API Gateway and Inference Runtime placement
After the deployment method is selected, the next major configuration choice is where the API Gateway runs and where the Inference Runtime’s GPU capacity runs. The API Gateway usually runs close to your engineering stack, identity systems, networking controls, and observability tools. The Inference Runtime may run on GPUs colocated in the same cloud environment or on GPU capacity provided by a separate environment such as a NeoCloud, specialized inference provider, or local GPU cluster. This choice drives Helm values for networking, model routes, credentials, timeouts, observability, scaling, and failure handling. The API Gateway owns routing and load balancing; the Inference Runtime owns efficient GPU-backed model execution.Placement option 1: API Gateway and Inference Runtime in the same cloud
In this model, the API Gateway and Inference Runtime run in the same customer cloud environment. Examples (coming soon):- API Gateway on AWS EKS with Inference Runtime GPU nodes on AWS.
- API Gateway on GCP GKE with Inference Runtime GPU nodes on GCP.
- API Gateway on Azure AKS with Inference Runtime GPU nodes on Azure.
- Your cloud already has approved GPU capacity.
- You want simpler private networking.
- You want inference traffic to remain inside one cloud boundary.
- You want standard cloud observability and IAM patterns.
Placement option 2: API Gateway in your cloud, Inference Runtime elsewhere
In this model, the API Gateway runs in your cloud environment and routes model traffic to Inference Runtime GPU capacity hosted elsewhere. Examples (coming soon):- API Gateway on AWS with Inference Runtime capacity on a Baseten.
- API Gateway on GCP with Inference Runtime capacity on Baseten.
- API Gateway on Azure with Inference Runtime capacity on Together AI or another provider.
- API Gateway in customer Kubernetes with Inference Runtime workers in a separate private cluster.
- Your main cloud does not have enough GPU capacity for the Inference Runtime.
- You want to use a specialized GPU provider.
- You want to colocate the API Gateway with the rest of your stack while routing inference to external capacity.
- You want to compare GPU providers without moving the API Gateway.
Placement option 3: API Gateway and Inference Runtime in separate customer-controlled environments
In this model, both the API Gateway and Inference Runtime GPUs are customer-controlled, but they are not colocated. Examples (coming soon):- API Gateway in the corporate cloud, Inference Runtime GPUs in a private research cluster.
- API Gateway in Kubernetes, Inference Runtime workers in an on-prem environment.
- API Gateway in one region, Inference Runtime workers in another region.
Cloud-specific notes
AWS deployments usually need EKS compatibility, ALB or NLB guidance, IAM role requirements, Secrets Manager integration, CloudWatch logging and metrics, GPU node pool configuration, and PrivateLink or VPC peering options for external GPU providers. GCP deployments usually need GKE compatibility, internal load balancer guidance, Workload Identity requirements, Secret Manager integration, Cloud Logging and Cloud Monitoring, GPU node pool configuration, and Private Service Connect or VPC connectivity for external GPU providers. Azure deployments usually need AKS compatibility, internal load balancer guidance, managed identity requirements, Key Vault integration, Azure Monitor and Log Analytics, GPU node pool configuration, and Private Link or VNet peering options for external GPU providers. NeoCloud and external GPU deployments usually need endpoint format, authentication method, network allowlisting, private connectivity options, TLS requirements, health check path, rate limits, concurrency limits, model naming, route mapping, fallback behavior, and cost or capacity assumptions.Secrets and credentials
Secrets are configured during onboarding based on deployment method and customer policy. Common secrets include:- API Gateway admin credentials.
- User and API key management secrets.
- Model provider credentials.
- Database credentials.
- Cache credentials.
- Observability export credentials.
- Registry access tokens.
- TLS certificate references.
Monitoring configuration
Monitoring configuration depends on the customer’s existing observability stack. Common goals include:- API Gateway availability.
- Request rate.
- Latency.
- Error rate.
- Model route health.
- GPU utilization.
- Queue depth.
- Token throughput.
- Cost and capacity signals.
- Agent deployment status in assisted self-managed mode.
Logging configuration
Logging should support operations without exposing customer source code, prompts, completions, secrets, or other sensitive data. We can help configure sending logs to external sources like Datadog. Common log streams include:- API Gateway service logs.
- Router logs.
- Deployment logs.
- Agent logs in assisted self-managed mode.
- Model worker logs.
- Audit logs for admin actions.
- Upgrade and rollback logs.
Upgrade and rollback process
Upgrade flow depends on the deployment method. In traditional self-hosted deployments:- Subconscious publishes a release.
- The customer reviews release evidence.
- The customer pulls or mirrors artifacts.
- The customer applies the Helm upgrade through its own process.
- The customer validates health and rolls back if needed.
- Subconscious publishes a release.
- The customer reviews release evidence and update policy.
- The Distr agent applies the update locally when approved or when automatic updates are enabled.
- The customer and Subconscious monitor deployment health.
- Rollback is coordinated according to the customer’s policy.