Gardener

Documentation Index

Overview

• General Architecture
• Gardener landing page gardener.cloud
• “Gardener, the Kubernetes Botanist” blog on kubernetes.io
• “Gardener Project Update” blog on kubernetes.io

Concepts

• Components
  • Gardener API server
    • In-Tree Admission Plugins
  • Gardener Controller Manager
  • Gardener Scheduler
  • Gardener Admission Controller
  • Gardener Resource Manager
  • Gardener Operator
  • Gardener Node Agent
  • Gardenlet
  • Gardenadm
• Backup Restore
• etcd
• Relation between Gardener API and Cluster API

Usage

Gardener

• Gardener Info ConfigMap

Project

• Projects
• Service Account Manager
• NamespacedCloudProfiles

Shoot

• Accessing Shoot Clusters
• Hibernate a Cluster
• Shoot Info ConfigMap
• Shoot Kubernetes Minor Version Upgrades
• Shoot Cluster Limits
• Shoot Maintenance
• Shoot Cluster Purposes
• Shoot Scheduling Profiles
• Shoot Status
• Supported CPU Architectures for Shoot Worker Nodes
• Workerless Shoots
• Shoot Workers Settings
• Access Restrictions

Shoot Operations

• Shoot Credentials Rotation
• Trigger shoot operations
• Shoot Updates and Upgrades
• Shoot Kubernetes and Operating System Versioning
• Supported Kubernetes versions
• Controlling the Kubernetes versions for specific worker pools

High Availability

• Shoot High-Availability Control Plane
• Shoot High-Availability Best Practices

Security

• Default Seccomp Profile
• ETCD Encryption Config
• OpenIDConnect presets
• Admission Configuration for the PodSecurity Admission Plugin
• Audit a Kubernetes cluster
• Shoot ServiceAccount Configurations

Networking

• Custom CoreDNS configuration
• DNS Search Path Optimization
• ExposureClasses
• NodeLocalDNS feature
• Shoot KUBERNETES_SERVICE_HOST Environment Variable Injection
• Shoot Networking
• Dual-Stack Network Migration

Autoscaling

• DNS Autoscaling
• Shoot Auto-Scaling Configuration
• Shoot Pod Auto-Scaling Best Practices

Observability

• Logging

Advanced

• containerd Registry Configuration
• Endpoints and Ports of a Shoot Control-Plane
• (Custom) CSI components
• Custom containerd configuration
• Readiness of Shoot Worker Nodes
• Cleanup of Shoot clusters in deletion
• Tolerations

API Reference

• authentication.gardener.cloud API Group
• core.gardener.cloud API Group
• extensions.gardener.cloud API Group
• operations.gardener.cloud API Group
• resources.gardener.cloud API Group
• security.gardener.cloud API Group
• seedmanagement.gardener.cloud API Group
• settings.gardener.cloud API Group

CLI Reference

• gardenadm

Gardener Enhancement Proposals

• GEP: Gardener Enhancement Proposal Description
• GEP: Template
• GEP-1: Gardener extensibility and extraction of cloud-specific/OS-specific knowledge
• GEP-2: BackupInfrastructure CRD and Controller Redesign
• GEP-3: Network extensibility
• GEP-4: New core.gardener.cloud/v1beta1 APIs required to extract cloud-specific/OS-specific knowledge out of Gardener core
• GEP-5: Gardener Versioning Policy
• GEP-6: Integrating etcd-druid with Gardener
• GEP-7: Shoot Control Plane Migration
• GEP-8: SNI Passthrough proxy for kube-apiservers
• GEP-9: Gardener integration test framework
• GEP-10: Support additional container runtimes
• GEP-11: Utilize API Server Network Proxy to Invert Seed-to-Shoot Connectivity
• GEP-12: OIDC Webhook Authenticator
• GEP-13: Automated Seed Management
• GEP-14: Reversed Cluster VPN
• GEP-15: Manage Bastions and SSH Key Pair Rotation
• GEP-16: Dynamic kubeconfig generation for Shoot clusters
• GEP-17: Shoot Control Plane Migration “Bad Case” Scenario
• GEP-18: Automated Shoot CA Rotation
• GEP-19: Observability Stack - Migrating to the prometheus-operator and fluent-bit operator
• GEP-20: Highly Available Shoot Control Planes
• GEP-21: IPv6 Single-Stack Support in Local Gardener
• GEP-22: Improved Usage of the ShootState API
• GEP-23: Autoscaling Shoot kube-apiserver via Independently Driven HPA and VPA
• GEP-24: Shoot OIDC Issuer
• GEP-25: Namespaced Cloud Profiles
• GEP-26: Workload Identity - Trust Based Authentication
• GEP-27: Add Optional Bastion Section To CloudProfile
• GEP-28: Autonomous Shoot Clusters
• GEP-30: Rework API Server Proxy to Drop Proxy Protocol
• GEP-31: In-Place Node Updates of Shoot Clusters
• GEP-32: Cloud Profile Version Classification Lifecycles
• GEP-33: Machine Image Capabilities

Development

• Getting started locally (using the local provider)
• Setting up a development environment (using a cloud provider)
• Testing (Unit, Integration, E2E Tests)
• Test Machinery Tests
• Dependency Management
• Kubernetes Clients in Gardener
• Logging in Gardener Components
• Changing the API
• Secrets Management for Seed and Shoot Clusters
• IPv6 in Gardener Clusters
• Releases, Features, Hotfixes
• Reversed Cluster VPN
• Adding New Cloud Providers
• Adding Support For A New Kubernetes Version
• Extending the Monitoring Stack
• How to create log parser for container into fluent-bit
• PriorityClasses in Gardener Clusters
• High Availability Of Deployed Components
• Checklist For Adding New Components
• Defaulting Strategy and Developer Guideline
• Autoscaling Specifics for Components

Extensions

• Extensibility overview
• Extension registration
• Cluster resource
• Extension points
  • General conventions
  • Trigger for reconcile operations
  • Deploy resources into the shoot cluster
  • Shoot resource customization webhooks
  • Logging and monitoring for extensions
  • Contributing to shoot health status conditions
    • Health Check Library
  • CA Rotation in Extensions
  • Blob storage providers
    • BackupBucket resource
    • BackupEntry resource
  • DNS providers
    • DNSRecord resources
  • IaaS/Cloud providers
    • Control plane customization webhooks
    • Bastion resource
    • ControlPlane resource
    • ControlPlane exposure resource
    • Infrastructure resource
    • Worker resource
  • Network plugin providers
    • Network resource
  • Operating systems
    • OperatingSystemConfig resource
  • Container runtimes
    • ContainerRuntime resource
  • Generic (non-essential) extensions
    • Extension resource
  • Extension Admission
  • Heartbeat controller
• Provider Local
• Access to the Garden Cluster
• Control plane migration
• Force Deletion
• Extending project roles
• Referenced resources

Deployment

• Getting started locally
• Getting started locally with extensions
• Getting started locally with Autonomous Shoot Clusters
• Setup Gardener on a Kubernetes cluster
• Version Skew Policy
• Deploying Gardenlets
  • Automatic Deployment of Gardenlets
  • Deploy a Gardenlet Manually
  • Deploy a Gardenlet via Gardener Operator
  • Scoped API Access for Gardenlets
• Overwrite image vector
• Migration from Gardener v0 to v1
• Feature Gates in Gardener
• Configuring the Logging stack
• SecretBinding Provider Controller

Operations

• Gardener configuration and usage
• Control Plane Migration
• Istio
• Kube API server load balancing
• ManagedSeeds: Register Shoot as Seed
• NetworkPolicys In Garden, Seed, Shoot Clusters
• Seed Bootstrapping
• Seed Settings
• Topology-Aware Traffic Routing
• Trusted TLS certificate for shoot control planes
• Trusted TLS certificate for garden runtime cluster

Monitoring

• Alerting
• Connectivity
• Profiling Gardener Components