Gardener Logo
Deliver fully-managed clusters at scale everywhere with your own Kubernetes-as-a-Service
  • Gardener 1.4.0 Released May 07, 2020

    Gardener Release 1.4

    ​ The Gardener release 1.4 is mainly focused on stability improvments and optimizations. For example, we twitched some configurations (e.g CPU and memory limits), and improved the monitoring and healtchechks. And there are some new features too. The list below is an overview of the most notable changes. Explore the full release notes in GitHub Release 1.4. ​​

    Notable Changes

    Now you decide when the reconciliation happens if you change your Shoot specification

    ​ Previously whenever you change a configuration of your Shoot.yaml specification, a reconciliation process was triggered enabling your desired state. Now using .spec.maintenance.confineSpecUpdateRollout=true you confine those changes to be updated in the individual maintenance time window. This is helpful if you want to update your Shoot but don’t want the changes to be applied immediately. One example use-case would be a Kubernetes version upgrade that you want to roll out during the maintenance time window. It is important to note that if you change the maintenance window itself, then it will only be effective after the upcoming maintenance. Of course, there is an exception with the .spec.hibernation.enabled field, which changes are taken under consideration immediately. If you hibernate or wake-up your Shoots then Gardener gets active right away. ​

    New Grafana dashboard to monitor CoreDNS’s stats

    ​ We exposed this Dashboard to give you insight over some CoreDNS metrics of your cluster, like: DNS Requests, DNS Lookups, Cache Hits/Misses. ​

    Better way of describing Shoot reconciliation errors

    ​ The Shoot health check controller has been improved to produce error codes (if applicable) to the .status.conditions[].codes that help to categorize observed problems. Also, there are two new error codes: ERR_INFRA_RESOURCES_DEPLETED indicates that the underlying infrastructure does not have enough resources anymore, and ERR_CONFIGURATION_PROBLEM indicates that the user has misconfigured something and should double-check the specification.

    Gardener will now block removal of Kubernetes and machine image versions from the CloudProfile which are still in use

    ​ The Gardener API Server now validates the changes of CloudProfile against Shoots that are using it. And will block removal of in use versions of Kubernetes and machine images from the CloudProfile. This is part of the “Gardener Versioning Policy” proposal that you can find at GEP-5

    Forceful Shoot clusters updates

    ​ You can specify for which Kubernetes and machine image versions you can forcefully upgrade to newer ones when expired. This is part of the “Gardener Versioning Policy” proposal that you can find at GEP-5

    Gardener supports metadata.generateName as alternative to

    Create unlimited count of worker groups per Shoot

    Previously it was not possible to create more that 20-25 worker groups, because the number of worker’s cloud configs were limited by the size of the Secret. We divided the cloud config to dedicated managed resources to eliminate this limitation.

    Common library for simple validating webhooks

    ​ We introduced new common library in the extension package that will help you to develop simple validating or mutating webhooks for different K8s types with different handlers. Please have a look at PR#69 to see an implementation in action.


    Kubernetes Dashboard addon version v2.0.0

    ​ We bumped the already presented addon for Kubernetes Dashboard to v2.0.0

    Gardener validates Pod/Service — Service/Pod network intersection between the Shoot and the Seed

    ​ Previosuly an overlap of these networks resulted in a broken state, so we added such validation to our admission plugin. ​

    The infrastructure reconciliation for hibernated shoots is now skipped

    Endpoint managed by 3rd party operators doesn’t block the Shoot’s hibernation

    ​ Now, gardener checks if the Endpoints object is reconciled by kube-controller-manager, otherwise it ignores and does not block the hibernation. ​

    Fixed a bug in the healthcheck that prevents checks after a Shoot has been woken up from hibernation

    If you have implemented custom extension controller for your cluster, you can vendor Gardener v1.4.0 to benefit from the fix.

    Detect outdated health check reports

    ​ The Gardenlet detects outdated health check reports on extension CRDs with a default threshold of 5 minutes in case Gardener extensions stop performing health checks. For backwards-compatibility reasons, the gardenlet does not check for stale extension reports per default. To enable, the field controllers.shootCare.staleExtensionHealthCheckThreshold in the Gardenlet configuration file should be set. ​

    Updates on Grafana Dashboard

    ​ Removed the cluster overview dashboard since metrics used in this dashboard were removed. Other dashboards are changed to no longer show data on a “Pod level” since pod level metrics have a high cardinality and have been mostly removed from the aggregate-prometheus. ​

    ETCD Encryption data is persisted in the ShootState

    ​ We now replicate the ETCD encryption into the ShootState for future restoration purposes. ​

    Improved Shoot operations

    ​ We fixed a race condition that led to incomplete maintenance operations for shoot clusters and fixed a bug that prevented the Shoot reconciliation to wait for the deletion of Extension CRDs. ​

    Extension controllers now support Migrate and Restore operations

    ​ The Actuator interface for the Infrastructure, ControlPlane, Network, Worker, OperationSystemConfig, BackupEntry extension controllers were extended to support migrate and restore operations. ​

    Autoscaler has configurable delay for Pod age before considering scaling-up​

    HVPA now properly scales ETCD containers

    Enhnaced etcd-backup-restore API for delta and full snapshots

    ​ Triggering full or delta snapshots now returns metadata for the snapshot taken in the response body. Also, new endpoint was introduces for fetching details of the latest full and delta snapshots.

  • Gardener Website 2.0 Live!

    New Website, Same Green Power!

    The Gardener Project just got a brand new website with multiple improvements and we are all very excited!

    Go ahead and explore around now and help us spread the word:

    Read more about changes and plans in the blog post.

  • PingCAP's TiDB Cloud A Gardener Success Story
  • What's Gardener Project to SAP? An Article About Gardener

    What’s Gardener Project to SAP?

    An New Article on about SAP, Gardener and OSS.

    Recently, Thomas Hertz, CNCF board member and head of Development Experience at SAP, published an overview article at the TheNewStack where he discusses projct Gardener and its place in SAP and the open source community, and what’s the future ahead of it.

    “Gardener is an SAP-driven open source project that tackles real-world demands for hyperscale Kubernetes services, regardless of infrastructure.", Thomas says disucssing the benefits from Gardener, yielding analogy with Borg, born to address real-world problems and eventually becomming Kubernetes. Further stressing upon the project’s Kubernetes DNA he outlines the unique, vendor-neutral approach of Gardener to offer a lock-in free solution and lists a number of SAP solutions that already benefit from that far and wide.

    Gardener provides a neutral toolbox for the technology stack of today, and we designed it to be sufficiently extensible so that — with relatively low effort — it can additionally adapt for the tools and infrastructures that come next. No one can say which direction the Kubernetes ecosystem will take, but Gardener is designed to keep things open and flexible.

    “We are determined to be transparent with Gardener, by developing everything in the public space and then adopting it with minor SAP specific integrations in-house. It’s always been imperative to keep it vendor-neutral and to stick to upstream Kubernetes practices, design and processes." Thomas then elaborates on SAP’s comitment to transparently drive the project in vendor-neutral manner and in a trully transparent for the community community and collaborative manner.

    He then discusses various use cases of community members using Gardener in differnet domains and concludes with the benefits of the open source project for SAP and how it catalizes a cultural change

    Within SAP, Gardener is influencing and catalyzing change. We already have great inner sourcing examples, with internal stakeholders contributing directly to the open source software project and doing almost everything in the public.

    “We developed Gardener to provide our customers with a single, consistent Kubernetes feature set that abstracts resources and underlying infrastructure, and can be used by SAP solutions anywhere. We are seeing an uptake by those developing applications and deploying them across multiple clouds, and look forward to working with the community to extend Gardener and deliver hyperscale Kubernetes services for the tools and infrastructures of the future." Thomas says at the end of the article, inviting contributors and adopters to the growing Gardener community for a collaboraiton to meet the challenges today and in future.

    Read more about that in the original article at the .

  • MCM, Tailscale and K3S Extending K3S cluster to the cloud

    MCM, Tailscale and K3S

    Using Gardener Machine-Controller-Manager and Tailscale to extend a local Raspberry-Pi K3s cluster with cloud instances.

    Read this blog by Christoph Voigt, where he takes on head-to-head the problem of dealing with machines in the cloud.

    Okay, so I can make any cloud instance part of my local cluster. But this still requires a bit of setup at the cloud vendor of your choice: at a minimum, you need to create a basic network infrastructure (VPC, subnets), create a VM (decide on an OS, setup Tailscale & K3s, assign Firewalls / Security Groups), oh, and please make sure it is running with a secure Runtime profile!

    He explores the options and then settles on Gardener’s Machine-Controller-Manager as the most Kubernetes-native aproach out there. In this experiment, only MCM and not the rest of Gardener is used. And that is quite possible because of the Kubernetes and Gardener’s idiomatic loosely coupled, modular designs.

    To explore how MCM was integrated and more, head on to the original blog at the

Make It All About Kubernetes Again

Gardener abstracts environment specifics to deliver the same homogeneous Kubernetes-native DevOps experience everywhere
Cluster Fleet Hub
A single Gardener can scale to register and manage thousands of clusters, regardless of their location - public/private clouds, DC bare metal, regulated environments... anywhere a Gardenlet is deployed.
Kubernetes Native
Gardener manages clusters very much like pods are orchestrated in Kubernetes. Cluster workloads are scheduled and Gardenlets, similar to Kubelets, take over to manage them in particular environments in a loosely coupled, controller pattern.
Fully Managed
Gardenlets manage control planes, worker nodes (full lifecycle, self-healing and updates) and cluster components, such as the overlay network, DNS and certificates, control plane monitoring and logging stack, to provide automation, resilience and observability.
Scalable by Design
A single Kubernetes cluster can host an enormous amount of control planes. Gardener can scale-out massively by more control plane clusters and letting the Gardenlets do the heavy lifting. In fact, those clusters can also be managed by Gardener for maximum efficency.
Learn more about the concepts behind Gardener

Get The Kubernetes You Really Want

The clusters Gardener provisions are as flexible as DIY clusters, except you don’t have to do them yourself

Gardener control planes allow you to control a wide range of a wide range of features gates and configurations.

The updates you want, when you want them

No more unexpected updates! Gardener allows you to update Kubernetes to the version you want, when you want it, rather than when your cloud provider decides. It even allows you to update your Host OS when desired.

100% Kubernetes compliant

Gardener is Kubernetes native and is not shy to be completely transparent on its compliance, proudly holding the 100% badge with public evidence for that.

The one you already know

Gardener delivers the same Kubernetes you know from and are certified for. The same binaries, the same tools; you are already trained to use it.

Everywhere You Want It

The compute resources you need, wherever you want them.
  • Alibaba Cloud
  • Amazon Web Services
  • Microsoft Azure
  • Google Cloud Platform
  • Metal-Stack
  • OpenStack
  • Packet Cloud
  • VMware vSphere
New infrastructure use case? Let’s build it together

However You Want It

Extend And Contribute To Gardener
Extensible By Design

Gardener is a modular system of managed extensions around a robust core, fully adaptable in multiple dimensions. Extend the existing extension set or add completely new pieces. And while you are at it, why not contribute them back to the community and benefit from contributions of others?

Managed Extensions

Gardener watches over and manages extensions, automatically reconciling their actual and desired state as designed.

Control the Stack

You are in control of the setup for the cluster that will be delivered by Gardener. Choose the components you actually need.

Learn more about Gardener’s extensibility