Hi.

While this is a very well detailed and useful reference architecture for a secure AKS cluster, I would like more information regarding multi-tenancy with AKS.
I understand that it has not been the goal for this reference architecture, however information as to how one could approach the multi-tenancy aspect of AKS, would be very beneficial and give great insight into the capabilities of multi-tenancy with AKS.
For instance; by introducing multi-tenancy, which consequences follows for the overall ingress design?

Will information concerning to multi-tenancy, using AKS, be added to this or another reference architecture in the future?

Thanks for this request, @Agger1995. As you identified, it's not in scope for this specific body of work, but you're totally right to call out that a multi-tenant cluster adds a new, complex, layer of considerations. I know this link is going to look a little deep/lost in the weeds, but I'd recommend you checking out the work done by another team @ https://github.com/Azure/ato-toolkit/tree/master/software%20factory/installer-connected/ring-0/aks -- The content isn't very well organized for consumption in there, but that team has put together a working model, in conjunction with some large customers, for concerns around multi-tenancy. It's labeled "alpha" but in reality it's just a (mostly formed) opinion around this topic, much like this repo is a (mostly formed) opinion around the infrastructure of a cluster.

If we get prioritized to tell a multi-tenancy story in AKS, it will likely draw from this linked body of work. As such, that's the best I can offer you right now as far as implementation guidance goes. If you are working with a Cloud Solution Architect or Global Black Belt at your organization, they might be able to come up with some additional resources within their groups as well to help out.

Going to CC three folks to capture this customer request signal: @georgewallace, @jamcneil, & @JasRobe (C12)

@georgewallace, @jamcneil, and @JasRobe -- has this been captured as a content request signal for C&L? If so, let me know so that I can close the issue.

Confirmed that this has been captured in our internal backlog by @JasRobe. This wouldn't be the repo that holds that guidance, and there isn't a repo right now that exists that would. So for now I'll be closing the issue. Thanks @Agger1995 for the signal on this.