In order to improve security, DigitalOcean no longer accepts TLS 1.0 and TLS 1.1 connections. This includes connections to
To use UDP for DOKS load balancers, clusters must use Kubernetes version
1.22.8-do.1, or higher.
Managed Let’s Encrypt certificates will begin using Elliptic Curve Digital Signature Algorithm (ECDSA) instead of RSA. ECDSA is equally secure and more computationally efficient than RSA. ECDSA certificates follow the shorter root chain and aren’t rooted using the DST Root CA X3 cross-sign which expired on 30 September 2021.
As we roll out this change, new Let’s Encrypt certificates provisioned for DigitalOcean Load Balancers and Spaces will increasingly use ECDSA and existing certificiates secured with RSA will be secured with ECDSA upon auto-renewal. This change doesn’t require any action from DigitalOcean customers.
You can now resize load balancers once per minute, instead of once per hour. The cost is prorated based on how long the load balancer operates at each size, with a minimum charge of $0.01.
You can now scale load balancers with more granularity by adding or removing nodes. The number of nodes a load balancer contains determines how many simultaneous connections and requests per second it can manage.
Each additional node increases the load balancer’s maximum:
You can add up to 100 nodes to a load balancer.
The scaling feature is not available in the following regions at this time: AMS2, NYC2, SFO1. In these regions, you can only create load balancers with one node, which equates to a small size load balancer under the legacy scaling system.
The load balancer’s cost per month is based on the number of nodes it contains.
We have deprecated TLS DHE ciphers for all load balancers.
Released v1.65.0 of doctl, the official DigitalOcean CLI. This release includes a number of new features:
--haflag was added to the
kubernetes cluster createsub-command to optionally create a cluster configured with a highly-available control plane. This feature is in early availability
kubernetes clustersub-commands now include a “Support Features” field when displaying version options
--disable-lets-encrypt-dns-recordsflag was added to the
compute load-balancer createsub-command to optionally disable automatic DNS record creation for Let’s Encrypt certificates that are added to the load balancer
You can now resize load balancers to better match their performance to their workload.
Fixed a bug with DigitalOcean Load Balancers that prevented outbound data transfer from Droplets from being added to bandwidth usage totals. Any inconsistencies will be updated on the April invoice.
Load balancer health checks now support the HTTPS protocol. You can now configure load balancers to verify the health of your Droplets’ HTTPS endpoints.
The SFO3 datacenter region is now available.
v1.18.0 of the DigitalOcean Terraform Provider is now available. This release includes support for the backend keepalive option for the load balancer resource and data source.
Load balancers now allow you to set a keepalive option for target Droplets.
The DigitalOcean Virtual Private Cloud (VPC) service is now available for all customers. VPC replaces the private networking service. Existing private networks will continue to function as normal but with the enhanced security and features of the VPC service. See the description of VPC features for more information.
We began the incremental release of the DigitalOcean Virtual Private Cloud (VPC) service. It will be available for all customers soon. VPC replaces the private networking service.
DigitalOcean Load Balancers no longer support downgrading TLS connections to TLS 1.1.
DigitalOcean Load Balancers no longer support downgrading TLS connections to TLS 1.0. We will stop supporting TLS 1.1 later this year.
DigitalOcean Load Balancers now support PROXY protocol version 1.
Pricing for load balancers has decreased from $20/month to $10/month.
Load Balancers v1.5 is released to general availability in all regions, including backend upgrades, Let’s Encrypt Integration, and HTTP/2 Support.