Thoughts on Digital Ocean K8S (DOKS) in Production

Here are some of my thoughts on issues with DOKS based on advising companies migrating to AWS EKS:

  1. You can’t have granular permission scoping and access control. As companies scale, they need to be able to control what access they hand out. You also can’t have SSO tied to your Kubernetes cluster auth on DO.
  2. The networking primitives in Digital Ocean ended up being too restrictive. For example, they wanted static egress IPs, which was much harder to do in Digital Ocean than in AWS.
  3. Not DOKS, but migrating data off managed DO Postgres with zero downtime is very difficult, if not impossible. AWS Data Migration Service (DMS) requires that DO Postgres provides logical replication via pg logical, which currently isn’t supported.

Like what you've read?

If you're an engineering leader or developer, you should subscribe to my 80/20 DevOps Newsletter. Give me 1 minute of your day, and I'll teach you essential DevOps skills. I cover topics like Kubernetes, AWS, Infrastructure as Code, and more.

Not sure yet? Check out the archive.

Unsubscribe at any time.