Kubernetes Overview

Kubernetes is currently in limited availability. Learn more.

Plans and Pricing

Kubernetes clusters are priced by the number and capacity of the worker nodes. There is no additional charge for Kubernetes masters, which are fully managed by DigitalOcean. Worker nodes are built on Droplets, and the available resource configurations and pricing of worker nodes are identical to Droplets. Unlike Droplets, worker nodes are managed with the Kubernetes command-line client kubectl and are not accessible with SSH.

During Limited Availaiblity, the minimum available node size, as well as other available plans, are subject to change.

As of 7 December 2018, the minimum node size for new Kubernetes clusters was changed to the 2 GB memory / 1 vCPU plan, which costs $10/month. Users can keep existing nodes that are smaller than the new minimum but will be unable to create new nodes of that size.

Regional Availability

Kubernetes clusters are available in all DigitalOcean regions, but may be restricted during limited availability.

Features

DigitalOcean Kubernetes allows you to deploy scalable and secure Kubernetes clusters. Development teams can create a cluster with the simplicity of DigitalOcean and retain full access to the cluster with existing toolchains.

We offer the latest version of Kubernetes as well as earlier patch levels of the latest minor version for special use cases.

Clusters are part of a VPC which operates like private networking, meaning network communication is private within the cluster.

Cluster networking is preconfigured with Flannel.

Worker Nodes and Node Pools

Both Standard and CPU Optimized Droplet plans are available for worker nodes. All of the worker nodes within a node pool have identical resources. You can add and remove worker nodes from node pools at any time, and you can also create additional node pools at any time.

Worker nodes are automatically deleted and respawned when needed. In addition, you can manually recycle a worker node from a cluster’s Manage tab.

Each node pool can have a different worker configuration. This allows you to have different services on different node pools, where each pool has the RAM, CPU, and attached storage resources the service requires.

Kubernetes role-based access control (RBAC) is enabled by default. See Using RBAC Authorization for details.

Tags

Clusters are automatically tagged with k8s and the specific cluster ID, like k8s:EXAMPLEc-3515-4a0c-91a3-2452eEXAMPLE. In addition, worker nodes are tagged with k8s:worker . You can also add your own tags to the cluster and worker nodes in the Tags field.

Although you can currently tag individual workers from the Droplets page in the control panel, tagging individual worker nodes will not be supported in the future.

Persistent Data

You can persist data to Digitalocean block storage volumes with the DigitalOcean CSI plugin.

You can also persist data to DigitalOcean object storage by using the Spaces API to interact with Spaces from within your application.

Load Balancing

The DigitalOcean Kubernetes Cloud Controller supports provisioning DigitalOcean Load Balancers.

Limits

  • DigitalOcean manages the master nodes; they are not accessible to cluster administrators and will not appear in your Droplet list.

  • You can add and remove worker nodes from node pools, but you cannot change the amount of RAM, CPU, and attached storage.

  • Clusters are limited to a single datacenter region and cannot span regions.

  • The IP address for a cluster may change. Use the DNS entry in the cluster config file to set up load balancers and otherwise interact with a cluster.

  • Overlay networking is preconfigured with Flannel and cannot be changed. Flannel does not support network policies.

Known Issues

  • You cannot tag load balancers or block storage volumes.

  • DigitalOcean Kubernetes does not yet support auto-scaling.

  • The DigitalOcean Control Panel displays worker nodes (on the Droplet page), load balancers (on the load balancer page), and block storage volumes (on the block storage page), but you can perform actions from those pages that will render those resources unusable to the cluster. Instead, manage cluster resources with kubectl or from the Kubernetes page.

  • The certificate authority, client certificate, and client key data in the kubeconfig.yaml file are rotated weekly. If you run into errors like the server doesn't have a resource type "<resource>", Unauthorized, or Unknown resource type: nodes, try downloading a new cluster configuration file. The certificates will be valid for one week from the time of the download.

  • Let’s Encrypt certificates are not supported by default; you must generate a certificate yourself.

  • Cluster log files are not yet rotated or trimmed.