# Deployment Options KAWA is packaged as a Docker image and can be deployed across all major cloud providers. For POCs, KAWA can run as a single `docker compose` stack; for production, it runs on Kubernetes (EKS / GKE / AKS) with a stateless, horizontally scalable backend. ## 1. AWS | Category | Details | | -------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Installation** | Distributed as a Docker image. POC: single-node `docker compose` on EC2. Production: Kubernetes on **EKS** (Helm chart). Deployable inside the customer's own VPC/account. *Not currently listed on AWS Marketplace.* | | **AI compatibility** | Native integration with **Amazon Bedrock** (bearer-token auth, VPC endpoints, and inference-profile ARNs supported). Additional providers available out of the box: Anthropic, OpenAI, OpenRouter, xAI, Mistral, Groq, Cerebras, Cohere, Together AI, Perplexity. Any OpenAI-compatible endpoint can also be configured via base-URL override. | | **Data warehousing** | Native connectors to **BigQuery**, **Snowflake**, **Starburst**, **StarRocks**, **Trino**, and **ClickHouse**. | | **Database** | Requires an actual PostgreSQL database (not a Postgres-compatible engine). Recommended: **Amazon RDS for PostgreSQL**, or self-managed Postgres on EC2 / EKS. *Aurora PostgreSQL is **not** supported.* | | **Security** | Deployed in customer VPC; secrets managed via **AWS Secrets Manager** / **AWS KMS**. SOC 2 Type II certified. | | **Scalability** | Stateless backend — scales horizontally on EKS. A single instance comfortably handles hundreds of concurrent users. | | **Authentication** | OIDC / OAuth2. Integrates with **AWS IAM Identity Center (SSO)** and any OIDC-compliant IdP (Okta, Auth0, etc.). | | **SaaS enabled** | Yes — KAWA can be offered as a managed SaaS on AWS, or self-hosted in the customer's account. | ## 2. GCP | Category | Details | | -------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Installation** | Docker image. POC: single-node `docker compose` on Compute Engine. Production: Kubernetes on **GKE** (Helm chart). Deployable inside the customer's own GCP project / VPC. *Not currently listed on Google Cloud Marketplace.* | | **AI compatibility** | Native integration with **Google Vertex AI** (including **Claude on Vertex**) and **Google Gemini** (direct API). Additional providers available out of the box: Anthropic, OpenAI, OpenRouter, xAI, Mistral, Groq, Cerebras, Cohere, Together AI, Perplexity. Any OpenAI-compatible endpoint can also be configured via base-URL override. | | **Data warehousing** | Native connectors to **BigQuery**, **Snowflake**, **Starburst**, **StarRocks**, **Trino**, and **ClickHouse**. | | **Database** | Requires an actual PostgreSQL database (not a Postgres-compatible engine). Recommended: **Cloud SQL for PostgreSQL**, or self-managed Postgres on Compute Engine / GKE. *AlloyDB is **not** supported.* | | **Security** | Deployed in customer VPC; secrets managed via **Google Secret Manager** / **Cloud KMS**. SOC 2 Type II certified. | | **Scalability** | Stateless backend — scales horizontally on GKE. A single instance comfortably handles hundreds of concurrent users. | | **Authentication** | OIDC / OAuth2. Integrates with **Google Cloud Identity** and any OIDC-compliant IdP. | | **SaaS enabled** | Yes — KAWA can be offered as a managed SaaS on GCP, or self-hosted in the customer's project. | ## 3. Azure | Category | Details | | -------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Installation** | Docker image. POC: single-node `docker compose` on an Azure VM. Production: Kubernetes on **AKS** (Helm chart). Deployable inside the customer's own Azure subscription / VNet. *Not currently listed on Azure Marketplace.* | | **AI compatibility** | Native integration with **Azure OpenAI Service** `(https://.openai.azure.com/)`. Additional providers available out of the box: Anthropic, OpenAI, OpenRouter, xAI, Mistral, Groq, Cerebras, Cohere, Together AI, Perplexity. Any OpenAI-compatible endpoint can also be configured via base-URL override. | | **Data warehousing** | Native connectors to **BigQuery**, **Snowflake**, **Starburst**, **StarRocks**, **Trino**, and **ClickHouse**. | | **Database** | Requires an actual PostgreSQL database (not a Postgres-compatible engine). Recommended: **Azure Database for PostgreSQL — Flexible Server**, or self-managed Postgres on Azure VM / AKS. *Cosmos DB for PostgreSQL is **not** supported.* | | **Security** | Deployed in customer VNet; secrets managed via **Azure Key Vault**. SOC 2 Type II certified. | | **Scalability** | Stateless backend — scales horizontally on AKS. A single instance comfortably handles hundreds of concurrent users. | | **Authentication** | OIDC / OAuth2. Integrates natively with **Microsoft Entra ID** (formerly Azure AD) and any OIDC-compliant IdP. | | **SaaS enabled** | Yes — KAWA can be offered as a managed SaaS on Azure, or self-hosted in the customer's subscription. | ## 4. On-Premise | Category | Details | | -------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Installation** | Three options: (1) Docker image with single-node `docker compose` for POC, (2) Kubernetes via Helm chart on any CNCF-conformant distribution (OpenShift, Rancher, vanilla k8s), or (3) **non-containerized install** — JAR for the backend + pip-installable Python packages — for environments where containers are not allowed. | | **AI compatibility** | Supports fully self-hosted inference for air-gapped deployments: native integration with **Ollama** and **llama.cpp**, plus **vLLM**, **NVIDIA NIM**, and any other server exposing an OpenAI-compatible endpoint. Outbound managed providers (Anthropic, OpenAI, Bedrock, Vertex, Azure OpenAI, etc.) are also available where customer policy permits. | | **Data warehousing** | Native connectors to **BigQuery,** **Snowflake**, **Starburst**, **StarRocks**, **Trino**, and **ClickHouse**. | | **Database** | Requires an actual PostgreSQL database (not a Postgres-compatible engine). Customer-managed Postgres cluster — bare-metal, VM, or containerized (e.g. CloudNativePG, Crunchy Postgres, Patroni). | | **Security** | Fully air-gap capable. Secrets via **HashiCorp Vault** or Kubernetes secrets. SOC 2 Type II certified. | | **Scalability** | Stateless backend — scales horizontally on Kubernetes. Single instance handles hundreds of concurrent users. | | **Authentication** | OIDC / OAuth2. Integrates with any OIDC/SAML-compliant IdP (Entra ID, Okta, Keycloak, Ping). | | **SaaS enabled** | N/A — on-prem is customer-managed. | --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.kawa.ai/11_00_exploitation/deployment-options.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.