how to deploy a production‑ready kubernetes cluster on digitalocean cloud – a step‑by‑step guide for engineers

@pilput

8 months ago0views

introduction

this step‑by‑step guide shows beginners and aspiring engineers how to deploy a production‑ready kubernetes cluster on digitalocean cloud. by the end of the tutorial you will have a fully functional cluster ready for devops workflows, full‑stack applications, and even seo‑friendly deployments.

prerequisites

a digitalocean account (you can start with the free $100 credit).
basic knowledge of coding and containerization (docker).
installed tools:
- doctl (digitalocean cli)
- kubectl
- docker (optional, for building images)
- git (for source control)
access to a terminal (macos, linux, or windows subsystem for linux).

step 1: create a digitalocean api token

log in to the digitalocean dashboard, navigate to api & apps → tokens/keys, and generate a new token with read‑and‑write permissions. keep this token handy; you’ll need it for doctl.

step 2: install and configure `doctl`

# install doctl (macos/homebrew example)
brew install doctl

# authenticate doctl with your api token
doctl auth init --access-token your_digitalocean_token

run doctl account get to verify the connection.

step 3: create a kubernetes cluster

3.1 choose region and node size

for production we recommend a region close to your users (e.g., nyc3) and at least 2‑3 nodes of the s-2vcpu-4gb size.

3.2 run the creation command

# create a cluster named “prod‑k8s”
doctl kubernetes cluster create prod-k8s \
  --region nyc3 \
  --version latest \
  --size s-2vcpu-4gb \
  --count 3 \
  --tags production,devops

digitalocean will provision the resources in a few minutes. you can monitor progress with:

doctl kubernetes cluster get prod-k8s --output yaml

step 4: configure `kubectl` to use the new cluster

# fetch the cluster’s kubeconfig
doctl kubernetes cluster kubeconfig save prod-k8s

# verify connectivity
kubectl get nodes

you should see the three nodes listed as ready. this confirms that kubectl can communicate with your cluster.

step 5: harden the cluster – rbac & network policies

enable rbac (digitalocean clusters have it enabled by default).
create a dedicated namespace for your applications:
```
kubectl create namespace my‑app
```

define a networkpolicy to restrict traffic between pods:

apiversion: networking.k8s.io/v1
kind: networkpolicy
metadata:
  name: deny-all
  namespace: my-app
spec:
  podselector: {}
  policytypes:
  - ingress
  - egress

step 6: deploy a sample full‑stack application

6.1 create a docker image

assume you have a simple node.js api and a react front‑end. build and push the images to digitalocean container registry (or docker hub).

# log in to the registry
doctl registry login

# tag and push the api image
docker build -t registry.digitalocean.com/my‑registry/api:latest ./api
docker push registry.digitalocean.com/my‑registry/api:latest

# tag and push the front‑end image
docker build -t registry.digitalocean.com/my‑registry/web:latest ./web
docker push registry.digitalocean.com/my‑registry/web:latest

6.2 deploy with a manifest

apiversion: apps/v1
kind: deployment
metadata:
  name: api-deployment
  namespace: my-app
spec:
  replicas: 3
  selector:
    matchlabels:
      app: api
  template:
    metadata:
      labels:
        app: api
    spec:
      containers:
      - name: api
        image: registry.digitalocean.com/my-registry/api:latest
        ports:
        - containerport: 3000
---
apiversion: v1
kind: service
metadata:
  name: api-service
  namespace: my-app
spec:
  type: loadbalancer
  selector:
    app: api
  ports:
  - protocol: tcp
    port: 80
    targetport: 3000

apply the manifest:

kubectl apply -f fullstack.yaml

step 7: set up a ci/cd pipeline (optional but recommended)

integrate the deployment with github actions to automate devops workflows. below is a minimal workflow file.

name: deploy to do kubernetes

on:
  push:
    branches: [ main ]

jobs:
  build-and-deploy:
    runs-on: ubuntu-latest

    steps:
    - uses: actions/checkout@v3
    - name: set up docker buildx
      uses: docker/setup-buildx-action@v2
    - name: log in to digitalocean container registry
      run: echo "${{ secrets.docr_token }}" | docker login registry.digitalocean.com -u ${{ secrets.docr_user }} --password-stdin
    - name: build & push api
      run: |
        docker build -t registry.digitalocean.com/my-registry/api:${{ github.sha }} ./api
        docker push registry.digitalocean.com/my-registry/api:${{ github.sha }}
    - name: deploy to kubernetes
      env:
        kubeconfig: ${{ secrets.kubeconfig }}
      run: |
        kubectl set image deployment/api-deployment api=registry.digitalocean.com/my-registry/api:${{ github.sha }} -n my-app

store docr_token, docr_user, and kubeconfig as encrypted secrets in your repository.

step 8: monitoring, logging, and seo considerations

monitoring: enable digitalocean monitoring & alerts or install prometheus + grafana.
logging: use fluentd or digitalocean log drain to aggregate logs.
seo: serve your front‑end via a loadbalancer service with a proper dns record (e.g., example.com) and enable https using cert‑manager for automatic tls certificates.

best practices for a production‑ready cluster

use multiple node pools to separate workloads (e.g., data plane vs. compute).
enable auto‑scaling to handle traffic spikes.
regularly update kubernetes version and node images.
implement pod disruption budgets to maintain availability during upgrades.
back up etcd snapshots (digitalocean handles this, but verify the backup schedule).
restrict api server access using trusted ip ranges.

conclusion

with these steps you now have a production‑ready kubernetes cluster on digitalocean, ready to host full‑stack applications, support modern devops pipelines, and even boost seo with proper networking and tls. keep iterating on security, monitoring, and scaling, and you’ll have a robust platform that grows with your projects.