Kubernetes

Your cluster-lint tool is good; I appreciate its insights. It flags webhooks with timeouts greater than 29 seconds as blocking upgrades. By itself, this is reasonable. Cert-manager ( https://cert-manager.io/ ) is a popular tool for automating renewal of TLS certificates. It installs two webhooks with timeouts of 30 seconds. By itself, this is reasonable. However, this means an unmodified install of cert-manager will block upgrading a DOKS cluster. As an application developer, with no real opinion on how long webhook timeouts should be, this is frustrating. (I was able to edit my cert-manager template to change the timeouts to 29 seconds, so I am able to proceed with my work.) As you and they are only one second apart, it appears that there is not an actual professional disagreement here. Please coordinate with the cert-manager project in setting standards so everyone's tools interoperate.

The gateway API is the successor of ingress, and development of Ingress has been halted in favor of the Gateway API. Cilium supports it, but it has to be enabled for it to be used.

as The DOKS use a Cilium as the default CNI, currently the cluster does not work with Istio ambient mode due to the Bpf masquerade is enabled by default in the cilium configmap, which prevents kubelet from doing the health check to pods. When the bpf masquerade is disabled(manually change the configmap), all are working as expected. In the offical Istio document, they also said that when the cluster uses Cilium as the CNI, the bpf masquerade need to be disabled, view more details here https://istio.io/latest/docs/ambient/install/platform-prerequisites/#cilium

Currently Cilium is running in partial mode. Having Cilium replace kube-proxy completely would allow customers to use important features such as socket-based load balancing (which is much more reliable than the current kube-proxy iptables based load balancing) or the use of Cilium Local Redirect Policies, which is required for e.g. NodeLocal DNSCache to seamlessly replace kube-dns.

Currently DigitalOcean Managed Kubernetes doesn't provide any methods to track down control plane logs for auditing. Audit logs are highly necessary and useful for security-related issues and situations especially on production environments. This should be one of the first priority feature to be added on DOKS to let user keep their services safe and fully trust DOKS as a production-ready platform.

Add support for static IP for egress traffic in kubernetes networking.

Just now you have integrated Let's Encrypt with Loadbalancers, but not for ingress which is strange. I have many Loadbalancers with certificate managed by DO, but now I want to create a ingress and I need to install certmanager which doesn't make sense.

Add the ability to attach node pools from different regions (like SF, NYC, SGP) to a single Kubernetes cluster. This would help users distribute workloads globally while maintaining single-cluster management, perfect for serving worldwide customers and improving application performance across regions.

Please release a way to make k8s users authenticating through an OpenID Connect Identity provider, it would greatly enhance the maneageability for those organization already using this way of authenticating. I really like DO k8s, but I'm not sure I'm going to use it on a wider scale due to this limitation; as you know for sure, other cloud providers allow it.