Enabling GenAI Builder on Hybrid Manager
GenAI Builder is EDB's integration of Griptape, a tool that allows you to build AI agents.
To enable the GenAI Builder launchpad application in your Hybrid Manager instance you must create a secret for the application and configure dedicated object storage.
Creating a secret for GenAI Builder
For EKS installations using the eks-install-secrets.sh script, you can skip key and secret creation and go straight to Configure DataLake object storage, CORS configuration and Backing up the Fernet key. Other EKS setups and operating systems require manual secret creation with the Fernet key.
Create a Fernet key and store in a variable:
FERNET_KEY=$(dd if=/dev/urandom bs=32 count=1 2>/dev/null | base64)
Note
Fernet is a cryptographic library used by Python. It provides symmetric encryption/decryption and is required to store secret data.
Create a namespace for the integration:
kubectl create namespace upm-griptape
Create a secret that references the created fernet key and is stored in the dedicated namespace:
kubectl apply -f - <<EOF apiVersion: v1 kind: Secret metadata: name: fernet-secret namespace: upm-griptape stringData: FERNET_KEY: ${FERNET_KEY} EOF
Configuring DataLake object storage for GenAI builder
Create a DataLake bucket in the object storage you are using for your Hybrid Manager deployment. GenAI Builder will use it to store structures, tools, and indexed data.
aws s3 mb s3://<your-griptape-datalake-bucket-name> –region <your-region>
gsutil mb -l <your-region> gs://<your-griptape-datalake-bucket-name>
Use your provider’s management console or CLI to create a new bucket with a unique name for your Griptape DataLake bucket.
Note the following information for your bucket. You will need it later when first using the GenAI launchpad application. The UI will prompt you for your DataLake bucket configuration, which requires the following:
DATA_LAKE_ROOT_BUCKET: The name of the bucket for use with DataLake.DATA_LAKE_S3_ACCESS_KEY: The access_key used to connect to the DataLake bucket.DATA_LAKE_S3_SECRET_ACCESS_KEY: The secret_access_key used to connect to the DataLake bucket.DATA_LAKE_S3_ENDPOINT_UR: The endpoint URL used to connect to the DataLake bucket.
Configuring CORS
Update the bucket's settings to have the following CORS configuration:
[
{
"AllowedHeaders": [
"*"
],
"AllowedMethods": [
"PUT",
"POST",
"DELETE",
"GET",
"HEAD"
],
"AllowedOrigins": [
"https://${PORTAL_DOMAIN_NAME}"
],
"ExposeHeaders": []
}
]Where https://${PORTAL_DOMAIN_NAME} is the domain configured for your Hybrid Manager.
The S3 interoperability layer in GCS allows GenAI Builder to utilize GCS as an S3-compatible object store.
In the GCS console, under Settings, turn on the s3 interoperability.
Update or create a service account with the Storage Admin and Service Account Token Creator roles.
Create an HMAC key pair for thay service account.
Create a config file with a CORS configuration that points at the Hybrid Manager endpoint:
cat cors-config.json [ { "origin": ["https://${PORTAL_DOMAIN_NAME}"], "method": ["GET", "PUT", "POST", "DELETE", "HEAD"], "responseHeader": ["*"], "maxAgeSeconds": 3600 } ]Where
https://${PORTAL_DOMAIN_NAME}is the domain configured for your Hybrid Manager.Apply the CORS configuration to the previously created bucket:
gsutil cors set cors-config.json gs://<bucket name>
Use your provider’s management console or CLI to configure cross-origin resource sharing (CORS) with the Hybrid Manager.
After you have configured the secret and created a dedicated bucket, continue with the Hybrid Manager installation.
Backing up the Fernet key
The Hybrid Manager administrator must keep the Fernet key safe and back it up.
Fetch the key so you can store it safely:
kubectl get secret -n upm-griptape fernet-secret -o yaml
Could this page be better? Report a problem or suggest an addition!