Care with DigitalOcean's Kubernetes offering. Unless they have completely revamped their entire stack since their initial release, it's a security nightmare. The way they launched it was unacceptable for any company to use. I immediately migrated my projects away and closed my account upon understanding how abysmally they screwed up the security of that offering. The fact they were willing to launch that means they cannot be trusted to host anything.

Not only are your cluster's administration ports exposed on public addresses with no ability to firewall them, but each node pulls an Admin-level auth token to manage the DigitalOcean account behind the scenes. A single http request made to an internal IP, from within any Docker container running within the cluster, grants the attacker full read/write access and control to the underlying DigitalOcean account. This includes any developer who does so from code deployed into the cluster, giving the developer full access to the business's DigitalOcean account.

Are you referring to this? https://www.4armed.com/blog/hacking-digitalocean-kubernetes/

I'm curious as to whether that has been fixed and a proper security evaluation done. I've been avoiding k8s on DO for a while because of that (perfectly comfortable with their other services) but it would be good to get an update.

Yeah, that's the one. I'd done my own analysis before that came out and figured it was an unacceptable risk, and then that article came out with the actual attack vector in all its glory. The simple fact the k8s/etcd ports are exposed on a public address with no ability to firewall it off is bad enough, as you're relying on the security of the software running on those ports rather than a firewall restricting which source address(es) can even connect to begin with.

The credentials (certificates) being exposed via http://169.254.169.254/metadata/v1/user-data – from within any pod/container, not just from a physical node – was the final straw. I'd forgotten that the DO token wasn't directly listed there, but can be extracted from the etcd instance where it is stored (explained under "DigitalOcean Account Takeover" of that article).

Again, all of this may have been (and hopefully has been) mitigated since the original release. For me, it's too late to reevaluate; the fact that was considered releasable in the first place destroyed any credibility in my eyes.

Another happy DO user here. I wanted a k8s cluster for my smaller project when they just started the beta.

Very happy with it, also the resources available helped a lot in actually understanding k8s. On GCP the line between what gcloud and what k8s was a bit blurry for someone new like me, and doing just k8s on DO helped me really 'getting it'.

I am using this as well for two smaller projects, it has been amazing. I tied it with Gitlab autodevops in about 30 minutes, most of which was dealing with migrating to DO managed Postgres.