1 - Authentication

Packages:

authentication.gardener.cloud/v1alpha1

Package v1alpha1 is a version of the API.

Resource Types:

AdminKubeconfigRequest

AdminKubeconfigRequest can be used to request a kubeconfig with admin credentials for a Shoot cluster.

FieldDescription
apiVersion
string
authentication.gardener.cloud/v1alpha1
kind
string
AdminKubeconfigRequest
metadata
Kubernetes meta/v1.ObjectMeta

Standard object metadata.

Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
AdminKubeconfigRequestSpec

Spec is the specification of the AdminKubeconfigRequest.



expirationSeconds
int64
(Optional)

ExpirationSeconds is the requested validity duration of the credential. The credential issuer may return a credential with a different validity duration so a client needs to check the ‘expirationTimestamp’ field in a response. Defaults to 1 hour.

status
AdminKubeconfigRequestStatus

Status is the status of the AdminKubeconfigRequest.

AdminKubeconfigRequestSpec

(Appears on: AdminKubeconfigRequest)

AdminKubeconfigRequestSpec contains the expiration time of the kubeconfig.

FieldDescription
expirationSeconds
int64
(Optional)

ExpirationSeconds is the requested validity duration of the credential. The credential issuer may return a credential with a different validity duration so a client needs to check the ‘expirationTimestamp’ field in a response. Defaults to 1 hour.

AdminKubeconfigRequestStatus

(Appears on: AdminKubeconfigRequest)

AdminKubeconfigRequestStatus is the status of the AdminKubeconfigRequest containing the kubeconfig and expiration of the credential.

FieldDescription
kubeconfig
[]byte

Kubeconfig contains the kubeconfig with cluster-admin privileges for the shoot cluster.

expirationTimestamp
Kubernetes meta/v1.Time

ExpirationTimestamp is the expiration timestamp of the returned credential.


Generated with gen-crd-api-reference-docs

2 - Core

Packages:

core.gardener.cloud/v1beta1

Package v1beta1 is a version of the API.

Resource Types:

BackupBucket

BackupBucket holds details about backup bucket

FieldDescription
apiVersion
string
core.gardener.cloud/v1beta1
kind
string
BackupBucket
metadata
Kubernetes meta/v1.ObjectMeta

Standard object metadata.

Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
BackupBucketSpec

Specification of the Backup Bucket.



provider
BackupBucketProvider

Provider holds the details of cloud provider of the object store. This field is immutable.

providerConfig
k8s.io/apimachinery/pkg/runtime.RawExtension
(Optional)

ProviderConfig is the configuration passed to BackupBucket resource.

secretRef
Kubernetes core/v1.SecretReference

SecretRef is a reference to a secret that contains the credentials to access object store.

seedName
string
(Optional)

SeedName holds the name of the seed allocated to BackupBucket for running controller. This field is immutable.

status
BackupBucketStatus

Most recently observed status of the Backup Bucket.

BackupEntry

BackupEntry holds details about shoot backup.

FieldDescription
apiVersion
string
core.gardener.cloud/v1beta1
kind
string
BackupEntry
metadata
Kubernetes meta/v1.ObjectMeta

Standard object metadata.

Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
BackupEntrySpec
(Optional)

Spec contains the specification of the Backup Entry.



bucketName
string

BucketName is the name of backup bucket for this Backup Entry.

seedName
string
(Optional)

SeedName holds the name of the seed to which this BackupEntry is scheduled

status
BackupEntryStatus
(Optional)

Status contains the most recently observed status of the Backup Entry.

CloudProfile

CloudProfile represents certain properties about a provider environment.

FieldDescription
apiVersion
string
core.gardener.cloud/v1beta1
kind
string
CloudProfile
metadata
Kubernetes meta/v1.ObjectMeta
(Optional)

Standard object metadata.

Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
CloudProfileSpec
(Optional)

Spec defines the provider environment properties.



caBundle
string
(Optional)

CABundle is a certificate bundle which will be installed onto every host machine of shoot cluster targeting this profile.

kubernetes
KubernetesSettings

Kubernetes contains constraints regarding allowed values of the ‘kubernetes’ block in the Shoot specification.

machineImages
[]MachineImage

MachineImages contains constraints regarding allowed values for machine images in the Shoot specification.

machineTypes
[]MachineType

MachineTypes contains constraints regarding allowed values for machine types in the ‘workers’ block in the Shoot specification.

providerConfig
k8s.io/apimachinery/pkg/runtime.RawExtension
(Optional)

ProviderConfig contains provider-specific configuration for the profile.

regions
[]Region

Regions contains constraints regarding allowed values for regions and zones.

seedSelector
SeedSelector
(Optional)

SeedSelector contains an optional list of labels on Seed resources that marks those seeds whose shoots may use this provider profile. An empty list means that all seeds of the same provider type are supported. This is useful for environments that are of the same type (like openstack) but may have different “instances”/landscapes. Optionally a list of possible providers can be added to enable cross-provider scheduling. By default, the provider type of the seed must match the shoot’s provider.

type
string

Type is the name of the provider.

volumeTypes
[]VolumeType
(Optional)

VolumeTypes contains constraints regarding allowed values for volume types in the ‘workers’ block in the Shoot specification.

ControllerDeployment

ControllerDeployment contains information about how this controller is deployed.

FieldDescription
apiVersion
string
core.gardener.cloud/v1beta1
kind
string
ControllerDeployment
metadata
Kubernetes meta/v1.ObjectMeta

Standard object metadata.

Refer to the Kubernetes API documentation for the fields of the metadata field.
type
string

Type is the deployment type.

providerConfig
k8s.io/apimachinery/pkg/runtime.RawExtension

ProviderConfig contains type-specific configuration. It contains assets that deploy the controller.

ControllerInstallation

ControllerInstallation represents an installation request for an external controller.

FieldDescription
apiVersion
string
core.gardener.cloud/v1beta1
kind
string
ControllerInstallation
metadata
Kubernetes meta/v1.ObjectMeta

Standard object metadata.

Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
ControllerInstallationSpec

Spec contains the specification of this installation. If the object’s deletion timestamp is set, this field is immutable.



registrationRef
Kubernetes core/v1.ObjectReference

RegistrationRef is used to reference a ControllerRegistration resource. The name field of the RegistrationRef is immutable.

seedRef
Kubernetes core/v1.ObjectReference

SeedRef is used to reference a Seed resource. The name field of the SeedRef is immutable.

deploymentRef
Kubernetes core/v1.ObjectReference
(Optional)

DeploymentRef is used to reference a ControllerDeployment resource.

status
ControllerInstallationStatus

Status contains the status of this installation.

ControllerRegistration

ControllerRegistration represents a registration of an external controller.

FieldDescription
apiVersion
string
core.gardener.cloud/v1beta1
kind
string
ControllerRegistration
metadata
Kubernetes meta/v1.ObjectMeta

Standard object metadata.

Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
ControllerRegistrationSpec

Spec contains the specification of this registration. If the object’s deletion timestamp is set, this field is immutable.



resources
[]ControllerResource
(Optional)

Resources is a list of combinations of kinds (DNSProvider, Infrastructure, Generic, …) and their actual types (aws-route53, gcp, auditlog, …).

deployment
ControllerRegistrationDeployment
(Optional)

Deployment contains information for how this controller is deployed.

Project

Project holds certain properties about a Gardener project.

FieldDescription
apiVersion
string
core.gardener.cloud/v1beta1
kind
string
Project
metadata
Kubernetes meta/v1.ObjectMeta
(Optional)

Standard object metadata.

Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
ProjectSpec
(Optional)

Spec defines the project properties.



createdBy
Kubernetes rbac/v1.Subject
(Optional)

CreatedBy is a subject representing a user name, an email address, or any other identifier of a user who created the project. This field is immutable.

description
string
(Optional)

Description is a human-readable description of what the project is used for.

owner
Kubernetes rbac/v1.Subject
(Optional)

Owner is a subject representing a user name, an email address, or any other identifier of a user owning the project. IMPORTANT: Be aware that this field will be removed in the v1 version of this API in favor of the owner role. The only way to change the owner will be by moving the owner role. In this API version the only way to change the owner is to use this field. TODO: Remove this field in favor of the owner role in v1.

purpose
string
(Optional)

Purpose is a human-readable explanation of the project’s purpose.

members
[]ProjectMember
(Optional)

Members is a list of subjects representing a user name, an email address, or any other identifier of a user, group, or service account that has a certain role.

namespace
string
(Optional)

Namespace is the name of the namespace that has been created for the Project object. A nil value means that Gardener will determine the name of the namespace. This field is immutable.

tolerations
ProjectTolerations
(Optional)

Tolerations contains the tolerations for taints on seed clusters.

status
ProjectStatus
(Optional)

Most recently observed status of the Project.

Quota

Quota represents a quota on resources consumed by shoot clusters either per project or per provider secret.

FieldDescription
apiVersion
string
core.gardener.cloud/v1beta1
kind
string
Quota
metadata
Kubernetes meta/v1.ObjectMeta
(Optional)

Standard object metadata.

Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
QuotaSpec
(Optional)

Spec defines the Quota constraints.



clusterLifetimeDays
int32
(Optional)

ClusterLifetimeDays is the lifetime of a Shoot cluster in days before it will be terminated automatically.

metrics
Kubernetes core/v1.ResourceList

Metrics is a list of resources which will be put under constraints.

scope
Kubernetes core/v1.ObjectReference

Scope is the scope of the Quota object, either ‘project’ or ‘secret’. This field is immutable.

SecretBinding

SecretBinding represents a binding to a secret in the same or another namespace.

FieldDescription
apiVersion
string
core.gardener.cloud/v1beta1
kind
string
SecretBinding
metadata
Kubernetes meta/v1.ObjectMeta
(Optional)

Standard object metadata.

Refer to the Kubernetes API documentation for the fields of the metadata field.
secretRef
Kubernetes core/v1.SecretReference

SecretRef is a reference to a secret object in the same or another namespace. This field is immutable.

quotas
[]Kubernetes core/v1.ObjectReference
(Optional)

Quotas is a list of references to Quota objects in the same or another namespace. This field is immutable.

provider
SecretBindingProvider
(Optional)

Provider defines the provider type of the SecretBinding. This field is immutable.

Seed

Seed represents an installation request for an external controller.

FieldDescription
apiVersion
string
core.gardener.cloud/v1beta1
kind
string
Seed
metadata
Kubernetes meta/v1.ObjectMeta

Standard object metadata.

Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
SeedSpec

Spec contains the specification of this installation.



backup
SeedBackup
(Optional)

Backup holds the object store configuration for the backups of shoot (currently only etcd). If it is not specified, then there won’t be any backups taken for shoots associated with this seed. If backup field is present in seed, then backups of the etcd from shoot control plane will be stored under the configured object store.

dns
SeedDNS

DNS contains DNS-relevant information about this seed cluster.

networks
SeedNetworks

Networks defines the pod, service and worker network of the Seed cluster.

provider
SeedProvider

Provider defines the provider type and region for this Seed cluster.

secretRef
Kubernetes core/v1.SecretReference
(Optional)

SecretRef is a reference to a Secret object containing the Kubeconfig of the Kubernetes cluster to be registered as Seed.

taints
[]SeedTaint
(Optional)

Taints describes taints on the seed.

volume
SeedVolume
(Optional)

Volume contains settings for persistentvolumes created in the seed cluster.

settings
SeedSettings
(Optional)

Settings contains certain settings for this seed cluster.

ingress
Ingress
(Optional)

Ingress configures Ingress specific settings of the Seed cluster. This field is immutable.

status
SeedStatus

Status contains the status of this installation.

Shoot

Shoot represents a Shoot cluster created and managed by Gardener.

FieldDescription
apiVersion
string
core.gardener.cloud/v1beta1
kind
string
Shoot
metadata
Kubernetes meta/v1.ObjectMeta
(Optional)

Standard object metadata.

Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
ShootSpec
(Optional)

Specification of the Shoot cluster. If the object’s deletion timestamp is set, this field is immutable.



addons
Addons
(Optional)

Addons contains information about enabled/disabled addons and their configuration.

cloudProfileName
string

CloudProfileName is a name of a CloudProfile object. This field is immutable.

dns
DNS
(Optional)

DNS contains information about the DNS settings of the Shoot.

extensions
[]Extension
(Optional)

Extensions contain type and provider information for Shoot extensions.

hibernation
Hibernation
(Optional)

Hibernation contains information whether the Shoot is suspended or not.

kubernetes
Kubernetes

Kubernetes contains the version and configuration settings of the control plane components.

networking
Networking

Networking contains information about cluster networking such as CNI Plugin type, CIDRs, …etc.

maintenance
Maintenance
(Optional)

Maintenance contains information about the time window for maintenance operations and which operations should be performed.

monitoring
Monitoring
(Optional)

Monitoring contains information about custom monitoring configurations for the shoot.

provider
Provider

Provider contains all provider-specific and provider-relevant information.

purpose
ShootPurpose
(Optional)

Purpose is the purpose class for this cluster.

region
string

Region is a name of a region. This field is immutable.

secretBindingName
string

SecretBindingName is the name of the a SecretBinding that has a reference to the provider secret. The credentials inside the provider secret will be used to create the shoot in the respective account. This field is immutable.

seedName
string
(Optional)

SeedName is the name of the seed cluster that runs the control plane of the Shoot. This field is immutable when the SeedChange feature gate is disabled.

seedSelector
SeedSelector
(Optional)

SeedSelector is an optional selector which must match a seed’s labels for the shoot to be scheduled on that seed.

resources
[]NamedResourceReference
(Optional)

Resources holds a list of named resource references that can be referred to in extension configs by their names.

tolerations
[]Toleration
(Optional)

Tolerations contains the tolerations for taints on seed clusters.

exposureClassName
string
(Optional)

ExposureClassName is the optional name of an exposure class to apply a control plane endpoint exposure strategy. This field is immutable.

systemComponents
SystemComponents
(Optional)

SystemComponents contains the settings of system components in the control or data plane of the Shoot cluster.

controlPlane
ControlPlane
(Optional)

ControlPlane contains general settings for the control plane of the shoot.

status
ShootStatus
(Optional)

Most recently observed status of the Shoot cluster.

Addon

(Appears on: KubernetesDashboard, NginxIngress)

Addon allows enabling or disabling a specific addon and is used to derive from.

FieldDescription
enabled
bool

Enabled indicates whether the addon is enabled or not.

Addons

(Appears on: ShootSpec)

Addons is a collection of configuration for specific addons which are managed by the Gardener.

FieldDescription
kubernetesDashboard
KubernetesDashboard
(Optional)

KubernetesDashboard holds configuration settings for the kubernetes dashboard addon.

nginxIngress
NginxIngress
(Optional)

NginxIngress holds configuration settings for the nginx-ingress addon.

AdmissionPlugin

(Appears on: KubeAPIServerConfig)

AdmissionPlugin contains information about a specific admission plugin and its corresponding configuration.

FieldDescription
name
string

Name is the name of the plugin.

config
k8s.io/apimachinery/pkg/runtime.RawExtension
(Optional)

Config is the configuration of the plugin.

disabled
bool
(Optional)

Disabled specifies whether this plugin should be disabled.

Alerting

(Appears on: Monitoring)

Alerting contains information about how alerting will be done (i.e. who will receive alerts and how).

FieldDescription
emailReceivers
[]string
(Optional)

MonitoringEmailReceivers is a list of recipients for alerts

AuditConfig

(Appears on: KubeAPIServerConfig)

AuditConfig contains settings for audit of the api server

FieldDescription
auditPolicy
AuditPolicy
(Optional)

AuditPolicy contains configuration settings for audit policy of the kube-apiserver.

AuditPolicy

(Appears on: AuditConfig)

AuditPolicy contains audit policy for kube-apiserver

FieldDescription
configMapRef
Kubernetes core/v1.ObjectReference
(Optional)

ConfigMapRef is a reference to a ConfigMap object in the same namespace, which contains the audit policy for the kube-apiserver.

AvailabilityZone

(Appears on: Region)

AvailabilityZone is an availability zone.

FieldDescription
name
string

Name is an an availability zone name.

unavailableMachineTypes
[]string
(Optional)

UnavailableMachineTypes is a list of machine type names that are not availability in this zone.

unavailableVolumeTypes
[]string
(Optional)

UnavailableVolumeTypes is a list of volume type names that are not availability in this zone.

BackupBucketProvider

(Appears on: BackupBucketSpec)

BackupBucketProvider holds the details of cloud provider of the object store.

FieldDescription
type
string

Type is the type of provider.

region
string

Region is the region of the bucket.

BackupBucketSpec

(Appears on: BackupBucket)

BackupBucketSpec is the specification of a Backup Bucket.

FieldDescription
provider
BackupBucketProvider

Provider holds the details of cloud provider of the object store. This field is immutable.

providerConfig
k8s.io/apimachinery/pkg/runtime.RawExtension
(Optional)

ProviderConfig is the configuration passed to BackupBucket resource.

secretRef
Kubernetes core/v1.SecretReference

SecretRef is a reference to a secret that contains the credentials to access object store.

seedName
string
(Optional)

SeedName holds the name of the seed allocated to BackupBucket for running controller. This field is immutable.

BackupBucketStatus

(Appears on: BackupBucket)

BackupBucketStatus holds the most recently observed status of the Backup Bucket.

FieldDescription
providerStatus
k8s.io/apimachinery/pkg/runtime.RawExtension
(Optional)

ProviderStatus is the configuration passed to BackupBucket resource.

lastOperation
LastOperation
(Optional)

LastOperation holds information about the last operation on the BackupBucket.

lastError
LastError
(Optional)

LastError holds information about the last occurred error during an operation.

observedGeneration
int64
(Optional)

ObservedGeneration is the most recent generation observed for this BackupBucket. It corresponds to the BackupBucket’s generation, which is updated on mutation by the API Server.

generatedSecretRef
Kubernetes core/v1.SecretReference
(Optional)

GeneratedSecretRef is reference to the secret generated by backup bucket, which will have object store specific credentials.

BackupEntrySpec

(Appears on: BackupEntry)

BackupEntrySpec is the specification of a Backup Entry.

FieldDescription
bucketName
string

BucketName is the name of backup bucket for this Backup Entry.

seedName
string
(Optional)

SeedName holds the name of the seed to which this BackupEntry is scheduled

BackupEntryStatus

(Appears on: BackupEntry)

BackupEntryStatus holds the most recently observed status of the Backup Entry.

FieldDescription
lastOperation
LastOperation
(Optional)

LastOperation holds information about the last operation on the BackupEntry.

lastError
LastError
(Optional)

LastError holds information about the last occurred error during an operation.

observedGeneration
int64
(Optional)

ObservedGeneration is the most recent generation observed for this BackupEntry. It corresponds to the BackupEntry’s generation, which is updated on mutation by the API Server.

seedName
string
(Optional)

SeedName is the name of the seed to which this BackupEntry is currently scheduled. This field is populated at the beginning of a create/reconcile operation. It is used when moving the BackupEntry between seeds.

migrationStartTime
Kubernetes meta/v1.Time
(Optional)

MigrationStartTime is the time when a migration to a different seed was initiated.

CRI

(Appears on: MachineImageVersion, Worker)

CRI contains information about the Container Runtimes.

FieldDescription
name
CRIName

The name of the CRI library. Supported values are docker and containerd.

containerRuntimes
[]ContainerRuntime
(Optional)

ContainerRuntimes is the list of the required container runtimes supported for a worker pool.

CRIName (string alias)

(Appears on: CRI)

CRIName is a type alias for the CRI name string.

CloudProfileSpec

(Appears on: CloudProfile)

CloudProfileSpec is the specification of a CloudProfile. It must contain exactly one of its defined keys.

FieldDescription
caBundle
string
(Optional)

CABundle is a certificate bundle which will be installed onto every host machine of shoot cluster targeting this profile.

kubernetes
KubernetesSettings

Kubernetes contains constraints regarding allowed values of the ‘kubernetes’ block in the Shoot specification.

machineImages
[]MachineImage

MachineImages contains constraints regarding allowed values for machine images in the Shoot specification.

machineTypes
[]MachineType

MachineTypes contains constraints regarding allowed values for machine types in the ‘workers’ block in the Shoot specification.

providerConfig
k8s.io/apimachinery/pkg/runtime.RawExtension
(Optional)

ProviderConfig contains provider-specific configuration for the profile.

regions
[]Region

Regions contains constraints regarding allowed values for regions and zones.

seedSelector
SeedSelector
(Optional)

SeedSelector contains an optional list of labels on Seed resources that marks those seeds whose shoots may use this provider profile. An empty list means that all seeds of the same provider type are supported. This is useful for environments that are of the same type (like openstack) but may have different “instances”/landscapes. Optionally a list of possible providers can be added to enable cross-provider scheduling. By default, the provider type of the seed must match the shoot’s provider.

type
string

Type is the name of the provider.

volumeTypes
[]VolumeType
(Optional)

VolumeTypes contains constraints regarding allowed values for volume types in the ‘workers’ block in the Shoot specification.

ClusterAutoscaler

(Appears on: Kubernetes)

ClusterAutoscaler contains the configuration flags for the Kubernetes cluster autoscaler.

FieldDescription
scaleDownDelayAfterAdd
Kubernetes meta/v1.Duration
(Optional)

ScaleDownDelayAfterAdd defines how long after scale up that scale down evaluation resumes (default: 1 hour).

scaleDownDelayAfterDelete
Kubernetes meta/v1.Duration
(Optional)

ScaleDownDelayAfterDelete how long after node deletion that scale down evaluation resumes, defaults to scanInterval (default: 0 secs).

scaleDownDelayAfterFailure
Kubernetes meta/v1.Duration
(Optional)

ScaleDownDelayAfterFailure how long after scale down failure that scale down evaluation resumes (default: 3 mins).

scaleDownUnneededTime
Kubernetes meta/v1.Duration
(Optional)

ScaleDownUnneededTime defines how long a node should be unneeded before it is eligible for scale down (default: 30 mins).

scaleDownUtilizationThreshold
float64
(Optional)

ScaleDownUtilizationThreshold defines the threshold in fraction (0.0 - 1.0) under which a node is being removed (default: 0.5).

scanInterval
Kubernetes meta/v1.Duration
(Optional)

ScanInterval how often cluster is reevaluated for scale up or down (default: 10 secs).

expander
ExpanderMode
(Optional)

Expander defines the algorithm to use during scale up (default: least-waste). See: https://github.com/gardener/autoscaler/blob/machine-controller-manager-provider/cluster-autoscaler/FAQ.md#what-are-expanders.

maxNodeProvisionTime
Kubernetes meta/v1.Duration
(Optional)

MaxNodeProvisionTime defines how long CA waits for node to be provisioned (default: 20 mins).

maxGracefulTerminationSeconds
int32
(Optional)

MaxGracefulTerminationSeconds is the number of seconds CA waits for pod termination when trying to scale down a node (default: 600).

ignoreTaints
[]string
(Optional)

IgnoreTaints specifies a list of taint keys to ignore in node templates when considering to scale a node group.

Condition

(Appears on: ControllerInstallationStatus, SeedStatus, ShootStatus)

Condition holds the information about the state of a resource.

FieldDescription
type
ConditionType

Type of the condition.

status
ConditionStatus

Status of the condition, one of True, False, Unknown.

lastTransitionTime
Kubernetes meta/v1.Time

Last time the condition transitioned from one status to another.

lastUpdateTime
Kubernetes meta/v1.Time

Last time the condition was updated.

reason
string

The reason for the condition’s last transition.

message
string

A human readable message indicating details about the transition.

codes
[]ErrorCode
(Optional)

Well-defined error codes in case the condition reports a problem.

ConditionStatus (string alias)

(Appears on: Condition)

ConditionStatus is the status of a condition.

ConditionType (string alias)

(Appears on: Condition)

ConditionType is a string alias.

ContainerRuntime

(Appears on: CRI)

ContainerRuntime contains information about worker’s available container runtime

FieldDescription
type
string

Type is the type of the Container Runtime.

providerConfig
k8s.io/apimachinery/pkg/runtime.RawExtension
(Optional)

ProviderConfig is the configuration passed to container runtime resource.

ControlPlane

(Appears on: ShootSpec)

ControlPlane holds information about the general settings for the control plane of a shoot.

FieldDescription
highAvailability
HighAvailability
(Optional)

HighAvailability holds the configuration settings for high availability of the control plane of a shoot.

ControllerDeploymentPolicy (string alias)

(Appears on: ControllerRegistrationDeployment)

ControllerDeploymentPolicy is a string alias.

ControllerInstallationSpec

(Appears on: ControllerInstallation)

ControllerInstallationSpec is the specification of a ControllerInstallation.

FieldDescription
registrationRef
Kubernetes core/v1.ObjectReference

RegistrationRef is used to reference a ControllerRegistration resource. The name field of the RegistrationRef is immutable.

seedRef
Kubernetes core/v1.ObjectReference

SeedRef is used to reference a Seed resource. The name field of the SeedRef is immutable.

deploymentRef
Kubernetes core/v1.ObjectReference
(Optional)

DeploymentRef is used to reference a ControllerDeployment resource.

ControllerInstallationStatus

(Appears on: ControllerInstallation)

ControllerInstallationStatus is the status of a ControllerInstallation.

FieldDescription
conditions
[]Condition
(Optional)

Conditions represents the latest available observations of a ControllerInstallations’s current state.

providerStatus
k8s.io/apimachinery/pkg/runtime.RawExtension
(Optional)

ProviderStatus contains type-specific status.

ControllerRegistrationDeployment

(Appears on: ControllerRegistrationSpec)

ControllerRegistrationDeployment contains information for how this controller is deployed.

FieldDescription
policy
ControllerDeploymentPolicy
(Optional)

Policy controls how the controller is deployed. It defaults to ‘OnDemand’.

seedSelector
Kubernetes meta/v1.LabelSelector
(Optional)

SeedSelector contains an optional label selector for seeds. Only if the labels match then this controller will be considered for a deployment. An empty list means that all seeds are selected.

deploymentRefs
[]DeploymentRef
(Optional)

DeploymentRefs holds references to ControllerDeployments. Only one element is support now.

ControllerRegistrationSpec

(Appears on: ControllerRegistration)

ControllerRegistrationSpec is the specification of a ControllerRegistration.

FieldDescription
resources
[]ControllerResource
(Optional)

Resources is a list of combinations of kinds (DNSProvider, Infrastructure, Generic, …) and their actual types (aws-route53, gcp, auditlog, …).

deployment
ControllerRegistrationDeployment
(Optional)

Deployment contains information for how this controller is deployed.

ControllerResource

(Appears on: ControllerRegistrationSpec)

ControllerResource is a combination of a kind (DNSProvider, Infrastructure, Generic, …) and the actual type for this kind (aws-route53, gcp, auditlog, …).

FieldDescription
kind
string

Kind is the resource kind, for example “OperatingSystemConfig”.

type
string

Type is the resource type, for example “coreos” or “ubuntu”.

globallyEnabled
bool
(Optional)

GloballyEnabled determines if this ControllerResource is required by all Shoot clusters.

reconcileTimeout
Kubernetes meta/v1.Duration
(Optional)

ReconcileTimeout defines how long Gardener should wait for the resource reconciliation.

primary
bool
(Optional)

Primary determines if the controller backed by this ControllerRegistration is responsible for the extension resource’s lifecycle. This field defaults to true. There must be exactly one primary controller for this kind/type combination. This field is immutable.

CoreDNS

(Appears on: SystemComponents)

CoreDNS contains the settings of the Core DNS components running in the data plane of the Shoot cluster.

FieldDescription
autoscaling
CoreDNSAutoscaling
(Optional)

Autoscaling contains the settings related to autoscaling of the Core DNS components running in the data plane of the Shoot cluster.

rewriting
CoreDNSRewriting
(Optional)

Rewriting contains the setting related to rewriting of requests, which are obviously incorrect due to the unnecessary application of the search path.

CoreDNSAutoscaling

(Appears on: CoreDNS)

CoreDNSAutoscaling contains the settings related to autoscaling of the Core DNS components running in the data plane of the Shoot cluster.

FieldDescription
mode
CoreDNSAutoscalingMode

The mode of the autoscaling to be used for the Core DNS components running in the data plane of the Shoot cluster. Supported values are horizontal and cluster-proportional.

CoreDNSAutoscalingMode (string alias)

(Appears on: CoreDNSAutoscaling)

CoreDNSAutoscalingMode is a type alias for the Core DNS autoscaling mode string.

CoreDNSRewriting

(Appears on: CoreDNS)

CoreDNSRewriting contains the setting related to rewriting requests, which are obviously incorrect due to the unnecessary application of the search path.

FieldDescription
commonSuffixes
[]string
(Optional)

CommonSuffixes are expected to be the suffix of a fully qualified domain name. Each suffix should contain at least one or two dots (‘.’) to prevent accidental clashes.

DNS

(Appears on: ShootSpec)

DNS holds information about the provider, the hosted zone id and the domain.

FieldDescription
domain
string
(Optional)

Domain is the external available domain of the Shoot cluster. This domain will be written into the kubeconfig that is handed out to end-users. This field is immutable.

providers
[]DNSProvider
(Optional)

Providers is a list of DNS providers that shall be enabled for this shoot cluster. Only relevant if not a default domain is used.

DNSIncludeExclude

(Appears on: DNSProvider, SeedDNSProvider)

DNSIncludeExclude contains information about which domains shall be included/excluded.

FieldDescription
include
[]string
(Optional)

Include is a list of domains that shall be included.

exclude
[]string
(Optional)

Exclude is a list of domains that shall be excluded.

DNSProvider

(Appears on: DNS)

DNSProvider contains information about a DNS provider.

FieldDescription
domains
DNSIncludeExclude
(Optional)

Domains contains information about which domains shall be included/excluded for this provider.

primary
bool
(Optional)

Primary indicates that this DNSProvider is used for shoot related domains.

secretName
string
(Optional)

SecretName is a name of a secret containing credentials for the stated domain and the provider. When not specified, the Gardener will use the cloud provider credentials referenced by the Shoot and try to find respective credentials there (primary provider only). Specifying this field may override this behavior, i.e. forcing the Gardener to only look into the given secret.

type
string
(Optional)

Type is the DNS provider type.

zones
DNSIncludeExclude
(Optional)

Zones contains information about which hosted zones shall be included/excluded for this provider.

DataVolume

(Appears on: Worker)

DataVolume contains information about a data volume.

FieldDescription
name
string

Name of the volume to make it referencable.

type
string
(Optional)

Type is the type of the volume.

size
string

VolumeSize is the size of the volume.

encrypted
bool
(Optional)

Encrypted determines if the volume should be encrypted.

DeploymentRef

(Appears on: ControllerRegistrationDeployment)

DeploymentRef contains information about ControllerDeployment references.

FieldDescription
name
string

Name is the name of the ControllerDeployment that is being referred to.

ErrorCode (string alias)

(Appears on: Condition, LastError)

ErrorCode is a string alias.

ExpanderMode (string alias)

(Appears on: ClusterAutoscaler)

ExpanderMode is type used for Expander values

ExpirableVersion

(Appears on: KubernetesSettings, MachineImageVersion)

ExpirableVersion contains a version and an expiration date.

FieldDescription
version
string

Version is the version identifier.

expirationDate
Kubernetes meta/v1.Time
(Optional)

ExpirationDate defines the time at which this version expires.

classification
VersionClassification
(Optional)

Classification defines the state of a version (preview, supported, deprecated)

Extension

(Appears on: ShootSpec)

Extension contains type and provider information for Shoot extensions.

FieldDescription
type
string

Type is the type of the extension resource.

providerConfig
k8s.io/apimachinery/pkg/runtime.RawExtension
(Optional)

ProviderConfig is the configuration passed to extension resource.

disabled
bool
(Optional)

Disabled allows to disable extensions that were marked as ‘globally enabled’ by Gardener administrators.

FailureTolerance

(Appears on: HighAvailability)

FailureTolerance describes information about failure tolerance level of a highly available resource.

FieldDescription
type
FailureToleranceType

Type specifies the type of failure that the highly available resource can tolerate

FailureToleranceType (string alias)

(Appears on: FailureTolerance)

FailureToleranceType specifies the type of failure that a highly available shoot control plane that can tolerate.

Gardener

(Appears on: SeedStatus, ShootStatus)

Gardener holds the information about the Gardener version that operated a resource.

FieldDescription
id
string

ID is the Docker container id of the Gardener which last acted on a resource.

name
string

Name is the hostname (pod name) of the Gardener which last acted on a resource.

version
string

Version is the version of the Gardener which last acted on a resource.

Hibernation

(Appears on: ShootSpec)

Hibernation contains information whether the Shoot is suspended or not.

FieldDescription
enabled
bool
(Optional)

Enabled specifies whether the Shoot needs to be hibernated or not. If it is true, the Shoot’s desired state is to be hibernated. If it is false or nil, the Shoot’s desired state is to be awakened.

schedules
[]HibernationSchedule
(Optional)

Schedules determine the hibernation schedules.

HibernationSchedule

(Appears on: Hibernation)

HibernationSchedule determines the hibernation schedule of a Shoot. A Shoot will be regularly hibernated at each start time and will be woken up at each end time. Start or End can be omitted, though at least one of each has to be specified.

FieldDescription
start
string
(Optional)

Start is a Cron spec at which time a Shoot will be hibernated.

end
string
(Optional)

End is a Cron spec at which time a Shoot will be woken up.

location
string
(Optional)

Location is the time location in which both start and and shall be evaluated.

HighAvailability

(Appears on: ControlPlane)

HighAvailability specifies the configuration settings for high availability for a resource. Typical usages could be to configure HA for shoot control plane or for seed system components.

FieldDescription
failureTolerance
FailureTolerance

FailureTolerance holds information about failure tolerance level of a highly available resource.

HorizontalPodAutoscalerConfig

(Appears on: KubeControllerManagerConfig)

HorizontalPodAutoscalerConfig contains horizontal pod autoscaler configuration settings for the kube-controller-manager. Note: Descriptions were taken from the Kubernetes documentation.

FieldDescription
cpuInitializationPeriod
Kubernetes meta/v1.Duration
(Optional)

The period after which a ready pod transition is considered to be the first.

downscaleStabilization
Kubernetes meta/v1.Duration
(Optional)

The configurable window at which the controller will choose the highest recommendation for autoscaling.

initialReadinessDelay
Kubernetes meta/v1.Duration
(Optional)

The configurable period at which the horizontal pod autoscaler considers a Pod “not yet ready” given that it’s unready and it has transitioned to unready during that time.

syncPeriod
Kubernetes meta/v1.Duration
(Optional)

The period for syncing the number of pods in horizontal pod autoscaler.

tolerance
float64
(Optional)

The minimum change (from 1.0) in the desired-to-actual metrics ratio for the horizontal pod autoscaler to consider scaling.

Ingress

(Appears on: SeedSpec)

Ingress configures the Ingress specific settings of the Seed cluster

FieldDescription
domain
string

Domain specifies the IngressDomain of the Seed cluster pointing to the ingress controller endpoint. It will be used to construct ingress URLs for system applications running in Shoot clusters. Once set this field is immutable.

controller
IngressController

Controller configures a Gardener managed Ingress Controller listening on the ingressDomain

IngressController

(Appears on: Ingress)

IngressController enables a Gardener managed Ingress Controller listening on the ingressDomain

FieldDescription
kind
string

Kind defines which kind of IngressController to use, for example nginx

providerConfig
k8s.io/apimachinery/pkg/runtime.RawExtension
(Optional)

ProviderConfig specifies infrastructure specific configuration for the ingressController

KubeAPIServerConfig

(Appears on: Kubernetes)

KubeAPIServerConfig contains configuration settings for the kube-apiserver.

FieldDescription
KubernetesConfig
KubernetesConfig

(Members of KubernetesConfig are embedded into this type.)

admissionPlugins
[]AdmissionPlugin
(Optional)

AdmissionPlugins contains the list of user-defined admission plugins (additional to those managed by Gardener), and, if desired, the corresponding configuration.

apiAudiences
[]string
(Optional)

APIAudiences are the identifiers of the API. The service account token authenticator will validate that tokens used against the API are bound to at least one of these audiences. Defaults to [“kubernetes”].

auditConfig
AuditConfig
(Optional)

AuditConfig contains configuration settings for the audit of the kube-apiserver.

enableBasicAuthentication
bool
(Optional)

EnableBasicAuthentication defines whether basic authentication should be enabled for this cluster or not. Defaults to false. Deprecated: basic authentication has been removed in Kubernetes v1.19+. This field will be removed in a future version.

oidcConfig
OIDCConfig
(Optional)

OIDCConfig contains configuration settings for the OIDC provider.

runtimeConfig
map[string]bool
(Optional)

RuntimeConfig contains information about enabled or disabled APIs.

serviceAccountConfig
ServiceAccountConfig
(Optional)

ServiceAccountConfig contains configuration settings for the service account handling of the kube-apiserver.

watchCacheSizes
WatchCacheSizes
(Optional)

WatchCacheSizes contains configuration of the API server’s watch cache sizes. Configuring these flags might be useful for large-scale Shoot clusters with a lot of parallel update requests and a lot of watching controllers (e.g. large ManagedSeed clusters). When the API server’s watch cache’s capacity is too small to cope with the amount of update requests and watchers for a particular resource, it might happen that controller watches are permanently stopped with too old resource version errors. Starting from kubernetes v1.19, the API server’s watch cache size is adapted dynamically and setting the watch cache size flags will have no effect, except when setting it to 0 (which disables the watch cache).

requests
KubeAPIServerRequests
(Optional)

Requests contains configuration for request-specific settings for the kube-apiserver.

enableAnonymousAuthentication
bool
(Optional)

EnableAnonymousAuthentication defines whether anonymous requests to the secure port of the API server should be allowed (flag --anonymous-auth). See: https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/

eventTTL
Kubernetes meta/v1.Duration
(Optional)

EventTTL controls the amount of time to retain events. Defaults to 1h.

KubeAPIServerRequests

(Appears on: KubeAPIServerConfig)

KubeAPIServerRequests contains configuration for request-specific settings for the kube-apiserver.

FieldDescription
maxNonMutatingInflight
int32
(Optional)

MaxNonMutatingInflight is the maximum number of non-mutating requests in flight at a given time. When the server exceeds this, it rejects requests.

maxMutatingInflight
int32
(Optional)

MaxMutatingInflight is the maximum number of mutating requests in flight at a given time. When the server exceeds this, it rejects requests.

KubeControllerManagerConfig

(Appears on: Kubernetes)

KubeControllerManagerConfig contains configuration settings for the kube-controller-manager.

FieldDescription
KubernetesConfig
KubernetesConfig

(Members of KubernetesConfig are embedded into this type.)

horizontalPodAutoscaler
HorizontalPodAutoscalerConfig
(Optional)

HorizontalPodAutoscalerConfig contains horizontal pod autoscaler configuration settings for the kube-controller-manager.

nodeCIDRMaskSize
int32
(Optional)

NodeCIDRMaskSize defines the mask size for node cidr in cluster (default is 24). This field is immutable.

podEvictionTimeout
Kubernetes meta/v1.Duration
(Optional)

PodEvictionTimeout defines the grace period for deleting pods on failed nodes. Defaults to 2m.

nodeMonitorGracePeriod
Kubernetes meta/v1.Duration
(Optional)

NodeMonitorGracePeriod defines the grace period before an unresponsive node is marked unhealthy.

KubeProxyConfig

(Appears on: Kubernetes)

KubeProxyConfig contains configuration settings for the kube-proxy.

FieldDescription
KubernetesConfig
KubernetesConfig

(Members of KubernetesConfig are embedded into this type.)

mode
ProxyMode
(Optional)

Mode specifies which proxy mode to use. defaults to IPTables.

enabled
bool
(Optional)

Enabled indicates whether kube-proxy should be deployed or not. Depending on the networking extensions switching kube-proxy off might be rejected. Consulting the respective documentation of the used networking extension is recommended before using this field. defaults to true if not specified.

KubeSchedulerConfig

(Appears on: Kubernetes)

KubeSchedulerConfig contains configuration settings for the kube-scheduler.

FieldDescription
KubernetesConfig
KubernetesConfig

(Members of KubernetesConfig are embedded into this type.)

kubeMaxPDVols
string
(Optional)

KubeMaxPDVols allows to configure the KUBE_MAX_PD_VOLS environment variable for the kube-scheduler. Please find more information here: https://kubernetes.io/docs/concepts/storage/storage-limits/#custom-limits Note that using this field is considered alpha-/experimental-level and is on your own risk. You should be aware of all the side-effects and consequences when changing it.

profile
SchedulingProfile
(Optional)

Profile configures the scheduling profile for the cluster. If not specified, the used profile is “balanced” (provides the default kube-scheduler behavior).

KubeletConfig

(Appears on: Kubernetes, WorkerKubernetes)

KubeletConfig contains configuration settings for the kubelet.

FieldDescription
KubernetesConfig
KubernetesConfig

(Members of KubernetesConfig are embedded into this type.)

cpuCFSQuota
bool
(Optional)

CPUCFSQuota allows you to disable/enable CPU throttling for Pods.

cpuManagerPolicy
string
(Optional)

CPUManagerPolicy allows to set alternative CPU management policies (default: none).

evictionHard
KubeletConfigEviction
(Optional)

EvictionHard describes a set of eviction thresholds (e.g. memory.available<1Gi) that if met would trigger a Pod eviction. Default: memory.available: “100Mi/1Gi/5%” nodefs.available: “5%” nodefs.inodesFree: “5%” imagefs.available: “5%” imagefs.inodesFree: “5%”

evictionMaxPodGracePeriod
int32
(Optional)

EvictionMaxPodGracePeriod describes the maximum allowed grace period (in seconds) to use when terminating pods in response to a soft eviction threshold being met. Default: 90

evictionMinimumReclaim
KubeletConfigEvictionMinimumReclaim
(Optional)

EvictionMinimumReclaim configures the amount of resources below the configured eviction threshold that the kubelet attempts to reclaim whenever the kubelet observes resource pressure. Default: 0 for each resource

evictionPressureTransitionPeriod
Kubernetes meta/v1.Duration
(Optional)

EvictionPressureTransitionPeriod is the duration for which the kubelet has to wait before transitioning out of an eviction pressure condition. Default: 4m0s

evictionSoft
KubeletConfigEviction
(Optional)

EvictionSoft describes a set of eviction thresholds (e.g. memory.available<1.5Gi) that if met over a corresponding grace period would trigger a Pod eviction. Default: memory.available: “200Mi/1.5Gi/10%” nodefs.available: “10%” nodefs.inodesFree: “10%” imagefs.available: “10%” imagefs.inodesFree: “10%”

evictionSoftGracePeriod
KubeletConfigEvictionSoftGracePeriod
(Optional)

EvictionSoftGracePeriod describes a set of eviction grace periods (e.g. memory.available=1m30s) that correspond to how long a soft eviction threshold must hold before triggering a Pod eviction. Default: memory.available: 1m30s nodefs.available: 1m30s nodefs.inodesFree: 1m30s imagefs.available: 1m30s imagefs.inodesFree: 1m30s

maxPods
int32
(Optional)

MaxPods is the maximum number of Pods that are allowed by the Kubelet. Default: 110

podPidsLimit
int64
(Optional)

PodPIDsLimit is the maximum number of process IDs per pod allowed by the kubelet.

imagePullProgressDeadline
Kubernetes meta/v1.Duration
(Optional)

ImagePullProgressDeadline describes the time limit under which if no pulling progress is made, the image pulling will be cancelled. Default: 1m

failSwapOn
bool
(Optional)

FailSwapOn makes the Kubelet fail to start if swap is enabled on the node. (default true).

kubeReserved
KubeletConfigReserved
(Optional)

KubeReserved is the configuration for resources reserved for kubernetes node components (mainly kubelet and container runtime). When updating these values, be aware that cgroup resizes may not succeed on active worker nodes. Look for the NodeAllocatableEnforced event to determine if the configuration was applied. Default: cpu=80m,memory=1Gi,pid=20k

systemReserved
KubeletConfigReserved
(Optional)

SystemReserved is the configuration for resources reserved for system processes not managed by kubernetes (e.g. journald). When updating these values, be aware that cgroup resizes may not succeed on active worker nodes. Look for the NodeAllocatableEnforced event to determine if the configuration was applied.

imageGCHighThresholdPercent
int32
(Optional)

ImageGCHighThresholdPercent describes the percent of the disk usage which triggers image garbage collection. Default: 50

imageGCLowThresholdPercent
int32
(Optional)

ImageGCLowThresholdPercent describes the percent of the disk to which garbage collection attempts to free. Default: 40

serializeImagePulls
bool
(Optional)

SerializeImagePulls describes whether the images are pulled one at a time. Default: true

registryPullQPS
int32
(Optional)

RegistryPullQPS is the limit of registry pulls per second. The value must not be a negative number. Setting it to 0 means no limit. Default: 5

registryBurst
int32
(Optional)

RegistryBurst is the maximum size of bursty pulls, temporarily allows pulls to burst to this number, while still not exceeding registryPullQPS. The value must not be a negative number. Only used if registryPullQPS is greater than 0. Default: 10

seccompDefault
bool
(Optional)

SeccompDefault enables the use of RuntimeDefault as the default seccomp profile for all workloads. This requires the corresponding SeccompDefault feature gate to be enabled as well. This field is only available for Kubernetes v1.25 or later.

containerLogMaxSize
k8s.io/apimachinery/pkg/api/resource.Quantity
(Optional)

A quantity defines the maximum size of the container log file before it is rotated. For example: “5Mi” or “256Ki”. Default: 100Mi

containerLogMaxFiles
int32
(Optional)

Maximum number of container log files that can be present for a container.

protectKernelDefaults
bool
(Optional)

ProtectKernelDefaults ensures that the kernel tunables are equal to the kubelet defaults. Defaults to true for Kubernetes v1.26 or later.

streamingConnectionIdleTimeout
Kubernetes meta/v1.Duration
(Optional)

StreamingConnectionIdleTimeout is the maximum time a streaming connection can be idle before the connection is automatically closed. This field cannot be set lower than “30s” or greater than “4h”. Default: “4h” for Kubernetes < v1.26. “5m” for Kubernetes >= v1.26.

KubeletConfigEviction

(Appears on: KubeletConfig)

KubeletConfigEviction contains kubelet eviction thresholds supporting either a resource.Quantity or a percentage based value.

FieldDescription
memoryAvailable
string
(Optional)

MemoryAvailable is the threshold for the free memory on the host server.

imageFSAvailable
string
(Optional)

ImageFSAvailable is the threshold for the free disk space in the imagefs filesystem (docker images and container writable layers).

imageFSInodesFree
string
(Optional)

ImageFSInodesFree is the threshold for the available inodes in the imagefs filesystem.

nodeFSAvailable
string
(Optional)

NodeFSAvailable is the threshold for the free disk space in the nodefs filesystem (docker volumes, logs, etc).

nodeFSInodesFree
string
(Optional)

NodeFSInodesFree is the threshold for the available inodes in the nodefs filesystem.

KubeletConfigEvictionMinimumReclaim

(Appears on: KubeletConfig)

KubeletConfigEvictionMinimumReclaim contains configuration for the kubelet eviction minimum reclaim.

FieldDescription
memoryAvailable
k8s.io/apimachinery/pkg/api/resource.Quantity
(Optional)

MemoryAvailable is the threshold for the memory reclaim on the host server.

imageFSAvailable
k8s.io/apimachinery/pkg/api/resource.Quantity
(Optional)

ImageFSAvailable is the threshold for the disk space reclaim in the imagefs filesystem (docker images and container writable layers).

imageFSInodesFree
k8s.io/apimachinery/pkg/api/resource.Quantity
(Optional)

ImageFSInodesFree is the threshold for the inodes reclaim in the imagefs filesystem.

nodeFSAvailable
k8s.io/apimachinery/pkg/api/resource.Quantity
(Optional)

NodeFSAvailable is the threshold for the disk space reclaim in the nodefs filesystem (docker volumes, logs, etc).

nodeFSInodesFree
k8s.io/apimachinery/pkg/api/resource.Quantity
(Optional)

NodeFSInodesFree is the threshold for the inodes reclaim in the nodefs filesystem.

KubeletConfigEvictionSoftGracePeriod

(Appears on: KubeletConfig)

KubeletConfigEvictionSoftGracePeriod contains grace periods for kubelet eviction thresholds.

FieldDescription
memoryAvailable
Kubernetes meta/v1.Duration
(Optional)

MemoryAvailable is the grace period for the MemoryAvailable eviction threshold.

imageFSAvailable
Kubernetes meta/v1.Duration
(Optional)

ImageFSAvailable is the grace period for the ImageFSAvailable eviction threshold.

imageFSInodesFree
Kubernetes meta/v1.Duration
(Optional)

ImageFSInodesFree is the grace period for the ImageFSInodesFree eviction threshold.

nodeFSAvailable
Kubernetes meta/v1.Duration
(Optional)

NodeFSAvailable is the grace period for the NodeFSAvailable eviction threshold.

nodeFSInodesFree
Kubernetes meta/v1.Duration
(Optional)

NodeFSInodesFree is the grace period for the NodeFSInodesFree eviction threshold.

KubeletConfigReserved

(Appears on: KubeletConfig)

KubeletConfigReserved contains reserved resources for daemons

FieldDescription
cpu
k8s.io/apimachinery/pkg/api/resource.Quantity
(Optional)

CPU is the reserved cpu.

memory
k8s.io/apimachinery/pkg/api/resource.Quantity
(Optional)

Memory is the reserved memory.

ephemeralStorage
k8s.io/apimachinery/pkg/api/resource.Quantity
(Optional)

EphemeralStorage is the reserved ephemeral-storage.

pid
k8s.io/apimachinery/pkg/api/resource.Quantity
(Optional)

PID is the reserved process-ids.

Kubernetes

(Appears on: ShootSpec)

Kubernetes contains the version and configuration variables for the Shoot control plane.

FieldDescription
allowPrivilegedContainers
bool
(Optional)

AllowPrivilegedContainers indicates whether privileged containers are allowed in the Shoot. Defaults to true for Kubernetes versions below v1.25. Unusable for Kubernetes versions v1.25 and higher.

clusterAutoscaler
ClusterAutoscaler
(Optional)

ClusterAutoscaler contains the configuration flags for the Kubernetes cluster autoscaler.

kubeAPIServer
KubeAPIServerConfig
(Optional)

KubeAPIServer contains configuration settings for the kube-apiserver.

kubeControllerManager
KubeControllerManagerConfig
(Optional)

KubeControllerManager contains configuration settings for the kube-controller-manager.

kubeScheduler
KubeSchedulerConfig
(Optional)

KubeScheduler contains configuration settings for the kube-scheduler.

kubeProxy
KubeProxyConfig
(Optional)

KubeProxy contains configuration settings for the kube-proxy.

kubelet
KubeletConfig
(Optional)

Kubelet contains configuration settings for the kubelet.

version
string

Version is the semantic Kubernetes version to use for the Shoot cluster.

verticalPodAutoscaler
VerticalPodAutoscaler
(Optional)

VerticalPodAutoscaler contains the configuration flags for the Kubernetes vertical pod autoscaler.

enableStaticTokenKubeconfig
bool
(Optional)

EnableStaticTokenKubeconfig indicates whether static token kubeconfig secret should be present in garden cluster (default: true).

KubernetesConfig

(Appears on: KubeAPIServerConfig, KubeControllerManagerConfig, KubeProxyConfig, KubeSchedulerConfig, KubeletConfig)

KubernetesConfig contains common configuration fields for the control plane components.

FieldDescription
featureGates
map[string]bool
(Optional)

FeatureGates contains information about enabled feature gates.

KubernetesDashboard

(Appears on: Addons)

KubernetesDashboard describes configuration values for the kubernetes-dashboard addon.

FieldDescription
Addon
Addon

(Members of Addon are embedded into this type.)

authenticationMode
string
(Optional)

AuthenticationMode defines the authentication mode for the kubernetes-dashboard.

KubernetesSettings

(Appears on: CloudProfileSpec)

KubernetesSettings contains constraints regarding allowed values of the ‘kubernetes’ block in the Shoot specification.

FieldDescription
versions
[]ExpirableVersion
(Optional)

Versions is the list of allowed Kubernetes versions with optional expiration dates for Shoot clusters.

LastError

(Appears on: BackupBucketStatus, BackupEntryStatus, ShootStatus)

LastError indicates the last occurred error for an operation on a resource.

FieldDescription
description
string

A human readable message indicating details about the last error.

taskID
string
(Optional)

ID of the task which caused this last error

codes
[]ErrorCode
(Optional)

Well-defined error codes of the last error(s).

lastUpdateTime
Kubernetes meta/v1.Time
(Optional)

Last time the error was reported

LastOperation

(Appears on: BackupBucketStatus, BackupEntryStatus, ShootStatus)

LastOperation indicates the type and the state of the last operation, along with a description message and a progress indicator.

FieldDescription
description
string

A human readable message indicating details about the last operation.

lastUpdateTime
Kubernetes meta/v1.Time

Last time the operation state transitioned from one to another.

progress
int32

The progress in percentage (0-100) of the last operation.

state
LastOperationState

Status of the last operation, one of Aborted, Processing, Succeeded, Error, Failed.

type
LastOperationType

Type of the last operation, one of Create, Reconcile, Delete, Migrate, Restore.

LastOperationState (string alias)

(Appears on: LastOperation)

LastOperationState is a string alias.

LastOperationType (string alias)

(Appears on: LastOperation)

LastOperationType is a string alias.

Machine

(Appears on: Worker)

Machine contains information about the machine type and image.

FieldDescription
type
string

Type is the machine type of the worker group.

image
ShootMachineImage
(Optional)

Image holds information about the machine image to use for all nodes of this pool. It will default to the latest version of the first image stated in the referenced CloudProfile if no value has been provided.

architecture
string
(Optional)

Architecture is CPU architecture of machines in this worker pool.

MachineControllerManagerSettings

(Appears on: Worker)

MachineControllerManagerSettings contains configurations for different worker-pools. Eg. MachineDrainTimeout, MachineHealthTimeout.

FieldDescription
machineDrainTimeout
Kubernetes meta/v1.Duration
(Optional)

MachineDrainTimeout is the period after which machine is forcefully deleted.

machineHealthTimeout
Kubernetes meta/v1.Duration
(Optional)

MachineHealthTimeout is the period after which machine is declared failed.

machineCreationTimeout
Kubernetes meta/v1.Duration
(Optional)

MachineCreationTimeout is the period after which creation of the machine is declared failed.

maxEvictRetries
int32
(Optional)

MaxEvictRetries are the number of eviction retries on a pod after which drain is declared failed, and forceful deletion is triggered.

nodeConditions
[]string
(Optional)

NodeConditions are the set of conditions if set to true for the period of MachineHealthTimeout, machine will be declared failed.

MachineImage

(Appears on: CloudProfileSpec)

MachineImage defines the name and multiple versions of the machine image in any environment.

FieldDescription
name
string

Name is the name of the image.

versions
[]MachineImageVersion

Versions contains versions, expiration dates and container runtimes of the machine image

MachineImageVersion

(Appears on: MachineImage)

MachineImageVersion is an expirable version with list of supported container runtimes and interfaces

FieldDescription
ExpirableVersion
ExpirableVersion

(Members of ExpirableVersion are embedded into this type.)

cri
[]CRI
(Optional)

CRI list of supported container runtime and interfaces supported by this version

architectures
[]string
(Optional)

Architectures is the list of CPU architectures of the machine image in this version.

MachineType

(Appears on: CloudProfileSpec)

MachineType contains certain properties of a machine type.

FieldDescription
cpu
k8s.io/apimachinery/pkg/api/resource.Quantity

CPU is the number of CPUs for this machine type.

gpu
k8s.io/apimachinery/pkg/api/resource.Quantity

GPU is the number of GPUs for this machine type.

memory
k8s.io/apimachinery/pkg/api/resource.Quantity

Memory is the amount of memory for this machine type.

name
string

Name is the name of the machine type.

storage
MachineTypeStorage
(Optional)

Storage is the amount of storage associated with the root volume of this machine type.

usable
bool
(Optional)

Usable defines if the machine type can be used for shoot clusters.

architecture
string
(Optional)

Architecture is the CPU architecture of this machine type.

MachineTypeStorage

(Appears on: MachineType)

MachineTypeStorage is the amount of storage associated with the root volume of this machine type.

FieldDescription
class
string

Class is the class of the storage type.

size
k8s.io/apimachinery/pkg/api/resource.Quantity
(Optional)

StorageSize is the storage size.

type
string

Type is the type of the storage.

minSize
k8s.io/apimachinery/pkg/api/resource.Quantity
(Optional)

MinSize is the minimal supported storage size. This overrides any other common minimum size configuration from spec.volumeTypes[*].minSize.

Maintenance

(Appears on: ShootSpec)

Maintenance contains information about the time window for maintenance operations and which operations should be performed.

FieldDescription
autoUpdate
MaintenanceAutoUpdate
(Optional)

AutoUpdate contains information about which constraints should be automatically updated.

timeWindow
MaintenanceTimeWindow
(Optional)

TimeWindow contains information about the time window for maintenance operations.

confineSpecUpdateRollout
bool
(Optional)

ConfineSpecUpdateRollout prevents that changes/updates to the shoot specification will be rolled out immediately. Instead, they are rolled out during the shoot’s maintenance time window. There is one exception that will trigger an immediate roll out which is changes to the Spec.Hibernation.Enabled field.

MaintenanceAutoUpdate

(Appears on: Maintenance)

MaintenanceAutoUpdate contains information about which constraints should be automatically updated.

FieldDescription
kubernetesVersion
bool

KubernetesVersion indicates whether the patch Kubernetes version may be automatically updated (default: true).

machineImageVersion
bool

MachineImageVersion indicates whether the machine image version may be automatically updated (default: true).

MaintenanceTimeWindow

(Appears on: Maintenance)

MaintenanceTimeWindow contains information about the time window for maintenance operations.

FieldDescription
begin
string

Begin is the beginning of the time window in the format HHMMSS+ZONE, e.g. “220000+0100”. If not present, a random value will be computed.

end
string

End is the end of the time window in the format HHMMSS+ZONE, e.g. “220000+0100”. If not present, the value will be computed based on the “Begin” value.

Monitoring

(Appears on: ShootSpec)

Monitoring contains information about the monitoring configuration for the shoot.

FieldDescription
alerting
Alerting
(Optional)

Alerting contains information about the alerting configuration for the shoot cluster.

NamedResourceReference

(Appears on: ShootSpec)

NamedResourceReference is a named reference to a resource.

FieldDescription
name
string

Name of the resource reference.

resourceRef
Kubernetes autoscaling/v1.CrossVersionObjectReference

ResourceRef is a reference to a resource.

Networking

(Appears on: ShootSpec)

Networking defines networking parameters for the shoot cluster.

FieldDescription
type
string

Type identifies the type of the networking plugin. This field is immutable.

providerConfig
k8s.io/apimachinery/pkg/runtime.RawExtension
(Optional)

ProviderConfig is the configuration passed to network resource.

pods
string
(Optional)

Pods is the CIDR of the pod network. This field is immutable.

nodes
string
(Optional)

Nodes is the CIDR of the entire node network. This field is immutable.

services
string
(Optional)

Services is the CIDR of the service network. This field is immutable.

NginxIngress

(Appears on: Addons)

NginxIngress describes configuration values for the nginx-ingress addon.

FieldDescription
Addon
Addon

(Members of Addon are embedded into this type.)

loadBalancerSourceRanges
[]string
(Optional)

LoadBalancerSourceRanges is list of allowed IP sources for NginxIngress

config
map[string]string
(Optional)

Config contains custom configuration for the nginx-ingress-controller configuration. See https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/configmap.md#configuration-options

externalTrafficPolicy
Kubernetes core/v1.ServiceExternalTrafficPolicyType
(Optional)

ExternalTrafficPolicy controls the .spec.externalTrafficPolicy value of the load balancer Service exposing the nginx-ingress. Defaults to Cluster.

NodeLocalDNS

(Appears on: SystemComponents)

NodeLocalDNS contains the settings of the node local DNS components running in the data plane of the Shoot cluster.

FieldDescription
enabled
bool

Enabled indicates whether node local DNS is enabled or not.

forceTCPToClusterDNS
bool
(Optional)

ForceTCPToClusterDNS indicates whether the connection from the node local DNS to the cluster DNS (Core DNS) will be forced to TCP or not. Default, if unspecified, is to enforce TCP.

forceTCPToUpstreamDNS
bool
(Optional)

ForceTCPToUpstreamDNS indicates whether the connection from the node local DNS to the upstream DNS (infrastructure DNS) will be forced to TCP or not. Default, if unspecified, is to enforce TCP.

disableForwardToUpstreamDNS
bool
(Optional)

DisableForwardToUpstreamDNS indicates whether requests from node local DNS to upstream DNS should be disabled. Default, if unspecified, is to forward requests for external domains to upstream DNS

OIDCConfig

(Appears on: KubeAPIServerConfig)

OIDCConfig contains configuration settings for the OIDC provider. Note: Descriptions were taken from the Kubernetes documentation.

FieldDescription
caBundle
string
(Optional)

If set, the OpenID server’s certificate will be verified by one of the authorities in the oidc-ca-file, otherwise the host’s root CA set will be used.

clientAuthentication
OpenIDConnectClientAuthentication
(Optional)

ClientAuthentication can optionally contain client configuration used for kubeconfig generation.

clientID
string
(Optional)

The client ID for the OpenID Connect client, must be set if oidc-issuer-url is set.

groupsClaim
string
(Optional)

If provided, the name of a custom OpenID Connect claim for specifying user groups. The claim value is expected to be a string or array of strings. This flag is experimental, please see the authentication documentation for further details.

groupsPrefix
string
(Optional)

If provided, all groups will be prefixed with this value to prevent conflicts with other authentication strategies.

issuerURL
string
(Optional)

The URL of the OpenID issuer, only HTTPS scheme will be accepted. If set, it will be used to verify the OIDC JSON Web Token (JWT).

requiredClaims
map[string]string
(Optional)

key=value pairs that describes a required claim in the ID Token. If set, the claim is verified to be present in the ID Token with a matching value.

signingAlgs
[]string
(Optional)

List of allowed JOSE asymmetric signing algorithms. JWTs with a ‘alg’ header value not in this list will be rejected. Values are defined by RFC 7518 https://tools.ietf.org/html/rfc7518#section-3.1

usernameClaim
string
(Optional)

The OpenID claim to use as the user name. Note that claims other than the default (‘sub’) is not guaranteed to be unique and immutable. This flag is experimental, please see the authentication documentation for further details. (default “sub”)

usernamePrefix
string
(Optional)

If provided, all usernames will be prefixed with this value. If not provided, username claims other than ‘email’ are prefixed by the issuer URL to avoid clashes. To skip any prefixing, provide the value ‘-’.

OpenIDConnectClientAuthentication

(Appears on: OIDCConfig)

OpenIDConnectClientAuthentication contains configuration for OIDC clients.

FieldDescription
extraConfig
map[string]string
(Optional)

Extra configuration added to kubeconfig’s auth-provider. Must not be any of idp-issuer-url, client-id, client-secret, idp-certificate-authority, idp-certificate-authority-data, id-token or refresh-token

secret
string
(Optional)

The client Secret for the OpenID Connect client.

ProjectMember

(Appears on: ProjectSpec)

ProjectMember is a member of a project.

FieldDescription
Subject
Kubernetes rbac/v1.Subject

(Members of Subject are embedded into this type.)

Subject is representing a user name, an email address, or any other identifier of a user, group, or service account that has a certain role.

role
string

Role represents the role of this member. IMPORTANT: Be aware that this field will be removed in the v1 version of this API in favor of the roles list. TODO: Remove this field in favor of the roles list in v1.

roles
[]string
(Optional)

Roles represents the list of roles of this member.

ProjectPhase (string alias)

(Appears on: ProjectStatus)

ProjectPhase is a label for the condition of a project at the current time.

ProjectSpec

(Appears on: Project)

ProjectSpec is the specification of a Project.

FieldDescription
createdBy
Kubernetes rbac/v1.Subject
(Optional)

CreatedBy is a subject representing a user name, an email address, or any other identifier of a user who created the project. This field is immutable.

description
string
(Optional)

Description is a human-readable description of what the project is used for.

owner
Kubernetes rbac/v1.Subject
(Optional)

Owner is a subject representing a user name, an email address, or any other identifier of a user owning the project. IMPORTANT: Be aware that this field will be removed in the v1 version of this API in favor of the owner role. The only way to change the owner will be by moving the owner role. In this API version the only way to change the owner is to use this field. TODO: Remove this field in favor of the owner role in v1.

purpose
string
(Optional)

Purpose is a human-readable explanation of the project’s purpose.

members
[]ProjectMember
(Optional)

Members is a list of subjects representing a user name, an email address, or any other identifier of a user, group, or service account that has a certain role.

namespace
string
(Optional)

Namespace is the name of the namespace that has been created for the Project object. A nil value means that Gardener will determine the name of the namespace. This field is immutable.

tolerations
ProjectTolerations
(Optional)

Tolerations contains the tolerations for taints on seed clusters.

ProjectStatus

(Appears on: Project)

ProjectStatus holds the most recently observed status of the project.

FieldDescription
observedGeneration
int64
(Optional)

ObservedGeneration is the most recent generation observed for this project.

phase
ProjectPhase

Phase is the current phase of the project.

staleSinceTimestamp
Kubernetes meta/v1.Time
(Optional)

StaleSinceTimestamp contains the timestamp when the project was first discovered to be stale/unused.

staleAutoDeleteTimestamp
Kubernetes meta/v1.Time
(Optional)

StaleAutoDeleteTimestamp contains the timestamp when the project will be garbage-collected/automatically deleted because it’s stale/unused.

lastActivityTimestamp
Kubernetes meta/v1.Time
(Optional)

LastActivityTimestamp contains the timestamp from the last activity performed in this project.

ProjectTolerations

(Appears on: ProjectSpec)

ProjectTolerations contains the tolerations for taints on seed clusters.

FieldDescription
defaults
[]Toleration
(Optional)

Defaults contains a list of tolerations that are added to the shoots in this project by default.

whitelist
[]Toleration
(Optional)

Whitelist contains a list of tolerations that are allowed to be added to the shoots in this project. Please note that this list may only be added by users having the spec-tolerations-whitelist verb for project resources.

Provider

(Appears on: ShootSpec)

Provider contains provider-specific information that are handed-over to the provider-specific extension controller.

FieldDescription
type
string

Type is the type of the provider. This field is immutable.

controlPlaneConfig
k8s.io/apimachinery/pkg/runtime.RawExtension
(Optional)

ControlPlaneConfig contains the provider-specific control plane config blob. Please look up the concrete definition in the documentation of your provider extension.

infrastructureConfig
k8s.io/apimachinery/pkg/runtime.RawExtension
(Optional)

InfrastructureConfig contains the provider-specific infrastructure config blob. Please look up the concrete definition in the documentation of your provider extension.

workers
[]Worker

Workers is a list of worker groups.

ProxyMode (string alias)

(Appears on: KubeProxyConfig)

ProxyMode available in Linux platform: ‘userspace’ (older, going to be EOL), ‘iptables’ (newer, faster), ‘ipvs’ (newest, better in performance and scalability). As of now only ‘iptables’ and ‘ipvs’ is supported by Gardener. In Linux platform, if the iptables proxy is selected, regardless of how, but the system’s kernel or iptables versions are insufficient, this always falls back to the userspace proxy. IPVS mode will be enabled when proxy mode is set to ‘ipvs’, and the fall back path is firstly iptables and then userspace.

QuotaSpec

(Appears on: Quota)

QuotaSpec is the specification of a Quota.

FieldDescription
clusterLifetimeDays
int32
(Optional)

ClusterLifetimeDays is the lifetime of a Shoot cluster in days before it will be terminated automatically.

metrics
Kubernetes core/v1.ResourceList

Metrics is a list of resources which will be put under constraints.

scope
Kubernetes core/v1.ObjectReference

Scope is the scope of the Quota object, either ‘project’ or ‘secret’. This field is immutable.

Region

(Appears on: CloudProfileSpec)

Region contains certain properties of a region.

FieldDescription
name
string

Name is a region name.

zones
[]AvailabilityZone
(Optional)

Zones is a list of availability zones in this region.

labels
map[string]string
(Optional)

Labels is an optional set of key-value pairs that contain certain administrator-controlled labels for this region. It can be used by Gardener administrators/operators to provide additional information about a region, e.g. wrt quality, reliability, access restrictions, etc.

ResourceWatchCacheSize

(Appears on: WatchCacheSizes)

ResourceWatchCacheSize contains configuration of the API server’s watch cache size for one specific resource.

FieldDescription
apiGroup
string
(Optional)

APIGroup is the API group of the resource for which the watch cache size should be configured. An unset value is used to specify the legacy core API (e.g. for secrets).

resource
string

Resource is the name of the resource for which the watch cache size should be configured (in lowercase plural form, e.g. secrets).

size
int32

CacheSize specifies the watch cache size that should be configured for the specified resource.

SchedulingProfile (string alias)

(Appears on: KubeSchedulerConfig)

SchedulingProfile is a string alias used for scheduling profile values.

SecretBindingProvider

(Appears on: SecretBinding)

SecretBindingProvider defines the provider type of the SecretBinding.

FieldDescription
type
string

Type is the type of the provider.

For backwards compatibility, the field can contain multiple providers separated by a comma. However the usage of single SecretBinding (hence Secret) for different cloud providers is strongly discouraged.

SeedBackup

(Appears on: SeedSpec)

SeedBackup contains the object store configuration for backups for shoot (currently only etcd).

FieldDescription
provider
string

Provider is a provider name. This field is immutable.

providerConfig
k8s.io/apimachinery/pkg/runtime.RawExtension
(Optional)

ProviderConfig is the configuration passed to BackupBucket resource.

region
string
(Optional)

Region is a region name. This field is immutable.

secretRef
Kubernetes core/v1.SecretReference

SecretRef is a reference to a Secret object containing the cloud provider credentials for the object store where backups should be stored. It should have enough privileges to manipulate the objects as well as buckets.

SeedDNS

(Appears on: SeedSpec)

SeedDNS contains DNS-relevant information about this seed cluster.

FieldDescription
ingressDomain
string
(Optional)

IngressDomain is the domain of the Seed cluster pointing to the ingress controller endpoint. It will be used to construct ingress URLs for system applications running in Shoot clusters. This field is immutable. This will be removed in the next API version and replaced by spec.ingress.domain.

provider
SeedDNSProvider
(Optional)

Provider configures a DNSProvider

SeedDNSProvider

(Appears on: SeedDNS)

SeedDNSProvider configures a DNSProvider for Seeds

FieldDescription
type
string

Type describes the type of the dns-provider, for example aws-route53

secretRef
Kubernetes core/v1.SecretReference

SecretRef is a reference to a Secret object containing cloud provider credentials used for registering external domains.

domains
DNSIncludeExclude
(Optional)

Domains contains information about which domains shall be included/excluded for this provider.

zones
DNSIncludeExclude
(Optional)

Zones contains information about which hosted zones shall be included/excluded for this provider.

SeedNetworks

(Appears on: SeedSpec)

SeedNetworks contains CIDRs for the pod, service and node networks of a Kubernetes cluster.

FieldDescription
nodes
string
(Optional)

Nodes is the CIDR of the node network. This field is immutable.

pods
string

Pods is the CIDR of the pod network. This field is immutable.

services
string

Services is the CIDR of the service network. This field is immutable.

shootDefaults
ShootNetworks
(Optional)

ShootDefaults contains the default networks CIDRs for shoots.

blockCIDRs
[]string
(Optional)

BlockCIDRs is a list of network addresses that should be blocked for shoot control plane components running in the seed cluster.

SeedProvider

(Appears on: SeedSpec)

SeedProvider defines the provider-specific information of this Seed cluster.

FieldDescription
type
string

Type is the name of the provider.

providerConfig
k8s.io/apimachinery/pkg/runtime.RawExtension
(Optional)

ProviderConfig is the configuration passed to Seed resource.

region
string

Region is a name of a region.

zones
[]string
(Optional)

Zones is the list of availability zones the seed cluster is deployed to.

SeedSelector

(Appears on: CloudProfileSpec, ShootSpec)

SeedSelector contains constraints for selecting seed to be usable for shoots using a profile

FieldDescription
LabelSelector
Kubernetes meta/v1.LabelSelector

(Members of LabelSelector are embedded into this type.)

(Optional)

LabelSelector is optional and can be used to select seeds by their label settings

providerTypes
[]string
(Optional)

Providers is optional and can be used by restricting seeds by their provider type. ‘*’ can be used to enable seeds regardless of their provider type.

SeedSettingDependencyWatchdog

(Appears on: SeedSettings)

SeedSettingDependencyWatchdog controls the dependency-watchdog settings for the seed.

FieldDescription
endpoint
SeedSettingDependencyWatchdogEndpoint
(Optional)

Endpoint controls the endpoint settings for the dependency-watchdog for the seed.

probe
SeedSettingDependencyWatchdogProbe
(Optional)

Probe controls the probe settings for the dependency-watchdog for the seed.

SeedSettingDependencyWatchdogEndpoint

(Appears on: SeedSettingDependencyWatchdog)

SeedSettingDependencyWatchdogEndpoint controls the endpoint settings for the dependency-watchdog for the seed.

FieldDescription
enabled
bool

Enabled controls whether the endpoint controller of the dependency-watchdog should be enabled. This controller helps to alleviate the delay where control plane components remain unavailable by finding the respective pods in CrashLoopBackoff status and restarting them once their dependants become ready and available again.

SeedSettingDependencyWatchdogProbe

(Appears on: SeedSettingDependencyWatchdog)

SeedSettingDependencyWatchdogProbe controls the probe settings for the dependency-watchdog for the seed.

FieldDescription
enabled
bool

Enabled controls whether the probe controller of the dependency-watchdog should be enabled. This controller scales down the kube-controller-manager of shoot clusters in case their respective kube-apiserver is not reachable via its external ingress in order to avoid melt-down situations.

SeedSettingExcessCapacityReservation

(Appears on: SeedSettings)

SeedSettingExcessCapacityReservation controls the excess capacity reservation for shoot control planes in the seed.

FieldDescription
enabled
bool

Enabled controls whether the excess capacity reservation should be enabled.

SeedSettingLoadBalancerServices

(Appears on: SeedSettings)

SeedSettingLoadBalancerServices controls certain settings for services of type load balancer that are created in the seed.

FieldDescription
annotations
map[string]string
(Optional)

Annotations is a map of annotations that will be injected/merged into every load balancer service object.

SeedSettingOwnerChecks

(Appears on: SeedSettings)

SeedSettingOwnerChecks controls certain owner checks settings for shoots scheduled on this seed.

FieldDescription
enabled
bool

Enabled controls whether owner checks are enabled for shoots scheduled on this seed. It is enabled by default because it is a prerequisite for control plane migration.

SeedSettingScheduling

(Appears on: SeedSettings)

SeedSettingScheduling controls settings for scheduling decisions for the seed.

FieldDescription
visible
bool

Visible controls whether the gardener-scheduler shall consider this seed when scheduling shoots. Invisible seeds are not considered by the scheduler.

SeedSettingShootDNS

(Appears on: SeedSettings)

SeedSettingShootDNS controls the shoot DNS settings for the seed.

FieldDescription
enabled
bool

Enabled controls whether the DNS for shoot clusters should be enabled. When disabled then all shoots using the seed won’t get any DNS providers, DNS records, and no DNS extension controller is required to be installed here. This is useful for environments where DNS is not required.

SeedSettingVerticalPodAutoscaler

(Appears on: SeedSettings)

SeedSettingVerticalPodAutoscaler controls certain settings for the vertical pod autoscaler components deployed in the seed.

FieldDescription
enabled
bool

Enabled controls whether the VPA components shall be deployed into the garden namespace in the seed cluster. It is enabled by default because Gardener heavily relies on a VPA being deployed. You should only disable this if your seed cluster already has another, manually/custom managed VPA deployment.

SeedSettings

(Appears on: SeedSpec)

SeedSettings contains certain settings for this seed cluster.

FieldDescription
excessCapacityReservation
SeedSettingExcessCapacityReservation
(Optional)

ExcessCapacityReservation controls the excess capacity reservation for shoot control planes in the seed.

scheduling
SeedSettingScheduling
(Optional)

Scheduling controls settings for scheduling decisions for the seed.

shootDNS
SeedSettingShootDNS
(Optional)

ShootDNS controls the shoot DNS settings for the seed. Deprecated: This field is deprecated and will be removed in a future version of Gardener. Do not use it.

loadBalancerServices
SeedSettingLoadBalancerServices
(Optional)

LoadBalancerServices controls certain settings for services of type load balancer that are created in the seed.

verticalPodAutoscaler
SeedSettingVerticalPodAutoscaler
(Optional)

VerticalPodAutoscaler controls certain settings for the vertical pod autoscaler components deployed in the seed.

ownerChecks
SeedSettingOwnerChecks
(Optional)

SeedSettingOwnerChecks controls certain owner checks settings for shoots scheduled on this seed.

dependencyWatchdog
SeedSettingDependencyWatchdog
(Optional)

DependencyWatchdog controls certain settings for the dependency-watchdog components deployed in the seed.

SeedSpec

(Appears on: Seed, SeedTemplate)

SeedSpec is the specification of a Seed.

FieldDescription
backup
SeedBackup
(Optional)

Backup holds the object store configuration for the backups of shoot (currently only etcd). If it is not specified, then there won’t be any backups taken for shoots associated with this seed. If backup field is present in seed, then backups of the etcd from shoot control plane will be stored under the configured object store.

dns
SeedDNS

DNS contains DNS-relevant information about this seed cluster.

networks
SeedNetworks

Networks defines the pod, service and worker network of the Seed cluster.

provider
SeedProvider

Provider defines the provider type and region for this Seed cluster.

secretRef
Kubernetes core/v1.SecretReference
(Optional)

SecretRef is a reference to a Secret object containing the Kubeconfig of the Kubernetes cluster to be registered as Seed.

taints
[]SeedTaint
(Optional)

Taints describes taints on the seed.

volume
SeedVolume
(Optional)

Volume contains settings for persistentvolumes created in the seed cluster.

settings
SeedSettings
(Optional)

Settings contains certain settings for this seed cluster.

ingress
Ingress
(Optional)

Ingress configures Ingress specific settings of the Seed cluster. This field is immutable.

SeedStatus

(Appears on: Seed)

SeedStatus is the status of a Seed.

FieldDescription
gardener
Gardener
(Optional)

Gardener holds information about the Gardener which last acted on the Shoot.

kubernetesVersion
string
(Optional)

KubernetesVersion is the Kubernetes version of the seed cluster.

conditions
[]Condition
(Optional)

Conditions represents the latest available observations of a Seed’s current state.

observedGeneration
int64
(Optional)

ObservedGeneration is the most recent generation observed for this Seed. It corresponds to the Seed’s generation, which is updated on mutation by the API Server.

clusterIdentity
string
(Optional)

ClusterIdentity is the identity of the Seed cluster. This field is immutable.

capacity
Kubernetes core/v1.ResourceList
(Optional)

Capacity represents the total resources of a seed.

allocatable
Kubernetes core/v1.ResourceList
(Optional)

Allocatable represents the resources of a seed that are available for scheduling. Defaults to Capacity.

clientCertificateExpirationTimestamp
Kubernetes meta/v1.Time
(Optional)

ClientCertificateExpirationTimestamp is the timestamp at which gardenlet’s client certificate expires.

SeedTaint

(Appears on: SeedSpec)

SeedTaint describes a taint on a seed.

FieldDescription
key
string

Key is the taint key to be applied to a seed.

value
string
(Optional)

Value is the taint value corresponding to the taint key.

SeedTemplate

SeedTemplate is a template for creating a Seed object.

FieldDescription
metadata
Kubernetes meta/v1.ObjectMeta
(Optional)

Standard object metadata.

Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
SeedSpec
(Optional)

Specification of the desired behavior of the Seed.



backup
SeedBackup
(Optional)

Backup holds the object store configuration for the backups of shoot (currently only etcd). If it is not specified, then there won’t be any backups taken for shoots associated with this seed. If backup field is present in seed, then backups of the etcd from shoot control plane will be stored under the configured object store.

dns
SeedDNS

DNS contains DNS-relevant information about this seed cluster.

networks
SeedNetworks

Networks defines the pod, service and worker network of the Seed cluster.

provider
SeedProvider

Provider defines the provider type and region for this Seed cluster.

secretRef
Kubernetes core/v1.SecretReference
(Optional)

SecretRef is a reference to a Secret object containing the Kubeconfig of the Kubernetes cluster to be registered as Seed.

taints
[]SeedTaint
(Optional)

Taints describes taints on the seed.

volume
SeedVolume
(Optional)

Volume contains settings for persistentvolumes created in the seed cluster.

settings
SeedSettings
(Optional)

Settings contains certain settings for this seed cluster.

ingress
Ingress
(Optional)

Ingress configures Ingress specific settings of the Seed cluster. This field is immutable.

SeedVolume

(Appears on: SeedSpec)

SeedVolume contains settings for persistentvolumes created in the seed cluster.

FieldDescription
minimumSize
k8s.io/apimachinery/pkg/api/resource.Quantity
(Optional)

MinimumSize defines the minimum size that should be used for PVCs in the seed.

providers
[]SeedVolumeProvider
(Optional)

Providers is a list of storage class provisioner types for the seed.

SeedVolumeProvider

(Appears on: SeedVolume)

SeedVolumeProvider is a storage class provisioner type.

FieldDescription
purpose
string

Purpose is the purpose of this provider.

name
string

Name is the name of the storage class provisioner type.

ServiceAccountConfig

(Appears on: KubeAPIServerConfig)

ServiceAccountConfig is the kube-apiserver configuration for service accounts.

FieldDescription
issuer
string
(Optional)

Issuer is the identifier of the service account token issuer. The issuer will assert this identifier in “iss” claim of issued tokens. This value is used to generate new service account tokens. This value is a string or URI. Defaults to URI of the API server.

signingKeySecretName
Kubernetes core/v1.LocalObjectReference
(Optional)

SigningKeySecret is a reference to a secret that contains an optional private key of the service account token issuer. The issuer will sign issued ID tokens with this private key. Only useful if service account tokens are also issued by another external system. Deprecated: This field is deprecated and will be removed in a future version of Gardener. Do not use it.

extendTokenExpiration
bool
(Optional)

ExtendTokenExpiration turns on projected service account expiration extension during token generation, which helps safe transition from legacy token to bound service account token feature. If this flag is enabled, admission injected tokens would be extended up to 1 year to prevent unexpected failure during transition, ignoring value of service-account-max-token-expiration.

maxTokenExpiration
Kubernetes meta/v1.Duration
(Optional)

MaxTokenExpiration is the maximum validity duration of a token created by the service account token issuer. If an otherwise valid TokenRequest with a validity duration larger than this value is requested, a token will be issued with a validity duration of this value. This field must be within [30d,90d].

acceptedIssuers
[]string
(Optional)

AcceptedIssuers is an additional set of issuers that are used to determine which service account tokens are accepted. These values are not used to generate new service account tokens. Only useful when service account tokens are also issued by another external system or a change of the current issuer that is used for generating tokens is being performed. This field is only available for Kubernetes v1.22 or later.

ShootAdvertisedAddress

(Appears on: ShootStatus)

ShootAdvertisedAddress contains information for the shoot’s Kube API server.

FieldDescription
name
string

Name of the advertised address. e.g. external

url
string

The URL of the API Server. e.g. https://api.foo.bar or https://1.2.3.4

ShootCARotation

(Appears on: ShootCredentialsRotation)

ShootCARotation contains information about the certificate authority credential rotation.

FieldDescription
phase
ShootCredentialsRotationPhase

Phase describes the phase of the certificate authority credential rotation.

lastInitiationTime
Kubernetes meta/v1.Time
(Optional)

LastInitiationTime is the most recent time when the certificate authority credential rotation was initiated.

lastCompletionTime
Kubernetes meta/v1.Time
(Optional)

LastCompletionTime is the most recent time when the certificate authority credential rotation was successfully completed.

ShootCredentials

(Appears on: ShootStatus)

ShootCredentials contains information about the shoot credentials.

FieldDescription
rotation
ShootCredentialsRotation
(Optional)

Rotation contains information about the credential rotations.

ShootCredentialsRotation

(Appears on: ShootCredentials)

ShootCredentialsRotation contains information about the rotation of credentials.

FieldDescription
certificateAuthorities
ShootCARotation
(Optional)

CertificateAuthorities contains information about the certificate authority credential rotation.

kubeconfig
ShootKubeconfigRotation
(Optional)

Kubeconfig contains information about the kubeconfig credential rotation.

sshKeypair
ShootSSHKeypairRotation
(Optional)

SSHKeypair contains information about the ssh-keypair credential rotation.

observability
ShootObservabilityRotation
(Optional)

Observability contains information about the observability credential rotation.

serviceAccountKey
ShootServiceAccountKeyRotation
(Optional)

ServiceAccountKey contains information about the service account key credential rotation.

etcdEncryptionKey
ShootETCDEncryptionKeyRotation
(Optional)

ETCDEncryptionKey contains information about the ETCD encryption key credential rotation.

ShootCredentialsRotationPhase (string alias)

(Appears on: ShootCARotation, ShootETCDEncryptionKeyRotation, ShootServiceAccountKeyRotation)

ShootCredentialsRotationPhase is a string alias.

ShootETCDEncryptionKeyRotation

(Appears on: ShootCredentialsRotation)

ShootETCDEncryptionKeyRotation contains information about the ETCD encryption key credential rotation.

FieldDescription
phase
ShootCredentialsRotationPhase

Phase describes the phase of the ETCD encryption key credential rotation.

lastInitiationTime
Kubernetes meta/v1.Time
(Optional)

LastInitiationTime is the most recent time when the ETCD encryption key credential rotation was initiated.

lastCompletionTime
Kubernetes meta/v1.Time
(Optional)

LastCompletionTime is the most recent time when the ETCD encryption key credential rotation was successfully completed.

ShootKubeconfigRotation

(Appears on: ShootCredentialsRotation)

ShootKubeconfigRotation contains information about the kubeconfig credential rotation.

FieldDescription
lastInitiationTime
Kubernetes meta/v1.Time
(Optional)

LastInitiationTime is the most recent time when the kubeconfig credential rotation was initiated.

lastCompletionTime
Kubernetes meta/v1.Time
(Optional)

LastCompletionTime is the most recent time when the kubeconfig credential rotation was successfully completed.

ShootMachineImage

(Appears on: Machine)

ShootMachineImage defines the name and the version of the shoot’s machine image in any environment. Has to be defined in the respective CloudProfile.

FieldDescription
name
string

Name is the name of the image.

providerConfig
k8s.io/apimachinery/pkg/runtime.RawExtension
(Optional)

ProviderConfig is the shoot’s individual configuration passed to an extension resource.

version
string
(Optional)

Version is the version of the shoot’s image. If version is not provided, it will be defaulted to the latest version from the CloudProfile.

ShootNetworks

(Appears on: SeedNetworks)

ShootNetworks contains the default networks CIDRs for shoots.

FieldDescription
pods
string
(Optional)

Pods is the CIDR of the pod network.

services
string
(Optional)

Services is the CIDR of the service network.

ShootObservabilityRotation

(Appears on: ShootCredentialsRotation)

ShootObservabilityRotation contains information about the observability credential rotation.

FieldDescription
lastInitiationTime
Kubernetes meta/v1.Time
(Optional)

LastInitiationTime is the most recent time when the observability credential rotation was initiated.

lastCompletionTime
Kubernetes meta/v1.Time
(Optional)

LastCompletionTime is the most recent time when the observability credential rotation was successfully completed.

ShootPurpose (string alias)

(Appears on: ShootSpec)

ShootPurpose is a type alias for string.

ShootSSHKeypairRotation

(Appears on: ShootCredentialsRotation)

ShootSSHKeypairRotation contains information about the ssh-keypair credential rotation.

FieldDescription
lastInitiationTime
Kubernetes meta/v1.Time
(Optional)

LastInitiationTime is the most recent time when the ssh-keypair credential rotation was initiated.

lastCompletionTime
Kubernetes meta/v1.Time
(Optional)

LastCompletionTime is the most recent time when the ssh-keypair credential rotation was successfully completed.

ShootServiceAccountKeyRotation

(Appears on: ShootCredentialsRotation)

ShootServiceAccountKeyRotation contains information about the service account key credential rotation.

FieldDescription
phase
ShootCredentialsRotationPhase

Phase describes the phase of the service account key credential rotation.

lastInitiationTime
Kubernetes meta/v1.Time
(Optional)

LastInitiationTime is the most recent time when the service account key credential rotation was initiated.

lastCompletionTime
Kubernetes meta/v1.Time
(Optional)

LastCompletionTime is the most recent time when the service account key credential rotation was successfully completed.

ShootSpec

(Appears on: Shoot, ShootTemplate)

ShootSpec is the specification of a Shoot.

FieldDescription
addons
Addons
(Optional)

Addons contains information about enabled/disabled addons and their configuration.

cloudProfileName
string

CloudProfileName is a name of a CloudProfile object. This field is immutable.

dns
DNS
(Optional)

DNS contains information about the DNS settings of the Shoot.

extensions
[]Extension
(Optional)

Extensions contain type and provider information for Shoot extensions.

hibernation
Hibernation
(Optional)

Hibernation contains information whether the Shoot is suspended or not.

kubernetes
Kubernetes

Kubernetes contains the version and configuration settings of the control plane components.

networking
Networking

Networking contains information about cluster networking such as CNI Plugin type, CIDRs, …etc.

maintenance
Maintenance
(Optional)

Maintenance contains information about the time window for maintenance operations and which operations should be performed.

monitoring
Monitoring
(Optional)

Monitoring contains information about custom monitoring configurations for the shoot.

provider
Provider

Provider contains all provider-specific and provider-relevant information.

purpose
ShootPurpose
(Optional)

Purpose is the purpose class for this cluster.

region
string

Region is a name of a region. This field is immutable.

secretBindingName
string

SecretBindingName is the name of the a SecretBinding that has a reference to the provider secret. The credentials inside the provider secret will be used to create the shoot in the respective account. This field is immutable.

seedName
string
(Optional)

SeedName is the name of the seed cluster that runs the control plane of the Shoot. This field is immutable when the SeedChange feature gate is disabled.

seedSelector
SeedSelector
(Optional)

SeedSelector is an optional selector which must match a seed’s labels for the shoot to be scheduled on that seed.

resources
[]NamedResourceReference
(Optional)

Resources holds a list of named resource references that can be referred to in extension configs by their names.

tolerations
[]Toleration
(Optional)

Tolerations contains the tolerations for taints on seed clusters.

exposureClassName
string
(Optional)

ExposureClassName is the optional name of an exposure class to apply a control plane endpoint exposure strategy. This field is immutable.

systemComponents
SystemComponents
(Optional)

SystemComponents contains the settings of system components in the control or data plane of the Shoot cluster.

controlPlane
ControlPlane
(Optional)

ControlPlane contains general settings for the control plane of the shoot.

ShootStatus

(Appears on: Shoot)

ShootStatus holds the most recently observed status of the Shoot cluster.

FieldDescription
conditions
[]Condition
(Optional)

Conditions represents the latest available observations of a Shoots’s current state.

constraints
[]Condition
(Optional)

Constraints represents conditions of a Shoot’s current state that constraint some operations on it.

gardener
Gardener

Gardener holds information about the Gardener which last acted on the Shoot.

hibernated
bool

IsHibernated indicates whether the Shoot is currently hibernated.

lastOperation
LastOperation
(Optional)

LastOperation holds information about the last operation on the Shoot.

lastErrors
[]LastError
(Optional)

LastErrors holds information about the last occurred error(s) during an operation.

observedGeneration
int64
(Optional)

ObservedGeneration is the most recent generation observed for this Shoot. It corresponds to the Shoot’s generation, which is updated on mutation by the API Server.

retryCycleStartTime
Kubernetes meta/v1.Time
(Optional)

RetryCycleStartTime is the start time of the last retry cycle (used to determine how often an operation must be retried until we give up).

seedName
string
(Optional)

SeedName is the name of the seed cluster that runs the control plane of the Shoot. This value is only written after a successful create/reconcile operation. It will be used when control planes are moved between Seeds.

technicalID
string

TechnicalID is the name that is used for creating the Seed namespace, the infrastructure resources, and basically everything that is related to this particular Shoot. This field is immutable.

uid
k8s.io/apimachinery/pkg/types.UID

UID is a unique identifier for the Shoot cluster to avoid portability between Kubernetes clusters. It is used to compute unique hashes. This field is immutable.

clusterIdentity
string
(Optional)

ClusterIdentity is the identity of the Shoot cluster. This field is immutable.

advertisedAddresses
[]ShootAdvertisedAddress
(Optional)

List of addresses on which the Kube API server can be reached.

migrationStartTime
Kubernetes meta/v1.Time
(Optional)

MigrationStartTime is the time when a migration to a different seed was initiated.

credentials
ShootCredentials
(Optional)

Credentials contains information about the shoot credentials.

lastHibernationTriggerTime
Kubernetes meta/v1.Time
(Optional)

LastHibernationTriggerTime indicates the last time when the hibernation controller managed to change the hibernation settings of the cluster

ShootTemplate

ShootTemplate is a template for creating a Shoot object.

FieldDescription
metadata
Kubernetes meta/v1.ObjectMeta
(Optional)

Standard object metadata.

Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
ShootSpec
(Optional)

Specification of the desired behavior of the Shoot.



addons
Addons
(Optional)

Addons contains information about enabled/disabled addons and their configuration.

cloudProfileName
string

CloudProfileName is a name of a CloudProfile object. This field is immutable.

dns
DNS
(Optional)

DNS contains information about the DNS settings of the Shoot.

extensions
[]Extension
(Optional)

Extensions contain type and provider information for Shoot extensions.

hibernation
Hibernation
(Optional)

Hibernation contains information whether the Shoot is suspended or not.

kubernetes
Kubernetes

Kubernetes contains the version and configuration settings of the control plane components.

networking
Networking

Networking contains information about cluster networking such as CNI Plugin type, CIDRs, …etc.

maintenance
Maintenance
(Optional)

Maintenance contains information about the time window for maintenance operations and which operations should be performed.

monitoring
Monitoring
(Optional)

Monitoring contains information about custom monitoring configurations for the shoot.

provider
Provider

Provider contains all provider-specific and provider-relevant information.

purpose
ShootPurpose
(Optional)

Purpose is the purpose class for this cluster.

region
string

Region is a name of a region. This field is immutable.

secretBindingName
string

SecretBindingName is the name of the a SecretBinding that has a reference to the provider secret. The credentials inside the provider secret will be used to create the shoot in the respective account. This field is immutable.

seedName
string
(Optional)

SeedName is the name of the seed cluster that runs the control plane of the Shoot. This field is immutable when the SeedChange feature gate is disabled.

seedSelector
SeedSelector
(Optional)

SeedSelector is an optional selector which must match a seed’s labels for the shoot to be scheduled on that seed.

resources
[]NamedResourceReference
(Optional)

Resources holds a list of named resource references that can be referred to in extension configs by their names.

tolerations
[]Toleration
(Optional)

Tolerations contains the tolerations for taints on seed clusters.

exposureClassName
string
(Optional)

ExposureClassName is the optional name of an exposure class to apply a control plane endpoint exposure strategy. This field is immutable.

systemComponents
SystemComponents
(Optional)

SystemComponents contains the settings of system components in the control or data plane of the Shoot cluster.

controlPlane
ControlPlane
(Optional)

ControlPlane contains general settings for the control plane of the shoot.

SystemComponents

(Appears on: ShootSpec)

SystemComponents contains the settings of system components in the control or data plane of the Shoot cluster.

FieldDescription
coreDNS
CoreDNS
(Optional)

CoreDNS contains the settings of the Core DNS components running in the data plane of the Shoot cluster.

nodeLocalDNS
NodeLocalDNS
(Optional)

NodeLocalDNS contains the settings of the node local DNS components running in the data plane of the Shoot cluster.

Toleration

(Appears on: ProjectTolerations, ShootSpec)

Toleration is a toleration for a seed taint.

FieldDescription
key
string

Key is the toleration key to be applied to a project or shoot.

value
string
(Optional)

Value is the toleration value corresponding to the toleration key.

VersionClassification (string alias)

(Appears on: ExpirableVersion)

VersionClassification is the logical state of a version.

VerticalPodAutoscaler

(Appears on: Kubernetes)

VerticalPodAutoscaler contains the configuration flags for the Kubernetes vertical pod autoscaler.

FieldDescription
enabled
bool

Enabled specifies whether the Kubernetes VPA shall be enabled for the shoot cluster.

evictAfterOOMThreshold
Kubernetes meta/v1.Duration
(Optional)

EvictAfterOOMThreshold defines the threshold that will lead to pod eviction in case it OOMed in less than the given threshold since its start and if it has only one container (default: 10m0s).

evictionRateBurst
int32
(Optional)

EvictionRateBurst defines the burst of pods that can be evicted (default: 1)

evictionRateLimit
float64
(Optional)

EvictionRateLimit defines the number of pods that can be evicted per second. A rate limit set to 0 or -1 will disable the rate limiter (default: -1).

evictionTolerance
float64
(Optional)

EvictionTolerance defines the fraction of replica count that can be evicted for update in case more than one pod can be evicted (default: 0.5).

recommendationMarginFraction
float64
(Optional)

RecommendationMarginFraction is the fraction of usage added as the safety margin to the recommended request (default: 0.15).

updaterInterval
Kubernetes meta/v1.Duration
(Optional)

UpdaterInterval is the interval how often the updater should run (default: 1m0s).

recommenderInterval
Kubernetes meta/v1.Duration
(Optional)

RecommenderInterval is the interval how often metrics should be fetched (default: 1m0s).

Volume

(Appears on: Worker)

Volume contains information about the volume type, size, and encryption.

FieldDescription
name
string
(Optional)

Name of the volume to make it referencable.

type
string
(Optional)

Type is the type of the volume.

size
string

VolumeSize is the size of the volume.

encrypted
bool
(Optional)

Encrypted determines if the volume should be encrypted.

VolumeType

(Appears on: CloudProfileSpec)

VolumeType contains certain properties of a volume type.

FieldDescription
class
string

Class is the class of the volume type.

name
string

Name is the name of the volume type.

usable
bool
(Optional)

Usable defines if the volume type can be used for shoot clusters.

minSize
k8s.io/apimachinery/pkg/api/resource.Quantity
(Optional)

MinSize is the minimal supported storage size.

WatchCacheSizes

(Appears on: KubeAPIServerConfig)

WatchCacheSizes contains configuration of the API server’s watch cache sizes.

FieldDescription
default
int32
(Optional)

Default configures the default watch cache size of the kube-apiserver (flag --default-watch-cache-size, defaults to 100). See: https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/

resources
[]ResourceWatchCacheSize
(Optional)

Resources configures the watch cache size of the kube-apiserver per resource (flag --watch-cache-sizes). See: https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/

Worker

(Appears on: Provider)

Worker is the base definition of a worker group.

FieldDescription
annotations
map[string]string
(Optional)

Annotations is a map of key/value pairs for annotations for all the Node objects in this worker pool.

caBundle
string
(Optional)

CABundle is a certificate bundle which will be installed onto every machine of this worker pool.

cri
CRI
(Optional)

CRI contains configurations of CRI support of every machine in the worker pool. Defaults to a CRI with name containerd when the Kubernetes version of the Shoot is >= 1.22.

kubernetes
WorkerKubernetes
(Optional)

Kubernetes contains configuration for Kubernetes components related to this worker pool.

labels
map[string]string
(Optional)

Labels is a map of key/value pairs for labels for all the Node objects in this worker pool.

name
string

Name is the name of the worker group.

machine
Machine

Machine contains information about the machine type and image.

maximum
int32

Maximum is the maximum number of VMs to create.

minimum
int32

Minimum is the minimum number of VMs to create.

maxSurge
k8s.io/apimachinery/pkg/util/intstr.IntOrString
(Optional)

MaxSurge is maximum number of VMs that are created during an update.

maxUnavailable
k8s.io/apimachinery/pkg/util/intstr.IntOrString
(Optional)

MaxUnavailable is the maximum number of VMs that can be unavailable during an update.

providerConfig
k8s.io/apimachinery/pkg/runtime.RawExtension
(Optional)

ProviderConfig is the provider-specific configuration for this worker pool.

taints
[]Kubernetes core/v1.Taint
(Optional)

Taints is a list of taints for all the Node objects in this worker pool.

volume
Volume
(Optional)

Volume contains information about the volume type and size.

dataVolumes
[]DataVolume
(Optional)

DataVolumes contains a list of additional worker volumes.

kubeletDataVolumeName
string
(Optional)

KubeletDataVolumeName contains the name of a dataVolume that should be used for storing kubelet state.

zones
[]string
(Optional)

Zones is a list of availability zones that are used to evenly distribute this worker pool. Optional as not every provider may support availability zones.

systemComponents
WorkerSystemComponents
(Optional)

SystemComponents contains configuration for system components related to this worker pool

machineControllerManager
MachineControllerManagerSettings
(Optional)

MachineControllerManagerSettings contains configurations for different worker-pools. Eg. MachineDrainTimeout, MachineHealthTimeout.

WorkerKubernetes

(Appears on: Worker)

WorkerKubernetes contains configuration for Kubernetes components related to this worker pool.

FieldDescription
kubelet
KubeletConfig
(Optional)

Kubelet contains configuration settings for all kubelets of this worker pool. If set, all spec.kubernetes.kubelet settings will be overwritten for this worker pool (no merge of settings).

version
string
(Optional)

Version is the semantic Kubernetes version to use for the Kubelet in this Worker Group. If not specified the kubelet version is derived from the global shoot cluster kubernetes version. version must be equal or lower than the version of the shoot kubernetes version. Only one minor version difference to other worker groups and global kubernetes version is allowed.

WorkerSystemComponents

(Appears on: Worker)

WorkerSystemComponents contains configuration for system components related to this worker pool

FieldDescription
allow
bool

Allow determines whether the pool should be allowed to host system components or not (defaults to true)


Generated with gen-crd-api-reference-docs

3 - Extensions

Packages:

extensions.gardener.cloud/v1alpha1

Package v1alpha1 is the v1alpha1 version of the API.

Resource Types:

BackupBucket

BackupBucket is a specification for backup bucket.

FieldDescription
apiVersion
string
extensions.gardener.cloud/v1alpha1
kind
string
BackupBucket
metadata
Kubernetes meta/v1.ObjectMeta
(Optional) Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
BackupBucketSpec

Specification of the BackupBucket. If the object’s deletion timestamp is set, this field is immutable.



DefaultSpec
DefaultSpec

(Members of DefaultSpec are embedded into this type.)

DefaultSpec is a structure containing common fields used by all extension resources.

region
string

Region is the region of this bucket. This field is immutable.

secretRef
Kubernetes core/v1.SecretReference

SecretRef is a reference to a secret that contains the credentials to access object store.

status
BackupBucketStatus
(Optional)

BackupEntry

BackupEntry is a specification for backup Entry.

FieldDescription
apiVersion
string
extensions.gardener.cloud/v1alpha1
kind
string
BackupEntry
metadata
Kubernetes meta/v1.ObjectMeta
(Optional) Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
BackupEntrySpec

Specification of the BackupEntry. If the object’s deletion timestamp is set, this field is immutable.



DefaultSpec
DefaultSpec

(Members of DefaultSpec are embedded into this type.)

DefaultSpec is a structure containing common fields used by all extension resources.

backupBucketProviderStatus
k8s.io/apimachinery/pkg/runtime.RawExtension
(Optional)

BackupBucketProviderStatus contains the provider status that has been generated by the controller responsible for the BackupBucket resource.

region
string

Region is the region of this Entry. This field is immutable.

bucketName
string

BucketName is the name of backup bucket for this Backup Entry.

secretRef
Kubernetes core/v1.SecretReference

SecretRef is a reference to a secret that contains the credentials to access object store.

status
BackupEntryStatus
(Optional)

Bastion

Bastion is a bastion or jump host that is dynamically created to provide SSH access to shoot nodes.

FieldDescription
apiVersion
string
extensions.gardener.cloud/v1alpha1
kind
string
Bastion
metadata
Kubernetes meta/v1.ObjectMeta
(Optional) Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
BastionSpec

Spec is the specification of this Bastion. If the object’s deletion timestamp is set, this field is immutable.



DefaultSpec
DefaultSpec

(Members of DefaultSpec are embedded into this type.)

DefaultSpec is a structure containing common fields used by all extension resources.

userData
[]byte

UserData is the base64-encoded user data for the bastion instance. This should contain code to provision the SSH key on the bastion instance. This field is immutable.

ingress
[]BastionIngressPolicy

Ingress controls from where the created bastion host should be reachable.

status
BastionStatus
(Optional)

Status is the bastion’s status.

Cluster

Cluster is a specification for a Cluster resource.

FieldDescription
apiVersion
string
extensions.gardener.cloud/v1alpha1
kind
string
Cluster
metadata
Kubernetes meta/v1.ObjectMeta
Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
ClusterSpec


cloudProfile
k8s.io/apimachinery/pkg/runtime.RawExtension

CloudProfile is a raw extension field that contains the cloudprofile resource referenced by the shoot that has to be reconciled.

seed
k8s.io/apimachinery/pkg/runtime.RawExtension

Seed is a raw extension field that contains the seed resource referenced by the shoot that has to be reconciled.

shoot
k8s.io/apimachinery/pkg/runtime.RawExtension

Shoot is a raw extension field that contains the shoot resource that has to be reconciled.

ContainerRuntime

ContainerRuntime is a specification for a container runtime resource.

FieldDescription
apiVersion
string
extensions.gardener.cloud/v1alpha1
kind
string
ContainerRuntime
metadata
Kubernetes meta/v1.ObjectMeta
(Optional) Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
ContainerRuntimeSpec

Specification of the ContainerRuntime. If the object’s deletion timestamp is set, this field is immutable.



binaryPath
string

BinaryPath is the Worker’s machine path where container runtime extensions should copy the binaries to.

workerPool
ContainerRuntimeWorkerPool

WorkerPool identifies the worker pool of the Shoot. For each worker pool and type, Gardener deploys a ContainerRuntime CRD.

DefaultSpec
DefaultSpec

(Members of DefaultSpec are embedded into this type.)

DefaultSpec is a structure containing common fields used by all extension resources.

status
ContainerRuntimeStatus
(Optional)

ControlPlane

ControlPlane is a specification for a ControlPlane resource.

FieldDescription
apiVersion
string
extensions.gardener.cloud/v1alpha1
kind
string
ControlPlane
metadata
Kubernetes meta/v1.ObjectMeta
Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
ControlPlaneSpec

Specification of the ControlPlane. If the object’s deletion timestamp is set, this field is immutable.



DefaultSpec
DefaultSpec

(Members of DefaultSpec are embedded into this type.)

DefaultSpec is a structure containing common fields used by all extension resources.

purpose
Purpose
(Optional)

Purpose contains the data if a cloud provider needs additional components in order to expose the control plane. This field is immutable.

infrastructureProviderStatus
k8s.io/apimachinery/pkg/runtime.RawExtension
(Optional)

InfrastructureProviderStatus contains the provider status that has been generated by the controller responsible for the Infrastructure resource.

region
string

Region is the region of this control plane. This field is immutable.

secretRef
Kubernetes core/v1.SecretReference

SecretRef is a reference to a secret that contains the cloud provider specific credentials.

status
ControlPlaneStatus
(Optional)

DNSRecord

DNSRecord is a specification for a DNSRecord resource.

FieldDescription
apiVersion
string
extensions.gardener.cloud/v1alpha1
kind
string
DNSRecord
metadata
Kubernetes meta/v1.ObjectMeta
Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
DNSRecordSpec

Specification of the DNSRecord. If the object’s deletion timestamp is set, this field is immutable.



DefaultSpec
DefaultSpec

(Members of DefaultSpec are embedded into this type.)

DefaultSpec is a structure containing common fields used by all extension resources.

secretRef
Kubernetes core/v1.SecretReference

SecretRef is a reference to a secret that contains the cloud provider specific credentials.

region
string
(Optional)

Region is the region of this DNS record. If not specified, the region specified in SecretRef will be used. If that is also not specified, the extension controller will use its default region.

zone
string
(Optional)

Zone is the DNS hosted zone of this DNS record. If not specified, it will be determined automatically by getting all hosted zones of the account and searching for the longest zone name that is a suffix of Name.

name
string

Name is the fully qualified domain name, e.g. “api.”. This field is immutable.

recordType
DNSRecordType

RecordType is the DNS record type. Only A, CNAME, and TXT records are currently supported. This field is immutable.

values
[]string

Values is a list of IP addresses for A records, a single hostname for CNAME records, or a list of texts for TXT records.

ttl
int64
(Optional)

TTL is the time to live in seconds. Defaults to 120.

status
DNSRecordStatus
(Optional)

Extension

Extension is a specification for a Extension resource.

FieldDescription
apiVersion
string
extensions.gardener.cloud/v1alpha1
kind
string
Extension
metadata
Kubernetes meta/v1.ObjectMeta
(Optional) Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
ExtensionSpec

Specification of the Extension. If the object’s deletion timestamp is set, this field is immutable.



DefaultSpec
DefaultSpec

(Members of DefaultSpec are embedded into this type.)

DefaultSpec is a structure containing common fields used by all extension resources.

status
ExtensionStatus
(Optional)

Infrastructure

Infrastructure is a specification for cloud provider infrastructure.

FieldDescription
apiVersion
string
extensions.gardener.cloud/v1alpha1
kind
string
Infrastructure
metadata
Kubernetes meta/v1.ObjectMeta
(Optional) Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
InfrastructureSpec

Specification of the Infrastructure. If the object’s deletion timestamp is set, this field is immutable.



DefaultSpec
DefaultSpec

(Members of DefaultSpec are embedded into this type.)

DefaultSpec is a structure containing common fields used by all extension resources.

region
string

Region is the region of this infrastructure. This field is immutable.

secretRef
Kubernetes core/v1.SecretReference

SecretRef is a reference to a secret that contains the actual result of the generated cloud config.

sshPublicKey
[]byte
(Optional)

SSHPublicKey is the public SSH key that should be used with this infrastructure.

status
InfrastructureStatus
(Optional)

Network

Network is the specification for cluster networking.

FieldDescription
apiVersion
string
extensions.gardener.cloud/v1alpha1
kind
string
Network
metadata
Kubernetes meta/v1.ObjectMeta
(Optional) Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
NetworkSpec

Specification of the Network. If the object’s deletion timestamp is set, this field is immutable.



DefaultSpec
DefaultSpec

(Members of DefaultSpec are embedded into this type.)

DefaultSpec is a structure containing common fields used by all extension resources.

podCIDR
string

PodCIDR defines the CIDR that will be used for pods. This field is immutable.

serviceCIDR
string

ServiceCIDR defines the CIDR that will be used for services. This field is immutable.

status
NetworkStatus
(Optional)

OperatingSystemConfig

OperatingSystemConfig is a specification for a OperatingSystemConfig resource

FieldDescription
apiVersion
string
extensions.gardener.cloud/v1alpha1
kind
string
OperatingSystemConfig
metadata
Kubernetes meta/v1.ObjectMeta
(Optional) Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
OperatingSystemConfigSpec

Specification of the OperatingSystemConfig. If the object’s deletion timestamp is set, this field is immutable.



criConfig
CRIConfig
(Optional)

CRI config is a structure contains configurations of the CRI library

DefaultSpec
DefaultSpec

(Members of DefaultSpec are embedded into this type.)

DefaultSpec is a structure containing common fields used by all extension resources.

purpose
OperatingSystemConfigPurpose

Purpose describes how the result of this OperatingSystemConfig is used by Gardener. Either it gets sent to the Worker extension controller to bootstrap a VM, or it is downloaded by the cloud-config-downloader script already running on a bootstrapped VM. This field is immutable.

reloadConfigFilePath
string
(Optional)

ReloadConfigFilePath is the path to the generated operating system configuration. If set, controllers are asked to use it when determining the .status.command of this resource. For example, if for CoreOS the reload-path might be “/var/lib/config”; then the controller shall set .status.command to “/usr/bin/coreos-cloudinit –from-file=/var/lib/config”.

units
[]Unit
(Optional)

Units is a list of unit for the operating system configuration (usually, a systemd unit).

files
[]File
(Optional)

Files is a list of files that should get written to the host’s file system.

status
OperatingSystemConfigStatus
(Optional)

Worker

Worker is a specification for a Worker resource.

FieldDescription
apiVersion
string
extensions.gardener.cloud/v1alpha1
kind
string
Worker
metadata
Kubernetes meta/v1.ObjectMeta
(Optional) Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
WorkerSpec

Specification of the Worker. If the object’s deletion timestamp is set, this field is immutable.



DefaultSpec
DefaultSpec

(Members of DefaultSpec are embedded into this type.)

DefaultSpec is a structure containing common fields used by all extension resources.

infrastructureProviderStatus
k8s.io/apimachinery/pkg/runtime.RawExtension
(Optional)

InfrastructureProviderStatus is a raw extension field that contains the provider status that has been generated by the controller responsible for the Infrastructure resource.

region
string

Region is the name of the region where the worker pool should be deployed to. This field is immutable.

secretRef
Kubernetes core/v1.SecretReference

SecretRef is a reference to a secret that contains the cloud provider specific credentials.

sshPublicKey
[]byte
(Optional)

SSHPublicKey is the public SSH key that should be used with these workers.

pools
[]WorkerPool

Pools is a list of worker pools.

status
WorkerStatus
(Optional)

BackupBucketSpec

(Appears on: BackupBucket)

BackupBucketSpec is the spec for an BackupBucket resource.

FieldDescription
DefaultSpec
DefaultSpec

(Members of DefaultSpec are embedded into this type.)

DefaultSpec is a structure containing common fields used by all extension resources.

region
string

Region is the region of this bucket. This field is immutable.

secretRef
Kubernetes core/v1.SecretReference

SecretRef is a reference to a secret that contains the credentials to access object store.

BackupBucketStatus

(Appears on: BackupBucket)

BackupBucketStatus is the status for an BackupBucket resource.

FieldDescription
DefaultStatus
DefaultStatus

(Members of DefaultStatus are embedded into this type.)

DefaultStatus is a structure containing common fields used by all extension resources.

generatedSecretRef
Kubernetes core/v1.SecretReference
(Optional)

GeneratedSecretRef is reference to the secret generated by backup bucket, which will have object store specific credentials.

BackupEntrySpec

(Appears on: BackupEntry)

BackupEntrySpec is the spec for an BackupEntry resource.

FieldDescription
DefaultSpec
DefaultSpec

(Members of DefaultSpec are embedded into this type.)

DefaultSpec is a structure containing common fields used by all extension resources.

backupBucketProviderStatus
k8s.io/apimachinery/pkg/runtime.RawExtension
(Optional)

BackupBucketProviderStatus contains the provider status that has been generated by the controller responsible for the BackupBucket resource.

region
string

Region is the region of this Entry. This field is immutable.

bucketName
string

BucketName is the name of backup bucket for this Backup Entry.

secretRef
Kubernetes core/v1.SecretReference

SecretRef is a reference to a secret that contains the credentials to access object store.

BackupEntryStatus

(Appears on: BackupEntry)

BackupEntryStatus is the status for an BackupEntry resource.

FieldDescription
DefaultStatus
DefaultStatus

(Members of DefaultStatus are embedded into this type.)

DefaultStatus is a structure containing common fields used by all extension resources.

BastionIngressPolicy

(Appears on: BastionSpec)

BastionIngressPolicy represents an ingress policy for SSH bastion hosts.

FieldDescription
ipBlock
Kubernetes networking/v1.IPBlock

IPBlock defines an IP block that is allowed to access the bastion.

BastionSpec

(Appears on: Bastion)

BastionSpec contains the specification for an SSH bastion host.

FieldDescription
DefaultSpec
DefaultSpec

(Members of DefaultSpec are embedded into this type.)

DefaultSpec is a structure containing common fields used by all extension resources.

userData
[]byte

UserData is the base64-encoded user data for the bastion instance. This should contain code to provision the SSH key on the bastion instance. This field is immutable.

ingress
[]BastionIngressPolicy

Ingress controls from where the created bastion host should be reachable.

BastionStatus

(Appears on: Bastion)

BastionStatus holds the most recently observed status of the Bastion.

FieldDescription
DefaultStatus
DefaultStatus

(Members of DefaultStatus are embedded into this type.)

DefaultStatus is a structure containing common fields used by all extension resources.

ingress
Kubernetes core/v1.LoadBalancerIngress
(Optional)

Ingress is the external IP and/or hostname of the bastion host.

CRIConfig

(Appears on: OperatingSystemConfigSpec)

CRIConfig contains configurations of the CRI library.

FieldDescription
name
CRIName

Name is a mandatory string containing the name of the CRI library. Supported values are docker and containerd.

CRIName (string alias)

(Appears on: CRIConfig)

CRIName is a type alias for the CRI name string.

CloudConfig

(Appears on: OperatingSystemConfigStatus)

CloudConfig contains the generated output for the given operating system config spec. It contains a reference to a secret as the result may contain confidential data.

FieldDescription
secretRef
Kubernetes core/v1.SecretReference

SecretRef is a reference to a secret that contains the actual result of the generated cloud config.

ClusterSpec

(Appears on: Cluster)

ClusterSpec is the spec for a Cluster resource.

FieldDescription
cloudProfile
k8s.io/apimachinery/pkg/runtime.RawExtension

CloudProfile is a raw extension field that contains the cloudprofile resource referenced by the shoot that has to be reconciled.

seed
k8s.io/apimachinery/pkg/runtime.RawExtension

Seed is a raw extension field that contains the seed resource referenced by the shoot that has to be reconciled.

shoot
k8s.io/apimachinery/pkg/runtime.RawExtension

Shoot is a raw extension field that contains the shoot resource that has to be reconciled.

ContainerRuntimeSpec

(Appears on: ContainerRuntime)

ContainerRuntimeSpec is the spec for a ContainerRuntime resource.

FieldDescription
binaryPath
string

BinaryPath is the Worker’s machine path where container runtime extensions should copy the binaries to.

workerPool
ContainerRuntimeWorkerPool

WorkerPool identifies the worker pool of the Shoot. For each worker pool and type, Gardener deploys a ContainerRuntime CRD.

DefaultSpec
DefaultSpec

(Members of DefaultSpec are embedded into this type.)

DefaultSpec is a structure containing common fields used by all extension resources.

ContainerRuntimeStatus

(Appears on: ContainerRuntime)

ContainerRuntimeStatus is the status for a ContainerRuntime resource.

FieldDescription
DefaultStatus
DefaultStatus

(Members of DefaultStatus are embedded into this type.)

DefaultStatus is a structure containing common fields used by all extension resources.

ContainerRuntimeWorkerPool

(Appears on: ContainerRuntimeSpec)

ContainerRuntimeWorkerPool identifies a Shoot worker pool by its name and selector.

FieldDescription
name
string

Name specifies the name of the worker pool the container runtime should be available for. This field is immutable.

selector
Kubernetes meta/v1.LabelSelector

Selector is the label selector used by the extension to match the nodes belonging to the worker pool.

ControlPlaneSpec

(Appears on: ControlPlane)

ControlPlaneSpec is the spec of a ControlPlane resource.

FieldDescription
DefaultSpec
DefaultSpec

(Members of DefaultSpec are embedded into this type.)

DefaultSpec is a structure containing common fields used by all extension resources.

purpose
Purpose
(Optional)

Purpose contains the data if a cloud provider needs additional components in order to expose the control plane. This field is immutable.

infrastructureProviderStatus
k8s.io/apimachinery/pkg/runtime.RawExtension
(Optional)

InfrastructureProviderStatus contains the provider status that has been generated by the controller responsible for the Infrastructure resource.

region
string

Region is the region of this control plane. This field is immutable.

secretRef
Kubernetes core/v1.SecretReference

SecretRef is a reference to a secret that contains the cloud provider specific credentials.

ControlPlaneStatus

(Appears on: ControlPlane)

ControlPlaneStatus is the status of a ControlPlane resource.

FieldDescription
DefaultStatus
DefaultStatus

(Members of DefaultStatus are embedded into this type.)

DefaultStatus is a structure containing common fields used by all extension resources.

DNSRecordSpec

(Appears on: DNSRecord)

DNSRecordSpec is the spec of a DNSRecord resource.

FieldDescription
DefaultSpec
DefaultSpec

(Members of DefaultSpec are embedded into this type.)

DefaultSpec is a structure containing common fields used by all extension resources.

secretRef
Kubernetes core/v1.SecretReference

SecretRef is a reference to a secret that contains the cloud provider specific credentials.

region
string
(Optional)

Region is the region of this DNS record. If not specified, the region specified in SecretRef will be used. If that is also not specified, the extension controller will use its default region.

zone
string
(Optional)

Zone is the DNS hosted zone of this DNS record. If not specified, it will be determined automatically by getting all hosted zones of the account and searching for the longest zone name that is a suffix of Name.

name
string

Name is the fully qualified domain name, e.g. “api.”. This field is immutable.

recordType
DNSRecordType

RecordType is the DNS record type. Only A, CNAME, and TXT records are currently supported. This field is immutable.

values
[]string

Values is a list of IP addresses for A records, a single hostname for CNAME records, or a list of texts for TXT records.

ttl
int64
(Optional)

TTL is the time to live in seconds. Defaults to 120.

DNSRecordStatus

(Appears on: DNSRecord)

DNSRecordStatus is the status of a DNSRecord resource.

FieldDescription
DefaultStatus
DefaultStatus

(Members of DefaultStatus are embedded into this type.)

DefaultStatus is a structure containing common fields used by all extension resources.

zone
string
(Optional)

Zone is the DNS hosted zone of this DNS record.

DNSRecordType (string alias)

(Appears on: DNSRecordSpec)

DNSRecordType is a string alias.

DataVolume

(Appears on: WorkerPool)

DataVolume contains information about a data volume.

FieldDescription
name
string

Name of the volume to make it referencable.

type
string
(Optional)

Type is the type of the volume.

size
string

Size is the of the root volume.

encrypted
bool
(Optional)

Encrypted determines if the volume should be encrypted.

DefaultSpec

(Appears on: BackupBucketSpec, BackupEntrySpec, BastionSpec, ContainerRuntimeSpec, ControlPlaneSpec, DNSRecordSpec, ExtensionSpec, InfrastructureSpec, NetworkSpec, OperatingSystemConfigSpec, WorkerSpec)

DefaultSpec contains common status fields for every extension resource.

FieldDescription
type
string

Type contains the instance of the resource’s kind.

providerConfig
k8s.io/apimachinery/pkg/runtime.RawExtension
(Optional)

ProviderConfig is the provider specific configuration.

DefaultStatus

(Appears on: BackupBucketStatus, BackupEntryStatus, BastionStatus, ContainerRuntimeStatus, ControlPlaneStatus, DNSRecordStatus, ExtensionStatus, InfrastructureStatus, NetworkStatus, OperatingSystemConfigStatus, WorkerStatus)

DefaultStatus contains common status fields for every extension resource.

FieldDescription
providerStatus
k8s.io/apimachinery/pkg/runtime.RawExtension
(Optional)

ProviderStatus contains provider-specific status.

conditions
[]github.com/gardener/gardener/pkg/apis/core/v1beta1.Condition
(Optional)

Conditions represents the latest available observations of a Seed’s current state.

lastError
github.com/gardener/gardener/pkg/apis/core/v1beta1.LastError
(Optional)

LastError holds information about the last occurred error during an operation.

lastOperation
github.com/gardener/gardener/pkg/apis/core/v1beta1.LastOperation
(Optional)

LastOperation holds information about the last operation on the resource.

observedGeneration
int64

ObservedGeneration is the most recent generation observed for this resource.

state
k8s.io/apimachinery/pkg/runtime.RawExtension
(Optional)

State can be filled by the operating controller with what ever data it needs.

resources
[]github.com/gardener/gardener/pkg/apis/core/v1beta1.NamedResourceReference
(Optional)

Resources holds a list of named resource references that can be referred to in the state by their names.

DropIn

(Appears on: Unit)

DropIn is a drop-in configuration for a systemd unit.

FieldDescription
name
string

Name is the name of the drop-in.

content
string

Content is the content of the drop-in.

ExtensionSpec

(Appears on: Extension)

ExtensionSpec is the spec for a Extension resource.

FieldDescription
DefaultSpec
DefaultSpec

(Members of DefaultSpec are embedded into this type.)

DefaultSpec is a structure containing common fields used by all extension resources.

ExtensionStatus

(Appears on: Extension)

ExtensionStatus is the status for a Extension resource.

FieldDescription
DefaultStatus
DefaultStatus

(Members of DefaultStatus are embedded into this type.)

DefaultStatus is a structure containing common fields used by all extension resources.

File

(Appears on: OperatingSystemConfigSpec)

File is a file that should get written to the host’s file system. The content can either be inlined or referenced from a secret in the same namespace.

FieldDescription
path
string

Path is the path of the file system where the file should get written to.

permissions
int32
(Optional)

Permissions describes with which permissions the file should get written to the file system. Should be defaulted to octal 0644.

content
FileContent

Content describe the file’s content.

FileCodecID (string alias)

FileCodecID is the id of a FileCodec for cloud-init scripts.

FileContent

(Appears on: File)

FileContent can either reference a secret or contain inline configuration.

FieldDescription
secretRef
FileContentSecretRef
(Optional)

SecretRef is a struct that contains information about the referenced secret.

inline
FileContentInline
(Optional)

Inline is a struct that contains information about the inlined data.

transmitUnencoded
bool
(Optional)

TransmitUnencoded set to true will ensure that the os-extension does not encode the file content when sent to the node. This for example can be used to manipulate the clear-text content before it reaches the node.

FileContentInline

(Appears on: FileContent)

FileContentInline contains keys for inlining a file content’s data and encoding.

FieldDescription
encoding
string

Encoding is the file’s encoding (e.g. base64).

data
string

Data is the file’s data.

FileContentSecretRef

(Appears on: FileContent)

FileContentSecretRef contains keys for referencing a file content’s data from a secret in the same namespace.

FieldDescription
name
string

Name is the name of the secret.

dataKey
string

DataKey is the key in the secret’s .data field that should be read.

InfrastructureSpec

(Appears on: Infrastructure)

InfrastructureSpec is the spec for an Infrastructure resource.

FieldDescription
DefaultSpec
DefaultSpec

(Members of DefaultSpec are embedded into this type.)

DefaultSpec is a structure containing common fields used by all extension resources.

region
string

Region is the region of this infrastructure. This field is immutable.

secretRef
Kubernetes core/v1.SecretReference

SecretRef is a reference to a secret that contains the actual result of the generated cloud config.

sshPublicKey
[]byte
(Optional)

SSHPublicKey is the public SSH key that should be used with this infrastructure.

InfrastructureStatus

(Appears on: Infrastructure)

InfrastructureStatus is the status for an Infrastructure resource.

FieldDescription
DefaultStatus
DefaultStatus

(Members of DefaultStatus are embedded into this type.)

DefaultStatus is a structure containing common fields used by all extension resources.

nodesCIDR
string
(Optional)

NodesCIDR is the CIDR of the node network that was optionally created by the acting extension controller. This might be needed in environments in which the CIDR for the network for the shoot worker node cannot be statically defined in the Shoot resource but must be computed dynamically.

MachineDeployment

(Appears on: WorkerStatus)

MachineDeployment is a created machine deployment.

FieldDescription
name
string

Name is the name of the MachineDeployment resource.

minimum
int32

Minimum is the minimum number for this machine deployment.

maximum
int32

Maximum is the maximum number for this machine deployment.

MachineImage

(Appears on: WorkerPool)

MachineImage contains logical information about the name and the version of the machie image that should be used. The logical information must be mapped to the provider-specific information (e.g., AMIs, …) by the provider itself.

FieldDescription
name
string

Name is the logical name of the machine image.

version
string

Version is the version of the machine image.

NetworkSpec

(Appears on: Network)

NetworkSpec is the spec for an Network resource.

FieldDescription
DefaultSpec
DefaultSpec

(Members of DefaultSpec are embedded into this type.)

DefaultSpec is a structure containing common fields used by all extension resources.

podCIDR
string

PodCIDR defines the CIDR that will be used for pods. This field is immutable.

serviceCIDR
string

ServiceCIDR defines the CIDR that will be used for services. This field is immutable.

NetworkStatus

(Appears on: Network)

NetworkStatus is the status for an Network resource.

FieldDescription
DefaultStatus
DefaultStatus

(Members of DefaultStatus are embedded into this type.)

DefaultStatus is a structure containing common fields used by all extension resources.

NodeTemplate

(Appears on: WorkerPool)

NodeTemplate contains information about the expected node properties.

FieldDescription
capacity
Kubernetes core/v1.ResourceList

Capacity represents the expected Node capacity.

Object

Object is an extension object resource.

OperatingSystemConfigPurpose (string alias)

(Appears on: OperatingSystemConfigSpec)

OperatingSystemConfigPurpose is a string alias.

OperatingSystemConfigSpec

(Appears on: OperatingSystemConfig)

OperatingSystemConfigSpec is the spec for a OperatingSystemConfig resource.

FieldDescription
criConfig
CRIConfig
(Optional)

CRI config is a structure contains configurations of the CRI library

DefaultSpec
DefaultSpec

(Members of DefaultSpec are embedded into this type.)

DefaultSpec is a structure containing common fields used by all extension resources.

purpose
OperatingSystemConfigPurpose

Purpose describes how the result of this OperatingSystemConfig is used by Gardener. Either it gets sent to the Worker extension controller to bootstrap a VM, or it is downloaded by the cloud-config-downloader script already running on a bootstrapped VM. This field is immutable.

reloadConfigFilePath
string
(Optional)

ReloadConfigFilePath is the path to the generated operating system configuration. If set, controllers are asked to use it when determining the .status.command of this resource. For example, if for CoreOS the reload-path might be “/var/lib/config”; then the controller shall set .status.command to “/usr/bin/coreos-cloudinit –from-file=/var/lib/config”.

units
[]Unit
(Optional)

Units is a list of unit for the operating system configuration (usually, a systemd unit).

files
[]File
(Optional)

Files is a list of files that should get written to the host’s file system.

OperatingSystemConfigStatus

(Appears on: OperatingSystemConfig)

OperatingSystemConfigStatus is the status for a OperatingSystemConfig resource.

FieldDescription
DefaultStatus
DefaultStatus

(Members of DefaultStatus are embedded into this type.)

DefaultStatus is a structure containing common fields used by all extension resources.

cloudConfig
CloudConfig
(Optional)

CloudConfig is a structure for containing the generated output for the given operating system config spec. It contains a reference to a secret as the result may contain confidential data.

command
string
(Optional)

Command is the command whose execution renews/reloads the cloud config on an existing VM, e.g. “/usr/bin/reload-cloud-config -from-file=”. The is optionally provided by Gardener in the .spec.reloadConfigFilePath field.

units
[]string
(Optional)

Units is a list of systemd unit names that are part of the generated Cloud Config and shall be restarted when a new version has been downloaded.

Purpose (string alias)

(Appears on: ControlPlaneSpec)

Purpose is a string alias.

Spec

Spec is the spec section of an Object.

Status

Status is the status of an Object.

Unit

(Appears on: OperatingSystemConfigSpec)

Unit is a unit for the operating system configuration (usually, a systemd unit).

FieldDescription
name
string

Name is the name of a unit.

command
string
(Optional)

Command is the unit’s command.

enable
bool
(Optional)

Enable describes whether the unit is enabled or not.

content
string
(Optional)

Content is the unit’s content.

dropIns
[]DropIn
(Optional)

DropIns is a list of drop-ins for this unit.

Volume

(Appears on: WorkerPool)

Volume contains information about the root disks that should be used for worker pools.

FieldDescription
name
string
(Optional)

Name of the volume to make it referencable.

type
string
(Optional)

Type is the type of the volume.

size
string

Size is the of the root volume.

encrypted
bool
(Optional)

Encrypted determines if the volume should be encrypted.

WorkerPool

(Appears on: WorkerSpec)

WorkerPool is the definition of a specific worker pool.

FieldDescription
machineType
string

MachineType contains information about the machine type that should be used for this worker pool.

maximum
int32

Maximum is the maximum size of the worker pool.

maxSurge
k8s.io/apimachinery/pkg/util/intstr.IntOrString

MaxSurge is maximum number of VMs that are created during an update.

maxUnavailable
k8s.io/apimachinery/pkg/util/intstr.IntOrString

MaxUnavailable is the maximum number of VMs that can be unavailable during an update.

annotations
map[string]string
(Optional)

Annotations is a map of key/value pairs for annotations for all the Node objects in this worker pool.

labels
map[string]string
(Optional)

Labels is a map of key/value pairs for labels for all the Node objects in this worker pool.

taints
[]Kubernetes core/v1.Taint
(Optional)

Taints is a list of taints for all the Node objects in this worker pool.

machineImage
MachineImage

MachineImage contains logical information about the name and the version of the machie image that should be used. The logical information must be mapped to the provider-specific information (e.g., AMIs, …) by the provider itself.

minimum
int32

Minimum is the minimum size of the worker pool.

name
string

Name is the name of this worker pool.

providerConfig
k8s.io/apimachinery/pkg/runtime.RawExtension
(Optional)

ProviderConfig is a provider specific configuration for the worker pool.

userData
[]byte

UserData is a base64-encoded string that contains the data that is sent to the provider’s APIs when a new machine/VM that is part of this worker pool shall be spawned.

volume
Volume
(Optional)

Volume contains information about the root disks that should be used for this worker pool.

dataVolumes
[]DataVolume
(Optional)

DataVolumes contains a list of additional worker volumes.

kubeletDataVolumeName
string
(Optional)

KubeletDataVolumeName contains the name of a dataVolume that should be used for storing kubelet state.

zones
[]string
(Optional)

Zones contains information about availability zones for this worker pool.

machineControllerManager
github.com/gardener/gardener/pkg/apis/core/v1beta1.MachineControllerManagerSettings
(Optional)

MachineControllerManagerSettings contains configurations for different worker-pools. Eg. MachineDrainTimeout, MachineHealthTimeout.

kubernetesVersion
string
(Optional)

KubernetesVersion is the kubernetes version in this worker pool

nodeTemplate
NodeTemplate
(Optional)

NodeTemplate contains resource information of the machine which is used by Cluster Autoscaler to generate nodeTemplate during scaling a nodeGroup from zero

architecture
string
(Optional)

Architecture is the CPU architecture of the worker pool machines and machine image.

WorkerSpec

(Appears on: Worker)

WorkerSpec is the spec for a Worker resource.

FieldDescription
DefaultSpec
DefaultSpec

(Members of DefaultSpec are embedded into this type.)

DefaultSpec is a structure containing common fields used by all extension resources.

infrastructureProviderStatus
k8s.io/apimachinery/pkg/runtime.RawExtension
(Optional)

InfrastructureProviderStatus is a raw extension field that contains the provider status that has been generated by the controller responsible for the Infrastructure resource.

region
string

Region is the name of the region where the worker pool should be deployed to. This field is immutable.

secretRef
Kubernetes core/v1.SecretReference

SecretRef is a reference to a secret that contains the cloud provider specific credentials.

sshPublicKey
[]byte
(Optional)

SSHPublicKey is the public SSH key that should be used with these workers.

pools
[]WorkerPool

Pools is a list of worker pools.

WorkerStatus

(Appears on: Worker)

WorkerStatus is the status for a Worker resource.

FieldDescription
DefaultStatus
DefaultStatus

(Members of DefaultStatus are embedded into this type.)

DefaultStatus is a structure containing common fields used by all extension resources.

machineDeployments
[]MachineDeployment

MachineDeployments is a list of created machine deployments. It will be used to e.g. configure the cluster-autoscaler properly.


Generated with gen-crd-api-reference-docs

4 - Operations

Packages:

operations.gardener.cloud/v1alpha1

Package v1alpha1 is a version of the API.

Resource Types:

Bastion

Bastion holds details about an SSH bastion for a shoot cluster.

FieldDescription
apiVersion
string
operations.gardener.cloud/v1alpha1
kind
string
Bastion
metadata
Kubernetes meta/v1.ObjectMeta

Standard object metadata.

Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
BastionSpec

Specification of the Bastion.



shootRef
Kubernetes core/v1.LocalObjectReference

ShootRef defines the target shoot for a Bastion. The name field of the ShootRef is immutable.

seedName
string
(Optional)

SeedName is the name of the seed to which this Bastion is currently scheduled. This field is populated at the beginning of a create/reconcile operation.

providerType
string
(Optional)

ProviderType is cloud provider used by the referenced Shoot.

sshPublicKey
string

SSHPublicKey is the user’s public key. This field is immutable.

ingress
[]BastionIngressPolicy

Ingress controls from where the created bastion host should be reachable.

status
BastionStatus
(Optional)

Most recently observed status of the Bastion.

BastionIngressPolicy

(Appears on: BastionSpec)

BastionIngressPolicy represents an ingress policy for SSH bastion hosts.

FieldDescription
ipBlock
Kubernetes networking/v1.IPBlock

IPBlock defines an IP block that is allowed to access the bastion.

BastionSpec

(Appears on: Bastion)

BastionSpec is the specification of a Bastion.

FieldDescription
shootRef
Kubernetes core/v1.LocalObjectReference

ShootRef defines the target shoot for a Bastion. The name field of the ShootRef is immutable.

seedName
string
(Optional)

SeedName is the name of the seed to which this Bastion is currently scheduled. This field is populated at the beginning of a create/reconcile operation.

providerType
string
(Optional)

ProviderType is cloud provider used by the referenced Shoot.

sshPublicKey
string

SSHPublicKey is the user’s public key. This field is immutable.

ingress
[]BastionIngressPolicy

Ingress controls from where the created bastion host should be reachable.

BastionStatus

(Appears on: Bastion)

BastionStatus holds the most recently observed status of the Bastion.

FieldDescription
ingress
Kubernetes core/v1.LoadBalancerIngress
(Optional)

Ingress holds the public IP and/or hostname of the bastion instance.

conditions
[]github.com/gardener/gardener/pkg/apis/core/v1alpha1.Condition
(Optional)

Conditions represents the latest available observations of a Bastion’s current state.

lastHeartbeatTimestamp
Kubernetes meta/v1.Time
(Optional)

LastHeartbeatTimestamp is the time when the bastion was last marked as not to be deleted. When this is set, the ExpirationTimestamp is advanced as well.

expirationTimestamp
Kubernetes meta/v1.Time
(Optional)

ExpirationTimestamp is the time after which a Bastion is supposed to be garbage collected.

observedGeneration
int64
(Optional)

ObservedGeneration is the most recent generation observed for this Bastion. It corresponds to the Bastion’s generation, which is updated on mutation by the API Server.


Generated with gen-crd-api-reference-docs

5 - Operator

Packages:

operator.gardener.cloud/v1alpha1

Package v1alpha1 contains the configuration of the Gardener Operator.

Resource Types:

    Garden

    Garden describes a list of gardens.

    FieldDescription
    metadata
    Kubernetes meta/v1.ObjectMeta

    Standard object metadata.

    Refer to the Kubernetes API documentation for the fields of the metadata field.
    spec
    GardenSpec

    Spec contains the specification of this garden.



    runtimeCluster
    RuntimeCluster

    RuntimeCluster contains configuration for the runtime cluster.

    status
    GardenStatus

    Status contains the status of this garden.

    GardenSpec

    (Appears on: Garden)

    GardenSpec contains the specification of a garden environment.

    FieldDescription
    runtimeCluster
    RuntimeCluster

    RuntimeCluster contains configuration for the runtime cluster.

    GardenStatus

    (Appears on: Garden)

    GardenStatus is the status of a garden environment.

    FieldDescription
    gardener
    github.com/gardener/gardener/pkg/apis/core/v1beta1.Gardener
    (Optional)

    Gardener holds information about the Gardener which last acted on the Garden.

    conditions
    []github.com/gardener/gardener/pkg/apis/core/v1beta1.Condition

    Conditions is a list of conditions.

    observedGeneration
    int64

    ObservedGeneration is the most recent generation observed for this resource.

    Provider

    (Appears on: RuntimeCluster)

    Provider defines the provider-specific information for this cluster.

    FieldDescription
    zones
    []string
    (Optional)

    Zones is the list of availability zones the cluster is deployed to.

    RuntimeCluster

    (Appears on: GardenSpec)

    RuntimeCluster contains configuration for the runtime cluster.

    FieldDescription
    provider
    Provider

    Provider defines the provider-specific information for this cluster.

    settings
    Settings
    (Optional)

    Settings contains certain settings for this cluster.

    SettingVerticalPodAutoscaler

    (Appears on: Settings)

    SettingVerticalPodAutoscaler controls certain settings for the vertical pod autoscaler components deployed in the seed.

    FieldDescription
    enabled
    bool
    (Optional)

    Enabled controls whether the VPA components shall be deployed into this cluster. It is true by default because the operator (and Gardener) heavily rely on a VPA being deployed. You should only disable this if your runtime cluster already has another, manually/custom managed VPA deployment. If this is not the case, but you still disable it, then reconciliation will fail.

    Settings

    (Appears on: RuntimeCluster)

    Settings contains certain settings for this cluster.

    FieldDescription
    verticalPodAutoscaler
    SettingVerticalPodAutoscaler
    (Optional)

    VerticalPodAutoscaler controls certain settings for the vertical pod autoscaler components deployed in the cluster.


    Generated with gen-crd-api-reference-docs

    6 - Provider Local

    Packages:

    local.provider.extensions.gardener.cloud/v1alpha1

    Package v1alpha1 contains the local provider API resources.

    Resource Types:

    CloudProfileConfig

    CloudProfileConfig contains provider-specific configuration that is embedded into Gardener’s CloudProfile resource.

    FieldDescription
    apiVersion
    string
    local.provider.extensions.gardener.cloud/v1alpha1
    kind
    string
    CloudProfileConfig
    machineImages
    []MachineImages

    MachineImages is the list of machine images that are understood by the controller. It maps logical names and versions to provider-specific identifiers.

    WorkerStatus

    WorkerStatus contains information about created worker resources.

    FieldDescription
    apiVersion
    string
    local.provider.extensions.gardener.cloud/v1alpha1
    kind
    string
    WorkerStatus
    machineImages
    []MachineImage
    (Optional)

    MachineImages is a list of machine images that have been used in this worker. Usually, the extension controller gets the mapping from name/version to the provider-specific machine image data from the CloudProfile. However, if a version that is still in use gets removed from this componentconfig it cannot reconcile anymore existing Worker resources that are still using this version. Hence, it stores the used versions in the provider status to ensure reconciliation is possible.

    MachineImage

    (Appears on: WorkerStatus)

    MachineImage is a mapping from logical names and versions to provider-specific machine image data.

    FieldDescription
    name
    string

    Name is the logical name of the machine image.

    version
    string

    Version is the logical version of the machine image.

    image
    string

    Image is the image for the machine image.

    MachineImageVersion

    (Appears on: MachineImages)

    MachineImageVersion contains a version and a provider-specific identifier.

    FieldDescription
    version
    string

    Version is the version of the image.

    image
    string

    Image is the image for the machine image.

    MachineImages

    (Appears on: CloudProfileConfig)

    MachineImages is a mapping from logical names and versions to provider-specific identifiers.

    FieldDescription
    name
    string

    Name is the logical name of the machine image.

    versions
    []MachineImageVersion

    Versions contains versions and a provider-specific identifier.


    Generated with gen-crd-api-reference-docs

    7 - Resources

    Packages:

    resources.gardener.cloud/v1alpha1

    Package v1alpha1 contains the configuration of the Gardener Resource Manager.

    Resource Types:

      ManagedResource

      ManagedResource describes a list of managed resources.

      FieldDescription
      metadata
      Kubernetes meta/v1.ObjectMeta

      Standard object metadata.

      Refer to the Kubernetes API documentation for the fields of the metadata field.
      spec
      ManagedResourceSpec

      Spec contains the specification of this managed resource.



      class
      string
      (Optional)

      Class holds the resource class used to control the responsibility for multiple resource manager instances

      secretRefs
      []Kubernetes core/v1.LocalObjectReference

      SecretRefs is a list of secret references.

      injectLabels
      map[string]string
      (Optional)

      InjectLabels injects the provided labels into every resource that is part of the referenced secrets.

      forceOverwriteLabels
      bool
      (Optional)

      ForceOverwriteLabels specifies that all existing labels should be overwritten. Defaults to false.

      forceOverwriteAnnotations
      bool
      (Optional)

      ForceOverwriteAnnotations specifies that all existing annotations should be overwritten. Defaults to false.

      keepObjects
      bool
      (Optional)

      KeepObjects specifies whether the objects should be kept although the managed resource has already been deleted. Defaults to false.

      equivalences
      [][]k8s.io/apimachinery/pkg/apis/meta/v1.GroupKind
      (Optional)

      Equivalences specifies possible group/kind equivalences for objects.

      deletePersistentVolumeClaims
      bool
      (Optional)

      DeletePersistentVolumeClaims specifies if PersistentVolumeClaims created by StatefulSets, which are managed by this resource, should also be deleted when the corresponding StatefulSet is deleted (defaults to false).

      status
      ManagedResourceStatus

      Status contains the status of this managed resource.

      ManagedResourceSpec

      (Appears on: ManagedResource)

      ManagedResourceSpec contains the specification of this managed resource.

      FieldDescription
      class
      string
      (Optional)

      Class holds the resource class used to control the responsibility for multiple resource manager instances

      secretRefs
      []Kubernetes core/v1.LocalObjectReference

      SecretRefs is a list of secret references.

      injectLabels
      map[string]string
      (Optional)

      InjectLabels injects the provided labels into every resource that is part of the referenced secrets.

      forceOverwriteLabels
      bool
      (Optional)

      ForceOverwriteLabels specifies that all existing labels should be overwritten. Defaults to false.

      forceOverwriteAnnotations
      bool
      (Optional)

      ForceOverwriteAnnotations specifies that all existing annotations should be overwritten. Defaults to false.

      keepObjects
      bool
      (Optional)

      KeepObjects specifies whether the objects should be kept although the managed resource has already been deleted. Defaults to false.

      equivalences
      [][]k8s.io/apimachinery/pkg/apis/meta/v1.GroupKind
      (Optional)

      Equivalences specifies possible group/kind equivalences for objects.

      deletePersistentVolumeClaims
      bool
      (Optional)

      DeletePersistentVolumeClaims specifies if PersistentVolumeClaims created by StatefulSets, which are managed by this resource, should also be deleted when the corresponding StatefulSet is deleted (defaults to false).

      ManagedResourceStatus

      (Appears on: ManagedResource)

      ManagedResourceStatus is the status of a managed resource.

      FieldDescription
      conditions
      []github.com/gardener/gardener/pkg/apis/core/v1beta1.Condition
      observedGeneration
      int64

      ObservedGeneration is the most recent generation observed for this resource.

      resources
      []ObjectReference
      (Optional)

      Resources is a list of objects that have been created.

      secretsDataChecksum
      string
      (Optional)

      SecretsDataChecksum is the checksum of referenced secrets data.

      ObjectReference

      (Appears on: ManagedResourceStatus)

      ObjectReference is a reference to another object.

      FieldDescription
      ObjectReference
      Kubernetes core/v1.ObjectReference

      (Members of ObjectReference are embedded into this type.)

      labels
      map[string]string

      Labels is a map of labels that were used during last update of the resource.

      annotations
      map[string]string

      Annotations is a map of annotations that were used during last update of the resource.


      Generated with gen-crd-api-reference-docs

      8 - Seedmanagement

      Packages:

      seedmanagement.gardener.cloud/v1alpha1

      Package v1alpha1 is a version of the API.

      Resource Types:

      ManagedSeed

      ManagedSeed represents a Shoot that is registered as Seed.

      FieldDescription
      apiVersion
      string
      seedmanagement.gardener.cloud/v1alpha1
      kind
      string
      ManagedSeed
      metadata
      Kubernetes meta/v1.ObjectMeta
      (Optional)

      Standard object metadata.

      Refer to the Kubernetes API documentation for the fields of the metadata field.
      spec
      ManagedSeedSpec
      (Optional)

      Specification of the ManagedSeed.



      shoot
      Shoot
      (Optional)

      Shoot references a Shoot that should be registered as Seed. This field is immutable.

      gardenlet
      Gardenlet
      (Optional)

      Gardenlet specifies that the ManagedSeed controller should deploy a gardenlet into the cluster with the given deployment parameters and GardenletConfiguration.

      status
      ManagedSeedStatus
      (Optional)

      Most recently observed status of the ManagedSeed.

      ManagedSeedSet

      ManagedSeedSet represents a set of identical ManagedSeeds.

      FieldDescription
      apiVersion
      string
      seedmanagement.gardener.cloud/v1alpha1
      kind
      string
      ManagedSeedSet
      metadata
      Kubernetes meta/v1.ObjectMeta
      (Optional)

      Standard object metadata.

      Refer to the Kubernetes API documentation for the fields of the metadata field.
      spec
      ManagedSeedSetSpec
      (Optional)

      Spec defines the desired identities of ManagedSeeds and Shoots in this set.



      replicas
      int32
      (Optional)

      Replicas is the desired number of replicas of the given Template. Defaults to 1.

      selector
      Kubernetes meta/v1.LabelSelector

      Selector is a label query over ManagedSeeds and Shoots that should match the replica count. It must match the ManagedSeeds and Shoots template’s labels. This field is immutable.

      template
      ManagedSeedTemplate

      Template describes the ManagedSeed that will be created if insufficient replicas are detected. Each ManagedSeed created / updated by the ManagedSeedSet will fulfill this template.

      shootTemplate
      github.com/gardener/gardener/pkg/apis/core/v1beta1.ShootTemplate

      ShootTemplate describes the Shoot that will be created if insufficient replicas are detected for hosting the corresponding ManagedSeed. Each Shoot created / updated by the ManagedSeedSet will fulfill this template.

      updateStrategy
      UpdateStrategy
      (Optional)

      UpdateStrategy specifies the UpdateStrategy that will be employed to update ManagedSeeds / Shoots in the ManagedSeedSet when a revision is made to Template / ShootTemplate.

      revisionHistoryLimit
      int32
      (Optional)

      RevisionHistoryLimit is the maximum number of revisions that will be maintained in the ManagedSeedSet’s revision history. Defaults to 10. This field is immutable.

      status
      ManagedSeedSetStatus
      (Optional)

      Status is the current status of ManagedSeeds and Shoots in this ManagedSeedSet.

      Bootstrap (string alias)

      (Appears on: Gardenlet)

      Bootstrap describes a mechanism for bootstrapping gardenlet connection to the Garden cluster.

      Gardenlet

      (Appears on: ManagedSeedSpec)

      Gardenlet specifies gardenlet deployment parameters and the GardenletConfiguration used to configure gardenlet.

      FieldDescription
      deployment
      GardenletDeployment
      (Optional)

      Deployment specifies certain gardenlet deployment parameters, such as the number of replicas, the image, etc.

      config
      k8s.io/apimachinery/pkg/runtime.RawExtension
      (Optional)

      Config is the GardenletConfiguration used to configure gardenlet.

      bootstrap
      Bootstrap
      (Optional)

      Bootstrap is the mechanism that should be used for bootstrapping gardenlet connection to the Garden cluster. One of ServiceAccount, BootstrapToken, None. If set to ServiceAccount or BootstrapToken, a service account or a bootstrap token will be created in the garden cluster and used to compute the bootstrap kubeconfig. If set to None, the gardenClientConnection.kubeconfig field will be used to connect to the Garden cluster. Defaults to BootstrapToken. This field is immutable.

      mergeWithParent
      bool
      (Optional)

      MergeWithParent specifies whether the GardenletConfiguration of the parent gardenlet should be merged with the specified GardenletConfiguration. Defaults to true. This field is immutable.

      GardenletDeployment

      (Appears on: Gardenlet)

      GardenletDeployment specifies certain gardenlet deployment parameters, such as the number of replicas, the image, etc.

      FieldDescription
      replicaCount
      int32
      (Optional)

      ReplicaCount is the number of gardenlet replicas. Defaults to 2.

      revisionHistoryLimit
      int32
      (Optional)

      RevisionHistoryLimit is the number of old gardenlet ReplicaSets to retain to allow rollback. Defaults to 2.

      serviceAccountName
      string
      (Optional)

      ServiceAccountName is the name of the ServiceAccount to use to run gardenlet pods.

      image
      Image
      (Optional)

      Image is the gardenlet container image.

      resources
      Kubernetes core/v1.ResourceRequirements
      (Optional)

      Resources are the compute resources required by the gardenlet container.

      podLabels
      map[string]string
      (Optional)

      PodLabels are the labels on gardenlet pods.

      podAnnotations
      map[string]string
      (Optional)

      PodAnnotations are the annotations on gardenlet pods.

      additionalVolumes
      []Kubernetes core/v1.Volume
      (Optional)

      AdditionalVolumes is the list of additional volumes that should be mounted by gardenlet containers.

      additionalVolumeMounts
      []Kubernetes core/v1.VolumeMount
      (Optional)

      AdditionalVolumeMounts is the list of additional pod volumes to mount into the gardenlet container’s filesystem.

      env
      []Kubernetes core/v1.EnvVar
      (Optional)

      Env is the list of environment variables to set in the gardenlet container.

      vpa
      bool
      (Optional)

      VPA specifies whether to enable VPA for gardenlet. Defaults to true.

      Image

      (Appears on: GardenletDeployment)

      Image specifies container image parameters.

      FieldDescription
      repository
      string
      (Optional)

      Repository is the image repository.

      tag
      string
      (Optional)

      Tag is the image tag.

      pullPolicy
      Kubernetes core/v1.PullPolicy
      (Optional)

      PullPolicy is the image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if latest tag is specified, or IfNotPresent otherwise.

      ManagedSeedSetSpec

      (Appears on: ManagedSeedSet)

      ManagedSeedSetSpec is the specification of a ManagedSeedSet.

      FieldDescription
      replicas
      int32
      (Optional)

      Replicas is the desired number of replicas of the given Template. Defaults to 1.

      selector
      Kubernetes meta/v1.LabelSelector

      Selector is a label query over ManagedSeeds and Shoots that should match the replica count. It must match the ManagedSeeds and Shoots template’s labels. This field is immutable.

      template
      ManagedSeedTemplate

      Template describes the ManagedSeed that will be created if insufficient replicas are detected. Each ManagedSeed created / updated by the ManagedSeedSet will fulfill this template.

      shootTemplate
      github.com/gardener/gardener/pkg/apis/core/v1beta1.ShootTemplate

      ShootTemplate describes the Shoot that will be created if insufficient replicas are detected for hosting the corresponding ManagedSeed. Each Shoot created / updated by the ManagedSeedSet will fulfill this template.

      updateStrategy
      UpdateStrategy
      (Optional)

      UpdateStrategy specifies the UpdateStrategy that will be employed to update ManagedSeeds / Shoots in the ManagedSeedSet when a revision is made to Template / ShootTemplate.

      revisionHistoryLimit
      int32
      (Optional)

      RevisionHistoryLimit is the maximum number of revisions that will be maintained in the ManagedSeedSet’s revision history. Defaults to 10. This field is immutable.

      ManagedSeedSetStatus

      (Appears on: ManagedSeedSet)

      ManagedSeedSetStatus represents the current state of a ManagedSeedSet.

      FieldDescription
      observedGeneration
      int64

      ObservedGeneration is the most recent generation observed for this ManagedSeedSet. It corresponds to the ManagedSeedSet’s generation, which is updated on mutation by the API Server.

      replicas
      int32

      Replicas is the number of replicas (ManagedSeeds and their corresponding Shoots) created by the ManagedSeedSet controller.

      readyReplicas
      int32

      ReadyReplicas is the number of ManagedSeeds created by the ManagedSeedSet controller that have a Ready Condition.

      nextReplicaNumber
      int32

      NextReplicaNumber is the ordinal number that will be assigned to the next replica of the ManagedSeedSet.

      currentReplicas
      int32

      CurrentReplicas is the number of ManagedSeeds created by the ManagedSeedSet controller from the ManagedSeedSet version indicated by CurrentRevision.

      updatedReplicas
      int32

      UpdatedReplicas is the number of ManagedSeeds created by the ManagedSeedSet controller from the ManagedSeedSet version indicated by UpdateRevision.

      currentRevision
      string

      CurrentRevision, if not empty, indicates the version of the ManagedSeedSet used to generate ManagedSeeds with smaller ordinal numbers during updates.

      updateRevision
      string

      UpdateRevision, if not empty, indicates the version of the ManagedSeedSet used to generate ManagedSeeds with larger ordinal numbers during updates

      collisionCount
      int32
      (Optional)

      CollisionCount is the count of hash collisions for the ManagedSeedSet. The ManagedSeedSet controller uses this field as a collision avoidance mechanism when it needs to create the name for the newest ControllerRevision.

      conditions
      []github.com/gardener/gardener/pkg/apis/core/v1beta1.Condition
      (Optional)

      Conditions represents the latest available observations of a ManagedSeedSet’s current state.

      pendingReplica
      PendingReplica
      (Optional)

      PendingReplica, if not empty, indicates the replica that is currently pending creation, update, or deletion. This replica is in a state that requires the controller to wait for it to change before advancing to the next replica.

      ManagedSeedSpec

      (Appears on: ManagedSeed, ManagedSeedTemplate)

      ManagedSeedSpec is the specification of a ManagedSeed.

      FieldDescription
      shoot
      Shoot
      (Optional)

      Shoot references a Shoot that should be registered as Seed. This field is immutable.

      gardenlet
      Gardenlet
      (Optional)

      Gardenlet specifies that the ManagedSeed controller should deploy a gardenlet into the cluster with the given deployment parameters and GardenletConfiguration.

      ManagedSeedStatus

      (Appears on: ManagedSeed)

      ManagedSeedStatus is the status of a ManagedSeed.

      FieldDescription
      conditions
      []github.com/gardener/gardener/pkg/apis/core/v1beta1.Condition
      (Optional)

      Conditions represents the latest available observations of a ManagedSeed’s current state.

      observedGeneration
      int64

      ObservedGeneration is the most recent generation observed for this ManagedSeed. It corresponds to the ManagedSeed’s generation, which is updated on mutation by the API Server.

      ManagedSeedTemplate

      (Appears on: ManagedSeedSetSpec)

      ManagedSeedTemplate is a template for creating a ManagedSeed object.

      FieldDescription
      metadata
      Kubernetes meta/v1.ObjectMeta
      (Optional)

      Standard object metadata.

      Refer to the Kubernetes API documentation for the fields of the metadata field.
      spec
      ManagedSeedSpec
      (Optional)

      Specification of the desired behavior of the ManagedSeed.



      shoot
      Shoot
      (Optional)

      Shoot references a Shoot that should be registered as Seed. This field is immutable.

      gardenlet
      Gardenlet
      (Optional)

      Gardenlet specifies that the ManagedSeed controller should deploy a gardenlet into the cluster with the given deployment parameters and GardenletConfiguration.

      PendingReplica

      (Appears on: ManagedSeedSetStatus)

      PendingReplica contains information about a replica that is currently pending creation, update, or deletion.

      FieldDescription
      name
      string

      Name is the replica name.

      reason
      PendingReplicaReason

      Reason is the reason for the replica to be pending.

      since
      Kubernetes meta/v1.Time

      Since is the moment in time since the replica is pending with the specified reason.

      retries
      int32
      (Optional)

      Retries is the number of times the shoot operation (reconcile or delete) has been retried after having failed. Only applicable if Reason is ShootReconciling or ShootDeleting.

      PendingReplicaReason (string alias)

      (Appears on: PendingReplica)

      PendingReplicaReason is a string enumeration type that enumerates all possible reasons for a replica to be pending.

      RollingUpdateStrategy

      (Appears on: UpdateStrategy)

      RollingUpdateStrategy is used to communicate parameters for RollingUpdateStrategyType.

      FieldDescription
      partition
      int32
      (Optional)

      Partition indicates the ordinal at which the ManagedSeedSet should be partitioned. Defaults to 0.

      Shoot

      (Appears on: ManagedSeedSpec)

      Shoot identifies the Shoot that should be registered as Seed.

      FieldDescription
      name
      string

      Name is the name of the Shoot that will be registered as Seed.

      UpdateStrategy

      (Appears on: ManagedSeedSetSpec)

      UpdateStrategy specifies the strategy that the ManagedSeedSet controller will use to perform updates. It includes any additional parameters necessary to perform the update for the indicated strategy.

      FieldDescription
      type
      UpdateStrategyType
      (Optional)

      Type indicates the type of the UpdateStrategy. Defaults to RollingUpdate.

      rollingUpdate
      RollingUpdateStrategy
      (Optional)

      RollingUpdate is used to communicate parameters when Type is RollingUpdateStrategyType.

      UpdateStrategyType (string alias)

      (Appears on: UpdateStrategy)

      UpdateStrategyType is a string enumeration type that enumerates all possible update strategies for the ManagedSeedSet controller.


      Generated with gen-crd-api-reference-docs

      9 - Settings

      Packages:

      settings.gardener.cloud/v1alpha1

      Package v1alpha1 is a version of the API.

      Resource Types:

      ClusterOpenIDConnectPreset

      ClusterOpenIDConnectPreset is a OpenID Connect configuration that is applied to a Shoot objects cluster-wide.

      FieldDescription
      apiVersion
      string
      settings.gardener.cloud/v1alpha1
      kind
      string
      ClusterOpenIDConnectPreset
      metadata
      Kubernetes meta/v1.ObjectMeta

      Standard object metadata.

      Refer to the Kubernetes API documentation for the fields of the metadata field.
      spec
      ClusterOpenIDConnectPresetSpec

      Spec is the specification of this OpenIDConnect preset.



      OpenIDConnectPresetSpec
      OpenIDConnectPresetSpec

      (Members of OpenIDConnectPresetSpec are embedded into this type.)

      projectSelector
      Kubernetes meta/v1.LabelSelector
      (Optional)

      Project decides whether to apply the configuration if the Shoot is in a specific Project matching the label selector. Use the selector only if the OIDC Preset is opt-in, because end users may skip the admission by setting the labels. Defaults to the empty LabelSelector, which matches everything.

      OpenIDConnectPreset

      OpenIDConnectPreset is a OpenID Connect configuration that is applied to a Shoot in a namespace.

      FieldDescription
      apiVersion
      string
      settings.gardener.cloud/v1alpha1
      kind
      string
      OpenIDConnectPreset
      metadata
      Kubernetes meta/v1.ObjectMeta

      Standard object metadata.

      Refer to the Kubernetes API documentation for the fields of the metadata field.
      spec
      OpenIDConnectPresetSpec

      Spec is the specification of this OpenIDConnect preset.



      server
      KubeAPIServerOpenIDConnect

      Server contains the kube-apiserver’s OpenID Connect configuration. This configuration is not overwritting any existing OpenID Connect configuration already set on the Shoot object.

      client
      OpenIDConnectClientAuthentication
      (Optional)

      Client contains the configuration used for client OIDC authentication of Shoot clusters. This configuration is not overwritting any existing OpenID Connect client authentication already set on the Shoot object.

      shootSelector
      Kubernetes meta/v1.LabelSelector
      (Optional)

      ShootSelector decides whether to apply the configuration if the Shoot has matching labels. Use the selector only if the OIDC Preset is opt-in, because end users may skip the admission by setting the labels. Default to the empty LabelSelector, which matches everything.

      weight
      int32

      Weight associated with matching the corresponding preset, in the range 1-100. Required.

      ClusterOpenIDConnectPresetSpec

      (Appears on: ClusterOpenIDConnectPreset)

      ClusterOpenIDConnectPresetSpec contains the OpenIDConnect specification and project selector matching Shoots in Projects.

      FieldDescription
      OpenIDConnectPresetSpec
      OpenIDConnectPresetSpec

      (Members of OpenIDConnectPresetSpec are embedded into this type.)

      projectSelector
      Kubernetes meta/v1.LabelSelector
      (Optional)

      Project decides whether to apply the configuration if the Shoot is in a specific Project matching the label selector. Use the selector only if the OIDC Preset is opt-in, because end users may skip the admission by setting the labels. Defaults to the empty LabelSelector, which matches everything.

      KubeAPIServerOpenIDConnect

      (Appears on: OpenIDConnectPresetSpec)

      KubeAPIServerOpenIDConnect contains configuration settings for the OIDC provider. Note: Descriptions were taken from the Kubernetes documentation.

      FieldDescription
      caBundle
      string
      (Optional)

      If set, the OpenID server’s certificate will be verified by one of the authorities in the oidc-ca-file, otherwise the host’s root CA set will be used.

      clientID
      string

      The client ID for the OpenID Connect client. Required.

      groupsClaim
      string
      (Optional)

      If provided, the name of a custom OpenID Connect claim for specifying user groups. The claim value is expected to be a string or array of strings. This field is experimental, please see the authentication documentation for further details.

      groupsPrefix
      string
      (Optional)

      If provided, all groups will be prefixed with this value to prevent conflicts with other authentication strategies.

      issuerURL
      string

      The URL of the OpenID issuer, only HTTPS scheme will be accepted. If set, it will be used to verify the OIDC JSON Web Token (JWT). Required.

      requiredClaims
      map[string]string
      (Optional)

      key=value pairs that describes a required claim in the ID Token. If set, the claim is verified to be present in the ID Token with a matching value.

      signingAlgs
      []string
      (Optional)

      List of allowed JOSE asymmetric signing algorithms. JWTs with a ‘alg’ header value not in this list will be rejected. Values are defined by RFC 7518 https://tools.ietf.org/html/rfc7518#section-3.1 Defaults to [RS256]

      usernameClaim
      string
      (Optional)

      The OpenID claim to use as the user name. Note that claims other than the default (‘sub’) is not guaranteed to be unique and immutable. This field is experimental, please see the authentication documentation for further details. Defaults to “sub”.

      usernamePrefix
      string
      (Optional)

      If provided, all usernames will be prefixed with this value. If not provided, username claims other than ‘email’ are prefixed by the issuer URL to avoid clashes. To skip any prefixing, provide the value ‘-’.

      OpenIDConnectClientAuthentication

      (Appears on: OpenIDConnectPresetSpec)

      OpenIDConnectClientAuthentication contains configuration for OIDC clients.

      FieldDescription
      secret
      string
      (Optional)

      The client Secret for the OpenID Connect client.

      extraConfig
      map[string]string
      (Optional)

      Extra configuration added to kubeconfig’s auth-provider. Must not be any of idp-issuer-url, client-id, client-secret, idp-certificate-authority, idp-certificate-authority-data, id-token or refresh-token

      OpenIDConnectPresetSpec

      (Appears on: OpenIDConnectPreset, ClusterOpenIDConnectPresetSpec)

      OpenIDConnectPresetSpec contains the Shoot selector for which a specific OpenID Connect configuration is applied.

      FieldDescription
      server
      KubeAPIServerOpenIDConnect

      Server contains the kube-apiserver’s OpenID Connect configuration. This configuration is not overwritting any existing OpenID Connect configuration already set on the Shoot object.

      client
      OpenIDConnectClientAuthentication
      (Optional)

      Client contains the configuration used for client OIDC authentication of Shoot clusters. This configuration is not overwritting any existing OpenID Connect client authentication already set on the Shoot object.

      shootSelector
      Kubernetes meta/v1.LabelSelector
      (Optional)

      ShootSelector decides whether to apply the configuration if the Shoot has matching labels. Use the selector only if the OIDC Preset is opt-in, because end users may skip the admission by setting the labels. Default to the empty LabelSelector, which matches everything.

      weight
      int32

      Weight associated with matching the corresponding preset, in the range 1-100. Required.


      Generated with gen-crd-api-reference-docs