DigitalOcean Kubernetes (DOKS) is a managed Kubernetes service that lets you deploy Kubernetes clusters without the complexities of handling the control plane and containerized infrastructure. Clusters are compatible with standard Kubernetes toolchains and integrate natively with DigitalOcean Load Balancers and block storage volumes.
DigitalOcean's Managed Kubernetes provides users with administrator access to the cluster and full access to the Kubernetes API through
doctl. There are no restrictions on the API objects users can create as long as the underlying Kubernetes version supports the object(s).
We simplify the Kubernetes experience by managing key services and settings on your behalf that you cannot or should not modify.
You can add more workers and recycle them in the control panel by using the API
doctl. Once you've added them, we manage their configuration, including
While it is technically possible to access and alter the worker nodes at this time, your changes will be overwritten by the reconciler and will not persist. In the future, you may not be able to change them at all.
DigitalOcean will apply the following labels to nodes, and their presence is enforced by the reconciler:
doks.digitalocean.com/node-pool doks.digitalocean.com/node-id doks.digitalocean.com/node-pool-id doks.digitalocean.com/version
When you create a cluster, we automatically create a cloud firewall named
k8s- concatenated with the cluster name. Its rules open the default Kubernetes service node port range on the worker nodes. Currently, you cannot close them.
We manage this firewall, which appears in the control panel. While it is possible to alter it manually in the control panel, any changes you make will be overwritten during reconciliation.
The default ports are more than sufficient for most use cases, but if you need to, you can open additional ports. To do so, manually create a new DigitalOcean Cloud Firewall and associate it with the cluster using its specific
k8s:<cluster-uuid> tag, where
<cluster-uuid> is the cluster's UUID from
doctl or the URL in the control panel.
Some DigitalOcean products integrate natively with Kubernetes clusters directly from the Kubernetes manifest files, and we manage their integration with the cluster:
You can add DigitalOcean block storage volumes by creating a PersistentVolumeClaim as part of your deployment.
You can add a DigitalOcean Load Balancer by adding a
LoadBalancer service type to your deployment.
You should not manage these DigitalOcean resources through the control panel or API because any changes you make to Kubernetes clusters outside the cluster's configuration will be overwritten by the DOKS reconciler. For example, if you manually delete a block storage volume or load balancer in a Kubernetes cluster from the control panel, it will be recreated during the next reconciliation process and you will still be billed.
Kubernetes master nodes are fully managed and are included in the price of the worker nodes. You cannot modify:
The default admission controllers are available and detailed in the Kubernetes documentation: