data from the deployed models.
You installed the OpenShift command line interface (oc) as described in Installing the OpenShift CLI.

Procedure

Open a new terminal window.
Follow these steps to log in to your OpenShift Container Platform cluster:
1. In the upper-right corner of the OpenShift web console, click your user name and select Copy login command.
2. After you have logged in, click Display token.
3. Copy the Log in with this token command and paste it in the OpenShift command-line interface (CLI).
  $ oc login --token=<token> --server=<openshift_cluster_url>

Set an environment variable to define the external route for the TrustyAI service pod.

export TRUSTY_ROUTE=$(oc get route trustyai-service -n $NAMESPACE -o jsonpath='{.spec.host}')

Set an environment variable to define the name of your model.
```
export MODEL="model-name"
```

Use GET /info/inference/ids/${MODEL} to get a list of all inference IDs within your model inference data set.

curl -skv -H "Authorization: Bearer ${TOKEN}" \
   https://${TRUSTY_ROUTE}/info/inference/ids/${MODEL}?type=organic

You see output similar to the following:

[
  {
    "id":"a3d3d4a2-93f6-4a23-aedb-051416ecf84f",
    "timestamp":"2024-06-25T09:06:28.75701201"
  }
]

Set environment variables to define the two latest inference IDs (highest and lowest predictions).

export ID_LOWEST=$(curl -s ${TRUSTY_ROUTE}/info/inference/ids/${MODEL}?type=organic | jq -r '.[-1].id')

export ID_HIGHEST=$(curl -s ${TRUSTY_ROUTE}/info/inference/ids/${MODEL}?type=organic | jq -r '.[-2].id')

Use POST /explainers/local/shap to request the SHAP explanation with the following syntax and payload structure:

Sytnax:
```
curl -sk -H "Authorization: Bearer ${TOKEN}" -X POST \
 -H "Content-Type: application/json" \
 -d <payload>
```
Payload structure:

PredictionId

The inference ID.

config

The configuration for the SHAP explanation, including model and explainer parameters. For more information, see Model configuration parameters and SHAP explainer configuration parameters.

For example:

echo "Requesting SHAP for lowest"
curl -sk -H "Authorization: Bearer ${TOKEN}" -X POST \
  -H "Content-Type: application/json" \
  -d "{
    \"predictionId\": \"$ID_LOWEST\",
    \"config\": {
        \"model\": { (1)
            \"target\": \"modelmesh-serving:8033\", (2)
            \"name\": \"${MODEL}\",
            \"version\": \"v1\"
        },
        \"explainer\": { (3)
          \"n_samples\": 75
        }
    }
  }" \
  ${TRUSTYAI_ROUTE}/explainers/local/shap

echo "Requesting SHAP for highest"
curl -sk -H "Authorization: Bearer ${TOKEN}" -X POST \
    -H "Content-Type: application/json" \
    -d "{
        \"predictionId\": \"$ID_HIGHEST\",
        \"config\": {
            \"model\": { (1)
                \"target\": \"modelmesh-serving:8033\", (2)
                \"name\": \"${MODEL}\",
                \"version\": \"v1\"
            },
            \"explainer\": { (3)
              \"n_samples\": 75
            }
        }
    }" \
    ${TRUSTYAI_ROUTE}/explainers/local/shap

Specifies configuration for the model. For more information about the model configuration options, see Model configuration parameters.
Specifies the model server service URL. This field only accepts model servers in the same namespace as the TrustyAI service, with or without protocol or port number.
- http[s]://service[:port]
- service[:port]
Specifies the configuration for the explainer. For more information about the explainer configuration parameters, see SHAP explainer configuration parameters.

Supported explainers

Open Data Hub supports the following explainers:

LIME

Local Interpretable Model-agnostic Explanations (LIME) ^[1] is a saliency explanation method. LIME aims to explain a prediction 𝑝 = (𝑥, 𝑦) (an input-output pair) generated by a black-box model 𝑓 : ℝ^𝑑 → ℝ. The explanations come in the form of a "saliency" 𝑤_𝑖 attached to each feature 𝑥_𝑖 in the prediction 𝑥. LIME generates a local explanation ξ(𝑥) according to the following model:

𝜋_𝑥 is a proximity function
𝐺 is the family of interpretable models
Ω(𝑔) is a measure of complexity of an explanation 𝑔 ∈ 𝐺
𝐿(𝑓, 𝑔, 𝜋_𝑥) is a measure of how unfaithful 𝑔 is in approximating 𝑓 in the locality defined by 𝜋_𝑥

In the original paper, 𝐺 is the class of linear models and 𝜋_𝑥 is an exponential kernel on a distance function 𝐷 (for example, cosine distance). LIME converts samples 𝑥_𝑖 from the original domain into interpretable samples as binary vectors 𝑥′_𝑖 ∈ 0,1. An encoded data set 𝐸 is built by taking nonzero elements of 𝑥′_𝑖 , recovering the original representation 𝑧 ∈ ℝ^𝑑 and then computing 𝑓(𝑧). A weighted linear model 𝑔 (with weights provided via 𝜋_𝑥) is then trained on the generated sparse data set 𝐸 and the model weights 𝑤 are used as feature weights for the final explanation ξ(𝑥).

SHAP

SHapley Additive exPlanations (SHAP), ^[2] seeks to unify several common explanation methods, notably LIME ^[1] and DeepLIFT, ^[3] under a common umbrella of additive feature attributions. These methods explain how an input 𝑥 = [𝑥₁, 𝑥₂, …, 𝑥_𝑀] affects the output of some model 𝑓 by transforming 𝑥 ∈ ℝ^𝑀 into simplified inputs 𝑧′ ∈ 0, 1^𝑀 , such that 𝑧′_𝑖 indicates the inclusion or exclusion of feature 𝑖. The simplified inputs are then passed to an explanatory model 𝑔 that takes the following form:

In that form, each value 𝛷_𝑖 marks the contribution that feature 𝑖 had on the output model (called the attribution), 𝛷₀ marks the null output of the model; the model output when every feature is excluded. Therefore, this presents an easily interpretable explanation of the importance of each feature and a framework to permute the various input features to establish their collection contributions.

The final result of the algorithm are the Shapley values of each feature, which give an itemized "receipt" of all the contributing factors to the decision. For example, a SHAP explanation of a loan application might be as follows:

Feature	Shapley Value φ
Null Output	50%
Income	+10%
# Children	-15%
Age	+22%
Own Home?	-30%
Acceptance%	37%
Deny	63%

Feature

Shapley Value φ

Null Output

50%

Income

+10%

# Children

-15%

Age

+22%

Own Home?

-30%

Acceptance%

37%

Deny

63%

From this, the applicant can see that the biggest contributor to their denial was their home ownership status, which reduced their acceptance probability by 30 percentage points. Meanwhile, their number of children was of particular benefit, increasing their probability by 22 percentage points.

Evaluating large language models

A large language model (LLM) is a type of artificial intelligence (AI) program that is designed for natural language processing tasks, such as recognizing and generating text.

As a data scientist, you might want to monitor your large language models against a range of metrics, in order to ensure the accuracy and quality of its output. Features such as summarization, language toxicity, and question-answering accuracy can be assessed to inform and improve your model parameters.

Open Data Hub now offers Language Model Evaluation as a Service (LM-Eval-aaS), in a feature called LM-Eval. LM-Eval provides a unified framework to test generative language models on a vast range of different evaluation tasks.

The following sections show you how to create an LMEvalJob custom resource (CR) which allows you to activate an evaluation job and generate an analysis of your model’s ability.

Setting up LM-Eval

LM-Eval is a service designed for evaluating large language models that has been integrated into the TrustyAI Operator.

The service is built on top of two open-source projects:

LM Evaluation Harness, developed by EleutherAI, that provides a comprehensive framework for evaluating language models
Unitxt, a tool that enhances the evaluation process with additional functionalities

The following information explains how to create an LMEvalJob custom resource (CR) to initiate an evaluation job and get the results.

Note

LM-Eval is only available in the latest community builds. To use LM-Eval on Open Data Hub, ensure that you use ODH 2.20 or later versions and add the following devFlag to your DataScienceCluster resource:

    trustyai:
    devFlags:
        manifests:
        - contextDir: config
            sourcePath: ''
            uri: https://github.com/trustyai-explainability/trustyai-service-operator/tarball/main
    managementState: Managed

Global settings for LM-Eval

Configurable global settings for LM-Eval services are stored in the TrustyAI operator global ConfigMap, named trustyai-service-operator-config. The global settings are located in the same namespace as the operator.

You can configure the following properties for LM-Eval:

Table 1. LM-Eval properties
Property	Default	Description
`lmes-detect-device`	`true/false`	Detect if there are GPUs available and assign a value for `--device argument` for LM Evaluation Harness. If GPUs are available, the value is `cuda`. If there are no GPUs available, the value is `cpu`.
`lmes-pod-image`	`quay.io/trustyai/ta-lmes-job:latest`	The image for the LM-Eval job. The image contains the Python packages for LM Evaluation Harness and Unitxt.
`lmes-driver-image`	`quay.io/trustyai/ta-lmes-driver:latest`	The image for the LM-Eval driver. For detailed information about the driver, see the `cmd/lmes_driver` directory.
`lmes-image-pull-policy`	`Always`	The image-pulling policy when running the evaluation job.
`lmes-default-batch-size`	8	The default batch size when invoking the model inference API. Default batch size is only available for local models.
`lmes-max-batch-size`	24	The maximum batch size that users can specify in an evaluation job.
`lmes-pod-checking-interval`	10s	The interval to check the job pod for an evaluation job.
`lmes-allow-online`	true	Whether LMEval jobs can set the online mode to `on` to access artifacts (models, datasets, tokenizers) from the internet.
`lmes-code-execution`	true	Determines whether LMEval jobs can set the `trust remote code` mode to `on`.

After updating the settings in the ConfigMap, restart the operator to apply the new values.

Important

The allowOnline setting is enabled by default in Open Data Hub. Using allowOnline gives the job permissions to automatically download artifacts from external sources. Change this setting to false if you do not want LM-Eval to access external sources.

LM-Eval evaluation job

LM-Eval service defines a new Custom Resource Definition (CRD) called LMEvalJob. An LMEvalJob object represents an evaluation job. LMEvalJob objects are monitored by the TrustyAI Kubernetes operator.

To run an evaluation job, create an LMEvalJob object with the following information: model, model arguments, task, and secret.

After the LMEvalJob is created, the LM-Eval service runs the evaluation job. The status and results of the LMEvalJob object update when the information is available.

Note

Other TrustyAI features (such as bias and drift metrics) do not support non-tabular models (including LLMs). Deploying the TrustyAIService custom resource (CR) in a namespace that contains non-tabular models (such as the namespace where an evaluation job is being executed) can cause errors within the TrustyAI service.

Sample LMEvalJob object

The sample LMEvalJob object contains the following features:

The google/flan-t5-base model from Hugging Face.
The dataset from the wnli card, a subset of the GLUE (General Language Understanding Evaluation) benchmark evaluation framework from Hugging Face. For more information about the wnli Unitxt card, see the Unitxt website.
The following default parameters for the multi_class.relation Unitxt task: f1_micro, f1_macro, and accuracy. This template can be found on the Unitxt website: click Catalog, then click Tasks and select Classification from the menu.

The following is an example of an LMEvalJob object:

apiVersion: trustyai.opendatahub.io/v1alpha1
kind: LMEvalJob
metadata:
  name: evaljob-sample
spec:
  model: hf
  modelArgs:
  - name: pretrained
    value: google/flan-t5-base
  taskList:
    taskRecipes:
    - card:
        name: "cards.wnli"
      template: "templates.classification.multi_class.relation.default"
  logSamples: true

After you apply the sample LMEvalJob, check its state by using the following command:

oc get lmevaljob evaljob-sample

Output similar to the following appears: NAME: evaljob-sample STATE: Running

Evaluation results are available when the state of the object changes to Complete. Both the model and dataset in this example are small. The evaluation job should finish within 10 minutes on a CPU-only node.

Use the following command to get the results:

oc get lmevaljobs.trustyai.opendatahub.io evaljob-sample \
  -o template --template={{.status.results}} | jq '.results'

The command returns results similar to the following example:

{
  "tr_0": {
    "alias": "tr_0",
    "f1_micro,none": 0.5633802816901409,
    "f1_micro_stderr,none": "N/A",
    "accuracy,none": 0.5633802816901409,
    "accuracy_stderr,none": "N/A",
    "f1_macro,none": 0.36036036036036034,
    "f1_macro_stderr,none": "N/A"
  }
}

Notes on the results

The f1_micro, f1_macro, and accuracy scores are 0.56, 0.36, and 0.56.
The full results are stored in the .status.results of the LMEvalJob object as a JSON document.
The command above only retrieves the results field of the JSON document.

LMEvalJob properties

The following table lists each property in the LMEvalJob and its usage:

Table 2. LM-Eval properties
Parameter	Description
`model`	Specifies which model type or provider is evaluated. This field directly maps to the `--model` argument of the `lm-evaluation-harness`. Supported model types and providers include: `hf`: HuggingFace models `openai-completions`: OpenAI Completions API models `openai-chat-completions`: OpenAI Chat Completions API models `local-completions` and `local-chat-completions`: OpenAI API-compatible servers `textsynth`: TextSynth APIs
`modelArgs`	A list of paired name and value arguments for the model type. Each model type or provider supports different arguments. You can find further details in the models section of the LM Evaluation Harness library on GitHub. `hf` (HuggingFace) `local-completions` (An OpenAI API-compatible server) `local-chat-completions` (An OpenAI API-compatible server) `openai-completions` (OpenAI Completions API models) `openai-chat-completions` (ChatCompletions API models) `textsynth` (TextSynth APIs)
`taskList.taskNames`	Specifies a list of tasks supported by `lm-evaluation-harness`.
`taskList.taskRecipes`	Specifies the task using the Unitxt recipe format: `card`: Use the `name` to specify a Unitxt card or `custom` for a custom card. `name`: Specifies a Unitxt card from the Unitxt catalog. Use the card ID as the value. For example, the ID of the Wnli card is `cards.wnli`. `custom`: Defines and uses a custom card. The value is a JSON object that contains the custom dataset. For more information about creating a custom card, see the Unitxt documentation on their website. If the dataset used by the custom card requires an API key from an environment variable or a persistent volume, configure the necessary resources in the `pod` field. `template`: Specifies a Unitxt template from the Unitxt catalog. Use the template ID as the value. `task` (optional): Specifies a Unitxt task from the Unitxt catalog. Use the task ID as the value. A Unitxt card has a predefined task. Only specify a value for this if you want to run a different task. `metrics` (optional): Specifies a Unitxt task from the Unitxt catalog. Use the metric ID as the value. A Unitxt task has a set of pre-defined metrics. Only specify a set of metrics if you need different metrics. `format` (optional): Specifies a Unitxt format from the Unitxt catalog. Use the format ID as the value. `loaderLimit` (optional): Specifies the maximum number of instances per stream to be returned from the loader. You can use this parameter to reduce loading time in large datasets. `numDemos` (optional): Number of few-shot to be used. `demosPoolSize` (optional): Size of the few-shot pool.
`numFewShot`	Sets the number of few-shot examples to place in context. If you are using a task from Unitxt, do not use this field. Use `numDemos` under the `taskRecipes` instead.
`limit`	Set a limit to run the tasks instead of running the entire dataset. Accepts either an integer or a float between 0.0 and 1.0.
`genArgs`	Maps to the `--gen_kwargs` parameter for the `lm-evaluation-harness`. For more information, see the LM Evaluation Harness documentation on GitHub.
`logSamples`	If this flag is passed, then the model outputs and the text fed into the model will be saved at per-document granularity.
`batchSize`	Specifies the batch size for the evaluation in integer format. The `auto:N` batch size is not used for API models, but numeric batch sizes are used for APIs.
`pod`	Specifies extra information for the `lm-eval` job pod: `container`: Specifies additional container settings for the `lm-eval` container. `env`: Specifies environment variables. This parameter uses the `EnvVar` data structure of Kubernetes. `volumeMounts`: Mounts the volumes into the `lm-eval` container. `resources`: Specifies the resources for the `lm-eval` container. `volumes`: Specifies the volume information for the `lm-eval` and other containers. This parameter uses the `Volume` data structure of Kubernetes. `sideCars`: A list of containers that run along with the `lm-eval` container. It uses the `Container` data structure of Kubernetes.
`outputs`	This parameter defines a custom output location to store the the evaluation results. Only Persistent Volume Claims (PVC) are supported.
`outputs.pvcManaged`	Creates an operator-managed PVC to store the job results. The PVC is named `<job-name>-pvc` and is owned by the `LMEvalJob`. After the job finishes, the PVC is still be available, but it is deleted with the `LMEvalJob`. Supports the following fields: `size`: The PVC size, compatible with standard PVC syntax (for example, 5Gi)
`outputs.pvcName`	Binds an existing PVC to a job by specifying its name. The PVC must be created separately and must already exist when creating the job.
`allowOnline`	If this parameter is set to `true`, the LMEval job downloads artifacts as needed (for example, models, datasets or tokenizers). If set to `false`, artifacts are not downloaded and are pulled from local storage instead. This setting is disabled by default. If you want to enable `allowOnline` mode, you can patch the TrustyAI operator `ConfigMap`.
`allowCodeExecution`	If this parameter is set to `true`, the LMEval job executes the necessary code for preparing models or datasets. If set to `false` it does not execute downloaded code.
`offline`	Mount a PVC as the local storage for models and datasets.

LM-Eval scenarios

The following procedures outline example scenarios that can be useful for an ML-Eval setup.

Configuring the LM-Eval environment

If the LMEvalJob needs to access a model on HuggingFace with the access token, you can set up the HF_TOKEN as one of the environment variables for the lm-eval container.

Prerequisites

You have logged in to Red Hat OpenShift AI.
Your OpenShift cluster administrator has installed OpenShift AI and enabled the TrustyAI service for the data science project where the models are deployed.

Procedure

To start an evaluation job for a huggingface model, apply the following YAML file:

apiVersion: trustyai.opendatahub.io/v1alpha1
kind: LMEvalJob
metadata:
  name: evaljob-sample
spec:
  model: hf
  modelArgs:
  - name: pretrained
    value: huggingfacespace/model
  taskList:
    taskNames:
    - unfair_tos/
  logSamples: true
  pod:
    container:
      env:
      - name: HF_TOKEN
        value: "My HuggingFace token"

(Optional) You can also create a secret to store the token, then refer the key from the secretKeyRef object using the following reference syntax:
```
env:
  - name: HF_TOKEN
    valueFrom:
      secretKeyRef:
        name: my-secret
        key: hf-token
```

Using a custom Unitxt card

You can run evaluations using custom Unitxt cards. To do this, include the custom Unitxt card in JSON format within the LMEvalJob YAML.

Prerequisites

You have logged in to Red Hat OpenShift AI.
Your OpenShift cluster administrator has installed OpenShift AI and enabled the TrustyAI service for the data science project where the models are deployed.

Procedure

Pass a custom Unitxt Card in JSON format:

apiVersion: trustyai.opendatahub.io/v1alpha1
kind: LMEvalJob
metadata:
  name: evaljob-sample
spec:
  model: hf
  modelArgs:
  - name: pretrained
    value: google/flan-t5-base
  taskList:
    taskRecipes:
    - template: "templates.classification.multi_class.relation.default"
      card:
        custom: |
          {
            "__type__": "task_card",
            "loader": {
              "__type__": "load_hf",
              "path": "glue",
              "name": "wnli"
            },
            "preprocess_steps": [
              {
                "__type__": "split_random_mix",
                "mix": {
                  "train": "train[95%]",
                  "validation": "train[5%]",
                  "test": "validation"
                }
              },
              {
                "__type__": "rename",
                "field": "sentence1",
                "to_field": "text_a"
              },
              {
                "__type__": "rename",
                "field": "sentence2",
                "to_field": "text_b"
              },
              {
                "__type__": "map_instance_values",
                "mappers": {
                  "label": {
                    "0": "entailment",
                    "1": "not entailment"
                  }
                }
              },
              {
                "__type__": "set",
                "fields": {
                  "classes": [
                    "entailment",
                    "not entailment"
                  ]
                }
              },
              {
                "__type__": "set",
                "fields": {
                  "type_of_relation": "entailment"
                }
              },
              {
                "__type__": "set",
                "fields": {
                  "text_a_type": "premise"
                }
              },
              {
                "__type__": "set",
                "fields": {
                  "text_b_type": "hypothesis"
                }
              }
            ],
            "task": "tasks.classification.multi_class.relation",
            "templates": "templates.classification.multi_class.relation.all"
          }
  logSamples: true

Inside the custom card specify the Hugging Face dataset loader:

"loader": {
              "__type__": "load_hf",
              "path": "glue",
              "name": "wnli"
            },

(Optional) You can use other Unitxt loaders (found on the Unitxt website) that contain the volumes and volumeMounts parameters to mount the dataset from persistent volumes. For example, if you use the LoadCSV Unitxt command, mount the files to the container and make the dataset accessible for the evaluation process.

Using PVCs as storage

To use a PVC as storage for the LMEvalJob results, you can use either managed PVCS or existing PVCs. Managed PVCs are managed by the TrustyAI operator. Existing PVCs are created by the end-user before the LMEvalJob is created.

Note	If both managed and existing PVCs are referenced in outputs, the TrustyAI operator defaults to the managed PVC.

Prerequisites

You have logged in to Red Hat OpenShift AI.
Your OpenShift cluster administrator has installed OpenShift AI and enabled the TrustyAI service for the data science project where the models are deployed.

Managed PVCs

To create a managed PVC, specify its size. The managed PVC is named <job-name>-pvc and is available after the job finishes. When the LMEvalJob is deleted, the managed PVC is also deleted.

Procedure

Enter the following code:

apiVersion: trustyai.opendatahub.io/v1alpha1
kind: LMEvalJob
metadata:
  name: evaljob-sample
spec:
  # other fields omitted ...
  outputs:
    pvcManaged:
      size: 5Gi

Notes on the code

outputs is the section for specifying custom storage locations
pvcManaged will create an operator-managed PVC
size (compatible with standard PVC syntax) is the only supported value

Existing PVCs

To use an existing PVC, pass its name as a reference. The PVC must exist when you create the LMEvalJob. The PVC is not managed by the TrustyAI operator, so it is available after deleting the LMEvalJob.

Procedure

Create a PVC. An example is the following:

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: "my-pvc"
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi

Reference the new PVC from the LMEvalJob.

apiVersion: trustyai.opendatahub.io/v1alpha1
kind: LMEvalJob
metadata:
  name: evaljob-sample
spec:
  # other fields omitted ...
  outputs:
    pvcName: "my-pvc"

Using an InferenceService

To run an evaluation job on an InferenceService which is already deployed and running in your namespace, define your LMEvalJob CR, then apply this CR into the same namespace as your model.

Prerequisites

You have logged in to Red Hat OpenShift AI.
Your OpenShift cluster administrator has installed OpenShift AI and enabled the TrustyAI service for the data science project where the models are deployed.
You have a namespace that contains an InferenceService with a vLLM model. This example assumes that the vLLM model is already deployed in your cluster.

Procedure

Define your LMEvalJob CR:

  apiVersion: trustyai.opendatahub.io/v1alpha1
kind: LMEvalJob
metadata:
  name: evaljob
spec:
  model: local-completions
  taskList:
    taskNames:
      - mmlu
  logSamples: true
  batchSize: 1
  modelArgs:
    - name: model
      value: granite
    - name: base_url
      value: $ROUTE_TO_MODEL/v1/completions
    - name: num_concurrent
      value:  "1"
    - name: max_retries
      value:  "3"
    - name: tokenized_requests
      value: "False"
    - name: tokenizer
      value: huggingfacespace/model
 env:
   - name: OPENAI_TOKEN
     valueFrom:
          secretKeyRef:
            name: <secret-name>
            key: token

Apply this CR into the same namespace as your model.

Verification

A pod spins up in your model namespace called evaljob. In the pod terminal, you can see the output via tail -f output/stderr.log.

Notes on the code

base_url should be set to the route/service URL of your model. Make sure to include the /v1/completions endpoint in the URL.
env.valueFrom.secretKeyRef.name should point to a secret that contains a token that can authenticate to your model. secretRef.name should be the secret’s name in the namespace, while secretRef.key should point at the token’s key within the secret.

secretKeyRef.name can equal the output of:

oc get secrets -o custom-columns=SECRET:.metadata.name --no-headers | grep user-one-token

secretKeyRef.key is set to token

Bias monitoring tutorial - Gender bias example

Step-by-step guidance for using TrustyAI in Open Data Hub to monitor machine learning models for bias.

Introduction

Ensuring that your machine learning models are fair and unbiased is essential for building trust with your users. Although you can assess fairness during model training, it is only in deployment that your models use real-world data. Even if your models are unbiased on training data, they can exhibit serious biases in real-world scenarios. Therefore, it is crucial to monitor your models for fairness during their real-world deployment.

In this tutorial, you learn how to monitor models for bias. You will use two example models to complete the following tasks:

Deploy the models by using multi-model serving.
Send training data to the models.
Examine the metadata for the models.
Check model fairness.
Schedule and check fairness and identity metric requests.
Simulate real-world data.

About the example models

For this tutorial, your role is a DevOps engineer for a credit lending company. The company’s data scientists have created two candidate neural network models to predict whether a borrower will default on a loan. Both models make predictions based on the following information from the borrower’s application:

Number of Children
Total Income
Number of Total Family Members
Is Male-Identifying?
Owns Car?
Owns Realty?
Is Partnered?
Is Employed?
Lives with Parents?
Age (in days)
Length of Employment (in days)

As the DevOps engineer, your task is to verify that the models are not biased against the Is Male-Identifying? gender field. To complete this task, you can monitor the models by using the Statistical Parity Difference (SPD) metric, which reports whether there is a difference between how often male-identifying and non-male-identifying applicants are given favorable predictions (that is, they are predicted to pay off their loans). An ideal SPD metric is 0, meaning both groups are equally likely to receive a positive outcome. An SPD between -0.1 and 0.1 also indicates fairness, as it reflects only a +/-10% variation between the groups.

Setting up your environment

To set up your environment for this tutorial, complete the following tasks:

Download tutorial files from the trustyai-explainability repository.
Log in to the OpenShift cluster from the command line.
Configure monitoring for the model serving platform.
Enable the TrustyAI component in the Open Data Hub Operator.
Set up a project.
Authenticate the TrustyAI service.

Prerequisites

The Open Data Hub Operator is installed on your OpenShift Container Platform cluster.
You have cluster administrator privileges for your OpenShift Container Platform cluster.
You have downloaded and installed the OpenShift command-line interface (CLI). See Installing the OpenShift CLI.

Downloading the tutorial files

Go to https://github.com/trustyai-explainability/odh-trustyai-demos/tree/main.
Click the Code button and then click Download ZIP to download the repository.
Extract the downloaded repository files.

Logging in to the OpenShift cluster from the command line

Obtain the command for logging in to the OpenShift cluster from the command line:
1. In the upper-right corner of the OpenShift Container Platform web console, click your user name and select Copy login command.
2. Log in with your credentials and then click Display token.
3. Copy the Log in with this token command, which has the following syntax:
  $ oc login --token=<token> --server=<openshift_cluster_url>
In a terminal window, paste and run the login command.

Configuring monitoring for the model serving platform

To enable monitoring on user-defined projects, you must configure monitoring for the model serving platform.

Run the following command from the directory containing the downloaded tutorial files (odh-trustyai-demos-main):
```
oc apply -f 1-Installation/resources/enable_uwm.yaml
```
To configure monitoring to store metric data for 15 days, run the following command from the directory containing the downloaded tutorial files (odh-trustyai-demos-main):
```
oc apply -f 1-Installation/resources/uwm_configmap.yaml
```

For more information, see Configuring monitoring for the multi-model serving platform.

Enabling the TrustyAI component

To allow your data scientists to use model monitoring with TrustyAI, you must enable the TrustyAI component in Open Data Hub.

Prerequisites

You have cluster administrator privileges for your OpenShift Container Platform cluster.
You have access to the data science cluster.
You have installed Open Data Hub.

Procedure

In the OpenShift Container Platform console, click Operators → Installed Operators.
Search for the Open Data Hub Operator, and then click the Operator name to open the Operator details page.
Click the Data Science Cluster tab.
Click the default instance name (for example, default-dsc) to open the instance details page.
Click the YAML tab to show the instance specifications.
In the spec:components section, set the managementState field for the trustyai component to Managed:
```
 trustyai:
    managementState: Managed
```
Click Save.

Verification

Check the status of the trustyai-service-operator pod:

In the OpenShift Container Platform console, from the Project list, select opendatahub.
Click Workloads → Deployments.
Search for the trustyai-service-operator-contoller-manager deployment. Check the status:
1. Click the deployment name to open the deployment details page.
2. Click the Pods tab.
3. View the pod status.
  
  When the status of the trustyai-service-operator-controller-manager-<pod-id> pod is Running, the pod is ready to use.

Setting up a project

For this tutorial, you must create a project named model-namespace.

To create a new project named model-namespace, run the following command from the directory containing the downloaded tutorial files (odh-trustyai-demos-main):
```
oc new-project model-namespace
```

Prepare the model-namespace project for multi-model serving:

oc label namespace model-namespace "modelmesh-enabled=true" --overwrite=true

Authenticating the TrustyAI service

TrustyAI endpoints are authenticated with a Bearer token. To obtain this token and set a variable (TOKEN) to use later, run the following command:

export TOKEN=$(oc whoami -t)

Deploying models

Procedure

To deploy the models for this tutorial, run the following commands from the directory containing the downloaded tutorial files (odh-trustyai-demos-main).

Navigate to the model-namespace project you created:
```
oc project model-namespace
```

Deploy the model’s storage container:

oc apply -f 2-BiasMonitoring/resources/model_storage_container.yaml

Deploy the OVMS 1.x serving runtime:

oc apply -f 2-BiasMonitoring/resources/ovms-1.x.yaml

Deploy the first model:

oc apply -f 2-BiasMonitoring/resources/model_alpha.yaml

Deploy the second model:

oc apply -f 2-BiasMonitoring/resources/model_beta.yaml

Verification

In the OpenShift Container Platform console, click Workloads → Pods.
Confirm that there are four pods:
- minio
- modelmesh-serving-ovms-1.x-xxxxxxxxxx-xxxxx
- modelmesh-serving-ovms-1.x-xxxxxxxxxx-xxxxx
- trustyai-service-xxxxxxxxxx-xxxxx
  
  When the TrustyAI service has registered the deployed models, the modelmesh-serving-ovms-1.x-xxxxx pods are redeployed.
To verify that TrustyAI has registered the models:
1. Select one of the modelmesh-serving-ovms-1.x-xxxxx pods.
2. Click the Environment tab and confirm that the MM_PAYLOAD_PROCESSORS field is set.

Sending training data to the models

Pass the training data through the models.

Procedure

In a terminal window, run the following command from the directory that contains the downloaded tutorial files (odh-trustyai-demos-main):
```
for batch in 0 250 500 750 1000 1250 1500 1750 2000 2250; do
  2-BiasMonitoring/scripts/send_data_batch
2-BiasMonitoring/data/training/$batch.json
done
```
This process can take several minutes.

Verification

View the script verification messages that indicate whether TrustyAI is receiving the data.
Verify that the process is running by viewing the cluster metrics:
1. In the OpenShift Container Platform web console, click Observe → Metrics.
2. In the Expression field, enter trustyai_model_observations_total and click Run Queries.
3. Confirm that both models are listed with around 2250 inferences each, which indicates that TrustyAI has cataloged enough inputs and outputs to begin analysis.
4. Optional: You can select a time range and refresh interval:
  - From the Time range list, select 5 minutes.
  - From the Refresh interval list, select 15 seconds.
Verify that TrustyAI can access the models by examining the model metadata:
1. Find the route to the TrustyAI service:
  TRUSTY_ROUTE=https://$(oc get route/trustyai-service --template={{.spec.host}}); echo $TRUSTY_ROUTE
2. Query the /info endpoint:
  curl -H "Authorization: Bearer ${TOKEN}" $TRUSTY_ROUTE/info | jq
  A JSON file is generated with the following information for each model:
  - The names, data types, and positions of fields in the input and output.
  - The observed values that these fields take.
  - The total number of input-output pairs observed.
For an example output file, see the odh-trustyai-demos-main/2-BiasMonitoring/scripts/info_response.json file in your downloaded tutorial files.

Labeling data fields

You can apply name mappings to your inputs and outputs for more meaningful field names by sending a POST request to the /info/names endpoint.

For this tutorial, run the following command from the directory containing the downloaded tutorial files (odh-trustyai-demos-main):

2-BiasMonitoring/scripts/apply_name_mapping.sh

For general steps, see Labeling data fields.

To understand the payload structure, see the odh-trustyai-demos-main/2-BiasMonitoring/scripts/apply_name_mapping.sh file in your downloaded tutorial files.

Checking model fairness

Compute the model’s cumulative fairness up to this point.

Procedure

In a terminal window, run the following script from the directory containing the downloaded tutorial files (odh-trustyai-demos-main) to check the /metrics/group/fairness/spd endpoint:

echo -e "=== MODEL ALPHA ==="
curl -sk -H "Authorization: Bearer ${TOKEN}" -X POST --location $TRUSTY_ROUTE/metrics/group/fairness/spd/ \
     --header 'Content-Type: application/json' \
     --data "{
                 \"modelId\": \"demo-loan-nn-onnx-alpha\",
                 \"protectedAttribute\": \"Is Male-Identifying?\",
                 \"privilegedAttribute\": 1.0,
                 \"unprivilegedAttribute\": 0.0,
                 \"outcomeName\": \"Will Default?\",
                 \"favorableOutcome\": 0,
                 \"batchSize\": 5000
             }" | jq
echo -e "\n\n=== MODEL BETA ==="
curl -sk -H "Authorization: Bearer ${TOKEN}" -X POST --location $TRUSTY_ROUTE/metrics/group/fairness/spd \
     --header 'Content-Type: application/json' \
     --data "{
                 \"modelId\": \"demo-loan-nn-onnx-beta\",
                 \"protectedAttribute\": \"Is Male-Identifying?\",
                 \"privilegedAttribute\": 1.0,
                 \"unprivilegedAttribute\": 0.0,
                 \"outcomeName\": \"Will Default?\",
                 \"favorableOutcome\": 0,
                 \"batchSize\": 5000
             }" | jq
echo

The payload structure is as follows:

modelId: The name of the model to query.
protectedAttribute: The name of the feature that distinguishes the groups that you are checking for fairness over.
privilegedAttribute: The value of the protectedAttribute that describes the suspected favored (positively biased) class.
unprivilegedAttribute: The value of the protectedAttribute that describes the suspected unfavored (negatively biased) class.
outcomeName: The name of the output that provides the output you are examining for fairness.
favorableOutcome: The value of the outcomeName output that describes the favorable model prediction.
batchSize: The number of previous inferences to include in the calculation.

Verification

Confirm that you see outputs similar to the following examples:

Model Alpha

=== MODEL ALPHA ===
{
  "timestamp": "2024-07-25T16:26:50.412+00:00",
  "type": "metric",
  "value": 0.003056835834369387,
  "namedValues": null,
  "specificDefinition": "The SPD of 0.003057 indicates that the likelihood of Group:Is Male-Identifying?=[1.0] receiving Outcome:Will Default?=[0] was 0.305684 percentage points higher than that of Group:Is Male-Identifying?=[0.0].",
  "name": "SPD",
  "id": "542bd51e-dd2f-40f6-947f-c1c22bd71765",
  "thresholds": {
    "lowerBound": -0.1,
    "upperBound": 0.1,
    "outsideBounds": false
  }
}

Model Beta

=== MODEL BETA ===
{
  "timestamp": "2024-07-25T16:26:50.648+00:00",
  "type": "metric",
  "value": 0.029078518433627354,
  "namedValues": null,
  "specificDefinition": "The SPD of 0.029079 indicates that the likelihood of Group:Is Male-Identifying?=[1.0] receiving Outcome:Will Default?=[0] was 2.907852 percentage points higher than that of Group:Is Male-Identifying?=[0.0].",
  "name": "SPD",
  "id": "df292f06-9255-4158-8b02-4813a8777b7b",
  "thresholds": {
    "lowerBound": -0.1,
    "upperBound": 0.1,
    "outsideBounds": false
  }
}

The specificDefinition field is important in understanding the real-world interpretation of these metric values; you can see that both model Alpha and Beta are fair over the Is Male-Identifying field, with the two groups' rates of positive outcomes only differing by -0.3% for model Alpha and 2.8% for model Beta.

Scheduling a fairness metric request

After you confirm that the models are fair over the training data, you want to ensure that they remain fair over real-world inference data. To monitor their fairness, you can schedule a metric request to compute at recurring intervals throughout deployment by passing the same payloads to the /metrics/group/fairness/spd/request endpoint.

Procedure

In a terminal window, run the following script from the directory containing the downloaded tutorial files (odh-trustyai-demos-main):

echo -e "\n\n=== MODEL ALPHA ===\n"
curl -sk -H "Authorization: Bearer ${TOKEN}" -X POST --location $TRUSTY_ROUTE/metrics/group/fairness/spd/request \
     --header 'Content-Type: application/json' \
     --data "{
                 \"modelId\": \"demo-loan-nn-onnx-alpha\",
                 \"protectedAttribute\": \"Is Male-Identifying?\",
                 \"privilegedAttribute\": 1.0,
                 \"unprivilegedAttribute\": 0.0,
                 \"outcomeName\": \"Will Default?\",
                 \"favorableOutcome\": 0,
                 \"batchSize\": 5000
             }"
echo -e "\n\n=== MODEL BETA ===\n"
curl -sk -H "Authorization: Bearer ${TOKEN}" -X POST --location $TRUSTY_ROUTE/metrics/group/fairness/spd/request \
     --header 'Content-Type: application/json' \
     --data "{
                 \"modelId\": \"demo-loan-nn-onnx-beta\",
                 \"protectedAttribute\": \"Is Male-Identifying?\",
                 \"privilegedAttribute\": 1.0,
                 \"unprivilegedAttribute\": 0.0,
                 \"outcomeName\": \"Will Default?\",
                 \"favorableOutcome\": 0,
                 \"batchSize\": 5000
             }"
echo

These commands return the IDs of the created requests. Later, you can use these IDs to delete the scheduled requests.

Verification

In the OpenShift Container Platform web console, click Observe → Metrics.
In the Expression field, enter trustyai_spd and click Run Queries.
Optional: After running a query, you can select a time range and refresh interval:
- From the Time range list, select 5 minutes.
- From the Refresh interval list, select 15 seconds.

Scheduling an identity metric request

You can monitor the average values of various data fields over time to see the average ratio of loan-payback to loan-default predictions and the average ratio of male-identifying to non-male-identifying applicants. To monitor the average values, you create an identity metric request by sending a POST request to the /metrics/identity/request endpoint.

Procedure

In a terminal window, run the following command from the directory containing the downloaded tutorial files (odh-trustyai-demos-main):

for model in "demo-loan-nn-onnx-alpha" "demo-loan-nn-onnx-beta"; do
  for field in "Is Male-Identifying?" "Will Default?"; do
      curl -sk -H "Authorization: Bearer ${TOKEN}" -X POST --location $TRUSTY_ROUTE/metrics/identity/request \
       --header 'Content-Type: application/json' \
       --data "{
                 \"columnName\": \"$field\",
                 \"batchSize\": 250,
                 \"modelId\": \"$model\"
               }"
	echo -e
  done
done

The payload structure is as follows:

columnName: The name of the field to compute the averaging over.
batchSize: The number of previous inferences to include in the average-value calculation.
modelId: The name of the model to query.

Verification

In the OpenShift Container Platform web console, click Observe → Metrics.
In the Expression field, enter trustyai_identity and click Run Queries.
Optional: After running a query, you can select a time range and refresh interval:
- From the Time range list, select 5 minutes.
- From the Refresh interval list, select 15 seconds.

Simulating real world data

Now that you have scheduled your fairness and identify metric requests, you can simulate sending some "real world" data through your models to see if they remain fair.

Procedure

In a terminal window, run the following command from the directory containing the downloaded tutorial files (odh-trustyai-demos-main):

for batch in "01" "02" "03" "04" "05" "06" "07" "08"; do
  ./2-BiasMonitoring/scripts/send_data_batch 2-BiasMonitoring/data/batch_$batch.json
  sleep 5
done

Verification

In the OpenShift Container Platform web console, click Observe → Metrics and watch the SPD and identity metric request values change.

Reviewing the results

Are the models biased?

The two models have drastically different fairness levels when applied to the simulated real-world data. Model Alpha (blue) stayed within the "acceptably fair" range between -0.1 and 0.1, ending around 0.09. However, Model Beta (yellow) plummeted out of the fair range, ending at -0.274. This indicates that non-male-identifying applicants were 27% less likely to receive a favorable outcome from Model Beta compared to male-identifying applicants.

To explore this further, you can analyze your identity metrics, starting by looking at the inbound ratio of male-identifying to non-male-identifying applicants:

In the training data, the ratio between male and non-male was around 0.8, but in the real-world data, it dropped to 0, meaning all applicants were non-male. This is a strong indicator that the training data did not match the real-world data, which is likely to indicate poor or biased model performance.

How does the production data compare to the training data?

Even though Model Alpha (green) was only exposed to non-male applicants, it still provided varying outcomes to the various applicants, predicting "will-default" in about 25% of cases. In contrast, Model Beta (purple) predicted "will-default" 100% of the time, meaning it predicted that every non-male applicant would default on their loan. This suggests that Model Beta is performing poorly on the real-world data or has encoded a systematic bias from its training, leading to the assumption that all non-male applicants will default.

These examples highlight the critical importance of monitoring bias in production. Models that are equally fair during training can perform very differently when applied to real-world data, with hidden biases emerging only in actual use. By using TrustyAI to detect these biases early, you can safeguard against the potential harm caused by biased models in production.

1. Marco Tulio Ribeiro, Sameer Singh, Carlos Guestrin. "Why Should I Trust You?": Explaining the Predictions of Any Classifier." Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data mining, 2016. Pages 1135-1144.

2. Scott Lundberg, Su-In Lee. "A Unified Approach to Interpreting Model Predictions." Advances in Neural Information Processing Systems, 2017.

3. Avanti Shrikumar, Peyton Greenside, Anshul Kundaje. "Learning Important Features Through Propagating Activation Differences." CoRR abs/1704.02685, 2017.

QUICK LINKS

STAY IN TOUCH