Add support for static IP for egress traffic in kubernetes networking.

Right now you can see in the DO dashboard that there are updates available for k8s. The only thing is that you cannot see if updates that are available are actually required updates. I know that an e-mail will be send 30 day and 7 day prior to the auto upgrade process. The problem with this is that it actually means that somebody needs to check these. Is it possible to create a api endpoint or add this info to the existing api endpoint so that we can poll this kind of info in our monitoring system so we can generate alerts about pending required updates? With kind regards, Gerben Immeker

We should be able to generate tokens that have read only access to the container registry and not other parts of Digital Ocean. This would be useful for deploying images to maintain good security and only allow our service to pull images, not access droplets or databases.

For security reasons, it would be nice to restrict access to the managed Kubernetes control plane API, either via Firewall configuration or basic IP Whitelisting like Managed Databases. Similar to the feature in EKS https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html

Currently DigitalOcean Managed Kubernetes doesn't provide any methods to track down control plane logs for auditing. Audit logs are highly necessary and useful for security-related issues and situations especially on production environments. This should be one of the first priority feature to be added on DOKS to let user keep their services safe and fully trust DOKS as a production-ready platform.

Even though Kubernetes does not support IPv6, pods running with host networking enabled can make use of the IPv6 address. IPv6 should be enabled by default or there can be an option to enable it for a Kubernetes node pool.

When using Digital Ocean Droplets as Kubernetes Worker Nodes, there is no possibility of assigning the Reserved IP´s to the Droplets. This is a Digital Ocean Reserved IP´s limitation described in: https://docs.digitalocean.com/products/networking/reserved-ips/details/limits/ When using external systems with whitelists tied to Droplets IP´s, every time they change either for a manual action or during the cluster upgrades (the most common scenario), the access to the external system is lost and a manual update of the whitelist must be done. So, as this a very common scenario in production systems, it will be great to be added.

It would be really useful to have an option to schedule the Garbage Collector run every few days. And also be able to delete the images according to some criteria like: Last pull date Last push date Tag names or regex tag Examples Every day, delete all images that have the tag "green" and have not been pulled in the last 30 days Every Friday delete all images that have not been pulled in the last 45 days, except the tags ["latest", "1.*"]

Now the control place size is a black box and price is free. In case of any performance issues DO support manually scales k8s plane size. It would be great to be able to pay for more resources.