Kubernetes Overview

Plans and Pricing

Kubernetes clusters are priced by the number and capacity of the worker nodes. There is no additional charge for Kubernetes masters, which are fully managed by DigitalOcean. Worker nodes are built on Droplets, and the available resource configurations and pricing of worker nodes are identical to Droplets. Unlike Droplets, worker nodes are managed with the Kubernetes command-line client kubectl and are not accessible with SSH.

As of 7 December 2018, the minimum node size for new Kubernetes clusters was changed to the 2 GB memory / 1 vCPU plan, which costs $10/month. Users can keep existing nodes that are smaller than the new minimum but will be unable to create new nodes of that size.

Regional Availability

At least one datacenter in every region supports Kubernetes. Our regional availability matrix has more detail about our datacenter regions and product availability. Kubernetes will not be offered in NYC2, NYC3, AMS2, or SFO1.

Features

DigitalOcean Kubernetes allows you to deploy scalable and secure Kubernetes clusters. Development teams can create a cluster with the simplicity of DigitalOcean and retain full access to the cluster with existing toolchains.

We offer the latest version of Kubernetes as well as earlier patch levels of the latest minor version for special use cases.

Cluster logs are rotated when they reach 10mb in size and the last 2 copies are retained in addition to the current active log.

Clusters are part of a VPC which operates like private networking, meaning network communication is private within the cluster.

Cluster networking is preconfigured with Cilium. Overlay networking is preconfigured with Cilium and supports network policies.

Worker Nodes and Node Pools

Both Standard and CPU Optimized Droplet plans are available for worker nodes. All of the worker nodes within a node pool have identical resources. You can add and remove worker nodes from node pools at any time, and you can also create additional node pools at any time.

Worker nodes are automatically deleted and respawned when needed. In addition, you can manually recycle a worker node from a cluster’s Manage tab.

Each node pool can have a different worker configuration. This allows you to have different services on different node pools, where each pool has the RAM, CPU, and attached storage resources the service requires.

You can name node pools when they are created. The nodes in the node pool will inheret the node pool’s naming scheme. You cannot rename node pools after you create them.

Kubernetes role-based access control (RBAC) is enabled by default. See Using RBAC Authorization for details.

Tags

Clusters are automatically tagged with k8s and the specific cluster ID, like k8s:EXAMPLEc-3515-4a0c-91a3-2452eEXAMPLE. In addition, worker nodes are tagged with k8s:worker . You can add your own tags to the cluster and worker nodes in the Tags field. At creation time, the k8s prefix is reserved for system tags and cannot be used at the beginning of custom tags.

Although you can currently tag individual workers from the Droplets page in the control panel, tagging individual worker nodes will not be supported in the future.

Persistent Data

You can persist data to DigitalOcean Block Storage Volumes with the DigitalOcean CSI plugin. Support to resize volumes has not yet been implemented.

By default, you are limited to 10 block storage volumes per account or team. You can contact our support team to request an increase. You can attach a maximum of 7 volumes to any one node or Droplet, and this limit cannot be changed.

You can also persist data to DigitalOcean object storage by using the Spaces API to interact with Spaces from within your application.

Load Balancing

The DigitalOcean Kubernetes Cloud Controller supports provisioning DigitalOcean Load Balancers.

Limits

  • DigitalOcean manages the master nodes; they are not accessible to cluster administrators and will not appear in your Droplet list.

  • You can add and remove worker nodes from node pools, but you cannot change the amount of RAM, CPU, and attached storage.

  • Clusters are limited to a single datacenter region and cannot span regions.

  • The IP address for a cluster may change. Use the DNS entry in the cluster config file to set up load balancers and otherwise interact with a cluster.

  • The automatically-generated Let’s Encrypt Certificates for DigitalOcean Load Balancers, available from the API and control panel, are not yet supported for Kubernetes.

  • Floating IPs are not supported for DigitalOcean Kubernetes worker nodes.

  • Load balancers and block storage volumes created by your Kubernetes manifests are not deleted when a cluster is deleted. You will continue to be billed for them until you delete them explicitly.

Known Issues

  • You cannot tag load balancers or block storage volumes.

  • DigitalOcean Kubernetes does not yet support auto-scaling.

  • Support for resizing DigitalOcean Block Storage Volumes in Kubernetes has not yet been implemented.

  • The DigitalOcean Control Panel displays worker nodes (on the Droplet page), load balancers (on the load balancer page), and block storage volumes (on the block storage page), but you can perform actions from those pages that will render those resources unusable to the cluster. Instead, manage cluster resources with kubectl or from the Kubernetes page.

  • The certificate authority, client certificate, and client key data in the kubeconfig.yaml file expire every seven days after download. If you use the file displayed in the control panel, you will need to download a new certificate every week. To avoid this, we strongly recommend using doctl.

  • Let’s Encrypt certificates are not supported by default; you must generate a certificate yourself.

  • To enable the DigitalOcean Load Balancers’ new PROXY Protocol feature for an existing cluster the master node must first be recycled. To recycle the master node, please contact support.

  • You cannot assign Kubernetes clusters (or the underlying Droplets in a cluster) to a Project.