Core

Packages:

core.gardener.cloud/v1beta1

core.gardener.cloud/v1beta1

Resource Types:

APIServerLogging

APIServerLogging contains configuration for the logs level and http access logs

Field	Description
`verbosity` integer	(Optional) Verbosity is the kube-apiserver log verbosity level Defaults to 2.
`httpAccessVerbosity` integer	(Optional) HTTPAccessVerbosity is the kube-apiserver access logs level

APIServerRequests

(Appears on:KubeAPIServerConfig)

APIServerRequests contains configuration for request-specific settings for the kube-apiserver.

Field	Description
`maxNonMutatingInflight` integer	(Optional) MaxNonMutatingInflight is the maximum number of non-mutating requests in flight at a given time. When the server exceeds this, it rejects requests.
`maxMutatingInflight` integer	(Optional) MaxMutatingInflight is the maximum number of mutating requests in flight at a given time. When the server exceeds this, it rejects requests.

AccessRestriction

(Appears on:AccessRestrictionWithOptions, Region, SeedSpec)

AccessRestriction describes an access restriction for a Kubernetes cluster (e.g., EU access-only).

Field	Description
`name` string	Name is the name of the restriction.

AccessRestrictionWithOptions

(Appears on:ShootSpec)

AccessRestrictionWithOptions describes an access restriction for a Kubernetes cluster (e.g., EU access-only) and allows to specify additional options.

Field	Description
`name` string	Name is the name of the restriction.
`options` object (keys:string, values:string)	(Optional) Options is a map of additional options for the access restriction.

Addon

(Appears on:KubernetesDashboard, NginxIngress)

Addon allows enabling or disabling a specific addon and is used to derive from.

Field	Description
`enabled` boolean	Enabled indicates whether the addon is enabled or not.

Addons

(Appears on:ShootSpec)

Addons is a collection of configuration for specific addons which are managed by the Gardener.

Field	Description
`kubernetesDashboard` KubernetesDashboard	(Optional) KubernetesDashboard holds configuration settings for the kubernetes dashboard addon.
`nginxIngress` NginxIngress	(Optional) NginxIngress holds configuration settings for the nginx-ingress addon.

AdmissionPlugin

(Appears on:KubeAPIServerConfig)

AdmissionPlugin contains information about a specific admission plugin and its corresponding configuration.

Field	Description
`name` string	Name is the name of the plugin.
`config` RawExtension	(Optional) Config is the configuration of the plugin.
`disabled` boolean	(Optional) Disabled specifies whether this plugin should be disabled.
`kubeconfigSecretName` string	(Optional) KubeconfigSecretName specifies the name of a secret containing the kubeconfig for this admission plugin.

Alerting

(Appears on:Monitoring)

Alerting contains information about how alerting will be done (i.e. who will receive alerts and how).

Field	Description
`emailReceivers` string array	(Optional) MonitoringEmailReceivers is a list of recipients for alerts

AuditConfig

(Appears on:KubeAPIServerConfig)

AuditConfig contains settings for audit of the api server

Field	Description
`auditPolicy` AuditPolicy	(Optional) AuditPolicy contains configuration settings for audit policy of the kube-apiserver.

AuditPolicy

(Appears on:AuditConfig)

AuditPolicy contains audit policy for kube-apiserver

Field	Description
`configMapRef` ObjectReference	(Optional) ConfigMapRef is a reference to a ConfigMap object in the same namespace, which contains the audit policy for the kube-apiserver.

AuthorizerKubeconfigReference

(Appears on:StructuredAuthorization)

AuthorizerKubeconfigReference is a reference for a kubeconfig for a authorization webhook.

Field	Description
`authorizerName` string	AuthorizerName is the name of a webhook authorizer.
`secretName` string	SecretName is the name of a secret containing the kubeconfig.

AvailabilityZone

(Appears on:Region)

AvailabilityZone is an availability zone.

Field	Description
`name` string	Name is an availability zone name.
`unavailableMachineTypes` string array	(Optional) UnavailableMachineTypes is a list of machine type names that are not availability in this zone.
`unavailableVolumeTypes` string array	(Optional) UnavailableVolumeTypes is a list of volume type names that are not availability in this zone.

Backup

(Appears on:SeedSpec, WorkerControlPlane)

Backup contains the object store configuration for backups for shoot (currently only etcd).

Field	Description
`provider` string	Provider is a provider name. This field is immutable.
`providerConfig` RawExtension	(Optional) ProviderConfig is the configuration passed to BackupBucket resource.
`region` string	(Optional) Region is a region name. This field is immutable.
`credentialsRef` ObjectReference	(Optional) CredentialsRef is reference to a resource holding the credentials used for authentication with the object store service where the backups are stored. Supported referenced resources are v1.Secrets and security.gardener.cloud/v1alpha1.WorkloadIdentity

BackupBucket

BackupBucket holds details about backup bucket

Field	Description
`metadata` ObjectMeta	Refer to the Kubernetes API documentation for the fields of the `metadata` field.
`spec` BackupBucketSpec	Specification of the Backup Bucket.
`status` BackupBucketStatus	Most recently observed status of the Backup Bucket.

BackupBucketProvider

(Appears on:BackupBucketSpec)

BackupBucketProvider holds the details of cloud provider of the object store.

Field	Description
`type` string	Type is the type of provider.
`region` string	Region is the region of the bucket.

BackupBucketSpec

(Appears on:BackupBucket)

BackupBucketSpec is the specification of a Backup Bucket.

Field	Description
`provider` BackupBucketProvider	Provider holds the details of cloud provider of the object store. This field is immutable.
`providerConfig` RawExtension	(Optional) ProviderConfig is the configuration passed to BackupBucket resource.
`seedName` string	(Optional) SeedName is the name of the Seed this BackupBucket is associated with. Mutually exclusive with ShootRef. This field is immutable.
`credentialsRef` ObjectReference	(Optional) CredentialsRef is reference to a resource holding the credentials used for authentication with the object store service where the backups are stored. Supported referenced resources are v1.Secrets and security.gardener.cloud/v1alpha1.WorkloadIdentity
`shootRef` ObjectReference	(Optional) ShootRef is the reference of the Shoot this BackupBucket is associated with. Mutually exclusive with SeedName. This field is immutable.

BackupBucketStatus

(Appears on:BackupBucket)

BackupBucketStatus holds the most recently observed status of the Backup Bucket.

Field	Description
`providerStatus` RawExtension	(Optional) ProviderStatus is the configuration passed to BackupBucket resource.
`lastOperation` LastOperation	(Optional) LastOperation holds information about the last operation on the BackupBucket.
`lastError` LastError	(Optional) LastError holds information about the last occurred error during an operation.
`observedGeneration` integer	(Optional) ObservedGeneration is the most recent generation observed for this BackupBucket. It corresponds to the BackupBucket's generation, which is updated on mutation by the API Server.
`generatedSecretRef` SecretReference	(Optional) GeneratedSecretRef is reference to the secret generated by backup bucket, which will have object store specific credentials.

BackupEntry

BackupEntry holds details about shoot backup.

Field	Description
`metadata` ObjectMeta	Refer to the Kubernetes API documentation for the fields of the `metadata` field.
`spec` BackupEntrySpec	(Optional) Spec contains the specification of the Backup Entry.
`status` BackupEntryStatus	(Optional) Status contains the most recently observed status of the Backup Entry.

BackupEntrySpec

(Appears on:BackupEntry)

BackupEntrySpec is the specification of a Backup Entry.

Field	Description
`bucketName` string	BucketName is the name of backup bucket for this Backup Entry.
`seedName` string	(Optional) SeedName is the name of the Seed this BackupEntry is associated with. Mutually exclusive with ShootRef.
`shootRef` ObjectReference	(Optional) ShootRef is the reference of the Shoot this BackupBucket is associated with. Mutually exclusive with SeedName. This field is immutable.

BackupEntryStatus

(Appears on:BackupEntry)

BackupEntryStatus holds the most recently observed status of the Backup Entry.

Field	Description
`lastOperation` LastOperation	(Optional) LastOperation holds information about the last operation on the BackupEntry.
`lastError` LastError	(Optional) LastError holds information about the last occurred error during an operation.
`observedGeneration` integer	(Optional) ObservedGeneration is the most recent generation observed for this BackupEntry. It corresponds to the BackupEntry's generation, which is updated on mutation by the API Server.
`seedName` string	(Optional) SeedName is the name of the seed to which this BackupEntry is currently scheduled. This field is populated at the beginning of a create/reconcile operation. It is used when moving the BackupEntry between seeds.
`migrationStartTime` Time	(Optional) MigrationStartTime is the time when a migration to a different seed was initiated.

Bastion

(Appears on:CloudProfileSpec)

Bastion contains the bastions creation info

Field	Description
`machineImage` BastionMachineImage	(Optional) MachineImage contains the bastions machine image properties
`machineType` BastionMachineType	(Optional) MachineType contains the bastions machine type properties

BastionMachineImage

(Appears on:Bastion)

BastionMachineImage contains the bastions machine image properties

Field	Description
`name` string	Name of the machine image
`version` string	(Optional) Version of the machine image

BastionMachineType

(Appears on:Bastion)

BastionMachineType contains the bastions machine type properties

Field	Description
`name` string	Name of the machine type

CARotation

(Appears on:ShootCredentialsRotation)

CARotation contains information about the certificate authority credential rotation.

Field	Description
`phase` CredentialsRotationPhase	Phase describes the phase of the certificate authority credential rotation.
`lastCompletionTime` Time	(Optional) LastCompletionTime is the most recent time when the certificate authority credential rotation was successfully completed.
`lastInitiationTime` Time	(Optional) LastInitiationTime is the most recent time when the certificate authority credential rotation was initiated.
`lastInitiationFinishedTime` Time	(Optional) LastInitiationFinishedTime is the recent time when the certificate authority credential rotation initiation was completed.
`lastCompletionTriggeredTime` Time	(Optional) LastCompletionTriggeredTime is the recent time when the certificate authority credential rotation completion was triggered.
`pendingWorkersRollouts` PendingWorkersRollout array	(Optional) PendingWorkersRollouts contains the name of a worker pool and the initiation time of their last rollout due to credentials rotation.

CRI

(Appears on:MachineImageVersion, Worker)

CRI contains information about the Container Runtimes.

Field	Description
`name` CRIName	The name of the CRI library. Supported values are `containerd`.
`containerRuntimes` ContainerRuntime array	(Optional) ContainerRuntimes is the list of the required container runtimes supported for a worker pool.

CRIName

Underlying type: string

(Appears on:CRI)

CRIName is a type alias for the CRI name string.

Capabilities

Underlying type: object (keys:string, values:CapabilityValues)

(Appears on:MachineType)

Capabilities of a machine type or machine image.

CapabilityDefinition

(Appears on:CloudProfileSpec)

CapabilityDefinition contains the Name and Values of a capability.

Field	Description
`name` string
`values` CapabilityValues

CapabilityValues

Underlying type: string array

(Appears on:Capabilities, CapabilityDefinition)

CapabilityValues contains capability values. This is a workaround as the Protobuf generator can't handle a map with slice values.

CloudProfile

CloudProfile represents certain properties about a provider environment.

Field	Description
`metadata` ObjectMeta	Refer to the Kubernetes API documentation for the fields of the `metadata` field.
`spec` CloudProfileSpec	(Optional) Spec defines the provider environment properties.
`status` CloudProfileStatus	Status contains the current status of the cloud profile.

CloudProfileMachineControllerManagerSettings

(Appears on:MachineType)

CloudProfileMachineControllerManagerSettings contains a subset of the MachineControllerManagerSettings which can be defaulted for a machine type in a CloudProfile.

Field	Description
`machineCreationTimeout` Duration	(Optional) MachineCreationTimeout is the period after which creation of a machine of this machine type is declared failed.

CloudProfileReference

(Appears on:NamespacedCloudProfileSpec, ShootSpec)

CloudProfileReference holds the information about a CloudProfile or a NamespacedCloudProfile.

Field	Description
`kind` string	Kind contains a CloudProfile kind.
`name` string	Name contains the name of the referenced CloudProfile.

CloudProfileSpec

(Appears on:CloudProfile, NamespacedCloudProfileStatus)

CloudProfileSpec is the specification of a CloudProfile. It must contain exactly one of its defined keys.

Field	Description
`caBundle` string	(Optional) CABundle is a certificate bundle which will be installed onto every host machine of shoot cluster targeting this profile.
`kubernetes` KubernetesSettings	Kubernetes contains constraints regarding allowed values of the 'kubernetes' block in the Shoot specification.
`machineImages` MachineImage array	MachineImages contains constraints regarding allowed values for machine images in the Shoot specification.
`machineTypes` MachineType array	MachineTypes contains constraints regarding allowed values for machine types in the 'workers' block in the Shoot specification.
`providerConfig` RawExtension	(Optional) ProviderConfig contains provider-specific configuration for the profile.
`regions` Region array	Regions contains constraints regarding allowed values for regions and zones.
`seedSelector` SeedSelector	(Optional) SeedSelector contains an optional list of labels on `Seed` resources that marks those seeds whose shoots may use this provider profile. An empty list means that all seeds of the same provider type are supported. This is useful for environments that are of the same type (like openstack) but may have different "instances"/landscapes. Optionally a list of possible providers can be added to enable cross-provider scheduling. By default, the provider type of the seed must match the shoot's provider.
`type` string	Type is the name of the provider.
`volumeTypes` VolumeType array	(Optional) VolumeTypes contains constraints regarding allowed values for volume types in the 'workers' block in the Shoot specification.
`bastion` Bastion	(Optional) Bastion contains the machine and image properties
`limits` Limits	(Optional) Limits configures operational limits for Shoot clusters using this CloudProfile. See https://github.com/gardener/gardener/blob/master/docs/usage/shoot/shoot_limits.md.
`machineCapabilities` CapabilityDefinition array	(Optional) MachineCapabilities contains the definition of all possible capabilities in the CloudProfile. Only capabilities and values defined here can be used to describe MachineImages and MachineTypes. The order of values for a given capability is relevant. The most important value is listed first. During maintenance upgrades, the image that matches most capabilities will be selected.

CloudProfileStatus

(Appears on:CloudProfile)

CloudProfileStatus contains the status of the cloud profile.

Field	Description
`kubernetes` KubernetesStatus	(Optional) Kubernetes contains the status information for kubernetes.
`machineImages` MachineImageStatus array	(Optional) MachineImages contains the statuses of the machine image versions.

ClusterAutoscaler

(Appears on:Kubernetes)

ClusterAutoscaler contains the configuration flags for the Kubernetes cluster autoscaler.

Field	Description
`scaleDownDelayAfterAdd` Duration	(Optional) ScaleDownDelayAfterAdd defines how long after scale up that scale down evaluation resumes (default: 1 hour).
`scaleDownDelayAfterDelete` Duration	(Optional) ScaleDownDelayAfterDelete how long after node deletion that scale down evaluation resumes, defaults to scanInterval (default: 0 secs).
`scaleDownDelayAfterFailure` Duration	(Optional) ScaleDownDelayAfterFailure how long after scale down failure that scale down evaluation resumes (default: 3 mins).
`scaleDownUnneededTime` Duration	(Optional) ScaleDownUnneededTime defines how long a node should be unneeded before it is eligible for scale down (default: 30 mins).
`scaleDownUtilizationThreshold` float	(Optional) ScaleDownUtilizationThreshold defines the threshold in fraction (0.0 - 1.0) under which a node is being removed (default: 0.5).
`scanInterval` Duration	(Optional) ScanInterval how often cluster is reevaluated for scale up or down (default: 10 secs).
`expander` ExpanderMode	(Optional) Expander defines the algorithm to use during scale up (default: least-waste). See: https://github.com/gardener/autoscaler/blob/machine-controller-manager-provider/cluster-autoscaler/FAQ.md#what-are-expanders.
`maxNodeProvisionTime` Duration	(Optional) MaxNodeProvisionTime defines how long CA waits for node to be provisioned (default: 20 mins).
`maxGracefulTerminationSeconds` integer	(Optional) MaxGracefulTerminationSeconds is the number of seconds CA waits for pod termination when trying to scale down a node (default: 600).
`ignoreTaints` string array	(Optional) IgnoreTaints specifies a list of taint keys to ignore in node templates when considering to scale a node group. Deprecated: Ignore taints are deprecated and treated as startup taints
`newPodScaleUpDelay` Duration	(Optional) NewPodScaleUpDelay specifies how long CA should ignore newly created pods before they have to be considered for scale-up (default: 0s).
`maxEmptyBulkDelete` integer	(Optional) MaxEmptyBulkDelete specifies the maximum number of empty nodes that can be deleted at the same time (default: MaxScaleDownParallelism when that is set). Deprecated: This field is deprecated. Setting this field will be forbidden starting from Kubernetes 1.33 and will be removed once gardener drops support for kubernetes v1.32. This cluster-autoscaler field is deprecated upstream, use --max-scale-down-parallelism instead.
`ignoreDaemonsetsUtilization` boolean	(Optional) IgnoreDaemonsetsUtilization allows CA to ignore DaemonSet pods when calculating resource utilization for scaling down (default: false).
`verbosity` integer	(Optional) Verbosity allows CA to modify its log level (default: 2).
`startupTaints` string array	(Optional) StartupTaints specifies a list of taint keys to ignore in node templates when considering to scale a node group. Cluster Autoscaler treats nodes tainted with startup taints as unready, but taken into account during scale up logic, assuming they will become ready shortly.
`statusTaints` string array	(Optional) StatusTaints specifies a list of taint keys to ignore in node templates when considering to scale a node group. Cluster Autoscaler internally treats nodes tainted with status taints as ready, but filtered out during scale up logic.
`maxScaleDownParallelism` integer	(Optional) MaxScaleDownParallelism specifies the maximum number of nodes (both empty and needing drain) that can be deleted in parallel. Default: 10 or MaxEmptyBulkDelete when that is set
`maxDrainParallelism` integer	(Optional) MaxDrainParallelism specifies the maximum number of nodes needing drain, that can be drained and deleted in parallel. Default: 1
`initialNodeGroupBackoffDuration` Duration	(Optional) InitialNodeGroupBackoffDuration is the duration of first backoff after a new node failed to start (default: 5m).
`maxNodeGroupBackoffDuration` Duration	(Optional) MaxNodeGroupBackoffDuration is the maximum backoff duration for a NodeGroup after new nodes failed to start (default: 30m).
`nodeGroupBackoffResetTimeout` Duration	(Optional) NodeGroupBackoffResetTimeout is the time after last failed scale-up when the backoff duration is reset (default: 3h).

ClusterAutoscalerOptions

(Appears on:Worker)

ClusterAutoscalerOptions contains the cluster autoscaler configurations for a worker pool.

Field	Description
`scaleDownUtilizationThreshold` float	(Optional) ScaleDownUtilizationThreshold defines the threshold in fraction (0.0 - 1.0) under which a node is being removed.
`scaleDownGpuUtilizationThreshold` float	(Optional) ScaleDownGpuUtilizationThreshold defines the threshold in fraction (0.0 - 1.0) of gpu resources under which a node is being removed.
`scaleDownUnneededTime` Duration	(Optional) ScaleDownUnneededTime defines how long a node should be unneeded before it is eligible for scale down.
`scaleDownUnreadyTime` Duration	(Optional) ScaleDownUnreadyTime defines how long an unready node should be unneeded before it is eligible for scale down.
`maxNodeProvisionTime` Duration	(Optional) MaxNodeProvisionTime defines how long CA waits for node to be provisioned.

ClusterType

Underlying type: string

(Appears on:ControllerResource)

ClusterType defines the type of cluster.

Condition

(Appears on:ControllerInstallationStatus, ProjectStatus, SeedStatus, ShootStatus)

Condition holds the information about the state of a resource.

Field	Description
`type` ConditionType	Type of the condition.
`status` ConditionStatus	Status of the condition, one of True, False, Unknown.
`lastTransitionTime` Time	Last time the condition transitioned from one status to another.
`lastUpdateTime` Time	Last time the condition was updated.
`reason` string	The reason for the condition's last transition.
`message` string	A human readable message indicating details about the transition.
`codes` ErrorCode array	(Optional) Well-defined error codes in case the condition reports a problem.

ConditionStatus

Underlying type: string

(Appears on:Condition)

ConditionStatus is the status of a condition.

ConditionType

Underlying type: string

(Appears on:Condition)

ConditionType is a string alias.

ContainerRuntime

(Appears on:CRI)

ContainerRuntime contains information about worker's available container runtime

Field	Description
`type` string	Type is the type of the Container Runtime.
`providerConfig` RawExtension	(Optional) ProviderConfig is the configuration passed to container runtime resource.

ControlPlane

(Appears on:ShootSpec)

ControlPlane holds information about the general settings for the control plane of a shoot.

Field	Description
`highAvailability` HighAvailability	(Optional) HighAvailability holds the configuration settings for high availability of the control plane of a shoot.

ControlPlaneAutoscaling

(Appears on:ETCDConfig, KubeAPIServerConfig)

ControlPlaneAutoscaling contains auto-scaling configuration options for control-plane components.

ControllerDeployment

ControllerDeployment contains information about how this controller is deployed.

Field	Description
`metadata` ObjectMeta	Refer to the Kubernetes API documentation for the fields of the `metadata` field.
`type` string	Type is the deployment type.
`providerConfig` RawExtension	ProviderConfig contains type-specific configuration. It contains assets that deploy the controller.
`injectGardenKubeconfig` boolean	(Optional) InjectGardenKubeconfig controls whether a kubeconfig to the garden cluster should be injected into workload resources.

ControllerDeploymentPolicy

Underlying type: string

(Appears on:ControllerRegistrationDeployment)

ControllerDeploymentPolicy is a string alias.

ControllerInstallation

ControllerInstallation represents an installation request for an external controller.

Field	Description
`metadata` ObjectMeta	Refer to the Kubernetes API documentation for the fields of the `metadata` field.
`spec` ControllerInstallationSpec	Spec contains the specification of this installation. If the object's deletion timestamp is set, this field is immutable.
`status` ControllerInstallationStatus	Status contains the status of this installation.

ControllerInstallationSpec

(Appears on:ControllerInstallation)

ControllerInstallationSpec is the specification of a ControllerInstallation.

Field	Description
`registrationRef` ObjectReference	RegistrationRef is used to reference a ControllerRegistration resource. The name field of the RegistrationRef is immutable.
`seedRef` ObjectReference	(Optional) SeedRef is used to reference a Seed resource. The name field of the SeedRef is immutable.
`shootRef` ObjectReference	(Optional) ShootRef is used to reference a Shoot resource. The name and namespace fields of the ShootRef are immutable.
`deploymentRef` ObjectReference	(Optional) DeploymentRef is used to reference a ControllerDeployment resource.

ControllerInstallationStatus

(Appears on:ControllerInstallation)

ControllerInstallationStatus is the status of a ControllerInstallation.

Field	Description
`conditions` Condition array	(Optional) Conditions represents the latest available observations of a ControllerInstallations's current state.
`providerStatus` RawExtension	(Optional) ProviderStatus contains type-specific status.

ControllerRegistration

ControllerRegistration represents a registration of an external controller.

Field	Description
`metadata` ObjectMeta	Refer to the Kubernetes API documentation for the fields of the `metadata` field.
`spec` ControllerRegistrationSpec	Spec contains the specification of this registration. If the object's deletion timestamp is set, this field is immutable.

ControllerRegistrationDeployment

(Appears on:ControllerRegistrationSpec)

ControllerRegistrationDeployment contains information for how this controller is deployed.

Field	Description
`policy` ControllerDeploymentPolicy	(Optional) Policy controls how the controller is deployed. It defaults to 'OnDemand'.
`seedSelector` LabelSelector	(Optional) SeedSelector contains an optional label selector for seeds. Only if the labels match then this controller will be considered for a deployment. An empty list means that all seeds are selected.
`deploymentRefs` DeploymentRef array	(Optional) DeploymentRefs holds references to `ControllerDeployments`. Only one element is supported currently.

ControllerRegistrationSpec

(Appears on:ControllerRegistration)

ControllerRegistrationSpec is the specification of a ControllerRegistration.

Field	Description
`resources` ControllerResource array	(Optional) Resources is a list of combinations of kinds (DNSProvider, Infrastructure, Generic, ...) and their actual types (aws-route53, gcp, auditlog, ...).
`deployment` ControllerRegistrationDeployment	(Optional) Deployment contains information for how this controller is deployed.

ControllerResource

(Appears on:ControllerRegistrationSpec)

ControllerResource is a combination of a kind (DNSProvider, Infrastructure, Generic, ...) and the actual type for this kind (aws-route53, gcp, auditlog, ...).

Field	Description
`kind` string	Kind is the resource kind, for example "OperatingSystemConfig".
`type` string	Type is the resource type, for example "coreos" or "ubuntu".
`reconcileTimeout` Duration	(Optional) ReconcileTimeout defines how long Gardener should wait for the resource reconciliation. This field is defaulted to 3m0s when kind is "Extension".
`primary` boolean	(Optional) Primary determines if the controller backed by this ControllerRegistration is responsible for the extension resource's lifecycle. This field defaults to true. There must be exactly one primary controller for this kind/type combination. This field is immutable.
`lifecycle` ControllerResourceLifecycle	(Optional) Lifecycle defines a strategy that determines when different operations on a ControllerResource should be performed. This field is defaulted in the following way when kind is "Extension". Reconcile: "AfterKubeAPIServer" Delete: "BeforeKubeAPIServer" Migrate: "BeforeKubeAPIServer"
`workerlessSupported` boolean	(Optional) WorkerlessSupported specifies whether this ControllerResource supports Workerless Shoot clusters. This field is only relevant when kind is "Extension".
`autoEnable` ClusterType array	(Optional) AutoEnable determines if this resource is automatically enabled for shoot or seed clusters, or both. This field can only be set for resources of kind "Extension".
`clusterCompatibility` ClusterType array	(Optional) ClusterCompatibility defines the compatibility of this resource with different cluster types. If compatibility is not specified, it will be defaulted to 'shoot'. This field can only be set for resources of kind "Extension".

ControllerResourceLifecycle

(Appears on:ControllerResource)

ControllerResourceLifecycle defines the lifecycle of a controller resource.

Field	Description
`reconcile` ControllerResourceLifecycleStrategy	(Optional) Reconcile defines the strategy during reconciliation.
`delete` ControllerResourceLifecycleStrategy	(Optional) Delete defines the strategy during deletion.
`migrate` ControllerResourceLifecycleStrategy	(Optional) Migrate defines the strategy during migration.

ControllerResourceLifecycleStrategy

Underlying type: string

(Appears on:ControllerResourceLifecycle)

ControllerResourceLifecycleStrategy is a string alias.

CoreDNS

(Appears on:SystemComponents)

CoreDNS contains the settings of the Core DNS components running in the data plane of the Shoot cluster.

Field	Description
`autoscaling` CoreDNSAutoscaling	(Optional) Autoscaling contains the settings related to autoscaling of the Core DNS components running in the data plane of the Shoot cluster.
`rewriting` CoreDNSRewriting	(Optional) Rewriting contains the setting related to rewriting of requests, which are obviously incorrect due to the unnecessary application of the search path.

CoreDNSAutoscaling

(Appears on:CoreDNS)

CoreDNSAutoscaling contains the settings related to autoscaling of the Core DNS components running in the data plane of the Shoot cluster.

Field	Description
`mode` CoreDNSAutoscalingMode	The mode of the autoscaling to be used for the Core DNS components running in the data plane of the Shoot cluster. Supported values are `horizontal` and `cluster-proportional`.

CoreDNSAutoscalingMode

Underlying type: string

(Appears on:CoreDNSAutoscaling)

CoreDNSAutoscalingMode is a type alias for the Core DNS autoscaling mode string.

CoreDNSRewriting

(Appears on:CoreDNS)

CoreDNSRewriting contains the setting related to rewriting requests, which are obviously incorrect due to the unnecessary application of the search path.

Field	Description
`commonSuffixes` string array	(Optional) CommonSuffixes are expected to be the suffix of a fully qualified domain name. Each suffix should contain at least one or two dots ('.') to prevent accidental clashes.

CredentialsRotationPhase

Underlying type: string

(Appears on:CARotation, ETCDEncryptionKeyRotation, ServiceAccountKeyRotation)

CredentialsRotationPhase is a string alias.

DNS

(Appears on:ShootSpec)

DNS holds information about the provider, the hosted zone id and the domain.

Field	Description
`domain` string	(Optional) Domain is the external available domain of the Shoot cluster. This domain will be written into the kubeconfig that is handed out to end-users. This field is immutable.
`providers` DNSProvider array	(Optional) Providers is a list of DNS providers that shall be enabled for this shoot cluster. Only relevant if not a default domain is used. Deprecated: Configuring multiple DNS providers is deprecated and will be forbidden in a future release. Please use the DNS extension provider config (e.g. shoot-dns-service) for additional providers.

DNSExposure

Underlying type: struct{}

(Appears on:Exposure)

DNSExposure specifies that this shoot will be exposed by DNS. There is no specific configuration currently, for future extendability.

DNSIncludeExclude

(Appears on:DNSProvider)

DNSIncludeExclude contains information about which domains shall be included/excluded.

Field	Description
`include` string array	(Optional) Include is a list of domains that shall be included.
`exclude` string array	(Optional) Exclude is a list of domains that shall be excluded.

DNSProvider

(Appears on:DNS)

DNSProvider contains information about a DNS provider.

Field	Description
`domains` DNSIncludeExclude	(Optional) Domains contains information about which domains shall be included/excluded for this provider. Deprecated: This field is deprecated and will be removed in a future release. Please use the DNS extension provider config (e.g. shoot-dns-service) for additional configuration.
`primary` boolean	(Optional) Primary indicates that this DNSProvider is used for shoot related domains. Deprecated: This field is deprecated and will be removed in a future release. Please use the DNS extension provider config (e.g. shoot-dns-service) for additional and non-primary providers.
`secretName` string	(Optional) SecretName is a name of a secret containing credentials for the stated domain and the provider. When not specified, the Gardener will use the cloud provider credentials referenced by the Shoot and try to find respective credentials there (primary provider only). Specifying this field may override this behavior, i.e. forcing the Gardener to only look into the given secret. Deprecated: This field is deprecated and will be forbidden starting from Kubernetes 1.35. Please use `CredentialsRef` instead. Until removed, this field is synced with the `CredentialsRef` field when it refers to a secret.
`type` string	(Optional) Type is the DNS provider type.
`zones` DNSIncludeExclude	(Optional) Zones contains information about which hosted zones shall be included/excluded for this provider. Deprecated: This field is deprecated and will be removed in a future release. Please use the DNS extension provider config (e.g. shoot-dns-service) for additional configuration.
`credentialsRef` CrossVersionObjectReference	(Optional) CredentialsRef is a reference to a resource providing credentials for the DNS provider. Supported resources are Secret and WorkloadIdentity.

DataVolume

(Appears on:Worker)

DataVolume contains information about a data volume.

Field	Description
`name` string	Name of the volume to make it referenceable.
`type` string	(Optional) Type is the type of the volume.
`size` string	VolumeSize is the size of the volume.
`encrypted` boolean	(Optional) Encrypted determines if the volume should be encrypted.

DeploymentRef

(Appears on:ControllerRegistrationDeployment)

DeploymentRef contains information about `ControllerDeployment` references.

Field	Description
`name` string	Name is the name of the `ControllerDeployment` that is being referred to.

DualApprovalForDeletion

(Appears on:ProjectSpec)

DualApprovalForDeletion contains configuration for the dual approval concept for resource deletion.

Field	Description
`resource` string	Resource is the name of the resource this applies to.
`selector` LabelSelector	Selector is the label selector for the resources.
`includeServiceAccounts` boolean	(Optional) IncludeServiceAccounts specifies whether the concept also applies when deletion is triggered by ServiceAccounts. Defaults to true.

ETCD

(Appears on:Kubernetes)

ETCD contains configuration for etcds of the shoot cluster.

Field	Description
`main` ETCDConfig	(Optional) Main contains configuration for the main etcd.
`events` ETCDConfig	(Optional) Events contains configuration for the events etcd.

ETCDConfig

(Appears on:ETCD)

ETCDConfig contains etcd configuration.

Field	Description
`autoscaling` ControlPlaneAutoscaling	(Optional) Autoscaling contains auto-scaling configuration options for etcd.

ETCDEncryptionKeyRotation

(Appears on:ShootCredentialsRotation)

ETCDEncryptionKeyRotation contains information about the ETCD encryption key credential rotation.

Field	Description
`phase` CredentialsRotationPhase	Phase describes the phase of the ETCD encryption key credential rotation.
`lastCompletionTime` Time	(Optional) LastCompletionTime is the most recent time when the ETCD encryption key credential rotation was successfully completed.
`lastInitiationTime` Time	(Optional) LastInitiationTime is the most recent time when the ETCD encryption key credential rotation was initiated.
`lastInitiationFinishedTime` Time	(Optional) LastInitiationFinishedTime is the recent time when the ETCD encryption key credential rotation initiation was completed.
`lastCompletionTriggeredTime` Time	(Optional) LastCompletionTriggeredTime is the recent time when the ETCD encryption key credential rotation completion was triggered.
`autoCompleteAfterPrepared` boolean	(Optional) AutoCompleteAfterPrepared indicates whether the current ETCD encryption key rotation should be auto completed after the preparation phase has finished. Such rotation can be triggered by the `rotate-etcd-encryption-key` annotation. This field is needed while we support two types of key rotations: two-operation and single operation rotation. Deprecated: This field will be removed in a future release. The field will be no longer needed with the removal `rotate-etcd-encryption-key-start` & `rotate-etcd-encryption-key-complete` annotations.

EncryptionAtRest

(Appears on:ShootCredentials)

EncryptionAtRest contains information about Shoot data encryption at rest.

Field	Description
`resources` string array	(Optional) Resources is the list of resources in the Shoot which are currently encrypted. Secrets are encrypted by default and are not part of the list. See https://github.com/gardener/gardener/blob/master/docs/usage/security/etcd_encryption_config.md for more details.
`provider` EncryptionProviderStatus	Provider contains information about Shoot encryption provider.

EncryptionConfig

(Appears on:KubeAPIServerConfig)

EncryptionConfig contains customizable encryption configuration of the API server.

Field	Description
`resources` string array	(Optional) Resources contains the list of resources that shall be encrypted in addition to secrets. Each item is a Kubernetes resource name in plural (resource or resource.group) that should be encrypted. Wildcards are not supported for now. See https://github.com/gardener/gardener/blob/master/docs/usage/security/etcd_encryption_config.md for more details.
`provider` EncryptionProvider	Provider contains information about the encryption provider.

EncryptionProvider

(Appears on:EncryptionConfig)

EncryptionProvider contains information about the encryption provider.

Field	Description
`type` EncryptionProviderType	(Optional) Type contains the type of the encryption provider. Supported types: - "aescbc" Defaults to aescbc.

EncryptionProviderStatus

(Appears on:EncryptionAtRest)

EncryptionProviderStatus contains information about Shoot encryption provider.

Field	Description
`type` EncryptionProviderType	Type is the used encryption provider type.

EncryptionProviderType

Underlying type: string

(Appears on:EncryptionProvider, EncryptionProviderStatus)

EncryptionProviderType is a type alias for the encryption provider type string.

ErrorCode

Underlying type: string

(Appears on:Condition, LastError)

ErrorCode is a string alias.

ExpanderMode

Underlying type: string

(Appears on:ClusterAutoscaler)

ExpanderMode is type used for Expander values

ExpirableVersion

(Appears on:KubernetesSettings, MachineImageVersion)

ExpirableVersion contains a version with associated lifecycle information.

Field	Description
`version` string	Version is the version identifier.
`expirationDate` Time	(Optional) ExpirationDate defines the time at which this version expires. Deprecated: Is replaced by Lifecycle; mutually exclusive with it.
`classification` VersionClassification	(Optional) Classification defines the state of a version (preview, supported, deprecated). Deprecated: Is replaced by Lifecycle. mutually exclusive with it.
`lifecycle` LifecycleStage array	(Optional) Lifecycle defines the lifecycle stages for this version. Mutually exclusive with Classification and ExpirationDate. This can only be used when the VersionClassificationLifecycle feature gate is enabled.

ExpirableVersionStatus

(Appears on:KubernetesStatus, MachineImageStatus)

ExpirableVersionStatus defines the current status of an expirable version.

Field	Description
`version` string	Version is the version identifier.
`classification` VersionClassification	Classification reflects the current state in the classification lifecycle.

Exposure

(Appears on:WorkerControlPlane)

Exposure holds the exposure configuration for the shoot (either `extension` or `dns` or omitted/empty).

Field	Description
`extension` ExtensionExposure	(Optional) Extension holds the type and provider config of the exposure extension. Mutually exclusive with DNS.
`dns` DNSExposure	(Optional) DNS specifies that this shoot will be exposed by DNS. Mutually exclusive with Extension.

ExposureClass

ExposureClass represents a control plane endpoint exposure strategy.

Field	Description
`metadata` ObjectMeta	Refer to the Kubernetes API documentation for the fields of the `metadata` field.
`handler` string	Handler is the name of the handler which applies the control plane endpoint exposure strategy. This field is immutable.
`scheduling` ExposureClassScheduling	(Optional) Scheduling holds information how to select applicable Seed's for ExposureClass usage. This field is immutable.

ExposureClassScheduling

(Appears on:ExposureClass)

ExposureClassScheduling holds information to select applicable Seed's for ExposureClass usage.

Field	Description
`seedSelector` SeedSelector	(Optional) SeedSelector is an optional label selector for Seed's which are suitable to use the ExposureClass.
`tolerations` Toleration array	(Optional) Tolerations contains the tolerations for taints on Seed clusters.

Extension

(Appears on:SeedSpec, ShootSpec)

Extension contains type and provider information for extensions.

Field	Description
`type` string	Type is the type of the extension resource.
`providerConfig` RawExtension	(Optional) ProviderConfig is the configuration passed to extension resource.
`disabled` boolean	(Optional) Disabled allows to disable extensions that were marked as 'automatically enabled' by Gardener administrators.

ExtensionExposure

Underlying type: struct{Type *string "json:"type,omitempty" protobuf:"bytes,1,opt,name=type""; ProviderConfig *k8s.io/apimachinery/pkg/runtime.RawExtension "json:"providerConfig,omitempty" protobuf:"bytes,2,opt,name=providerConfig""}

(Appears on:Exposure)

ExtensionExposure holds the type and provider config of the exposure extension.

ExtensionResourceState

(Appears on:ShootStateSpec)

ExtensionResourceState contains the kind of the extension custom resource and its last observed state in the Shoot's namespace on the Seed cluster.

Field	Description
`kind` string	Kind (type) of the extension custom resource
`name` string	(Optional) Name of the extension custom resource
`purpose` string	(Optional) Purpose of the extension custom resource
`state` RawExtension	(Optional) State of the extension resource
`resources` NamedResourceReference array	(Optional) Resources holds a list of named resource references that can be referred to in the state by their names.

FailureTolerance

(Appears on:HighAvailability)

FailureTolerance describes information about failure tolerance level of a highly available resource.

Field	Description
`type` FailureToleranceType	Type specifies the type of failure that the highly available resource can tolerate

FailureToleranceType

Underlying type: string

(Appears on:FailureTolerance)

FailureToleranceType specifies the type of failure that a highly available shoot control plane that can tolerate.

Gardener

(Appears on:SeedStatus, ShootStatus)

Gardener holds the information about the Gardener version that operated a resource.

Field	Description
`id` string	ID is the container id of the Gardener which last acted on a resource.
`name` string	Name is the hostname (pod name) of the Gardener which last acted on a resource.
`version` string	Version is the version of the Gardener which last acted on a resource.

GardenerResourceData

(Appears on:ShootStateSpec)

GardenerResourceData holds the data which is used to generate resources, deployed in the Shoot's control plane.

Field	Description
`name` string	Name of the object required to generate resources
`type` string	Type of the object
`data` RawExtension	Data contains the payload required to generate resources
`labels` object (keys:string, values:string)	(Optional) Labels are labels of the object

HelmControllerDeployment

HelmControllerDeployment configures how an extension controller is deployed using helm. This is the legacy structure that used to be defined in gardenlet's ControllerInstallation controller for ControllerDeployment's with type=helm. While this is not a proper API type, we need to define the structure in the API package so that we can convert it to the internal API version in the new representation.

Field	Description
`chart` integer array	Chart is a Helm chart tarball.
`values` JSON	Values is a map of values for the given chart.
`ociRepository` OCIRepository	(Optional) OCIRepository defines where to pull the chart.

Hibernation

(Appears on:ShootSpec)

Hibernation contains information whether the Shoot is suspended or not.

Field	Description
`enabled` boolean	(Optional) Enabled specifies whether the Shoot needs to be hibernated or not. If it is true, the Shoot's desired state is to be hibernated. If it is false or nil, the Shoot's desired state is to be awakened.
`schedules` HibernationSchedule array	(Optional) Schedules determine the hibernation schedules.

HibernationSchedule

(Appears on:Hibernation)

HibernationSchedule determines the hibernation schedule of a Shoot. A Shoot will be regularly hibernated at each start time and will be woken up at each end time. Start or End can be omitted, though at least one of each has to be specified.

Field	Description
`start` string	(Optional) Start is a Cron spec at which time a Shoot will be hibernated.
`end` string	(Optional) End is a Cron spec at which time a Shoot will be woken up.
`location` string	(Optional) Location is the time location in which both start and shall be evaluated.

HighAvailability

(Appears on:ControlPlane)

HighAvailability specifies the configuration settings for high availability for a resource. Typical usages could be to configure HA for shoot control plane or for seed system components.

Field	Description
`failureTolerance` FailureTolerance	FailureTolerance holds information about failure tolerance level of a highly available resource.

HorizontalPodAutoscalerConfig

(Appears on:KubeControllerManagerConfig)

HorizontalPodAutoscalerConfig contains horizontal pod autoscaler configuration settings for the kube-controller-manager. Note: Descriptions were taken from the Kubernetes documentation.

Field	Description
`cpuInitializationPeriod` Duration	(Optional) The period after which a ready pod transition is considered to be the first.
`downscaleStabilization` Duration	(Optional) The configurable window at which the controller will choose the highest recommendation for autoscaling.
`initialReadinessDelay` Duration	(Optional) The configurable period at which the horizontal pod autoscaler considers a Pod “not yet ready” given that it’s unready and it has transitioned to unready during that time.
`syncPeriod` Duration	(Optional) The period for syncing the number of pods in horizontal pod autoscaler.
`tolerance` float	(Optional) The minimum change (from 1.0) in the desired-to-actual metrics ratio for the horizontal pod autoscaler to consider scaling.

IPFamily

Underlying type: string

(Appears on:Networking, SeedNetworks)

IPFamily is a type for specifying an IP protocol version to use in Gardener clusters.

InPlaceUpdates

(Appears on:MachineImageVersion)

InPlaceUpdates contains the configuration for in-place updates for a machine image version.

Field	Description
`supported` boolean	Supported indicates whether in-place updates are supported for this machine image version.
`minVersionForUpdate` string	(Optional) MinVersionForInPlaceUpdate specifies the minimum supported version from which an in-place update to this machine image version can be performed.

InPlaceUpdatesStatus

(Appears on:ShootStatus)

InPlaceUpdatesStatus contains information about in-place updates for the Shoot workers.

Field	Description
`pendingWorkerUpdates` PendingWorkerUpdates	(Optional) PendingWorkerUpdates contains information about worker pools pending in-place updates.

Ingress

(Appears on:SeedSpec)

Ingress configures the Ingress specific settings of the cluster

Field	Description
`domain` string	Domain specifies the IngressDomain of the cluster pointing to the ingress controller endpoint. It will be used to construct ingress URLs for system applications running in Shoot/Garden clusters. Once set this field is immutable.
`controller` IngressController	Controller configures a Gardener managed Ingress Controller listening on the ingressDomain

IngressController

(Appears on:Ingress)

IngressController enables a Gardener managed Ingress Controller listening on the ingressDomain

Field	Description
`kind` string	Kind defines which kind of IngressController to use. At the moment only `nginx` is supported
`providerConfig` RawExtension	(Optional) ProviderConfig specifies infrastructure specific configuration for the ingressController

InternalSecret

InternalSecret holds secret data of a certain type. The total bytes of the values in the Data field must be less than MaxSecretSize bytes.

Field	Description
`metadata` ObjectMeta	Refer to the Kubernetes API documentation for the fields of the `metadata` field.
`immutable` boolean	(Optional) Immutable, if set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified). If not set to true, the field can be modified at any time. Defaulted to nil.
`data` object (keys:string, values:integer array)	(Optional) Data contains the secret data. Each key must consist of alphanumeric characters, '-', '_' or '.'. The serialized form of the secret data is a base64 encoded string, representing the arbitrary (possibly non-string) data value here. Described in https://tools.ietf.org/html/rfc4648#section-4
`stringData` object (keys:string, values:string)	(Optional) stringData allows specifying non-binary secret data in string form. It is provided as a write-only input field for convenience. All keys and values are merged into the data field on write, overwriting any existing values. The stringData field is never output when reading from the API.
`type` SecretType	(Optional) Used to facilitate programmatic handling of secret data. More info: https://kubernetes.io/docs/concepts/configuration/secret/#secret-types

KubeAPIServerConfig

(Appears on:Kubernetes)

KubeAPIServerConfig contains configuration settings for the kube-apiserver.

Field	Description
`featureGates` object (keys:string, values:boolean)	(Optional) FeatureGates contains information about enabled feature gates.
`admissionPlugins` AdmissionPlugin array	(Optional) AdmissionPlugins contains the list of user-defined admission plugins (additional to those managed by Gardener), and, if desired, the corresponding configuration.
`apiAudiences` string array	(Optional) APIAudiences are the identifiers of the API. The service account token authenticator will validate that tokens used against the API are bound to at least one of these audiences. Defaults to ["kubernetes"].
`auditConfig` AuditConfig	(Optional) AuditConfig contains configuration settings for the audit of the kube-apiserver.
`oidcConfig` OIDCConfig	(Optional) OIDCConfig contains configuration settings for the OIDC provider. Deprecated: This field is deprecated and will be forbidden starting from Kubernetes 1.32. Please configure and use structured authentication instead of oidc flags. For more information check https://github.com/gardener/gardener/issues/9858
`runtimeConfig` object (keys:string, values:boolean)	(Optional) RuntimeConfig contains information about enabled or disabled APIs.
`serviceAccountConfig` ServiceAccountConfig	(Optional) ServiceAccountConfig contains configuration settings for the service account handling of the kube-apiserver.
`watchCacheSizes` WatchCacheSizes	(Optional) WatchCacheSizes contains configuration of the API server's watch cache sizes. Configuring these flags might be useful for large-scale Shoot clusters with a lot of parallel update requests and a lot of watching controllers (e.g. large ManagedSeed clusters). When the API server's watch cache's capacity is too small to cope with the amount of update requests and watchers for a particular resource, it might happen that controller watches are permanently stopped with `too old resource version` errors. Starting from kubernetes v1.19, the API server's watch cache size is adapted dynamically and setting the watch cache size flags will have no effect, except when setting it to 0 (which disables the watch cache).
`requests` APIServerRequests	(Optional) Requests contains configuration for request-specific settings for the kube-apiserver.
`enableAnonymousAuthentication` boolean	(Optional) EnableAnonymousAuthentication defines whether anonymous requests to the secure port of the API server should be allowed (flag `--anonymous-auth`). See: https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/ Deprecated: This field is deprecated and will be removed after support for Kubernetes v1.34 is dropped. This field is forbidden for clusters with Kubernetes version >= 1.35. Please use anonymous authentication configuration instead.
`eventTTL` Duration	(Optional) EventTTL controls the amount of time to retain events. Defaults to 1h.
`logging` APIServerLogging	(Optional) Logging contains configuration for the log level and HTTP access logs.
`defaultNotReadyTolerationSeconds` integer	(Optional) DefaultNotReadyTolerationSeconds indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration (flag `--default-not-ready-toleration-seconds`). The field has effect only when the `DefaultTolerationSeconds` admission plugin is enabled. Defaults to 300.
`defaultUnreachableTolerationSeconds` integer	(Optional) DefaultUnreachableTolerationSeconds indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration (flag `--default-unreachable-toleration-seconds`). The field has effect only when the `DefaultTolerationSeconds` admission plugin is enabled. Defaults to 300.
`encryptionConfig` EncryptionConfig	(Optional) EncryptionConfig contains customizable encryption configuration of the Kube API server.
`structuredAuthentication` StructuredAuthentication	(Optional) StructuredAuthentication contains configuration settings for structured authentication for the kube-apiserver.
`structuredAuthorization` StructuredAuthorization	(Optional) StructuredAuthorization contains configuration settings for structured authorization for the kube-apiserver.
`autoscaling` ControlPlaneAutoscaling	(Optional) Autoscaling contains auto-scaling configuration options for the kube-apiserver.

KubeControllerManagerConfig

(Appears on:Kubernetes)

KubeControllerManagerConfig contains configuration settings for the kube-controller-manager.

Field	Description
`featureGates` object (keys:string, values:boolean)	(Optional) FeatureGates contains information about enabled feature gates.
`horizontalPodAutoscaler` HorizontalPodAutoscalerConfig	(Optional) HorizontalPodAutoscalerConfig contains horizontal pod autoscaler configuration settings for the kube-controller-manager.
`nodeCIDRMaskSize` integer	(Optional) NodeCIDRMaskSize defines the mask size for node cidr in cluster (default is 24). This field is immutable.
`podEvictionTimeout` Duration	(Optional) PodEvictionTimeout defines the grace period for deleting pods on failed nodes. Defaults to 2m. Deprecated: The corresponding kube-controller-manager flag `--pod-eviction-timeout` is deprecated in favor of the kube-apiserver flags `--default-not-ready-toleration-seconds` and `--default-unreachable-toleration-seconds`. The `--pod-eviction-timeout` flag does not have effect when the taint based eviction is enabled. The taint based eviction is beta (enabled by default) since Kubernetes 1.13 and GA since Kubernetes 1.18. Hence, instead of setting this field, set the `spec.kubernetes.kubeAPIServer.defaultNotReadyTolerationSeconds` and `spec.kubernetes.kubeAPIServer.defaultUnreachableTolerationSeconds`. Setting this field is forbidden starting from Kubernetes 1.33.
`nodeMonitorGracePeriod` Duration	(Optional) NodeMonitorGracePeriod defines the grace period before an unresponsive node is marked unhealthy.
`nodeCIDRMaskSizeIPv6` integer	(Optional) NodeCIDRMaskSizeIPv6 defines the mask size for node cidr in cluster (default is 64). This field is immutable.

KubeProxyConfig

(Appears on:Kubernetes)

KubeProxyConfig contains configuration settings for the kube-proxy.

Field	Description
`featureGates` object (keys:string, values:boolean)	(Optional) FeatureGates contains information about enabled feature gates.
`mode` ProxyMode	(Optional) Mode specifies which proxy mode to use. defaults to IPTables.
`enabled` boolean	(Optional) Enabled indicates whether kube-proxy should be deployed or not. Depending on the networking extensions switching kube-proxy off might be rejected. Consulting the respective documentation of the used networking extension is recommended before using this field. defaults to true if not specified.

KubeSchedulerConfig

(Appears on:Kubernetes)

KubeSchedulerConfig contains configuration settings for the kube-scheduler.

Field	Description
`featureGates` object (keys:string, values:boolean)	(Optional) FeatureGates contains information about enabled feature gates.
`kubeMaxPDVols` string	(Optional) KubeMaxPDVols is not respected anymore by kube-scheduler. The maximum number of attached volumes is configured by the CSI driver. More information can be found at https://kubernetes.io/docs/concepts/storage/storage-limits/#custom-limits. Deprecated: This field is deprecated. Using this field will be forbidden starting from Kubernetes 1.35.
`profile` SchedulingProfile	(Optional) Profile configures the scheduling profile for the cluster. If not specified, the used profile is "balanced" (provides the default kube-scheduler behavior).

KubeletConfig

(Appears on:Kubernetes, WorkerKubernetes)

KubeletConfig contains configuration settings for the kubelet.

Field	Description
`featureGates` object (keys:string, values:boolean)	(Optional) FeatureGates contains information about enabled feature gates.
`cpuCFSQuota` boolean	(Optional) CPUCFSQuota allows you to disable/enable CPU throttling for Pods.
`cpuManagerPolicy` string	(Optional) CPUManagerPolicy allows to set alternative CPU management policies (default: none).
`evictionHard` KubeletConfigEviction	(Optional) EvictionHard describes a set of eviction thresholds (e.g. memory.available<1Gi) that if met would trigger a Pod eviction. Default: memory.available: "100Mi/1Gi/5%" nodefs.available: "5%" nodefs.inodesFree: "5%" imagefs.available: "5%" imagefs.inodesFree: "5%"
`evictionMaxPodGracePeriod` integer	(Optional) EvictionMaxPodGracePeriod describes the maximum allowed grace period (in seconds) to use when terminating pods in response to a soft eviction threshold being met. Default: 90
`evictionMinimumReclaim` KubeletConfigEvictionMinimumReclaim	(Optional) EvictionMinimumReclaim configures the amount of resources below the configured eviction threshold that the kubelet attempts to reclaim whenever the kubelet observes resource pressure. Default: 0 for each resource
`evictionPressureTransitionPeriod` Duration	(Optional) EvictionPressureTransitionPeriod is the duration for which the kubelet has to wait before transitioning out of an eviction pressure condition. Default: 4m0s
`evictionSoft` KubeletConfigEviction	(Optional) EvictionSoft describes a set of eviction thresholds (e.g. memory.available<1.5Gi) that if met over a corresponding grace period would trigger a Pod eviction. Default: memory.available: "200Mi/1.5Gi/10%" nodefs.available: "10%" nodefs.inodesFree: "10%" imagefs.available: "10%" imagefs.inodesFree: "10%"
`evictionSoftGracePeriod` KubeletConfigEvictionSoftGracePeriod	(Optional) EvictionSoftGracePeriod describes a set of eviction grace periods (e.g. memory.available=1m30s) that correspond to how long a soft eviction threshold must hold before triggering a Pod eviction. Default: memory.available: 1m30s nodefs.available: 1m30s nodefs.inodesFree: 1m30s imagefs.available: 1m30s imagefs.inodesFree: 1m30s
`maxPods` integer	(Optional) MaxPods is the maximum number of Pods that are allowed by the Kubelet. Default: 110
`podPidsLimit` integer	(Optional) PodPIDsLimit is the maximum number of process IDs per pod allowed by the kubelet.
`failSwapOn` boolean	(Optional) FailSwapOn makes the Kubelet fail to start if swap is enabled on the node. (default true).
`kubeReserved` KubeletConfigReserved	(Optional) KubeReserved is the configuration for resources reserved for kubernetes node components (mainly kubelet and container runtime). When updating these values, be aware that cgroup resizes may not succeed on active worker nodes. Look for the NodeAllocatableEnforced event to determine if the configuration was applied. Default: cpu=80m,memory=1Gi,pid=20k
`imageGCHighThresholdPercent` integer	(Optional) ImageGCHighThresholdPercent describes the percent of the disk usage which triggers image garbage collection. Default: 50
`imageGCLowThresholdPercent` integer	(Optional) ImageGCLowThresholdPercent describes the percent of the disk to which garbage collection attempts to free. Default: 40
`serializeImagePulls` boolean	(Optional) SerializeImagePulls describes whether the images are pulled one at a time. Default: true
`registryPullQPS` integer	(Optional) RegistryPullQPS is the limit of registry pulls per second. The value must not be a negative number. Setting it to 0 means no limit. Default: 5
`registryBurst` integer	(Optional) RegistryBurst is the maximum size of bursty pulls, temporarily allows pulls to burst to this number, while still not exceeding registryPullQPS. The value must not be a negative number. Only used if registryPullQPS is greater than 0. Default: 10
`seccompDefault` boolean	(Optional) SeccompDefault enables the use of `RuntimeDefault` as the default seccomp profile for all workloads.
`containerLogMaxSize` Quantity	(Optional) A quantity defines the maximum size of the container log file before it is rotated. For example: "5Mi" or "256Ki". Default: 100Mi
`containerLogMaxFiles` integer	(Optional) Maximum number of container log files that can be present for a container.
`protectKernelDefaults` boolean	(Optional) ProtectKernelDefaults ensures that the kernel tunables are equal to the kubelet defaults. Defaults to true.
`streamingConnectionIdleTimeout` Duration	(Optional) StreamingConnectionIdleTimeout is the maximum time a streaming connection can be idle before the connection is automatically closed. This field cannot be set lower than "30s" or greater than "4h". Default: "5m".
`memorySwap` MemorySwapConfiguration	(Optional) MemorySwap configures swap memory available to container workloads.
`maxParallelImagePulls` integer	(Optional) MaxParallelImagePulls describes the maximum number of image pulls in parallel. The value must be a positive number. This field cannot be set if SerializeImagePulls (pull one image at a time) is set to true. Setting it to nil means no limit. Default: nil
`imageMinimumGCAge` Duration	(Optional) ImageMinimumGCAge is the minimum age of an unused image before it can be garbage collected. Default: 2m0s
`imageMaximumGCAge` Duration	(Optional) ImageMaximumGCAge is the maximum age of an unused image before it can be garbage collected. Default: 0s

KubeletConfigEviction

(Appears on:KubeletConfig)

KubeletConfigEviction contains kubelet eviction thresholds supporting either a resource.Quantity or a percentage based value.

Field	Description
`memoryAvailable` string	(Optional) MemoryAvailable is the threshold for the free memory on the host server.
`imageFSAvailable` string	(Optional) ImageFSAvailable is the threshold for the free disk space in the imagefs filesystem (docker images and container writable layers).
`imageFSInodesFree` string	(Optional) ImageFSInodesFree is the threshold for the available inodes in the imagefs filesystem.
`nodeFSAvailable` string	(Optional) NodeFSAvailable is the threshold for the free disk space in the nodefs filesystem (docker volumes, logs, etc).
`nodeFSInodesFree` string	(Optional) NodeFSInodesFree is the threshold for the available inodes in the nodefs filesystem.

KubeletConfigEvictionMinimumReclaim

(Appears on:KubeletConfig)

KubeletConfigEvictionMinimumReclaim contains configuration for the kubelet eviction minimum reclaim.

Field	Description
`memoryAvailable` Quantity	(Optional) MemoryAvailable is the threshold for the memory reclaim on the host server.
`imageFSAvailable` Quantity	(Optional) ImageFSAvailable is the threshold for the disk space reclaim in the imagefs filesystem (docker images and container writable layers).
`imageFSInodesFree` Quantity	(Optional) ImageFSInodesFree is the threshold for the inodes reclaim in the imagefs filesystem.
`nodeFSAvailable` Quantity	(Optional) NodeFSAvailable is the threshold for the disk space reclaim in the nodefs filesystem (docker volumes, logs, etc).
`nodeFSInodesFree` Quantity	(Optional) NodeFSInodesFree is the threshold for the inodes reclaim in the nodefs filesystem.

KubeletConfigEvictionSoftGracePeriod

(Appears on:KubeletConfig)

KubeletConfigEvictionSoftGracePeriod contains grace periods for kubelet eviction thresholds.

Field	Description
`memoryAvailable` Duration	(Optional) MemoryAvailable is the grace period for the MemoryAvailable eviction threshold.
`imageFSAvailable` Duration	(Optional) ImageFSAvailable is the grace period for the ImageFSAvailable eviction threshold.
`imageFSInodesFree` Duration	(Optional) ImageFSInodesFree is the grace period for the ImageFSInodesFree eviction threshold.
`nodeFSAvailable` Duration	(Optional) NodeFSAvailable is the grace period for the NodeFSAvailable eviction threshold.
`nodeFSInodesFree` Duration	(Optional) NodeFSInodesFree is the grace period for the NodeFSInodesFree eviction threshold.

KubeletConfigReserved

(Appears on:KubeletConfig)

KubeletConfigReserved contains reserved resources for daemons

Field	Description
`cpu` Quantity	(Optional) CPU is the reserved cpu.
`memory` Quantity	(Optional) Memory is the reserved memory.
`ephemeralStorage` Quantity	(Optional) EphemeralStorage is the reserved ephemeral-storage.
`pid` Quantity	(Optional) PID is the reserved process-ids.

Kubernetes

(Appears on:ShootSpec)

Kubernetes contains the version and configuration variables for the Shoot control plane.

Field	Description
`clusterAutoscaler` ClusterAutoscaler	(Optional) ClusterAutoscaler contains the configuration flags for the Kubernetes cluster autoscaler.
`kubeAPIServer` KubeAPIServerConfig	(Optional) KubeAPIServer contains configuration settings for the kube-apiserver.
`kubeControllerManager` KubeControllerManagerConfig	(Optional) KubeControllerManager contains configuration settings for the kube-controller-manager.
`kubeScheduler` KubeSchedulerConfig	(Optional) KubeScheduler contains configuration settings for the kube-scheduler.
`kubeProxy` KubeProxyConfig	(Optional) KubeProxy contains configuration settings for the kube-proxy.
`kubelet` KubeletConfig	(Optional) Kubelet contains configuration settings for the kubelet.
`version` string	(Optional) Version is the semantic Kubernetes version to use for the Shoot cluster. Defaults to the highest supported minor and patch version given in the referenced cloud profile. The version can be omitted completely or partially specified, e.g. `.`.
`verticalPodAutoscaler` VerticalPodAutoscaler	(Optional) VerticalPodAutoscaler contains the configuration flags for the Kubernetes vertical pod autoscaler.
`etcd` ETCD	(Optional) ETCD contains configuration for etcds of the shoot cluster.

KubernetesConfig

(Appears on:KubeAPIServerConfig, KubeControllerManagerConfig, KubeProxyConfig, KubeSchedulerConfig, KubeletConfig)

KubernetesConfig contains common configuration fields for the control plane components. This is a legacy type that should not be used in new API fields or resources. Instead of embedding this type, consider using inline map for feature gates definitions.

Field	Description
`featureGates` object (keys:string, values:boolean)	(Optional) FeatureGates contains information about enabled feature gates.

KubernetesDashboard

(Appears on:Addons)

KubernetesDashboard describes configuration values for the kubernetes-dashboard addon.

Field	Description
`enabled` boolean	Enabled indicates whether the addon is enabled or not.
`authenticationMode` string	(Optional) AuthenticationMode defines the authentication mode for the kubernetes-dashboard.

KubernetesSettings

(Appears on:CloudProfileSpec, NamespacedCloudProfileSpec)

KubernetesSettings contains constraints regarding allowed values of the 'kubernetes' block in the Shoot specification.

Field	Description
`versions` ExpirableVersion array	(Optional) Versions is the list of allowed Kubernetes versions with optional expiration dates for Shoot clusters.

KubernetesStatus

(Appears on:CloudProfileStatus)

KubernetesStatus contains the status information for kubernetes.

Field	Description
`versions` ExpirableVersionStatus array	(Optional) Versions contains the statuses of the kubernetes versions.

LastError

(Appears on:BackupBucketStatus, BackupEntryStatus, ShootStatus)

LastError indicates the last occurred error for an operation on a resource.

Field	Description
`description` string	A human readable message indicating details about the last error.
`taskID` string	(Optional) ID of the task which caused this last error
`codes` ErrorCode array	(Optional) Well-defined error codes of the last error(s).
`lastUpdateTime` Time	(Optional) Last time the error was reported

LastMaintenance

(Appears on:ShootStatus)

LastMaintenance holds information about a maintenance operation on the Shoot.

Field	Description
`description` string	A human-readable message containing details about the operations performed in the last maintenance.
`triggeredTime` Time	TriggeredTime is the time when maintenance was triggered.
`state` LastOperationState	Status of the last maintenance operation, one of Processing, Succeeded, Error.
`failureReason` string	(Optional) FailureReason holds the information about the last maintenance operation failure reason.

LastOperation

(Appears on:BackupBucketStatus, BackupEntryStatus, SeedStatus, ShootStatus)

LastOperation indicates the type and the state of the last operation, along with a description message and a progress indicator.

Field	Description
`description` string	A human readable message indicating details about the last operation.
`lastUpdateTime` Time	Last time the operation state transitioned from one to another.
`progress` integer	The progress in percentage (0-100) of the last operation.
`state` LastOperationState	Status of the last operation, one of Aborted, Processing, Succeeded, Error, Failed.
`type` LastOperationType	Type of the last operation, one of Create, Reconcile, Delete, Migrate, Restore.

LastOperationState

Underlying type: string

(Appears on:LastMaintenance, LastOperation)

LastOperationState is a string alias.

LastOperationType

Underlying type: string

(Appears on:LastOperation)

LastOperationType is a string alias.

LifecycleStage

(Appears on:ExpirableVersion, MachineImageVersion)

LifecycleStage describes a stage in the versions lifecycle. Each stage defines the classification of the version (e.g. unavailable, preview, supported, deprecated, expired) and the time at which this classification becomes effective.

Field	Description
`classification` VersionClassification	Classification is the category of this lifecycle stage (unavailable, preview, supported, deprecated, expired).
`startTime` Time	(Optional) StartTime defines when this lifecycle stage becomes active. StartTime can be omitted for the first lifecycle stage, implying a start time in the past.

Limits

(Appears on:CloudProfileSpec, NamespacedCloudProfileSpec)

Limits configures operational limits for Shoot clusters using this CloudProfile. See https://github.com/gardener/gardener/blob/master/docs/usage/shoot/shoot_limits.md.

Field	Description
`maxNodesTotal` integer	(Optional) MaxNodesTotal configures the maximum node count a Shoot cluster can have during runtime.

LoadBalancerServicesProxyProtocol

(Appears on:SeedSettingLoadBalancerServices, SeedSettingLoadBalancerServicesZones)

LoadBalancerServicesProxyProtocol controls whether ProxyProtocol is (optionally) allowed for the load balancer services.

Field Description

allowed
boolean

Allowed controls whether the ProxyProtocol is optionally allowed for the load balancer services.
This should only be enabled if the load balancer services are already using ProxyProtocol or will be reconfigured to use it soon.
Until the load balancers are configured with ProxyProtocol, enabling this setting may allow clients to spoof their source IP addresses.
The option allows a migration from non-ProxyProtocol to ProxyProtocol without downtime (depending on the infrastructure).
Defaults to false.

Machine

(Appears on:Worker)

Machine contains information about the machine type and image.

Field	Description
`type` string	Type is the machine type of the worker group.
`image` ShootMachineImage	(Optional) Image holds information about the machine image to use for all nodes of this pool. It will default to the latest version of the first image stated in the referenced CloudProfile if no value has been provided.
`architecture` string	(Optional) Architecture is CPU architecture of machines in this worker pool.

MachineControllerManagerSettings

(Appears on:Worker)

MachineControllerManagerSettings contains configurations for different worker-pools. Eg. MachineDrainTimeout, MachineHealthTimeout.

Field	Description
`machineDrainTimeout` Duration	(Optional) MachineDrainTimeout is the period after which machine is forcefully deleted.
`machineHealthTimeout` Duration	(Optional) MachineHealthTimeout is the period after which machine is declared failed.
`machineCreationTimeout` Duration	(Optional) MachineCreationTimeout is the period after which creation of the machine is declared failed.
`maxEvictRetries` integer	(Optional) MaxEvictRetries are the number of eviction retries on a pod after which drain is declared failed, and forceful deletion is triggered.
`nodeConditions` string array	(Optional) NodeConditions are the set of conditions if set to true for the period of MachineHealthTimeout, machine will be declared failed.
`inPlaceUpdateTimeout` Duration	(Optional) MachineInPlaceUpdateTimeout is the timeout after which in-place update is declared failed.
`disableHealthTimeout` boolean	(Optional) DisableHealthTimeout if set to true, health timeout will be ignored. Leading to machine never being declared failed. This is intended to be used only for in-place updates.

MachineImage

(Appears on:CloudProfileSpec, NamespacedCloudProfileSpec)

MachineImage defines the name and multiple versions of the machine image in any environment.

Field	Description
`name` string	Name is the name of the image.
`versions` MachineImageVersion array	Versions contains versions, expiration dates and container runtimes of the machine image
`updateStrategy` MachineImageUpdateStrategy	(Optional) UpdateStrategy is the update strategy to use for the machine image. Possible values are: - patch: update to the latest patch version of the current minor version. - minor: update to the latest minor and patch version. - major: always update to the overall latest version (default).

MachineImageFlavor

(Appears on:MachineImageVersion)

MachineImageFlavor is a wrapper for Capabilities. This is a workaround as the Protobuf generator can't handle a slice of maps.

MachineImageStatus

(Appears on:CloudProfileStatus)

MachineImageStatus contains the status of a machine image and its version classifications.

Field	Description
`name` string	Name matches the name of the MachineImage the status is represented of.
`versions` ExpirableVersionStatus array	(Optional) Versions contains the statuses of the machine image versions.

MachineImageUpdateStrategy

Underlying type: string

(Appears on:MachineImage)

MachineImageUpdateStrategy is the update strategy to use for a machine image

MachineImageVersion

(Appears on:MachineImage)

MachineImageVersion is an expirable version with list of supported container runtimes and interfaces

Field	Description
`version` string	Version is the version identifier.
`expirationDate` Time	(Optional) ExpirationDate defines the time at which this version expires. Deprecated: Is replaced by Lifecycle; mutually exclusive with it.
`classification` VersionClassification	(Optional) Classification defines the state of a version (preview, supported, deprecated). Deprecated: Is replaced by Lifecycle. mutually exclusive with it.
`lifecycle` LifecycleStage array	(Optional) Lifecycle defines the lifecycle stages for this version. Mutually exclusive with Classification and ExpirationDate. This can only be used when the VersionClassificationLifecycle feature gate is enabled.
`cri` CRI array	(Optional) CRI list of supported container runtime and interfaces supported by this version
`architectures` string array	(Optional) Architectures is the list of CPU architectures of the machine image in this version.
`kubeletVersionConstraint` string	(Optional) KubeletVersionConstraint is a constraint describing the supported kubelet versions by the machine image in this version. If the field is not specified, it is assumed that the machine image in this version supports all kubelet versions. Examples: - '>= 1.26' - supports only kubelet versions greater than or equal to 1.26 - '< 1.26' - supports only kubelet versions less than 1.26
`inPlaceUpdates` InPlaceUpdates	(Optional) InPlaceUpdates contains the configuration for in-place updates for this machine image version.
`capabilityFlavors` MachineImageFlavor array	(Optional) CapabilityFlavors is an array of MachineImageFlavor. Each entry represents a combination of capabilities that is provided by the machine image version.

MachineType

(Appears on:CloudProfileSpec, NamespacedCloudProfileSpec)

MachineType contains certain properties of a machine type.

Field	Description
`cpu` Quantity	CPU is the number of CPUs for this machine type.
`gpu` Quantity	GPU is the number of GPUs for this machine type.
`memory` Quantity	Memory is the amount of memory for this machine type.
`name` string	Name is the name of the machine type.
`storage` MachineTypeStorage	(Optional) Storage is the amount of storage associated with the root volume of this machine type.
`usable` boolean	(Optional) Usable defines if the machine type can be used for shoot clusters.
`architecture` string	(Optional) Architecture is the CPU architecture of this machine type.
`capabilities` Capabilities	(Optional) Capabilities contains the machine type capabilities.
`machineControllerManager` CloudProfileMachineControllerManagerSettings	(Optional) MachineControllerManagerSettings contains a subset of the MachineControllerManagerSettings which can be defaulted for a machine type in a CloudProfile.

MachineTypeStorage

(Appears on:MachineType)

MachineTypeStorage is the amount of storage associated with the root volume of this machine type.

Field	Description
`class` string	Class is the class of the storage type.
`size` Quantity	(Optional) StorageSize is the storage size.
`type` string	Type is the type of the storage.
`minSize` Quantity	(Optional) MinSize is the minimal supported storage size. This overrides any other common minimum size configuration from `spec.volumeTypes[*].minSize`.

MachineUpdateStrategy

Underlying type: string

(Appears on:Worker)

MachineUpdateStrategy specifies the machine update strategy for the worker pool.

Maintenance

(Appears on:ShootSpec)

Maintenance contains information about the time window for maintenance operations and which operations should be performed.

Field	Description
`autoUpdate` MaintenanceAutoUpdate	(Optional) AutoUpdate contains information about which constraints should be automatically updated.
`timeWindow` MaintenanceTimeWindow	(Optional) TimeWindow contains information about the time window for maintenance operations.
`confineSpecUpdateRollout` boolean	(Optional) ConfineSpecUpdateRollout prevents that changes/updates to the shoot specification will be rolled out immediately. Instead, they are rolled out during the shoot's maintenance time window. There is one exception that will trigger an immediate roll out which is changes to the Spec.Hibernation.Enabled field.
`autoRotation` MaintenanceAutoRotation	(Optional) AutoRotation contains information about which rotations should be automatically performed.

MaintenanceAutoRotation

(Appears on:Maintenance)

MaintenanceAutoRotation contains information about which rotations should be automatically performed.

Field	Description
`credentials` MaintenanceCredentialsAutoRotation	(Optional) Credentials contains information about which credentials should be automatically rotated.

MaintenanceAutoUpdate

(Appears on:Maintenance)

MaintenanceAutoUpdate contains information about which constraints should be automatically updated.

Field	Description
`kubernetesVersion` boolean	KubernetesVersion indicates whether the patch Kubernetes version may be automatically updated (default: true).
`machineImageVersion` boolean	(Optional) MachineImageVersion indicates whether the machine image version may be automatically updated (default: true).

MaintenanceCredentialsAutoRotation

(Appears on:MaintenanceAutoRotation)

MaintenanceCredentialsAutoRotation contains information about which credentials should be automatically rotated.

Field	Description
`observability` MaintenanceRotationConfig	(Optional) Observability configures the automatic rotation for the observability credentials.
`sshKeypair` MaintenanceRotationConfig	(Optional) SSHKeypair configures the automatic rotation for the ssh keypair for worker nodes.
`etcdEncryptionKey` MaintenanceRotationConfig	(Optional) ETCDEncryptionKey configures the automatic rotation for the etcd encryption key.

MaintenanceRotationConfig

(Appears on:MaintenanceCredentialsAutoRotation)

MaintenanceRotationConfig contains configuration for automatic rotation.

Field	Description
`rotationPeriod` Duration	(Optional) RotationPeriod is the period between a completed rotation and the start of a new rotation (default: 7d). The allowed rotation period is between 30m and 90d. When set to 0, rotation is disabled.

MaintenanceTimeWindow

(Appears on:Maintenance)

MaintenanceTimeWindow contains information about the time window for maintenance operations.

Field	Description
`begin` string	Begin is the beginning of the time window in the format HHMMSS+ZONE, e.g. "220000+0100". If not present, a random value will be computed.
`end` string	End is the end of the time window in the format HHMMSS+ZONE, e.g. "220000+0100". If not present, the value will be computed based on the "Begin" value.

ManualWorkerPoolRollout

(Appears on:ShootStatus)

ManualWorkerPoolRollout contains information about the worker pool rollout progress that has been initiated via the gardener.cloud/operation=rollout-workers annotation.

Field	Description
`pendingWorkersRollouts` PendingWorkersRollout array	(Optional) PendingWorkersRollouts contains the names of the worker pools that are still pending rollout.

MemorySwapConfiguration

(Appears on:KubeletConfig)

MemorySwapConfiguration contains kubelet swap configuration For more information, please see KEP: 2400-node-swap

Field	Description
`swapBehavior` SwapBehavior	(Optional) SwapBehavior configures swap memory available to container workloads. May be one of {"NoSwap", "LimitedSwap"} defaults to: LimitedSwap

Monitoring

(Appears on:ShootSpec)

Monitoring contains information about the monitoring configuration for the shoot.

Field	Description
`alerting` Alerting	(Optional) Alerting contains information about the alerting configuration for the shoot cluster.

NamedResourceReference

(Appears on:ExtensionResourceState, SeedSpec, ShootSpec)

NamedResourceReference is a named reference to a resource.

Field	Description
`name` string	Name of the resource reference.
`resourceRef` CrossVersionObjectReference	ResourceRef is a reference to a resource.

NamespacedCloudProfile

NamespacedCloudProfile represents certain properties about a provider environment.

Field	Description
`metadata` ObjectMeta	Refer to the Kubernetes API documentation for the fields of the `metadata` field.
`spec` NamespacedCloudProfileSpec	Spec defines the provider environment properties.
`status` NamespacedCloudProfileStatus	Most recently observed status of the NamespacedCloudProfile.

NamespacedCloudProfileSpec

(Appears on:NamespacedCloudProfile)

NamespacedCloudProfileSpec is the specification of a NamespacedCloudProfile.

Field	Description
`caBundle` string	(Optional) CABundle is a certificate bundle which will be installed onto every host machine of shoot cluster targeting this profile.
`kubernetes` KubernetesSettings	(Optional) Kubernetes contains constraints regarding allowed values of the 'kubernetes' block in the Shoot specification.
`machineImages` MachineImage array	(Optional) MachineImages contains constraints regarding allowed values for machine images in the Shoot specification.
`machineTypes` MachineType array	(Optional) MachineTypes contains constraints regarding allowed values for machine types in the 'workers' block in the Shoot specification.
`volumeTypes` VolumeType array	(Optional) VolumeTypes contains constraints regarding allowed values for volume types in the 'workers' block in the Shoot specification.
`parent` CloudProfileReference	Parent contains a reference to a CloudProfile it inherits from.
`providerConfig` RawExtension	(Optional) ProviderConfig contains provider-specific configuration for the profile.
`limits` Limits	(Optional) Limits configures operational limits for Shoot clusters using this NamespacedCloudProfile. Any limits specified here override those set in the parent CloudProfile. See https://github.com/gardener/gardener/blob/master/docs/usage/shoot/shoot_limits.md.

NamespacedCloudProfileStatus

(Appears on:NamespacedCloudProfile)

NamespacedCloudProfileStatus holds the most recently observed status of the NamespacedCloudProfile.

Field	Description
`cloudProfileSpec` CloudProfileSpec	CloudProfile is the most recently generated CloudProfile of the NamespacedCloudProfile.
`observedGeneration` integer	(Optional) ObservedGeneration is the most recent generation observed for this NamespacedCloudProfile.

Networking

(Appears on:ShootSpec)

Networking defines networking parameters for the shoot cluster.

Field	Description
`type` string	(Optional) Type identifies the type of the networking plugin. This field is immutable.
`providerConfig` RawExtension	(Optional) ProviderConfig is the configuration passed to network resource.
`pods` string	(Optional) Pods is the CIDR of the pod network. This field is immutable.
`nodes` string	(Optional) Nodes is the CIDR of the entire node network. This field is mutable.
`services` string	(Optional) Services is the CIDR of the service network. This field is immutable.
`ipFamilies` IPFamily array	(Optional) IPFamilies specifies the IP protocol versions to use for shoot networking. See https://github.com/gardener/gardener/blob/master/docs/development/ipv6.md. Defaults to ["IPv4"].

NetworkingStatus

(Appears on:ShootStatus)

NetworkingStatus contains information about cluster networking such as CIDRs.

Field	Description
`pods` string array	(Optional) Pods are the CIDRs of the pod network.
`nodes` string array	(Optional) Nodes are the CIDRs of the node network.
`services` string array	(Optional) Services are the CIDRs of the service network.
`egressCIDRs` string array	(Optional) EgressCIDRs is a list of CIDRs used by the shoot as the source IP for egress traffic as reported by the used Infrastructure extension controller. For certain environments the egress IPs may not be stable in which case the extension controller may opt to not populate this field.

NginxIngress

(Appears on:Addons)

NginxIngress describes configuration values for the nginx-ingress addon.

Field	Description
`enabled` boolean	Enabled indicates whether the addon is enabled or not.
`loadBalancerSourceRanges` string array	(Optional) LoadBalancerSourceRanges is list of allowed IP sources for NginxIngress
`config` object (keys:string, values:string)	(Optional) Config contains custom configuration for the nginx-ingress-controller configuration. See https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/configmap.md#configuration-options
`externalTrafficPolicy` ServiceExternalTrafficPolicy	(Optional) ExternalTrafficPolicy controls the `.spec.externalTrafficPolicy` value of the load balancer `Service` exposing the nginx-ingress. Defaults to `Cluster`.

NodeLocalDNS

(Appears on:SystemComponents)

NodeLocalDNS contains the settings of the node local DNS components running in the data plane of the Shoot cluster.

Field	Description
`enabled` boolean	Enabled indicates whether node local DNS is enabled or not.
`forceTCPToClusterDNS` boolean	(Optional) ForceTCPToClusterDNS indicates whether the connection from the node local DNS to the cluster DNS (Core DNS) will be forced to TCP or not. Default, if unspecified, is to enforce TCP.
`forceTCPToUpstreamDNS` boolean	(Optional) ForceTCPToUpstreamDNS indicates whether the connection from the node local DNS to the upstream DNS (infrastructure DNS) will be forced to TCP or not. Default, if unspecified, is to enforce TCP.
`disableForwardToUpstreamDNS` boolean	(Optional) DisableForwardToUpstreamDNS indicates whether requests from node local DNS to upstream DNS should be disabled. Default, if unspecified, is to forward requests for external domains to upstream DNS

OCIRepository

(Appears on:HelmControllerDeployment)

OCIRepository configures where to pull an OCI Artifact, that could contain for example a Helm Chart.

Field	Description
`ref` string	(Optional) Ref is the full artifact Ref and takes precedence over all other fields.
`repository` string	(Optional) Repository is a reference to an OCI artifact repository.
`tag` string	(Optional) Tag is the image tag to pull.
`digest` string	(Optional) Digest of the image to pull, takes precedence over tag.
`pullSecretRef` LocalObjectReference	(Optional) PullSecretRef is a reference to a secret containing the pull secret. The secret must be of type `kubernetes.io/dockerconfigjson` and must be located in the `garden` namespace.
`caBundleSecretRef` LocalObjectReference	(Optional) CABundleSecretRef is a reference to a secret containing a PEM-encoded certificate authority bundle. The CA bundle is used to verify the TLS certificate of the OCI registry. The secret must have a data key `bundle.crt` and must be located in the `garden` namespace. For usage in the gardenlet, the secret must have the label `gardener.cloud/role=oci-ca-bundle`. If not provided, the system's default certificate pool is used.

OIDCConfig

(Appears on:KubeAPIServerConfig)

OIDCConfig contains configuration settings for the OIDC provider. Note: Descriptions were taken from the Kubernetes documentation.

Field	Description
`caBundle` string	(Optional) If set, the OpenID server's certificate will be verified by one of the authorities in the oidc-ca-file, otherwise the host's root CA set will be used.
`clientID` string	(Optional) The client ID for the OpenID Connect client, must be set.
`groupsClaim` string	(Optional) If provided, the name of a custom OpenID Connect claim for specifying user groups. The claim value is expected to be a string or array of strings. This flag is experimental, please see the authentication documentation for further details.
`groupsPrefix` string	(Optional) If provided, all groups will be prefixed with this value to prevent conflicts with other authentication strategies.
`issuerURL` string	(Optional) The URL of the OpenID issuer, only HTTPS scheme will be accepted. Used to verify the OIDC JSON Web Token (JWT).
`requiredClaims` object (keys:string, values:string)	(Optional) key=value pairs that describes a required claim in the ID Token. If set, the claim is verified to be present in the ID Token with a matching value.
`signingAlgs` string array	(Optional) List of allowed JOSE asymmetric signing algorithms. JWTs with a 'alg' header value not in this list will be rejected. Values are defined by RFC 7518 https://tools.ietf.org/html/rfc7518#section-3.1
`usernameClaim` string	(Optional) The OpenID claim to use as the user name. Note that claims other than the default ('sub') is not guaranteed to be unique and immutable. This flag is experimental, please see the authentication documentation for further details. (default "sub")
`usernamePrefix` string	(Optional) If provided, all usernames will be prefixed with this value. If not provided, username claims other than 'email' are prefixed by the issuer URL to avoid clashes. To skip any prefixing, provide the value '-'.

ObservabilityRotation

(Appears on:ShootCredentialsRotation)

ObservabilityRotation contains information about the observability credential rotation.

Field	Description
`lastInitiationTime` Time	(Optional) LastInitiationTime is the most recent time when the observability credential rotation was initiated.
`lastCompletionTime` Time	(Optional) LastCompletionTime is the most recent time when the observability credential rotation was successfully completed.

OpenIDConnectClientAuthentication

OpenIDConnectClientAuthentication contains configuration for OIDC clients.

Field	Description
`extraConfig` object (keys:string, values:string)	(Optional) Extra configuration added to kubeconfig's auth-provider. Must not be any of idp-issuer-url, client-id, client-secret, idp-certificate-authority, idp-certificate-authority-data, id-token or refresh-token
`secret` string	(Optional) The client Secret for the OpenID Connect client.

PendingWorkerUpdates

(Appears on:InPlaceUpdatesStatus)

PendingWorkerUpdates contains information about worker pools pending in-place update.

Field	Description
`autoInPlaceUpdate` string array	(Optional) AutoInPlaceUpdate contains the names of the pending worker pools with strategy AutoInPlaceUpdate.
`manualInPlaceUpdate` string array	(Optional) ManualInPlaceUpdate contains the names of the pending worker pools with strategy ManualInPlaceUpdate.

PendingWorkersRollout

(Appears on:CARotation, ManualWorkerPoolRollout, ServiceAccountKeyRotation)

PendingWorkersRollout contains the name of a worker pool and the initiation time of their last rollout.

Field	Description
`name` string	Name is the name of a worker pool.
`lastInitiationTime` Time	(Optional) LastInitiationTime is the most recent time when the worker rollout was initiated.

Project

Project holds certain properties about a Gardener project.

Field	Description
`metadata` ObjectMeta	Refer to the Kubernetes API documentation for the fields of the `metadata` field.
`spec` ProjectSpec	(Optional) Spec defines the project properties.
`status` ProjectStatus	(Optional) Most recently observed status of the Project.

ProjectMember

(Appears on:ProjectSpec)

ProjectMember is a member of a project.

Field	Description
`kind` string	Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". If the Authorizer does not recognized the kind value, the Authorizer should report an error.
`apiGroup` string	(Optional) APIGroup holds the API group of the referenced subject. Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" for User and Group subjects.
`name` string	Name of the object being referenced.
`namespace` string	(Optional) Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty the Authorizer should report an error.
`role` string	Role represents the role of this member. IMPORTANT: Be aware that this field will be removed in the `v1` version of this API in favor of the `roles` list.
`roles` string array	(Optional) Roles represents the list of roles of this member.

ProjectPhase

Underlying type: string

(Appears on:ProjectStatus)

ProjectPhase is a label for the condition of a project at the current time.

ProjectSpec

(Appears on:Project)

ProjectSpec is the specification of a Project.

Field	Description
`createdBy` Subject	(Optional) CreatedBy is a subject representing a user name, an email address, or any other identifier of a user who created the project. This field is immutable.
`description` string	(Optional) Description is a human-readable description of what the project is used for. Only letters, digits and certain punctuation characters are allowed for this field.
`owner` Subject	(Optional) Owner is a subject representing a user name, an email address, or any other identifier of a user owning the project. IMPORTANT: Be aware that this field will be removed in the `v1` version of this API in favor of the `owner` role. The only way to change the owner will be by moving the `owner` role. In this API version the only way to change the owner is to use this field.
`purpose` string	(Optional) Purpose is a human-readable explanation of the project's purpose. Only letters, digits and certain punctuation characters are allowed for this field.
`members` ProjectMember array	(Optional) Members is a list of subjects representing a user name, an email address, or any other identifier of a user, group, or service account that has a certain role.
`namespace` string	(Optional) Namespace is the name of the namespace that has been created for the Project object. A nil value means that Gardener will determine the name of the namespace. If set, its value must be prefixed with `garden-`. This field is immutable.
`tolerations` ProjectTolerations	(Optional) Tolerations contains the tolerations for taints on seed clusters.
`dualApprovalForDeletion` DualApprovalForDeletion array	(Optional) DualApprovalForDeletion contains configuration for the dual approval concept for resource deletion.

ProjectStatus

(Appears on:Project)

ProjectStatus holds the most recently observed status of the project.

Field	Description
`observedGeneration` integer	(Optional) ObservedGeneration is the most recent generation observed for this project.
`phase` ProjectPhase	Phase is the current phase of the project.
`staleSinceTimestamp` Time	(Optional) StaleSinceTimestamp contains the timestamp when the project was first discovered to be stale/unused.
`staleAutoDeleteTimestamp` Time	(Optional) StaleAutoDeleteTimestamp contains the timestamp when the project will be garbage-collected/automatically deleted because it's stale/unused.
`lastActivityTimestamp` Time	(Optional) LastActivityTimestamp contains the timestamp from the last activity performed in this project.
`conditions` Condition array	(Optional) Conditions represents the latest available observations of a Project's current state.

ProjectTolerations

(Appears on:ProjectSpec)

ProjectTolerations contains the tolerations for taints on seed clusters.

Field	Description
`defaults` Toleration array	(Optional) Defaults contains a list of tolerations that are added to the shoots in this project by default.
`whitelist` Toleration array	(Optional) Whitelist contains a list of tolerations that are allowed to be added to the shoots in this project. Please note that this list may only be added by users having the `spec-tolerations-whitelist` verb for project resources.

Provider

(Appears on:ShootSpec)

Provider contains provider-specific information that are handed-over to the provider-specific extension controller.

Field	Description
`type` string	Type is the type of the provider. This field is immutable.
`controlPlaneConfig` RawExtension	(Optional) ControlPlaneConfig contains the provider-specific control plane config blob. Please look up the concrete definition in the documentation of your provider extension.
`infrastructureConfig` RawExtension	(Optional) InfrastructureConfig contains the provider-specific infrastructure config blob. Please look up the concrete definition in the documentation of your provider extension.
`workers` Worker array	(Optional) Workers is a list of worker groups.
`workersSettings` WorkersSettings	(Optional) WorkersSettings contains settings for all workers.

ProxyMode

Underlying type: string

(Appears on:KubeProxyConfig)

ProxyMode available in Linux platform: 'userspace' (older, going to be EOL), 'iptables' (newer, faster), 'nftables', and 'ipvs' (deprecated starting with Kubernetes 1.35). As of now only 'iptables', 'nftables' and 'ipvs' (deprecated starting with Kubernetes 1.35) is supported by Gardener. In Linux platform, if the iptables proxy is selected, regardless of how, but the system's kernel or iptables versions are insufficient, this always falls back to the userspace proxy.

Quota

Quota represents a quota on resources consumed by shoot clusters either per project or per provider secret.

Field	Description
`metadata` ObjectMeta	Refer to the Kubernetes API documentation for the fields of the `metadata` field.
`spec` QuotaSpec	(Optional) Spec defines the Quota constraints.

QuotaSpec

(Appears on:Quota)

QuotaSpec is the specification of a Quota.

Field	Description
`clusterLifetimeDays` integer	(Optional) ClusterLifetimeDays is the lifetime of a Shoot cluster in days before it will be terminated automatically.
`scope` ObjectReference	Scope is the scope of the Quota object, either 'project', 'secret' or 'workloadidentity'. This field is immutable.

Region

(Appears on:CloudProfileSpec)

Region contains certain properties of a region.

Field	Description
`name` string	Name is a region name.
`zones` AvailabilityZone array	(Optional) Zones is a list of availability zones in this region.
`labels` object (keys:string, values:string)	(Optional) Labels is an optional set of key-value pairs that contain certain administrator-controlled labels for this region. It can be used by Gardener administrators/operators to provide additional information about a region, e.g. wrt quality, reliability, etc.
`accessRestrictions` AccessRestriction array	(Optional) AccessRestrictions describe a list of access restrictions that can be used for Shoots using this region.

ResourceData

(Appears on:ShootStateSpec)

ResourceData holds the data of a resource referred to by an extension controller state.

Field	Description
`kind` string	kind is the kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
`name` string	name is the name of the referent; More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
`apiVersion` string	(Optional) apiVersion is the API version of the referent
`data` RawExtension	Data of the resource

ResourceWatchCacheSize

(Appears on:WatchCacheSizes)

ResourceWatchCacheSize contains configuration of the API server's watch cache size for one specific resource.

Field	Description
`apiGroup` string	(Optional) APIGroup is the API group of the resource for which the watch cache size should be configured. An unset value is used to specify the legacy core API (e.g. for `secrets`).
`resource` string	Resource is the name of the resource for which the watch cache size should be configured (in lowercase plural form, e.g. `secrets`).
`size` integer	CacheSize specifies the watch cache size that should be configured for the specified resource.

SSHAccess

(Appears on:WorkersSettings)

SSHAccess contains settings regarding ssh access to the worker nodes.

Field	Description
`enabled` boolean	Enabled indicates whether the SSH access to the worker nodes is ensured to be enabled or disabled in systemd. Defaults to true.

SchedulingProfile

Underlying type: string

(Appears on:KubeSchedulerConfig)

SchedulingProfile is a string alias used for scheduling profile values.

SecretBinding

SecretBinding represents a binding to a secret in the same or another namespace. Deprecated: Use CredentialsBinding instead. See /docs/gardener/shoot-operations/secretbinding-to-credentialsbinding-migration/ for migration instructions.

Field	Description
`metadata` ObjectMeta	Refer to the Kubernetes API documentation for the fields of the `metadata` field.
`secretRef` SecretReference	SecretRef is a reference to a secret object in the same or another namespace. This field is immutable.
`quotas` ObjectReference array	(Optional) Quotas is a list of references to Quota objects in the same or another namespace. This field is immutable.
`provider` SecretBindingProvider	(Optional) Provider defines the provider type of the SecretBinding. This field is immutable.

SecretBindingProvider

(Appears on:SecretBinding)

SecretBindingProvider defines the provider type of the SecretBinding. Deprecated: Use CredentialsBindingProvider instead. See /docs/gardener/shoot-operations/secretbinding-to-credentialsbinding-migration/ for migration instructions.

Field	Description
`type` string	Type is the type of the provider. For backwards compatibility, the field can contain multiple providers separated by a comma. However the usage of single SecretBinding (hence Secret) for different cloud providers is strongly discouraged.

Seed

Seed represents an installation request for an external controller.

Field	Description
`metadata` ObjectMeta	Refer to the Kubernetes API documentation for the fields of the `metadata` field.
`spec` SeedSpec	Spec contains the specification of this installation.
`status` SeedStatus	Status contains the status of this installation.

SeedDNS

(Appears on:SeedSpec)

SeedDNS contains DNS-relevant information about this seed cluster.

Field	Description
`provider` SeedDNSProvider	(Optional) Provider configures a DNSProvider
`internal` SeedDNSProviderConfig	(Optional) Internal configures DNS settings related to seed internal domain.
`defaults` SeedDNSProviderConfig array	(Optional) Defaults configures DNS settings related to seed default domains. When determining the DNS settings for a Shoot, the first matching entry in this list will take precedence.

SeedDNSProvider

(Appears on:SeedDNS)

SeedDNSProvider configures a DNSProvider for Seeds

Field	Description
`type` string	Type describes the type of the dns-provider, for example `aws-route53`
`credentialsRef` ObjectReference	(Optional) CredentialsRef is a reference to a resource holding the credentials used for authentication with the DNS provider. Supported referenced resources are v1.Secrets and security.gardener.cloud/v1alpha1.WorkloadIdentity

SeedDNSProviderConfig

(Appears on:SeedDNS)

SeedDNSProviderConfig configures a DNS provider.

Field	Description
`type` string	Type is the type of the DNS provider.
`domain` string	Domain is the domain name to be used by the DNS provider.
`zone` string	(Optional) Zone is the zone where the DNS records are managed.
`credentialsRef` ObjectReference	CredentialsRef is a reference to a resource holding the credentials used for authentication with the DNS provider. Supported referenced resources are v1.Secrets and security.gardener.cloud/v1alpha1.WorkloadIdentity

SeedNetworks

(Appears on:SeedSpec)

SeedNetworks contains CIDRs for the pod, service and node networks of a Kubernetes cluster.

Field	Description
`nodes` string	(Optional) Nodes is the CIDR of the node network. This field is immutable.
`pods` string	Pods is the CIDR of the pod network. This field is immutable.
`services` string	Services is the CIDR of the service network. This field is immutable.
`shootDefaults` ShootNetworks	(Optional) ShootDefaults contains the default networks CIDRs for shoots.
`blockCIDRs` string array	(Optional) BlockCIDRs is a list of network addresses that should be blocked for shoot control plane components running in the seed cluster.
`ipFamilies` IPFamily array	(Optional) IPFamilies specifies the IP protocol versions to use for seed networking. This field is immutable. See https://github.com/gardener/gardener/blob/master/docs/development/ipv6.md. Defaults to ["IPv4"].

SeedProvider

(Appears on:SeedSpec)

SeedProvider defines the provider-specific information of this Seed cluster.

Field	Description
`type` string	Type is the name of the provider.
`providerConfig` RawExtension	(Optional) ProviderConfig is the configuration passed to Seed resource.
`region` string	Region is a name of a region.
`zones` string array	(Optional) Zones is the list of availability zones the seed cluster is deployed to.

SeedSelector

(Appears on:CloudProfileSpec, ExposureClassScheduling, ShootSpec)

SeedSelector contains constraints for selecting seed to be usable for shoots using a profile

Field	Description
`matchLabels` object (keys:string, values:string)	(Optional) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
`matchExpressions` LabelSelectorRequirement array	(Optional) matchExpressions is a list of label selector requirements. The requirements are ANDed.
`providerTypes` string array	(Optional) Providers is optional and can be used by restricting seeds by their provider type. '*' can be used to enable seeds regardless of their provider type.

SeedSettingDependencyWatchdog

(Appears on:SeedSettings)

SeedSettingDependencyWatchdog controls the dependency-watchdog settings for the seed.

Field	Description
`weeder` SeedSettingDependencyWatchdogWeeder	(Optional) Weeder controls the weeder settings for the dependency-watchdog for the seed.
`prober` SeedSettingDependencyWatchdogProber	(Optional) Prober controls the prober settings for the dependency-watchdog for the seed.

SeedSettingDependencyWatchdogProber

(Appears on:SeedSettingDependencyWatchdog)

SeedSettingDependencyWatchdogProber controls the prober settings for the dependency-watchdog for the seed.

Field	Description
`enabled` boolean	Enabled controls whether the probe controller(prober) of the dependency-watchdog should be enabled. This controller scales down the kube-controller-manager, machine-controller-manager and cluster-autoscaler of shoot clusters in case their respective kube-apiserver is not reachable via its external ingress in order to avoid melt-down situations.

SeedSettingDependencyWatchdogWeeder

(Appears on:SeedSettingDependencyWatchdog)

SeedSettingDependencyWatchdogWeeder controls the weeder settings for the dependency-watchdog for the seed.

Field	Description
`enabled` boolean	Enabled controls whether the endpoint controller(weeder) of the dependency-watchdog should be enabled. This controller helps to alleviate the delay where control plane components remain unavailable by finding the respective pods in CrashLoopBackoff status and restarting them once their dependants become ready and available again.

SeedSettingExcessCapacityReservation

(Appears on:SeedSettings)

SeedSettingExcessCapacityReservation controls the excess capacity reservation for shoot control planes in the seed.

Field	Description
`enabled` boolean	(Optional) Enabled controls whether the default excess capacity reservation should be enabled. When not specified, the functionality is enabled.
`configs` SeedSettingExcessCapacityReservationConfig array	(Optional) Configs configures excess capacity reservation deployments for shoot control planes in the seed.

SeedSettingExcessCapacityReservationConfig

(Appears on:SeedSettingExcessCapacityReservation)

SeedSettingExcessCapacityReservationConfig configures excess capacity reservation deployments for shoot control planes in the seed.

Field	Description
`nodeSelector` object (keys:string, values:string)	(Optional) NodeSelector specifies the node where the excess-capacity-reservation pod should run.
`tolerations` Toleration array	(Optional) Tolerations specify the tolerations for the the excess-capacity-reservation pod.

SeedSettingLoadBalancerServices

(Appears on:SeedSettings)

SeedSettingLoadBalancerServices controls certain settings for services of type load balancer that are created in the seed.

Field	Description
`annotations` object (keys:string, values:string)	(Optional) Annotations is a map of annotations that will be injected/merged into every load balancer service object.
`externalTrafficPolicy` ServiceExternalTrafficPolicy	(Optional) ExternalTrafficPolicy describes how nodes distribute service traffic they receive on one of the service's "externally-facing" addresses. Defaults to "Cluster".
`zones` SeedSettingLoadBalancerServicesZones array	(Optional) Zones controls settings, which are specific to the single-zone load balancers in a multi-zonal setup. Can be empty for single-zone seeds. Each specified zone has to relate to one of the zones in seed.spec.provider.zones.
`proxyProtocol` LoadBalancerServicesProxyProtocol	(Optional) ProxyProtocol controls whether ProxyProtocol is (optionally) allowed for the load balancer services. Defaults to nil, which is equivalent to not allowing ProxyProtocol.
`zonalIngress` SeedSettingLoadBalancerServicesZonalIngress	(Optional) ZonalIngress controls whether ingress gateways are deployed per availability zone. Defaults to true.
`class` string	(Optional) Class configures the Service.spec.loadBalancerClass field for the load balancer services on the seed. Note that changing the loadBalancerClass of existing LoadBalancer services is denied by Kubernetes.

SeedSettingLoadBalancerServicesZonalIngress

(Appears on:SeedSettingLoadBalancerServices)

SeedSettingLoadBalancerServicesZonalIngress controls the deployment of ingress gateways per availability zone.

Field	Description
`enabled` boolean	(Optional) Enabled controls whether seed ingress gateways are deployed in each availability zone. Defaults to true, which provisions an ingress gateway load balancer for each availability zone. When disabled, only a single ingress gateway is deployed. See https://github.com/gardener/gardener/blob/master/docs/operations/seed_settings.md#zonal-ingress.

SeedSettingLoadBalancerServicesZones

(Appears on:SeedSettingLoadBalancerServices)

SeedSettingLoadBalancerServicesZones controls settings, which are specific to the single-zone load balancers in a multi-zonal setup.

Field	Description
`name` string	Name is the name of the zone as specified in seed.spec.provider.zones.
`annotations` object (keys:string, values:string)	(Optional) Annotations is a map of annotations that will be injected/merged into the zone-specific load balancer service object.
`externalTrafficPolicy` ServiceExternalTrafficPolicy	(Optional) ExternalTrafficPolicy describes how nodes distribute service traffic they receive on one of the service's "externally-facing" addresses. Defaults to "Cluster".
`proxyProtocol` LoadBalancerServicesProxyProtocol	(Optional) ProxyProtocol controls whether ProxyProtocol is (optionally) allowed for the load balancer services. Defaults to nil, which is equivalent to not allowing ProxyProtocol.

SeedSettingScheduling

(Appears on:SeedSettings)

SeedSettingScheduling controls settings for scheduling decisions for the seed.

Field	Description
`visible` boolean	Visible controls whether the gardener-scheduler shall consider this seed when scheduling shoots. Invisible seeds are not considered by the scheduler.

SeedSettingTopologyAwareRouting

(Appears on:SeedSettings)

SeedSettingTopologyAwareRouting controls certain settings for topology-aware traffic routing in the seed. See https://github.com/gardener/gardener/blob/master/docs/operations/topology_aware_routing.md.

Field	Description
`enabled` boolean	Enabled controls whether certain Services deployed in the seed cluster should be topology-aware. These Services are etcd-main-client, etcd-events-client, kube-apiserver, gardener-resource-manager and vpa-webhook.

SeedSettingVerticalPodAutoscaler

(Appears on:SeedSettings)

SeedSettingVerticalPodAutoscaler controls certain settings for the vertical pod autoscaler components deployed in the seed.

Field	Description
`enabled` boolean	Enabled controls whether the VPA components shall be deployed into the garden namespace in the seed cluster. It is enabled by default because Gardener heavily relies on a VPA being deployed. You should only disable this if your seed cluster already has another, manually/custom managed VPA deployment.
`featureGates` object (keys:string, values:boolean)	(Optional) FeatureGates contains information about enabled feature gates.

SeedSettingZoneSelection

(Appears on:SeedSettings)

SeedSettingZoneSelection controls whether shoot control plane zone placement is derived from the shoot's worker pool zones rather than randomly selected from seed zones.

Field	Description
`mode` ZoneSelectionMode	Mode controls the zone selection behavior. "Prefer" tries to match worker pool zones to seed zones, falling back to random selection on mismatch. "Enforce" requires worker pool zones to be present in the seed's zone list; scheduling fails otherwise.

SeedSettings

(Appears on:SeedSpec)

SeedSettings contains certain settings for this seed cluster.

Field	Description
`excessCapacityReservation` SeedSettingExcessCapacityReservation	(Optional) ExcessCapacityReservation controls the excess capacity reservation for shoot control planes in the seed.
`scheduling` SeedSettingScheduling	(Optional) Scheduling controls settings for scheduling decisions for the seed.
`loadBalancerServices` SeedSettingLoadBalancerServices	(Optional) LoadBalancerServices controls certain settings for services of type load balancer that are created in the seed.
`verticalPodAutoscaler` SeedSettingVerticalPodAutoscaler	(Optional) VerticalPodAutoscaler controls certain settings for the vertical pod autoscaler components deployed in the seed.
`dependencyWatchdog` SeedSettingDependencyWatchdog	(Optional) DependencyWatchdog controls certain settings for the dependency-watchdog components deployed in the seed.
`topologyAwareRouting` SeedSettingTopologyAwareRouting	(Optional) TopologyAwareRouting controls certain settings for topology-aware traffic routing in the seed. See https://github.com/gardener/gardener/blob/master/docs/operations/topology_aware_routing.md.
`zoneSelection` SeedSettingZoneSelection	(Optional) ZoneSelection controls whether shoot control plane zone placement is derived from the shoot's worker pool zones rather than randomly selected from seed zones. See https://github.com/gardener/gardener/blob/master/docs/operations/seed_settings.md#zone-selection.

SeedSpec

(Appears on:Seed, SeedTemplate)

SeedSpec is the specification of a Seed.

Field	Description
`backup` Backup	(Optional) Backup holds the object store configuration for the backups of shoot (currently only etcd). If it is not specified, then there won't be any backups taken for shoots associated with this seed. If backup field is present in seed, then backups of the etcd from shoot control plane will be stored under the configured object store.
`dns` SeedDNS	DNS contains DNS-relevant information about this seed cluster.
`networks` SeedNetworks	Networks defines the pod, service and worker network of the Seed cluster.
`provider` SeedProvider	Provider defines the provider type and region for this Seed cluster.
`taints` SeedTaint array	(Optional) Taints describes taints on the seed.
`volume` SeedVolume	(Optional) Volume contains settings for persistentvolumes created in the seed cluster.
`settings` SeedSettings	(Optional) Settings contains certain settings for this seed cluster.
`ingress` Ingress	(Optional) Ingress configures Ingress specific settings of the Seed cluster. This field is immutable.
`accessRestrictions` AccessRestriction array	(Optional) AccessRestrictions describe a list of access restrictions for this seed cluster.
`extensions` Extension array	(Optional) Extensions contain type and provider information for Seed extensions.
`resources` NamedResourceReference array	(Optional) Resources holds a list of named resource references that can be referred to in extension configs by their names.

SeedStatus

(Appears on:Seed)

SeedStatus is the status of a Seed.

Field	Description
`gardener` Gardener	(Optional) Gardener holds information about the Gardener which last acted on the Shoot.
`kubernetesVersion` string	(Optional) KubernetesVersion is the Kubernetes version of the seed cluster.
`conditions` Condition array	(Optional) Conditions represents the latest available observations of a Seed's current state.
`observedGeneration` integer	(Optional) ObservedGeneration is the most recent generation observed for this Seed. It corresponds to the Seed's generation, which is updated on mutation by the API Server.
`clusterIdentity` string	(Optional) ClusterIdentity is the identity of the Seed cluster. This field is immutable.
`clientCertificateExpirationTimestamp` Time	(Optional) ClientCertificateExpirationTimestamp is the timestamp at which gardenlet's client certificate expires.
`lastOperation` LastOperation	(Optional) LastOperation holds information about the last operation on the Seed.

SeedTaint

(Appears on:SeedSpec)

SeedTaint describes a taint on a seed.

Field	Description
`key` string	Key is the taint key to be applied to a seed.
`value` string	(Optional) Value is the taint value corresponding to the taint key.

SeedTemplate

SeedTemplate is a template for creating a Seed object.

Field	Description
`metadata` ObjectMeta	Refer to the Kubernetes API documentation for the fields of the `metadata` field.
`spec` SeedSpec	(Optional) Specification of the desired behavior of the Seed.

SeedVolume

(Appears on:SeedSpec)

SeedVolume contains settings for persistentvolumes created in the seed cluster.

Field	Description
`minimumSize` Quantity	(Optional) MinimumSize defines the minimum size that should be used for PVCs in the seed.
`providers` SeedVolumeProvider array	(Optional) Providers is a list of storage class provisioner types for the seed.

SeedVolumeProvider

(Appears on:SeedVolume)

SeedVolumeProvider is a storage class provisioner type.

Field	Description
`purpose` string	Purpose is the purpose of this provider.
`name` string	Name is the name of the storage class provisioner type.

ServiceAccountConfig

(Appears on:KubeAPIServerConfig)

ServiceAccountConfig is the kube-apiserver configuration for service accounts.

Field	Description
`issuer` string	(Optional) Issuer is the identifier of the service account token issuer. The issuer will assert this identifier in "iss" claim of issued tokens. This value is used to generate new service account tokens. This value is a string or URI. Defaults to URI of the API server.
`extendTokenExpiration` boolean	(Optional) ExtendTokenExpiration turns on projected service account expiration extension during token generation, which helps safe transition from legacy token to bound service account token feature. If this flag is enabled, admission injected tokens would be extended up to 1 year to prevent unexpected failure during transition, ignoring value of service-account-max-token-expiration.
`maxTokenExpiration` Duration	(Optional) MaxTokenExpiration is the maximum validity duration of a token created by the service account token issuer. If an otherwise valid TokenRequest with a validity duration larger than this value is requested, a token will be issued with a validity duration of this value. This field must be within [30d,90d].
`acceptedIssuers` string array	(Optional) AcceptedIssuers is an additional set of issuers that are used to determine which service account tokens are accepted. These values are not used to generate new service account tokens. Only useful when service account tokens are also issued by another external system or a change of the current issuer that is used for generating tokens is being performed.

ServiceAccountKeyRotation

(Appears on:ShootCredentialsRotation)

ServiceAccountKeyRotation contains information about the service account key credential rotation.

Field	Description
`phase` CredentialsRotationPhase	Phase describes the phase of the service account key credential rotation.
`lastCompletionTime` Time	(Optional) LastCompletionTime is the most recent time when the service account key credential rotation was successfully completed.
`lastInitiationTime` Time	(Optional) LastInitiationTime is the most recent time when the service account key credential rotation was initiated.
`lastInitiationFinishedTime` Time	(Optional) LastInitiationFinishedTime is the recent time when the service account key credential rotation initiation was completed.
`lastCompletionTriggeredTime` Time	(Optional) LastCompletionTriggeredTime is the recent time when the service account key credential rotation completion was triggered.
`pendingWorkersRollouts` PendingWorkersRollout array	(Optional) PendingWorkersRollouts contains the name of a worker pool and the initiation time of their last rollout due to credentials rotation.

Shoot

Shoot represents a Shoot cluster created and managed by Gardener.

Field	Description
`metadata` ObjectMeta	Refer to the Kubernetes API documentation for the fields of the `metadata` field.
`spec` ShootSpec	(Optional) Specification of the Shoot cluster. If the object's deletion timestamp is set, this field is immutable.
`status` ShootStatus	(Optional) Most recently observed status of the Shoot cluster.

ShootAdvertisedAddress

(Appears on:ShootStatus)

ShootAdvertisedAddress contains information for the shoot's Kube API server.

Field	Description
`name` string	Name of the advertised address. e.g. external
`url` string	The URL of the API Server. e.g. https://api.foo.bar or https://1.2.3.4
`application` string	(Optional) Application is the name of the application this address belongs to. Used by UI clients.

ShootCredentials

(Appears on:ShootStatus)

ShootCredentials contains information about the shoot credentials.

Field	Description
`rotation` ShootCredentialsRotation	(Optional) Rotation contains information about the credential rotations.
`encryptionAtRest` EncryptionAtRest	(Optional) EncryptionAtRest contains information about Shoot data encryption at rest.

ShootCredentialsRotation

(Appears on:ShootCredentials)

ShootCredentialsRotation contains information about the rotation of credentials.

Field	Description
`certificateAuthorities` CARotation	(Optional) CertificateAuthorities contains information about the certificate authority credential rotation.
`sshKeypair` ShootSSHKeypairRotation	(Optional) SSHKeypair contains information about the ssh-keypair credential rotation.
`observability` ObservabilityRotation	(Optional) Observability contains information about the observability credential rotation.
`serviceAccountKey` ServiceAccountKeyRotation	(Optional) ServiceAccountKey contains information about the service account key credential rotation.
`etcdEncryptionKey` ETCDEncryptionKeyRotation	(Optional) ETCDEncryptionKey contains information about the ETCD encryption key credential rotation.

ShootKubeconfigRotation

ShootKubeconfigRotation contains information about the kubeconfig credential rotation.

Field	Description
`lastInitiationTime` Time	(Optional) LastInitiationTime is the most recent time when the kubeconfig credential rotation was initiated.
`lastCompletionTime` Time	(Optional) LastCompletionTime is the most recent time when the kubeconfig credential rotation was successfully completed.

ShootMachineImage

(Appears on:Machine)

ShootMachineImage defines the name and the version of the shoot's machine image in any environment. Has to be defined in the respective CloudProfile.

Field	Description
`name` string	Name is the name of the image.
`providerConfig` RawExtension	(Optional) ProviderConfig is the shoot's individual configuration passed to an extension resource.
`version` string	(Optional) Version is the version of the shoot's image. If version is not provided, it will be defaulted to the latest version from the CloudProfile.

ShootNetworks

(Appears on:SeedNetworks)

ShootNetworks contains the default networks CIDRs for shoots.

Field	Description
`pods` string	(Optional) Pods is the CIDR of the pod network.
`services` string	(Optional) Services is the CIDR of the service network.

ShootPurpose

Underlying type: string

(Appears on:ShootSpec)

ShootPurpose is a type alias for string.

ShootSSHKeypairRotation

(Appears on:ShootCredentialsRotation)

ShootSSHKeypairRotation contains information about the ssh-keypair credential rotation.

Field	Description
`lastInitiationTime` Time	(Optional) LastInitiationTime is the most recent time when the ssh-keypair credential rotation was initiated.
`lastCompletionTime` Time	(Optional) LastCompletionTime is the most recent time when the ssh-keypair credential rotation was successfully completed.

ShootSpec

(Appears on:Shoot, ShootTemplate)

ShootSpec is the specification of a Shoot.

Field	Description
`addons` Addons	(Optional) Addons contains information about enabled/disabled addons and their configuration. Deprecated: This field is deprecated. Enabling addons will be forbidden starting from Kubernetes 1.35.
`cloudProfileName` string	(Optional) CloudProfileName is a name of a CloudProfile object. Deprecated: This field will be removed in a future version of Gardener. Use `CloudProfile` instead. Until Kubernetes v1.33, this field is synced with the `CloudProfile` field. Starting with Kubernetes v1.34, this field is set to empty string and must not be provided anymore.
`dns` DNS	(Optional) DNS contains information about the DNS settings of the Shoot.
`extensions` Extension array	(Optional) Extensions contain type and provider information for Shoot extensions.
`hibernation` Hibernation	(Optional) Hibernation contains information whether the Shoot is suspended or not.
`kubernetes` Kubernetes	Kubernetes contains the version and configuration settings of the control plane components.
`networking` Networking	(Optional) Networking contains information about cluster networking such as CNI Plugin type, CIDRs, ...etc.
`maintenance` Maintenance	(Optional) Maintenance contains information about the time window for maintenance operations and which operations should be performed.
`monitoring` Monitoring	(Optional) Monitoring contains information about custom monitoring configurations for the shoot.
`provider` Provider	Provider contains all provider-specific and provider-relevant information.
`purpose` ShootPurpose	(Optional) Purpose is the purpose class for this cluster.
`region` string	Region is a name of a region. This field is immutable.
`secretBindingName` string	(Optional) SecretBindingName is the name of a SecretBinding that has a reference to the provider secret. The credentials inside the provider secret will be used to create the shoot in the respective account. The field is mutually exclusive with CredentialsBindingName. This field is immutable. Deprecated: Use CredentialsBindingName instead. See https://github.com/gardener/gardener/blob/master/docs/usage/shoot-operations/secretbinding-to-credentialsbinding-migration.md for migration instructions.
`seedName` string	(Optional) SeedName is the name of the seed cluster that runs the control plane of the Shoot.
`seedSelector` SeedSelector	(Optional) SeedSelector is an optional selector which must match a seed's labels for the shoot to be scheduled on that seed. Once the shoot is assigned to a seed, the selector can only be changed later if the new one still matches the assigned seed.
`resources` NamedResourceReference array	(Optional) Resources holds a list of named resource references that can be referred to in extension configs by their names.
`tolerations` Toleration array	(Optional) Tolerations contains the tolerations for taints on seed clusters.
`exposureClassName` string	(Optional) ExposureClassName is the optional name of an exposure class to apply a control plane endpoint exposure strategy.
`systemComponents` SystemComponents	(Optional) SystemComponents contains the settings of system components in the control or data plane of the Shoot cluster.
`controlPlane` ControlPlane	(Optional) ControlPlane contains general settings for the control plane of the shoot.
`schedulerName` string	(Optional) SchedulerName is the name of the responsible scheduler which schedules the shoot. If not specified, the default scheduler takes over. This field is immutable.
`cloudProfile` CloudProfileReference	(Optional) CloudProfile contains a reference to a CloudProfile or a NamespacedCloudProfile.
`credentialsBindingName` string	(Optional) CredentialsBindingName is the name of a CredentialsBinding that has a reference to the provider credentials. The credentials will be used to create the shoot in the respective account. The field is mutually exclusive with SecretBindingName.
`accessRestrictions` AccessRestrictionWithOptions array	(Optional) AccessRestrictions describe a list of access restrictions for this shoot cluster.

ShootState

ShootState contains a snapshot of the Shoot's state required to migrate the Shoot's control plane to a new Seed.

Field	Description
`metadata` ObjectMeta	Refer to the Kubernetes API documentation for the fields of the `metadata` field.
`spec` ShootStateSpec	(Optional) Specification of the ShootState.

ShootStateSpec

(Appears on:ShootState)

ShootStateSpec is the specification of the ShootState.

Field	Description
`gardener` GardenerResourceData array	(Optional) Gardener holds the data required to generate resources deployed by the gardenlet
`extensions` ExtensionResourceState array	(Optional) Extensions holds the state of custom resources reconciled by extension controllers in the seed
`resources` ResourceData array	(Optional) Resources holds the data of resources referred to by extension controller states

ShootStatus

(Appears on:Shoot)

ShootStatus holds the most recently observed status of the Shoot cluster.

Field	Description
`conditions` Condition array	(Optional) Conditions represents the latest available observations of a Shoots's current state.
`constraints` Condition array	(Optional) Constraints represents conditions of a Shoot's current state that constraint some operations on it.
`gardener` Gardener	Gardener holds information about the Gardener which last acted on the Shoot.
`hibernated` boolean	IsHibernated indicates whether the Shoot is currently hibernated.
`lastOperation` LastOperation	(Optional) LastOperation holds information about the last operation on the Shoot.
`lastErrors` LastError array	(Optional) LastErrors holds information about the last occurred error(s) during an operation.
`observedGeneration` integer	(Optional) ObservedGeneration is the most recent generation observed for this Shoot. It corresponds to the Shoot's generation, which is updated on mutation by the API Server.
`retryCycleStartTime` Time	(Optional) RetryCycleStartTime is the start time of the last retry cycle (used to determine how often an operation must be retried until we give up).
`seedName` string	(Optional) SeedName is the name of the seed cluster that runs the control plane of the Shoot. This value is only written after a successful create/reconcile operation. It will be used when control planes are moved between Seeds.
`technicalID` string	TechnicalID is a unique technical ID for this Shoot. It is used for the infrastructure resources, and basically everything that is related to this particular Shoot. For regular shoot clusters, this is also the name of the namespace in the seed cluster running the shoot's control plane. This field is immutable.
`uid` UID	UID is a unique identifier for the Shoot cluster to avoid portability between Kubernetes clusters. It is used to compute unique hashes. This field is immutable.
`clusterIdentity` string	(Optional) ClusterIdentity is the identity of the Shoot cluster. This field is immutable.
`advertisedAddresses` ShootAdvertisedAddress array	(Optional) List of addresses that are relevant to the shoot. These include the Kube API server address and also the service account issuer.
`migrationStartTime` Time	(Optional) MigrationStartTime is the time when a migration to a different seed was initiated.
`credentials` ShootCredentials	(Optional) Credentials contains information about the shoot credentials.
`lastHibernationTriggerTime` Time	(Optional) LastHibernationTriggerTime indicates the last time when the hibernation controller managed to change the hibernation settings of the cluster
`lastMaintenance` LastMaintenance	(Optional) LastMaintenance holds information about the last maintenance operations on the Shoot.
`networking` NetworkingStatus	(Optional) Networking contains information about cluster networking such as CIDRs.
`inPlaceUpdates` InPlaceUpdatesStatus	(Optional) InPlaceUpdates contains information about in-place updates for the Shoot workers.
`manualWorkerPoolRollout` ManualWorkerPoolRollout	(Optional) ManualWorkerPoolRollout contains information about the worker pool rollout progress.

ShootTemplate

ShootTemplate is a template for creating a Shoot object.

Field	Description
`metadata` ObjectMeta	Refer to the Kubernetes API documentation for the fields of the `metadata` field.
`spec` ShootSpec	(Optional) Specification of the desired behavior of the Shoot.

StructuredAuthentication

(Appears on:KubeAPIServerConfig)

StructuredAuthentication contains authentication config for kube-apiserver.

Field	Description
`configMapName` string	ConfigMapName is the name of the ConfigMap in the project namespace which contains AuthenticationConfiguration for the kube-apiserver.

StructuredAuthorization

(Appears on:KubeAPIServerConfig)

StructuredAuthorization contains authorization config for kube-apiserver.

Field	Description
`configMapName` string	ConfigMapName is the name of the ConfigMap in the project namespace which contains AuthorizationConfiguration for the kube-apiserver.
`kubeconfigs` AuthorizerKubeconfigReference array	Kubeconfigs is a list of references for kubeconfigs for the authorization webhooks.

SwapBehavior

Underlying type: string

(Appears on:MemorySwapConfiguration)

SwapBehavior configures swap memory available to container workloads

SystemComponents

(Appears on:ShootSpec)

SystemComponents contains the settings of system components in the control or data plane of the Shoot cluster.

Field	Description
`coreDNS` CoreDNS	(Optional) CoreDNS contains the settings of the Core DNS components running in the data plane of the Shoot cluster.
`nodeLocalDNS` NodeLocalDNS	(Optional) NodeLocalDNS contains the settings of the node local DNS components running in the data plane of the Shoot cluster.

Toleration

(Appears on:ExposureClassScheduling, ProjectTolerations, ShootSpec)

Toleration is a toleration for a seed taint.

Field	Description
`key` string	Key is the toleration key to be applied to a project or shoot.
`value` string	(Optional) Value is the toleration value corresponding to the toleration key.

VersionClassification

Underlying type: string

(Appears on:ExpirableVersion, ExpirableVersionStatus, LifecycleStage, MachineImageVersion)

VersionClassification is the logical state of a version.

VerticalPodAutoscaler

(Appears on:Kubernetes)

VerticalPodAutoscaler contains the configuration flags for the Kubernetes vertical pod autoscaler.

Field	Description
`enabled` boolean	Enabled specifies whether the Kubernetes VPA shall be enabled for the shoot cluster.
`evictAfterOOMThreshold` Duration	(Optional) EvictAfterOOMThreshold defines the threshold that will lead to pod eviction in case it OOMed in less than the given threshold since its start and if it has only one container (default: 10m0s).
`evictionRateBurst` integer	(Optional) EvictionRateBurst defines the burst of pods that can be evicted (default: 1)
`evictionRateLimit` float	(Optional) EvictionRateLimit defines the number of pods that can be evicted per second. A rate limit set to 0 or -1 will disable the rate limiter (default: -1).
`evictionTolerance` float	(Optional) EvictionTolerance defines the fraction of replica count that can be evicted for update in case more than one pod can be evicted (default: 0.5).
`recommendationMarginFraction` float	(Optional) RecommendationMarginFraction is the fraction of usage added as the safety margin to the recommended request (default: 0.15).
`updaterInterval` Duration	(Optional) UpdaterInterval is the interval how often the updater should run (default: 1m0s).
`recommenderInterval` Duration	(Optional) RecommenderInterval is the interval how often metrics should be fetched (default: 1m0s).
`targetCPUPercentile` float	(Optional) TargetCPUPercentile is the usage percentile that will be used as a base for CPU target recommendation. Doesn't affect CPU lower bound, CPU upper bound nor memory recommendations. (default: 0.9)
`recommendationLowerBoundCPUPercentile` float	(Optional) RecommendationLowerBoundCPUPercentile is the usage percentile that will be used for the lower bound on CPU recommendation. (default: 0.5)
`recommendationUpperBoundCPUPercentile` float	(Optional) RecommendationUpperBoundCPUPercentile is the usage percentile that will be used for the upper bound on CPU recommendation. (default: 0.95)
`targetMemoryPercentile` float	(Optional) TargetMemoryPercentile is the usage percentile that will be used as a base for memory target recommendation. Doesn't affect memory lower bound nor memory upper bound. (default: 0.9)
`recommendationLowerBoundMemoryPercentile` float	(Optional) RecommendationLowerBoundMemoryPercentile is the usage percentile that will be used for the lower bound on memory recommendation. (default: 0.5)
`recommendationUpperBoundMemoryPercentile` float	(Optional) RecommendationUpperBoundMemoryPercentile is the usage percentile that will be used for the upper bound on memory recommendation. (default: 0.95)
`cpuHistogramDecayHalfLife` Duration	(Optional) CPUHistogramDecayHalfLife is the amount of time it takes a historical CPU usage sample to lose half of its weight. (default: 24h)
`memoryHistogramDecayHalfLife` Duration	(Optional) MemoryHistogramDecayHalfLife is the amount of time it takes a historical memory usage sample to lose half of its weight. (default: 24h)
`memoryAggregationInterval` Duration	(Optional) MemoryAggregationInterval is the length of a single interval, for which the peak memory usage is computed. (default: 24h)
`memoryAggregationIntervalCount` integer	(Optional) MemoryAggregationIntervalCount is the number of consecutive memory-aggregation-intervals which make up the MemoryAggregationWindowLength which in turn is the period for memory usage aggregation by VPA. In other words, `MemoryAggregationWindowLength = memory-aggregation-interval * memory-aggregation-interval-count`. (default: 8)
`featureGates` object (keys:string, values:boolean)	(Optional) FeatureGates contains information about enabled feature gates.
`recommenderUpdateWorkerCount` integer	(Optional) RecommenderUpdateWorkerCount is the number of workers used in the vpa-recommender for updating VPAs and VPACheckpoints in parallel. (default: 10)

Volume

(Appears on:Worker)

Volume contains information about the volume type, size, and encryption.

Field	Description
`name` string	(Optional) Name of the volume to make it referenceable.
`type` string	(Optional) Type is the type of the volume.
`size` string	VolumeSize is the size of the volume.
`encrypted` boolean	(Optional) Encrypted determines if the volume should be encrypted.

VolumeType

(Appears on:CloudProfileSpec, NamespacedCloudProfileSpec)

VolumeType contains certain properties of a volume type.

Field	Description
`class` string	Class is the class of the volume type.
`name` string	Name is the name of the volume type.
`usable` boolean	(Optional) Usable defines if the volume type can be used for shoot clusters.
`minSize` Quantity	(Optional) MinSize is the minimal supported storage size.

WatchCacheSizes

(Appears on:KubeAPIServerConfig)

WatchCacheSizes contains configuration of the API server's watch cache sizes.

Field	Description
`default` integer	(Optional) Default is not respected anymore by kube-apiserver. The cache is sized automatically. Deprecated: This field is deprecated. Setting the default cache size will be forbidden starting from Kubernetes 1.35.
`resources` ResourceWatchCacheSize array	(Optional) Resources configures the watch cache size of the kube-apiserver per resource (flag `--watch-cache-sizes`). See: https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/

Worker

(Appears on:Provider)

Worker is the base definition of a worker group.

Field	Description
`annotations` object (keys:string, values:string)	(Optional) Annotations is a map of key/value pairs for annotations for all the `Node` objects in this worker pool.
`caBundle` string	(Optional) CABundle is a certificate bundle which will be installed onto every machine of this worker pool.
`cri` CRI	(Optional) CRI contains configurations of CRI support of every machine in the worker pool. Defaults to a CRI with name `containerd`.
`kubernetes` WorkerKubernetes	(Optional) Kubernetes contains configuration for Kubernetes components related to this worker pool.
`labels` object (keys:string, values:string)	(Optional) Labels is a map of key/value pairs for labels for all the `Node` objects in this worker pool.
`name` string	Name is the name of the worker group.
`machine` Machine	Machine contains information about the machine type and image.
`maximum` integer	Maximum is the maximum number of machines to create. This value is divided by the number of configured zones for a fair distribution.
`minimum` integer	Minimum is the minimum number of machines to create. This value is divided by the number of configured zones for a fair distribution.
`maxSurge` IntOrString	(Optional) MaxSurge is maximum number of machines that are created during an update. This value is divided by the number of configured zones for a fair distribution. Defaults to 0 in case of an in-place update. Defaults to 1 in case of a rolling update.
`maxUnavailable` IntOrString	(Optional) MaxUnavailable is the maximum number of machines that can be unavailable during an update. This value is divided by the number of configured zones for a fair distribution. Defaults to 1 in case of an in-place update. Defaults to 0 in case of a rolling update.
`providerConfig` RawExtension	(Optional) ProviderConfig is the provider-specific configuration for this worker pool.
`taints` Taint array	(Optional) Taints is a list of taints for all the `Node` objects in this worker pool.
`volume` Volume	(Optional) Volume contains information about the volume type and size.
`dataVolumes` DataVolume array	(Optional) DataVolumes contains a list of additional worker volumes.
`kubeletDataVolumeName` string	(Optional) KubeletDataVolumeName contains the name of a dataVolume that should be used for storing kubelet state.
`zones` string array	(Optional) Zones is a list of availability zones that are used to evenly distribute this worker pool. Optional as not every provider may support availability zones.
`systemComponents` WorkerSystemComponents	(Optional) SystemComponents contains configuration for system components related to this worker pool
`machineControllerManager` MachineControllerManagerSettings	(Optional) MachineControllerManagerSettings contains configurations for different worker-pools. Eg. MachineDrainTimeout, MachineHealthTimeout.
`sysctls` object (keys:string, values:string)	(Optional) Sysctls is a map of kernel settings to apply on all machines in this worker pool.
`clusterAutoscaler` ClusterAutoscalerOptions	(Optional) ClusterAutoscaler contains the cluster autoscaler configurations for the worker pool.
`priority` integer	(Optional) Priority (or weight) is the importance by which this worker group will be scaled by cluster autoscaling.
`updateStrategy` MachineUpdateStrategy	(Optional) UpdateStrategy specifies the machine update strategy for the worker pool.
`controlPlane` WorkerControlPlane	(Optional) ControlPlane specifies that the shoot cluster control plane components should be running in this worker pool. This is only relevant for self-hosted shoot clusters.

WorkerControlPlane

(Appears on:Worker)

WorkerControlPlane specifies that the shoot cluster control plane components should be running in this worker pool.

Field	Description
`backup` Backup	(Optional) Backup holds the object store configuration for the backups of shoot (currently only etcd). If it is not specified, then there won't be any backups taken.
`exposure` Exposure	(Optional) Exposure holds the exposure configuration for the shoot (either `extension` or `dns` or omitted/empty).

WorkerKubernetes

(Appears on:Worker)

WorkerKubernetes contains configuration for Kubernetes components related to this worker pool.

Field	Description
`kubelet` KubeletConfig	(Optional) Kubelet contains configuration settings for all kubelets of this worker pool. If set, all `spec.kubernetes.kubelet` settings will be overwritten for this worker pool (no merge of settings).
`version` string	(Optional) Version is the semantic Kubernetes version to use for the Kubelet in this Worker Group. If not specified the kubelet version is derived from the global shoot cluster kubernetes version. version must be equal or lower than the version of the shoot kubernetes version. Only one minor version difference to other worker groups and global kubernetes version is allowed.

WorkerSystemComponents

(Appears on:Worker)

WorkerSystemComponents contains configuration for system components related to this worker pool

Field	Description
`allow` boolean	Allow determines whether the pool should be allowed to host system components or not (defaults to true)

WorkersSettings

(Appears on:Provider)

WorkersSettings contains settings for all workers.

Field	Description
`sshAccess` SSHAccess	(Optional) SSHAccess contains settings regarding ssh access to the worker nodes.

ZoneSelectionMode

Underlying type: string

(Appears on:SeedSettingZoneSelection)

ZoneSelectionMode is the mode for zone selection.

Resources

Provider Alibaba Cloud

Tutorials

Provider AWS

Tutorials

Provider Azure

Tutorials

Provider Equinix Metal

Provider GCP

Tutorials

Provider OpenStack

CoreOS/FlatCar OS

SUSE CHost OS

Ubuntu OS

Calico CNI

Cilium CNI

Kubernetes Auditing

Api Reference

Registry Cache

Registry cache

Registry mirror

Certificate Services

Tutorials

DNS Services

Tutorials

Workloadidentity

Lakom Service

Egress Filtering

Networking Problem Detector

OpenID Connect Services

Node Audit Logging

Concepts

Deployment

Concepts

Deployment

Getting started locally

Proposals

Documents

Proposals

To-Do

Style Guide

Core ​

core.gardener.cloud/v1beta1

APIServerLogging

APIServerRequests

AccessRestriction

AccessRestrictionWithOptions

Addon

Addons

AdmissionPlugin

Alerting

AuditConfig

AuditPolicy

AuthorizerKubeconfigReference

AvailabilityZone

Backup

BackupBucket

BackupBucketProvider

BackupBucketSpec

BackupBucketStatus

BackupEntry

BackupEntrySpec

BackupEntryStatus

Bastion

BastionMachineImage

BastionMachineType

CARotation

CRI

CRIName

Capabilities

CapabilityDefinition

CapabilityValues

CloudProfile

CloudProfileMachineControllerManagerSettings

CloudProfileReference

CloudProfileSpec

CloudProfileStatus

ClusterAutoscaler

ClusterAutoscalerOptions

ClusterType

Core