Thoughts on Digital Ocean K8S (DOKS) in Production

digital ocean aws kubernetes

Here are some of my thoughts on issues with DOKS based on advising companies migrating to AWS EKS:

  1. You can’t have granular permission scoping and access control. As companies scale, they need to be able to control what access they hand out. You also can’t have SSO tied to your Kubernetes cluster auth on DO.
  2. The networking primitives in Digital Ocean ended up being too restrictive. For example, they wanted static egress IPs, which was much harder to do in Digital Ocean than in AWS.
  3. Not DOKS, but migrating data off managed DO Postgres with zero downtime is very difficult, if not impossible. AWS Data Migration Service (DMS) requires that DO Postgres provides logical replication via pg logical, which currently isn’t supported.