PGVector on CloudSQL for GCP

Infrastructure as Code

A practical guide to automating vector search infrastructure with Terraform and Makefiles, streamlining the deployment of PGVector on Cloud SQL and letting you focus on building powerful semantic applications.

🔗 View on GitHub

📋 Why Infrastructure as Code May Help with Vector Search

Manual cloud setup can sometimes be time-consuming and prone to inconsistencies—a missed configuration step might lead to unexpected behavior or security concerns. When building a vector search application, a RAG system, or a semantic recommendation engine for production, having a reliable infrastructure approach alongside your application code could be beneficial.

Many of us have experienced the initial satisfaction of setting up resources through the Google Cloud Console, only to later struggle when trying to recreate that environment or share the exact setup with teammates. Without version control or documentation, reproducing environments consistently can be challenging.

Vector Search Context: Vector search represents a specialized approach to storing and querying high-dimensional vectors efficiently. When working with embeddings for recommendation or RAG applications, having stable and reliable infrastructure can be particularly important.

We've found that combining Terraform for infrastructure definition with Makefiles for operation simplification might help address some common challenges. This approach allows you to define your cloud environment as code and potentially automate deployments.

By turning your vector database stack into code, you get:

mermaid

100%

Comprehensive architecture showing repository structure, workflow, and GCP resources

Consistency

Speed

Version Control

Scalability

Reproducibility

Documentation

Cost Control

Team Experience Varies:

Some teams have reported significant time savings and reduced incidents after adopting Infrastructure as Code approaches, though results vary based on team expertise and specific use cases.

✨ Key Features

Our PGVector on CloudSQL solution provides several key advantages:

Infrastructure as Code

Terraform-based provisioning of Google Cloud SQL PostgreSQL instances with pgvector extension

Simplified Operations

All database operations managed directly through intuitive Makefile commands

Multi-Environment Support

Separate configurations for development, pre-production, and production environments

Quick Setup

Easy-to-follow setup process with comprehensive documentation and examples

🏗️ Terraform Architecture for PostgreSQL Vector Search

Ready to build something cool? Let's get our hands dirty with a complete PostgreSQL setup that has pgvector extensions baked in. No more manual steps or forgotten configurations—just pure, repeatable infrastructure.

The repository is organized using a modular approach with separate environments, making it enterprise-ready from day one:

Repository Structure

.
├── 📄 Makefile                # Main command interface for all operations
├── 📁 terraform-sql/          # Terraform configuration for Cloud SQL
│   ├── 📁 environments/       # Environment-specific configurations
│   │   ├── 📁 dev/            # Development environment
│   │   ├── 📁 preprod/        # Pre-production environment
│   │   └── 📁 prod/           # Production environment
│   └── 📁 modules/            # Reusable Terraform modules
│       ├── 📁 project/        # GCP project configuration
│       ├── 📁 sql/            # Cloud SQL instance configuration
│       └── 📁 vpc/            # Network configuration
└── 📁 how_to_tutorials/       # Example applications and demos
    └── 📁 semantic_demo/      # Semantic search demo for product recommendations

mermaid

100%

Visual overview of the repository structure and modular organization for Terraform-based PGVector deployment

The architecture aims to be straightforward while addressing common infrastructure needs:

🏝️ Dedicated GCP project: created by Terraform providing isolation between projects

🔒 Custom VPC: with private network connectivity for enhanced security

🌐 Cloud SQL PostgreSQL instance: with configurable access options (public access limited to dev environments)

🧩 Vector database configuration: for storing embeddings

🚦 Environment separation: for dev, preprod, and prod following common DevOps practices

📊 What Does the Terraform Setup Do?

The modular configuration in terraform-sql automates the following:

🏗️ Project Module Configuration

Initializes your Google Cloud project: and authenticates Terraform ☁️

Activates essential APIs: Cloud SQL, networking, IAM, Compute, and more 🔌

Creates service accounts: with proper permissions 🔑

🌐 VPC Module Configuration

Creates a secure VPC network: with private subnet ranges 🛡️

Configures firewall rules: for secure communication 🔥

Sets up Private Service Access: for Cloud SQL connections 🌐

🗄️ SQL Module Configuration

Provisions a Cloud SQL PostgreSQL instance: with proper sizing based on environment 📊

Configures it for the pgvector extension: enabling vector similarity search 🧠

Sets up database users: with secure passwords 👤

Configures automated backups: and high availability options 💾

🧪 Environment-Specific Configurations

Separate configurations: for dev, preprod, and prod environments 🧪

Parameterization through variables: for project name, region, database size, and more 🧮

Uses Terraform workspaces: to isolate state between environments 📋

🔗 Outputs and Integration

Provides connection details: and resource IDs for use in your application or CI/CD pipelines 🔗

Outputs important information: like database IP, connection names, and project details 📝

🔐 Security Considerations

The repository implements different security configurations for each environment. Let's look at the networking module which includes thoughtful firewall rules:

Firewall Configuration Example

# Allow PostgreSQL access from authorized sources
resource "google_compute_firewall" "allow_postgres" {
  name    = "${var.name_prefix}-allow-postgres"
  network = google_compute_network.vpc_network.self_link

  allow {
    protocol = "tcp"
    ports    = ["5432"]
  }

  # In development, this might be more permissive
  # In production, this should be limited to specific sources
  source_ranges = var.authorized_networks
  target_tags   = ["cloudsql"]
  description   = "Allow PostgreSQL access from authorized networks"
}

# Allow internal traffic within the VPC
resource "google_compute_firewall" "allow_internal" {
  name    = "${var.name_prefix}-allow-internal"
  network = google_compute_network.vpc_network.self_link

  allow {
    protocol = "all"
  }

  source_ranges = [var.subnet_cidr]
  description   = "Allow all internal traffic within the VPC"
}

🔑 Key Security Features

Environment-specific security settings: dev is more open, prod is locked down

Parameterized authorized networks: for database access, not hard-coded

Private Service Access for Cloud SQL: ensuring database isn't publicly exposed in production

IAM role separation: with principle of least privilege

Separate service accounts: for different components

🚨 Production Checklist:

🎯 Set authorized_networks to specific IP ranges in prod environment
👤 Enable Cloud SQL IAM authentication for user access
🗝️ Store secrets in Secret Manager, not in Terraform variables
📊 Enable audit logging and monitoring
🔐 Implement database encryption at rest and in transit

The repository suggests a progressive security model that allows starting with more permissive settings in development environments while implementing stricter controls in production. We recommend carefully reviewing security settings before deploying to production.

🚦 Simplified Deployment: Using the Makefile

One of the standout features of this project is its streamlined approach using Makefiles. You can deploy and manage your entire vector search infrastructure with simple commands:

⚙️ Setting Up Your Environment

# Copy the example environment file
cp .env.example .env
# Edit with your credentials

# Copy the example variables file
cp terraform-sql/environments/dev/terraform.tfvars.example terraform-sql/environments/dev/terraform.tfvars
# Edit terraform.tfvars with your specific configuration values

🚀 Deploying Infrastructure

1make tf-init ENV=dev # Initialize Terraform for your chosen environment
2make tf-plan ENV=dev # Review what will be created
3make tf-apply ENV=dev # Apply the changes

🗄️ Managing Your Database

1make setup-db ENV=dev # Create database schema with pgvector extension
2make add-sample-data ENV=dev # Add sample product data
3make check-db ENV=dev # Verify database setup
4make run-simple-demo ENV=dev # Run simple demo queries

🔧 Environment Management

1make env # Check current environment settings
2make connect-db ENV=dev # Connect directly to the database
3make tf-destroy ENV=dev # Clean up when done

Tip: This Makefile approach simplifies complex commands, helping team members collaborate more effectively without needing to memorize every technical detail.

🧑‍💻 Post-Deployment: Setting Up pgvector

After your infrastructure is deployed, you need to set up the vector extension. Traditionally this would require multiple manual steps, but our Makefile simplifies this:

make setup-db ENV=dev

This single command connects to your database and runs:

SQL Setup Script

CREATE EXTENSION IF NOT EXISTS vector;

-- Create a database for our application
CREATE DATABASE vector_search;
\c vector_search

-- Create a table for semantic product data
CREATE TABLE products (
    id SERIAL PRIMARY KEY,
    name TEXT NOT NULL,
    description TEXT,
    category TEXT,
    price DECIMAL(10, 2),
    embedding VECTOR(1536) -- For OpenAI embeddings, adjust as needed
);

-- Create an index for fast similarity search
CREATE INDEX ON products USING ivfflat (embedding vector_cosine_ops) WITH (lists = 100);

🔮 Advanced Tip: You can adjust the vector dimension (1536 here is for OpenAI's text-embedding-ada-002) based on your embedding model of choice. All this is handled through the Makefile, so you don't need to remember complex SQL commands.

🤔 Potential Use Cases

This infrastructure can support various vector-based applications:

Use Case	Description	Implementation Benefits
🛒 Product Recommendations	Deliver personalized suggestions using semantic similarity	Higher conversion rates, improved UX
🤖 Retrieval-Augmented Generation (RAG)	Enhance chatbots and LLMs with context-aware retrieval	More accurate responses, reduced hallucinations
🔍 Semantic Search	Go beyond keywords to find relevant documents, products, or answers	Better search relevance, natural language queries
🧹 Content Deduplication	Identify near-duplicate items in large datasets	Data quality improvement, storage optimization
🚨 Anomaly Detection	Spot unusual patterns by comparing vector representations	Early threat detection, quality assurance
🎯 Personalization Engines	Tailor user experiences based on semantic profiles	Increased engagement, user satisfaction

🚀 Success Story: E-commerce Recommendation Engine

Company: A mid-sized e-commerce platform — implemented vector-based product recommendations using similar infrastructure, resulting in a 35% increase in click-through rates and 20% boost in sales conversion.

📅 What made the difference?

Semantic Understanding: Products were matched based on meaning, not just keywords

Real-time Performance: Sub-100ms query responses enabled dynamic recommendations

Scalable Infrastructure: Terraform automation allowed rapid scaling during peak seasons

A/B Testing: Multiple environments enabled safe experimentation

🧬 The Power of Reproducibility

One potential benefit of Infrastructure as Code is improved reproducibility. With the Terraform and Makefile approach, you might find it easier to:

Create similar testing environments more efficiently

Deploy to different regions using the same configuration base

Recover from accidental resource deletions by reapplying your configuration

Onboard new team members by sharing code rather than lengthy setup instructions

🏆 Production-Ready Deployment Tips

Ready to go beyond the demo and into production? Here are some hard-learned lessons to save you some late-night troubleshooting sessions:

Environment Differences

Environment	Access	Network	Resources	Availability	Protection
🧪 dev	Public IP	Open firewall	Lower specs	ZONAL	No deletion protection
🔄 preprod	Private IP only	VPC network	Medium specs	ZONAL	No deletion protection
🏭 prod	Private IP only	Strict VPC	Higher specs	REGIONAL	Deletion protection + backups

Deployment Steps

1. Environment progression (follow the path to production):

• Start with dev environment to test your configuration 🧪
• Validate in preprod with production-like settings 🔍
• Apply strict security rules only in prod 🛡️

2. Secure your database (because security matters):

• Restrict authorized_networks to specific IP ranges 🔒
• Enable Private Service Connect for production deployments 🔐
• Enable Cloud SQL IAM authentication by setting enable_iam_auth = true 👤

3. Optimize for performance (vector search gets hungry):

• Use appropriate instance sizes: db-f1-micro → db-custom-4-15360
• Vector search loves RAM—use the high-memory options 🧠
• Benchmark with real data in preprod before going to production ⏳

4. Manage secrets properly (no passwords in GitHub, please):

• The repository includes .gitignore for .tfvars files 🚫
• Use environment variables for sensitive data in CI/CD pipelines 🔑
• Consider using google_secret_manager_secret resource 🗝️

5. Monitoring saves lives (or at least your weekend):

• Set up Cloud Monitoring alerts before you need them 🚨
• Enable automated backups using the backup_configuration 💾
• Consider read replicas for high-traffic applications 📚

🎉 Conclusion

By automating your vector search infrastructure with Terraform and Makefiles, you might find your workflow becoming more streamlined and reproducible. Rather than clicking through console interfaces and trying to remember all the steps, this approach offers a way to document and version your infrastructure setup.

🎯 Key Project Features

The pgvector_cloudsql_gcp repository implements this approach with features like:

🌍 Environment Separation: Different configurations for dev, preprod, and prod environments

🧩 Modular Design: Reusable modules for various infrastructure components

🛡️ Progressive Security: Security controls that adapt to each environment

⚙️ Operation Helpers: Makefile commands to assist with common tasks

📁 Organized Structure: A folder organization that aims to be logical and maintainable

💡 Interested in trying this approach? Feel free to explore the repo and experiment with the commands—we'd love to hear about your experience and how you adapt it to your specific needs.

📚 Additional Resources

Official PGVector Documentation Cloud SQL Documentation Terraform Documentation View Complete Project Repository

📝 Coming Next: "Vector Database Applications" - Where we'll explore practical implementations like recommendation systems, retrieval-augmented generation (RAG), semantic search, and other real-world use cases.

We'd welcome your feedback, suggestions, or contributions to help improve this project.