그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그
4 minute read
Documentation Index
Overview
- General Architecture
- Gardener landing page
gardener.cloud
- “Gardener, the Kubernetes Botanist” blog on kubernetes.io
- “Gardener Project Update” blog on kubernetes.io
Concepts
Usage
- Audit a Kubernetes cluster
- Cleanup of Shoot clusters in deletion
containerd
Registry Configuration- Custom
containerd
configuration - Custom
CoreDNS
configuration - (Custom) CSI components
- Default Seccomp Profile
- DNS Autoscaling
- DNS Search Path Optimization
- Endpoints and Ports of a Shoot Control-Plane
- ETCD Encryption Config
- ExposureClasses
- Hibernate a Cluster
- IPv6 in Gardener Clusters
- Logging
NodeLocalDNS
feature- OpenIDConnect presets
- Projects
- Service Account Manager
- Readiness of Shoot Worker Nodes
- Reversed Cluster VPN
- Shoot Cluster Purposes
- Shoot Scheduling Profiles
- Shoot Credentials Rotation
- Shoot Kubernetes and Operating System Versioning
- Shoot
KUBERNETES_SERVICE_HOST
Environment Variable Injection - Shoot Networking
- Shoot Maintenance
- Shoot
ServiceAccount
Configurations - Shoot Status
- Shoot Info
ConfigMap
- Shoot Updates and Upgrades
- Shoot Auto-Scaling Configuration
- Shoot Pod Auto-Scaling Best Practices
- Shoot High-Availability Control Plane
- Shoot High-Availability Best Practices
- Shoot Workers Settings
- Accessing Shoot Clusters
- Supported Kubernetes versions
- Tolerations
- Trigger shoot operations
- Trusted TLS certificate for shoot control planes
- Trusted TLS certificate for garden runtime cluster
- Controlling the Kubernetes versions for specific worker pools
- Admission Configuration for the
PodSecurity
Admission Plugin - Supported CPU Architectures for Shoot Worker Nodes
- Workerless
Shoot
s
API Reference
authentication.gardener.cloud
API Groupcore.gardener.cloud
API Groupextensions.gardener.cloud
API Groupoperations.gardener.cloud
API Groupresources.gardener.cloud
API Groupsecurity.gardener.cloud
API Groupseedmanagement.gardener.cloud
API Groupsettings.gardener.cloud
API Group
Proposals
- GEP: Gardener Enhancement Proposal Description
- GEP: Template
- GEP-1: Gardener extensibility and extraction of cloud-specific/OS-specific knowledge
- GEP-2:
BackupInfrastructure
CRD and Controller Redesign - GEP-3: Network extensibility
- GEP-4: New
core.gardener.cloud/v1beta1
APIs required to extract cloud-specific/OS-specific knowledge out of Gardener core - GEP-5: Gardener Versioning Policy
- GEP-6: Integrating etcd-druid with Gardener
- GEP-7: Shoot Control Plane Migration
- GEP-8: SNI Passthrough proxy for kube-apiservers
- GEP-9: Gardener integration test framework
- GEP-10: Support additional container runtimes
- GEP-11: Utilize API Server Network Proxy to Invert Seed-to-Shoot Connectivity
- GEP-12: OIDC Webhook Authenticator
- GEP-13: Automated Seed Management
- GEP-14: Reversed Cluster VPN
- GEP-15: Manage Bastions and SSH Key Pair Rotation
- GEP-16: Dynamic kubeconfig generation for Shoot clusters
- GEP-17: Shoot Control Plane Migration “Bad Case” Scenario
- GEP-18: Automated Shoot CA Rotation
- GEP-19: Observability Stack - Migrating to the prometheus-operator and fluent-bit operator
- GEP-20: Highly Available Shoot Control Planes
- GEP-21: IPv6 Single-Stack Support in Local Gardener
- GEP-22: Improved Usage of the
ShootState
API - GEP-23: Autoscaling Shoot kube-apiserver via Independently Driven HPA and VPA
- GEP-24: Shoot OIDC Issuer
- GEP-25: Namespaced Cloud Profiles
- GEP-26: Workload Identity - Trust Based Authentication
- GEP-27: Add Optional Bastion Section To CloudProfile
Development
- Getting started locally (using the local provider)
- Setting up a development environment (using a cloud provider)
- Testing (Unit, Integration, E2E Tests)
- Test Machinery Tests
- Dependency Management
- Kubernetes Clients in Gardener
- Logging in Gardener Components
- Changing the API
- Secrets Management for Seed and Shoot Clusters
- Releases, Features, Hotfixes
- Adding New Cloud Providers
- Adding Support For A New Kubernetes Version
- Extending the Monitoring Stack
- How to create log parser for container into fluent-bit
PriorityClasses
in Gardener Clusters- High Availability Of Deployed Components
- Checklist For Adding New Components
- Defaulting Strategy and Developer Guideline
Extensions
- Extensibility overview
- Extension controller registration
Cluster
resource- Extension points
- General conventions
- Trigger for reconcile operations
- Deploy resources into the shoot cluster
- Shoot resource customization webhooks
- Logging and monitoring for extensions
- Contributing to shoot health status conditions
- CA Rotation in Extensions
- Blob storage providers
- DNS providers
- IaaS/Cloud providers
- Network plugin providers
- Operating systems
- Container runtimes
- Generic (non-essential) extensions
- Extension Admission
- Heartbeat controller
- Provider Local
- Access to the Garden Cluster
- Control plane migration
- Force Deletion
- Extending project roles
- Referenced resources
Deployment
- Getting started locally
- Getting started locally with extensions
- Setup Gardener on a Kubernetes cluster
- Version Skew Policy
- Deploying Gardenlets
- Overwrite image vector
- Migration from Gardener
v0
tov1
- Feature Gates in Gardener
- Configuring the Logging stack
- SecretBinding Provider Controller
Operations
- Gardener configuration and usage
- Control Plane Migration
- Istio
ManagedSeed
s: Register Shoot as SeedNetworkPolicy
s In Garden, Seed, Shoot Clusters- Seed Bootstrapping
- Seed Settings
- Topology-Aware Traffic Routing
Monitoring
Admission Configuration for the `PodSecurity` Admission Plugin
Adding custom configuration for the PodSecurity
plugin in .spec.kubernetes.kubeAPIServer.admissionPlugins
Audit a Kubernetes Cluster
How to define a custom audit policy through a ConfigMap
and reference it in the shoot spec
Default Seccomp Profile
Enable the use of RuntimeDefault
as the default seccomp profile through spec.kubernetes.kubelet.seccompDefault
ETCD Encryption Config
Specifying resource types for encryption with spec.kubernetes.kubeAPIServer.encryptionConfig
Projects
Project operations and roles. Four-Eyes-Principle for resource deletion
Readiness of Shoot Worker Nodes
Implementation in Gardener for readiness of Shoot worker Nodes. How to mark components as node-critical
Service Account Manager
The role that allows a user to manage ServiceAccounts in the project namespace
Shoot Autoscaling
The basics of horizontal Node and vertical Pod auto-scaling
Shoot Cluster Purposes
Available Shoot cluster purposes and the behavioral differences between them
Shoot Hibernation
What is hibernation? Manual hibernation/wake up and specifying a hibernation schedule
Shoot High Availability
Failure tolerance types node
and zone
. Possible mitigations for zone or node outages
Shoot Maintenance
Defining the maintenance time window, configuring automatic version updates, confining reconciliations to only happen during maintenance, adding an additional maintenance operation, etc.
Shoot Networking Configurations
Configuring Pod network. Maximum number of Nodes and Pods per Node
Shoot Scheduling Profiles
Introducing balanced
and bin-packing
scheduling profiles
Shoot Status
Shoot conditions, constraints, and error codes
Shoot Worker Nodes Settings
Configuring SSH Access through ‘.spec.provider.workersSettings`
Workerless `Shoot`s
What is a Workerless Shoot and how to create one