Enabling GenAI Builder on Hybrid Manager v1.3.1
GenAI Builder is EDB's integration of Griptape, a tool that allows you to build AI agents.
To enable the GenAI Builder launchpad application in your Hybrid Manager instance, you must create a secret for the application and configure dedicated object storage.
Creating a secret for GenAI Builder
For EKS installations using the eks-install-secrets.sh script, you can skip key and secret creation and go to Configure DataLake object storage, CORS configuration, and Backing up the Fernet key. Other EKS setups and operating systems require manual secret creation with the Fernet key.
Create a Fernet key and store it in a variable:
FERNET_KEY=$(dd if=/dev/urandom bs=32 count=1 2>/dev/null | base64)
Note
Fernet is a cryptographic library used by Python. It provides symmetric encryption/decryption and is required to store secret data.
Create a namespace for the integration:
kubectl create namespace upm-griptape
Create a secret that references the new Fernet key and is stored in the dedicated namespace:
kubectl apply -f - <<EOF apiVersion: v1 kind: Secret metadata: name: fernet-secret namespace: upm-griptape stringData: FERNET_KEY: ${FERNET_KEY} EOF
Configuring DataLake object storage for GenAI builder
Create a DataLake bucket in the object storage you're using for your Hybrid Manager deployment. GenAI Builder uses it to store structures, tools, and indexed data.
aws s3 mb s3://<your-griptape-datalake-bucket-name> –region <your-region>
gsutil mb -l <your-region> gs://<your-griptape-datalake-bucket-name>
Use your provider’s management console or CLI to create a bucket with a unique name for your Griptape DataLake bucket.
Capture the following information for your bucket. You will need it later when you first use the GenAI launchpad application. The console will prompt you for your DataLake bucket configuration, which requires:
DATA_LAKE_ROOT_BUCKET: The name of the bucket for use with DataLake.DATA_LAKE_S3_ACCESS_KEY: The access_key used to connect to the DataLake bucket.DATA_LAKE_S3_SECRET_ACCESS_KEY: The secret_access_key used to connect to the DataLake bucket.DATA_LAKE_S3_ENDPOINT_UR: The endpoint URL used to connect to the DataLake bucket.
Configuring CORS
Update the bucket's settings to have the following CORS configuration:
[
{
"AllowedHeaders": [
"*"
],
"AllowedMethods": [
"PUT",
"POST",
"DELETE",
"GET",
"HEAD"
],
"AllowedOrigins": [
"https://${PORTAL_DOMAIN_NAME}"
],
"ExposeHeaders": []
}
]Where https://${PORTAL_DOMAIN_NAME} is the domain configured for your Hybrid Manager.
The S3 interoperability layer in GCS allows GenAI Builder to use GCS as an S3-compatible object store.
In the GCS console, under Settings, turn on the s3 interoperability.
Update or create a service account with the Storage Admin and Service Account Token Creator roles.
Create an HMAC key pair for the service account.
Create a config file with a CORS configuration that points at the Hybrid Manager endpoint:
cat cors-config.json [ { "origin": ["https://${PORTAL_DOMAIN_NAME}"], "method": ["GET", "PUT", "POST", "DELETE", "HEAD"], "responseHeader": ["*"], "maxAgeSeconds": 3600 } ]Where
https://${PORTAL_DOMAIN_NAME}is the domain configured for your Hybrid Manager.Apply the CORS configuration to the previously created bucket:
gsutil cors set cors-config.json gs://<bucket name>
Use your provider’s management console or CLI to configure cross-origin resource sharing (CORS) with Hybrid Manager.
After you've configured the secret and created a dedicated bucket, continue with Hybrid Manager installation.
Backing up the Fernet key
The Hybrid Manager administrator must keep the Fernet key safe and back it up.
Fetch the key:
kubectl get secret -n upm-griptape fernet-secret -o yaml
Store the key safely.