The Managed Elements of DigitalOcean Kubernetes

DigitalOcean’s Managed Kubernetes provides users with administrator access to the cluster and full access to the Kubernetes API through kubectl and doctl. There are no restrictions on the API objects users can create as long as the underlying Kubernetes version supports the object(s).

We simplify the Kubernetes experience by managing key services and settings on your behalf that you cannot or should not modify.

Managed Elements of the Worker Nodes

Worker Node Configuration

You can add more workers, and resize or recycle them in the control panel, with the API, or using doctl. Once you’ve added them, we manage their configuration, including the:

  • operating system
  • installed packages
  • file system,
  • local storage
  • Docker daemon configuration

While it is technically possible to access and alter the worker nodes at this time, your changes will be overwritten by the reconciler and will not persist. In the future, you may not be able to change them at all.

Worker Node Firewalls

When you create a cluster, we automatically create a cloud firewall named k8s- concatenated with the cluster name. Its rules open the default Kubernetes service node port range on the worker nodes and currently you cannot close them.

We manage this firewall, which appears in the control panel. While it is possible to alter it manually in the control panel, any changes you make will be overwritten during reconciliation.

The default ports are more than sufficient for most use cases, but if you need to, you can open additional ports. To do so, manually create a new DigitalOcean Cloud Firewall and associate it with the cluster using its specific k8s:<cluster-uuid> tag, where <cluster-uuid> is the cluster’s UUID from doctl or the URL in the control panel.

DigitalOcean Infrastructure Components

You can integrate several DigitalOcean products into your Kubernetes cluster directly from the Kubernetes manifest files, and we will manage their integration with the cluster. This includes:

Block storage volumes

You can add DigitalOcean Block Storage Volumes by creating a csi-pvc PersistentVolumeClaim as part of your deployment. The volume will appear with other volumes in the control panel or via the API, but it should only be managed through the cluster configuration. Any changes you make in the control panel will be overwritten by the DOKS reconciler. This means if you manually delete a block storage volume, for example, it will be recreated the next time without your data and you will still be billed.

Load balancers

You can add a DigitalOcean Load Balancer by adding a LoadBalancer service type to your deployment.

The load balancer will appear with other load balancers in the control panel or via the API, but it should only be managed through the cluster configuration. Any changes you make outside of your Kubernetes configuration will be overwritten by the DOKS reconciler. This means if you manually delete a load balancer, for example, it will be recreated during the next reconciliation process and you will still be billed.

Managed Elements of the Master Nodes

Kubernetes master nodes are fully managed and are included in the price of the worker nodes. You cannot modify:

The default admission controllers are available and detailed in the Kubernetes documentation: