Documentation
Search...
CTRL K
Documentation home
Products
Managed Kubernetes
UKS Shared Responsibility

UKS Shared Responsibility

UpCloud’s Managed Kubernetes Service (UKS) follows a shared responsibility model that clearly delineates which tasks are handled by UpCloud and which are the customer’s responsibility.

While not exhaustive, this guide addresses common questions about what UpCloud manages versus what customers are expected to handle.

In general, UKS manages the control plane, while customers are responsible for the data plane. Upon cluster creation, UKS bootstraps the data plane, but node groups and nodes are provisioned according to customer specifications. UKS does not modify, update, or configure the data plane after creation. As such, customers are responsible for managing, updating, and configuring all visible components within the data plane.

The diagram below illustrates the shared responsibility model.

UKS shared responsibility layers

Important Notes:

  • Privacy Policy: As a policy, UpCloud will never take actions on your deployments or workloads. You retain full control over the deployments in your data plane.

  • Isolation Policy: As a policy, UpCloud will not take actions within your data plane nodes, other than when strictly necessary and explicitly requested by you —Kubernetes version upgrades being one clear example.

  • Responsibility: Customers are responsible for the security, configuration, and ongoing maintenance of their deployments.

  • New data plane nodes are provisioned with the following defaults:

    • CSI: The UpCloud CSI driver for persistent storage support.
    • CNI: Cilium is installed by default. We strongly advice against attempting to modify, reconfigure it or replace it in any way, as this could render the cluster unusable.
    • Konnectivity: A Konnectivity agent is pre-installed to provide communication with the control plane. We strongly advice against attempting to modify or replace this component, as it may impact cluster stability.
    • Kubelet: Comes with default configuration values, including sensible eviction thresholds. You can override these settings by providing custom arguments when creating a node group using the kubelet_args input parameter.
    • CoreDNS: The cluster includes a pre-configured CoreDNS deployment for internal service discovery. While you may customize its configuration, this is an advanced feature and changes should be made carefully to avoid breaking name resolution within the cluster.

Can't find what you're looking for?

For more help you can contact our awesome 24/7 support team"

Contact Support

  • Search documentation
to select
to navigate
ESC to close