Audit logs support for Managed Kubernetes
Currently DigitalOcean Managed Kubernetes doesn't provide any methods to track down control plane logs for auditing. Audit logs are highly necessary and useful for security-related issues and situations especially on production environments. This should be one of the first priority feature to be added on DOKS to let user keep their services safe and fully trust DOKS as a production-ready platform.
Support for Fixed IP or IP Range for worker nodes
It is usually needed where we have to white list of our worker nodes IP to be white listed by some external source, however there is always limitation in Cluster that it has always dynamic IP and no fixed range which makes it difficult to use for third party connection who needs fixed IP
Adding NAT Gateway for Kubernetes
Add support for static IP for egress traffic in kubernetes networking.
Restrict access to Kubernetes API Server endpoints
For security reasons, it would be nice to restrict access to the managed Kubernetes control plane API, either via Firewall configuration or basic IP Whitelisting like Managed Databases. Similar to the feature in EKS https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html
Implement strict mode for Cilium
Currently Cilium is running in partial mode. Having Cilium replace kube-proxy completely would allow customers to use important features such as socket-based load balancing (which is much more reliable than the current kube-proxy iptables based load balancing) or the use of Cilium Local Redirect Policies, which is required for e.g. NodeLocal DNSCache to seamlessly replace kube-dns.
Support Standard Kubernetes Autoscaler
For lots of reasons people who use DOKS might want to install cluster autoscaler themselves, to tweak its settings, see the logs etc. Currently that is not possible due to https://github.com/kubernetes/autoscaler/issues/3556#issuecomment-796653795 So my idea is basically to put a little more effort on this issue, it would also make Digitalocean more competitive with EKS, GCP, Azure and other cloud providers who already support people installing their own autoscaler
Support provisioning docker containers
Would be great to be able to launch docker containers rather than virtual servers. Provisioning would be very fast allowing almost real time auto scaling
Obtain DO Kubernetes Dashboard url from CLI
Currently the Digital Ocean Kubernetes dashboard can ONLY be accessed via de DO webconsole. A way to obtain this url straight from the CLI (Terraform or doctl) would be very nice.
Read-only container registry tokens
We should be able to generate tokens that have read only access to the container registry and not other parts of Digital Ocean. This would be useful for deploying images to maintain good security and only allow our service to pull images, not access droplets or databases.