그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그
4 minute read
Documentation Index
Overview
- General Architecture
- Gardener landing page
gardener.cloud - “Gardener, the Kubernetes Botanist” blog on kubernetes.io
- “Gardener Project Update” blog on kubernetes.io
Concepts
Usage
- Audit a Kubernetes cluster
- Cleanup of Shoot clusters in deletion
containerdRegistry Configuration- Custom
containerdconfiguration - Custom
CoreDNSconfiguration - (Custom) CSI components
- Default Seccomp Profile
- DNS Autoscaling
- DNS Search Path Optimization
- Endpoints and Ports of a Shoot Control-Plane
- ETCD Encryption Config
- ExposureClasses
- Hibernate a Cluster
- IPv6 in Gardener Clusters
- Logging
NodeLocalDNSfeature- OpenIDConnect presets
- Projects
- Service Account Manager
- Readiness of Shoot Worker Nodes
- Reversed Cluster VPN
- Shoot Cluster Purposes
- Shoot Scheduling Profiles
- Shoot Credentials Rotation
- Shoot Kubernetes and Operating System Versioning
- Shoot
KUBERNETES_SERVICE_HOSTEnvironment Variable Injection - Shoot Networking
- Shoot Maintenance
- Shoot
ServiceAccountConfigurations - Shoot Status
- Shoot Info
ConfigMap - Shoot Updates and Upgrades
- Shoot Auto-Scaling Configuration
- Shoot Pod Auto-Scaling Best Practices
- Shoot High-Availability Control Plane
- Shoot High-Availability Best Practices
- Shoot Workers Settings
- Accessing Shoot Clusters
- Supported Kubernetes versions
- Tolerations
- Trigger shoot operations
- Trusted TLS certificate for shoot control planes
- Trusted TLS certificate for garden runtime cluster
- Controlling the Kubernetes versions for specific worker pools
- Admission Configuration for the
PodSecurityAdmission Plugin - Supported CPU Architectures for Shoot Worker Nodes
- Workerless
Shoots
API Reference
authentication.gardener.cloudAPI Groupcore.gardener.cloudAPI Groupextensions.gardener.cloudAPI Groupoperations.gardener.cloudAPI Groupresources.gardener.cloudAPI Groupsecurity.gardener.cloudAPI Groupseedmanagement.gardener.cloudAPI Groupsettings.gardener.cloudAPI Group
Proposals
- GEP: Gardener Enhancement Proposal Description
- GEP: Template
- GEP-1: Gardener extensibility and extraction of cloud-specific/OS-specific knowledge
- GEP-2:
BackupInfrastructureCRD and Controller Redesign - GEP-3: Network extensibility
- GEP-4: New
core.gardener.cloud/v1beta1APIs required to extract cloud-specific/OS-specific knowledge out of Gardener core - GEP-5: Gardener Versioning Policy
- GEP-6: Integrating etcd-druid with Gardener
- GEP-7: Shoot Control Plane Migration
- GEP-8: SNI Passthrough proxy for kube-apiservers
- GEP-9: Gardener integration test framework
- GEP-10: Support additional container runtimes
- GEP-11: Utilize API Server Network Proxy to Invert Seed-to-Shoot Connectivity
- GEP-12: OIDC Webhook Authenticator
- GEP-13: Automated Seed Management
- GEP-14: Reversed Cluster VPN
- GEP-15: Manage Bastions and SSH Key Pair Rotation
- GEP-16: Dynamic kubeconfig generation for Shoot clusters
- GEP-17: Shoot Control Plane Migration “Bad Case” Scenario
- GEP-18: Automated Shoot CA Rotation
- GEP-19: Observability Stack - Migrating to the prometheus-operator and fluent-bit operator
- GEP-20: Highly Available Shoot Control Planes
- GEP-21: IPv6 Single-Stack Support in Local Gardener
- GEP-22: Improved Usage of the
ShootStateAPI - GEP-23: Autoscaling Shoot kube-apiserver via Independently Driven HPA and VPA
- GEP-24: Shoot OIDC Issuer
- GEP-25: Namespaced Cloud Profiles
- GEP-26: Workload Identity - Trust Based Authentication
- GEP-27: Add Optional Bastion Section To CloudProfile
Development
- Getting started locally (using the local provider)
- Setting up a development environment (using a cloud provider)
- Testing (Unit, Integration, E2E Tests)
- Test Machinery Tests
- Dependency Management
- Kubernetes Clients in Gardener
- Logging in Gardener Components
- Changing the API
- Secrets Management for Seed and Shoot Clusters
- Releases, Features, Hotfixes
- Adding New Cloud Providers
- Adding Support For A New Kubernetes Version
- Extending the Monitoring Stack
- How to create log parser for container into fluent-bit
PriorityClassesin Gardener Clusters- High Availability Of Deployed Components
- Checklist For Adding New Components
- Defaulting Strategy and Developer Guideline
Extensions
- Extensibility overview
- Extension controller registration
Clusterresource- Extension points
- General conventions
- Trigger for reconcile operations
- Deploy resources into the shoot cluster
- Shoot resource customization webhooks
- Logging and monitoring for extensions
- Contributing to shoot health status conditions
- CA Rotation in Extensions
- Blob storage providers
- DNS providers
- IaaS/Cloud providers
- Network plugin providers
- Operating systems
- Container runtimes
- Generic (non-essential) extensions
- Extension Admission
- Heartbeat controller
- Provider Local
- Access to the Garden Cluster
- Control plane migration
- Force Deletion
- Extending project roles
- Referenced resources
Deployment
- Getting started locally
- Getting started locally with extensions
- Setup Gardener on a Kubernetes cluster
- Version Skew Policy
- Deploying Gardenlets
- Overwrite image vector
- Migration from Gardener
v0tov1 - Feature Gates in Gardener
- Configuring the Logging stack
- SecretBinding Provider Controller
Operations
- Gardener configuration and usage
- Control Plane Migration
- Istio
ManagedSeeds: Register Shoot as SeedNetworkPolicys In Garden, Seed, Shoot Clusters- Seed Bootstrapping
- Seed Settings
- Topology-Aware Traffic Routing
Monitoring
Admission Configuration for the `PodSecurity` Admission Plugin
Adding custom configuration for the PodSecurity plugin in .spec.kubernetes.kubeAPIServer.admissionPlugins
Audit a Kubernetes Cluster
How to define a custom audit policy through a ConfigMap and reference it in the shoot spec
Default Seccomp Profile
Enable the use of RuntimeDefault as the default seccomp profile through spec.kubernetes.kubelet.seccompDefault
ETCD Encryption Config
Specifying resource types for encryption with spec.kubernetes.kubeAPIServer.encryptionConfig
Projects
Project operations and roles. Four-Eyes-Principle for resource deletion
Readiness of Shoot Worker Nodes
Implementation in Gardener for readiness of Shoot worker Nodes. How to mark components as node-critical
Service Account Manager
The role that allows a user to manage ServiceAccounts in the project namespace
Shoot Autoscaling
The basics of horizontal Node and vertical Pod auto-scaling
Shoot Cluster Purposes
Available Shoot cluster purposes and the behavioral differences between them
Shoot Hibernation
What is hibernation? Manual hibernation/wake up and specifying a hibernation schedule
Shoot High Availability
Failure tolerance types node and zone. Possible mitigations for zone or node outages
Shoot Maintenance
Defining the maintenance time window, configuring automatic version updates, confining reconciliations to only happen during maintenance, adding an additional maintenance operation, etc.
Shoot Networking Configurations
Configuring Pod network. Maximum number of Nodes and Pods per Node
Shoot Scheduling Profiles
Introducing balanced and bin-packing scheduling profiles
Shoot Status
Shoot conditions, constraints, and error codes
Shoot Worker Nodes Settings
Configuring SSH Access through ‘.spec.provider.workersSettings`
Workerless `Shoot`s
What is a Workerless Shoot and how to create one