Skip to main content
Cartesia provides Terraform configurations that deploy both infrastructure and the application, or you can deploy the Helm chart directly to an existing cluster.
Complete configurations are provided at deployment time by your Cartesia representative.
For Kubernetes deployments, the identity that runs Terraform or Helm must be able to create and update the license proxy’s ClusterRole and ClusterRoleBinding. These resources grant the dedicated license-proxy service account read access to the kube-system namespace and the Cartesia release namespace that is used to identify the deployment.

Terraform Deployment

Terraform creates the cluster, networking, GPU drivers, and deploys Cartesia via Helm. This is the fastest way for you to get started with self-hosting Cartesia.
Download cartesia-kube from the GCS bucket as described in Downloading cartesia-kube.

Configuration

See Managing Artifacts for details on hot reload and adding voices and pronunciation dictionaries to your deployment.

Worker Configuration

Workers are defined in your tfvars file:
All the model workers have the images with prefix cartesia-sonic- followed by the specific model name. For instance, sonic-3 would use cartesia-sonic-rosy-dragon.

Helm-Only Deployment

For existing Kubernetes clusters, deploy the Helm chart directly.

1. Install Prerequisites

If you want autoscaling and metrics, install KEDA and Prometheus first:

2. Create Secrets

3. Configure values.yaml

4. Deploy

Verify

Confirm the deployment is healthy before sending traffic. The commands below assume the default cartesia namespace and release name used in the examples above — substitute if you customized either.

Watch rollout

Worker pods take longer than the API because the model must load into GPU memory. A worker stays Running but not Ready until inferno_worker_capacity > 0.

Pods are Ready

All pods should be Running with every container Ready. Probe behaviors:
  • API pod becomes Ready when GET /status returns 200 on port 5000.
  • Worker pods become Ready when the startup probe is satisfied — it polls /metrics until inferno_worker_capacity reports a value greater than 0. While the model is still loading, the worker shows Running but not Ready.
  • License-proxy and NATS have no chart-defined health probes; they are Ready as soon as the container starts.

Ingress address is assigned

The ADDRESS column should be populated with the load balancer’s hostname or IP. On GKE, also check the ManagedCertificate status — the chart creates the resource, and GCP provisions the certificate asynchronously after DNS validation:
Look for Status: Active. While GCP is still provisioning, HTTPS calls to the ingress will fail certificate validation.

Metrics scrape is working (optional)

If Prometheus is installed in the cluster (most commonly via kube-prometheus-stack), the chart’s PodMonitor (cartesia-monitor) is auto-discovered through the release: prometheus label. Port-forward the Prometheus UI and confirm each component is being scraped:
Then visit http://localhost:9090 and query up{namespace="cartesia"} — every component pod should return 1. Once verified, see Smoke Tests and Benchmarking for functional smoke tests and performance benchmarks.

Ingress and TLS

The chart exposes the Cartesia API externally via a Kubernetes Ingress resource. The chart configures and annotates that Ingress for AWS EKS or GCP GKE. For other Kubernetes flavors (AKS, OpenShift, Rancher, kubeadm), disable the chart’s ingress and create your own. Select your platform below.
The chart configures the Ingress for the AWS Load Balancer Controller (ALB). Key behaviors:
  • TLS termination: TLS terminates at the ALB at minimum TLS 1.2 (ssl-policy: ELBSecurityPolicy-TLS-1-2-2017-01).
  • Backend leg: Traffic between the ALB and the API pod is plaintext HTTP (backend-protocol: HTTP). For end-to-end TLS, contact support@cartesia.ai.
  • Certificate: Pass an explicit ACM ARN via Terraform (certificate_arn) or Helm (ingress.certificateArn). If unset, the chart’s certificate-manager: 'true' annotation tells the AWS Load Balancer Controller to look up a matching ACM cert by hostname.
  • HTTP redirect: HTTP traffic on port 80 is redirected to HTTPS on port 443.
See cartesia/templates/resources/ingress.yaml for the full annotation set the chart applies to the Ingress.

Autoscaling

Cartesia supports two levels of autoscaling for Kubernetes deployments.

Cluster Autoscaler

Scales nodes based on pending pods. Enable in your tfvars:
Node groups/pools will scale within their configured min_size/max_size bounds when pods can’t be scheduled due to insufficient resources.

Pod Autoscaler (KEDA)

Scales worker pods based on load metrics. Enable in your tfvars:
KEDA uses two scaling triggers:
  • Queue depth - Scales when unserviceable requests accumulate
  • Worker load - Scales when GPU utilization exceeds threshold

Per-Worker Scaling

Each worker can have its own scaling configuration:
Or in Helm values.yaml:

Scaling Behavior

  • Scale up: 30 second stabilization window
  • Scale down: 900 second (15 min) stabilization window to avoid flapping
  • Workers scale independently based on their individual load

Go-live Checklist

Final review before opening to production traffic: