Genai-factory is a collection of end-to-end blueprints to deploy generative AI infrastructures in GCP, following security best-practices.
- Embraces IaC best practices. Infrastructure is implemented in Terraform, leveraging Terraform resources and Cloud Foundations Fabric modules.
- Follows the least-privilege principle: no default service accounts, primitive roles, minimal permissions.
- Compatible with Cloud Foundation Fabric FAST project-factory and application templates.
Works with Cloud Foundation Fabric from v47.0.0. Compatibility with master is not guaranteed.
- Single Cloud Run - A secure Cloud Run deployment to interact with Gemini and optionally deploy ADK agents.
- RAG with Cloud Run and CloudSQL - A "Retrieval-Augmented Generation" (RAG) system leveraging Cloud Run, Cloud SQL and BigQuery.
- RAG with Cloud Run and AlloyDB - A "Retrieval-Augmented Generation" (RAG) system leveraging Cloud Run, AlloyDB and BigQuery.
- RAG with Cloud Run and Vector Search - A "Retrieval-Augmented Generation" (RAG) system leveraging Cloud Run and Vector Search.
- AI Application search (Vector AI Search) - An AI-based search engine, configured to search content from a connected data store, indexing web pages from public websites.
- AI Application conversational agent (Dialogflow CX) - A chat engine (Dialogflow CX) backed by two data stores, reading csv and json data from a GCS bucket.
These sample infrastructure deployments and applications can be used to be further extended and to ship your own application code.
The quickstart assumes you have permissions to create and manage projects and link to the billing account.
# Enter your preferred factory, for example cloud-run-single
cd cloud-run-single
# Create the project, service accounts, and grant permissions.
cd 0-projects
cp terraform.tfvars.sample terraform.tfvars # Replace prefix, billing account and parent.
terraform init
terraform apply
cd ..
# Deploy the platform services.
cd 1-apps
cp terraform.tfvars.sample terraform.tfvars # Customize.
terraform init
terraform apply
# Deploy the application and follow the commands in the output.Each factory contains two stages:
It creates projects and service accounts, enables APIs, and grants IAM roles using Fabric FAST project application templates.
Running this stage is optional. If you can create projects, use it. Alternatively, give the yaml project template to your platform team. They can use it with their FAST project factory or easily derive the requirements and implement them with their own mechanism.
The stage also creates components in the same project to allow the 1-apps stage to run. This includes Terraform service accounts, roles, and a state bucket. Finally, the stage writes providers.tf and terraform.auto.tfvars files in the 1-apps folder.
It deploys the core platform resources within the project and the AI application on top.
If you created the project outside genai-factory (instead of using 0-projects), make sure to provide the 1-apps stage with the APIs, service accounts and roles it requires. Projects and service account details are passed to 1-apps via a terraform.auto.tfvars file, automatically created when 0-projects runs.
By default, 1-apps stages create VPCs and other networking components if these are needed by the factory infrastructure and applications. These include VPCs, subnets, routes, DNS zones, Private Google Access (PGA), and more.
You also have the option to leverage existing VPCs. In this case, it will be your responsibility to create everything needed by the application to work.
To do so, make sure your terraform.tfvars in 1-apps contains this configuration:
networking_config = {
create = false
vpc_id = "your-vpc-id"
subnet = {
name = "your-subnet-id"
}
}Thanks to the Cloud Foundation Fabric community for ideas, input, and useful tools.
Contributions are welcome! You can follow the guidelines in the Contributing section.
![@github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=64&v=4){kind=small}
