Zum Inhalt springen
Produkte
Plattform
Developer Tools
Portal

The shared responsibility model

Zuletzt aktualisiert am

STACKIT Edge Cloud follows the shared responsibility model for cloud services. The following table and diagram will explain the responsibility of the parties involved:

A technical diagram illustrating a Shared Responsibility Model for a system involving STACKIT and a Customer for managing Edge Clusters. The diagram is divided into distinct layers, primarily colored green (STACKIT), blue (Customer), and yellow (best effort), with a key provided at the bottom. Key: Green = STACKIT, Blue = Customer, Yellow = best effort, diamond = EdgeHostLet. The diagram is structured from bottom to top: 1. STACKIT Platform (Green): This is the base layer. 2. STACKIT Edge Cloud (Green): This layer rests on the platform and contains three components: Instance API, Instance Components, and Supporting Services. 3. STEC Instance CRDs (EdgeHost, EdgeImage, EdgeCluster) (Blue): This intermediate layer bridges the STACKIT layers and the Edge Clusters. 4. Edge Clusters (Blue): There are three separate, identical boxes representing Edge Clusters, which are managed by the Customer (blue). Each Edge Cluster contains multiple instances of Talos Linux (yellow), which are designated as "best effort." Each Talos Linux instance also includes a diamond symbol, which represents the EdgeHostLet component. The overall structure indicates that STACKIT provides the underlying Platform and Edge Cloud services, the Customer manages the STEC CRDs and Edge Clusters, and the operating system within the clusters (Talos Linux) is managed on a "best effort" basis, with the EdgeHostLet component present in each OS instance.

The following table summarizes the responsibilities of STACKIT and the customer when using STACKIT Edge Cloud:

ComponentSTACKIT responsibilitiesCustomer responsibilities
STACKIT Edge Cloud
  • Provide and maintain all the components required to use STACKIT Edge Cloud.
  • Provide access to customer facing APIs.
  • Fix security vulnerabilities in a timely manner.
  • Review and install security updates when they are made available.
  • Restrict and protect access to the system.
  • Maintain a good credential hygiene to protect the service from unauthorized access.
STEC instance CRDs
  • Provide and maintain all the components required to use the exposed STACKIT Edge Cloud CRDs.
  • Use the provided CRDs to manage the underlying external components such as EdgeHosts, EdgeClusters and EdgeImages.
  • Take responsibility for correct configuration data being provided to the CRDs and the actions triggered by those configuration changes.
  • Maintain secure settings and change management.
Edge clusters
  • Provide and maintain a operator that interacts with the desired state defined in the EdgeCluster resource by the Customer.
  • Define the desired state of the EdgeCluster resource.
  • Monitor the EdgeCluster resource for events.
  • Take responsibility for setting changes.
Talos Linux
  • Provide download access to the latest supported Talos Linux and associated Kubernetes images.
  • Provide best effort support.
  • Review and install security updates when they are made available.
  • Restrict and protect access to the system.
  • Maintain secure settings and change management.
  • Monitor the system for security notifications, events, alerts and abnormal behavior.
Hardware-
  • Restrict and protect access to the system.
Workloads-
  • Review and install security updates when they are made available.
  • Do not alter and protect STACKIT provided applications against modification.
EdgeHostLet
  • Provide and maintain the EdgeHostLet extension.
  • Do not alter and protect the EdgeHostLet against modification.