Install AlloyDB Omni with AlloyDB AI

This page shows you how to install AlloyDB Omni and integrate AlloyDB AI in it.

AlloyDB AI is a suite of features included with AlloyDB Omni that let you build enterprise generative AI applications. For more information about the ML functionality of AlloyDB, see Build generative AI applications.

AlloyDB Omni with AlloyDB AI lets you query remote ML models to work with online predictions and text embeddings generated from ML models. AlloyDB Omni with AlloyDB AI can also process vector embeddings from other content such as an image, for example, if you use the google_ml.predict_row interface and do the translation yourself in the query.

Single-server

Configure your AlloyDB Omni instance to query remote models

If your machine is air-gapped for security reasons, AlloyDB Omni can also query a model that is hosted on the same or any other machine also accessible from the machine where AlloyDB Omni runs.

To configure AlloyDB Omni to query remote models, follow these steps:

Create a service account with Google Cloud.
Create a service account key, in JSON format, and download it.

Note: Service account keys are a security risk if not managed correctly. You are responsible for the security of the private key and for other operations described by Best practices for managing service account keys. If you are prevented from creating a service account key, service account key creation might be disabled for your organization. For more information, see Managing secure-by-default organization resources.
Store the key in a permanent location on your file system. It resides at this location for the lifetime of your AlloyDB Omni server.

Note its location on your file system; you need it for the next step.
Add Vertex AI Identity and Access Management (IAM) permissions to the appropriate project and service account.
```
gcloud projects add-iam-policy-binding PROJECT_ID \
    --member="serviceAccount:SERVICE_ACCOUNT_ID" \
    --role="roles/aiplatform.user"
```
Replace the following:
- PROJECT_ID: the ID of your Google Cloud project.
- SERVICE_ACCOUNT_ID: the ID of the service account that you created in the previous step. This includes the full @PROJECT_ID.iam.gserviceaccount.com suffix—for example, my-service@my-project.iam-gserviceaccount.com.

Install AlloyDB Omni with AlloyDB AI

To install AlloyDB Omni and integrate AlloyDB AI, follow these steps:

Ensure you completed all of the steps listed in Configure your AlloyDB Omni to query cloud-based models.

Make a local copy of the default AlloyDB Omni configuration file:

docker run -i --rm google/alloydbomni cat /usr/share/postgresql/postgresql.conf.sample > my-postgres.conf

Edit the configuration file copy to add directives for AlloyDB AI integration:

echo "omni_enable_ml_agent_process = 'on'" >> my-postgres.conf
echo "omni_google_cloud_private_key_file_path = '/etc/postgresql/private-key.json'" >> my-postgres.conf

Adjust the file system permissions of the key and configuration files:
```
sudo chmod +r my-postgres.conf
sudo chmod +r KEY_PATH
```
Replace KEY_PATH with the path to the service account private key file on your host file system. This is the key that you created and downloaded earlier in this procedure.
Install the key and configuration files mounted onto the container:
```
docker run --name CONTAINER_NAME -e POSTGRES_PASSWORD=NEW_PASSWORD -p HOST_PORT:5432 -v "$PWD/my-postgres.conf":/etc/postgresql/postgresql.conf -v "FULL_KEY_PATH":/etc/postgresql/private-key.json -d google/alloydbomni -c 'config_file=/etc/postgresql/postgresql.conf'
```
Replace the following:
- CONTAINER_NAME: the name to assign this new simplified AlloyDB Omni installation method container in your host machine's container registry—for example, my-omni-1.
- NEW_PASSWORD: the password assigned to new container's postgres user after its creation.
- HOST_PORT: the TCP port on the host machine that the container should publish its own port 5432 to. To use the PostgreSQL default port on the host machine as well, specify 5432.
- FULL_KEY_PATH: the full file system path to the service account private key file on your host system.

Kubernetes

Configure your AlloyDB Omni instance to query remote models

If your machine is air-gapped for security reasons, AlloyDB Omni can also query a model that is hosted on the same or any other machine also accessible from the machine where AlloyDB Omni runs.

To configure AlloyDB Omni to query remote models, follow these steps:

Create a service account with Google Cloud.
Create a service account key save it in JSON format to the private-key.json file, and download it.

Note: Service account keys are a security risk if not managed correctly. You are responsible for the security of the private key and for other operations described by Best practices for managing service account keys. If you are prevented from creating a service account key, service account key creation might be disabled for your organization. For more information, see Managing secure-by-default organization resources.
Store the key in a permanent location on your file system. It resides at this location for the lifetime of your AlloyDB Omni server.

Note its location on your file system; you need it for the subsequent steps.
Add Vertex AI Identity and Access Management (IAM) permissions to the appropriate project and service account.
```
gcloud projects add-iam-policy-binding PROJECT_ID \
    --member="serviceAccount:SERVICE_ACCOUNT_ID" \
    --role="roles/aiplatform.user"
```
Replace the following:
- PROJECT_ID: the ID of your Google Cloud project.
- SERVICE_ACCOUNT_ID: the ID of the service account that you created in the previous step. This includes the full @PROJECT_ID.iam.gserviceaccount.com suffix—for example, my-service@my-project.iam-gserviceaccount.com.

Create a Kubernetes secret using the service account key

To create a Kubernetes secret based on the service account key downloaded in the preceding steps, run the following command:

kubectl create secret generic SECRET_NAME \
--from-file=PATH_TO_SERVICE_ACCOUNT_KEY/private-key.json \
-n NAMESPACE

Replace the following:

SECRET_NAME: the name of the secret used when you create a DBCluster manifest to enable AlloyDB Omni to access AlloyDB AI features. For example, vertex-ai-key-alloydb.
PATH_TO_SERVICE_ACCOUNT_KEY: the path to the location where you downloaded the private-key.json service account key.
NAMESPACE: the namespace of the database cluster.

Install the AlloyDB Omni Operator

Install the AlloyDB Omni Operator using steps listed in Install the AlloyDB Omni Operator.

Create a database cluster with AlloyDB AI

Create a database cluster with AlloyDB AI and set vertexAIKeyRef to the Kubernetes secret created in the preceding steps under the googleMLExtension field in the DBCluster manifest.
```
    apiVersion: v1
    kind: Secret
    metadata:
    name: db-pw-DB_CLUSTER_NAME
    type: Opaque
    data:
    DB_CLUSTER_NAME: "ENCODED_PASSWORD"
    ---
    apiVersion: alloydbomni.dbadmin.goog/v1
    kind: DBCluster
    metadata:
    name: DB_CLUSTER_NAME
    spec:
    databaseVersion: "15.5.2"
    primarySpec:
        features:
            googleMLExtension:
                config:
                    vertexAIKeyRef: SECRET_NAME
                    vertexAIRegion: VERTEX_AI_REGION
        adminUser:
        passwordRef:
            name: db-pw-DB_CLUSTER_NAME
        resources:
        cpu: CPU_COUNT
        memory: MEMORY_SIZE
        disks:
        - name: DataDisk
            size: DISK_SIZE
            storageClass: standard
```
Replace the following:
- DB_CLUSTER_NAME: the name of this database cluster—for example, my-db-cluster.
- VERTEX_AI_REGION (Optional): the Vertex AI regional endpoint you want to send your request to—for example, us-west4. The default value is us-central1, if not set explicitly.
- ENCODED_PASSWORD: the database login password for the default postgres user role, encoded as a base64 string—for example, Q2hhbmdlTWUxMjM= for ChangeMe123.
- CPU_COUNT: the number of CPUs available to each database instance in this database cluster.
- MEMORY_SIZE: the amount of memory per database instance of this database cluster. We recommend setting this to 8 gigabytes per CPU. For example, if you set cpu to 2 earlier in this manifest, then we recommend setting memory to 16Gi.
- DISK_SIZE: the disk size per database instance—for example, 10Gi.
Apply the manifest.
```
kubectl apply -f DB_CLUSTER_YAML
```
Replace the following:
- DB_CLUSTER_YAML: the name of this database cluster manifest file—for example, alloydb-omni-db-cluster.yaml.

Verify AlloyDB Omni with AlloyDB AI installation

To verify your installation is successful and uses model prediction, enter the following:

   CREATE EXTENSION google_ml_integration CASCADE;

   SELECT array_dims(embedding( 'textembedding-gecko@001', 'AlloyDB AI')::real[]); 
   array_dims

The output looks similar to the following:

    [1:768]
    (1 row)

In the previous query, the embedding() call generates embeddings for the input text AlloyDB AI. array_dims returns the dimensions of the array returned by embedding(). Since the pre-registered textembedding-gecko model returns an output with 768 dimensions, the output is [768].

Install AlloyDB Omni with AlloyDB AI

Single-server

Configure your AlloyDB Omni instance to query remote models

Install AlloyDB Omni with AlloyDB AI

Kubernetes

Configure your AlloyDB Omni instance to query remote models

Create a Kubernetes secret using the service account key

Install the AlloyDB Omni Operator

Create a database cluster with AlloyDB AI

Verify AlloyDB Omni with AlloyDB AI installation

What's next