Adding NAT Gateway for Kubernetes
Add support for static IP for egress traffic in kubernetes networking.
API endpoint for required updates.
Right now you can see in the DO dashboard that there are updates available for k8s. The only thing is that you cannot see if updates that are available are actually required updates. I know that an e-mail will be send 30 day and 7 day prior to the auto upgrade process. The problem with this is that it actually means that somebody needs to check these. Is it possible to create a api endpoint or add this info to the existing api endpoint so that we can poll this kind of info in our monitoring system so we can generate alerts about pending required updates? With kind regards, Gerben Immeker
Read-only container registry tokens
We should be able to generate tokens that have read only access to the container registry and not other parts of Digital Ocean. This would be useful for deploying images to maintain good security and only allow our service to pull images, not access droplets or databases.
Restrict access to Kubernetes API Server endpoints
For security reasons, it would be nice to restrict access to the managed Kubernetes control plane API, either via Firewall configuration or basic IP Whitelisting like Managed Databases. Similar to the feature in EKS https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html
Audit logs support for Managed Kubernetes
Currently DigitalOcean Managed Kubernetes doesn't provide any methods to track down control plane logs for auditing. Audit logs are highly necessary and useful for security-related issues and situations especially on production environments. This should be one of the first priority feature to be added on DOKS to let user keep their services safe and fully trust DOKS as a production-ready platform.
Enable IPv6 on Kubernetes worker node Droplets
Even though Kubernetes does not support IPv6, pods running with host networking enabled can make use of the IPv6 address. IPv6 should be enabled by default or there can be an option to enable it for a Kubernetes node pool.
Add Reserved IP's for Kubernetes Worker Nodes
When using Digital Ocean Droplets as Kubernetes Worker Nodes, there is no possibility of assigning the Reserved IP´s to the Droplets. This is a Digital Ocean Reserved IP´s limitation described in: https://docs.digitalocean.com/products/networking/reserved-ips/details/limits/ When using external systems with whitelists tied to Droplets IP´s, every time they change either for a manual action or during the cluster upgrades (the most common scenario), the access to the external system is lost and a manual update of the whitelist must be done. So, as this a very common scenario in production systems, it will be great to be added.
Container Registry Garbage Collection rules
It would be really useful to have an option to schedule the Garbage Collector run every few days. And also be able to delete the images according to some criteria like: Last pull date Last push date Tag names or regex tag Examples Every day, delete all images that have the tag "green" and have not been pulled in the last 30 days Every Friday delete all images that have not been pulled in the last 45 days, except the tags ["latest", "1.*"]