Kubernetes

Even though Kubernetes does not support IPv6, pods running with host networking enabled can make use of the IPv6 address. IPv6 should be enabled by default or there can be an option to enable it for a Kubernetes node pool.

Please release a way to make k8s users authenticating through an OpenID Connect Identity provider, it would greatly enhance the maneageability for those organization already using this way of authenticating. I really like DO k8s, but I'm not sure I'm going to use it on a wider scale due to this limitation; as you know for sure, other cloud providers allow it.

The gateway API is the successor of ingress, and development of Ingress has been halted in favor of the Gateway API. Cilium supports it, but it has to be enabled for it to be used.

Add support for static IP for egress traffic in kubernetes networking.

It is usually needed where we have to white list of our worker nodes IP to be white listed by some external source, however there is always limitation in Cluster that it has always dynamic IP and no fixed range which makes it difficult to use for third party connection who needs fixed IP

When using Digital Ocean Droplets as Kubernetes Worker Nodes, there is no possibility of assigning the Reserved IP´s to the Droplets. This is a Digital Ocean Reserved IP´s limitation described in: https://docs.digitalocean.com/products/networking/reserved-ips/details/limits/ When using external systems with whitelists tied to Droplets IP´s, every time they change either for a manual action or during the cluster upgrades (the most common scenario), the access to the external system is lost and a manual update of the whitelist must be done. So, as this a very common scenario in production systems, it will be great to be added.

I just saw the email regarding the built in kubernetes dashboard deprecation. This is incredibly disappointing. I chose to use DO because of the guarantees of simplicity and assistance that your web UI and service provide such as built-in web-based tools that go above and beyond. When I use DO, I trust that your service is just going to work and be easy when I need to go in and make changes, add services, or debug. Dashboards for databases and even k8s are a huge part of that. Setting it up on my own is a pain. With that in mind: it is incredibly sad to see the k8s dashboard go away. For many users, having a convenience (even if rare) of the dashboard already working is a big deal. Especially for people that aren't k8s experts, or find that even getting their own dash installed is a headache. I really wish that DO reconsiders this, and that they understand that having a built-in tool to make k8s easier is exactly the type of thing that differentiates DO from other cloud providers (!). Just because the dashboard is rarely used doesn't mean it isn't immensely valued when needed. Maybe you can do a better job advertising that it exists -- or maybe you can survey people and ask them: "Even if you didn't know it existed, are you happy that the k8s dash exists? If you had a production incident and you were on the run with limited tools at your disposal to debug quickly from your browser, would the k8s dash be helpful?" In my case I've used it rarely. But when I did, it was a godsend. Please don't mistake rare usage from the value it provides WHEN it is needed. Thank you for the consideration- I hope to see you reverse this decision.

For security reasons, it would be nice to restrict access to the managed Kubernetes control plane API, either via Firewall configuration or basic IP Whitelisting like Managed Databases. Similar to the feature in EKS https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html

Currently DigitalOcean Managed Kubernetes doesn't provide any methods to track down control plane logs for auditing. Audit logs are highly necessary and useful for security-related issues and situations especially on production environments. This should be one of the first priority feature to be added on DOKS to let user keep their services safe and fully trust DOKS as a production-ready platform.