Deployment Options
KAWA is packaged as a Docker image and can be deployed across all major cloud providers. For POCs, KAWA can run as a single docker compose stack; for production, it runs on Kubernetes (EKS / GKE / AKS) with a stateless, horizontally scalable backend.
1. AWS
Installation
Distributed as a Docker image. POC: single-node docker compose on EC2. Production: Kubernetes on EKS (Helm chart). Deployable inside the customer's own VPC/account. Not currently listed on AWS Marketplace.
AI compatibility
Native integration with Amazon Bedrock (bearer-token auth, VPC endpoints, and inference-profile ARNs supported). Additional providers available out of the box: Anthropic, OpenAI, OpenRouter, xAI, Mistral, Groq, Cerebras, Cohere, Together AI, Perplexity. Any OpenAI-compatible endpoint can also be configured via base-URL override.
Data warehousing
Native connectors to BigQuery, Snowflake, Starburst, StarRocks, Trino, and ClickHouse.
Database
Requires an actual PostgreSQL database (not a Postgres-compatible engine). Recommended: Amazon RDS for PostgreSQL, or self-managed Postgres on EC2 / EKS. Aurora PostgreSQL is not supported.
Security
Deployed in customer VPC; secrets managed via AWS Secrets Manager / AWS KMS. SOC 2 Type II certified.
Scalability
Stateless backend — scales horizontally on EKS. A single instance comfortably handles hundreds of concurrent users.
Authentication
OIDC / OAuth2. Integrates with AWS IAM Identity Center (SSO) and any OIDC-compliant IdP (Okta, Auth0, etc.).
SaaS enabled
Yes — KAWA can be offered as a managed SaaS on AWS, or self-hosted in the customer's account.
2. GCP
Installation
Docker image. POC: single-node docker compose on Compute Engine. Production: Kubernetes on GKE (Helm chart). Deployable inside the customer's own GCP project / VPC. Not currently listed on Google Cloud Marketplace.
AI compatibility
Native integration with Google Vertex AI (including Claude on Vertex) and Google Gemini (direct API). Additional providers available out of the box: Anthropic, OpenAI, OpenRouter, xAI, Mistral, Groq, Cerebras, Cohere, Together AI, Perplexity. Any OpenAI-compatible endpoint can also be configured via base-URL override.
Data warehousing
Native connectors to BigQuery, Snowflake, Starburst, StarRocks, Trino, and ClickHouse.
Database
Requires an actual PostgreSQL database (not a Postgres-compatible engine). Recommended: Cloud SQL for PostgreSQL, or self-managed Postgres on Compute Engine / GKE. AlloyDB is not supported.
Security
Deployed in customer VPC; secrets managed via Google Secret Manager / Cloud KMS. SOC 2 Type II certified.
Scalability
Stateless backend — scales horizontally on GKE. A single instance comfortably handles hundreds of concurrent users.
Authentication
OIDC / OAuth2. Integrates with Google Cloud Identity and any OIDC-compliant IdP.
SaaS enabled
Yes — KAWA can be offered as a managed SaaS on GCP, or self-hosted in the customer's project.
3. Azure
Installation
Docker image. POC: single-node docker compose on an Azure VM. Production: Kubernetes on AKS (Helm chart). Deployable inside the customer's own Azure subscription / VNet. Not currently listed on Azure Marketplace.
AI compatibility
Native integration with Azure OpenAI Service (https://.openai.azure.com/). Additional providers available out of the box: Anthropic, OpenAI, OpenRouter, xAI, Mistral, Groq, Cerebras, Cohere, Together AI, Perplexity. Any OpenAI-compatible endpoint can also be configured via base-URL override.
Data warehousing
Native connectors to BigQuery, Snowflake, Starburst, StarRocks, Trino, and ClickHouse.
Database
Requires an actual PostgreSQL database (not a Postgres-compatible engine). Recommended: Azure Database for PostgreSQL — Flexible Server, or self-managed Postgres on Azure VM / AKS. Cosmos DB for PostgreSQL is not supported.
Security
Deployed in customer VNet; secrets managed via Azure Key Vault. SOC 2 Type II certified.
Scalability
Stateless backend — scales horizontally on AKS. A single instance comfortably handles hundreds of concurrent users.
Authentication
OIDC / OAuth2. Integrates natively with Microsoft Entra ID (formerly Azure AD) and any OIDC-compliant IdP.
SaaS enabled
Yes — KAWA can be offered as a managed SaaS on Azure, or self-hosted in the customer's subscription.
4. On-Premise
Installation
Three options: (1) Docker image with single-node docker compose for POC, (2) Kubernetes via Helm chart on any CNCF-conformant distribution (OpenShift, Rancher, vanilla k8s), or (3) non-containerized install — JAR for the backend + pip-installable Python packages — for environments where containers are not allowed.
AI compatibility
Supports fully self-hosted inference for air-gapped deployments: native integration with Ollama and llama.cpp, plus vLLM, NVIDIA NIM, and any other server exposing an OpenAI-compatible endpoint. Outbound managed providers (Anthropic, OpenAI, Bedrock, Vertex, Azure OpenAI, etc.) are also available where customer policy permits.
Data warehousing
Native connectors to BigQuery, Snowflake, Starburst, StarRocks, Trino, and ClickHouse.
Database
Requires an actual PostgreSQL database (not a Postgres-compatible engine). Customer-managed Postgres cluster — bare-metal, VM, or containerized (e.g. CloudNativePG, Crunchy Postgres, Patroni).
Security
Fully air-gap capable. Secrets via HashiCorp Vault or Kubernetes secrets. SOC 2 Type II certified.
Scalability
Stateless backend — scales horizontally on Kubernetes. Single instance handles hundreds of concurrent users.
Authentication
OIDC / OAuth2. Integrates with any OIDC/SAML-compliant IdP (Entra ID, Okta, Keycloak, Ping).
SaaS enabled
N/A — on-prem is customer-managed.
Last updated
Was this helpful?