Our new DOKS routing agent is a managed component for managing static routes on Kubernetes worker nodes.The DOKS routing agent is a direct response to everything we learned from users about its predecessor the static route operator—and provides a few new features on top. Despite this agent being a managed component, it’s included at no additional cost for our users.
Key features of the DOKS routing agent
- Static route management via custom resources: The DOKS routing agent enables users to configure IP routes on their Kubernetes worker nodes using a dedicated Kubernetes CustomResource. This is particularly useful for scenarios such as VPN setups or tunneling your egress traffic through specific gateway nodes.
Example configuration:
apiVersion: networking.doks.digitalocean.com/v1alpha1
kind: Route
metadata:
name: basic
spec:
destinations:
- "1.2.3.4/5" # Configures networks to be routed via the specified gateways
gateways:
- "10.114.0.3" # Gateway IP
2. Support for multiple gateways and ECMP: The routing agent allows the definition of multiple gateways, automatically setting up ECMP routes for load distribution across them.
Example configuration:
apiVersion: networking.doks.digitalocean.com/v1alpha1
kind: Route
metadata:
name: basic
spec:
destinations:
- "1.2.3.4/5"
gateways:
- "10.114.0.3"
- "10.114.0.4"
ECMP helps distribute traffic efficiently but is not a full-fledged load-balancing solution. It selects a gateway based on a hash of attributes such as source/destination IP and port. If a gateway fails, the Linux kernel will stop sending traffic to it. The routing agent periodically pings gateways (every 30 seconds) to detect recovery and reinstate traffic flow. To ensure this works, ICMP traffic must be allowed on the gateways.
3. Overriding default routes: The routing agent allows users to override default routes without disrupting overall cluster connectivity, which has been a much-requested feature.
Example configuration:
apiVersion: networking.doks.digitalocean.com/v1alpha1
kind: Route
metadata:
name: basic
spec:
destinations:
- "0.0.0.0/0" # Default route
gateways:
- "10.114.0.3"
- "10.114.0.4"
To prevent disruptions with Kubernetes components, the routing agent ensures that essential control plane endpoints, metadata services, and DNS servers maintain direct connectivity through the worker node Droplet’s default gateway.
4. Node selection for routes: Routes can be applied to specific nodes using Kubernetes label selectors, enabling precise control over network configurations.
Example configuration:
apiVersion: networking.doks.digitalocean.com/v1alpha1
kind: Route
metadata:
name: basic
spec:
destinations:
- "1.2.3.4/5"
gateways:
- "10.114.0.3"
nodeSelector:
nodeSelectorTerms:
- matchExpressions:
- key: doks.digitalocean.com/node-pool
operator: In
values: ["worker-pool"]
Enabling the DOKS routing agent
The routing agent can be enabled and disabled via doctl and the public DigitalOcean API (todo: link).
Example commands:
doctl kubernetes cluster create --enable-routing-agent …
doctl kubernetes cluster update --enable-routing-agent …
API users will see a consistent field structure:
{
“routing_agent”: { “enabled”: true }
}
Usage for static egress IP
With the DOKS routing agent and a self-managed VPC gateway Droplet, users can configure static egress IPs—helping to ensure outbound traffic from their Kubernetes workloads always originates from a predictable IP address. This is useful for scenarios like allow-listing IPs for external services or maintaining a consistent source IP for compliance purposes.
Looking ahead, we’re also working on a fully managed NAT gateway, which will provide a simpler way to achieve static egress IPs. This feature is on our roadmap and will be available to customers later this year.
Make static route management simpler than ever
The DOKS routing agent streamlines static route management in Kubernetes, offering custom routes, multiple gateways with ECMP for load distribution, and the ability to override default routes. It provides a managed, reliable solution for DigitalOcean Kubernetes customers with custom routing needs.
With the DOKS routing agent, you can:
-
Define static routes using Kubernetes Custom Resources
-
Distribute traffic using multiple gateways with ECMP
-
Override default routes without disrupting cluster connectivity
-
Apply routes to specific nodes using label selectors
This is particularly useful for VPN setups, custom egress routing, and self-managed VPC gateways.