Kubernetes Documentation Style | KaaS Single-Tenant

KaaS Single-Tenant Building Block on AKS

Provision a managed Kubernetes cluster with curated control plane add-ons for ingress, container runtime infosec enforcement, metrics, and observability. At present, only Azure provider support is available through AKS, with parameters tailored for performance, manageability, and smoother platform operations.

How to Decide Between Multi-Tenant and Single-Tenant

Choose Single-Tenant when you need hybrid on-prem connectivity or strict isolation. KaaS Multi-Tenant does not currently support hybrid on-prem connectivity.

KaaS Single-Tenant versus Multi-Tenant decision flowchart

Decision flowchart for choosing KaaS deployment model.

KaaS Single-Tenant Reference Architecture

The reference architecture represents containerized workloads deployed on a dedicated Single-Tenant cluster. It provides a standard baseline for infrastructure and DevOps implementation on KaaS.

KaaS Single-Tenant reference architecture

Standard deployment pattern for infrastructure and platform controls.

Architecture Components

  • Azure Kubernetes Service (AKS): Managed Kubernetes where Azure manages the control plane and teams manage worker nodes.
  • Virtual Network: Agent nodes connect into a VNet for subnet control, IP planning, and on-prem connectivity design.
  • Azure AD: Identity foundation used to create/manage Azure resources and support secure client authentication.
  • AAD Managed Pod Identity: Installed by default under the azure-identity namespace for secure cloud resource access.
  • Container Registry: Private storage for Docker images deployed to the cluster.
  • Azure Monitor: Centralized telemetry for logs, platform metrics, and application insights.

KaaS Single-Tenant Adoption Benefits

Platform Simplicity

Application teams focus on workload delivery while KaaS manages Kubernetes platform operations.

Built-in Infosec

Integrated infosec controls help onboard and host compliant applications from day one.

Curated Add-ons

Nginx Ingress, Prometheus, and related add-ons reduce setup effort versus vanilla clusters.

Upgrade Confidence

Teams receive advance notice of deprecations and get an upgrade cadence aligned with Kubernetes evolution.