1 - Authentication

Packages:

authentication.gardener.cloud/v1alpha1

Package v1alpha1 is a version of the API. “authentication.gardener.cloud/v1alpha1” API is already used for CRD registration and must not be served by the API server.

Resource Types:

    AdminKubeconfigRequest

    AdminKubeconfigRequest can be used to request a kubeconfig with admin credentials for a Shoot cluster.

    FieldDescription
    metadata
    Kubernetes meta/v1.ObjectMeta

    Standard object metadata.

    Refer to the Kubernetes API documentation for the fields of the metadata field.
    spec
    AdminKubeconfigRequestSpec

    Spec is the specification of the AdminKubeconfigRequest.



    expirationSeconds
    int64
    (Optional)

    ExpirationSeconds is the requested validity duration of the credential. The credential issuer may return a credential with a different validity duration so a client needs to check the ‘expirationTimestamp’ field in a response. Defaults to 1 hour.

    status
    AdminKubeconfigRequestStatus

    Status is the status of the AdminKubeconfigRequest.

    AdminKubeconfigRequestSpec

    (Appears on: AdminKubeconfigRequest)

    AdminKubeconfigRequestSpec contains the expiration time of the kubeconfig.

    FieldDescription
    expirationSeconds
    int64
    (Optional)

    ExpirationSeconds is the requested validity duration of the credential. The credential issuer may return a credential with a different validity duration so a client needs to check the ‘expirationTimestamp’ field in a response. Defaults to 1 hour.

    AdminKubeconfigRequestStatus

    (Appears on: AdminKubeconfigRequest)

    AdminKubeconfigRequestStatus is the status of the AdminKubeconfigRequest containing the kubeconfig and expiration of the credential.

    FieldDescription
    kubeconfig
    []byte

    Kubeconfig contains the kubeconfig with cluster-admin privileges for the shoot cluster.

    expirationTimestamp
    Kubernetes meta/v1.Time

    ExpirationTimestamp is the expiration timestamp of the returned credential.

    ViewerKubeconfigRequest

    ViewerKubeconfigRequest can be used to request a kubeconfig with viewer credentials (excluding Secrets) for a Shoot cluster.

    FieldDescription
    metadata
    Kubernetes meta/v1.ObjectMeta

    Standard object metadata.

    Refer to the Kubernetes API documentation for the fields of the metadata field.
    spec
    ViewerKubeconfigRequestSpec

    Spec is the specification of the ViewerKubeconfigRequest.



    expirationSeconds
    int64
    (Optional)

    ExpirationSeconds is the requested validity duration of the credential. The credential issuer may return a credential with a different validity duration so a client needs to check the ‘expirationTimestamp’ field in a response. Defaults to 1 hour.

    status
    ViewerKubeconfigRequestStatus

    Status is the status of the ViewerKubeconfigRequest.

    ViewerKubeconfigRequestSpec

    (Appears on: ViewerKubeconfigRequest)

    ViewerKubeconfigRequestSpec contains the expiration time of the kubeconfig.

    FieldDescription
    expirationSeconds
    int64
    (Optional)

    ExpirationSeconds is the requested validity duration of the credential. The credential issuer may return a credential with a different validity duration so a client needs to check the ‘expirationTimestamp’ field in a response. Defaults to 1 hour.

    ViewerKubeconfigRequestStatus

    (Appears on: ViewerKubeconfigRequest)

    ViewerKubeconfigRequestStatus is the status of the ViewerKubeconfigRequest containing the kubeconfig and expiration of the credential.

    FieldDescription
    kubeconfig
    []byte

    Kubeconfig contains the kubeconfig with viewer privileges (excluding Secrets) for the shoot cluster.

    expirationTimestamp
    Kubernetes meta/v1.Time

    ExpirationTimestamp is the expiration timestamp of the returned credential.


    Generated with gen-crd-api-reference-docs

    2 - Core

    Packages:

    core.gardener.cloud/v1beta1

    Package v1beta1 is a version of the API.

    Resource Types:

    BackupBucket

    BackupBucket holds details about backup bucket

    FieldDescription
    apiVersion
    string
    core.gardener.cloud/v1beta1
    kind
    string
    BackupBucket
    metadata
    Kubernetes meta/v1.ObjectMeta

    Standard object metadata.

    Refer to the Kubernetes API documentation for the fields of the metadata field.
    spec
    BackupBucketSpec

    Specification of the Backup Bucket.



    provider
    BackupBucketProvider

    Provider holds the details of cloud provider of the object store. This field is immutable.

    providerConfig
    k8s.io/apimachinery/pkg/runtime.RawExtension
    (Optional)

    ProviderConfig is the configuration passed to BackupBucket resource.

    secretRef
    Kubernetes core/v1.SecretReference

    SecretRef is a reference to a secret that contains the credentials to access object store.

    seedName
    string
    (Optional)

    SeedName holds the name of the seed allocated to BackupBucket for running controller. This field is immutable.

    status
    BackupBucketStatus

    Most recently observed status of the Backup Bucket.

    BackupEntry

    BackupEntry holds details about shoot backup.

    FieldDescription
    apiVersion
    string
    core.gardener.cloud/v1beta1
    kind
    string
    BackupEntry
    metadata
    Kubernetes meta/v1.ObjectMeta

    Standard object metadata.

    Refer to the Kubernetes API documentation for the fields of the metadata field.
    spec
    BackupEntrySpec
    (Optional)

    Spec contains the specification of the Backup Entry.



    bucketName
    string

    BucketName is the name of backup bucket for this Backup Entry.

    seedName
    string
    (Optional)

    SeedName holds the name of the seed to which this BackupEntry is scheduled

    status
    BackupEntryStatus
    (Optional)

    Status contains the most recently observed status of the Backup Entry.

    CloudProfile

    CloudProfile represents certain properties about a provider environment.

    FieldDescription
    apiVersion
    string
    core.gardener.cloud/v1beta1
    kind
    string
    CloudProfile
    metadata
    Kubernetes meta/v1.ObjectMeta
    (Optional)

    Standard object metadata.

    Refer to the Kubernetes API documentation for the fields of the metadata field.
    spec
    CloudProfileSpec
    (Optional)

    Spec defines the provider environment properties.



    caBundle
    string
    (Optional)

    CABundle is a certificate bundle which will be installed onto every host machine of shoot cluster targeting this profile.

    kubernetes
    KubernetesSettings

    Kubernetes contains constraints regarding allowed values of the ‘kubernetes’ block in the Shoot specification.

    machineImages
    []MachineImage

    MachineImages contains constraints regarding allowed values for machine images in the Shoot specification.

    machineTypes
    []MachineType

    MachineTypes contains constraints regarding allowed values for machine types in the ‘workers’ block in the Shoot specification.

    providerConfig
    k8s.io/apimachinery/pkg/runtime.RawExtension
    (Optional)

    ProviderConfig contains provider-specific configuration for the profile.

    regions
    []Region

    Regions contains constraints regarding allowed values for regions and zones.

    seedSelector
    SeedSelector
    (Optional)

    SeedSelector contains an optional list of labels on Seed resources that marks those seeds whose shoots may use this provider profile. An empty list means that all seeds of the same provider type are supported. This is useful for environments that are of the same type (like openstack) but may have different “instances”/landscapes. Optionally a list of possible providers can be added to enable cross-provider scheduling. By default, the provider type of the seed must match the shoot’s provider.

    type
    string

    Type is the name of the provider.

    volumeTypes
    []VolumeType
    (Optional)

    VolumeTypes contains constraints regarding allowed values for volume types in the ‘workers’ block in the Shoot specification.

    bastion
    Bastion
    (Optional)

    Bastion contains the machine and image properties

    ControllerDeployment

    ControllerDeployment contains information about how this controller is deployed.

    FieldDescription
    apiVersion
    string
    core.gardener.cloud/v1beta1
    kind
    string
    ControllerDeployment
    metadata
    Kubernetes meta/v1.ObjectMeta

    Standard object metadata.

    Refer to the Kubernetes API documentation for the fields of the metadata field.
    type
    string

    Type is the deployment type.

    providerConfig
    k8s.io/apimachinery/pkg/runtime.RawExtension

    ProviderConfig contains type-specific configuration. It contains assets that deploy the controller.

    ControllerInstallation

    ControllerInstallation represents an installation request for an external controller.

    FieldDescription
    apiVersion
    string
    core.gardener.cloud/v1beta1
    kind
    string
    ControllerInstallation
    metadata
    Kubernetes meta/v1.ObjectMeta

    Standard object metadata.

    Refer to the Kubernetes API documentation for the fields of the metadata field.
    spec
    ControllerInstallationSpec

    Spec contains the specification of this installation. If the object’s deletion timestamp is set, this field is immutable.



    registrationRef
    Kubernetes core/v1.ObjectReference

    RegistrationRef is used to reference a ControllerRegistration resource. The name field of the RegistrationRef is immutable.

    seedRef
    Kubernetes core/v1.ObjectReference

    SeedRef is used to reference a Seed resource. The name field of the SeedRef is immutable.

    deploymentRef
    Kubernetes core/v1.ObjectReference
    (Optional)

    DeploymentRef is used to reference a ControllerDeployment resource.

    status
    ControllerInstallationStatus

    Status contains the status of this installation.

    ControllerRegistration

    ControllerRegistration represents a registration of an external controller.

    FieldDescription
    apiVersion
    string
    core.gardener.cloud/v1beta1
    kind
    string
    ControllerRegistration
    metadata
    Kubernetes meta/v1.ObjectMeta

    Standard object metadata.

    Refer to the Kubernetes API documentation for the fields of the metadata field.
    spec
    ControllerRegistrationSpec

    Spec contains the specification of this registration. If the object’s deletion timestamp is set, this field is immutable.



    resources
    []ControllerResource
    (Optional)

    Resources is a list of combinations of kinds (DNSProvider, Infrastructure, Generic, …) and their actual types (aws-route53, gcp, auditlog, …).

    deployment
    ControllerRegistrationDeployment
    (Optional)

    Deployment contains information for how this controller is deployed.

    ExposureClass

    ExposureClass represents a control plane endpoint exposure strategy.

    FieldDescription
    apiVersion
    string
    core.gardener.cloud/v1beta1
    kind
    string
    ExposureClass
    metadata
    Kubernetes meta/v1.ObjectMeta
    (Optional)

    Standard object metadata.

    Refer to the Kubernetes API documentation for the fields of the metadata field.
    handler
    string

    Handler is the name of the handler which applies the control plane endpoint exposure strategy. This field is immutable.

    scheduling
    ExposureClassScheduling
    (Optional)

    Scheduling holds information how to select applicable Seed’s for ExposureClass usage. This field is immutable.

    InternalSecret

    InternalSecret holds secret data of a certain type. The total bytes of the values in the Data field must be less than MaxSecretSize bytes.

    FieldDescription
    apiVersion
    string
    core.gardener.cloud/v1beta1
    kind
    string
    InternalSecret
    metadata
    Kubernetes meta/v1.ObjectMeta
    (Optional)

    Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

    Refer to the Kubernetes API documentation for the fields of the metadata field.
    immutable
    bool
    (Optional)

    Immutable, if set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified). If not set to true, the field can be modified at any time. Defaulted to nil.

    data
    map[string][]byte
    (Optional)

    Data contains the secret data. Each key must consist of alphanumeric characters, ‘-’, ‘_’ or ‘.’. The serialized form of the secret data is a base64 encoded string, representing the arbitrary (possibly non-string) data value here. Described in https://tools.ietf.org/html/rfc4648#section-4

    stringData
    map[string]string
    (Optional)

    stringData allows specifying non-binary secret data in string form. It is provided as a write-only input field for convenience. All keys and values are merged into the data field on write, overwriting any existing values. The stringData field is never output when reading from the API.

    type
    Kubernetes core/v1.SecretType
    (Optional)

    Used to facilitate programmatic handling of secret data. More info: https://kubernetes.io/docs/concepts/configuration/secret/#secret-types

    NamespacedCloudProfile

    NamespacedCloudProfile represents certain properties about a provider environment.

    FieldDescription
    apiVersion
    string
    core.gardener.cloud/v1beta1
    kind
    string
    NamespacedCloudProfile
    metadata
    Kubernetes meta/v1.ObjectMeta

    Standard object metadata.

    Refer to the Kubernetes API documentation for the fields of the metadata field.
    spec
    NamespacedCloudProfileSpec

    Spec defines the provider environment properties.



    caBundle
    string
    (Optional)

    CABundle is a certificate bundle which will be installed onto every host machine of shoot cluster targeting this profile.

    kubernetes
    KubernetesSettings
    (Optional)

    Kubernetes contains constraints regarding allowed values of the ‘kubernetes’ block in the Shoot specification.

    machineImages
    []MachineImage
    (Optional)

    MachineImages contains constraints regarding allowed values for machine images in the Shoot specification.

    machineTypes
    []MachineType
    (Optional)

    MachineTypes contains constraints regarding allowed values for machine types in the ‘workers’ block in the Shoot specification.

    volumeTypes
    []VolumeType
    (Optional)

    VolumeTypes contains constraints regarding allowed values for volume types in the ‘workers’ block in the Shoot specification.

    parent
    CloudProfileReference

    Parent contains a reference to a CloudProfile it inherits from.

    providerConfig
    k8s.io/apimachinery/pkg/runtime.RawExtension
    (Optional)

    ProviderConfig contains provider-specific configuration for the profile.

    status
    NamespacedCloudProfileStatus

    Most recently observed status of the NamespacedCloudProfile.

    Project

    Project holds certain properties about a Gardener project.

    FieldDescription
    apiVersion
    string
    core.gardener.cloud/v1beta1
    kind
    string
    Project
    metadata
    Kubernetes meta/v1.ObjectMeta
    (Optional)

    Standard object metadata.

    Refer to the Kubernetes API documentation for the fields of the metadata field.
    spec
    ProjectSpec
    (Optional)

    Spec defines the project properties.



    createdBy
    Kubernetes rbac/v1.Subject
    (Optional)

    CreatedBy is a subject representing a user name, an email address, or any other identifier of a user who created the project. This field is immutable.

    description
    string
    (Optional)

    Description is a human-readable description of what the project is used for.

    owner
    Kubernetes rbac/v1.Subject
    (Optional)

    Owner is a subject representing a user name, an email address, or any other identifier of a user owning the project. IMPORTANT: Be aware that this field will be removed in the v1 version of this API in favor of the owner role. The only way to change the owner will be by moving the owner role. In this API version the only way to change the owner is to use this field. TODO: Remove this field in favor of the owner role in v1.

    purpose
    string
    (Optional)

    Purpose is a human-readable explanation of the project’s purpose.

    members
    []ProjectMember
    (Optional)

    Members is a list of subjects representing a user name, an email address, or any other identifier of a user, group, or service account that has a certain role.

    namespace
    string
    (Optional)

    Namespace is the name of the namespace that has been created for the Project object. A nil value means that Gardener will determine the name of the namespace. This field is immutable.

    tolerations
    ProjectTolerations
    (Optional)

    Tolerations contains the tolerations for taints on seed clusters.

    dualApprovalForDeletion
    []DualApprovalForDeletion
    (Optional)

    DualApprovalForDeletion contains configuration for the dual approval concept for resource deletion.

    status
    ProjectStatus
    (Optional)

    Most recently observed status of the Project.

    Quota

    Quota represents a quota on resources consumed by shoot clusters either per project or per provider secret.

    FieldDescription
    apiVersion
    string
    core.gardener.cloud/v1beta1
    kind
    string
    Quota
    metadata
    Kubernetes meta/v1.ObjectMeta
    (Optional)

    Standard object metadata.

    Refer to the Kubernetes API documentation for the fields of the metadata field.
    spec
    QuotaSpec
    (Optional)

    Spec defines the Quota constraints.



    clusterLifetimeDays
    int32
    (Optional)

    ClusterLifetimeDays is the lifetime of a Shoot cluster in days before it will be terminated automatically.

    metrics
    Kubernetes core/v1.ResourceList

    Metrics is a list of resources which will be put under constraints.

    scope
    Kubernetes core/v1.ObjectReference

    Scope is the scope of the Quota object, either ‘project’, ‘secret’ or ‘workloadidentity’. This field is immutable.

    SecretBinding

    SecretBinding represents a binding to a secret in the same or another namespace.

    FieldDescription
    apiVersion
    string
    core.gardener.cloud/v1beta1
    kind
    string
    SecretBinding
    metadata
    Kubernetes meta/v1.ObjectMeta
    (Optional)

    Standard object metadata.

    Refer to the Kubernetes API documentation for the fields of the metadata field.
    secretRef
    Kubernetes core/v1.SecretReference

    SecretRef is a reference to a secret object in the same or another namespace. This field is immutable.

    quotas
    []Kubernetes core/v1.ObjectReference
    (Optional)

    Quotas is a list of references to Quota objects in the same or another namespace. This field is immutable.

    provider
    SecretBindingProvider
    (Optional)

    Provider defines the provider type of the SecretBinding. This field is immutable.

    Seed

    Seed represents an installation request for an external controller.

    FieldDescription
    apiVersion
    string
    core.gardener.cloud/v1beta1
    kind
    string
    Seed
    metadata
    Kubernetes meta/v1.ObjectMeta

    Standard object metadata.

    Refer to the Kubernetes API documentation for the fields of the metadata field.
    spec
    SeedSpec

    Spec contains the specification of this installation.



    backup
    SeedBackup
    (Optional)

    Backup holds the object store configuration for the backups of shoot (currently only etcd). If it is not specified, then there won’t be any backups taken for shoots associated with this seed. If backup field is present in seed, then backups of the etcd from shoot control plane will be stored under the configured object store.

    dns
    SeedDNS

    DNS contains DNS-relevant information about this seed cluster.

    networks
    SeedNetworks

    Networks defines the pod, service and worker network of the Seed cluster.

    provider
    SeedProvider

    Provider defines the provider type and region for this Seed cluster.

    taints
    []SeedTaint
    (Optional)

    Taints describes taints on the seed.

    volume
    SeedVolume
    (Optional)

    Volume contains settings for persistentvolumes created in the seed cluster.

    settings
    SeedSettings
    (Optional)

    Settings contains certain settings for this seed cluster.

    ingress
    Ingress
    (Optional)

    Ingress configures Ingress specific settings of the Seed cluster. This field is immutable.

    accessRestrictions
    []AccessRestriction
    (Optional)

    AccessRestrictions describe a list of access restrictions for this seed cluster.

    status
    SeedStatus

    Status contains the status of this installation.

    Shoot

    Shoot represents a Shoot cluster created and managed by Gardener.

    FieldDescription
    apiVersion
    string
    core.gardener.cloud/v1beta1
    kind
    string
    Shoot
    metadata
    Kubernetes meta/v1.ObjectMeta
    (Optional)

    Standard object metadata.

    Refer to the Kubernetes API documentation for the fields of the metadata field.
    spec
    ShootSpec
    (Optional)

    Specification of the Shoot cluster. If the object’s deletion timestamp is set, this field is immutable.



    addons
    Addons
    (Optional)

    Addons contains information about enabled/disabled addons and their configuration.

    cloudProfileName
    string
    (Optional)

    CloudProfileName is a name of a CloudProfile object. This field will be deprecated soon, use CloudProfile instead.

    dns
    DNS
    (Optional)

    DNS contains information about the DNS settings of the Shoot.

    extensions
    []Extension
    (Optional)

    Extensions contain type and provider information for Shoot extensions.

    hibernation
    Hibernation
    (Optional)

    Hibernation contains information whether the Shoot is suspended or not.

    kubernetes
    Kubernetes

    Kubernetes contains the version and configuration settings of the control plane components.

    networking
    Networking
    (Optional)

    Networking contains information about cluster networking such as CNI Plugin type, CIDRs, …etc.

    maintenance
    Maintenance
    (Optional)

    Maintenance contains information about the time window for maintenance operations and which operations should be performed.

    monitoring
    Monitoring
    (Optional)

    Monitoring contains information about custom monitoring configurations for the shoot.

    provider
    Provider

    Provider contains all provider-specific and provider-relevant information.

    purpose
    ShootPurpose
    (Optional)

    Purpose is the purpose class for this cluster.

    region
    string

    Region is a name of a region. This field is immutable.

    secretBindingName
    string
    (Optional)

    SecretBindingName is the name of a SecretBinding that has a reference to the provider secret. The credentials inside the provider secret will be used to create the shoot in the respective account. The field is mutually exclusive with CredentialsBindingName. This field is immutable.

    seedName
    string
    (Optional)

    SeedName is the name of the seed cluster that runs the control plane of the Shoot.

    seedSelector
    SeedSelector
    (Optional)

    SeedSelector is an optional selector which must match a seed’s labels for the shoot to be scheduled on that seed.

    resources
    []NamedResourceReference
    (Optional)

    Resources holds a list of named resource references that can be referred to in extension configs by their names.

    tolerations
    []Toleration
    (Optional)

    Tolerations contains the tolerations for taints on seed clusters.

    exposureClassName
    string
    (Optional)

    ExposureClassName is the optional name of an exposure class to apply a control plane endpoint exposure strategy. This field is immutable.

    systemComponents
    SystemComponents
    (Optional)

    SystemComponents contains the settings of system components in the control or data plane of the Shoot cluster.

    controlPlane
    ControlPlane
    (Optional)

    ControlPlane contains general settings for the control plane of the shoot.

    schedulerName
    string
    (Optional)

    SchedulerName is the name of the responsible scheduler which schedules the shoot. If not specified, the default scheduler takes over. This field is immutable.

    cloudProfile
    CloudProfileReference
    (Optional)

    CloudProfile contains a reference to a CloudProfile or a NamespacedCloudProfile.

    credentialsBindingName
    string
    (Optional)

    CredentialsBindingName is the name of a CredentialsBinding that has a reference to the provider credentials. The credentials will be used to create the shoot in the respective account. The field is mutually exclusive with SecretBindingName.

    accessRestrictions
    []AccessRestrictionWithOptions
    (Optional)

    AccessRestrictions describe a list of access restrictions for this shoot cluster.

    status
    ShootStatus
    (Optional)

    Most recently observed status of the Shoot cluster.

    ShootState

    ShootState contains a snapshot of the Shoot’s state required to migrate the Shoot’s control plane to a new Seed.

    FieldDescription
    apiVersion
    string
    core.gardener.cloud/v1beta1
    kind
    string
    ShootState
    metadata
    Kubernetes meta/v1.ObjectMeta
    (Optional)

    Standard object metadata.

    Refer to the Kubernetes API documentation for the fields of the metadata field.
    spec
    ShootStateSpec
    (Optional)

    Specification of the ShootState.



    gardener
    []GardenerResourceData
    (Optional)

    Gardener holds the data required to generate resources deployed by the gardenlet

    extensions
    []ExtensionResourceState
    (Optional)

    Extensions holds the state of custom resources reconciled by extension controllers in the seed

    resources
    []ResourceData
    (Optional)

    Resources holds the data of resources referred to by extension controller states

    APIServerLogging

    (Appears on: KubeAPIServerConfig)

    APIServerLogging contains configuration for the logs level and http access logs

    FieldDescription
    verbosity
    int32
    (Optional)

    Verbosity is the kube-apiserver log verbosity level Defaults to 2.

    httpAccessVerbosity
    int32
    (Optional)

    HTTPAccessVerbosity is the kube-apiserver access logs level

    APIServerRequests

    (Appears on: KubeAPIServerConfig)

    APIServerRequests contains configuration for request-specific settings for the kube-apiserver.

    FieldDescription
    maxNonMutatingInflight
    int32
    (Optional)

    MaxNonMutatingInflight is the maximum number of non-mutating requests in flight at a given time. When the server exceeds this, it rejects requests.

    maxMutatingInflight
    int32
    (Optional)

    MaxMutatingInflight is the maximum number of mutating requests in flight at a given time. When the server exceeds this, it rejects requests.

    AccessRestriction

    (Appears on: AccessRestrictionWithOptions, Region, SeedSpec)

    AccessRestriction describes an access restriction for a Kubernetes cluster (e.g., EU access-only).

    FieldDescription
    name
    string

    Name is the name of the restriction.

    AccessRestrictionWithOptions

    (Appears on: ShootSpec)

    AccessRestrictionWithOptions describes an access restriction for a Kubernetes cluster (e.g., EU access-only) and allows to specify additional options.

    FieldDescription
    AccessRestriction
    AccessRestriction

    (Members of AccessRestriction are embedded into this type.)

    options
    map[string]string
    (Optional)

    Options is a map of additional options for the access restriction.

    Addon

    (Appears on: KubernetesDashboard, NginxIngress)

    Addon allows enabling or disabling a specific addon and is used to derive from.

    FieldDescription
    enabled
    bool

    Enabled indicates whether the addon is enabled or not.

    Addons

    (Appears on: ShootSpec)

    Addons is a collection of configuration for specific addons which are managed by the Gardener.

    FieldDescription
    kubernetesDashboard
    KubernetesDashboard
    (Optional)

    KubernetesDashboard holds configuration settings for the kubernetes dashboard addon.

    nginxIngress
    NginxIngress
    (Optional)

    NginxIngress holds configuration settings for the nginx-ingress addon.

    AdmissionPlugin

    (Appears on: KubeAPIServerConfig)

    AdmissionPlugin contains information about a specific admission plugin and its corresponding configuration.

    FieldDescription
    name
    string

    Name is the name of the plugin.

    config
    k8s.io/apimachinery/pkg/runtime.RawExtension
    (Optional)

    Config is the configuration of the plugin.

    disabled
    bool
    (Optional)

    Disabled specifies whether this plugin should be disabled.

    kubeconfigSecretName
    string
    (Optional)

    KubeconfigSecretName specifies the name of a secret containing the kubeconfig for this admission plugin.

    Alerting

    (Appears on: Monitoring)

    Alerting contains information about how alerting will be done (i.e. who will receive alerts and how).

    FieldDescription
    emailReceivers
    []string
    (Optional)

    MonitoringEmailReceivers is a list of recipients for alerts

    AuditConfig

    (Appears on: KubeAPIServerConfig)

    AuditConfig contains settings for audit of the api server

    FieldDescription
    auditPolicy
    AuditPolicy
    (Optional)

    AuditPolicy contains configuration settings for audit policy of the kube-apiserver.

    AuditPolicy

    (Appears on: AuditConfig)

    AuditPolicy contains audit policy for kube-apiserver

    FieldDescription
    configMapRef
    Kubernetes core/v1.ObjectReference
    (Optional)

    ConfigMapRef is a reference to a ConfigMap object in the same namespace, which contains the audit policy for the kube-apiserver.

    AuthorizerKubeconfigReference

    (Appears on: StructuredAuthorization)

    AuthorizerKubeconfigReference is a reference for a kubeconfig for a authorization webhook.

    FieldDescription
    authorizerName
    string

    AuthorizerName is the name of a webhook authorizer.

    secretName
    string

    SecretName is the name of a secret containing the kubeconfig.

    AvailabilityZone

    (Appears on: Region)

    AvailabilityZone is an availability zone.

    FieldDescription
    name
    string

    Name is an availability zone name.

    unavailableMachineTypes
    []string
    (Optional)

    UnavailableMachineTypes is a list of machine type names that are not availability in this zone.

    unavailableVolumeTypes
    []string
    (Optional)

    UnavailableVolumeTypes is a list of volume type names that are not availability in this zone.

    BackupBucketProvider

    (Appears on: BackupBucketSpec)

    BackupBucketProvider holds the details of cloud provider of the object store.

    FieldDescription
    type
    string

    Type is the type of provider.

    region
    string

    Region is the region of the bucket.

    BackupBucketSpec

    (Appears on: BackupBucket)

    BackupBucketSpec is the specification of a Backup Bucket.

    FieldDescription
    provider
    BackupBucketProvider

    Provider holds the details of cloud provider of the object store. This field is immutable.

    providerConfig
    k8s.io/apimachinery/pkg/runtime.RawExtension
    (Optional)

    ProviderConfig is the configuration passed to BackupBucket resource.

    secretRef
    Kubernetes core/v1.SecretReference

    SecretRef is a reference to a secret that contains the credentials to access object store.

    seedName
    string
    (Optional)

    SeedName holds the name of the seed allocated to BackupBucket for running controller. This field is immutable.

    BackupBucketStatus

    (Appears on: BackupBucket)

    BackupBucketStatus holds the most recently observed status of the Backup Bucket.

    FieldDescription
    providerStatus
    k8s.io/apimachinery/pkg/runtime.RawExtension
    (Optional)

    ProviderStatus is the configuration passed to BackupBucket resource.

    lastOperation
    LastOperation
    (Optional)

    LastOperation holds information about the last operation on the BackupBucket.

    lastError
    LastError
    (Optional)

    LastError holds information about the last occurred error during an operation.

    observedGeneration
    int64
    (Optional)

    ObservedGeneration is the most recent generation observed for this BackupBucket. It corresponds to the BackupBucket’s generation, which is updated on mutation by the API Server.

    generatedSecretRef
    Kubernetes core/v1.SecretReference
    (Optional)

    GeneratedSecretRef is reference to the secret generated by backup bucket, which will have object store specific credentials.

    BackupEntrySpec

    (Appears on: BackupEntry)

    BackupEntrySpec is the specification of a Backup Entry.

    FieldDescription
    bucketName
    string

    BucketName is the name of backup bucket for this Backup Entry.

    seedName
    string
    (Optional)

    SeedName holds the name of the seed to which this BackupEntry is scheduled

    BackupEntryStatus

    (Appears on: BackupEntry)

    BackupEntryStatus holds the most recently observed status of the Backup Entry.

    FieldDescription
    lastOperation
    LastOperation
    (Optional)

    LastOperation holds information about the last operation on the BackupEntry.

    lastError
    LastError
    (Optional)

    LastError holds information about the last occurred error during an operation.

    observedGeneration
    int64
    (Optional)

    ObservedGeneration is the most recent generation observed for this BackupEntry. It corresponds to the BackupEntry’s generation, which is updated on mutation by the API Server.

    seedName
    string
    (Optional)

    SeedName is the name of the seed to which this BackupEntry is currently scheduled. This field is populated at the beginning of a create/reconcile operation. It is used when moving the BackupEntry between seeds.

    migrationStartTime
    Kubernetes meta/v1.Time
    (Optional)

    MigrationStartTime is the time when a migration to a different seed was initiated.

    Bastion

    (Appears on: CloudProfileSpec)

    Bastion contains the bastions creation info

    FieldDescription
    machineImage
    BastionMachineImage
    (Optional)

    MachineImage contains the bastions machine image properties

    machineType
    BastionMachineType
    (Optional)

    MachineType contains the bastions machine type properties

    BastionMachineImage

    (Appears on: Bastion)

    BastionMachineImage contains the bastions machine image properties

    FieldDescription
    name
    string

    Name of the machine image

    version
    string
    (Optional)

    Version of the machine image

    BastionMachineType

    (Appears on: Bastion)

    BastionMachineType contains the bastions machine type properties

    FieldDescription
    name
    string

    Name of the machine type

    CARotation

    (Appears on: ShootCredentialsRotation)

    CARotation contains information about the certificate authority credential rotation.

    FieldDescription
    phase
    CredentialsRotationPhase

    Phase describes the phase of the certificate authority credential rotation.

    lastCompletionTime
    Kubernetes meta/v1.Time
    (Optional)

    LastCompletionTime is the most recent time when the certificate authority credential rotation was successfully completed.

    lastInitiationTime
    Kubernetes meta/v1.Time
    (Optional)

    LastInitiationTime is the most recent time when the certificate authority credential rotation was initiated.

    lastInitiationFinishedTime
    Kubernetes meta/v1.Time
    (Optional)

    LastInitiationFinishedTime is the recent time when the certificate authority credential rotation initiation was completed.

    lastCompletionTriggeredTime
    Kubernetes meta/v1.Time
    (Optional)

    LastCompletionTriggeredTime is the recent time when the certificate authority credential rotation completion was triggered.

    CRI

    (Appears on: MachineImageVersion, Worker)

    CRI contains information about the Container Runtimes.

    FieldDescription
    name
    CRIName

    The name of the CRI library. Supported values are containerd.

    containerRuntimes
    []ContainerRuntime
    (Optional)

    ContainerRuntimes is the list of the required container runtimes supported for a worker pool.

    CRIName (string alias)

    (Appears on: CRI)

    CRIName is a type alias for the CRI name string.

    CloudProfileReference

    (Appears on: NamespacedCloudProfileSpec, ShootSpec)

    CloudProfileReference holds the information about a CloudProfile or a NamespacedCloudProfile.

    FieldDescription
    kind
    string

    Kind contains a CloudProfile kind.

    name
    string

    Name contains the name of the referenced CloudProfile.

    CloudProfileSpec

    (Appears on: CloudProfile, NamespacedCloudProfileStatus)

    CloudProfileSpec is the specification of a CloudProfile. It must contain exactly one of its defined keys.

    FieldDescription
    caBundle
    string
    (Optional)

    CABundle is a certificate bundle which will be installed onto every host machine of shoot cluster targeting this profile.

    kubernetes
    KubernetesSettings

    Kubernetes contains constraints regarding allowed values of the ‘kubernetes’ block in the Shoot specification.

    machineImages
    []MachineImage

    MachineImages contains constraints regarding allowed values for machine images in the Shoot specification.

    machineTypes
    []MachineType

    MachineTypes contains constraints regarding allowed values for machine types in the ‘workers’ block in the Shoot specification.

    providerConfig
    k8s.io/apimachinery/pkg/runtime.RawExtension
    (Optional)

    ProviderConfig contains provider-specific configuration for the profile.

    regions
    []Region

    Regions contains constraints regarding allowed values for regions and zones.

    seedSelector
    SeedSelector
    (Optional)

    SeedSelector contains an optional list of labels on Seed resources that marks those seeds whose shoots may use this provider profile. An empty list means that all seeds of the same provider type are supported. This is useful for environments that are of the same type (like openstack) but may have different “instances”/landscapes. Optionally a list of possible providers can be added to enable cross-provider scheduling. By default, the provider type of the seed must match the shoot’s provider.

    type
    string

    Type is the name of the provider.

    volumeTypes
    []VolumeType
    (Optional)

    VolumeTypes contains constraints regarding allowed values for volume types in the ‘workers’ block in the Shoot specification.

    bastion
    Bastion
    (Optional)

    Bastion contains the machine and image properties

    ClusterAutoscaler

    (Appears on: Kubernetes)

    ClusterAutoscaler contains the configuration flags for the Kubernetes cluster autoscaler.

    FieldDescription
    scaleDownDelayAfterAdd
    Kubernetes meta/v1.Duration
    (Optional)

    ScaleDownDelayAfterAdd defines how long after scale up that scale down evaluation resumes (default: 1 hour).

    scaleDownDelayAfterDelete
    Kubernetes meta/v1.Duration
    (Optional)

    ScaleDownDelayAfterDelete how long after node deletion that scale down evaluation resumes, defaults to scanInterval (default: 0 secs).

    scaleDownDelayAfterFailure
    Kubernetes meta/v1.Duration
    (Optional)

    ScaleDownDelayAfterFailure how long after scale down failure that scale down evaluation resumes (default: 3 mins).

    scaleDownUnneededTime
    Kubernetes meta/v1.Duration
    (Optional)

    ScaleDownUnneededTime defines how long a node should be unneeded before it is eligible for scale down (default: 30 mins).

    scaleDownUtilizationThreshold
    float64
    (Optional)

    ScaleDownUtilizationThreshold defines the threshold in fraction (0.0 - 1.0) under which a node is being removed (default: 0.5).

    scanInterval
    Kubernetes meta/v1.Duration
    (Optional)

    ScanInterval how often cluster is reevaluated for scale up or down (default: 10 secs).

    expander
    ExpanderMode
    (Optional)

    Expander defines the algorithm to use during scale up (default: least-waste). See: https://github.com/gardener/autoscaler/blob/machine-controller-manager-provider/cluster-autoscaler/FAQ.md#what-are-expanders.

    maxNodeProvisionTime
    Kubernetes meta/v1.Duration
    (Optional)

    MaxNodeProvisionTime defines how long CA waits for node to be provisioned (default: 20 mins).

    maxGracefulTerminationSeconds
    int32
    (Optional)

    MaxGracefulTerminationSeconds is the number of seconds CA waits for pod termination when trying to scale down a node (default: 600).

    ignoreTaints
    []string
    (Optional)

    IgnoreTaints specifies a list of taint keys to ignore in node templates when considering to scale a node group. Deprecated: Ignore taints are deprecated as of K8S 1.29 and treated as startup taints

    newPodScaleUpDelay
    Kubernetes meta/v1.Duration
    (Optional)

    NewPodScaleUpDelay specifies how long CA should ignore newly created pods before they have to be considered for scale-up (default: 0s).

    maxEmptyBulkDelete
    int32
    (Optional)

    MaxEmptyBulkDelete specifies the maximum number of empty nodes that can be deleted at the same time (default: 10).

    ignoreDaemonsetsUtilization
    bool
    (Optional)

    IgnoreDaemonsetsUtilization allows CA to ignore DaemonSet pods when calculating resource utilization for scaling down (default: false).

    verbosity
    int32
    (Optional)

    Verbosity allows CA to modify its log level (default: 2).

    startupTaints
    []string
    (Optional)

    StartupTaints specifies a list of taint keys to ignore in node templates when considering to scale a node group. Cluster Autoscaler treats nodes tainted with startup taints as unready, but taken into account during scale up logic, assuming they will become ready shortly.

    statusTaints
    []string
    (Optional)

    StatusTaints specifies a list of taint keys to ignore in node templates when considering to scale a node group. Cluster Autoscaler internally treats nodes tainted with status taints as ready, but filtered out during scale up logic.

    ClusterAutoscalerOptions

    (Appears on: Worker)

    ClusterAutoscalerOptions contains the cluster autoscaler configurations for a worker pool.

    FieldDescription
    scaleDownUtilizationThreshold
    float64
    (Optional)

    ScaleDownUtilizationThreshold defines the threshold in fraction (0.0 - 1.0) under which a node is being removed.

    scaleDownGpuUtilizationThreshold
    float64
    (Optional)

    ScaleDownGpuUtilizationThreshold defines the threshold in fraction (0.0 - 1.0) of gpu resources under which a node is being removed.

    scaleDownUnneededTime
    Kubernetes meta/v1.Duration
    (Optional)

    ScaleDownUnneededTime defines how long a node should be unneeded before it is eligible for scale down.

    scaleDownUnreadyTime
    Kubernetes meta/v1.Duration
    (Optional)

    ScaleDownUnreadyTime defines how long an unready node should be unneeded before it is eligible for scale down.

    maxNodeProvisionTime
    Kubernetes meta/v1.Duration
    (Optional)

    MaxNodeProvisionTime defines how long CA waits for node to be provisioned.

    Condition

    (Appears on: ControllerInstallationStatus, SeedStatus, ShootStatus)

    Condition holds the information about the state of a resource.

    FieldDescription
    type
    ConditionType

    Type of the condition.

    status
    ConditionStatus

    Status of the condition, one of True, False, Unknown.

    lastTransitionTime
    Kubernetes meta/v1.Time

    Last time the condition transitioned from one status to another.

    lastUpdateTime
    Kubernetes meta/v1.Time

    Last time the condition was updated.

    reason
    string

    The reason for the condition’s last transition.

    message
    string

    A human readable message indicating details about the transition.

    codes
    []ErrorCode
    (Optional)

    Well-defined error codes in case the condition reports a problem.

    ConditionStatus (string alias)

    (Appears on: Condition)

    ConditionStatus is the status of a condition.

    ConditionType (string alias)

    (Appears on: Condition)

    ConditionType is a string alias.

    ContainerRuntime

    (Appears on: CRI)

    ContainerRuntime contains information about worker’s available container runtime

    FieldDescription
    type
    string

    Type is the type of the Container Runtime.

    providerConfig
    k8s.io/apimachinery/pkg/runtime.RawExtension
    (Optional)

    ProviderConfig is the configuration passed to container runtime resource.

    ControlPlane

    (Appears on: ShootSpec)

    ControlPlane holds information about the general settings for the control plane of a shoot.

    FieldDescription
    highAvailability
    HighAvailability
    (Optional)

    HighAvailability holds the configuration settings for high availability of the control plane of a shoot.

    ControllerDeploymentPolicy (string alias)

    (Appears on: ControllerRegistrationDeployment)

    ControllerDeploymentPolicy is a string alias.

    ControllerInstallationSpec

    (Appears on: ControllerInstallation)

    ControllerInstallationSpec is the specification of a ControllerInstallation.

    FieldDescription
    registrationRef
    Kubernetes core/v1.ObjectReference

    RegistrationRef is used to reference a ControllerRegistration resource. The name field of the RegistrationRef is immutable.

    seedRef
    Kubernetes core/v1.ObjectReference

    SeedRef is used to reference a Seed resource. The name field of the SeedRef is immutable.

    deploymentRef
    Kubernetes core/v1.ObjectReference
    (Optional)

    DeploymentRef is used to reference a ControllerDeployment resource.

    ControllerInstallationStatus

    (Appears on: ControllerInstallation)

    ControllerInstallationStatus is the status of a ControllerInstallation.

    FieldDescription
    conditions
    []Condition
    (Optional)

    Conditions represents the latest available observations of a ControllerInstallations’s current state.

    providerStatus
    k8s.io/apimachinery/pkg/runtime.RawExtension
    (Optional)

    ProviderStatus contains type-specific status.

    ControllerRegistrationDeployment

    (Appears on: ControllerRegistrationSpec)

    ControllerRegistrationDeployment contains information for how this controller is deployed.

    FieldDescription
    policy
    ControllerDeploymentPolicy
    (Optional)

    Policy controls how the controller is deployed. It defaults to ‘OnDemand’.

    seedSelector
    Kubernetes meta/v1.LabelSelector
    (Optional)

    SeedSelector contains an optional label selector for seeds. Only if the labels match then this controller will be considered for a deployment. An empty list means that all seeds are selected.

    deploymentRefs
    []DeploymentRef
    (Optional)

    DeploymentRefs holds references to ControllerDeployments. Only one element is supported currently.

    ControllerRegistrationSpec

    (Appears on: ControllerRegistration)

    ControllerRegistrationSpec is the specification of a ControllerRegistration.

    FieldDescription
    resources
    []ControllerResource
    (Optional)

    Resources is a list of combinations of kinds (DNSProvider, Infrastructure, Generic, …) and their actual types (aws-route53, gcp, auditlog, …).

    deployment
    ControllerRegistrationDeployment
    (Optional)

    Deployment contains information for how this controller is deployed.

    ControllerResource

    (Appears on: ControllerRegistrationSpec)

    ControllerResource is a combination of a kind (DNSProvider, Infrastructure, Generic, …) and the actual type for this kind (aws-route53, gcp, auditlog, …).

    FieldDescription
    kind
    string

    Kind is the resource kind, for example “OperatingSystemConfig”.

    type
    string

    Type is the resource type, for example “coreos” or “ubuntu”.

    globallyEnabled
    bool
    (Optional)

    GloballyEnabled determines if this ControllerResource is required by all Shoot clusters. This field is defaulted to false when kind is “Extension”.

    reconcileTimeout
    Kubernetes meta/v1.Duration
    (Optional)

    ReconcileTimeout defines how long Gardener should wait for the resource reconciliation. This field is defaulted to 3m0s when kind is “Extension”.

    primary
    bool
    (Optional)

    Primary determines if the controller backed by this ControllerRegistration is responsible for the extension resource’s lifecycle. This field defaults to true. There must be exactly one primary controller for this kind/type combination. This field is immutable.

    lifecycle
    ControllerResourceLifecycle
    (Optional)

    Lifecycle defines a strategy that determines when different operations on a ControllerResource should be performed. This field is defaulted in the following way when kind is “Extension”. Reconcile: “AfterKubeAPIServer” Delete: “BeforeKubeAPIServer” Migrate: “BeforeKubeAPIServer”

    workerlessSupported
    bool
    (Optional)

    WorkerlessSupported specifies whether this ControllerResource supports Workerless Shoot clusters. This field is only relevant when kind is “Extension”.

    ControllerResourceLifecycle

    (Appears on: ControllerResource)

    ControllerResourceLifecycle defines the lifecycle of a controller resource.

    FieldDescription
    reconcile
    ControllerResourceLifecycleStrategy
    (Optional)

    Reconcile defines the strategy during reconciliation.

    delete
    ControllerResourceLifecycleStrategy
    (Optional)

    Delete defines the strategy during deletion.

    migrate
    ControllerResourceLifecycleStrategy
    (Optional)

    Migrate defines the strategy during migration.

    ControllerResourceLifecycleStrategy (string alias)

    (Appears on: ControllerResourceLifecycle)

    ControllerResourceLifecycleStrategy is a string alias.

    CoreDNS

    (Appears on: SystemComponents)

    CoreDNS contains the settings of the Core DNS components running in the data plane of the Shoot cluster.

    FieldDescription
    autoscaling
    CoreDNSAutoscaling
    (Optional)

    Autoscaling contains the settings related to autoscaling of the Core DNS components running in the data plane of the Shoot cluster.

    rewriting
    CoreDNSRewriting
    (Optional)

    Rewriting contains the setting related to rewriting of requests, which are obviously incorrect due to the unnecessary application of the search path.

    CoreDNSAutoscaling

    (Appears on: CoreDNS)

    CoreDNSAutoscaling contains the settings related to autoscaling of the Core DNS components running in the data plane of the Shoot cluster.

    FieldDescription
    mode
    CoreDNSAutoscalingMode

    The mode of the autoscaling to be used for the Core DNS components running in the data plane of the Shoot cluster. Supported values are horizontal and cluster-proportional.

    CoreDNSAutoscalingMode (string alias)

    (Appears on: CoreDNSAutoscaling)

    CoreDNSAutoscalingMode is a type alias for the Core DNS autoscaling mode string.

    CoreDNSRewriting

    (Appears on: CoreDNS)

    CoreDNSRewriting contains the setting related to rewriting requests, which are obviously incorrect due to the unnecessary application of the search path.

    FieldDescription
    commonSuffixes
    []string
    (Optional)

    CommonSuffixes are expected to be the suffix of a fully qualified domain name. Each suffix should contain at least one or two dots (‘.’) to prevent accidental clashes.

    CredentialsRotationPhase (string alias)

    (Appears on: CARotation, ETCDEncryptionKeyRotation, ServiceAccountKeyRotation)

    CredentialsRotationPhase is a string alias.

    DNS

    (Appears on: ShootSpec)

    DNS holds information about the provider, the hosted zone id and the domain.

    FieldDescription
    domain
    string
    (Optional)

    Domain is the external available domain of the Shoot cluster. This domain will be written into the kubeconfig that is handed out to end-users. This field is immutable.

    providers
    []DNSProvider
    (Optional)

    Providers is a list of DNS providers that shall be enabled for this shoot cluster. Only relevant if not a default domain is used.

    Deprecated: Configuring multiple DNS providers is deprecated and will be forbidden in a future release. Please use the DNS extension provider config (e.g. shoot-dns-service) for additional providers.

    DNSIncludeExclude

    (Appears on: DNSProvider)

    DNSIncludeExclude contains information about which domains shall be included/excluded.

    FieldDescription
    include
    []string
    (Optional)

    Include is a list of domains that shall be included.

    exclude
    []string
    (Optional)

    Exclude is a list of domains that shall be excluded.

    DNSProvider

    (Appears on: DNS)

    DNSProvider contains information about a DNS provider.

    FieldDescription
    domains
    DNSIncludeExclude
    (Optional)

    Domains contains information about which domains shall be included/excluded for this provider.

    Deprecated: This field is deprecated and will be removed in a future release. Please use the DNS extension provider config (e.g. shoot-dns-service) for additional configuration.

    primary
    bool
    (Optional)

    Primary indicates that this DNSProvider is used for shoot related domains.

    Deprecated: This field is deprecated and will be removed in a future release. Please use the DNS extension provider config (e.g. shoot-dns-service) for additional and non-primary providers.

    secretName
    string
    (Optional)

    SecretName is a name of a secret containing credentials for the stated domain and the provider. When not specified, the Gardener will use the cloud provider credentials referenced by the Shoot and try to find respective credentials there (primary provider only). Specifying this field may override this behavior, i.e. forcing the Gardener to only look into the given secret.

    type
    string
    (Optional)

    Type is the DNS provider type.

    zones
    DNSIncludeExclude
    (Optional)

    Zones contains information about which hosted zones shall be included/excluded for this provider.

    Deprecated: This field is deprecated and will be removed in a future release. Please use the DNS extension provider config (e.g. shoot-dns-service) for additional configuration.

    DataVolume

    (Appears on: Worker)

    DataVolume contains information about a data volume.

    FieldDescription
    name
    string

    Name of the volume to make it referencable.

    type
    string
    (Optional)

    Type is the type of the volume.

    size
    string

    VolumeSize is the size of the volume.

    encrypted
    bool
    (Optional)

    Encrypted determines if the volume should be encrypted.

    DeploymentRef

    (Appears on: ControllerRegistrationDeployment)

    DeploymentRef contains information about ControllerDeployment references.

    FieldDescription
    name
    string

    Name is the name of the ControllerDeployment that is being referred to.

    DualApprovalForDeletion

    (Appears on: ProjectSpec)

    DualApprovalForDeletion contains configuration for the dual approval concept for resource deletion.

    FieldDescription
    resource
    string

    Resource is the name of the resource this applies to.

    selector
    Kubernetes meta/v1.LabelSelector

    Selector is the label selector for the resources.

    includeServiceAccounts
    bool
    (Optional)

    IncludeServiceAccounts specifies whether the concept also applies when deletion is triggered by ServiceAccounts. Defaults to true.

    ETCDEncryptionKeyRotation

    (Appears on: ShootCredentialsRotation)

    ETCDEncryptionKeyRotation contains information about the ETCD encryption key credential rotation.

    FieldDescription
    phase
    CredentialsRotationPhase

    Phase describes the phase of the ETCD encryption key credential rotation.

    lastCompletionTime
    Kubernetes meta/v1.Time
    (Optional)

    LastCompletionTime is the most recent time when the ETCD encryption key credential rotation was successfully completed.

    lastInitiationTime
    Kubernetes meta/v1.Time
    (Optional)

    LastInitiationTime is the most recent time when the ETCD encryption key credential rotation was initiated.

    lastInitiationFinishedTime
    Kubernetes meta/v1.Time
    (Optional)

    LastInitiationFinishedTime is the recent time when the ETCD encryption key credential rotation initiation was completed.

    lastCompletionTriggeredTime
    Kubernetes meta/v1.Time
    (Optional)

    LastCompletionTriggeredTime is the recent time when the ETCD encryption key credential rotation completion was triggered.

    EncryptionConfig

    (Appears on: KubeAPIServerConfig)

    EncryptionConfig contains customizable encryption configuration of the API server.

    FieldDescription
    resources
    []string

    Resources contains the list of resources that shall be encrypted in addition to secrets. Each item is a Kubernetes resource name in plural (resource or resource.group) that should be encrypted. Note that configuring a custom resource is only supported for versions >= 1.26. Wildcards are not supported for now. See https://github.com/gardener/gardener/blob/master/docs/usage/security/etcd_encryption_config.md for more details.

    ErrorCode (string alias)

    (Appears on: Condition, LastError)

    ErrorCode is a string alias.

    ExpanderMode (string alias)

    (Appears on: ClusterAutoscaler)

    ExpanderMode is type used for Expander values

    ExpirableVersion

    (Appears on: KubernetesSettings, MachineImageVersion)

    ExpirableVersion contains a version and an expiration date.

    FieldDescription
    version
    string

    Version is the version identifier.

    expirationDate
    Kubernetes meta/v1.Time
    (Optional)

    ExpirationDate defines the time at which this version expires.

    classification
    VersionClassification
    (Optional)

    Classification defines the state of a version (preview, supported, deprecated)

    ExposureClassScheduling

    (Appears on: ExposureClass)

    ExposureClassScheduling holds information to select applicable Seed’s for ExposureClass usage.

    FieldDescription
    seedSelector
    SeedSelector
    (Optional)

    SeedSelector is an optional label selector for Seed’s which are suitable to use the ExposureClass.

    tolerations
    []Toleration
    (Optional)

    Tolerations contains the tolerations for taints on Seed clusters.

    Extension

    (Appears on: ShootSpec)

    Extension contains type and provider information for Shoot extensions.

    FieldDescription
    type
    string

    Type is the type of the extension resource.

    providerConfig
    k8s.io/apimachinery/pkg/runtime.RawExtension
    (Optional)

    ProviderConfig is the configuration passed to extension resource.

    disabled
    bool
    (Optional)

    Disabled allows to disable extensions that were marked as ‘globally enabled’ by Gardener administrators.

    ExtensionResourceState

    (Appears on: ShootStateSpec)

    ExtensionResourceState contains the kind of the extension custom resource and its last observed state in the Shoot’s namespace on the Seed cluster.

    FieldDescription
    kind
    string

    Kind (type) of the extension custom resource

    name
    string
    (Optional)

    Name of the extension custom resource

    purpose
    string
    (Optional)

    Purpose of the extension custom resource

    state
    k8s.io/apimachinery/pkg/runtime.RawExtension
    (Optional)

    State of the extension resource

    resources
    []NamedResourceReference
    (Optional)

    Resources holds a list of named resource references that can be referred to in the state by their names.

    FailureTolerance

    (Appears on: HighAvailability)

    FailureTolerance describes information about failure tolerance level of a highly available resource.

    FieldDescription
    type
    FailureToleranceType

    Type specifies the type of failure that the highly available resource can tolerate

    FailureToleranceType (string alias)

    (Appears on: FailureTolerance)

    FailureToleranceType specifies the type of failure that a highly available shoot control plane that can tolerate.

    Gardener

    (Appears on: SeedStatus, ShootStatus)

    Gardener holds the information about the Gardener version that operated a resource.

    FieldDescription
    id
    string

    ID is the container id of the Gardener which last acted on a resource.

    name
    string

    Name is the hostname (pod name) of the Gardener which last acted on a resource.

    version
    string

    Version is the version of the Gardener which last acted on a resource.

    GardenerResourceData

    (Appears on: ShootStateSpec)

    GardenerResourceData holds the data which is used to generate resources, deployed in the Shoot’s control plane.

    FieldDescription
    name
    string

    Name of the object required to generate resources

    type
    string

    Type of the object

    data
    k8s.io/apimachinery/pkg/runtime.RawExtension

    Data contains the payload required to generate resources

    labels
    map[string]string
    (Optional)

    Labels are labels of the object

    HelmControllerDeployment

    HelmControllerDeployment configures how an extension controller is deployed using helm. This is the legacy structure that used to be defined in gardenlet’s ControllerInstallation controller for ControllerDeployment’s with type=helm. While this is not a proper API type, we need to define the structure in the API package so that we can convert it to the internal API version in the new representation.

    FieldDescription
    chart
    []byte

    Chart is a Helm chart tarball.

    values
    Kubernetes apiextensions/v1.JSON

    Values is a map of values for the given chart.

    ociRepository
    OCIRepository
    (Optional)

    OCIRepository defines where to pull the chart.

    Hibernation

    (Appears on: ShootSpec)

    Hibernation contains information whether the Shoot is suspended or not.

    FieldDescription
    enabled
    bool
    (Optional)

    Enabled specifies whether the Shoot needs to be hibernated or not. If it is true, the Shoot’s desired state is to be hibernated. If it is false or nil, the Shoot’s desired state is to be awakened.

    schedules
    []HibernationSchedule
    (Optional)

    Schedules determine the hibernation schedules.

    HibernationSchedule

    (Appears on: Hibernation)

    HibernationSchedule determines the hibernation schedule of a Shoot. A Shoot will be regularly hibernated at each start time and will be woken up at each end time. Start or End can be omitted, though at least one of each has to be specified.

    FieldDescription
    start
    string
    (Optional)

    Start is a Cron spec at which time a Shoot will be hibernated.

    end
    string
    (Optional)

    End is a Cron spec at which time a Shoot will be woken up.

    location
    string
    (Optional)

    Location is the time location in which both start and shall be evaluated.

    HighAvailability

    (Appears on: ControlPlane)

    HighAvailability specifies the configuration settings for high availability for a resource. Typical usages could be to configure HA for shoot control plane or for seed system components.

    FieldDescription
    failureTolerance
    FailureTolerance

    FailureTolerance holds information about failure tolerance level of a highly available resource.

    HorizontalPodAutoscalerConfig

    (Appears on: KubeControllerManagerConfig)

    HorizontalPodAutoscalerConfig contains horizontal pod autoscaler configuration settings for the kube-controller-manager. Note: Descriptions were taken from the Kubernetes documentation.

    FieldDescription
    cpuInitializationPeriod
    Kubernetes meta/v1.Duration
    (Optional)

    The period after which a ready pod transition is considered to be the first.

    downscaleStabilization
    Kubernetes meta/v1.Duration
    (Optional)

    The configurable window at which the controller will choose the highest recommendation for autoscaling.

    initialReadinessDelay
    Kubernetes meta/v1.Duration
    (Optional)

    The configurable period at which the horizontal pod autoscaler considers a Pod “not yet ready” given that it’s unready and it has transitioned to unready during that time.

    syncPeriod
    Kubernetes meta/v1.Duration
    (Optional)

    The period for syncing the number of pods in horizontal pod autoscaler.

    tolerance
    float64
    (Optional)

    The minimum change (from 1.0) in the desired-to-actual metrics ratio for the horizontal pod autoscaler to consider scaling.

    IPFamily (string alias)

    (Appears on: Networking, SeedNetworks)

    IPFamily is a type for specifying an IP protocol version to use in Gardener clusters.

    Ingress

    (Appears on: SeedSpec)

    Ingress configures the Ingress specific settings of the cluster

    FieldDescription
    domain
    string

    Domain specifies the IngressDomain of the cluster pointing to the ingress controller endpoint. It will be used to construct ingress URLs for system applications running in Shoot/Garden clusters. Once set this field is immutable.

    controller
    IngressController

    Controller configures a Gardener managed Ingress Controller listening on the ingressDomain

    IngressController

    (Appears on: Ingress)

    IngressController enables a Gardener managed Ingress Controller listening on the ingressDomain

    FieldDescription
    kind
    string

    Kind defines which kind of IngressController to use. At the moment only nginx is supported

    providerConfig
    k8s.io/apimachinery/pkg/runtime.RawExtension
    (Optional)

    ProviderConfig specifies infrastructure specific configuration for the ingressController

    KubeAPIServerConfig

    (Appears on: Kubernetes)

    KubeAPIServerConfig contains configuration settings for the kube-apiserver.

    FieldDescription
    KubernetesConfig
    KubernetesConfig

    (Members of KubernetesConfig are embedded into this type.)

    admissionPlugins
    []AdmissionPlugin
    (Optional)

    AdmissionPlugins contains the list of user-defined admission plugins (additional to those managed by Gardener), and, if desired, the corresponding configuration.

    apiAudiences
    []string
    (Optional)

    APIAudiences are the identifiers of the API. The service account token authenticator will validate that tokens used against the API are bound to at least one of these audiences. Defaults to [“kubernetes”].

    auditConfig
    AuditConfig
    (Optional)

    AuditConfig contains configuration settings for the audit of the kube-apiserver.

    oidcConfig
    OIDCConfig
    (Optional)

    OIDCConfig contains configuration settings for the OIDC provider.

    Deprecated: This field is deprecated and will be forbidden starting from Kubernetes 1.32. Please configure and use structured authentication instead of oidc flags. For more information check https://github.com/gardener/gardener/issues/9858 TODO(AleksandarSavchev): Drop this field after support for Kubernetes 1.31 is dropped.

    runtimeConfig
    map[string]bool
    (Optional)

    RuntimeConfig contains information about enabled or disabled APIs.

    serviceAccountConfig
    ServiceAccountConfig
    (Optional)

    ServiceAccountConfig contains configuration settings for the service account handling of the kube-apiserver.

    watchCacheSizes
    WatchCacheSizes
    (Optional)

    WatchCacheSizes contains configuration of the API server’s watch cache sizes. Configuring these flags might be useful for large-scale Shoot clusters with a lot of parallel update requests and a lot of watching controllers (e.g. large ManagedSeed clusters). When the API server’s watch cache’s capacity is too small to cope with the amount of update requests and watchers for a particular resource, it might happen that controller watches are permanently stopped with too old resource version errors. Starting from kubernetes v1.19, the API server’s watch cache size is adapted dynamically and setting the watch cache size flags will have no effect, except when setting it to 0 (which disables the watch cache).

    requests
    APIServerRequests
    (Optional)

    Requests contains configuration for request-specific settings for the kube-apiserver.

    enableAnonymousAuthentication
    bool
    (Optional)

    EnableAnonymousAuthentication defines whether anonymous requests to the secure port of the API server should be allowed (flag --anonymous-auth). See: https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/

    eventTTL
    Kubernetes meta/v1.Duration
    (Optional)

    EventTTL controls the amount of time to retain events. Defaults to 1h.

    logging
    APIServerLogging
    (Optional)

    Logging contains configuration for the log level and HTTP access logs.

    defaultNotReadyTolerationSeconds
    int64
    (Optional)

    DefaultNotReadyTolerationSeconds indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration (flag --default-not-ready-toleration-seconds). The field has effect only when the DefaultTolerationSeconds admission plugin is enabled. Defaults to 300.

    defaultUnreachableTolerationSeconds
    int64
    (Optional)

    DefaultUnreachableTolerationSeconds indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration (flag --default-unreachable-toleration-seconds). The field has effect only when the DefaultTolerationSeconds admission plugin is enabled. Defaults to 300.

    encryptionConfig
    EncryptionConfig
    (Optional)

    EncryptionConfig contains customizable encryption configuration of the Kube API server.

    structuredAuthentication
    StructuredAuthentication
    (Optional)

    StructuredAuthentication contains configuration settings for structured authentication for the kube-apiserver. This field is only available for Kubernetes v1.30 or later.

    structuredAuthorization
    StructuredAuthorization
    (Optional)

    StructuredAuthorization contains configuration settings for structured authorization for the kube-apiserver. This field is only available for Kubernetes v1.30 or later.

    KubeControllerManagerConfig

    (Appears on: Kubernetes)

    KubeControllerManagerConfig contains configuration settings for the kube-controller-manager.

    FieldDescription
    KubernetesConfig
    KubernetesConfig

    (Members of KubernetesConfig are embedded into this type.)

    horizontalPodAutoscaler
    HorizontalPodAutoscalerConfig
    (Optional)

    HorizontalPodAutoscalerConfig contains horizontal pod autoscaler configuration settings for the kube-controller-manager.

    nodeCIDRMaskSize
    int32
    (Optional)

    NodeCIDRMaskSize defines the mask size for node cidr in cluster (default is 24). This field is immutable.

    podEvictionTimeout
    Kubernetes meta/v1.Duration
    (Optional)

    PodEvictionTimeout defines the grace period for deleting pods on failed nodes. Defaults to 2m.

    Deprecated: The corresponding kube-controller-manager flag --pod-eviction-timeout is deprecated in favor of the kube-apiserver flags --default-not-ready-toleration-seconds and --default-unreachable-toleration-seconds. The --pod-eviction-timeout flag does not have effect when the taint besed eviction is enabled. The taint based eviction is beta (enabled by default) since Kubernetes 1.13 and GA since Kubernetes 1.18. Hence, instead of setting this field, set the spec.kubernetes.kubeAPIServer.defaultNotReadyTolerationSeconds and spec.kubernetes.kubeAPIServer.defaultUnreachableTolerationSeconds.

    nodeMonitorGracePeriod
    Kubernetes meta/v1.Duration
    (Optional)

    NodeMonitorGracePeriod defines the grace period before an unresponsive node is marked unhealthy.

    KubeProxyConfig

    (Appears on: Kubernetes)

    KubeProxyConfig contains configuration settings for the kube-proxy.

    FieldDescription
    KubernetesConfig
    KubernetesConfig

    (Members of KubernetesConfig are embedded into this type.)

    mode
    ProxyMode
    (Optional)

    Mode specifies which proxy mode to use. defaults to IPTables.

    enabled
    bool
    (Optional)

    Enabled indicates whether kube-proxy should be deployed or not. Depending on the networking extensions switching kube-proxy off might be rejected. Consulting the respective documentation of the used networking extension is recommended before using this field. defaults to true if not specified.

    KubeSchedulerConfig

    (Appears on: Kubernetes)

    KubeSchedulerConfig contains configuration settings for the kube-scheduler.

    FieldDescription
    KubernetesConfig
    KubernetesConfig

    (Members of KubernetesConfig are embedded into this type.)

    kubeMaxPDVols
    string
    (Optional)

    KubeMaxPDVols allows to configure the KUBE_MAX_PD_VOLS environment variable for the kube-scheduler. Please find more information here: https://kubernetes.io/docs/concepts/storage/storage-limits/#custom-limits Note that using this field is considered alpha-/experimental-level and is on your own risk. You should be aware of all the side-effects and consequences when changing it.

    profile
    SchedulingProfile
    (Optional)

    Profile configures the scheduling profile for the cluster. If not specified, the used profile is “balanced” (provides the default kube-scheduler behavior).

    KubeletConfig

    (Appears on: Kubernetes, WorkerKubernetes)

    KubeletConfig contains configuration settings for the kubelet.

    FieldDescription
    KubernetesConfig
    KubernetesConfig

    (Members of KubernetesConfig are embedded into this type.)

    cpuCFSQuota
    bool
    (Optional)

    CPUCFSQuota allows you to disable/enable CPU throttling for Pods.

    cpuManagerPolicy
    string
    (Optional)

    CPUManagerPolicy allows to set alternative CPU management policies (default: none).

    evictionHard
    KubeletConfigEviction
    (Optional)

    EvictionHard describes a set of eviction thresholds (e.g. memory.available<1Gi) that if met would trigger a Pod eviction. Default: memory.available: “100Mi/1Gi/5%” nodefs.available: “5%” nodefs.inodesFree: “5%” imagefs.available: “5%” imagefs.inodesFree: “5%”

    evictionMaxPodGracePeriod
    int32
    (Optional)

    EvictionMaxPodGracePeriod describes the maximum allowed grace period (in seconds) to use when terminating pods in response to a soft eviction threshold being met. Default: 90

    evictionMinimumReclaim
    KubeletConfigEvictionMinimumReclaim
    (Optional)

    EvictionMinimumReclaim configures the amount of resources below the configured eviction threshold that the kubelet attempts to reclaim whenever the kubelet observes resource pressure. Default: 0 for each resource

    evictionPressureTransitionPeriod
    Kubernetes meta/v1.Duration
    (Optional)

    EvictionPressureTransitionPeriod is the duration for which the kubelet has to wait before transitioning out of an eviction pressure condition. Default: 4m0s

    evictionSoft
    KubeletConfigEviction
    (Optional)

    EvictionSoft describes a set of eviction thresholds (e.g. memory.available<1.5Gi) that if met over a corresponding grace period would trigger a Pod eviction. Default: memory.available: “200Mi/1.5Gi/10%” nodefs.available: “10%” nodefs.inodesFree: “10%” imagefs.available: “10%” imagefs.inodesFree: “10%”

    evictionSoftGracePeriod
    KubeletConfigEvictionSoftGracePeriod
    (Optional)

    EvictionSoftGracePeriod describes a set of eviction grace periods (e.g. memory.available=1m30s) that correspond to how long a soft eviction threshold must hold before triggering a Pod eviction. Default: memory.available: 1m30s nodefs.available: 1m30s nodefs.inodesFree: 1m30s imagefs.available: 1m30s imagefs.inodesFree: 1m30s

    maxPods
    int32
    (Optional)

    MaxPods is the maximum number of Pods that are allowed by the Kubelet. Default: 110

    podPidsLimit
    int64
    (Optional)

    PodPIDsLimit is the maximum number of process IDs per pod allowed by the kubelet.

    failSwapOn
    bool
    (Optional)

    FailSwapOn makes the Kubelet fail to start if swap is enabled on the node. (default true).

    kubeReserved
    KubeletConfigReserved
    (Optional)

    KubeReserved is the configuration for resources reserved for kubernetes node components (mainly kubelet and container runtime). When updating these values, be aware that cgroup resizes may not succeed on active worker nodes. Look for the NodeAllocatableEnforced event to determine if the configuration was applied. Default: cpu=80m,memory=1Gi,pid=20k

    systemReserved
    KubeletConfigReserved
    (Optional)

    SystemReserved is the configuration for resources reserved for system processes not managed by kubernetes (e.g. journald). When updating these values, be aware that cgroup resizes may not succeed on active worker nodes. Look for the NodeAllocatableEnforced event to determine if the configuration was applied.

    Deprecated: Separately configuring resource reservations for system processes is deprecated in Gardener and will be forbidden starting from Kubernetes 1.31. Please merge existing resource reservations into the kubeReserved field. TODO(MichaelEischer): Drop this field after support for Kubernetes 1.30 is dropped.

    imageGCHighThresholdPercent
    int32
    (Optional)

    ImageGCHighThresholdPercent describes the percent of the disk usage which triggers image garbage collection. Default: 50

    imageGCLowThresholdPercent
    int32
    (Optional)

    ImageGCLowThresholdPercent describes the percent of the disk to which garbage collection attempts to free. Default: 40

    serializeImagePulls
    bool
    (Optional)

    SerializeImagePulls describes whether the images are pulled one at a time. Default: true

    registryPullQPS
    int32
    (Optional)

    RegistryPullQPS is the limit of registry pulls per second. The value must not be a negative number. Setting it to 0 means no limit. Default: 5

    registryBurst
    int32
    (Optional)

    RegistryBurst is the maximum size of bursty pulls, temporarily allows pulls to burst to this number, while still not exceeding registryPullQPS. The value must not be a negative number. Only used if registryPullQPS is greater than 0. Default: 10

    seccompDefault
    bool
    (Optional)

    SeccompDefault enables the use of RuntimeDefault as the default seccomp profile for all workloads. This requires the corresponding SeccompDefault feature gate to be enabled as well. This field is only available for Kubernetes v1.25 or later.

    containerLogMaxSize
    k8s.io/apimachinery/pkg/api/resource.Quantity
    (Optional)

    A quantity defines the maximum size of the container log file before it is rotated. For example: “5Mi” or “256Ki”. Default: 100Mi

    containerLogMaxFiles
    int32
    (Optional)

    Maximum number of container log files that can be present for a container.

    protectKernelDefaults
    bool
    (Optional)

    ProtectKernelDefaults ensures that the kernel tunables are equal to the kubelet defaults. Defaults to true for Kubernetes v1.26 or later.

    streamingConnectionIdleTimeout
    Kubernetes meta/v1.Duration
    (Optional)

    StreamingConnectionIdleTimeout is the maximum time a streaming connection can be idle before the connection is automatically closed. This field cannot be set lower than “30s” or greater than “4h”. Default: “4h” for Kubernetes < v1.26. “5m” for Kubernetes >= v1.26.

    memorySwap
    MemorySwapConfiguration
    (Optional)

    MemorySwap configures swap memory available to container workloads.

    KubeletConfigEviction

    (Appears on: KubeletConfig)

    KubeletConfigEviction contains kubelet eviction thresholds supporting either a resource.Quantity or a percentage based value.

    FieldDescription
    memoryAvailable
    string
    (Optional)

    MemoryAvailable is the threshold for the free memory on the host server.

    imageFSAvailable
    string
    (Optional)

    ImageFSAvailable is the threshold for the free disk space in the imagefs filesystem (docker images and container writable layers).

    imageFSInodesFree
    string
    (Optional)

    ImageFSInodesFree is the threshold for the available inodes in the imagefs filesystem.

    nodeFSAvailable
    string
    (Optional)

    NodeFSAvailable is the threshold for the free disk space in the nodefs filesystem (docker volumes, logs, etc).

    nodeFSInodesFree
    string
    (Optional)

    NodeFSInodesFree is the threshold for the available inodes in the nodefs filesystem.

    KubeletConfigEvictionMinimumReclaim

    (Appears on: KubeletConfig)

    KubeletConfigEvictionMinimumReclaim contains configuration for the kubelet eviction minimum reclaim.

    FieldDescription
    memoryAvailable
    k8s.io/apimachinery/pkg/api/resource.Quantity
    (Optional)

    MemoryAvailable is the threshold for the memory reclaim on the host server.

    imageFSAvailable
    k8s.io/apimachinery/pkg/api/resource.Quantity
    (Optional)

    ImageFSAvailable is the threshold for the disk space reclaim in the imagefs filesystem (docker images and container writable layers).

    imageFSInodesFree
    k8s.io/apimachinery/pkg/api/resource.Quantity
    (Optional)

    ImageFSInodesFree is the threshold for the inodes reclaim in the imagefs filesystem.

    nodeFSAvailable
    k8s.io/apimachinery/pkg/api/resource.Quantity
    (Optional)

    NodeFSAvailable is the threshold for the disk space reclaim in the nodefs filesystem (docker volumes, logs, etc).

    nodeFSInodesFree
    k8s.io/apimachinery/pkg/api/resource.Quantity
    (Optional)

    NodeFSInodesFree is the threshold for the inodes reclaim in the nodefs filesystem.

    KubeletConfigEvictionSoftGracePeriod

    (Appears on: KubeletConfig)

    KubeletConfigEvictionSoftGracePeriod contains grace periods for kubelet eviction thresholds.

    FieldDescription
    memoryAvailable
    Kubernetes meta/v1.Duration
    (Optional)

    MemoryAvailable is the grace period for the MemoryAvailable eviction threshold.

    imageFSAvailable
    Kubernetes meta/v1.Duration
    (Optional)

    ImageFSAvailable is the grace period for the ImageFSAvailable eviction threshold.

    imageFSInodesFree
    Kubernetes meta/v1.Duration
    (Optional)

    ImageFSInodesFree is the grace period for the ImageFSInodesFree eviction threshold.

    nodeFSAvailable
    Kubernetes meta/v1.Duration
    (Optional)

    NodeFSAvailable is the grace period for the NodeFSAvailable eviction threshold.

    nodeFSInodesFree
    Kubernetes meta/v1.Duration
    (Optional)

    NodeFSInodesFree is the grace period for the NodeFSInodesFree eviction threshold.

    KubeletConfigReserved

    (Appears on: KubeletConfig)

    KubeletConfigReserved contains reserved resources for daemons

    FieldDescription
    cpu
    k8s.io/apimachinery/pkg/api/resource.Quantity
    (Optional)

    CPU is the reserved cpu.

    memory
    k8s.io/apimachinery/pkg/api/resource.Quantity
    (Optional)

    Memory is the reserved memory.

    ephemeralStorage
    k8s.io/apimachinery/pkg/api/resource.Quantity
    (Optional)

    EphemeralStorage is the reserved ephemeral-storage.

    pid
    k8s.io/apimachinery/pkg/api/resource.Quantity
    (Optional)

    PID is the reserved process-ids.

    Kubernetes

    (Appears on: ShootSpec)

    Kubernetes contains the version and configuration variables for the Shoot control plane.

    FieldDescription
    clusterAutoscaler
    ClusterAutoscaler
    (Optional)

    ClusterAutoscaler contains the configuration flags for the Kubernetes cluster autoscaler.

    kubeAPIServer
    KubeAPIServerConfig
    (Optional)

    KubeAPIServer contains configuration settings for the kube-apiserver.

    kubeControllerManager
    KubeControllerManagerConfig
    (Optional)

    KubeControllerManager contains configuration settings for the kube-controller-manager.

    kubeScheduler
    KubeSchedulerConfig
    (Optional)

    KubeScheduler contains configuration settings for the kube-scheduler.

    kubeProxy
    KubeProxyConfig
    (Optional)

    KubeProxy contains configuration settings for the kube-proxy.

    kubelet
    KubeletConfig
    (Optional)

    Kubelet contains configuration settings for the kubelet.

    version
    string
    (Optional)

    Version is the semantic Kubernetes version to use for the Shoot cluster. Defaults to the highest supported minor and patch version given in the referenced cloud profile. The version can be omitted completely or partially specified, e.g. <major>.<minor>.

    verticalPodAutoscaler
    VerticalPodAutoscaler
    (Optional)

    VerticalPodAutoscaler contains the configuration flags for the Kubernetes vertical pod autoscaler.

    enableStaticTokenKubeconfig
    bool
    (Optional)

    EnableStaticTokenKubeconfig indicates whether static token kubeconfig secret will be created for the Shoot cluster. Defaults to true for Shoots with Kubernetes versions < 1.26. Defaults to false for Shoots with Kubernetes versions >= 1.26. Starting Kubernetes 1.27 the field will be locked to false.

    KubernetesConfig

    (Appears on: KubeAPIServerConfig, KubeControllerManagerConfig, KubeProxyConfig, KubeSchedulerConfig, KubeletConfig)

    KubernetesConfig contains common configuration fields for the control plane components.

    FieldDescription
    featureGates
    map[string]bool
    (Optional)

    FeatureGates contains information about enabled feature gates.

    KubernetesDashboard

    (Appears on: Addons)

    KubernetesDashboard describes configuration values for the kubernetes-dashboard addon.

    FieldDescription
    Addon
    Addon

    (Members of Addon are embedded into this type.)

    authenticationMode
    string
    (Optional)

    AuthenticationMode defines the authentication mode for the kubernetes-dashboard.

    KubernetesSettings

    (Appears on: CloudProfileSpec, NamespacedCloudProfileSpec)

    KubernetesSettings contains constraints regarding allowed values of the ‘kubernetes’ block in the Shoot specification.

    FieldDescription
    versions
    []ExpirableVersion
    (Optional)

    Versions is the list of allowed Kubernetes versions with optional expiration dates for Shoot clusters.

    LastError

    (Appears on: BackupBucketStatus, BackupEntryStatus, ShootStatus)

    LastError indicates the last occurred error for an operation on a resource.

    FieldDescription
    description
    string

    A human readable message indicating details about the last error.

    taskID
    string
    (Optional)

    ID of the task which caused this last error

    codes
    []ErrorCode
    (Optional)

    Well-defined error codes of the last error(s).

    lastUpdateTime
    Kubernetes meta/v1.Time
    (Optional)

    Last time the error was reported

    LastMaintenance

    (Appears on: ShootStatus)

    LastMaintenance holds information about a maintenance operation on the Shoot.

    FieldDescription
    description
    string

    A human-readable message containing details about the operations performed in the last maintenance.

    triggeredTime
    Kubernetes meta/v1.Time

    TriggeredTime is the time when maintenance was triggered.

    state
    LastOperationState

    Status of the last maintenance operation, one of Processing, Succeeded, Error.

    failureReason
    string
    (Optional)

    FailureReason holds the information about the last maintenance operation failure reason.

    LastOperation

    (Appears on: BackupBucketStatus, BackupEntryStatus, SeedStatus, ShootStatus)

    LastOperation indicates the type and the state of the last operation, along with a description message and a progress indicator.

    FieldDescription
    description
    string

    A human readable message indicating details about the last operation.

    lastUpdateTime
    Kubernetes meta/v1.Time

    Last time the operation state transitioned from one to another.

    progress
    int32

    The progress in percentage (0-100) of the last operation.

    state
    LastOperationState

    Status of the last operation, one of Aborted, Processing, Succeeded, Error, Failed.

    type
    LastOperationType

    Type of the last operation, one of Create, Reconcile, Delete, Migrate, Restore.

    LastOperationState (string alias)

    (Appears on: LastMaintenance, LastOperation)

    LastOperationState is a string alias.

    LastOperationType (string alias)

    (Appears on: LastOperation)

    LastOperationType is a string alias.

    LoadBalancerServicesProxyProtocol

    (Appears on: SeedSettingLoadBalancerServices, SeedSettingLoadBalancerServicesZones)

    LoadBalancerServicesProxyProtocol controls whether ProxyProtocol is (optionally) allowed for the load balancer services.

    FieldDescription
    allowed
    bool

    Allowed controls whether the ProxyProtocol is optionally allowed for the load balancer services. This should only be enabled if the load balancer services are already using ProxyProtocol or will be reconfigured to use it soon. Until the load balancers are configured with ProxyProtocol, enabling this setting may allow clients to spoof their source IP addresses. The option allows a migration from non-ProxyProtocol to ProxyProtocol without downtime (depending on the infrastructure). Defaults to false.

    Machine

    (Appears on: Worker)

    Machine contains information about the machine type and image.

    FieldDescription
    type
    string

    Type is the machine type of the worker group.

    image
    ShootMachineImage
    (Optional)

    Image holds information about the machine image to use for all nodes of this pool. It will default to the latest version of the first image stated in the referenced CloudProfile if no value has been provided.

    architecture
    string
    (Optional)

    Architecture is CPU architecture of machines in this worker pool.

    MachineControllerManagerSettings

    (Appears on: Worker)

    MachineControllerManagerSettings contains configurations for different worker-pools. Eg. MachineDrainTimeout, MachineHealthTimeout.

    FieldDescription
    machineDrainTimeout
    Kubernetes meta/v1.Duration
    (Optional)

    MachineDrainTimeout is the period after which machine is forcefully deleted.

    machineHealthTimeout
    Kubernetes meta/v1.Duration
    (Optional)

    MachineHealthTimeout is the period after which machine is declared failed.

    machineCreationTimeout
    Kubernetes meta/v1.Duration
    (Optional)

    MachineCreationTimeout is the period after which creation of the machine is declared failed.

    maxEvictRetries
    int32
    (Optional)

    MaxEvictRetries are the number of eviction retries on a pod after which drain is declared failed, and forceful deletion is triggered.

    nodeConditions
    []string
    (Optional)

    NodeConditions are the set of conditions if set to true for the period of MachineHealthTimeout, machine will be declared failed.

    MachineImage

    (Appears on: CloudProfileSpec, NamespacedCloudProfileSpec)

    MachineImage defines the name and multiple versions of the machine image in any environment.

    FieldDescription
    name
    string

    Name is the name of the image.

    versions
    []MachineImageVersion

    Versions contains versions, expiration dates and container runtimes of the machine image

    updateStrategy
    MachineImageUpdateStrategy
    (Optional)

    UpdateStrategy is the update strategy to use for the machine image. Possible values are: - patch: update to the latest patch version of the current minor version. - minor: update to the latest minor and patch version. - major: always update to the overall latest version (default).

    MachineImageUpdateStrategy (string alias)

    (Appears on: MachineImage)

    MachineImageUpdateStrategy is the update strategy to use for a machine image

    MachineImageVersion

    (Appears on: MachineImage)

    MachineImageVersion is an expirable version with list of supported container runtimes and interfaces

    FieldDescription
    ExpirableVersion
    ExpirableVersion

    (Members of ExpirableVersion are embedded into this type.)

    cri
    []CRI
    (Optional)

    CRI list of supported container runtime and interfaces supported by this version

    architectures
    []string
    (Optional)

    Architectures is the list of CPU architectures of the machine image in this version.

    kubeletVersionConstraint
    string
    (Optional)

    KubeletVersionConstraint is a constraint describing the supported kubelet versions by the machine image in this version. If the field is not specified, it is assumed that the machine image in this version supports all kubelet versions. Examples: - ‘>= 1.26’ - supports only kubelet versions greater than or equal to 1.26 - ‘< 1.26’ - supports only kubelet versions less than 1.26

    MachineType

    (Appears on: CloudProfileSpec, NamespacedCloudProfileSpec)

    MachineType contains certain properties of a machine type.

    FieldDescription
    cpu
    k8s.io/apimachinery/pkg/api/resource.Quantity

    CPU is the number of CPUs for this machine type.

    gpu
    k8s.io/apimachinery/pkg/api/resource.Quantity

    GPU is the number of GPUs for this machine type.

    memory
    k8s.io/apimachinery/pkg/api/resource.Quantity

    Memory is the amount of memory for this machine type.

    name
    string

    Name is the name of the machine type.

    storage
    MachineTypeStorage
    (Optional)

    Storage is the amount of storage associated with the root volume of this machine type.

    usable
    bool
    (Optional)

    Usable defines if the machine type can be used for shoot clusters.

    architecture
    string
    (Optional)

    Architecture is the CPU architecture of this machine type.

    MachineTypeStorage

    (Appears on: MachineType)

    MachineTypeStorage is the amount of storage associated with the root volume of this machine type.

    FieldDescription
    class
    string

    Class is the class of the storage type.

    size
    k8s.io/apimachinery/pkg/api/resource.Quantity
    (Optional)

    StorageSize is the storage size.

    type
    string

    Type is the type of the storage.

    minSize
    k8s.io/apimachinery/pkg/api/resource.Quantity
    (Optional)

    MinSize is the minimal supported storage size. This overrides any other common minimum size configuration from spec.volumeTypes[*].minSize.

    Maintenance

    (Appears on: ShootSpec)

    Maintenance contains information about the time window for maintenance operations and which operations should be performed.

    FieldDescription
    autoUpdate
    MaintenanceAutoUpdate
    (Optional)

    AutoUpdate contains information about which constraints should be automatically updated.

    timeWindow
    MaintenanceTimeWindow
    (Optional)

    TimeWindow contains information about the time window for maintenance operations.

    confineSpecUpdateRollout
    bool
    (Optional)

    ConfineSpecUpdateRollout prevents that changes/updates to the shoot specification will be rolled out immediately. Instead, they are rolled out during the shoot’s maintenance time window. There is one exception that will trigger an immediate roll out which is changes to the Spec.Hibernation.Enabled field.

    MaintenanceAutoUpdate

    (Appears on: Maintenance)

    MaintenanceAutoUpdate contains information about which constraints should be automatically updated.

    FieldDescription
    kubernetesVersion
    bool

    KubernetesVersion indicates whether the patch Kubernetes version may be automatically updated (default: true).

    machineImageVersion
    bool
    (Optional)

    MachineImageVersion indicates whether the machine image version may be automatically updated (default: true).

    MaintenanceTimeWindow

    (Appears on: Maintenance)

    MaintenanceTimeWindow contains information about the time window for maintenance operations.

    FieldDescription
    begin
    string

    Begin is the beginning of the time window in the format HHMMSS+ZONE, e.g. “220000+0100”. If not present, a random value will be computed.

    end
    string

    End is the end of the time window in the format HHMMSS+ZONE, e.g. “220000+0100”. If not present, the value will be computed based on the “Begin” value.

    MemorySwapConfiguration

    (Appears on: KubeletConfig)

    MemorySwapConfiguration contains kubelet swap configuration For more information, please see KEP: 2400-node-swap

    FieldDescription
    swapBehavior
    SwapBehavior
    (Optional)

    SwapBehavior configures swap memory available to container workloads. May be one of {“LimitedSwap”, “UnlimitedSwap”} defaults to: LimitedSwap

    Monitoring

    (Appears on: ShootSpec)

    Monitoring contains information about the monitoring configuration for the shoot.

    FieldDescription
    alerting
    Alerting
    (Optional)

    Alerting contains information about the alerting configuration for the shoot cluster.

    NamedResourceReference

    (Appears on: ExtensionResourceState, ShootSpec)

    NamedResourceReference is a named reference to a resource.

    FieldDescription
    name
    string

    Name of the resource reference.

    resourceRef
    Kubernetes autoscaling/v1.CrossVersionObjectReference

    ResourceRef is a reference to a resource.

    NamespacedCloudProfileSpec

    (Appears on: NamespacedCloudProfile)

    NamespacedCloudProfileSpec is the specification of a NamespacedCloudProfile.

    FieldDescription
    caBundle
    string
    (Optional)

    CABundle is a certificate bundle which will be installed onto every host machine of shoot cluster targeting this profile.

    kubernetes
    KubernetesSettings
    (Optional)

    Kubernetes contains constraints regarding allowed values of the ‘kubernetes’ block in the Shoot specification.

    machineImages
    []MachineImage
    (Optional)

    MachineImages contains constraints regarding allowed values for machine images in the Shoot specification.

    machineTypes
    []MachineType
    (Optional)

    MachineTypes contains constraints regarding allowed values for machine types in the ‘workers’ block in the Shoot specification.

    volumeTypes
    []VolumeType
    (Optional)

    VolumeTypes contains constraints regarding allowed values for volume types in the ‘workers’ block in the Shoot specification.

    parent
    CloudProfileReference

    Parent contains a reference to a CloudProfile it inherits from.

    providerConfig
    k8s.io/apimachinery/pkg/runtime.RawExtension
    (Optional)

    ProviderConfig contains provider-specific configuration for the profile.

    NamespacedCloudProfileStatus

    (Appears on: NamespacedCloudProfile)

    NamespacedCloudProfileStatus holds the most recently observed status of the NamespacedCloudProfile.

    FieldDescription
    cloudProfileSpec
    CloudProfileSpec

    CloudProfile is the most recently generated CloudProfile of the NamespacedCloudProfile.

    observedGeneration
    int64
    (Optional)

    ObservedGeneration is the most recent generation observed for this NamespacedCloudProfile.

    Networking

    (Appears on: ShootSpec)

    Networking defines networking parameters for the shoot cluster.

    FieldDescription
    type
    string
    (Optional)

    Type identifies the type of the networking plugin. This field is immutable.

    providerConfig
    k8s.io/apimachinery/pkg/runtime.RawExtension
    (Optional)

    ProviderConfig is the configuration passed to network resource.

    pods
    string
    (Optional)

    Pods is the CIDR of the pod network. This field is immutable.

    nodes
    string
    (Optional)

    Nodes is the CIDR of the entire node network. This field is mutable.

    services
    string
    (Optional)

    Services is the CIDR of the service network. This field is immutable.

    ipFamilies
    []IPFamily
    (Optional)

    IPFamilies specifies the IP protocol versions to use for shoot networking. This field is immutable. See https://github.com/gardener/gardener/blob/master/docs/development/ipv6.md. Defaults to [“IPv4”].

    NetworkingStatus

    (Appears on: ShootStatus)

    NetworkingStatus contains information about cluster networking such as CIDRs.

    FieldDescription
    pods
    []string
    (Optional)

    Pods are the CIDRs of the pod network.

    nodes
    []string
    (Optional)

    Nodes are the CIDRs of the node network.

    services
    []string
    (Optional)

    Services are the CIDRs of the service network.

    egressCIDRs
    []string
    (Optional)

    EgressCIDRs is a list of CIDRs used by the shoot as the source IP for egress traffic as reported by the used Infrastructure extension controller. For certain environments the egress IPs may not be stable in which case the extension controller may opt to not populate this field.

    NginxIngress

    (Appears on: Addons)

    NginxIngress describes configuration values for the nginx-ingress addon.

    FieldDescription
    Addon
    Addon

    (Members of Addon are embedded into this type.)

    loadBalancerSourceRanges
    []string
    (Optional)

    LoadBalancerSourceRanges is list of allowed IP sources for NginxIngress

    config
    map[string]string
    (Optional)

    Config contains custom configuration for the nginx-ingress-controller configuration. See https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/configmap.md#configuration-options

    externalTrafficPolicy
    Kubernetes core/v1.ServiceExternalTrafficPolicy
    (Optional)

    ExternalTrafficPolicy controls the .spec.externalTrafficPolicy value of the load balancer Service exposing the nginx-ingress. Defaults to Cluster.

    NodeLocalDNS

    (Appears on: SystemComponents)

    NodeLocalDNS contains the settings of the node local DNS components running in the data plane of the Shoot cluster.

    FieldDescription
    enabled
    bool

    Enabled indicates whether node local DNS is enabled or not.

    forceTCPToClusterDNS
    bool
    (Optional)

    ForceTCPToClusterDNS indicates whether the connection from the node local DNS to the cluster DNS (Core DNS) will be forced to TCP or not. Default, if unspecified, is to enforce TCP.

    forceTCPToUpstreamDNS
    bool
    (Optional)

    ForceTCPToUpstreamDNS indicates whether the connection from the node local DNS to the upstream DNS (infrastructure DNS) will be forced to TCP or not. Default, if unspecified, is to enforce TCP.

    disableForwardToUpstreamDNS
    bool
    (Optional)

    DisableForwardToUpstreamDNS indicates whether requests from node local DNS to upstream DNS should be disabled. Default, if unspecified, is to forward requests for external domains to upstream DNS

    OCIRepository

    (Appears on: HelmControllerDeployment)

    OCIRepository configures where to pull an OCI Artifact, that could contain for example a Helm Chart.

    FieldDescription
    ref
    string
    (Optional)

    Ref is the full artifact Ref and takes precedence over all other fields.

    repository
    string
    (Optional)

    Repository is a reference to an OCI artifact repository.

    tag
    string
    (Optional)

    Tag is the image tag to pull.

    digest
    string
    (Optional)

    Digest of the image to pull, takes precedence over tag.

    OIDCConfig

    (Appears on: KubeAPIServerConfig)

    OIDCConfig contains configuration settings for the OIDC provider. Note: Descriptions were taken from the Kubernetes documentation.

    FieldDescription
    caBundle
    string
    (Optional)

    If set, the OpenID server’s certificate will be verified by one of the authorities in the oidc-ca-file, otherwise the host’s root CA set will be used.

    clientAuthentication
    OpenIDConnectClientAuthentication
    (Optional)

    ClientAuthentication can optionally contain client configuration used for kubeconfig generation.

    Deprecated: This field has no implemented use and will be forbidden starting from Kubernetes 1.31. It’s use was planned for genereting OIDC kubeconfig https://github.com/gardener/gardener/issues/1433 TODO(AleksandarSavchev): Drop this field after support for Kubernetes 1.30 is dropped.

    clientID
    string
    (Optional)

    The client ID for the OpenID Connect client, must be set.

    groupsClaim
    string
    (Optional)

    If provided, the name of a custom OpenID Connect claim for specifying user groups. The claim value is expected to be a string or array of strings. This flag is experimental, please see the authentication documentation for further details.

    groupsPrefix
    string
    (Optional)

    If provided, all groups will be prefixed with this value to prevent conflicts with other authentication strategies.

    issuerURL
    string
    (Optional)

    The URL of the OpenID issuer, only HTTPS scheme will be accepted. Used to verify the OIDC JSON Web Token (JWT).

    requiredClaims
    map[string]string
    (Optional)

    key=value pairs that describes a required claim in the ID Token. If set, the claim is verified to be present in the ID Token with a matching value.

    signingAlgs
    []string
    (Optional)

    List of allowed JOSE asymmetric signing algorithms. JWTs with a ‘alg’ header value not in this list will be rejected. Values are defined by RFC 7518 https://tools.ietf.org/html/rfc7518#section-3.1

    usernameClaim
    string
    (Optional)

    The OpenID claim to use as the user name. Note that claims other than the default (‘sub’) is not guaranteed to be unique and immutable. This flag is experimental, please see the authentication documentation for further details. (default “sub”)

    usernamePrefix
    string
    (Optional)

    If provided, all usernames will be prefixed with this value. If not provided, username claims other than ‘email’ are prefixed by the issuer URL to avoid clashes. To skip any prefixing, provide the value ‘-’.

    ObservabilityRotation

    (Appears on: ShootCredentialsRotation)

    ObservabilityRotation contains information about the observability credential rotation.

    FieldDescription
    lastInitiationTime
    Kubernetes meta/v1.Time
    (Optional)

    LastInitiationTime is the most recent time when the observability credential rotation was initiated.

    lastCompletionTime
    Kubernetes meta/v1.Time
    (Optional)

    LastCompletionTime is the most recent time when the observability credential rotation was successfully completed.

    OpenIDConnectClientAuthentication

    (Appears on: OIDCConfig)

    OpenIDConnectClientAuthentication contains configuration for OIDC clients.

    FieldDescription
    extraConfig
    map[string]string
    (Optional)

    Extra configuration added to kubeconfig’s auth-provider. Must not be any of idp-issuer-url, client-id, client-secret, idp-certificate-authority, idp-certificate-authority-data, id-token or refresh-token

    secret
    string
    (Optional)

    The client Secret for the OpenID Connect client.

    ProjectMember

    (Appears on: ProjectSpec)

    ProjectMember is a member of a project.

    FieldDescription
    Subject
    Kubernetes rbac/v1.Subject

    (Members of Subject are embedded into this type.)

    Subject is representing a user name, an email address, or any other identifier of a user, group, or service account that has a certain role.

    role
    string

    Role represents the role of this member. IMPORTANT: Be aware that this field will be removed in the v1 version of this API in favor of the roles list. TODO: Remove this field in favor of the roles list in v1.

    roles
    []string
    (Optional)

    Roles represents the list of roles of this member.

    ProjectPhase (string alias)

    (Appears on: ProjectStatus)

    ProjectPhase is a label for the condition of a project at the current time.

    ProjectSpec

    (Appears on: Project)

    ProjectSpec is the specification of a Project.

    FieldDescription
    createdBy
    Kubernetes rbac/v1.Subject
    (Optional)

    CreatedBy is a subject representing a user name, an email address, or any other identifier of a user who created the project. This field is immutable.

    description
    string
    (Optional)

    Description is a human-readable description of what the project is used for.

    owner
    Kubernetes rbac/v1.Subject
    (Optional)

    Owner is a subject representing a user name, an email address, or any other identifier of a user owning the project. IMPORTANT: Be aware that this field will be removed in the v1 version of this API in favor of the owner role. The only way to change the owner will be by moving the owner role. In this API version the only way to change the owner is to use this field. TODO: Remove this field in favor of the owner role in v1.

    purpose
    string
    (Optional)

    Purpose is a human-readable explanation of the project’s purpose.

    members
    []ProjectMember
    (Optional)

    Members is a list of subjects representing a user name, an email address, or any other identifier of a user, group, or service account that has a certain role.

    namespace
    string
    (Optional)

    Namespace is the name of the namespace that has been created for the Project object. A nil value means that Gardener will determine the name of the namespace. This field is immutable.

    tolerations
    ProjectTolerations
    (Optional)

    Tolerations contains the tolerations for taints on seed clusters.

    dualApprovalForDeletion
    []DualApprovalForDeletion
    (Optional)

    DualApprovalForDeletion contains configuration for the dual approval concept for resource deletion.

    ProjectStatus

    (Appears on: Project)

    ProjectStatus holds the most recently observed status of the project.

    FieldDescription
    observedGeneration
    int64
    (Optional)

    ObservedGeneration is the most recent generation observed for this project.

    phase
    ProjectPhase

    Phase is the current phase of the project.

    staleSinceTimestamp
    Kubernetes meta/v1.Time
    (Optional)

    StaleSinceTimestamp contains the timestamp when the project was first discovered to be stale/unused.

    staleAutoDeleteTimestamp
    Kubernetes meta/v1.Time
    (Optional)

    StaleAutoDeleteTimestamp contains the timestamp when the project will be garbage-collected/automatically deleted because it’s stale/unused.

    lastActivityTimestamp
    Kubernetes meta/v1.Time
    (Optional)

    LastActivityTimestamp contains the timestamp from the last activity performed in this project.

    ProjectTolerations

    (Appears on: ProjectSpec)

    ProjectTolerations contains the tolerations for taints on seed clusters.

    FieldDescription
    defaults
    []Toleration
    (Optional)

    Defaults contains a list of tolerations that are added to the shoots in this project by default.

    whitelist
    []Toleration
    (Optional)

    Whitelist contains a list of tolerations that are allowed to be added to the shoots in this project. Please note that this list may only be added by users having the spec-tolerations-whitelist verb for project resources.

    Provider

    (Appears on: ShootSpec)

    Provider contains provider-specific information that are handed-over to the provider-specific extension controller.

    FieldDescription
    type
    string

    Type is the type of the provider. This field is immutable.

    controlPlaneConfig
    k8s.io/apimachinery/pkg/runtime.RawExtension
    (Optional)

    ControlPlaneConfig contains the provider-specific control plane config blob. Please look up the concrete definition in the documentation of your provider extension.

    infrastructureConfig
    k8s.io/apimachinery/pkg/runtime.RawExtension
    (Optional)

    InfrastructureConfig contains the provider-specific infrastructure config blob. Please look up the concrete definition in the documentation of your provider extension.

    workers
    []Worker
    (Optional)

    Workers is a list of worker groups.

    workersSettings
    WorkersSettings
    (Optional)

    WorkersSettings contains settings for all workers.

    ProxyMode (string alias)

    (Appears on: KubeProxyConfig)

    ProxyMode available in Linux platform: ‘userspace’ (older, going to be EOL), ‘iptables’ (newer, faster), ‘ipvs’ (newest, better in performance and scalability). As of now only ‘iptables’ and ‘ipvs’ is supported by Gardener. In Linux platform, if the iptables proxy is selected, regardless of how, but the system’s kernel or iptables versions are insufficient, this always falls back to the userspace proxy. IPVS mode will be enabled when proxy mode is set to ‘ipvs’, and the fall back path is firstly iptables and then userspace.

    QuotaSpec

    (Appears on: Quota)

    QuotaSpec is the specification of a Quota.

    FieldDescription
    clusterLifetimeDays
    int32
    (Optional)

    ClusterLifetimeDays is the lifetime of a Shoot cluster in days before it will be terminated automatically.

    metrics
    Kubernetes core/v1.ResourceList

    Metrics is a list of resources which will be put under constraints.

    scope
    Kubernetes core/v1.ObjectReference

    Scope is the scope of the Quota object, either ‘project’, ‘secret’ or ‘workloadidentity’. This field is immutable.

    Region

    (Appears on: CloudProfileSpec)

    Region contains certain properties of a region.

    FieldDescription
    name
    string

    Name is a region name.

    zones
    []AvailabilityZone
    (Optional)

    Zones is a list of availability zones in this region.

    labels
    map[string]string
    (Optional)

    Labels is an optional set of key-value pairs that contain certain administrator-controlled labels for this region. It can be used by Gardener administrators/operators to provide additional information about a region, e.g. wrt quality, reliability, etc.

    accessRestrictions
    []AccessRestriction
    (Optional)

    AccessRestrictions describe a list of access restrictions that can be used for Shoots using this region.

    ResourceData

    (Appears on: ShootStateSpec)

    ResourceData holds the data of a resource referred to by an extension controller state.

    FieldDescription
    CrossVersionObjectReference
    Kubernetes autoscaling/v1.CrossVersionObjectReference

    (Members of CrossVersionObjectReference are embedded into this type.)

    data
    k8s.io/apimachinery/pkg/runtime.RawExtension

    Data of the resource

    ResourceWatchCacheSize

    (Appears on: WatchCacheSizes)

    ResourceWatchCacheSize contains configuration of the API server’s watch cache size for one specific resource.

    FieldDescription
    apiGroup
    string
    (Optional)

    APIGroup is the API group of the resource for which the watch cache size should be configured. An unset value is used to specify the legacy core API (e.g. for secrets).

    resource
    string

    Resource is the name of the resource for which the watch cache size should be configured (in lowercase plural form, e.g. secrets).

    size
    int32

    CacheSize specifies the watch cache size that should be configured for the specified resource.

    SSHAccess

    (Appears on: WorkersSettings)

    SSHAccess contains settings regarding ssh access to the worker nodes.

    FieldDescription
    enabled
    bool

    Enabled indicates whether the SSH access to the worker nodes is ensured to be enabled or disabled in systemd. Defaults to true.

    SchedulingProfile (string alias)

    (Appears on: KubeSchedulerConfig)

    SchedulingProfile is a string alias used for scheduling profile values.

    SecretBindingProvider

    (Appears on: SecretBinding)

    SecretBindingProvider defines the provider type of the SecretBinding.

    FieldDescription
    type
    string

    Type is the type of the provider.

    For backwards compatibility, the field can contain multiple providers separated by a comma. However the usage of single SecretBinding (hence Secret) for different cloud providers is strongly discouraged.

    SeedBackup

    (Appears on: SeedSpec)

    SeedBackup contains the object store configuration for backups for shoot (currently only etcd).

    FieldDescription
    provider
    string

    Provider is a provider name. This field is immutable.

    providerConfig
    k8s.io/apimachinery/pkg/runtime.RawExtension
    (Optional)

    ProviderConfig is the configuration passed to BackupBucket resource.

    region
    string
    (Optional)

    Region is a region name. This field is immutable.

    secretRef
    Kubernetes core/v1.SecretReference

    SecretRef is a reference to a Secret object containing the cloud provider credentials for the object store where backups should be stored. It should have enough privileges to manipulate the objects as well as buckets.

    SeedDNS

    (Appears on: SeedSpec)

    SeedDNS contains DNS-relevant information about this seed cluster.

    FieldDescription
    provider
    SeedDNSProvider
    (Optional)

    Provider configures a DNSProvider

    SeedDNSProvider

    (Appears on: SeedDNS)

    SeedDNSProvider configures a DNSProvider for Seeds

    FieldDescription
    type
    string

    Type describes the type of the dns-provider, for example aws-route53

    secretRef
    Kubernetes core/v1.SecretReference

    SecretRef is a reference to a Secret object containing cloud provider credentials used for registering external domains.

    SeedNetworks

    (Appears on: SeedSpec)

    SeedNetworks contains CIDRs for the pod, service and node networks of a Kubernetes cluster.

    FieldDescription
    nodes
    string
    (Optional)

    Nodes is the CIDR of the node network. This field is immutable.

    pods
    string

    Pods is the CIDR of the pod network. This field is immutable.

    services
    string

    Services is the CIDR of the service network. This field is immutable.

    shootDefaults
    ShootNetworks
    (Optional)

    ShootDefaults contains the default networks CIDRs for shoots.

    blockCIDRs
    []string
    (Optional)

    BlockCIDRs is a list of network addresses that should be blocked for shoot control plane components running in the seed cluster.

    ipFamilies
    []IPFamily
    (Optional)

    IPFamilies specifies the IP protocol versions to use for seed networking. This field is immutable. See https://github.com/gardener/gardener/blob/master/docs/development/ipv6.md. Defaults to [“IPv4”].

    SeedProvider

    (Appears on: SeedSpec)

    SeedProvider defines the provider-specific information of this Seed cluster.

    FieldDescription
    type
    string

    Type is the name of the provider.

    providerConfig
    k8s.io/apimachinery/pkg/runtime.RawExtension
    (Optional)

    ProviderConfig is the configuration passed to Seed resource.

    region
    string

    Region is a name of a region.

    zones
    []string
    (Optional)

    Zones is the list of availability zones the seed cluster is deployed to.

    SeedSelector

    (Appears on: CloudProfileSpec, ExposureClassScheduling, ShootSpec)

    SeedSelector contains constraints for selecting seed to be usable for shoots using a profile

    FieldDescription
    LabelSelector
    Kubernetes meta/v1.LabelSelector

    (Members of LabelSelector are embedded into this type.)

    (Optional)

    LabelSelector is optional and can be used to select seeds by their label settings

    providerTypes
    []string
    (Optional)

    Providers is optional and can be used by restricting seeds by their provider type. ‘*’ can be used to enable seeds regardless of their provider type.

    SeedSettingDependencyWatchdog

    (Appears on: SeedSettings)

    SeedSettingDependencyWatchdog controls the dependency-watchdog settings for the seed.

    FieldDescription
    weeder
    SeedSettingDependencyWatchdogWeeder
    (Optional)

    Weeder controls the weeder settings for the dependency-watchdog for the seed.

    prober
    SeedSettingDependencyWatchdogProber
    (Optional)

    Prober controls the prober settings for the dependency-watchdog for the seed.

    SeedSettingDependencyWatchdogProber

    (Appears on: SeedSettingDependencyWatchdog)

    SeedSettingDependencyWatchdogProber controls the prober settings for the dependency-watchdog for the seed.

    FieldDescription
    enabled
    bool

    Enabled controls whether the probe controller(prober) of the dependency-watchdog should be enabled. This controller scales down the kube-controller-manager, machine-controller-manager and cluster-autoscaler of shoot clusters in case their respective kube-apiserver is not reachable via its external ingress in order to avoid melt-down situations.

    SeedSettingDependencyWatchdogWeeder

    (Appears on: SeedSettingDependencyWatchdog)

    SeedSettingDependencyWatchdogWeeder controls the weeder settings for the dependency-watchdog for the seed.

    FieldDescription
    enabled
    bool

    Enabled controls whether the endpoint controller(weeder) of the dependency-watchdog should be enabled. This controller helps to alleviate the delay where control plane components remain unavailable by finding the respective pods in CrashLoopBackoff status and restarting them once their dependants become ready and available again.

    SeedSettingExcessCapacityReservation

    (Appears on: SeedSettings)

    SeedSettingExcessCapacityReservation controls the excess capacity reservation for shoot control planes in the seed.

    FieldDescription
    enabled
    bool
    (Optional)

    Enabled controls whether the default excess capacity reservation should be enabled. When not specified, the functionality is enabled.

    configs
    []SeedSettingExcessCapacityReservationConfig
    (Optional)

    Configs configures excess capacity reservation deployments for shoot control planes in the seed.

    SeedSettingExcessCapacityReservationConfig

    (Appears on: SeedSettingExcessCapacityReservation)

    SeedSettingExcessCapacityReservationConfig configures excess capacity reservation deployments for shoot control planes in the seed.

    FieldDescription
    resources
    Kubernetes core/v1.ResourceList

    Resources specify the resource requests and limits of the excess-capacity-reservation pod.

    nodeSelector
    map[string]string
    (Optional)

    NodeSelector specifies the node where the excess-capacity-reservation pod should run.

    tolerations
    []Kubernetes core/v1.Toleration
    (Optional)

    Tolerations specify the tolerations for the the excess-capacity-reservation pod.

    SeedSettingLoadBalancerServices

    (Appears on: SeedSettings)

    SeedSettingLoadBalancerServices controls certain settings for services of type load balancer that are created in the seed.

    FieldDescription
    annotations
    map[string]string
    (Optional)

    Annotations is a map of annotations that will be injected/merged into every load balancer service object.

    externalTrafficPolicy
    Kubernetes core/v1.ServiceExternalTrafficPolicy
    (Optional)

    ExternalTrafficPolicy describes how nodes distribute service traffic they receive on one of the service’s “externally-facing” addresses. Defaults to “Cluster”.

    zones
    []SeedSettingLoadBalancerServicesZones
    (Optional)

    Zones controls settings, which are specific to the single-zone load balancers in a multi-zonal setup. Can be empty for single-zone seeds. Each specified zone has to relate to one of the zones in seed.spec.provider.zones.

    proxyProtocol
    LoadBalancerServicesProxyProtocol
    (Optional)

    ProxyProtocol controls whether ProxyProtocol is (optionally) allowed for the load balancer services. Defaults to nil, which is equivalent to not allowing ProxyProtocol.

    SeedSettingLoadBalancerServicesZones

    (Appears on: SeedSettingLoadBalancerServices)

    SeedSettingLoadBalancerServicesZones controls settings, which are specific to the single-zone load balancers in a multi-zonal setup.

    FieldDescription
    name
    string

    Name is the name of the zone as specified in seed.spec.provider.zones.

    annotations
    map[string]string
    (Optional)

    Annotations is a map of annotations that will be injected/merged into the zone-specific load balancer service object.

    externalTrafficPolicy
    Kubernetes core/v1.ServiceExternalTrafficPolicy
    (Optional)

    ExternalTrafficPolicy describes how nodes distribute service traffic they receive on one of the service’s “externally-facing” addresses. Defaults to “Cluster”.

    proxyProtocol
    LoadBalancerServicesProxyProtocol
    (Optional)

    ProxyProtocol controls whether ProxyProtocol is (optionally) allowed for the load balancer services. Defaults to nil, which is equivalent to not allowing ProxyProtocol.

    SeedSettingScheduling

    (Appears on: SeedSettings)

    SeedSettingScheduling controls settings for scheduling decisions for the seed.

    FieldDescription
    visible
    bool

    Visible controls whether the gardener-scheduler shall consider this seed when scheduling shoots. Invisible seeds are not considered by the scheduler.

    SeedSettingTopologyAwareRouting

    (Appears on: SeedSettings)

    SeedSettingTopologyAwareRouting controls certain settings for topology-aware traffic routing in the seed. See https://github.com/gardener/gardener/blob/master/docs/operations/topology_aware_routing.md.

    FieldDescription
    enabled
    bool

    Enabled controls whether certain Services deployed in the seed cluster should be topology-aware. These Services are etcd-main-client, etcd-events-client, kube-apiserver, gardener-resource-manager and vpa-webhook.

    SeedSettingVerticalPodAutoscaler

    (Appears on: SeedSettings)

    SeedSettingVerticalPodAutoscaler controls certain settings for the vertical pod autoscaler components deployed in the seed.

    FieldDescription
    enabled
    bool

    Enabled controls whether the VPA components shall be deployed into the garden namespace in the seed cluster. It is enabled by default because Gardener heavily relies on a VPA being deployed. You should only disable this if your seed cluster already has another, manually/custom managed VPA deployment.

    SeedSettings

    (Appears on: SeedSpec)

    SeedSettings contains certain settings for this seed cluster.

    FieldDescription
    excessCapacityReservation
    SeedSettingExcessCapacityReservation
    (Optional)

    ExcessCapacityReservation controls the excess capacity reservation for shoot control planes in the seed.

    scheduling
    SeedSettingScheduling
    (Optional)

    Scheduling controls settings for scheduling decisions for the seed.

    loadBalancerServices
    SeedSettingLoadBalancerServices
    (Optional)

    LoadBalancerServices controls certain settings for services of type load balancer that are created in the seed.

    verticalPodAutoscaler
    SeedSettingVerticalPodAutoscaler
    (Optional)

    VerticalPodAutoscaler controls certain settings for the vertical pod autoscaler components deployed in the seed.

    dependencyWatchdog
    SeedSettingDependencyWatchdog
    (Optional)

    DependencyWatchdog controls certain settings for the dependency-watchdog components deployed in the seed.

    topologyAwareRouting
    SeedSettingTopologyAwareRouting
    (Optional)

    TopologyAwareRouting controls certain settings for topology-aware traffic routing in the seed. See https://github.com/gardener/gardener/blob/master/docs/operations/topology_aware_routing.md.

    SeedSpec

    (Appears on: Seed, SeedTemplate)

    SeedSpec is the specification of a Seed.

    FieldDescription
    backup
    SeedBackup
    (Optional)

    Backup holds the object store configuration for the backups of shoot (currently only etcd). If it is not specified, then there won’t be any backups taken for shoots associated with this seed. If backup field is present in seed, then backups of the etcd from shoot control plane will be stored under the configured object store.

    dns
    SeedDNS

    DNS contains DNS-relevant information about this seed cluster.

    networks
    SeedNetworks

    Networks defines the pod, service and worker network of the Seed cluster.

    provider
    SeedProvider

    Provider defines the provider type and region for this Seed cluster.

    taints
    []SeedTaint
    (Optional)

    Taints describes taints on the seed.

    volume
    SeedVolume
    (Optional)

    Volume contains settings for persistentvolumes created in the seed cluster.

    settings
    SeedSettings
    (Optional)

    Settings contains certain settings for this seed cluster.

    ingress
    Ingress
    (Optional)

    Ingress configures Ingress specific settings of the Seed cluster. This field is immutable.

    accessRestrictions
    []AccessRestriction
    (Optional)

    AccessRestrictions describe a list of access restrictions for this seed cluster.

    SeedStatus

    (Appears on: Seed)

    SeedStatus is the status of a Seed.

    FieldDescription
    gardener
    Gardener
    (Optional)

    Gardener holds information about the Gardener which last acted on the Shoot.

    kubernetesVersion
    string
    (Optional)

    KubernetesVersion is the Kubernetes version of the seed cluster.

    conditions
    []Condition
    (Optional)

    Conditions represents the latest available observations of a Seed’s current state.

    observedGeneration
    int64
    (Optional)

    ObservedGeneration is the most recent generation observed for this Seed. It corresponds to the Seed’s generation, which is updated on mutation by the API Server.

    clusterIdentity
    string
    (Optional)

    ClusterIdentity is the identity of the Seed cluster. This field is immutable.

    capacity
    Kubernetes core/v1.ResourceList
    (Optional)

    Capacity represents the total resources of a seed.

    allocatable
    Kubernetes core/v1.ResourceList
    (Optional)

    Allocatable represents the resources of a seed that are available for scheduling. Defaults to Capacity.

    clientCertificateExpirationTimestamp
    Kubernetes meta/v1.Time
    (Optional)

    ClientCertificateExpirationTimestamp is the timestamp at which gardenlet’s client certificate expires.

    lastOperation
    LastOperation
    (Optional)

    LastOperation holds information about the last operation on the Seed.

    SeedTaint

    (Appears on: SeedSpec)

    SeedTaint describes a taint on a seed.

    FieldDescription
    key
    string

    Key is the taint key to be applied to a seed.

    value
    string
    (Optional)

    Value is the taint value corresponding to the taint key.

    SeedTemplate

    SeedTemplate is a template for creating a Seed object.

    FieldDescription
    metadata
    Kubernetes meta/v1.ObjectMeta
    (Optional)

    Standard object metadata.

    Refer to the Kubernetes API documentation for the fields of the metadata field.
    spec
    SeedSpec
    (Optional)

    Specification of the desired behavior of the Seed.



    backup
    SeedBackup
    (Optional)

    Backup holds the object store configuration for the backups of shoot (currently only etcd). If it is not specified, then there won’t be any backups taken for shoots associated with this seed. If backup field is present in seed, then backups of the etcd from shoot control plane will be stored under the configured object store.

    dns
    SeedDNS

    DNS contains DNS-relevant information about this seed cluster.

    networks
    SeedNetworks

    Networks defines the pod, service and worker network of the Seed cluster.

    provider
    SeedProvider

    Provider defines the provider type and region for this Seed cluster.

    taints
    []SeedTaint
    (Optional)

    Taints describes taints on the seed.

    volume
    SeedVolume
    (Optional)

    Volume contains settings for persistentvolumes created in the seed cluster.

    settings
    SeedSettings
    (Optional)

    Settings contains certain settings for this seed cluster.

    ingress
    Ingress
    (Optional)

    Ingress configures Ingress specific settings of the Seed cluster. This field is immutable.

    accessRestrictions
    []AccessRestriction
    (Optional)

    AccessRestrictions describe a list of access restrictions for this seed cluster.

    SeedVolume

    (Appears on: SeedSpec)

    SeedVolume contains settings for persistentvolumes created in the seed cluster.

    FieldDescription
    minimumSize
    k8s.io/apimachinery/pkg/api/resource.Quantity
    (Optional)

    MinimumSize defines the minimum size that should be used for PVCs in the seed.

    providers
    []SeedVolumeProvider
    (Optional)

    Providers is a list of storage class provisioner types for the seed.

    SeedVolumeProvider

    (Appears on: SeedVolume)

    SeedVolumeProvider is a storage class provisioner type.

    FieldDescription
    purpose
    string

    Purpose is the purpose of this provider.

    name
    string

    Name is the name of the storage class provisioner type.

    ServiceAccountConfig

    (Appears on: KubeAPIServerConfig)

    ServiceAccountConfig is the kube-apiserver configuration for service accounts.

    FieldDescription
    issuer
    string
    (Optional)

    Issuer is the identifier of the service account token issuer. The issuer will assert this identifier in “iss” claim of issued tokens. This value is used to generate new service account tokens. This value is a string or URI. Defaults to URI of the API server.

    extendTokenExpiration
    bool
    (Optional)

    ExtendTokenExpiration turns on projected service account expiration extension during token generation, which helps safe transition from legacy token to bound service account token feature. If this flag is enabled, admission injected tokens would be extended up to 1 year to prevent unexpected failure during transition, ignoring value of service-account-max-token-expiration.

    maxTokenExpiration
    Kubernetes meta/v1.Duration
    (Optional)

    MaxTokenExpiration is the maximum validity duration of a token created by the service account token issuer. If an otherwise valid TokenRequest with a validity duration larger than this value is requested, a token will be issued with a validity duration of this value. This field must be within [30d,90d].

    acceptedIssuers
    []string
    (Optional)

    AcceptedIssuers is an additional set of issuers that are used to determine which service account tokens are accepted. These values are not used to generate new service account tokens. Only useful when service account tokens are also issued by another external system or a change of the current issuer that is used for generating tokens is being performed.

    ServiceAccountKeyRotation

    (Appears on: ShootCredentialsRotation)

    ServiceAccountKeyRotation contains information about the service account key credential rotation.

    FieldDescription
    phase
    CredentialsRotationPhase

    Phase describes the phase of the service account key credential rotation.

    lastCompletionTime
    Kubernetes meta/v1.Time
    (Optional)

    LastCompletionTime is the most recent time when the service account key credential rotation was successfully completed.

    lastInitiationTime
    Kubernetes meta/v1.Time
    (Optional)

    LastInitiationTime is the most recent time when the service account key credential rotation was initiated.

    lastInitiationFinishedTime
    Kubernetes meta/v1.Time
    (Optional)

    LastInitiationFinishedTime is the recent time when the service account key credential rotation initiation was completed.

    lastCompletionTriggeredTime
    Kubernetes meta/v1.Time
    (Optional)

    LastCompletionTriggeredTime is the recent time when the service account key credential rotation completion was triggered.

    ShootAdvertisedAddress

    (Appears on: ShootStatus)

    ShootAdvertisedAddress contains information for the shoot’s Kube API server.

    FieldDescription
    name
    string

    Name of the advertised address. e.g. external

    url
    string

    The URL of the API Server. e.g. https://api.foo.bar or https://1.2.3.4

    ShootCredentials

    (Appears on: ShootStatus)

    ShootCredentials contains information about the shoot credentials.

    FieldDescription
    rotation
    ShootCredentialsRotation
    (Optional)

    Rotation contains information about the credential rotations.

    ShootCredentialsRotation

    (Appears on: ShootCredentials)

    ShootCredentialsRotation contains information about the rotation of credentials.

    FieldDescription
    certificateAuthorities
    CARotation
    (Optional)

    CertificateAuthorities contains information about the certificate authority credential rotation.

    kubeconfig
    ShootKubeconfigRotation
    (Optional)

    Kubeconfig contains information about the kubeconfig credential rotation.

    sshKeypair
    ShootSSHKeypairRotation
    (Optional)

    SSHKeypair contains information about the ssh-keypair credential rotation.

    observability
    ObservabilityRotation
    (Optional)

    Observability contains information about the observability credential rotation.

    serviceAccountKey
    ServiceAccountKeyRotation
    (Optional)

    ServiceAccountKey contains information about the service account key credential rotation.

    etcdEncryptionKey
    ETCDEncryptionKeyRotation
    (Optional)

    ETCDEncryptionKey contains information about the ETCD encryption key credential rotation.

    ShootKubeconfigRotation

    (Appears on: ShootCredentialsRotation)

    ShootKubeconfigRotation contains information about the kubeconfig credential rotation.

    FieldDescription
    lastInitiationTime
    Kubernetes meta/v1.Time
    (Optional)

    LastInitiationTime is the most recent time when the kubeconfig credential rotation was initiated.

    lastCompletionTime
    Kubernetes meta/v1.Time
    (Optional)

    LastCompletionTime is the most recent time when the kubeconfig credential rotation was successfully completed.

    ShootMachineImage

    (Appears on: Machine)

    ShootMachineImage defines the name and the version of the shoot’s machine image in any environment. Has to be defined in the respective CloudProfile.

    FieldDescription
    name
    string

    Name is the name of the image.

    providerConfig
    k8s.io/apimachinery/pkg/runtime.RawExtension
    (Optional)

    ProviderConfig is the shoot’s individual configuration passed to an extension resource.

    version
    string
    (Optional)

    Version is the version of the shoot’s image. If version is not provided, it will be defaulted to the latest version from the CloudProfile.

    ShootNetworks

    (Appears on: SeedNetworks)

    ShootNetworks contains the default networks CIDRs for shoots.

    FieldDescription
    pods
    string
    (Optional)

    Pods is the CIDR of the pod network.

    services
    string
    (Optional)

    Services is the CIDR of the service network.

    ShootPurpose (string alias)

    (Appears on: ShootSpec)

    ShootPurpose is a type alias for string.

    ShootSSHKeypairRotation

    (Appears on: ShootCredentialsRotation)

    ShootSSHKeypairRotation contains information about the ssh-keypair credential rotation.

    FieldDescription
    lastInitiationTime
    Kubernetes meta/v1.Time
    (Optional)

    LastInitiationTime is the most recent time when the ssh-keypair credential rotation was initiated.

    lastCompletionTime
    Kubernetes meta/v1.Time
    (Optional)

    LastCompletionTime is the most recent time when the ssh-keypair credential rotation was successfully completed.

    ShootSpec

    (Appears on: Shoot, ShootTemplate)

    ShootSpec is the specification of a Shoot.

    FieldDescription
    addons
    Addons
    (Optional)

    Addons contains information about enabled/disabled addons and their configuration.

    cloudProfileName
    string
    (Optional)

    CloudProfileName is a name of a CloudProfile object. This field will be deprecated soon, use CloudProfile instead.

    dns
    DNS
    (Optional)

    DNS contains information about the DNS settings of the Shoot.

    extensions
    []Extension
    (Optional)

    Extensions contain type and provider information for Shoot extensions.

    hibernation
    Hibernation
    (Optional)

    Hibernation contains information whether the Shoot is suspended or not.

    kubernetes
    Kubernetes

    Kubernetes contains the version and configuration settings of the control plane components.

    networking
    Networking
    (Optional)

    Networking contains information about cluster networking such as CNI Plugin type, CIDRs, …etc.

    maintenance
    Maintenance
    (Optional)

    Maintenance contains information about the time window for maintenance operations and which operations should be performed.

    monitoring
    Monitoring
    (Optional)

    Monitoring contains information about custom monitoring configurations for the shoot.

    provider
    Provider

    Provider contains all provider-specific and provider-relevant information.

    purpose
    ShootPurpose
    (Optional)

    Purpose is the purpose class for this cluster.

    region
    string

    Region is a name of a region. This field is immutable.

    secretBindingName
    string
    (Optional)

    SecretBindingName is the name of a SecretBinding that has a reference to the provider secret. The credentials inside the provider secret will be used to create the shoot in the respective account. The field is mutually exclusive with CredentialsBindingName. This field is immutable.

    seedName
    string
    (Optional)

    SeedName is the name of the seed cluster that runs the control plane of the Shoot.

    seedSelector
    SeedSelector
    (Optional)

    SeedSelector is an optional selector which must match a seed’s labels for the shoot to be scheduled on that seed.

    resources
    []NamedResourceReference
    (Optional)

    Resources holds a list of named resource references that can be referred to in extension configs by their names.

    tolerations
    []Toleration
    (Optional)

    Tolerations contains the tolerations for taints on seed clusters.

    exposureClassName
    string
    (Optional)

    ExposureClassName is the optional name of an exposure class to apply a control plane endpoint exposure strategy. This field is immutable.

    systemComponents
    SystemComponents
    (Optional)

    SystemComponents contains the settings of system components in the control or data plane of the Shoot cluster.

    controlPlane
    ControlPlane
    (Optional)

    ControlPlane contains general settings for the control plane of the shoot.

    schedulerName
    string
    (Optional)

    SchedulerName is the name of the responsible scheduler which schedules the shoot. If not specified, the default scheduler takes over. This field is immutable.

    cloudProfile
    CloudProfileReference
    (Optional)

    CloudProfile contains a reference to a CloudProfile or a NamespacedCloudProfile.

    credentialsBindingName
    string
    (Optional)

    CredentialsBindingName is the name of a CredentialsBinding that has a reference to the provider credentials. The credentials will be used to create the shoot in the respective account. The field is mutually exclusive with SecretBindingName.

    accessRestrictions
    []AccessRestrictionWithOptions
    (Optional)

    AccessRestrictions describe a list of access restrictions for this shoot cluster.

    ShootStateSpec

    (Appears on: ShootState)

    ShootStateSpec is the specification of the ShootState.

    FieldDescription
    gardener
    []GardenerResourceData
    (Optional)

    Gardener holds the data required to generate resources deployed by the gardenlet

    extensions
    []ExtensionResourceState
    (Optional)

    Extensions holds the state of custom resources reconciled by extension controllers in the seed

    resources
    []ResourceData
    (Optional)

    Resources holds the data of resources referred to by extension controller states

    ShootStatus

    (Appears on: Shoot)

    ShootStatus holds the most recently observed status of the Shoot cluster.

    FieldDescription
    conditions
    []Condition
    (Optional)

    Conditions represents the latest available observations of a Shoots’s current state.

    constraints
    []Condition
    (Optional)

    Constraints represents conditions of a Shoot’s current state that constraint some operations on it.

    gardener
    Gardener

    Gardener holds information about the Gardener which last acted on the Shoot.

    hibernated
    bool

    IsHibernated indicates whether the Shoot is currently hibernated.

    lastOperation
    LastOperation
    (Optional)

    LastOperation holds information about the last operation on the Shoot.

    lastErrors
    []LastError
    (Optional)

    LastErrors holds information about the last occurred error(s) during an operation.

    observedGeneration
    int64
    (Optional)

    ObservedGeneration is the most recent generation observed for this Shoot. It corresponds to the Shoot’s generation, which is updated on mutation by the API Server.

    retryCycleStartTime
    Kubernetes meta/v1.Time
    (Optional)

    RetryCycleStartTime is the start time of the last retry cycle (used to determine how often an operation must be retried until we give up).

    seedName
    string
    (Optional)

    SeedName is the name of the seed cluster that runs the control plane of the Shoot. This value is only written after a successful create/reconcile operation. It will be used when control planes are moved between Seeds.

    technicalID
    string

    TechnicalID is the name that is used for creating the Seed namespace, the infrastructure resources, and basically everything that is related to this particular Shoot. This field is immutable.

    uid
    k8s.io/apimachinery/pkg/types.UID

    UID is a unique identifier for the Shoot cluster to avoid portability between Kubernetes clusters. It is used to compute unique hashes. This field is immutable.

    clusterIdentity
    string
    (Optional)

    ClusterIdentity is the identity of the Shoot cluster. This field is immutable.

    advertisedAddresses
    []ShootAdvertisedAddress
    (Optional)

    List of addresses that are relevant to the shoot. These include the Kube API server address and also the service account issuer.

    migrationStartTime
    Kubernetes meta/v1.Time
    (Optional)

    MigrationStartTime is the time when a migration to a different seed was initiated.

    credentials
    ShootCredentials
    (Optional)

    Credentials contains information about the shoot credentials.

    lastHibernationTriggerTime
    Kubernetes meta/v1.Time
    (Optional)

    LastHibernationTriggerTime indicates the last time when the hibernation controller managed to change the hibernation settings of the cluster

    lastMaintenance
    LastMaintenance
    (Optional)

    LastMaintenance holds information about the last maintenance operations on the Shoot.

    encryptedResources
    []string
    (Optional)

    EncryptedResources is the list of resources in the Shoot which are currently encrypted. Secrets are encrypted by default and are not part of the list. See https://github.com/gardener/gardener/blob/master/docs/usage/security/etcd_encryption_config.md for more details.

    networking
    NetworkingStatus
    (Optional)

    Networking contains information about cluster networking such as CIDRs.

    ShootTemplate

    ShootTemplate is a template for creating a Shoot object.

    FieldDescription
    metadata
    Kubernetes meta/v1.ObjectMeta
    (Optional)

    Standard object metadata.

    Refer to the Kubernetes API documentation for the fields of the metadata field.
    spec
    ShootSpec
    (Optional)

    Specification of the desired behavior of the Shoot.



    addons
    Addons
    (Optional)

    Addons contains information about enabled/disabled addons and their configuration.

    cloudProfileName
    string
    (Optional)

    CloudProfileName is a name of a CloudProfile object. This field will be deprecated soon, use CloudProfile instead.

    dns
    DNS
    (Optional)

    DNS contains information about the DNS settings of the Shoot.

    extensions
    []Extension
    (Optional)

    Extensions contain type and provider information for Shoot extensions.

    hibernation
    Hibernation
    (Optional)

    Hibernation contains information whether the Shoot is suspended or not.

    kubernetes
    Kubernetes

    Kubernetes contains the version and configuration settings of the control plane components.

    networking
    Networking
    (Optional)

    Networking contains information about cluster networking such as CNI Plugin type, CIDRs, …etc.

    maintenance
    Maintenance
    (Optional)

    Maintenance contains information about the time window for maintenance operations and which operations should be performed.

    monitoring
    Monitoring
    (Optional)

    Monitoring contains information about custom monitoring configurations for the shoot.

    provider
    Provider

    Provider contains all provider-specific and provider-relevant information.

    purpose
    ShootPurpose
    (Optional)

    Purpose is the purpose class for this cluster.

    region
    string

    Region is a name of a region. This field is immutable.

    secretBindingName
    string
    (Optional)

    SecretBindingName is the name of a SecretBinding that has a reference to the provider secret. The credentials inside the provider secret will be used to create the shoot in the respective account. The field is mutually exclusive with CredentialsBindingName. This field is immutable.

    seedName
    string
    (Optional)

    SeedName is the name of the seed cluster that runs the control plane of the Shoot.

    seedSelector
    SeedSelector
    (Optional)

    SeedSelector is an optional selector which must match a seed’s labels for the shoot to be scheduled on that seed.

    resources
    []NamedResourceReference
    (Optional)

    Resources holds a list of named resource references that can be referred to in extension configs by their names.

    tolerations
    []Toleration
    (Optional)

    Tolerations contains the tolerations for taints on seed clusters.

    exposureClassName
    string
    (Optional)

    ExposureClassName is the optional name of an exposure class to apply a control plane endpoint exposure strategy. This field is immutable.

    systemComponents
    SystemComponents
    (Optional)

    SystemComponents contains the settings of system components in the control or data plane of the Shoot cluster.

    controlPlane
    ControlPlane
    (Optional)

    ControlPlane contains general settings for the control plane of the shoot.

    schedulerName
    string
    (Optional)

    SchedulerName is the name of the responsible scheduler which schedules the shoot. If not specified, the default scheduler takes over. This field is immutable.

    cloudProfile
    CloudProfileReference
    (Optional)

    CloudProfile contains a reference to a CloudProfile or a NamespacedCloudProfile.

    credentialsBindingName
    string
    (Optional)

    CredentialsBindingName is the name of a CredentialsBinding that has a reference to the provider credentials. The credentials will be used to create the shoot in the respective account. The field is mutually exclusive with SecretBindingName.

    accessRestrictions
    []AccessRestrictionWithOptions
    (Optional)

    AccessRestrictions describe a list of access restrictions for this shoot cluster.

    StructuredAuthentication

    (Appears on: KubeAPIServerConfig)

    StructuredAuthentication contains authentication config for kube-apiserver.

    FieldDescription
    configMapName
    string

    ConfigMapName is the name of the ConfigMap in the project namespace which contains AuthenticationConfiguration for the kube-apiserver.

    StructuredAuthorization

    (Appears on: KubeAPIServerConfig)

    StructuredAuthorization contains authorization config for kube-apiserver.

    FieldDescription
    configMapName
    string

    ConfigMapName is the name of the ConfigMap in the project namespace which contains AuthorizationConfiguration for the kube-apiserver.

    kubeconfigs
    []AuthorizerKubeconfigReference

    Kubeconfigs is a list of references for kubeconfigs for the authorization webhooks.

    SwapBehavior (string alias)

    (Appears on: MemorySwapConfiguration)

    SwapBehavior configures swap memory available to container workloads

    SystemComponents

    (Appears on: ShootSpec)

    SystemComponents contains the settings of system components in the control or data plane of the Shoot cluster.

    FieldDescription
    coreDNS
    CoreDNS
    (Optional)

    CoreDNS contains the settings of the Core DNS components running in the data plane of the Shoot cluster.

    nodeLocalDNS
    NodeLocalDNS
    (Optional)

    NodeLocalDNS contains the settings of the node local DNS components running in the data plane of the Shoot cluster.

    Toleration

    (Appears on: ExposureClassScheduling, ProjectTolerations, ShootSpec)

    Toleration is a toleration for a seed taint.

    FieldDescription
    key
    string

    Key is the toleration key to be applied to a project or shoot.

    value
    string
    (Optional)

    Value is the toleration value corresponding to the toleration key.

    VersionClassification (string alias)

    (Appears on: ExpirableVersion)

    VersionClassification is the logical state of a version.

    VerticalPodAutoscaler

    (Appears on: Kubernetes)

    VerticalPodAutoscaler contains the configuration flags for the Kubernetes vertical pod autoscaler.

    FieldDescription
    enabled
    bool

    Enabled specifies whether the Kubernetes VPA shall be enabled for the shoot cluster.

    evictAfterOOMThreshold
    Kubernetes meta/v1.Duration
    (Optional)

    EvictAfterOOMThreshold defines the threshold that will lead to pod eviction in case it OOMed in less than the given threshold since its start and if it has only one container (default: 10m0s).

    evictionRateBurst
    int32
    (Optional)

    EvictionRateBurst defines the burst of pods that can be evicted (default: 1)

    evictionRateLimit
    float64
    (Optional)

    EvictionRateLimit defines the number of pods that can be evicted per second. A rate limit set to 0 or -1 will disable the rate limiter (default: -1).

    evictionTolerance
    float64
    (Optional)

    EvictionTolerance defines the fraction of replica count that can be evicted for update in case more than one pod can be evicted (default: 0.5).

    recommendationMarginFraction
    float64
    (Optional)

    RecommendationMarginFraction is the fraction of usage added as the safety margin to the recommended request (default: 0.15).

    updaterInterval
    Kubernetes meta/v1.Duration
    (Optional)

    UpdaterInterval is the interval how often the updater should run (default: 1m0s).

    recommenderInterval
    Kubernetes meta/v1.Duration
    (Optional)

    RecommenderInterval is the interval how often metrics should be fetched (default: 1m0s).

    targetCPUPercentile
    float64
    (Optional)

    TargetCPUPercentile is the usage percentile that will be used as a base for CPU target recommendation. Doesn’t affect CPU lower bound, CPU upper bound nor memory recommendations. (default: 0.9)

    recommendationLowerBoundCPUPercentile
    float64
    (Optional)

    RecommendationLowerBoundCPUPercentile is the usage percentile that will be used for the lower bound on CPU recommendation. (default: 0.5)

    recommendationUpperBoundCPUPercentile
    float64
    (Optional)

    RecommendationUpperBoundCPUPercentile is the usage percentile that will be used for the upper bound on CPU recommendation. (default: 0.95)

    targetMemoryPercentile
    float64
    (Optional)

    TargetMemoryPercentile is the usage percentile that will be used as a base for memory target recommendation. Doesn’t affect memory lower bound nor memory upper bound. (default: 0.9)

    recommendationLowerBoundMemoryPercentile
    float64
    (Optional)

    RecommendationLowerBoundMemoryPercentile is the usage percentile that will be used for the lower bound on memory recommendation. (default: 0.5)

    recommendationUpperBoundMemoryPercentile
    float64
    (Optional)

    RecommendationUpperBoundMemoryPercentile is the usage percentile that will be used for the upper bound on memory recommendation. (default: 0.95)

    Volume

    (Appears on: Worker)

    Volume contains information about the volume type, size, and encryption.

    FieldDescription
    name
    string
    (Optional)

    Name of the volume to make it referencable.

    type
    string
    (Optional)

    Type is the type of the volume.

    size
    string

    VolumeSize is the size of the volume.

    encrypted
    bool
    (Optional)

    Encrypted determines if the volume should be encrypted.

    VolumeType

    (Appears on: CloudProfileSpec, NamespacedCloudProfileSpec)

    VolumeType contains certain properties of a volume type.

    FieldDescription
    class
    string

    Class is the class of the volume type.

    name
    string

    Name is the name of the volume type.

    usable
    bool
    (Optional)

    Usable defines if the volume type can be used for shoot clusters.

    minSize
    k8s.io/apimachinery/pkg/api/resource.Quantity
    (Optional)

    MinSize is the minimal supported storage size.

    WatchCacheSizes

    (Appears on: KubeAPIServerConfig)

    WatchCacheSizes contains configuration of the API server’s watch cache sizes.

    FieldDescription
    default
    int32
    (Optional)

    Default configures the default watch cache size of the kube-apiserver (flag --default-watch-cache-size, defaults to 100). See: https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/

    resources
    []ResourceWatchCacheSize
    (Optional)

    Resources configures the watch cache size of the kube-apiserver per resource (flag --watch-cache-sizes). See: https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/

    Worker

    (Appears on: Provider)

    Worker is the base definition of a worker group.

    FieldDescription
    annotations
    map[string]string
    (Optional)

    Annotations is a map of key/value pairs for annotations for all the Node objects in this worker pool.

    caBundle
    string
    (Optional)

    CABundle is a certificate bundle which will be installed onto every machine of this worker pool.

    cri
    CRI
    (Optional)

    CRI contains configurations of CRI support of every machine in the worker pool. Defaults to a CRI with name containerd.

    kubernetes
    WorkerKubernetes
    (Optional)

    Kubernetes contains configuration for Kubernetes components related to this worker pool.

    labels
    map[string]string
    (Optional)

    Labels is a map of key/value pairs for labels for all the Node objects in this worker pool.

    name
    string

    Name is the name of the worker group.

    machine
    Machine

    Machine contains information about the machine type and image.

    maximum
    int32

    Maximum is the maximum number of machines to create. This value is divided by the number of configured zones for a fair distribution.

    minimum
    int32

    Minimum is the minimum number of machines to create. This value is divided by the number of configured zones for a fair distribution.

    maxSurge
    k8s.io/apimachinery/pkg/util/intstr.IntOrString
    (Optional)

    MaxSurge is maximum number of machines that are created during an update. This value is divided by the number of configured zones for a fair distribution.

    maxUnavailable
    k8s.io/apimachinery/pkg/util/intstr.IntOrString
    (Optional)

    MaxUnavailable is the maximum number of machines that can be unavailable during an update. This value is divided by the number of configured zones for a fair distribution.

    providerConfig
    k8s.io/apimachinery/pkg/runtime.RawExtension
    (Optional)

    ProviderConfig is the provider-specific configuration for this worker pool.

    taints
    []Kubernetes core/v1.Taint
    (Optional)

    Taints is a list of taints for all the Node objects in this worker pool.

    volume
    Volume
    (Optional)

    Volume contains information about the volume type and size.

    dataVolumes
    []DataVolume
    (Optional)

    DataVolumes contains a list of additional worker volumes.

    kubeletDataVolumeName
    string
    (Optional)

    KubeletDataVolumeName contains the name of a dataVolume that should be used for storing kubelet state.

    zones
    []string
    (Optional)

    Zones is a list of availability zones that are used to evenly distribute this worker pool. Optional as not every provider may support availability zones.

    systemComponents
    WorkerSystemComponents
    (Optional)

    SystemComponents contains configuration for system components related to this worker pool

    machineControllerManager
    MachineControllerManagerSettings
    (Optional)

    MachineControllerManagerSettings contains configurations for different worker-pools. Eg. MachineDrainTimeout, MachineHealthTimeout.

    sysctls
    map[string]string
    (Optional)

    Sysctls is a map of kernel settings to apply on all machines in this worker pool.

    clusterAutoscaler
    ClusterAutoscalerOptions
    (Optional)

    ClusterAutoscaler contains the cluster autoscaler configurations for the worker pool.

    WorkerKubernetes

    (Appears on: Worker)

    WorkerKubernetes contains configuration for Kubernetes components related to this worker pool.

    FieldDescription
    kubelet
    KubeletConfig
    (Optional)

    Kubelet contains configuration settings for all kubelets of this worker pool. If set, all spec.kubernetes.kubelet settings will be overwritten for this worker pool (no merge of settings).

    version
    string
    (Optional)

    Version is the semantic Kubernetes version to use for the Kubelet in this Worker Group. If not specified the kubelet version is derived from the global shoot cluster kubernetes version. version must be equal or lower than the version of the shoot kubernetes version. Only one minor version difference to other worker groups and global kubernetes version is allowed.

    WorkerSystemComponents

    (Appears on: Worker)

    WorkerSystemComponents contains configuration for system components related to this worker pool

    FieldDescription
    allow
    bool

    Allow determines whether the pool should be allowed to host system components or not (defaults to true)

    WorkersSettings

    (Appears on: Provider)

    WorkersSettings contains settings for all workers.

    FieldDescription
    sshAccess
    SSHAccess
    (Optional)

    SSHAccess contains settings regarding ssh access to the worker nodes.


    Generated with gen-crd-api-reference-docs

    3 - Core V1

    Packages:

    core.gardener.cloud/v1

    Package v1 is a version of the API.

    Resource Types:

    ControllerDeployment

    ControllerDeployment contains information about how this controller is deployed.

    FieldDescription
    apiVersion
    string
    core.gardener.cloud/v1
    kind
    string
    ControllerDeployment
    metadata
    Kubernetes meta/v1.ObjectMeta

    Standard object metadata.

    Refer to the Kubernetes API documentation for the fields of the metadata field.
    helm
    HelmControllerDeployment
    (Optional)

    Helm configures that an extension controller is deployed using helm.

    HelmControllerDeployment

    (Appears on: ControllerDeployment)

    HelmControllerDeployment configures how an extension controller is deployed using helm.

    FieldDescription
    rawChart
    []byte
    (Optional)

    RawChart is the base64-encoded, gzip’ed, tar’ed extension controller chart.

    values
    Kubernetes apiextensions/v1.JSON
    (Optional)

    Values are the chart values.

    ociRepository
    OCIRepository
    (Optional)

    OCIRepository defines where to pull the chart.

    OCIRepository

    (Appears on: HelmControllerDeployment)

    OCIRepository configures where to pull an OCI Artifact, that could contain for example a Helm Chart.

    FieldDescription
    ref
    string
    (Optional)

    Ref is the full artifact Ref and takes precedence over all other fields.

    repository
    string
    (Optional)

    Repository is a reference to an OCI artifact repository.

    tag
    string
    (Optional)

    Tag is the image tag to pull.

    digest
    string
    (Optional)

    Digest of the image to pull, takes precedence over tag. The value should be in the format ‘sha256:’.


    Generated with gen-crd-api-reference-docs

    4 - Extensions

    Packages:

    extensions.gardener.cloud/v1alpha1

    Package v1alpha1 is the v1alpha1 version of the API.

    Resource Types:

    BackupBucket

    BackupBucket is a specification for backup bucket.

    FieldDescription
    apiVersion
    string
    extensions.gardener.cloud/v1alpha1
    kind
    string
    BackupBucket
    metadata
    Kubernetes meta/v1.ObjectMeta
    (Optional) Refer to the Kubernetes API documentation for the fields of the metadata field.
    spec
    BackupBucketSpec

    Specification of the BackupBucket. If the object’s deletion timestamp is set, this field is immutable.



    DefaultSpec
    DefaultSpec

    (Members of DefaultSpec are embedded into this type.)

    DefaultSpec is a structure containing common fields used by all extension resources.

    region
    string

    Region is the region of this bucket. This field is immutable.

    secretRef
    Kubernetes core/v1.SecretReference

    SecretRef is a reference to a secret that contains the credentials to access object store.

    status
    BackupBucketStatus
    (Optional)

    BackupEntry

    BackupEntry is a specification for backup Entry.

    FieldDescription
    apiVersion
    string
    extensions.gardener.cloud/v1alpha1
    kind
    string
    BackupEntry
    metadata
    Kubernetes meta/v1.ObjectMeta
    (Optional) Refer to the Kubernetes API documentation for the fields of the metadata field.
    spec
    BackupEntrySpec

    Specification of the BackupEntry. If the object’s deletion timestamp is set, this field is immutable.



    DefaultSpec
    DefaultSpec

    (Members of DefaultSpec are embedded into this type.)

    DefaultSpec is a structure containing common fields used by all extension resources.

    backupBucketProviderStatus
    k8s.io/apimachinery/pkg/runtime.RawExtension
    (Optional)

    BackupBucketProviderStatus contains the provider status that has been generated by the controller responsible for the BackupBucket resource.

    region
    string

    Region is the region of this Entry. This field is immutable.

    bucketName
    string

    BucketName is the name of backup bucket for this Backup Entry.

    secretRef
    Kubernetes core/v1.SecretReference

    SecretRef is a reference to a secret that contains the credentials to access object store.

    status
    BackupEntryStatus
    (Optional)

    Bastion

    Bastion is a bastion or jump host that is dynamically created to provide SSH access to shoot nodes.

    FieldDescription
    apiVersion
    string
    extensions.gardener.cloud/v1alpha1
    kind
    string
    Bastion
    metadata
    Kubernetes meta/v1.ObjectMeta
    (Optional) Refer to the Kubernetes API documentation for the fields of the metadata field.
    spec
    BastionSpec

    Spec is the specification of this Bastion. If the object’s deletion timestamp is set, this field is immutable.



    DefaultSpec
    DefaultSpec

    (Members of DefaultSpec are embedded into this type.)

    DefaultSpec is a structure containing common fields used by all extension resources.

    userData
    []byte

    UserData is the base64-encoded user data for the bastion instance. This should contain code to provision the SSH key on the bastion instance. This field is immutable.

    ingress
    []BastionIngressPolicy

    Ingress controls from where the created bastion host should be reachable.

    status
    BastionStatus
    (Optional)

    Status is the bastion’s status.

    Cluster

    Cluster is a specification for a Cluster resource.

    FieldDescription
    apiVersion
    string
    extensions.gardener.cloud/v1alpha1
    kind
    string
    Cluster
    metadata
    Kubernetes meta/v1.ObjectMeta
    Refer to the Kubernetes API documentation for the fields of the metadata field.
    spec
    ClusterSpec


    cloudProfile
    k8s.io/apimachinery/pkg/runtime.RawExtension

    CloudProfile is a raw extension field that contains the cloudprofile resource referenced by the shoot that has to be reconciled.

    seed
    k8s.io/apimachinery/pkg/runtime.RawExtension

    Seed is a raw extension field that contains the seed resource referenced by the shoot that has to be reconciled.

    shoot
    k8s.io/apimachinery/pkg/runtime.RawExtension

    Shoot is a raw extension field that contains the shoot resource that has to be reconciled.

    ContainerRuntime

    ContainerRuntime is a specification for a container runtime resource.

    FieldDescription
    apiVersion
    string
    extensions.gardener.cloud/v1alpha1
    kind
    string
    ContainerRuntime
    metadata
    Kubernetes meta/v1.ObjectMeta
    (Optional) Refer to the Kubernetes API documentation for the fields of the metadata field.
    spec
    ContainerRuntimeSpec

    Specification of the ContainerRuntime. If the object’s deletion timestamp is set, this field is immutable.



    binaryPath
    string

    BinaryPath is the Worker’s machine path where container runtime extensions should copy the binaries to.

    workerPool
    ContainerRuntimeWorkerPool

    WorkerPool identifies the worker pool of the Shoot. For each worker pool and type, Gardener deploys a ContainerRuntime CRD.

    DefaultSpec
    DefaultSpec

    (Members of DefaultSpec are embedded into this type.)

    DefaultSpec is a structure containing common fields used by all extension resources.

    status
    ContainerRuntimeStatus
    (Optional)

    ControlPlane

    ControlPlane is a specification for a ControlPlane resource.

    FieldDescription
    apiVersion
    string
    extensions.gardener.cloud/v1alpha1
    kind
    string
    ControlPlane
    metadata
    Kubernetes meta/v1.ObjectMeta
    Refer to the Kubernetes API documentation for the fields of the metadata field.
    spec
    ControlPlaneSpec

    Specification of the ControlPlane. If the object’s deletion timestamp is set, this field is immutable.



    DefaultSpec
    DefaultSpec

    (Members of DefaultSpec are embedded into this type.)

    DefaultSpec is a structure containing common fields used by all extension resources.

    purpose
    Purpose
    (Optional)

    Purpose contains the data if a cloud provider needs additional components in order to expose the control plane. This field is immutable.

    infrastructureProviderStatus
    k8s.io/apimachinery/pkg/runtime.RawExtension
    (Optional)

    InfrastructureProviderStatus contains the provider status that has been generated by the controller responsible for the Infrastructure resource.

    region
    string

    Region is the region of this control plane. This field is immutable.

    secretRef
    Kubernetes core/v1.SecretReference

    SecretRef is a reference to a secret that contains the cloud provider specific credentials.

    status
    ControlPlaneStatus
    (Optional)

    DNSRecord

    DNSRecord is a specification for a DNSRecord resource.

    FieldDescription
    apiVersion
    string
    extensions.gardener.cloud/v1alpha1
    kind
    string
    DNSRecord
    metadata
    Kubernetes meta/v1.ObjectMeta
    Refer to the Kubernetes API documentation for the fields of the metadata field.
    spec
    DNSRecordSpec

    Specification of the DNSRecord. If the object’s deletion timestamp is set, this field is immutable.



    DefaultSpec
    DefaultSpec

    (Members of DefaultSpec are embedded into this type.)

    DefaultSpec is a structure containing common fields used by all extension resources.

    secretRef
    Kubernetes core/v1.SecretReference

    SecretRef is a reference to a secret that contains the cloud provider specific credentials.

    region
    string
    (Optional)

    Region is the region of this DNS record. If not specified, the region specified in SecretRef will be used. If that is also not specified, the extension controller will use its default region.

    zone
    string
    (Optional)

    Zone is the DNS hosted zone of this DNS record. If not specified, it will be determined automatically by getting all hosted zones of the account and searching for the longest zone name that is a suffix of Name.

    name
    string

    Name is the fully qualified domain name, e.g. “api.”. This field is immutable.

    recordType
    DNSRecordType

    RecordType is the DNS record type. Only A, CNAME, and TXT records are currently supported. This field is immutable.

    values
    []string

    Values is a list of IP addresses for A records, a single hostname for CNAME records, or a list of texts for TXT records.

    ttl
    int64
    (Optional)

    TTL is the time to live in seconds. Defaults to 120.

    status
    DNSRecordStatus
    (Optional)

    Extension

    Extension is a specification for a Extension resource.

    FieldDescription
    apiVersion
    string
    extensions.gardener.cloud/v1alpha1
    kind
    string
    Extension
    metadata
    Kubernetes meta/v1.ObjectMeta
    (Optional) Refer to the Kubernetes API documentation for the fields of the metadata field.
    spec
    ExtensionSpec

    Specification of the Extension. If the object’s deletion timestamp is set, this field is immutable.



    DefaultSpec
    DefaultSpec

    (Members of DefaultSpec are embedded into this type.)

    DefaultSpec is a structure containing common fields used by all extension resources.

    status
    ExtensionStatus
    (Optional)

    Infrastructure

    Infrastructure is a specification for cloud provider infrastructure.

    FieldDescription
    apiVersion
    string
    extensions.gardener.cloud/v1alpha1
    kind
    string
    Infrastructure
    metadata
    Kubernetes meta/v1.ObjectMeta
    (Optional) Refer to the Kubernetes API documentation for the fields of the metadata field.
    spec
    InfrastructureSpec

    Specification of the Infrastructure. If the object’s deletion timestamp is set, this field is immutable.



    DefaultSpec
    DefaultSpec

    (Members of DefaultSpec are embedded into this type.)

    DefaultSpec is a structure containing common fields used by all extension resources.

    region
    string

    Region is the region of this infrastructure. This field is immutable.

    secretRef
    Kubernetes core/v1.SecretReference

    SecretRef is a reference to a secret that contains the cloud provider credentials.

    sshPublicKey
    []byte
    (Optional)

    SSHPublicKey is the public SSH key that should be used with this infrastructure.

    status
    InfrastructureStatus
    (Optional)

    Network

    Network is the specification for cluster networking.

    FieldDescription
    apiVersion
    string
    extensions.gardener.cloud/v1alpha1
    kind
    string
    Network
    metadata
    Kubernetes meta/v1.ObjectMeta
    (Optional) Refer to the Kubernetes API documentation for the fields of the metadata field.
    spec
    NetworkSpec

    Specification of the Network. If the object’s deletion timestamp is set, this field is immutable.



    DefaultSpec
    DefaultSpec

    (Members of DefaultSpec are embedded into this type.)

    DefaultSpec is a structure containing common fields used by all extension resources.

    podCIDR
    string

    PodCIDR defines the CIDR that will be used for pods. This field is immutable.

    serviceCIDR
    string

    ServiceCIDR defines the CIDR that will be used for services. This field is immutable.

    ipFamilies
    []IPFamily
    (Optional)

    IPFamilies specifies the IP protocol versions to use for shoot networking. This field is immutable. See https://github.com/gardener/gardener/blob/master/docs/development/ipv6.md

    status
    NetworkStatus
    (Optional)

    OperatingSystemConfig

    OperatingSystemConfig is a specification for a OperatingSystemConfig resource

    FieldDescription
    apiVersion
    string
    extensions.gardener.cloud/v1alpha1
    kind
    string
    OperatingSystemConfig
    metadata
    Kubernetes meta/v1.ObjectMeta
    (Optional) Refer to the Kubernetes API documentation for the fields of the metadata field.
    spec
    OperatingSystemConfigSpec

    Specification of the OperatingSystemConfig. If the object’s deletion timestamp is set, this field is immutable.



    criConfig
    CRIConfig
    (Optional)

    CRI config is a structure contains configurations of the CRI library

    DefaultSpec
    DefaultSpec

    (Members of DefaultSpec are embedded into this type.)

    DefaultSpec is a structure containing common fields used by all extension resources.

    purpose
    OperatingSystemConfigPurpose

    Purpose describes how the result of this OperatingSystemConfig is used by Gardener. Either it gets sent to the Worker extension controller to bootstrap a VM, or it is downloaded by the gardener-node-agent already running on a bootstrapped VM. This field is immutable.

    units
    []Unit
    (Optional)

    Units is a list of unit for the operating system configuration (usually, a systemd unit).

    files
    []File
    (Optional)

    Files is a list of files that should get written to the host’s file system.

    status
    OperatingSystemConfigStatus
    (Optional)

    Worker

    Worker is a specification for a Worker resource.

    FieldDescription
    apiVersion
    string
    extensions.gardener.cloud/v1alpha1
    kind
    string
    Worker
    metadata
    Kubernetes meta/v1.ObjectMeta
    (Optional) Refer to the Kubernetes API documentation for the fields of the metadata field.
    spec
    WorkerSpec

    Specification of the Worker. If the object’s deletion timestamp is set, this field is immutable.



    DefaultSpec
    DefaultSpec

    (Members of DefaultSpec are embedded into this type.)

    DefaultSpec is a structure containing common fields used by all extension resources.

    infrastructureProviderStatus
    k8s.io/apimachinery/pkg/runtime.RawExtension
    (Optional)

    InfrastructureProviderStatus is a raw extension field that contains the provider status that has been generated by the controller responsible for the Infrastructure resource.

    region
    string

    Region is the name of the region where the worker pool should be deployed to. This field is immutable.

    secretRef
    Kubernetes core/v1.SecretReference

    SecretRef is a reference to a secret that contains the cloud provider specific credentials.

    sshPublicKey
    []byte
    (Optional)

    SSHPublicKey is the public SSH key that should be used with these workers.

    pools
    []WorkerPool

    Pools is a list of worker pools.

    status
    WorkerStatus
    (Optional)

    BackupBucketSpec

    (Appears on: BackupBucket)

    BackupBucketSpec is the spec for an BackupBucket resource.

    FieldDescription
    DefaultSpec
    DefaultSpec

    (Members of DefaultSpec are embedded into this type.)

    DefaultSpec is a structure containing common fields used by all extension resources.

    region
    string

    Region is the region of this bucket. This field is immutable.

    secretRef
    Kubernetes core/v1.SecretReference

    SecretRef is a reference to a secret that contains the credentials to access object store.

    BackupBucketStatus

    (Appears on: BackupBucket)

    BackupBucketStatus is the status for an BackupBucket resource.

    FieldDescription
    DefaultStatus
    DefaultStatus

    (Members of DefaultStatus are embedded into this type.)

    DefaultStatus is a structure containing common fields used by all extension resources.

    generatedSecretRef
    Kubernetes core/v1.SecretReference
    (Optional)

    GeneratedSecretRef is reference to the secret generated by backup bucket, which will have object store specific credentials.

    BackupEntrySpec

    (Appears on: BackupEntry)

    BackupEntrySpec is the spec for an BackupEntry resource.

    FieldDescription
    DefaultSpec
    DefaultSpec

    (Members of DefaultSpec are embedded into this type.)

    DefaultSpec is a structure containing common fields used by all extension resources.

    backupBucketProviderStatus
    k8s.io/apimachinery/pkg/runtime.RawExtension
    (Optional)

    BackupBucketProviderStatus contains the provider status that has been generated by the controller responsible for the BackupBucket resource.

    region
    string

    Region is the region of this Entry. This field is immutable.

    bucketName
    string

    BucketName is the name of backup bucket for this Backup Entry.

    secretRef
    Kubernetes core/v1.SecretReference

    SecretRef is a reference to a secret that contains the credentials to access object store.

    BackupEntryStatus

    (Appears on: BackupEntry)

    BackupEntryStatus is the status for an BackupEntry resource.

    FieldDescription
    DefaultStatus
    DefaultStatus

    (Members of DefaultStatus are embedded into this type.)

    DefaultStatus is a structure containing common fields used by all extension resources.

    BastionIngressPolicy

    (Appears on: BastionSpec)

    BastionIngressPolicy represents an ingress policy for SSH bastion hosts.

    FieldDescription
    ipBlock
    Kubernetes networking/v1.IPBlock

    IPBlock defines an IP block that is allowed to access the bastion.

    BastionSpec

    (Appears on: Bastion)

    BastionSpec contains the specification for an SSH bastion host.

    FieldDescription
    DefaultSpec
    DefaultSpec

    (Members of DefaultSpec are embedded into this type.)

    DefaultSpec is a structure containing common fields used by all extension resources.

    userData
    []byte

    UserData is the base64-encoded user data for the bastion instance. This should contain code to provision the SSH key on the bastion instance. This field is immutable.

    ingress
    []BastionIngressPolicy

    Ingress controls from where the created bastion host should be reachable.

    BastionStatus

    (Appears on: Bastion)

    BastionStatus holds the most recently observed status of the Bastion.

    FieldDescription
    DefaultStatus
    DefaultStatus

    (Members of DefaultStatus are embedded into this type.)

    DefaultStatus is a structure containing common fields used by all extension resources.

    ingress
    Kubernetes core/v1.LoadBalancerIngress
    (Optional)

    Ingress is the external IP and/or hostname of the bastion host.

    CRIConfig

    (Appears on: OperatingSystemConfigSpec)

    CRIConfig contains configurations of the CRI library.

    FieldDescription
    name
    CRIName

    Name is a mandatory string containing the name of the CRI library. Supported values are containerd.

    cgroupDriver
    CgroupDriverName
    (Optional)

    CgroupDriver configures the CRI’s cgroup driver. Supported values are cgroupfs or systemd.

    containerd
    ContainerdConfig
    (Optional)

    ContainerdConfig is the containerd configuration. Only to be set for OperatingSystemConfigs with purpose ‘reconcile’.

    CRIName (string alias)

    (Appears on: CRIConfig)

    CRIName is a type alias for the CRI name string.

    CgroupDriverName (string alias)

    (Appears on: CRIConfig)

    CgroupDriverName is a string denoting the CRI cgroup driver.

    CloudConfig

    (Appears on: OperatingSystemConfigStatus)

    CloudConfig contains the generated output for the given operating system config spec. It contains a reference to a secret as the result may contain confidential data.

    FieldDescription
    secretRef
    Kubernetes core/v1.SecretReference

    SecretRef is a reference to a secret that contains the actual result of the generated cloud config.

    ClusterAutoscalerOptions

    (Appears on: WorkerPool)

    ClusterAutoscalerOptions contains the cluster autoscaler configurations for a worker pool.

    FieldDescription
    scaleDownUtilizationThreshold
    string
    (Optional)

    ScaleDownUtilizationThreshold defines the threshold in fraction (0.0 - 1.0) under which a node is being removed.

    scaleDownGpuUtilizationThreshold
    string
    (Optional)

    ScaleDownGpuUtilizationThreshold defines the threshold in fraction (0.0 - 1.0) of gpu resources under which a node is being removed.

    scaleDownUnneededTime
    Kubernetes meta/v1.Duration
    (Optional)

    ScaleDownUnneededTime defines how long a node should be unneeded before it is eligible for scale down.

    scaleDownUnreadyTime
    Kubernetes meta/v1.Duration
    (Optional)

    ScaleDownUnreadyTime defines how long an unready node should be unneeded before it is eligible for scale down.

    maxNodeProvisionTime
    Kubernetes meta/v1.Duration
    (Optional)

    MaxNodeProvisionTime defines how long cluster autoscaler should wait for a node to be provisioned.

    ClusterSpec

    (Appears on: Cluster)

    ClusterSpec is the spec for a Cluster resource.

    FieldDescription
    cloudProfile
    k8s.io/apimachinery/pkg/runtime.RawExtension

    CloudProfile is a raw extension field that contains the cloudprofile resource referenced by the shoot that has to be reconciled.

    seed
    k8s.io/apimachinery/pkg/runtime.RawExtension

    Seed is a raw extension field that contains the seed resource referenced by the shoot that has to be reconciled.

    shoot
    k8s.io/apimachinery/pkg/runtime.RawExtension

    Shoot is a raw extension field that contains the shoot resource that has to be reconciled.

    ContainerRuntimeSpec

    (Appears on: ContainerRuntime)

    ContainerRuntimeSpec is the spec for a ContainerRuntime resource.

    FieldDescription
    binaryPath
    string

    BinaryPath is the Worker’s machine path where container runtime extensions should copy the binaries to.

    workerPool
    ContainerRuntimeWorkerPool

    WorkerPool identifies the worker pool of the Shoot. For each worker pool and type, Gardener deploys a ContainerRuntime CRD.

    DefaultSpec
    DefaultSpec

    (Members of DefaultSpec are embedded into this type.)

    DefaultSpec is a structure containing common fields used by all extension resources.

    ContainerRuntimeStatus

    (Appears on: ContainerRuntime)

    ContainerRuntimeStatus is the status for a ContainerRuntime resource.

    FieldDescription
    DefaultStatus
    DefaultStatus

    (Members of DefaultStatus are embedded into this type.)

    DefaultStatus is a structure containing common fields used by all extension resources.

    ContainerRuntimeWorkerPool

    (Appears on: ContainerRuntimeSpec)

    ContainerRuntimeWorkerPool identifies a Shoot worker pool by its name and selector.

    FieldDescription
    name
    string

    Name specifies the name of the worker pool the container runtime should be available for. This field is immutable.

    selector
    Kubernetes meta/v1.LabelSelector

    Selector is the label selector used by the extension to match the nodes belonging to the worker pool.

    ContainerdConfig

    (Appears on: CRIConfig)

    ContainerdConfig contains configuration options for containerd.

    FieldDescription
    registries
    []RegistryConfig
    (Optional)

    Registries configures the registry hosts for containerd.

    sandboxImage
    string

    SandboxImage configures the sandbox image for containerd.

    plugins
    []PluginConfig
    (Optional)

    Plugins configures the plugins section in containerd’s config.toml.

    ControlPlaneSpec

    (Appears on: ControlPlane)

    ControlPlaneSpec is the spec of a ControlPlane resource.

    FieldDescription
    DefaultSpec
    DefaultSpec

    (Members of DefaultSpec are embedded into this type.)

    DefaultSpec is a structure containing common fields used by all extension resources.

    purpose
    Purpose
    (Optional)

    Purpose contains the data if a cloud provider needs additional components in order to expose the control plane. This field is immutable.

    infrastructureProviderStatus
    k8s.io/apimachinery/pkg/runtime.RawExtension
    (Optional)

    InfrastructureProviderStatus contains the provider status that has been generated by the controller responsible for the Infrastructure resource.

    region
    string

    Region is the region of this control plane. This field is immutable.

    secretRef
    Kubernetes core/v1.SecretReference

    SecretRef is a reference to a secret that contains the cloud provider specific credentials.

    ControlPlaneStatus

    (Appears on: ControlPlane)

    ControlPlaneStatus is the status of a ControlPlane resource.

    FieldDescription
    DefaultStatus
    DefaultStatus

    (Members of DefaultStatus are embedded into this type.)

    DefaultStatus is a structure containing common fields used by all extension resources.

    DNSRecordSpec

    (Appears on: DNSRecord)

    DNSRecordSpec is the spec of a DNSRecord resource.

    FieldDescription
    DefaultSpec
    DefaultSpec

    (Members of DefaultSpec are embedded into this type.)

    DefaultSpec is a structure containing common fields used by all extension resources.

    secretRef
    Kubernetes core/v1.SecretReference

    SecretRef is a reference to a secret that contains the cloud provider specific credentials.

    region
    string
    (Optional)

    Region is the region of this DNS record. If not specified, the region specified in SecretRef will be used. If that is also not specified, the extension controller will use its default region.

    zone
    string
    (Optional)

    Zone is the DNS hosted zone of this DNS record. If not specified, it will be determined automatically by getting all hosted zones of the account and searching for the longest zone name that is a suffix of Name.

    name
    string

    Name is the fully qualified domain name, e.g. “api.”. This field is immutable.

    recordType
    DNSRecordType

    RecordType is the DNS record type. Only A, CNAME, and TXT records are currently supported. This field is immutable.

    values
    []string

    Values is a list of IP addresses for A records, a single hostname for CNAME records, or a list of texts for TXT records.

    ttl
    int64
    (Optional)

    TTL is the time to live in seconds. Defaults to 120.

    DNSRecordStatus

    (Appears on: DNSRecord)

    DNSRecordStatus is the status of a DNSRecord resource.

    FieldDescription
    DefaultStatus
    DefaultStatus

    (Members of DefaultStatus are embedded into this type.)

    DefaultStatus is a structure containing common fields used by all extension resources.

    zone
    string
    (Optional)

    Zone is the DNS hosted zone of this DNS record.

    DNSRecordType (string alias)

    (Appears on: DNSRecordSpec)

    DNSRecordType is a string alias.

    DataVolume

    (Appears on: WorkerPool)

    DataVolume contains information about a data volume.

    FieldDescription
    name
    string

    Name of the volume to make it referencable.

    type
    string
    (Optional)

    Type is the type of the volume.

    size
    string

    Size is the of the root volume.

    encrypted
    bool
    (Optional)

    Encrypted determines if the volume should be encrypted.

    DefaultSpec

    (Appears on: BackupBucketSpec, BackupEntrySpec, BastionSpec, ContainerRuntimeSpec, ControlPlaneSpec, DNSRecordSpec, ExtensionSpec, InfrastructureSpec, NetworkSpec, OperatingSystemConfigSpec, WorkerSpec)

    DefaultSpec contains common status fields for every extension resource.

    FieldDescription
    type
    string

    Type contains the instance of the resource’s kind.

    class
    ExtensionClass
    (Optional)

    Class holds the extension class used to control the responsibility for multiple provider extensions.

    providerConfig
    k8s.io/apimachinery/pkg/runtime.RawExtension
    (Optional)

    ProviderConfig is the provider specific configuration.

    DefaultStatus

    (Appears on: BackupBucketStatus, BackupEntryStatus, BastionStatus, ContainerRuntimeStatus, ControlPlaneStatus, DNSRecordStatus, ExtensionStatus, InfrastructureStatus, NetworkStatus, OperatingSystemConfigStatus, WorkerStatus)

    DefaultStatus contains common status fields for every extension resource.

    FieldDescription
    providerStatus
    k8s.io/apimachinery/pkg/runtime.RawExtension
    (Optional)

    ProviderStatus contains provider-specific status.

    conditions
    []github.com/gardener/gardener/pkg/apis/core/v1beta1.Condition
    (Optional)

    Conditions represents the latest available observations of a Seed’s current state.

    lastError
    github.com/gardener/gardener/pkg/apis/core/v1beta1.LastError
    (Optional)

    LastError holds information about the last occurred error during an operation.

    lastOperation
    github.com/gardener/gardener/pkg/apis/core/v1beta1.LastOperation
    (Optional)

    LastOperation holds information about the last operation on the resource.

    observedGeneration
    int64

    ObservedGeneration is the most recent generation observed for this resource.

    state
    k8s.io/apimachinery/pkg/runtime.RawExtension
    (Optional)

    State can be filled by the operating controller with what ever data it needs.

    resources
    []github.com/gardener/gardener/pkg/apis/core/v1beta1.NamedResourceReference
    (Optional)

    Resources holds a list of named resource references that can be referred to in the state by their names.

    DropIn

    (Appears on: Unit)

    DropIn is a drop-in configuration for a systemd unit.

    FieldDescription
    name
    string

    Name is the name of the drop-in.

    content
    string

    Content is the content of the drop-in.

    ExtensionClass (string alias)

    (Appears on: DefaultSpec)

    ExtensionClass is a string alias for an extension class.

    ExtensionSpec

    (Appears on: Extension)

    ExtensionSpec is the spec for a Extension resource.

    FieldDescription
    DefaultSpec
    DefaultSpec

    (Members of DefaultSpec are embedded into this type.)

    DefaultSpec is a structure containing common fields used by all extension resources.

    ExtensionStatus

    (Appears on: Extension)

    ExtensionStatus is the status for a Extension resource.

    FieldDescription
    DefaultStatus
    DefaultStatus

    (Members of DefaultStatus are embedded into this type.)

    DefaultStatus is a structure containing common fields used by all extension resources.

    File

    (Appears on: OperatingSystemConfigSpec, OperatingSystemConfigStatus)

    File is a file that should get written to the host’s file system. The content can either be inlined or referenced from a secret in the same namespace.

    FieldDescription
    path
    string

    Path is the path of the file system where the file should get written to.

    permissions
    uint32
    (Optional)

    Permissions describes with which permissions the file should get written to the file system. If no permissions are set, the operating system’s defaults are used.

    content
    FileContent

    Content describe the file’s content.

    FileCodecID (string alias)

    FileCodecID is the id of a FileCodec for cloud-init scripts.

    FileContent

    (Appears on: File)

    FileContent can either reference a secret or contain inline configuration.

    FieldDescription
    secretRef
    FileContentSecretRef
    (Optional)

    SecretRef is a struct that contains information about the referenced secret.

    inline
    FileContentInline
    (Optional)

    Inline is a struct that contains information about the inlined data.

    transmitUnencoded
    bool
    (Optional)

    TransmitUnencoded set to true will ensure that the os-extension does not encode the file content when sent to the node. This for example can be used to manipulate the clear-text content before it reaches the node.

    imageRef
    FileContentImageRef
    (Optional)

    ImageRef describes a container image which contains a file.

    FileContentImageRef

    (Appears on: FileContent)

    FileContentImageRef describes a container image which contains a file

    FieldDescription
    image
    string

    Image contains the container image repository with tag.

    filePathInImage
    string

    FilePathInImage contains the path in the image to the file that should be extracted.

    FileContentInline

    (Appears on: FileContent)

    FileContentInline contains keys for inlining a file content’s data and encoding.

    FieldDescription
    encoding
    string

    Encoding is the file’s encoding (e.g. base64).

    data
    string

    Data is the file’s data.

    FileContentSecretRef

    (Appears on: FileContent)

    FileContentSecretRef contains keys for referencing a file content’s data from a secret in the same namespace.

    FieldDescription
    name
    string

    Name is the name of the secret.

    dataKey
    string

    DataKey is the key in the secret’s .data field that should be read.

    IPFamily (string alias)

    (Appears on: NetworkSpec)

    IPFamily is a type for specifying an IP protocol version to use in Gardener clusters.

    InfrastructureSpec

    (Appears on: Infrastructure)

    InfrastructureSpec is the spec for an Infrastructure resource.

    FieldDescription
    DefaultSpec
    DefaultSpec

    (Members of DefaultSpec are embedded into this type.)

    DefaultSpec is a structure containing common fields used by all extension resources.

    region
    string

    Region is the region of this infrastructure. This field is immutable.

    secretRef
    Kubernetes core/v1.SecretReference

    SecretRef is a reference to a secret that contains the cloud provider credentials.

    sshPublicKey
    []byte
    (Optional)

    SSHPublicKey is the public SSH key that should be used with this infrastructure.

    InfrastructureStatus

    (Appears on: Infrastructure)

    InfrastructureStatus is the status for an Infrastructure resource.

    FieldDescription
    DefaultStatus
    DefaultStatus

    (Members of DefaultStatus are embedded into this type.)

    DefaultStatus is a structure containing common fields used by all extension resources.

    nodesCIDR
    string
    (Optional)

    NodesCIDR is the CIDR of the node network that was optionally created by the acting extension controller. This might be needed in environments in which the CIDR for the network for the shoot worker node cannot be statically defined in the Shoot resource but must be computed dynamically.

    egressCIDRs
    []string
    (Optional)

    EgressCIDRs is a list of CIDRs used by the shoot as the source IP for egress traffic. For certain environments the egress IPs may not be stable in which case the extension controller may opt to not populate this field.

    networking
    InfrastructureStatusNetworking
    (Optional)

    Networking contains information about cluster networking such as CIDRs.

    InfrastructureStatusNetworking

    (Appears on: InfrastructureStatus)

    InfrastructureStatusNetworking is a structure containing information about the node, service and pod network ranges.

    FieldDescription
    pods
    []string
    (Optional)

    Pods are the CIDRs of the pod network.

    nodes
    []string
    (Optional)

    Nodes are the CIDRs of the node network.

    services
    []string
    (Optional)

    Services are the CIDRs of the service network.

    MachineDeployment

    (Appears on: WorkerStatus)

    MachineDeployment is a created machine deployment.

    FieldDescription
    name
    string

    Name is the name of the MachineDeployment resource.

    minimum
    int32

    Minimum is the minimum number for this machine deployment.

    maximum
    int32

    Maximum is the maximum number for this machine deployment.

    MachineImage

    (Appears on: WorkerPool)

    MachineImage contains logical information about the name and the version of the machie image that should be used. The logical information must be mapped to the provider-specific information (e.g., AMIs, …) by the provider itself.

    FieldDescription
    name
    string

    Name is the logical name of the machine image.

    version
    string

    Version is the version of the machine image.

    NetworkSpec

    (Appears on: Network)

    NetworkSpec is the spec for an Network resource.

    FieldDescription
    DefaultSpec
    DefaultSpec

    (Members of DefaultSpec are embedded into this type.)

    DefaultSpec is a structure containing common fields used by all extension resources.

    podCIDR
    string

    PodCIDR defines the CIDR that will be used for pods. This field is immutable.

    serviceCIDR
    string

    ServiceCIDR defines the CIDR that will be used for services. This field is immutable.

    ipFamilies
    []IPFamily
    (Optional)

    IPFamilies specifies the IP protocol versions to use for shoot networking. This field is immutable. See https://github.com/gardener/gardener/blob/master/docs/development/ipv6.md

    NetworkStatus

    (Appears on: Network)

    NetworkStatus is the status for an Network resource.

    FieldDescription
    DefaultStatus
    DefaultStatus

    (Members of DefaultStatus are embedded into this type.)

    DefaultStatus is a structure containing common fields used by all extension resources.

    NodeTemplate

    (Appears on: WorkerPool)

    NodeTemplate contains information about the expected node properties.

    FieldDescription
    capacity
    Kubernetes core/v1.ResourceList

    Capacity represents the expected Node capacity.

    Object

    Object is an extension object resource.

    OperatingSystemConfigPurpose (string alias)

    (Appears on: OperatingSystemConfigSpec)

    OperatingSystemConfigPurpose is a string alias.

    OperatingSystemConfigSpec

    (Appears on: OperatingSystemConfig)

    OperatingSystemConfigSpec is the spec for a OperatingSystemConfig resource.

    FieldDescription
    criConfig
    CRIConfig
    (Optional)

    CRI config is a structure contains configurations of the CRI library

    DefaultSpec
    DefaultSpec

    (Members of DefaultSpec are embedded into this type.)

    DefaultSpec is a structure containing common fields used by all extension resources.

    purpose
    OperatingSystemConfigPurpose

    Purpose describes how the result of this OperatingSystemConfig is used by Gardener. Either it gets sent to the Worker extension controller to bootstrap a VM, or it is downloaded by the gardener-node-agent already running on a bootstrapped VM. This field is immutable.

    units
    []Unit
    (Optional)

    Units is a list of unit for the operating system configuration (usually, a systemd unit).

    files
    []File
    (Optional)

    Files is a list of files that should get written to the host’s file system.

    OperatingSystemConfigStatus

    (Appears on: OperatingSystemConfig)

    OperatingSystemConfigStatus is the status for a OperatingSystemConfig resource.

    FieldDescription
    DefaultStatus
    DefaultStatus

    (Members of DefaultStatus are embedded into this type.)

    DefaultStatus is a structure containing common fields used by all extension resources.

    extensionUnits
    []Unit
    (Optional)

    ExtensionUnits is a list of additional systemd units provided by the extension.

    extensionFiles
    []File
    (Optional)

    ExtensionFiles is a list of additional files provided by the extension.

    cloudConfig
    CloudConfig
    (Optional)

    CloudConfig is a structure for containing the generated output for the given operating system config spec. It contains a reference to a secret as the result may contain confidential data.

    PluginConfig

    (Appears on: ContainerdConfig)

    PluginConfig contains configuration values for the containerd plugins section.

    FieldDescription
    op
    PluginPathOperation
    (Optional)

    Op is the operation for the given path. Possible values are ‘add’ and ‘remove’, defaults to ‘add’.

    path
    []string

    Path is a list of elements that construct the path in the plugins section.

    values
    k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON
    (Optional)

    Values are the values configured at the given path. If defined, it is expected as json format: - A given json object will be put to the given path. - If not configured, only the table entry to be created.

    PluginPathOperation (string alias)

    (Appears on: PluginConfig)

    PluginPathOperation is a type alias for operations at containerd’s plugin configuration.

    Purpose (string alias)

    (Appears on: ControlPlaneSpec)

    Purpose is a string alias.

    RegistryCapability (string alias)

    (Appears on: RegistryHost)

    RegistryCapability specifies an action a client can perform against a registry.

    RegistryConfig

    (Appears on: ContainerdConfig)

    RegistryConfig contains registry configuration options.

    FieldDescription
    upstream
    string

    Upstream is the upstream name of the registry.

    server
    string
    (Optional)

    Server is the URL to registry server of this upstream. It corresponds to the server field in the hosts.toml file, see https://github.com/containerd/containerd/blob/c51463010e0682f76dfdc10edc095e6596e2764b/docs/hosts.md#server-field for more information.

    hosts
    []RegistryHost

    Hosts are the registry hosts. It corresponds to the host fields in the hosts.toml file, see https://github.com/containerd/containerd/blob/c51463010e0682f76dfdc10edc095e6596e2764b/docs/hosts.md#host-fields-in-the-toml-table-format for more information.

    readinessProbe
    bool
    (Optional)

    ReadinessProbe determines if host registry endpoints should be probed before they are added to the containerd config.

    RegistryHost

    (Appears on: RegistryConfig)

    RegistryHost contains configuration values for a registry host.

    FieldDescription
    url
    string

    URL is the endpoint address of the registry mirror.

    capabilities
    []RegistryCapability

    Capabilities determine what operations a host is capable of performing. Defaults to - pull - resolve

    caCerts
    []string

    CACerts are paths to public key certificates used for TLS.

    Spec

    Spec is the spec section of an Object.

    Status

    Status is the status of an Object.

    Unit

    (Appears on: OperatingSystemConfigSpec, OperatingSystemConfigStatus)

    Unit is a unit for the operating system configuration (usually, a systemd unit).

    FieldDescription
    name
    string

    Name is the name of a unit.

    command
    UnitCommand
    (Optional)

    Command is the unit’s command.

    enable
    bool
    (Optional)

    Enable describes whether the unit is enabled or not.

    content
    string
    (Optional)

    Content is the unit’s content.

    dropIns
    []DropIn
    (Optional)

    DropIns is a list of drop-ins for this unit.

    filePaths
    []string

    FilePaths is a list of files the unit depends on. If any file changes a restart of the dependent unit will be triggered. For each FilePath there must exist a File with matching Path in OperatingSystemConfig.Spec.Files.

    UnitCommand (string alias)

    (Appears on: Unit)

    UnitCommand is a string alias.

    Volume

    (Appears on: WorkerPool)

    Volume contains information about the root disks that should be used for worker pools.

    FieldDescription
    name
    string
    (Optional)

    Name of the volume to make it referencable.

    type
    string
    (Optional)

    Type is the type of the volume.

    size
    string

    Size is the of the root volume.

    encrypted
    bool
    (Optional)

    Encrypted determines if the volume should be encrypted.

    WorkerPool

    (Appears on: WorkerSpec)

    WorkerPool is the definition of a specific worker pool.

    FieldDescription
    machineType
    string

    MachineType contains information about the machine type that should be used for this worker pool.

    maximum
    int32

    Maximum is the maximum size of the worker pool.

    maxSurge
    k8s.io/apimachinery/pkg/util/intstr.IntOrString

    MaxSurge is maximum number of VMs that are created during an update.

    maxUnavailable
    k8s.io/apimachinery/pkg/util/intstr.IntOrString

    MaxUnavailable is the maximum number of VMs that can be unavailable during an update.

    annotations
    map[string]string
    (Optional)

    Annotations is a map of key/value pairs for annotations for all the Node objects in this worker pool.

    labels
    map[string]string
    (Optional)

    Labels is a map of key/value pairs for labels for all the Node objects in this worker pool.

    taints
    []Kubernetes core/v1.Taint
    (Optional)

    Taints is a list of taints for all the Node objects in this worker pool.

    machineImage
    MachineImage

    MachineImage contains logical information about the name and the version of the machie image that should be used. The logical information must be mapped to the provider-specific information (e.g., AMIs, …) by the provider itself.

    minimum
    int32

    Minimum is the minimum size of the worker pool.

    name
    string

    Name is the name of this worker pool.

    nodeAgentSecretName
    string
    (Optional)

    NodeAgentSecretName is uniquely identifying selected aspects of the OperatingSystemConfig. If it changes, then the worker pool must be rolled.

    providerConfig
    k8s.io/apimachinery/pkg/runtime.RawExtension
    (Optional)

    ProviderConfig is a provider specific configuration for the worker pool.

    userDataSecretRef
    Kubernetes core/v1.SecretKeySelector

    UserDataSecretRef references a Secret and a data key containing the data that is sent to the provider’s APIs when a new machine/VM that is part of this worker pool shall be spawned.

    volume
    Volume
    (Optional)

    Volume contains information about the root disks that should be used for this worker pool.

    dataVolumes
    []DataVolume
    (Optional)

    DataVolumes contains a list of additional worker volumes.

    kubeletDataVolumeName
    string
    (Optional)

    KubeletDataVolumeName contains the name of a dataVolume that should be used for storing kubelet state.

    zones
    []string
    (Optional)

    Zones contains information about availability zones for this worker pool.

    machineControllerManager
    github.com/gardener/gardener/pkg/apis/core/v1beta1.MachineControllerManagerSettings
    (Optional)

    MachineControllerManagerSettings contains configurations for different worker-pools. Eg. MachineDrainTimeout, MachineHealthTimeout.

    kubernetesVersion
    string
    (Optional)

    KubernetesVersion is the kubernetes version in this worker pool

    nodeTemplate
    NodeTemplate
    (Optional)

    NodeTemplate contains resource information of the machine which is used by Cluster Autoscaler to generate nodeTemplate during scaling a nodeGroup from zero

    architecture
    string
    (Optional)

    Architecture is the CPU architecture of the worker pool machines and machine image.

    clusterAutoscaler
    ClusterAutoscalerOptions
    (Optional)

    ClusterAutoscaler contains the cluster autoscaler configurations for the worker pool.

    WorkerSpec

    (Appears on: Worker)

    WorkerSpec is the spec for a Worker resource.

    FieldDescription
    DefaultSpec
    DefaultSpec

    (Members of DefaultSpec are embedded into this type.)

    DefaultSpec is a structure containing common fields used by all extension resources.

    infrastructureProviderStatus
    k8s.io/apimachinery/pkg/runtime.RawExtension
    (Optional)

    InfrastructureProviderStatus is a raw extension field that contains the provider status that has been generated by the controller responsible for the Infrastructure resource.

    region
    string

    Region is the name of the region where the worker pool should be deployed to. This field is immutable.

    secretRef
    Kubernetes core/v1.SecretReference

    SecretRef is a reference to a secret that contains the cloud provider specific credentials.

    sshPublicKey
    []byte
    (Optional)

    SSHPublicKey is the public SSH key that should be used with these workers.

    pools
    []WorkerPool

    Pools is a list of worker pools.

    WorkerStatus

    (Appears on: Worker)

    WorkerStatus is the status for a Worker resource.

    FieldDescription
    DefaultStatus
    DefaultStatus

    (Members of DefaultStatus are embedded into this type.)

    DefaultStatus is a structure containing common fields used by all extension resources.

    machineDeployments
    []MachineDeployment

    MachineDeployments is a list of created machine deployments. It will be used to e.g. configure the cluster-autoscaler properly.

    machineDeploymentsLastUpdateTime
    Kubernetes meta/v1.Time
    (Optional)

    MachineDeploymentsLastUpdateTime is the timestamp when the status.MachineDeployments slice was last updated.


    Generated with gen-crd-api-reference-docs

    5 - Operations

    Packages:

    operations.gardener.cloud/v1alpha1

    Package v1alpha1 is a version of the API.

    Resource Types:

    Bastion

    Bastion holds details about an SSH bastion for a shoot cluster.

    FieldDescription
    apiVersion
    string
    operations.gardener.cloud/v1alpha1
    kind
    string
    Bastion
    metadata
    Kubernetes meta/v1.ObjectMeta

    Standard object metadata.

    Refer to the Kubernetes API documentation for the fields of the metadata field.
    spec
    BastionSpec

    Specification of the Bastion.



    shootRef
    Kubernetes core/v1.LocalObjectReference

    ShootRef defines the target shoot for a Bastion. The name field of the ShootRef is immutable.

    seedName
    string
    (Optional)

    SeedName is the name of the seed to which this Bastion is currently scheduled. This field is populated at the beginning of a create/reconcile operation.

    providerType
    string
    (Optional)

    ProviderType is cloud provider used by the referenced Shoot.

    sshPublicKey
    string

    SSHPublicKey is the user’s public key. This field is immutable.

    ingress
    []BastionIngressPolicy

    Ingress controls from where the created bastion host should be reachable.

    status
    BastionStatus
    (Optional)

    Most recently observed status of the Bastion.

    BastionIngressPolicy

    (Appears on: BastionSpec)

    BastionIngressPolicy represents an ingress policy for SSH bastion hosts.

    FieldDescription
    ipBlock
    Kubernetes networking/v1.IPBlock

    IPBlock defines an IP block that is allowed to access the bastion.

    BastionSpec

    (Appears on: Bastion)

    BastionSpec is the specification of a Bastion.

    FieldDescription
    shootRef
    Kubernetes core/v1.LocalObjectReference

    ShootRef defines the target shoot for a Bastion. The name field of the ShootRef is immutable.

    seedName
    string
    (Optional)

    SeedName is the name of the seed to which this Bastion is currently scheduled. This field is populated at the beginning of a create/reconcile operation.

    providerType
    string
    (Optional)

    ProviderType is cloud provider used by the referenced Shoot.

    sshPublicKey
    string

    SSHPublicKey is the user’s public key. This field is immutable.

    ingress
    []BastionIngressPolicy

    Ingress controls from where the created bastion host should be reachable.

    BastionStatus

    (Appears on: Bastion)

    BastionStatus holds the most recently observed status of the Bastion.

    FieldDescription
    ingress
    Kubernetes core/v1.LoadBalancerIngress
    (Optional)

    Ingress holds the public IP and/or hostname of the bastion instance.

    conditions
    []github.com/gardener/gardener/pkg/apis/core/v1beta1.Condition
    (Optional)

    Conditions represents the latest available observations of a Bastion’s current state.

    lastHeartbeatTimestamp
    Kubernetes meta/v1.Time
    (Optional)

    LastHeartbeatTimestamp is the time when the bastion was last marked as not to be deleted. When this is set, the ExpirationTimestamp is advanced as well.

    expirationTimestamp
    Kubernetes meta/v1.Time
    (Optional)

    ExpirationTimestamp is the time after which a Bastion is supposed to be garbage collected.

    observedGeneration
    int64
    (Optional)

    ObservedGeneration is the most recent generation observed for this Bastion. It corresponds to the Bastion’s generation, which is updated on mutation by the API Server.


    Generated with gen-crd-api-reference-docs

    6 - Operator

    Packages:

    operator.gardener.cloud/v1alpha1

    Package v1alpha1 contains the configuration of the Gardener Operator.

    Resource Types:

      AdmissionDeploymentSpec

      (Appears on: Deployment)

      AdmissionDeploymentSpec contains the deployment specification for the admission controller of an extension.

      FieldDescription
      runtimeCluster
      DeploymentSpec
      (Optional)

      RuntimeCluster is the deployment configuration for the admission in the runtime cluster. The runtime deployment is responsible for creating the admission controller in the runtime cluster.

      virtualCluster
      DeploymentSpec
      (Optional)

      VirtualCluster is the deployment configuration for the admission deployment in the garden cluster. The garden deployment installs necessary resources in the virtual garden cluster e.g. RBAC that are necessary for the admission controller.

      values
      k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON
      (Optional)

      Values are the deployment values. The values will be applied to both admission deployments.

      AuditWebhook

      (Appears on: GardenerAPIServerConfig, KubeAPIServerConfig)

      AuditWebhook contains settings related to an audit webhook configuration.

      FieldDescription
      batchMaxSize
      int32
      (Optional)

      BatchMaxSize is the maximum size of a batch.

      kubeconfigSecretName
      string

      KubeconfigSecretName specifies the name of a secret containing the kubeconfig for this webhook.

      version
      string
      (Optional)

      Version is the API version to send and expect from the webhook.

      Authentication

      (Appears on: KubeAPIServerConfig)

      Authentication contains settings related to authentication.

      FieldDescription
      webhook
      AuthenticationWebhook
      (Optional)

      Webhook contains settings related to an authentication webhook configuration.

      AuthenticationWebhook

      (Appears on: Authentication)

      AuthenticationWebhook contains settings related to an authentication webhook configuration.

      FieldDescription
      cacheTTL
      Kubernetes meta/v1.Duration
      (Optional)

      CacheTTL is the duration to cache responses from the webhook authenticator.

      kubeconfigSecretName
      string

      KubeconfigSecretName specifies the name of a secret containing the kubeconfig for this webhook.

      version
      string
      (Optional)

      Version is the API version to send and expect from the webhook.

      Backup

      (Appears on: ETCDMain)

      Backup contains the object store configuration for backups for the virtual garden etcd.

      FieldDescription
      provider
      string

      Provider is a provider name. This field is immutable.

      bucketName
      string
      (Optional)

      BucketName is the name of the backup bucket. If not provided, gardener-operator attempts to manage a new bucket. In this case, the cloud provider credentials provided in the SecretRef must have enough privileges for creating and deleting buckets.

      providerConfig
      k8s.io/apimachinery/pkg/runtime.RawExtension
      (Optional)

      ProviderConfig is the provider-specific configuration passed to BackupBucket resource.

      secretRef
      Kubernetes core/v1.LocalObjectReference

      SecretRef is a reference to a Secret object containing the cloud provider credentials for the object store where backups should be stored. It should have enough privileges to manipulate the objects as well as buckets.

      ControlPlane

      (Appears on: VirtualCluster)

      ControlPlane holds information about the general settings for the control plane of the virtual garden cluster.

      FieldDescription
      highAvailability
      HighAvailability
      (Optional)

      HighAvailability holds the configuration settings for high availability settings.

      Credentials

      (Appears on: GardenStatus)

      Credentials contains information about the virtual garden cluster credentials.

      FieldDescription
      rotation
      CredentialsRotation
      (Optional)

      Rotation contains information about the credential rotations.

      CredentialsRotation

      (Appears on: Credentials)

      CredentialsRotation contains information about the rotation of credentials.

      FieldDescription
      certificateAuthorities
      github.com/gardener/gardener/pkg/apis/core/v1beta1.CARotation
      (Optional)

      CertificateAuthorities contains information about the certificate authority credential rotation.

      serviceAccountKey
      github.com/gardener/gardener/pkg/apis/core/v1beta1.ServiceAccountKeyRotation
      (Optional)

      ServiceAccountKey contains information about the service account key credential rotation.

      etcdEncryptionKey
      github.com/gardener/gardener/pkg/apis/core/v1beta1.ETCDEncryptionKeyRotation
      (Optional)

      ETCDEncryptionKey contains information about the ETCD encryption key credential rotation.

      observability
      github.com/gardener/gardener/pkg/apis/core/v1beta1.ObservabilityRotation
      (Optional)

      Observability contains information about the observability credential rotation.

      workloadIdentityKey
      WorkloadIdentityKeyRotation
      (Optional)

      WorkloadIdentityKey contains information about the workload identity key credential rotation.

      DNS

      (Appears on: VirtualCluster)

      DNS holds information about DNS settings.

      FieldDescription
      domains
      []DNSDomain

      Domains are the external domains of the virtual garden cluster. The first given domain in this list is immutable.

      DNSDomain

      (Appears on: DNS, Ingress)

      DNSDomain defines a DNS domain with optional provider.

      FieldDescription
      name
      string

      Name is the domain name.

      provider
      string
      (Optional)

      Provider is the name of the DNS provider as declared in the ‘.spec.dns.providers’ section. It is only optional, if the .spec.dns section is not provided at all.

      DNSManagement

      (Appears on: GardenSpec)

      DNSManagement contains specifications of DNS providers.

      FieldDescription
      providers
      []DNSProvider

      Providers is a list of DNS providers.

      DNSProvider

      (Appears on: DNSManagement)

      DNSProvider contains the configuration for a DNS provider.

      FieldDescription
      name
      string

      Name is the name of the DNS provider.

      type
      string

      Type is the type of the DNS provider.

      providerConfig
      k8s.io/apimachinery/pkg/runtime.RawExtension
      (Optional)

      Config is the provider-specific configuration passed to DNSRecord resources.

      secretRef
      Kubernetes core/v1.LocalObjectReference

      SecretRef is a reference to a Secret object containing the DNS provider credentials.

      DashboardGitHub

      (Appears on: GardenerDashboardConfig)

      DashboardGitHub contains configuration for the GitHub ticketing feature.

      FieldDescription
      apiURL
      string

      APIURL is the URL to the GitHub API.

      organisation
      string

      Organisation is the name of the GitHub organisation.

      repository
      string

      Repository is the name of the GitHub repository.

      secretRef
      Kubernetes core/v1.LocalObjectReference

      SecretRef is the reference to a secret in the garden namespace containing the GitHub credentials.

      pollInterval
      Kubernetes meta/v1.Duration
      (Optional)

      PollInterval is the interval of how often the GitHub API is polled for issue updates. This field is used as a fallback mechanism to ensure state synchronization, even when there is a GitHub webhook configuration. If a webhook event is missed or not successfully delivered, the polling will help catch up on any missed updates. If this field is not provided and there is no ‘webhookSecret’ key in the referenced secret, it will be implicitly defaulted to 15m.

      DashboardOIDC

      (Appears on: GardenerDashboardConfig)

      DashboardOIDC contains configuration for the OIDC settings.

      FieldDescription
      sessionLifetime
      Kubernetes meta/v1.Duration
      (Optional)

      SessionLifetime is the maximum duration of a session.

      additionalScopes
      []string
      (Optional)

      AdditionalScopes is the list of additional OIDC scopes.

      secretRef
      Kubernetes core/v1.LocalObjectReference

      SecretRef is the reference to a secret in the garden namespace containing the OIDC client ID and secret for the dashboard.

      DashboardTerminal

      (Appears on: GardenerDashboardConfig)

      DashboardTerminal contains configuration for the terminal settings.

      FieldDescription
      container
      DashboardTerminalContainer

      Container contains configuration for the dashboard terminal container.

      allowedHosts
      []string
      (Optional)

      AllowedHosts should consist of permitted hostnames (without the scheme) for terminal connections. It is important to consider that the usage of wildcards follows the rules defined by the content security policy. ‘.seed.local.gardener.cloud’, or ‘.other-seeds.local.gardener.cloud’. For more information, see https://github.com/gardener/dashboard/blob/master/docs/operations/webterminals.md#allowlist-for-hosts.

      DashboardTerminalContainer

      (Appears on: DashboardTerminal)

      DashboardTerminalContainer contains configuration for the dashboard terminal container.

      FieldDescription
      image
      string

      Image is the container image for the dashboard terminal container.

      description
      string
      (Optional)

      Description is a description for the dashboard terminal container with hints for the user.

      Deployment

      (Appears on: ExtensionSpec)

      Deployment specifies how an extension can be installed for a Gardener landscape. It includes the specification for installing an extension and/or an admission controller.

      FieldDescription
      extension
      ExtensionDeploymentSpec
      (Optional)

      ExtensionDeployment contains the deployment configuration an extension.

      admission
      AdmissionDeploymentSpec
      (Optional)

      AdmissionDeployment contains the deployment configuration for an admission controller.

      DeploymentSpec

      (Appears on: AdmissionDeploymentSpec, ExtensionDeploymentSpec)

      DeploymentSpec is the specification for the deployment of a component.

      FieldDescription
      helm
      ExtensionHelm

      Helm contains the specification for a Helm deployment.

      ETCD

      (Appears on: VirtualCluster)

      ETCD contains configuration for the etcds of the virtual garden cluster.

      FieldDescription
      main
      ETCDMain
      (Optional)

      Main contains configuration for the main etcd.

      events
      ETCDEvents
      (Optional)

      Events contains configuration for the events etcd.

      ETCDEvents

      (Appears on: ETCD)

      ETCDEvents contains configuration for the events etcd.

      FieldDescription
      storage
      Storage
      (Optional)

      Storage contains storage configuration.

      ETCDMain

      (Appears on: ETCD)

      ETCDMain contains configuration for the main etcd.

      FieldDescription
      backup
      Backup
      (Optional)

      Backup contains the object store configuration for backups for the virtual garden etcd.

      storage
      Storage
      (Optional)

      Storage contains storage configuration.

      Extension

      Extension describes a Gardener extension.

      FieldDescription
      metadata
      Kubernetes meta/v1.ObjectMeta

      Standard object metadata.

      Refer to the Kubernetes API documentation for the fields of the metadata field.
      spec
      ExtensionSpec

      Spec contains the specification of this extension.



      resources
      []github.com/gardener/gardener/pkg/apis/core/v1beta1.ControllerResource
      (Optional)

      Resources is a list of combinations of kinds (DNSRecord, Backupbucket, …) and their actual types (aws-route53, gcp).

      deployment
      Deployment
      (Optional)

      Deployment contains deployment configuration for an extension and it’s admission controller.

      status
      ExtensionStatus

      Status contains the status of this extension.

      ExtensionDeploymentSpec

      (Appears on: Deployment)

      ExtensionDeploymentSpec specifies how to install the extension in a gardener landscape. The installation is split into two parts: - installing the extension in the virtual garden cluster by creating the ControllerRegistration and ControllerDeployment - installing the extension in the runtime cluster (if necessary).

      FieldDescription
      DeploymentSpec
      DeploymentSpec

      (Members of DeploymentSpec are embedded into this type.)

      (Optional)

      DeploymentSpec is the deployment configuration for the extension.

      values
      k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON
      (Optional)

      Values are the deployment values used in the creation of the ControllerDeployment in the virtual garden cluster.

      runtimeClusterValues
      k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON
      (Optional)

      RuntimeClusterValues are the deployment values for the extension deployment running in the runtime garden cluster.

      policy
      github.com/gardener/gardener/pkg/apis/core/v1beta1.ControllerDeploymentPolicy
      (Optional)

      Policy controls how the controller is deployed. It defaults to ‘OnDemand’.

      seedSelector
      Kubernetes meta/v1.LabelSelector
      (Optional)

      SeedSelector contains an optional label selector for seeds. Only if the labels match then this controller will be considered for a deployment. An empty list means that all seeds are selected.

      ExtensionHelm

      (Appears on: DeploymentSpec)

      ExtensionHelm is the configuration for a helm deployment.

      FieldDescription
      ociRepository
      github.com/gardener/gardener/pkg/apis/core/v1.OCIRepository
      (Optional)

      OCIRepository defines where to pull the chart from.

      ExtensionSpec

      (Appears on: Extension)

      ExtensionSpec contains the specification of a Gardener extension.

      FieldDescription
      resources
      []github.com/gardener/gardener/pkg/apis/core/v1beta1.ControllerResource
      (Optional)

      Resources is a list of combinations of kinds (DNSRecord, Backupbucket, …) and their actual types (aws-route53, gcp).

      deployment
      Deployment
      (Optional)

      Deployment contains deployment configuration for an extension and it’s admission controller.

      ExtensionStatus

      (Appears on: Extension)

      ExtensionStatus is the status of a Gardener extension.

      FieldDescription
      observedGeneration
      int64
      (Optional)

      ObservedGeneration is the most recent generation observed for this resource.

      conditions
      []github.com/gardener/gardener/pkg/apis/core/v1beta1.Condition
      (Optional)

      Conditions represents the latest available observations of an Extension’s current state.

      providerStatus
      k8s.io/apimachinery/pkg/runtime.RawExtension
      (Optional)

      ProviderStatus contains type-specific status.

      Garden

      Garden describes a list of gardens.

      FieldDescription
      metadata
      Kubernetes meta/v1.ObjectMeta

      Standard object metadata.

      Refer to the Kubernetes API documentation for the fields of the metadata field.
      spec
      GardenSpec

      Spec contains the specification of this garden.



      dns
      DNSManagement
      (Optional)

      DNS contains specifications of DNS providers.

      runtimeCluster
      RuntimeCluster

      RuntimeCluster contains configuration for the runtime cluster.

      virtualCluster
      VirtualCluster

      VirtualCluster contains configuration for the virtual cluster.

      status
      GardenStatus

      Status contains the status of this garden.

      GardenSpec

      (Appears on: Garden)

      GardenSpec contains the specification of a garden environment.

      FieldDescription
      dns
      DNSManagement
      (Optional)

      DNS contains specifications of DNS providers.

      runtimeCluster
      RuntimeCluster

      RuntimeCluster contains configuration for the runtime cluster.

      virtualCluster
      VirtualCluster

      VirtualCluster contains configuration for the virtual cluster.

      GardenStatus

      (Appears on: Garden)

      GardenStatus is the status of a garden environment.

      FieldDescription
      gardener
      github.com/gardener/gardener/pkg/apis/core/v1beta1.Gardener
      (Optional)

      Gardener holds information about the Gardener which last acted on the Garden.

      conditions
      []github.com/gardener/gardener/pkg/apis/core/v1beta1.Condition

      Conditions is a list of conditions.

      lastOperation
      github.com/gardener/gardener/pkg/apis/core/v1beta1.LastOperation
      (Optional)

      LastOperation holds information about the last operation on the Garden.

      observedGeneration
      int64

      ObservedGeneration is the most recent generation observed for this resource.

      credentials
      Credentials
      (Optional)

      Credentials contains information about the virtual garden cluster credentials.

      encryptedResources
      []string
      (Optional)

      EncryptedResources is the list of resources which are currently encrypted in the virtual garden by the virtual kube-apiserver. Resources which are encrypted by default will not appear here. See https://github.com/gardener/gardener/blob/master/docs/concepts/operator.md#etcd-encryption-config for more details.

      Gardener

      (Appears on: VirtualCluster)

      Gardener contains the configuration settings for the Gardener components.

      FieldDescription
      clusterIdentity
      string

      ClusterIdentity is the identity of the garden cluster. This field is immutable.

      gardenerAPIServer
      GardenerAPIServerConfig
      (Optional)

      APIServer contains configuration settings for the gardener-apiserver.

      gardenerAdmissionController
      GardenerAdmissionControllerConfig
      (Optional)

      AdmissionController contains configuration settings for the gardener-admission-controller.

      gardenerControllerManager
      GardenerControllerManagerConfig
      (Optional)

      ControllerManager contains configuration settings for the gardener-controller-manager.

      gardenerScheduler
      GardenerSchedulerConfig
      (Optional)

      Scheduler contains configuration settings for the gardener-scheduler.

      gardenerDashboard
      GardenerDashboardConfig
      (Optional)

      Dashboard contains configuration settings for the gardener-dashboard.

      gardenerDiscoveryServer
      GardenerDiscoveryServerConfig
      (Optional)

      DiscoveryServer contains configuration settings for the gardener-discovery-server.

      GardenerAPIServerConfig

      (Appears on: Gardener)

      GardenerAPIServerConfig contains configuration settings for the gardener-apiserver.

      FieldDescription
      KubernetesConfig
      github.com/gardener/gardener/pkg/apis/core/v1beta1.KubernetesConfig

      (Members of KubernetesConfig are embedded into this type.)

      admissionPlugins
      []github.com/gardener/gardener/pkg/apis/core/v1beta1.AdmissionPlugin
      (Optional)

      AdmissionPlugins contains the list of user-defined admission plugins (additional to those managed by Gardener), and, if desired, the corresponding configuration.

      auditConfig
      github.com/gardener/gardener/pkg/apis/core/v1beta1.AuditConfig
      (Optional)

      AuditConfig contains configuration settings for the audit of the kube-apiserver.

      auditWebhook
      AuditWebhook
      (Optional)

      AuditWebhook contains settings related to an audit webhook configuration.

      logging
      github.com/gardener/gardener/pkg/apis/core/v1beta1.APIServerLogging
      (Optional)

      Logging contains configuration for the log level and HTTP access logs.

      requests
      github.com/gardener/gardener/pkg/apis/core/v1beta1.APIServerRequests
      (Optional)

      Requests contains configuration for request-specific settings for the kube-apiserver.

      watchCacheSizes
      github.com/gardener/gardener/pkg/apis/core/v1beta1.WatchCacheSizes
      (Optional)

      WatchCacheSizes contains configuration of the API server’s watch cache sizes. Configuring these flags might be useful for large-scale Garden clusters with a lot of parallel update requests and a lot of watching controllers (e.g. large ManagedSeed clusters). When the API server’s watch cache’s capacity is too small to cope with the amount of update requests and watchers for a particular resource, it might happen that controller watches are permanently stopped with too old resource version errors. Starting from kubernetes v1.19, the API server’s watch cache size is adapted dynamically and setting the watch cache size flags will have no effect, except when setting it to 0 (which disables the watch cache).

      encryptionConfig
      github.com/gardener/gardener/pkg/apis/core/v1beta1.EncryptionConfig
      (Optional)

      EncryptionConfig contains customizable encryption configuration of the Gardener API server.

      GardenerAdmissionControllerConfig

      (Appears on: Gardener)

      GardenerAdmissionControllerConfig contains configuration settings for the gardener-admission-controller.

      FieldDescription
      logLevel
      string
      (Optional)

      LogLevel is the configured log level for the gardener-admission-controller. Must be one of [info,debug,error]. Defaults to info.

      resourceAdmissionConfiguration
      ResourceAdmissionConfiguration
      (Optional)

      ResourceAdmissionConfiguration is the configuration for resource size restrictions for arbitrary Group-Version-Kinds.

      GardenerControllerManagerConfig

      (Appears on: Gardener)

      GardenerControllerManagerConfig contains configuration settings for the gardener-controller-manager.

      FieldDescription
      KubernetesConfig
      github.com/gardener/gardener/pkg/apis/core/v1beta1.KubernetesConfig

      (Members of KubernetesConfig are embedded into this type.)

      defaultProjectQuotas
      []ProjectQuotaConfiguration
      (Optional)

      DefaultProjectQuotas is the default configuration matching projects are set up with if a quota is not already specified.

      logLevel
      string
      (Optional)

      LogLevel is the configured log level for the gardener-controller-manager. Must be one of [info,debug,error]. Defaults to info.

      GardenerDashboardConfig

      (Appears on: Gardener)

      GardenerDashboardConfig contains configuration settings for the gardener-dashboard.

      FieldDescription
      enableTokenLogin
      bool
      (Optional)

      EnableTokenLogin specifies whether it is possible to log into the dashboard with a JWT token. If disabled, OIDC must be configured.

      frontendConfigMapRef
      Kubernetes core/v1.LocalObjectReference
      (Optional)

      FrontendConfigMapRef is the reference to a ConfigMap in the garden namespace containing the frontend configuration.

      assetsConfigMapRef
      Kubernetes core/v1.LocalObjectReference
      (Optional)

      AssetsConfigMapRef is the reference to a ConfigMap in the garden namespace containing the assets (logos/icons).

      gitHub
      DashboardGitHub
      (Optional)

      GitHub contains configuration for the GitHub ticketing feature.

      logLevel
      string
      (Optional)

      LogLevel is the configured log level. Must be one of [trace,debug,info,warn,error]. Defaults to info.

      oidcConfig
      DashboardOIDC
      (Optional)

      OIDC contains configuration for the OIDC provider. This field must be provided when EnableTokenLogin is false.

      terminal
      DashboardTerminal
      (Optional)

      Terminal contains configuration for the terminal settings.

      GardenerDiscoveryServerConfig

      (Appears on: Gardener)

      GardenerDiscoveryServerConfig contains configuration settings for the gardener-discovery-server.

      GardenerSchedulerConfig

      (Appears on: Gardener)

      GardenerSchedulerConfig contains configuration settings for the gardener-scheduler.

      FieldDescription
      KubernetesConfig
      github.com/gardener/gardener/pkg/apis/core/v1beta1.KubernetesConfig

      (Members of KubernetesConfig are embedded into this type.)

      logLevel
      string
      (Optional)

      LogLevel is the configured log level for the gardener-scheduler. Must be one of [info,debug,error]. Defaults to info.

      GroupResource

      (Appears on: KubeAPIServerConfig)

      GroupResource contains a list of resources which should be stored in etcd-events instead of etcd-main.

      FieldDescription
      group
      string

      Group is the API group name.

      resource
      string

      Resource is the resource name.

      HighAvailability

      (Appears on: ControlPlane)

      HighAvailability specifies the configuration settings for high availability for a resource.

      Ingress

      (Appears on: RuntimeCluster)

      Ingress configures the Ingress specific settings of the runtime cluster.

      FieldDescription
      domains
      []DNSDomain

      Domains specify the ingress domains of the cluster pointing to the ingress controller endpoint. They will be used to construct ingress URLs for system applications running in runtime cluster.

      controller
      github.com/gardener/gardener/pkg/apis/core/v1beta1.IngressController

      Controller configures a Gardener managed Ingress Controller listening on the ingressDomain.

      KubeAPIServerConfig

      (Appears on: Kubernetes)

      KubeAPIServerConfig contains configuration settings for the kube-apiserver.

      FieldDescription
      KubeAPIServerConfig
      github.com/gardener/gardener/pkg/apis/core/v1beta1.KubeAPIServerConfig

      (Members of KubeAPIServerConfig are embedded into this type.)

      (Optional)

      KubeAPIServerConfig contains all configuration values not specific to the virtual garden cluster.

      auditWebhook
      AuditWebhook
      (Optional)

      AuditWebhook contains settings related to an audit webhook configuration.

      authentication
      Authentication
      (Optional)

      Authentication contains settings related to authentication.

      resourcesToStoreInETCDEvents
      []GroupResource
      (Optional)

      ResourcesToStoreInETCDEvents contains a list of resources which should be stored in etcd-events instead of etcd-main. The ‘events’ resource is always stored in etcd-events. Note that adding or removing resources from this list will not migrate them automatically from the etcd-main to etcd-events or vice versa.

      sni
      SNI
      (Optional)

      SNI contains configuration options for the TLS SNI settings.

      KubeControllerManagerConfig

      (Appears on: Kubernetes)

      KubeControllerManagerConfig contains configuration settings for the kube-controller-manager.

      FieldDescription
      KubeControllerManagerConfig
      github.com/gardener/gardener/pkg/apis/core/v1beta1.KubeControllerManagerConfig

      (Members of KubeControllerManagerConfig are embedded into this type.)

      (Optional)

      KubeControllerManagerConfig contains all configuration values not specific to the virtual garden cluster.

      certificateSigningDuration
      Kubernetes meta/v1.Duration
      (Optional)

      CertificateSigningDuration is the maximum length of duration signed certificates will be given. Individual CSRs may request shorter certs by setting spec.expirationSeconds.

      Kubernetes

      (Appears on: VirtualCluster)

      Kubernetes contains the version and configuration options for the Kubernetes components of the virtual garden cluster.

      FieldDescription
      kubeAPIServer
      KubeAPIServerConfig
      (Optional)

      KubeAPIServer contains configuration settings for the kube-apiserver.

      kubeControllerManager
      KubeControllerManagerConfig
      (Optional)

      KubeControllerManager contains configuration settings for the kube-controller-manager.

      version
      string

      Version is the semantic Kubernetes version to use for the virtual garden cluster.

      Maintenance

      (Appears on: VirtualCluster)

      Maintenance contains information about the time window for maintenance operations.

      FieldDescription
      timeWindow
      github.com/gardener/gardener/pkg/apis/core/v1beta1.MaintenanceTimeWindow

      TimeWindow contains information about the time window for maintenance operations.

      Networking

      (Appears on: VirtualCluster)

      Networking defines networking parameters for the virtual garden cluster.

      FieldDescription
      services
      string

      Services is the CIDR of the service network. This field is immutable.

      ProjectQuotaConfiguration

      (Appears on: GardenerControllerManagerConfig)

      ProjectQuotaConfiguration defines quota configurations.

      FieldDescription
      config
      k8s.io/apimachinery/pkg/runtime.RawExtension

      Config is the quota specification used for the project set-up. Only v1.ResourceQuota resources are supported.

      projectSelector
      Kubernetes meta/v1.LabelSelector
      (Optional)

      ProjectSelector is an optional setting to select the projects considered for quotas. Defaults to empty LabelSelector, which matches all projects.

      Provider

      (Appears on: RuntimeCluster)

      Provider defines the provider-specific information for this cluster.

      FieldDescription
      region
      string
      (Optional)

      Region is the region the cluster is deployed to.

      zones
      []string
      (Optional)

      Zones is the list of availability zones the cluster is deployed to.

      ResourceAdmissionConfiguration

      (Appears on: GardenerAdmissionControllerConfig)

      ResourceAdmissionConfiguration contains settings about arbitrary kinds and the size each resource should have at most.

      FieldDescription
      limits
      []ResourceLimit

      Limits contains configuration for resources which are subjected to size limitations.

      unrestrictedSubjects
      []Kubernetes rbac/v1.Subject
      (Optional)

      UnrestrictedSubjects contains references to users, groups, or service accounts which aren’t subjected to any resource size limit.

      operationMode
      ResourceAdmissionWebhookMode
      (Optional)

      OperationMode specifies the mode the webhooks operates in. Allowed values are “block” and “log”. Defaults to “block”.

      ResourceAdmissionWebhookMode (string alias)

      (Appears on: ResourceAdmissionConfiguration)

      ResourceAdmissionWebhookMode is an alias type for the resource admission webhook mode.

      ResourceLimit

      (Appears on: ResourceAdmissionConfiguration)

      ResourceLimit contains settings about a kind and the size each resource should have at most.

      FieldDescription
      apiGroups
      []string
      (Optional)

      APIGroups is the name of the APIGroup that contains the limited resource. WildcardAll represents all groups.

      apiVersions
      []string
      (Optional)

      APIVersions is the version of the resource. WildcardAll represents all versions.

      resources
      []string

      Resources is the name of the resource this rule applies to. WildcardAll represents all resources.

      size
      k8s.io/apimachinery/pkg/api/resource.Quantity

      Size specifies the imposed limit.

      RuntimeCluster

      (Appears on: GardenSpec)

      RuntimeCluster contains configuration for the runtime cluster.

      FieldDescription
      ingress
      Ingress

      Ingress configures Ingress specific settings for the Garden cluster.

      networking
      RuntimeNetworking

      Networking defines the networking configuration of the runtime cluster.

      provider
      Provider

      Provider defines the provider-specific information for this cluster.

      settings
      Settings
      (Optional)

      Settings contains certain settings for this cluster.

      volume
      Volume
      (Optional)

      Volume contains settings for persistent volumes created in the runtime cluster.

      RuntimeNetworking

      (Appears on: RuntimeCluster)

      RuntimeNetworking defines the networking configuration of the runtime cluster.

      FieldDescription
      nodes
      string
      (Optional)

      Nodes is the CIDR of the node network. This field is immutable.

      pods
      string

      Pods is the CIDR of the pod network. This field is immutable.

      services
      string

      Services is the CIDR of the service network. This field is immutable.

      blockCIDRs
      []string
      (Optional)

      BlockCIDRs is a list of network addresses that should be blocked.

      SNI

      (Appears on: KubeAPIServerConfig)

      SNI contains configuration options for the TLS SNI settings.

      FieldDescription
      secretName
      string

      SecretName is the name of a secret containing the TLS certificate and private key.

      domainPatterns
      []string
      (Optional)

      DomainPatterns is a list of fully qualified domain names, possibly with prefixed wildcard segments. The domain patterns also allow IP addresses, but IPs should only be used if the apiserver has visibility to the IP address requested by a client. If no domain patterns are provided, the names of the certificate are extracted. Non-wildcard matches trump over wildcard matches, explicit domain patterns trump over extracted names.

      SettingLoadBalancerServices

      (Appears on: Settings)

      SettingLoadBalancerServices controls certain settings for services of type load balancer that are created in the runtime cluster.

      FieldDescription
      annotations
      map[string]string
      (Optional)

      Annotations is a map of annotations that will be injected/merged into every load balancer service object.

      SettingTopologyAwareRouting

      (Appears on: Settings)

      SettingTopologyAwareRouting controls certain settings for topology-aware traffic routing in the cluster. See https://github.com/gardener/gardener/blob/master/docs/operations/topology_aware_routing.md.

      FieldDescription
      enabled
      bool

      Enabled controls whether certain Services deployed in the cluster should be topology-aware. These Services are virtual-garden-etcd-main-client, virtual-garden-etcd-events-client and virtual-garden-kube-apiserver. Additionally, other components that are deployed to the runtime cluster via other means can read this field and according to its value enable/disable topology-aware routing for their Services.

      SettingVerticalPodAutoscaler

      (Appears on: Settings)

      SettingVerticalPodAutoscaler controls certain settings for the vertical pod autoscaler components deployed in the seed.

      FieldDescription
      enabled
      bool
      (Optional)

      Enabled controls whether the VPA components shall be deployed into this cluster. It is true by default because the operator (and Gardener) heavily rely on a VPA being deployed. You should only disable this if your runtime cluster already has another, manually/custom managed VPA deployment. If this is not the case, but you still disable it, then reconciliation will fail.

      Settings

      (Appears on: RuntimeCluster)

      Settings contains certain settings for this cluster.

      FieldDescription
      loadBalancerServices
      SettingLoadBalancerServices
      (Optional)

      LoadBalancerServices controls certain settings for services of type load balancer that are created in the runtime cluster.

      verticalPodAutoscaler
      SettingVerticalPodAutoscaler
      (Optional)

      VerticalPodAutoscaler controls certain settings for the vertical pod autoscaler components deployed in the cluster.

      topologyAwareRouting
      SettingTopologyAwareRouting
      (Optional)

      TopologyAwareRouting controls certain settings for topology-aware traffic routing in the cluster. See https://github.com/gardener/gardener/blob/master/docs/operations/topology_aware_routing.md.

      Storage

      (Appears on: ETCDEvents, ETCDMain)

      Storage contains storage configuration.

      FieldDescription
      capacity
      k8s.io/apimachinery/pkg/api/resource.Quantity
      (Optional)

      Capacity is the storage capacity for the volumes.

      className
      string
      (Optional)

      ClassName is the name of a storage class.

      VirtualCluster

      (Appears on: GardenSpec)

      VirtualCluster contains configuration for the virtual cluster.

      FieldDescription
      controlPlane
      ControlPlane
      (Optional)

      ControlPlane holds information about the general settings for the control plane of the virtual cluster.

      dns
      DNS

      DNS holds information about DNS settings.

      etcd
      ETCD
      (Optional)

      ETCD contains configuration for the etcds of the virtual garden cluster.

      gardener
      Gardener

      Gardener contains the configuration options for the Gardener control plane components.

      kubernetes
      Kubernetes

      Kubernetes contains the version and configuration options for the Kubernetes components of the virtual garden cluster.

      maintenance
      Maintenance

      Maintenance contains information about the time window for maintenance operations.

      networking
      Networking

      Networking contains information about cluster networking such as CIDRs, etc.

      Volume

      (Appears on: RuntimeCluster)

      Volume contains settings for persistent volumes created in the runtime cluster.

      FieldDescription
      minimumSize
      k8s.io/apimachinery/pkg/api/resource.Quantity
      (Optional)

      MinimumSize defines the minimum size that should be used for PVCs in the runtime cluster.

      WorkloadIdentityKeyRotation

      (Appears on: CredentialsRotation)

      WorkloadIdentityKeyRotation contains information about the workload identity key credential rotation.

      FieldDescription
      phase
      github.com/gardener/gardener/pkg/apis/core/v1beta1.CredentialsRotationPhase

      Phase describes the phase of the workload identity key credential rotation.

      lastCompletionTime
      Kubernetes meta/v1.Time
      (Optional)

      LastCompletionTime is the most recent time when the workload identity key credential rotation was successfully completed.

      lastInitiationTime
      Kubernetes meta/v1.Time
      (Optional)

      LastInitiationTime is the most recent time when the workload identity key credential rotation was initiated.

      lastInitiationFinishedTime
      Kubernetes meta/v1.Time
      (Optional)

      LastInitiationFinishedTime is the recent time when the workload identity key credential rotation initiation was completed.

      lastCompletionTriggeredTime
      Kubernetes meta/v1.Time
      (Optional)

      LastCompletionTriggeredTime is the recent time when the workload identity key credential rotation completion was triggered.


      Generated with gen-crd-api-reference-docs

      7 - Provider Local

      Packages:

      local.provider.extensions.gardener.cloud/v1alpha1

      Package v1alpha1 contains the local provider API resources.

      Resource Types:

      CloudProfileConfig

      CloudProfileConfig contains provider-specific configuration that is embedded into Gardener’s CloudProfile resource.

      FieldDescription
      apiVersion
      string
      local.provider.extensions.gardener.cloud/v1alpha1
      kind
      string
      CloudProfileConfig
      machineImages
      []MachineImages

      MachineImages is the list of machine images that are understood by the controller. It maps logical names and versions to provider-specific identifiers.

      WorkerStatus

      WorkerStatus contains information about created worker resources.

      FieldDescription
      apiVersion
      string
      local.provider.extensions.gardener.cloud/v1alpha1
      kind
      string
      WorkerStatus
      machineImages
      []MachineImage
      (Optional)

      MachineImages is a list of machine images that have been used in this worker. Usually, the extension controller gets the mapping from name/version to the provider-specific machine image data from the CloudProfile. However, if a version that is still in use gets removed from this componentconfig it cannot reconcile anymore existing Worker resources that are still using this version. Hence, it stores the used versions in the provider status to ensure reconciliation is possible.

      MachineImage

      (Appears on: WorkerStatus)

      MachineImage is a mapping from logical names and versions to provider-specific machine image data.

      FieldDescription
      name
      string

      Name is the logical name of the machine image.

      version
      string

      Version is the logical version of the machine image.

      image
      string

      Image is the image for the machine image.

      MachineImageVersion

      (Appears on: MachineImages)

      MachineImageVersion contains a version and a provider-specific identifier.

      FieldDescription
      version
      string

      Version is the version of the image.

      image
      string

      Image is the image for the machine image.

      MachineImages

      (Appears on: CloudProfileConfig)

      MachineImages is a mapping from logical names and versions to provider-specific identifiers.

      FieldDescription
      name
      string

      Name is the logical name of the machine image.

      versions
      []MachineImageVersion

      Versions contains versions and a provider-specific identifier.


      Generated with gen-crd-api-reference-docs

      8 - Resources

      Packages:

      resources.gardener.cloud/v1alpha1

      Package v1alpha1 contains the configuration of the Gardener Resource Manager.

      Resource Types:

        ManagedResource

        ManagedResource describes a list of managed resources.

        FieldDescription
        metadata
        Kubernetes meta/v1.ObjectMeta

        Standard object metadata.

        Refer to the Kubernetes API documentation for the fields of the metadata field.
        spec
        ManagedResourceSpec

        Spec contains the specification of this managed resource.



        class
        string
        (Optional)

        Class holds the resource class used to control the responsibility for multiple resource manager instances

        secretRefs
        []Kubernetes core/v1.LocalObjectReference

        SecretRefs is a list of secret references.

        injectLabels
        map[string]string
        (Optional)

        InjectLabels injects the provided labels into every resource that is part of the referenced secrets.

        forceOverwriteLabels
        bool
        (Optional)

        ForceOverwriteLabels specifies that all existing labels should be overwritten. Defaults to false.

        forceOverwriteAnnotations
        bool
        (Optional)

        ForceOverwriteAnnotations specifies that all existing annotations should be overwritten. Defaults to false.

        keepObjects
        bool
        (Optional)

        KeepObjects specifies whether the objects should be kept although the managed resource has already been deleted. Defaults to false.

        equivalences
        [][]k8s.io/apimachinery/pkg/apis/meta/v1.GroupKind
        (Optional)

        Equivalences specifies possible group/kind equivalences for objects.

        deletePersistentVolumeClaims
        bool
        (Optional)

        DeletePersistentVolumeClaims specifies if PersistentVolumeClaims created by StatefulSets, which are managed by this resource, should also be deleted when the corresponding StatefulSet is deleted (defaults to false).

        status
        ManagedResourceStatus

        Status contains the status of this managed resource.

        ManagedResourceSpec

        (Appears on: ManagedResource)

        ManagedResourceSpec contains the specification of this managed resource.

        FieldDescription
        class
        string
        (Optional)

        Class holds the resource class used to control the responsibility for multiple resource manager instances

        secretRefs
        []Kubernetes core/v1.LocalObjectReference

        SecretRefs is a list of secret references.

        injectLabels
        map[string]string
        (Optional)

        InjectLabels injects the provided labels into every resource that is part of the referenced secrets.

        forceOverwriteLabels
        bool
        (Optional)

        ForceOverwriteLabels specifies that all existing labels should be overwritten. Defaults to false.

        forceOverwriteAnnotations
        bool
        (Optional)

        ForceOverwriteAnnotations specifies that all existing annotations should be overwritten. Defaults to false.

        keepObjects
        bool
        (Optional)

        KeepObjects specifies whether the objects should be kept although the managed resource has already been deleted. Defaults to false.

        equivalences
        [][]k8s.io/apimachinery/pkg/apis/meta/v1.GroupKind
        (Optional)

        Equivalences specifies possible group/kind equivalences for objects.

        deletePersistentVolumeClaims
        bool
        (Optional)

        DeletePersistentVolumeClaims specifies if PersistentVolumeClaims created by StatefulSets, which are managed by this resource, should also be deleted when the corresponding StatefulSet is deleted (defaults to false).

        ManagedResourceStatus

        (Appears on: ManagedResource)

        ManagedResourceStatus is the status of a managed resource.

        FieldDescription
        conditions
        []github.com/gardener/gardener/pkg/apis/core/v1beta1.Condition
        observedGeneration
        int64

        ObservedGeneration is the most recent generation observed for this resource.

        resources
        []ObjectReference
        (Optional)

        Resources is a list of objects that have been created.

        secretsDataChecksum
        string
        (Optional)

        SecretsDataChecksum is the checksum of referenced secrets data.

        ObjectReference

        (Appears on: ManagedResourceStatus)

        ObjectReference is a reference to another object.

        FieldDescription
        ObjectReference
        Kubernetes core/v1.ObjectReference

        (Members of ObjectReference are embedded into this type.)

        labels
        map[string]string

        Labels is a map of labels that were used during last update of the resource.

        annotations
        map[string]string

        Annotations is a map of annotations that were used during last update of the resource.


        Generated with gen-crd-api-reference-docs

        9 - Security

        Packages:

        security.gardener.cloud/v1alpha1

        Package v1alpha1 is a version of the API.

        Resource Types:

        CredentialsBinding

        CredentialsBinding represents a binding to credentials in the same or another namespace.

        FieldDescription
        apiVersion
        string
        security.gardener.cloud/v1alpha1
        kind
        string
        CredentialsBinding
        metadata
        Kubernetes meta/v1.ObjectMeta
        (Optional)

        Standard object metadata.

        Refer to the Kubernetes API documentation for the fields of the metadata field.
        provider
        CredentialsBindingProvider

        Provider defines the provider type of the CredentialsBinding. This field is immutable.

        credentialsRef
        Kubernetes core/v1.ObjectReference

        CredentialsRef is a reference to a resource holding the credentials. Accepted resources are core/v1.Secret and security.gardener.cloud/v1alpha1.WorkloadIdentity This field is immutable.

        quotas
        []Kubernetes core/v1.ObjectReference
        (Optional)

        Quotas is a list of references to Quota objects in the same or another namespace. This field is immutable.

        WorkloadIdentity

        WorkloadIdentity is resource that allows workloads to be presented before external systems by giving them identities managed by the Gardener API server. The identity of such workload is represented by JSON Web Token issued by the Gardener API server. Workload identities are designed to be used by components running in the Gardener environment, seed or runtime cluster, that make use of identity federation inspired by the OIDC protocol.

        FieldDescription
        apiVersion
        string
        security.gardener.cloud/v1alpha1
        kind
        string
        WorkloadIdentity
        metadata
        Kubernetes meta/v1.ObjectMeta
        (Optional)

        Standard object metadata.

        Refer to the Kubernetes API documentation for the fields of the metadata field.
        spec
        WorkloadIdentitySpec

        Spec configures the JSON Web Token issued by the Gardener API server.



        audiences
        []string

        Audiences specify the list of recipients that the JWT is intended for. The values of this field will be set in the ‘aud’ claim.

        targetSystem
        TargetSystem

        TargetSystem represents specific configurations for the system that will accept the JWTs.

        status
        WorkloadIdentityStatus

        Status contain the latest observed status of the WorkloadIdentity.

        ContextObject

        (Appears on: TokenRequestSpec)

        ContextObject identifies the object the token is requested for.

        FieldDescription
        kind
        string

        Kind of the object the token is requested for. Valid kinds are ‘Shoot’, ‘Seed’, etc.

        apiVersion
        string

        API version of the object the token is requested for.

        name
        string

        Name of the object the token is requested for.

        namespace
        string
        (Optional)

        Namespace of the object the token is requested for.

        uid
        k8s.io/apimachinery/pkg/types.UID

        UID of the object the token is requested for.

        CredentialsBindingProvider

        (Appears on: CredentialsBinding)

        CredentialsBindingProvider defines the provider type of the CredentialsBinding.

        FieldDescription
        type
        string

        Type is the type of the provider.

        TargetSystem

        (Appears on: WorkloadIdentitySpec)

        TargetSystem represents specific configurations for the system that will accept the JWTs.

        FieldDescription
        type
        string

        Type is the type of the target system.

        providerConfig
        k8s.io/apimachinery/pkg/runtime.RawExtension
        (Optional)

        ProviderConfig is the configuration passed to extension resource.

        TokenRequest

        TokenRequest is a resource that is used to request WorkloadIdentity tokens.

        FieldDescription
        metadata
        Kubernetes meta/v1.ObjectMeta

        Standard object metadata.

        Refer to the Kubernetes API documentation for the fields of the metadata field.
        spec
        TokenRequestSpec

        Spec holds configuration settings for the requested token.



        contextObject
        ContextObject
        (Optional)

        ContextObject identifies the object the token is requested for.

        expirationSeconds
        int64
        (Optional)

        ExpirationSeconds specifies for how long the requested token should be valid.

        status
        TokenRequestStatus

        Status bears the issued token with additional information back to the client.

        TokenRequestSpec

        (Appears on: TokenRequest)

        TokenRequestSpec holds configuration settings for the requested token.

        FieldDescription
        contextObject
        ContextObject
        (Optional)

        ContextObject identifies the object the token is requested for.

        expirationSeconds
        int64
        (Optional)

        ExpirationSeconds specifies for how long the requested token should be valid.

        TokenRequestStatus

        (Appears on: TokenRequest)

        TokenRequestStatus bears the issued token with additional information back to the client.

        FieldDescription
        token
        string

        Token is the issued token.

        expirationTimestamp
        Kubernetes meta/v1.Time

        ExpirationTimestamp is the time of expiration of the returned token.

        WorkloadIdentitySpec

        (Appears on: WorkloadIdentity)

        WorkloadIdentitySpec configures the JSON Web Token issued by the Gardener API server.

        FieldDescription
        audiences
        []string

        Audiences specify the list of recipients that the JWT is intended for. The values of this field will be set in the ‘aud’ claim.

        targetSystem
        TargetSystem

        TargetSystem represents specific configurations for the system that will accept the JWTs.

        WorkloadIdentityStatus

        (Appears on: WorkloadIdentity)

        WorkloadIdentityStatus contain the latest observed status of the WorkloadIdentity.

        FieldDescription
        sub
        string

        Sub contains the computed value of the subject that is going to be set in JWTs ‘sub’ claim.


        Generated with gen-crd-api-reference-docs

        10 - Seedmanagement

        Packages:

        seedmanagement.gardener.cloud/v1alpha1

        Package v1alpha1 is a version of the API.

        Resource Types:

        Gardenlet

        Gardenlet represents a Gardenlet configuration for an unmanaged seed.

        FieldDescription
        apiVersion
        string
        seedmanagement.gardener.cloud/v1alpha1
        kind
        string
        Gardenlet
        metadata
        Kubernetes meta/v1.ObjectMeta
        (Optional)

        Standard object metadata.

        Refer to the Kubernetes API documentation for the fields of the metadata field.
        spec
        GardenletSpec
        (Optional)

        Specification of the Gardenlet.



        deployment
        GardenletSelfDeployment

        Deployment specifies certain gardenlet deployment parameters, such as the number of replicas, the image, etc.

        config
        k8s.io/apimachinery/pkg/runtime.RawExtension
        (Optional)

        Config is the GardenletConfiguration used to configure gardenlet.

        kubeconfigSecretRef
        Kubernetes core/v1.LocalObjectReference
        (Optional)

        KubeconfigSecretRef is a reference to a secret containing a kubeconfig for the cluster to which gardenlet should be deployed. This is only used by gardener-operator for a very first gardenlet deployment. After that, gardenlet will continuously upgrade itself. If this field is empty, gardener-operator deploys it into its own runtime cluster.

        status
        GardenletStatus
        (Optional)

        Most recently observed status of the Gardenlet.

        ManagedSeed

        ManagedSeed represents a Shoot that is registered as Seed.

        FieldDescription
        apiVersion
        string
        seedmanagement.gardener.cloud/v1alpha1
        kind
        string
        ManagedSeed
        metadata
        Kubernetes meta/v1.ObjectMeta
        (Optional)

        Standard object metadata.

        Refer to the Kubernetes API documentation for the fields of the metadata field.
        spec
        ManagedSeedSpec
        (Optional)

        Specification of the ManagedSeed.



        shoot
        Shoot
        (Optional)

        Shoot references a Shoot that should be registered as Seed. This field is immutable.

        gardenlet
        GardenletConfig

        Gardenlet specifies that the ManagedSeed controller should deploy a gardenlet into the cluster with the given deployment parameters and GardenletConfiguration.

        status
        ManagedSeedStatus
        (Optional)

        Most recently observed status of the ManagedSeed.

        ManagedSeedSet

        ManagedSeedSet represents a set of identical ManagedSeeds.

        FieldDescription
        apiVersion
        string
        seedmanagement.gardener.cloud/v1alpha1
        kind
        string
        ManagedSeedSet
        metadata
        Kubernetes meta/v1.ObjectMeta
        (Optional)

        Standard object metadata.

        Refer to the Kubernetes API documentation for the fields of the metadata field.
        spec
        ManagedSeedSetSpec
        (Optional)

        Spec defines the desired identities of ManagedSeeds and Shoots in this set.



        replicas
        int32
        (Optional)

        Replicas is the desired number of replicas of the given Template. Defaults to 1.

        selector
        Kubernetes meta/v1.LabelSelector

        Selector is a label query over ManagedSeeds and Shoots that should match the replica count. It must match the ManagedSeeds and Shoots template’s labels. This field is immutable.

        template
        ManagedSeedTemplate

        Template describes the ManagedSeed that will be created if insufficient replicas are detected. Each ManagedSeed created / updated by the ManagedSeedSet will fulfill this template.

        shootTemplate
        github.com/gardener/gardener/pkg/apis/core/v1beta1.ShootTemplate

        ShootTemplate describes the Shoot that will be created if insufficient replicas are detected for hosting the corresponding ManagedSeed. Each Shoot created / updated by the ManagedSeedSet will fulfill this template.

        updateStrategy
        UpdateStrategy
        (Optional)

        UpdateStrategy specifies the UpdateStrategy that will be employed to update ManagedSeeds / Shoots in the ManagedSeedSet when a revision is made to Template / ShootTemplate.

        revisionHistoryLimit
        int32
        (Optional)

        RevisionHistoryLimit is the maximum number of revisions that will be maintained in the ManagedSeedSet’s revision history. Defaults to 10. This field is immutable.

        status
        ManagedSeedSetStatus
        (Optional)

        Status is the current status of ManagedSeeds and Shoots in this ManagedSeedSet.

        Bootstrap (string alias)

        (Appears on: GardenletConfig)

        Bootstrap describes a mechanism for bootstrapping gardenlet connection to the Garden cluster.

        GardenletConfig

        (Appears on: ManagedSeedSpec)

        GardenletConfig specifies gardenlet deployment parameters and the GardenletConfiguration used to configure gardenlet.

        FieldDescription
        deployment
        GardenletDeployment
        (Optional)

        Deployment specifies certain gardenlet deployment parameters, such as the number of replicas, the image, etc.

        config
        k8s.io/apimachinery/pkg/runtime.RawExtension
        (Optional)

        Config is the GardenletConfiguration used to configure gardenlet.

        bootstrap
        Bootstrap
        (Optional)

        Bootstrap is the mechanism that should be used for bootstrapping gardenlet connection to the Garden cluster. One of ServiceAccount, BootstrapToken, None. If set to ServiceAccount or BootstrapToken, a service account or a bootstrap token will be created in the garden cluster and used to compute the bootstrap kubeconfig. If set to None, the gardenClientConnection.kubeconfig field will be used to connect to the Garden cluster. Defaults to BootstrapToken. This field is immutable.

        mergeWithParent
        bool
        (Optional)

        MergeWithParent specifies whether the GardenletConfiguration of the parent gardenlet should be merged with the specified GardenletConfiguration. Defaults to true. This field is immutable.

        GardenletDeployment

        (Appears on: GardenletConfig, GardenletSelfDeployment)

        GardenletDeployment specifies certain gardenlet deployment parameters, such as the number of replicas, the image, etc.

        FieldDescription
        replicaCount
        int32
        (Optional)

        ReplicaCount is the number of gardenlet replicas. Defaults to 2.

        revisionHistoryLimit
        int32
        (Optional)

        RevisionHistoryLimit is the number of old gardenlet ReplicaSets to retain to allow rollback. Defaults to 2.

        serviceAccountName
        string
        (Optional)

        ServiceAccountName is the name of the ServiceAccount to use to run gardenlet pods.

        image
        Image
        (Optional)

        Image is the gardenlet container image.

        resources
        Kubernetes core/v1.ResourceRequirements
        (Optional)

        Resources are the compute resources required by the gardenlet container.

        podLabels
        map[string]string
        (Optional)

        PodLabels are the labels on gardenlet pods.

        podAnnotations
        map[string]string
        (Optional)

        PodAnnotations are the annotations on gardenlet pods.

        additionalVolumes
        []Kubernetes core/v1.Volume
        (Optional)

        AdditionalVolumes is the list of additional volumes that should be mounted by gardenlet containers.

        additionalVolumeMounts
        []Kubernetes core/v1.VolumeMount
        (Optional)

        AdditionalVolumeMounts is the list of additional pod volumes to mount into the gardenlet container’s filesystem.

        env
        []Kubernetes core/v1.EnvVar
        (Optional)

        Env is the list of environment variables to set in the gardenlet container.

        vpa
        bool
        (Optional)

        VPA specifies whether to enable VPA for gardenlet. Defaults to true.

        Deprecated: This field is deprecated and has no effect anymore. It will be removed in the future. TODO(rfranzke): Remove this field after v1.110 has been released.

        GardenletHelm

        (Appears on: GardenletSelfDeployment)

        GardenletHelm is the Helm deployment configuration for gardenlet.

        FieldDescription
        ociRepository
        github.com/gardener/gardener/pkg/apis/core/v1.OCIRepository

        OCIRepository defines where to pull the chart.

        GardenletSelfDeployment

        (Appears on: GardenletSpec)

        GardenletSelfDeployment specifies certain gardenlet deployment parameters, such as the number of replicas, the image, etc.

        FieldDescription
        GardenletDeployment
        GardenletDeployment

        (Members of GardenletDeployment are embedded into this type.)

        (Optional)

        GardenletDeployment specifies common gardenlet deployment parameters.

        helm
        GardenletHelm

        Helm is the Helm deployment configuration.

        imageVectorOverwrite
        string
        (Optional)

        ImageVectorOverwrite is the image vector overwrite for the components deployed by this gardenlet.

        componentImageVectorOverwrite
        string
        (Optional)

        ComponentImageVectorOverwrite is the component image vector overwrite for the components deployed by this gardenlet.

        GardenletSpec

        (Appears on: Gardenlet)

        GardenletSpec specifies gardenlet deployment parameters and the configuration used to configure gardenlet.

        FieldDescription
        deployment
        GardenletSelfDeployment

        Deployment specifies certain gardenlet deployment parameters, such as the number of replicas, the image, etc.

        config
        k8s.io/apimachinery/pkg/runtime.RawExtension
        (Optional)

        Config is the GardenletConfiguration used to configure gardenlet.

        kubeconfigSecretRef
        Kubernetes core/v1.LocalObjectReference
        (Optional)

        KubeconfigSecretRef is a reference to a secret containing a kubeconfig for the cluster to which gardenlet should be deployed. This is only used by gardener-operator for a very first gardenlet deployment. After that, gardenlet will continuously upgrade itself. If this field is empty, gardener-operator deploys it into its own runtime cluster.

        GardenletStatus

        (Appears on: Gardenlet)

        GardenletStatus is the status of a Gardenlet.

        FieldDescription
        conditions
        []github.com/gardener/gardener/pkg/apis/core/v1beta1.Condition
        (Optional)

        Conditions represents the latest available observations of a Gardenlet’s current state.

        observedGeneration
        int64
        (Optional)

        ObservedGeneration is the most recent generation observed for this Gardenlet. It corresponds to the Gardenlet’s generation, which is updated on mutation by the API Server.

        Image

        (Appears on: GardenletDeployment)

        Image specifies container image parameters.

        FieldDescription
        repository
        string
        (Optional)

        Repository is the image repository.

        tag
        string
        (Optional)

        Tag is the image tag.

        pullPolicy
        Kubernetes core/v1.PullPolicy
        (Optional)

        PullPolicy is the image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if latest tag is specified, or IfNotPresent otherwise.

        ManagedSeedSetSpec

        (Appears on: ManagedSeedSet)

        ManagedSeedSetSpec is the specification of a ManagedSeedSet.

        FieldDescription
        replicas
        int32
        (Optional)

        Replicas is the desired number of replicas of the given Template. Defaults to 1.

        selector
        Kubernetes meta/v1.LabelSelector

        Selector is a label query over ManagedSeeds and Shoots that should match the replica count. It must match the ManagedSeeds and Shoots template’s labels. This field is immutable.

        template
        ManagedSeedTemplate

        Template describes the ManagedSeed that will be created if insufficient replicas are detected. Each ManagedSeed created / updated by the ManagedSeedSet will fulfill this template.

        shootTemplate
        github.com/gardener/gardener/pkg/apis/core/v1beta1.ShootTemplate

        ShootTemplate describes the Shoot that will be created if insufficient replicas are detected for hosting the corresponding ManagedSeed. Each Shoot created / updated by the ManagedSeedSet will fulfill this template.

        updateStrategy
        UpdateStrategy
        (Optional)

        UpdateStrategy specifies the UpdateStrategy that will be employed to update ManagedSeeds / Shoots in the ManagedSeedSet when a revision is made to Template / ShootTemplate.

        revisionHistoryLimit
        int32
        (Optional)

        RevisionHistoryLimit is the maximum number of revisions that will be maintained in the ManagedSeedSet’s revision history. Defaults to 10. This field is immutable.

        ManagedSeedSetStatus

        (Appears on: ManagedSeedSet)

        ManagedSeedSetStatus represents the current state of a ManagedSeedSet.

        FieldDescription
        observedGeneration
        int64

        ObservedGeneration is the most recent generation observed for this ManagedSeedSet. It corresponds to the ManagedSeedSet’s generation, which is updated on mutation by the API Server.

        replicas
        int32

        Replicas is the number of replicas (ManagedSeeds and their corresponding Shoots) created by the ManagedSeedSet controller.

        readyReplicas
        int32

        ReadyReplicas is the number of ManagedSeeds created by the ManagedSeedSet controller that have a Ready Condition.

        nextReplicaNumber
        int32

        NextReplicaNumber is the ordinal number that will be assigned to the next replica of the ManagedSeedSet.

        currentReplicas
        int32

        CurrentReplicas is the number of ManagedSeeds created by the ManagedSeedSet controller from the ManagedSeedSet version indicated by CurrentRevision.

        updatedReplicas
        int32

        UpdatedReplicas is the number of ManagedSeeds created by the ManagedSeedSet controller from the ManagedSeedSet version indicated by UpdateRevision.

        currentRevision
        string

        CurrentRevision, if not empty, indicates the version of the ManagedSeedSet used to generate ManagedSeeds with smaller ordinal numbers during updates.

        updateRevision
        string

        UpdateRevision, if not empty, indicates the version of the ManagedSeedSet used to generate ManagedSeeds with larger ordinal numbers during updates

        collisionCount
        int32
        (Optional)

        CollisionCount is the count of hash collisions for the ManagedSeedSet. The ManagedSeedSet controller uses this field as a collision avoidance mechanism when it needs to create the name for the newest ControllerRevision.

        conditions
        []github.com/gardener/gardener/pkg/apis/core/v1beta1.Condition
        (Optional)

        Conditions represents the latest available observations of a ManagedSeedSet’s current state.

        pendingReplica
        PendingReplica
        (Optional)

        PendingReplica, if not empty, indicates the replica that is currently pending creation, update, or deletion. This replica is in a state that requires the controller to wait for it to change before advancing to the next replica.

        ManagedSeedSpec

        (Appears on: ManagedSeed, ManagedSeedTemplate)

        ManagedSeedSpec is the specification of a ManagedSeed.

        FieldDescription
        shoot
        Shoot
        (Optional)

        Shoot references a Shoot that should be registered as Seed. This field is immutable.

        gardenlet
        GardenletConfig

        Gardenlet specifies that the ManagedSeed controller should deploy a gardenlet into the cluster with the given deployment parameters and GardenletConfiguration.

        ManagedSeedStatus

        (Appears on: ManagedSeed)

        ManagedSeedStatus is the status of a ManagedSeed.

        FieldDescription
        conditions
        []github.com/gardener/gardener/pkg/apis/core/v1beta1.Condition
        (Optional)

        Conditions represents the latest available observations of a ManagedSeed’s current state.

        observedGeneration
        int64

        ObservedGeneration is the most recent generation observed for this ManagedSeed. It corresponds to the ManagedSeed’s generation, which is updated on mutation by the API Server.

        ManagedSeedTemplate

        (Appears on: ManagedSeedSetSpec)

        ManagedSeedTemplate is a template for creating a ManagedSeed object.

        FieldDescription
        metadata
        Kubernetes meta/v1.ObjectMeta
        (Optional)

        Standard object metadata.

        Refer to the Kubernetes API documentation for the fields of the metadata field.
        spec
        ManagedSeedSpec
        (Optional)

        Specification of the desired behavior of the ManagedSeed.



        shoot
        Shoot
        (Optional)

        Shoot references a Shoot that should be registered as Seed. This field is immutable.

        gardenlet
        GardenletConfig

        Gardenlet specifies that the ManagedSeed controller should deploy a gardenlet into the cluster with the given deployment parameters and GardenletConfiguration.

        PendingReplica

        (Appears on: ManagedSeedSetStatus)

        PendingReplica contains information about a replica that is currently pending creation, update, or deletion.

        FieldDescription
        name
        string

        Name is the replica name.

        reason
        PendingReplicaReason

        Reason is the reason for the replica to be pending.

        since
        Kubernetes meta/v1.Time

        Since is the moment in time since the replica is pending with the specified reason.

        retries
        int32
        (Optional)

        Retries is the number of times the shoot operation (reconcile or delete) has been retried after having failed. Only applicable if Reason is ShootReconciling or ShootDeleting.

        PendingReplicaReason (string alias)

        (Appears on: PendingReplica)

        PendingReplicaReason is a string enumeration type that enumerates all possible reasons for a replica to be pending.

        RollingUpdateStrategy

        (Appears on: UpdateStrategy)

        RollingUpdateStrategy is used to communicate parameters for RollingUpdateStrategyType.

        FieldDescription
        partition
        int32
        (Optional)

        Partition indicates the ordinal at which the ManagedSeedSet should be partitioned. Defaults to 0.

        Shoot

        (Appears on: ManagedSeedSpec)

        Shoot identifies the Shoot that should be registered as Seed.

        FieldDescription
        name
        string

        Name is the name of the Shoot that will be registered as Seed.

        UpdateStrategy

        (Appears on: ManagedSeedSetSpec)

        UpdateStrategy specifies the strategy that the ManagedSeedSet controller will use to perform updates. It includes any additional parameters necessary to perform the update for the indicated strategy.

        FieldDescription
        type
        UpdateStrategyType
        (Optional)

        Type indicates the type of the UpdateStrategy. Defaults to RollingUpdate.

        rollingUpdate
        RollingUpdateStrategy
        (Optional)

        RollingUpdate is used to communicate parameters when Type is RollingUpdateStrategyType.

        UpdateStrategyType (string alias)

        (Appears on: UpdateStrategy)

        UpdateStrategyType is a string enumeration type that enumerates all possible update strategies for the ManagedSeedSet controller.


        Generated with gen-crd-api-reference-docs

        11 - Settings

        Packages:

        settings.gardener.cloud/v1alpha1

        Package v1alpha1 is a version of the API.

        Resource Types:

        ClusterOpenIDConnectPreset

        ClusterOpenIDConnectPreset is a OpenID Connect configuration that is applied to a Shoot objects cluster-wide.

        FieldDescription
        apiVersion
        string
        settings.gardener.cloud/v1alpha1
        kind
        string
        ClusterOpenIDConnectPreset
        metadata
        Kubernetes meta/v1.ObjectMeta

        Standard object metadata.

        Refer to the Kubernetes API documentation for the fields of the metadata field.
        spec
        ClusterOpenIDConnectPresetSpec

        Spec is the specification of this OpenIDConnect preset.



        OpenIDConnectPresetSpec
        OpenIDConnectPresetSpec

        (Members of OpenIDConnectPresetSpec are embedded into this type.)

        projectSelector
        Kubernetes meta/v1.LabelSelector
        (Optional)

        Project decides whether to apply the configuration if the Shoot is in a specific Project matching the label selector. Use the selector only if the OIDC Preset is opt-in, because end users may skip the admission by setting the labels. Defaults to the empty LabelSelector, which matches everything.

        OpenIDConnectPreset

        OpenIDConnectPreset is a OpenID Connect configuration that is applied to a Shoot in a namespace.

        FieldDescription
        apiVersion
        string
        settings.gardener.cloud/v1alpha1
        kind
        string
        OpenIDConnectPreset
        metadata
        Kubernetes meta/v1.ObjectMeta

        Standard object metadata.

        Refer to the Kubernetes API documentation for the fields of the metadata field.
        spec
        OpenIDConnectPresetSpec

        Spec is the specification of this OpenIDConnect preset.



        server
        KubeAPIServerOpenIDConnect

        Server contains the kube-apiserver’s OpenID Connect configuration. This configuration is not overwriting any existing OpenID Connect configuration already set on the Shoot object.

        client
        OpenIDConnectClientAuthentication
        (Optional)

        Client contains the configuration used for client OIDC authentication of Shoot clusters. This configuration is not overwriting any existing OpenID Connect client authentication already set on the Shoot object.

        Deprecated: The OpenID Connect configuration this field specifies is not used and will be forbidden starting from Kubernetes 1.31. It’s use was planned for genereting OIDC kubeconfig https://github.com/gardener/gardener/issues/1433 TODO(AleksandarSavchev): Drop this field after support for Kubernetes 1.30 is dropped.

        shootSelector
        Kubernetes meta/v1.LabelSelector
        (Optional)

        ShootSelector decides whether to apply the configuration if the Shoot has matching labels. Use the selector only if the OIDC Preset is opt-in, because end users may skip the admission by setting the labels. Default to the empty LabelSelector, which matches everything.

        weight
        int32

        Weight associated with matching the corresponding preset, in the range 1-100. Required.

        ClusterOpenIDConnectPresetSpec

        (Appears on: ClusterOpenIDConnectPreset)

        ClusterOpenIDConnectPresetSpec contains the OpenIDConnect specification and project selector matching Shoots in Projects.

        FieldDescription
        OpenIDConnectPresetSpec
        OpenIDConnectPresetSpec

        (Members of OpenIDConnectPresetSpec are embedded into this type.)

        projectSelector
        Kubernetes meta/v1.LabelSelector
        (Optional)

        Project decides whether to apply the configuration if the Shoot is in a specific Project matching the label selector. Use the selector only if the OIDC Preset is opt-in, because end users may skip the admission by setting the labels. Defaults to the empty LabelSelector, which matches everything.

        KubeAPIServerOpenIDConnect

        (Appears on: OpenIDConnectPresetSpec)

        KubeAPIServerOpenIDConnect contains configuration settings for the OIDC provider. Note: Descriptions were taken from the Kubernetes documentation.

        FieldDescription
        caBundle
        string
        (Optional)

        If set, the OpenID server’s certificate will be verified by one of the authorities in the oidc-ca-file, otherwise the host’s root CA set will be used.

        clientID
        string

        The client ID for the OpenID Connect client. Required.

        groupsClaim
        string
        (Optional)

        If provided, the name of a custom OpenID Connect claim for specifying user groups. The claim value is expected to be a string or array of strings. This field is experimental, please see the authentication documentation for further details.

        groupsPrefix
        string
        (Optional)

        If provided, all groups will be prefixed with this value to prevent conflicts with other authentication strategies.

        issuerURL
        string

        The URL of the OpenID issuer, only HTTPS scheme will be accepted. If set, it will be used to verify the OIDC JSON Web Token (JWT). Required.

        requiredClaims
        map[string]string
        (Optional)

        key=value pairs that describes a required claim in the ID Token. If set, the claim is verified to be present in the ID Token with a matching value.

        signingAlgs
        []string
        (Optional)

        List of allowed JOSE asymmetric signing algorithms. JWTs with a ‘alg’ header value not in this list will be rejected. Values are defined by RFC 7518 https://tools.ietf.org/html/rfc7518#section-3.1 Defaults to [RS256]

        usernameClaim
        string
        (Optional)

        The OpenID claim to use as the user name. Note that claims other than the default (‘sub’) is not guaranteed to be unique and immutable. This field is experimental, please see the authentication documentation for further details. Defaults to “sub”.

        usernamePrefix
        string
        (Optional)

        If provided, all usernames will be prefixed with this value. If not provided, username claims other than ‘email’ are prefixed by the issuer URL to avoid clashes. To skip any prefixing, provide the value ‘-’.

        OpenIDConnectClientAuthentication

        (Appears on: OpenIDConnectPresetSpec)

        OpenIDConnectClientAuthentication contains configuration for OIDC clients.

        FieldDescription
        secret
        string
        (Optional)

        The client Secret for the OpenID Connect client.

        extraConfig
        map[string]string
        (Optional)

        Extra configuration added to kubeconfig’s auth-provider. Must not be any of idp-issuer-url, client-id, client-secret, idp-certificate-authority, idp-certificate-authority-data, id-token or refresh-token

        OpenIDConnectPresetSpec

        (Appears on: OpenIDConnectPreset, ClusterOpenIDConnectPresetSpec)

        OpenIDConnectPresetSpec contains the Shoot selector for which a specific OpenID Connect configuration is applied.

        FieldDescription
        server
        KubeAPIServerOpenIDConnect

        Server contains the kube-apiserver’s OpenID Connect configuration. This configuration is not overwriting any existing OpenID Connect configuration already set on the Shoot object.

        client
        OpenIDConnectClientAuthentication
        (Optional)

        Client contains the configuration used for client OIDC authentication of Shoot clusters. This configuration is not overwriting any existing OpenID Connect client authentication already set on the Shoot object.

        Deprecated: The OpenID Connect configuration this field specifies is not used and will be forbidden starting from Kubernetes 1.31. It’s use was planned for genereting OIDC kubeconfig https://github.com/gardener/gardener/issues/1433 TODO(AleksandarSavchev): Drop this field after support for Kubernetes 1.30 is dropped.

        shootSelector
        Kubernetes meta/v1.LabelSelector
        (Optional)

        ShootSelector decides whether to apply the configuration if the Shoot has matching labels. Use the selector only if the OIDC Preset is opt-in, because end users may skip the admission by setting the labels. Default to the empty LabelSelector, which matches everything.

        weight
        int32

        Weight associated with matching the corresponding preset, in the range 1-100. Required.


        Generated with gen-crd-api-reference-docs