Kamaji runs Kubernetes control planes as pods inside another Kubernetes cluster. Instead of giving every tenant a set of dedicated control-plane VMs, the management cluster runs a Deployment per tenant containing kube-apiserver, kube-controller-manager, and kube-scheduler; the tenant’s etcd is either a shared multi-tenant etcd with per-tenant namespaces or, more commonly, a pooled backing store via Kine against PostgreSQL, MySQL, or NATS. Worker nodes connect to the tenant API server through a Service (and optional Ingress/LoadBalancer) exposed from the management cluster.
This approach is called “Hosted Control Planes” and Kamaji is one of the main open-source implementations of it (alongside HyperShift from Red Hat, which targets OpenShift). The operational win is cost: a dozen tenant control planes can live on a handful of nodes because each one is just a few pods rather than three HA VMs and an etcd cluster. Version upgrades, certificate rotation, and failover are handled by the management cluster’s normal reconcilers.
Kamaji is built by Clastix and integrates with Cluster API (KamajiControlPlane), so it plugs into the existing CAPI provider ecosystem for workload node provisioning across bare metal, vSphere, AWS, and similar. Worth a look if you are running a multi-tenant Kubernetes PaaS and each tenant currently has its own 3-node etcd bill.