This page shows you how to install AlloyDB Omni and integrate AlloyDB AI in it.
AlloyDB AI is a suite of features included with AlloyDB Omni that let you build enterprise generative AI applications. For more information about the ML functionality of AlloyDB, see Build generative AI applications.
AlloyDB Omni with AlloyDB AI lets you query remote ML models to work with online predictions and text embeddings generated from ML models. AlloyDB Omni with AlloyDB AI can also process vector embeddings from other content such as an image, for example, if you use the google_ml.predict_row
interface and do the translation yourself in the query.
Single-server
Configure your AlloyDB Omni instance to query remote models
If your machine is air-gapped for security reasons, AlloyDB Omni can also query a model that is hosted on the same or any other machine also accessible from the machine where AlloyDB Omni runs.
To configure AlloyDB Omni to query remote models, follow these steps:
Create a service account with Google Cloud.
Create a service account key, in JSON format, and download it.
Store the key in a permanent location on your file system. It resides at this location for the lifetime of your AlloyDB Omni server.
Note its location on your file system; you need it for the next step.
Add Vertex AI Identity and Access Management (IAM) permissions to the appropriate project and service account.
gcloud projects add-iam-policy-binding PROJECT_ID \ --member="serviceAccount:SERVICE_ACCOUNT_ID" \ --role="roles/aiplatform.user"
Replace the following:
PROJECT_ID
: the ID of your Google Cloud project.SERVICE_ACCOUNT_ID
: the ID of the service account that you created in the previous step. This includes the full@PROJECT_ID.iam.gserviceaccount.com
suffix—for example,my-service@my-project.iam-gserviceaccount.com
.
Install AlloyDB Omni with AlloyDB AI
To install AlloyDB Omni and integrate AlloyDB AI, follow these steps:
Ensure you completed all of the steps listed in Configure your AlloyDB Omni to query cloud-based models.
Make a local copy of the default AlloyDB Omni configuration file:
docker run -i --rm google/alloydbomni cat /usr/share/postgresql/postgresql.conf.sample > my-postgres.conf
Edit the configuration file copy to add directives for AlloyDB AI integration:
echo "omni_enable_ml_agent_process = 'on'" >> my-postgres.conf
echo "omni_google_cloud_private_key_file_path = '/etc/postgresql/private-key.json'" >> my-postgres.conf
Adjust the file system permissions of the key and configuration files:
sudo chmod +r my-postgres.conf
sudo chmod +r KEY_PATH
Replace
KEY_PATH
with the path to the service account private key file on your host file system. This is the key that you created and downloaded earlier in this procedure.Install the key and configuration files mounted onto the container:
docker run --name CONTAINER_NAME -e POSTGRES_PASSWORD=NEW_PASSWORD -p HOST_PORT:5432 -v "$PWD/my-postgres.conf":/etc/postgresql/postgresql.conf -v "FULL_KEY_PATH":/etc/postgresql/private-key.json -d google/alloydbomni -c 'config_file=/etc/postgresql/postgresql.conf'
Replace the following:
CONTAINER_NAME
: the name to assign this new simplified AlloyDB Omni installation method container in your host machine's container registry—for example,my-omni-1
.NEW_PASSWORD
: the password assigned to new container'spostgres
user after its creation.HOST_PORT
: the TCP port on the host machine that the container should publish its own port 5432 to. To use the PostgreSQL default port on the host machine as well, specify5432
.FULL_KEY_PATH
: the full file system path to the service account private key file on your host system.
Kubernetes
Configure your AlloyDB Omni instance to query remote models
If your machine is air-gapped for security reasons, AlloyDB Omni can also query a model that is hosted on the same or any other machine also accessible from the machine where AlloyDB Omni runs.
To configure AlloyDB Omni to query remote models, follow these steps:
Create a service account with Google Cloud.
Create a service account key save it in JSON format to the
private-key.json
file, and download it.Store the key in a permanent location on your file system. It resides at this location for the lifetime of your AlloyDB Omni server.
Note its location on your file system; you need it for the subsequent steps.
Add Vertex AI Identity and Access Management (IAM) permissions to the appropriate project and service account.
gcloud projects add-iam-policy-binding PROJECT_ID \ --member="serviceAccount:SERVICE_ACCOUNT_ID" \ --role="roles/aiplatform.user"
Replace the following:
PROJECT_ID
: the ID of your Google Cloud project.SERVICE_ACCOUNT_ID
: the ID of the service account that you created in the previous step. This includes the full@PROJECT_ID.iam.gserviceaccount.com
suffix—for example,my-service@my-project.iam-gserviceaccount.com
.
Create a Kubernetes secret using the service account key
To create a Kubernetes secret based on the service account key downloaded in the preceding steps, run the following command:
kubectl create secret generic SECRET_NAME \
--from-file=PATH_TO_SERVICE_ACCOUNT_KEY/private-key.json \
-n NAMESPACE
Replace the following:
SECRET_NAME
: the name of the secret used when you create aDBCluster
manifest to enable AlloyDB Omni to access AlloyDB AI features. For example,vertex-ai-key-alloydb
.PATH_TO_SERVICE_ACCOUNT_KEY
: the path to the location where you downloaded theprivate-key.json
service account key.NAMESPACE
: the namespace of the database cluster.
Install the AlloyDB Omni Operator
Install the AlloyDB Omni Operator using steps listed in Install the AlloyDB Omni Operator.
Create a database cluster with AlloyDB AI
Create a database cluster with AlloyDB AI and set
vertexAIKeyRef
to the Kubernetes secret created in the preceding steps under thegoogleMLExtension
field in theDBCluster
manifest.apiVersion: v1 kind: Secret metadata: name: db-pw-DB_CLUSTER_NAME type: Opaque data: DB_CLUSTER_NAME: "ENCODED_PASSWORD" --- apiVersion: alloydbomni.dbadmin.goog/v1 kind: DBCluster metadata: name: DB_CLUSTER_NAME spec: databaseVersion: "15.5.2" primarySpec: features: googleMLExtension: config: vertexAIKeyRef: SECRET_NAME vertexAIRegion: VERTEX_AI_REGION adminUser: passwordRef: name: db-pw-DB_CLUSTER_NAME resources: cpu: CPU_COUNT memory: MEMORY_SIZE disks: - name: DataDisk size: DISK_SIZE storageClass: standard
Replace the following:
DB_CLUSTER_NAME
: the name of this database cluster—for example,my-db-cluster
.VERTEX_AI_REGION
(Optional): the Vertex AI regional endpoint you want to send your request to—for example,us-west4
. The default value isus-central1
, if not set explicitly.ENCODED_PASSWORD
: the database login password for the defaultpostgres
user role, encoded as a base64 string—for example,Q2hhbmdlTWUxMjM=
forChangeMe123
.CPU_COUNT
: the number of CPUs available to each database instance in this database cluster.MEMORY_SIZE
: the amount of memory per database instance of this database cluster. We recommend setting this to 8 gigabytes per CPU. For example, if you setcpu
to2
earlier in this manifest, then we recommend settingmemory
to16Gi
.DISK_SIZE
: the disk size per database instance—for example,10Gi
.
Apply the manifest.
kubectl apply -f DB_CLUSTER_YAML
Replace the following:
DB_CLUSTER_YAML
: the name of this database cluster manifest file—for example,alloydb-omni-db-cluster.yaml
.
Verify AlloyDB Omni with AlloyDB AI installation
To verify your installation is successful and uses model prediction, enter the following:
CREATE EXTENSION google_ml_integration CASCADE;
SELECT array_dims(embedding( 'textembedding-gecko@001', 'AlloyDB AI')::real[]);
array_dims
The output looks similar to the following:
[1:768]
(1 row)
In the previous query, the embedding()
call generates embeddings for the input text AlloyDB AI
.
array_dims
returns the dimensions of the array returned by embedding()
.
Since the pre-registered textembedding-gecko
model returns an output with 768 dimensions, the output is [768]
.
What's next
- Run and connect to AlloyDB Omni
- Manage AlloyDB Omni
- Build generative AI applications using AlloyDB AI
- Register and call remote AI models