Cloud Provisioning Overview
This section applies to public cloud customers who want automated cluster provisioning. If you bring your own Kubernetes cluster, skip this section entirely.
Summary
Keymate provides optional automated infrastructure provisioning for public cloud environments. Using a declarative approach, platform engineers can request a fully configured Kubernetes cluster along with its supporting infrastructure (networking, DNS, storage) by defining a simple resource specification. The provisioning system creates and manages the cloud resources automatically.
This capability is available for customers running on supported public cloud providers. It is not required — customers who bring their own Kubernetes cluster (on-premises, air-gapped, or self-managed cloud) do not use this feature.
Why It Exists
Setting up a production-grade Kubernetes cluster with proper networking, DNS, and storage configuration is complex and error-prone when done manually. Cloud provisioning automation reduces this to a single declarative definition, ensures consistency across environments, and eliminates manual infrastructure setup.
Where It Fits in Keymate
Cloud provisioning sits between the deployment model decision and platform installation. It answers the question: "Where will Keymate run?" If you already have a cluster, proceed directly to platform installation.
Boundaries
This section covers:
- Automated cluster and infrastructure provisioning for public cloud
- Declarative resource definition model
- Supported cloud providers and what gets provisioned
This section does not cover:
- Manual cluster setup (refer to your cloud provider's documentation)
- On-premises or air-gapped infrastructure (see Air-Gapped / On-Prem)
- Platform application installation (see Platform Deployment)
How It Works
Declarative Provisioning
You define what you need (region, cluster size, environment name), and the provisioning system handles the implementation details: creating the cloud resources, configuring networking, setting up DNS, and delivering a ready-to-use Kubernetes cluster.
What Gets Provisioned
When you request a new cluster, the system creates:
| Resource | Purpose |
|---|---|
| Kubernetes cluster | Managed Kubernetes service with the specified node count and sizing |
| Virtual network | Isolated network for the cluster with appropriate subnets |
| DNS configuration | DNS zone and records for the Tenant's domain |
| Public IP | Static IP address for ingress traffic |
| Role assignments | Cloud IAM permissions for the cluster to manage its resources |
Who Should Use This
| Customer profile | Use cloud provisioning? |
|---|---|
| Public cloud customer wanting automated setup | Yes |
| Public cloud customer with existing cluster management | No — bring your own cluster |
| On-premises / air-gapped customer | No — not applicable |
| Managed Kubernetes customer (AKS, EKS, GKE) who wants additional automation | Optional |
Example Scenario
Scenario
A platform team needs to provision a new environment for a Tenant on Azure. They want the cluster and networking to be created automatically.
Input
- Actor: Platform Engineer
- Cloud provider: Azure
- Requirements: New Kubernetes cluster with networking, DNS, and public IP for the
stagingenvironment
Expected Outcome
- The engineer submits a declarative definition specifying region, cluster size, and Tenant name
- The provisioning system creates all required Azure resources
- A ready-to-use Kubernetes cluster is available with configured networking and DNS
- The platform engineer proceeds to Helm-Based Installation or GitOps-Based Installation
Common Misunderstandings
- "Cloud provisioning is required for all deployments." It is entirely optional. Customers who bring their own cluster skip this section.
- "I need to understand the provisioning internals." You interact with the declarative interface (what you want), not the implementation (how it is created).
- "Cloud provisioning locks me into a specific cloud provider." The provisioning layer supports multiple cloud providers. Your Keymate platform installation is the same regardless of where the cluster was provisioned.