Transforming Enterprise AKS: Multi-Tenancy at Scale with Agentic AI and Semantic Kernel
In this post, I’ll show how you can deploy an AI Agent on Azure Kubernetes Service (AKS) using a multi-tenant approach that maximizes both security and cost efficiency. By isolating each tenant’s agent instance within the cluster and ensuring that every agent has access only to its designated Azure Blob Storage container, cross-tenant data leakage risks are eliminated. This model allows you to allocate compute and storage resources per tenant, optimizing usage and spending while maintaining strong data segregation and operational flexibility—key requirements for scalable, enterprise-grade AI applications.End-to-end TLS with AKS, Azure Front Door, Azure Private Link Service, and NGINX Ingress Controller
This article shows how Azure Front Door Premium can be set to use a Private Link Service to expose an AKS-hosted workload via NGINX Ingress Controller configured to use a private IP address on the internal load balancer.
Multi Hub and Spoke Topology using Azure Firewalls
The fundamental model for Network Connectivity in Azure is Hub and Spoke. As compared to Azure Virtual WAN, the end user has more granular control of the routing and the ability to deploy shared resources on the Hub to be consumed by the Virtual Network (VNet) peers attached to it (Spokes). However, the existing official documentation to attain a Multi Hub and Spoke topology refers to models that include dynamic routing in the Hub using Azure Route Server and Network Virtual Appliances (NVA) which requires a level of complexity as a Network Administrator including the use of protocols like Border Gateway Protocol (BGP) and Virtual extensible Local Area Network (VxLAN). The official documentation has left out a simpler way to attain this Inter Hub connectivity with static routes. This article describes a simple Inter Hub and Spoke topology and walks through it’s implementation.
