Operator ​
Packages:
operator.gardener.cloud/v1alpha1
Resource Types:
AdmissionDeploymentSpec
(Appears on:Deployment)
AdmissionDeploymentSpec contains the deployment specification for the admission controller of an extension.
| Field | Description |
|---|---|
runtimeCluster
DeploymentSpec
|
(Optional)
RuntimeCluster is the deployment configuration for the admission in the runtime cluster. The runtime deployment |
virtualCluster
DeploymentSpec
|
(Optional)
VirtualCluster is the deployment configuration for the admission deployment in the garden cluster. The garden deployment |
values
JSON
|
(Optional)
Values are the deployment values. The values will be applied to both admission deployments. |
AuditWebhook
(Appears on:GardenerAPIServerConfig, KubeAPIServerConfig)
AuditWebhook contains settings related to an audit webhook configuration.
| Field | Description |
|---|---|
batchMaxSize
integer
|
(Optional)
BatchMaxSize is the maximum size of a batch. |
kubeconfigSecretName
string
|
KubeconfigSecretName specifies the name of a secret containing the kubeconfig for this webhook. |
version
string
|
(Optional)
Version is the API version to send and expect from the webhook. |
Authentication
(Appears on:KubeAPIServerConfig)
Authentication contains settings related to authentication.
| Field | Description |
|---|---|
webhook
AuthenticationWebhook
|
(Optional)
Webhook contains settings related to an authentication webhook configuration. |
AuthenticationWebhook
(Appears on:Authentication)
AuthenticationWebhook contains settings related to an authentication webhook configuration.
| Field | Description |
|---|---|
cacheTTL
Duration
|
(Optional)
CacheTTL is the duration to cache responses from the webhook authenticator. |
kubeconfigSecretName
string
|
KubeconfigSecretName specifies the name of a secret containing the kubeconfig for this webhook. |
version
string
|
(Optional)
Version is the API version to send and expect from the webhook. |
Backup
(Appears on:ETCDMain)
Backup contains the object store configuration for backups for the virtual garden etcd.
| Field | Description |
|---|---|
provider
string
|
Provider is a provider name. This field is immutable. |
bucketName
string
|
(Optional)
BucketName is the name of the backup bucket. If not provided, gardener-operator attempts to manage a new bucket. |
providerConfig
RawExtension
|
(Optional)
ProviderConfig is the provider-specific configuration passed to BackupBucket resource. |
region
string
|
(Optional)
Region is a region name. If undefined, the provider region is used. This field is immutable. |
secretRef
LocalObjectReference
|
SecretRef is a reference to a Secret object containing the cloud provider credentials for the object store where |
ControlPlane
(Appears on:VirtualCluster)
ControlPlane holds information about the general settings for the control plane of the virtual garden cluster.
| Field | Description |
|---|---|
highAvailability
HighAvailability
|
(Optional)
HighAvailability holds the configuration settings for high availability settings. |
Credentials
(Appears on:GardenStatus)
Credentials contains information about the virtual garden cluster credentials.
| Field | Description |
|---|---|
rotation
CredentialsRotation
|
(Optional)
Rotation contains information about the credential rotations. |
encryptionAtRest
EncryptionAtRest
|
(Optional)
EncryptionAtRest contains information about garden data encryption at rest. |
CredentialsRotation
(Appears on:Credentials)
CredentialsRotation contains information about the rotation of credentials.
| Field | Description |
|---|---|
certificateAuthorities
CARotation
|
(Optional)
CertificateAuthorities contains information about the certificate authority credential rotation. |
serviceAccountKey
ServiceAccountKeyRotation
|
(Optional)
ServiceAccountKey contains information about the service account key credential rotation. |
etcdEncryptionKey
ETCDEncryptionKeyRotation
|
(Optional)
ETCDEncryptionKey contains information about the ETCD encryption key credential rotation. |
observability
ObservabilityRotation
|
(Optional)
Observability contains information about the observability credential rotation. |
workloadIdentityKey
WorkloadIdentityKeyRotation
|
(Optional)
WorkloadIdentityKey contains information about the workload identity key credential rotation. |
DNS
(Appears on:VirtualCluster)
DNS holds information about DNS settings.
| Field | Description |
|---|---|
domains
DNSDomain array
|
Domains are the external domains of the virtual garden cluster. |
DNSDomain
(Appears on:DNS, GardenerDiscoveryServerConfig, Ingress)
DNSDomain defines a DNS domain with optional provider.
| Field | Description |
|---|---|
name
string
|
Name is the domain name. |
provider
string
|
(Optional)
Provider is the name of the DNS provider as declared in the '.spec.dns.providers' section. |
DNSManagement
(Appears on:GardenSpec)
DNSManagement contains specifications of DNS providers.
| Field | Description |
|---|---|
providers
DNSProvider array
|
Providers is a list of DNS providers. |
DNSProvider
(Appears on:DNSManagement)
DNSProvider contains the configuration for a DNS provider.
| Field | Description |
|---|---|
name
string
|
Name is the name of the DNS provider. |
type
string
|
Type is the type of the DNS provider. |
providerConfig
RawExtension
|
(Optional)
Config is the provider-specific configuration passed to DNSRecord resources. |
secretRef
LocalObjectReference
|
SecretRef is a reference to a Secret object containing the DNS provider credentials. |
DashboardGitHub
(Appears on:GardenerDashboardConfig)
DashboardGitHub contains configuration for the GitHub ticketing feature.
| Field | Description |
|---|---|
apiURL
string
|
APIURL is the URL to the GitHub API. |
organisation
string
|
Organisation is the name of the GitHub organisation. |
repository
string
|
Repository is the name of the GitHub repository. |
secretRef
LocalObjectReference
|
SecretRef is the reference to a secret in the garden namespace containing the GitHub credentials. |
pollInterval
Duration
|
(Optional)
PollInterval is the interval of how often the GitHub API is polled for issue updates. This field is used as a |
DashboardIngress
(Appears on:GardenerDashboardConfig)
DashboardIngress contains configuration for the dashboard ingress resource.
| Field | Description |
|---|---|
enabled
boolean
|
(Optional)
Enabled controls whether the Dashboard Ingress resource will be deployed to the cluster. |
DashboardOIDC
(Appears on:GardenerDashboardConfig)
DashboardOIDC contains configuration for the OIDC settings.
| Field | Description |
|---|---|
clientIDPublic
string
|
(Optional)
ClientIDPublic is the public client ID. |
issuerURL
string
|
(Optional)
The URL of the OpenID issuer, only HTTPS scheme will be accepted. Used to verify the OIDC JSON Web Token (JWT). |
sessionLifetime
Duration
|
(Optional)
SessionLifetime is the maximum duration of a session. |
additionalScopes
string array
|
(Optional)
AdditionalScopes is the list of additional OIDC scopes. |
secretRef
LocalObjectReference
|
SecretRef is the reference to a secret in the garden namespace containing the OIDC client ID and secret for the dashboard. |
certificateAuthoritySecretRef
LocalObjectReference
|
(Optional)
CertificateAuthoritySecretRef is the reference to a secret in the garden namespace containing a custom CA certificate under the "ca.crt" key |
DashboardTerminal
(Appears on:GardenerDashboardConfig)
DashboardTerminal contains configuration for the terminal settings.
| Field | Description |
|---|---|
container
DashboardTerminalContainer
|
Container contains configuration for the dashboard terminal container. |
allowedHosts
string array
|
(Optional)
AllowedHosts should consist of permitted hostnames (without the scheme) for terminal connections. |
DashboardTerminalContainer
(Appears on:DashboardTerminal)
DashboardTerminalContainer contains configuration for the dashboard terminal container.
| Field | Description |
|---|---|
image
string
|
Image is the container image for the dashboard terminal container. |
description
string
|
(Optional)
Description is a description for the dashboard terminal container with hints for the user. |
Deployment
(Appears on:ExtensionSpec)
Deployment specifies how an extension can be installed for a Gardener landscape. It includes the specification for installing an extension and/or an admission controller.
| Field | Description |
|---|---|
extension
ExtensionDeploymentSpec
|
(Optional)
ExtensionDeployment contains the deployment configuration an extension. |
admission
AdmissionDeploymentSpec
|
(Optional)
AdmissionDeployment contains the deployment configuration for an admission controller. |
DeploymentSpec
(Appears on:AdmissionDeploymentSpec, ExtensionDeploymentSpec)
DeploymentSpec is the specification for the deployment of a component.
| Field | Description |
|---|---|
helm
ExtensionHelm
|
Helm contains the specification for a Helm deployment. |
ETCD
(Appears on:VirtualCluster)
ETCD contains configuration for the etcds of the virtual garden cluster.
| Field | Description |
|---|---|
main
ETCDMain
|
(Optional)
Main contains configuration for the main etcd. |
events
ETCDEvents
|
(Optional)
Events contains configuration for the events etcd. |
ETCDEvents
(Appears on:ETCD)
ETCDEvents contains configuration for the events etcd.
| Field | Description |
|---|---|
autoscaling
ControlPlaneAutoscaling
|
(Optional)
Autoscaling contains auto-scaling configuration options for etcd. |
storage
Storage
|
(Optional)
Storage contains storage configuration. |
ETCDMain
(Appears on:ETCD)
ETCDMain contains configuration for the main etcd.
| Field | Description |
|---|---|
autoscaling
ControlPlaneAutoscaling
|
(Optional)
Autoscaling contains auto-scaling configuration options for etcd. |
backup
Backup
|
(Optional)
Backup contains the object store configuration for backups for the virtual garden etcd. |
storage
Storage
|
(Optional)
Storage contains storage configuration. |
EncryptionAtRest
(Appears on:Credentials)
EncryptionAtRest contains information about virtual garden data encryption at rest.
| Field | Description |
|---|---|
resources
string array
|
(Optional)
Resources is the list of resources which are currently encrypted in the virtual garden by the virtual kube-apiserver. |
provider
EncryptionProviderStatus
|
Provider contains information about virtual garden encryption provider. |
EncryptionProviderStatus
(Appears on:EncryptionAtRest)
EncryptionProviderStatus contains information about virtual garden encryption provider.
| Field | Description |
|---|---|
type
EncryptionProviderType
|
Type is the used encryption provider type. |
Extension
Extension describes a Gardener extension.
| Field | Description |
|---|---|
metadata
ObjectMeta
|
Refer to the Kubernetes API documentation for the fields of the metadata field.
|
spec
ExtensionSpec
|
Spec contains the specification of this extension. |
status
ExtensionStatus
|
Status contains the status of this extension. |
ExtensionDeploymentSpec
(Appears on:Deployment)
ExtensionDeploymentSpec specifies how to install the extension in a gardener landscape. The installation is split into two parts: - installing the extension in the virtual garden cluster by creating the ControllerRegistration and ControllerDeployment - installing the extension in the runtime cluster (if necessary).
| Field | Description |
|---|---|
helm
ExtensionHelm
|
Helm contains the specification for a Helm deployment. |
values
JSON
|
(Optional)
Values are the deployment values used in the creation of the ControllerDeployment in the virtual garden cluster. |
runtimeClusterValues
JSON
|
(Optional)
RuntimeClusterValues are the deployment values for the extension deployment running in the runtime garden cluster. |
policy
ControllerDeploymentPolicy
|
(Optional)
Policy controls how the controller is deployed. It defaults to 'OnDemand'. |
seedSelector
LabelSelector
|
(Optional)
SeedSelector contains an optional label selector for seeds. Only if the labels match then this controller will be |
injectGardenKubeconfig
boolean
|
(Optional)
InjectGardenKubeconfig controls whether a kubeconfig to the garden cluster should be injected into workload |
ExtensionHelm
(Appears on:DeploymentSpec, ExtensionDeploymentSpec)
ExtensionHelm is the configuration for a helm deployment.
| Field | Description |
|---|---|
ociRepository
OCIRepository
|
(Optional)
OCIRepository defines where to pull the chart from. |
ExtensionSpec
(Appears on:Extension)
ExtensionSpec contains the specification of a Gardener extension.
| Field | Description |
|---|---|
resources
ControllerResource array
|
(Optional)
Resources is a list of combinations of kinds (DNSRecord, Backupbucket, ...) and their actual types |
deployment
Deployment
|
(Optional)
Deployment contains deployment configuration for an extension and it's admission controller. |
ExtensionStatus
(Appears on:Extension)
ExtensionStatus is the status of a Gardener extension.
| Field | Description |
|---|---|
observedGeneration
integer
|
(Optional)
ObservedGeneration is the most recent generation observed for this resource. |
conditions
Condition array
|
(Optional)
Conditions represents the latest available observations of an Extension's current state. |
providerStatus
RawExtension
|
(Optional)
ProviderStatus contains type-specific status. |
Garden
Garden describes a list of gardens.
| Field | Description |
|---|---|
metadata
ObjectMeta
|
Refer to the Kubernetes API documentation for the fields of the metadata field.
|
spec
GardenSpec
|
Spec contains the specification of this garden. |
status
GardenStatus
|
Status contains the status of this garden. |
GardenExtension
(Appears on:GardenSpec)
GardenExtension contains type and provider information for Garden extensions.
| Field | Description |
|---|---|
type
string
|
Type is the type of the extension resource. |
providerConfig
RawExtension
|
(Optional)
ProviderConfig is the configuration passed to extension resource. |
GardenSpec
(Appears on:Garden)
GardenSpec contains the specification of a garden environment.
| Field | Description |
|---|---|
dns
DNSManagement
|
(Optional)
DNS contains specifications of DNS providers. |
extensions
GardenExtension array
|
(Optional)
Extensions contain type and provider information for Garden extensions. |
runtimeCluster
RuntimeCluster
|
RuntimeCluster contains configuration for the runtime cluster. |
virtualCluster
VirtualCluster
|
VirtualCluster contains configuration for the virtual cluster. |
resources
NamedResourceReference array
|
(Optional)
Resources holds a list of named resource references that can be referred to in extension configs by their names. |
GardenStatus
(Appears on:Garden)
GardenStatus is the status of a garden environment.
| Field | Description |
|---|---|
gardener
Gardener
|
(Optional)
Gardener holds information about the Gardener which last acted on the Garden. |
conditions
Condition array
|
Conditions is a list of conditions. |
lastOperation
LastOperation
|
(Optional)
LastOperation holds information about the last operation on the Garden. |
observedGeneration
integer
|
ObservedGeneration is the most recent generation observed for this resource. |
credentials
Credentials
|
(Optional)
Credentials contains information about the virtual garden cluster credentials. |
Gardener
(Appears on:VirtualCluster)
Gardener contains the configuration settings for the Gardener components.
| Field | Description |
|---|---|
clusterIdentity
string
|
ClusterIdentity is the identity of the garden cluster. This field is immutable. |
gardenerAPIServer
GardenerAPIServerConfig
|
(Optional)
APIServer contains configuration settings for the gardener-apiserver. |
gardenerAdmissionController
GardenerAdmissionControllerConfig
|
(Optional)
AdmissionController contains configuration settings for the gardener-admission-controller. |
gardenerControllerManager
GardenerControllerManagerConfig
|
(Optional)
ControllerManager contains configuration settings for the gardener-controller-manager. |
gardenerScheduler
GardenerSchedulerConfig
|
(Optional)
Scheduler contains configuration settings for the gardener-scheduler. |
gardenerDashboard
GardenerDashboardConfig
|
(Optional)
Dashboard contains configuration settings for the gardener-dashboard. |
gardenerDiscoveryServer
GardenerDiscoveryServerConfig
|
(Optional)
DiscoveryServer contains configuration settings for the gardener-discovery-server. |
gardenerResourceManager
GardenerResourceManagerConfig
|
(Optional)
ResourceManager contains configuration settings for the gardener-resource-manager. |
GardenerAPIServerConfig
(Appears on:Gardener)
GardenerAPIServerConfig contains configuration settings for the gardener-apiserver.
| Field | Description |
|---|---|
featureGates
object (keys:string, values:boolean)
|
(Optional)
FeatureGates contains information about enabled feature gates. |
admissionPlugins
AdmissionPlugin array
|
(Optional)
AdmissionPlugins contains the list of user-defined admission plugins (additional to those managed by Gardener), |
auditConfig
AuditConfig
|
(Optional)
AuditConfig contains configuration settings for the audit of the kube-apiserver. |
auditWebhook
AuditWebhook
|
(Optional)
AuditWebhook contains settings related to an audit webhook configuration. |
logging
APIServerLogging
|
(Optional)
Logging contains configuration for the log level and HTTP access logs. |
requests
APIServerRequests
|
(Optional)
Requests contains configuration for request-specific settings for the kube-apiserver. |
watchCacheSizes
WatchCacheSizes
|
(Optional)
WatchCacheSizes contains configuration of the API server's watch cache sizes. |
encryptionConfig
EncryptionConfig
|
(Optional)
EncryptionConfig contains customizable encryption configuration of the Gardener API server. |
goAwayChance
float
|
(Optional)
GoAwayChance can be used to prevent HTTP/2 clients from getting stuck on a single apiserver, randomly close a |
shootAdminKubeconfigMaxExpiration
Duration
|
(Optional)
ShootAdminKubeconfigMaxExpiration is the maximum validity duration of a credential requested to a Shoot by an AdminKubeconfigRequest. |
GardenerAdmissionControllerConfig
(Appears on:Gardener)
GardenerAdmissionControllerConfig contains configuration settings for the gardener-admission-controller.
| Field | Description |
|---|---|
logLevel
string
|
(Optional)
LogLevel is the configured log level for the gardener-admission-controller. Must be one of [info,debug,error]. |
resourceAdmissionConfiguration
ResourceAdmissionConfiguration
|
(Optional)
ResourceAdmissionConfiguration is the configuration for resource size restrictions for arbitrary Group-Version-Kinds. |
GardenerControllerManagerConfig
(Appears on:Gardener)
GardenerControllerManagerConfig contains configuration settings for the gardener-controller-manager.
| Field | Description |
|---|---|
featureGates
object (keys:string, values:boolean)
|
(Optional)
FeatureGates contains information about enabled feature gates. |
defaultProjectQuotas
ProjectQuotaConfiguration array
|
(Optional)
DefaultProjectQuotas is the default configuration matching projects are set up with if a quota is not already |
logLevel
string
|
(Optional)
LogLevel is the configured log level for the gardener-controller-manager. Must be one of [info,debug,error]. |
GardenerDashboardConfig
(Appears on:Gardener)
GardenerDashboardConfig contains configuration settings for the gardener-dashboard.
| Field | Description |
|---|---|
enableTokenLogin
boolean
|
(Optional)
EnableTokenLogin specifies whether it is possible to log into the dashboard with a JWT token. If disabled, OIDC |
frontendConfigMapRef
LocalObjectReference
|
(Optional)
FrontendConfigMapRef is the reference to a ConfigMap in the garden namespace containing the frontend |
assetsConfigMapRef
LocalObjectReference
|
(Optional)
AssetsConfigMapRef is the reference to a ConfigMap in the garden namespace containing the assets (logos/icons). |
gitHub
DashboardGitHub
|
(Optional)
GitHub contains configuration for the GitHub ticketing feature. |
logLevel
string
|
(Optional)
LogLevel is the configured log level. Must be one of [trace,debug,info,warn,error]. |
oidcConfig
DashboardOIDC
|
(Optional)
OIDCConfig contains configuration for the OIDC provider. This field must be provided when EnableTokenLogin is false. |
terminal
DashboardTerminal
|
(Optional)
Terminal contains configuration for the terminal settings. |
ingress
DashboardIngress
|
(Optional)
Ingress contains configuration for the ingress settings. |
GardenerDiscoveryServerConfig
(Appears on:Gardener)
GardenerDiscoveryServerConfig contains configuration settings for the gardener-discovery-server.
| Field | Description |
|---|---|
domain
DNSDomain
|
(Optional)
Domain overrides the default ingress domain and optionally the DNS provider for the gardener-discovery-server. |
tlsSecretName
string
|
(Optional)
TLSSecretName is the name of a secret (in the garden namespace) containing |
GardenerResourceManagerConfig
(Appears on:Gardener)
GardenerResourceManagerConfig contains configuration settings for the gardener-resource-manager.
| Field | Description |
|---|---|
additionalTargetNamespaces
string array
|
(Optional)
AdditionalTargetNamespaces allows specifying custom target namespaces for the gardener-resource-manager instance. |
GardenerSchedulerConfig
(Appears on:Gardener)
GardenerSchedulerConfig contains configuration settings for the gardener-scheduler.
| Field | Description |
|---|---|
featureGates
object (keys:string, values:boolean)
|
(Optional)
FeatureGates contains information about enabled feature gates. |
logLevel
string
|
(Optional)
LogLevel is the configured log level for the gardener-scheduler. Must be one of [info,debug,error]. |
GroupResource
(Appears on:KubeAPIServerConfig)
GroupResource contains a list of resources which should be stored in etcd-events instead of etcd-main.
| Field | Description |
|---|---|
group
string
|
Group is the API group name. |
resource
string
|
Resource is the resource name. |
HighAvailability
(Appears on:ControlPlane)
HighAvailability specifies the configuration settings for high availability for a resource.
Ingress
(Appears on:RuntimeCluster)
Ingress configures the Ingress specific settings of the runtime cluster.
| Field | Description |
|---|---|
domains
DNSDomain array
|
Domains specify the ingress domains of the cluster pointing to the ingress controller endpoint. They will be used |
controller
IngressController
|
Controller configures a Gardener managed Ingress Controller listening on the ingressDomain. |
KubeAPIServerConfig
(Appears on:Kubernetes)
KubeAPIServerConfig contains configuration settings for the kube-apiserver.
| Field | Description |
|---|---|
auditWebhook
AuditWebhook
|
(Optional)
AuditWebhook contains settings related to an audit webhook configuration. |
authentication
Authentication
|
(Optional)
Authentication contains settings related to authentication. |
resourcesToStoreInETCDEvents
GroupResource array
|
(Optional)
ResourcesToStoreInETCDEvents contains a list of resources which should be stored in etcd-events instead of |
sni
SNI
|
(Optional)
SNI contains configuration options for the TLS SNI settings. |
KubeControllerManagerConfig
(Appears on:Kubernetes)
KubeControllerManagerConfig contains configuration settings for the kube-controller-manager.
| Field | Description |
|---|---|
certificateSigningDuration
Duration
|
(Optional)
CertificateSigningDuration is the maximum length of duration signed certificates will be given. Individual CSRs |
Kubernetes
(Appears on:VirtualCluster)
Kubernetes contains the version and configuration options for the Kubernetes components of the virtual garden cluster.
| Field | Description |
|---|---|
kubeAPIServer
KubeAPIServerConfig
|
(Optional)
KubeAPIServer contains configuration settings for the kube-apiserver. |
kubeControllerManager
KubeControllerManagerConfig
|
(Optional)
KubeControllerManager contains configuration settings for the kube-controller-manager. |
version
string
|
Version is the semantic Kubernetes version to use for the virtual garden cluster. |
LoadBalancerServicesProxyProtocol
(Appears on:SettingLoadBalancerServices)
LoadBalancerServicesProxyProtocol controls whether ProxyProtocol is (optionally) allowed for the load balancer services.
| Field | Description |
|---|---|
allowed
boolean
|
Allowed controls whether the ProxyProtocol is optionally allowed for the load balancer services. |
Maintenance
(Appears on:VirtualCluster)
Maintenance contains information about the time window for maintenance operations.
| Field | Description |
|---|---|
timeWindow
MaintenanceTimeWindow
|
TimeWindow contains information about the time window for maintenance operations. |
Networking
(Appears on:VirtualCluster)
Networking defines networking parameters for the virtual garden cluster.
| Field | Description |
|---|---|
services
string array
|
Services are the CIDRs of the service network. Elements can be appended to this list, but not removed. |
ProjectQuotaConfiguration
(Appears on:GardenerControllerManagerConfig)
ProjectQuotaConfiguration defines quota configurations.
| Field | Description |
|---|---|
config
ResourceQuota
|
Config is the corev1.ResourceQuota specification used for the project set-up. |
projectSelector
LabelSelector
|
(Optional)
ProjectSelector is an optional setting to select the projects considered for quotas. |
Provider
(Appears on:RuntimeCluster)
Provider defines the provider-specific information for this cluster.
| Field | Description |
|---|---|
region
string
|
(Optional)
Region is the region the cluster is deployed to. |
zones
string array
|
(Optional)
Zones is the list of availability zones the cluster is deployed to. |
ResourceAdmissionConfiguration
(Appears on:GardenerAdmissionControllerConfig)
ResourceAdmissionConfiguration contains settings about arbitrary kinds and the size each resource should have at most.
| Field | Description |
|---|---|
limits
ResourceLimit array
|
Limits contains configuration for resources which are subjected to size limitations. |
unrestrictedSubjects
Subject array
|
(Optional)
UnrestrictedSubjects contains references to users, groups, or service accounts which aren't subjected to any resource size limit. |
operationMode
ResourceAdmissionWebhookMode
|
(Optional)
OperationMode specifies the mode the webhooks operates in. Allowed values are "block" and "log". Defaults to "block". |
ResourceAdmissionWebhookMode
Underlying type: string
(Appears on:ResourceAdmissionConfiguration)
ResourceAdmissionWebhookMode is an alias type for the resource admission webhook mode.
ResourceLimit
(Appears on:ResourceAdmissionConfiguration)
ResourceLimit contains settings about a kind and the size each resource should have at most.
| Field | Description |
|---|---|
apiGroups
string array
|
(Optional)
APIGroups is the name of the APIGroup that contains the limited resource. WildcardAll represents all groups. |
apiVersions
string array
|
(Optional)
APIVersions is the version of the resource. WildcardAll represents all versions. |
resources
string array
|
Resources is the name of the resource this rule applies to. WildcardAll represents all resources. |
size
Quantity
|
(Optional)
Size specifies the imposed limit. |
count
integer
|
(Optional)
Count specifies the maximum number of resources of the given kind. Only cluster-scoped resources are considered. |
RuntimeCluster
(Appears on:GardenSpec)
RuntimeCluster contains configuration for the runtime cluster.
| Field | Description |
|---|---|
ingress
Ingress
|
Ingress configures Ingress specific settings for the Garden cluster. |
networking
RuntimeNetworking
|
Networking defines the networking configuration of the runtime cluster. |
provider
Provider
|
Provider defines the provider-specific information for this cluster. |
settings
Settings
|
(Optional)
Settings contains certain settings for this cluster. |
volume
Volume
|
(Optional)
Volume contains settings for persistent volumes created in the runtime cluster. |
RuntimeNetworking
(Appears on:RuntimeCluster)
RuntimeNetworking defines the networking configuration of the runtime cluster.
| Field | Description |
|---|---|
ipFamilies
IPFamily array
|
(Optional)
IPFamilies specifies the IP protocol versions to use for the runtime cluster's networking. This field is |
nodes
string array
|
(Optional)
Nodes are the CIDRs of the node network. Elements can be appended to this list, but not removed. |
pods
string array
|
Pods are the CIDRs of the pod network. Elements can be appended to this list, but not removed. |
services
string array
|
Services are the CIDRs of the service network. Elements can be appended to this list, but not removed. |
blockCIDRs
string array
|
(Optional)
BlockCIDRs is a list of network addresses that should be blocked. |
SNI
(Appears on:KubeAPIServerConfig)
SNI contains configuration options for the TLS SNI settings.
| Field | Description |
|---|---|
secretName
string
|
(Optional)
SecretName is the name of a secret containing the TLS certificate and private key. |
domainPatterns
string array
|
(Optional)
DomainPatterns is a list of fully qualified domain names, possibly with prefixed wildcard segments. The domain |
SettingLoadBalancerServices
(Appears on:Settings)
SettingLoadBalancerServices controls certain settings for services of type load balancer that are created in the runtime cluster.
| Field | Description |
|---|---|
annotations
object (keys:string, values:string)
|
(Optional)
Annotations is a map of annotations that will be injected/merged into every load balancer service object. |
externalTrafficPolicy
ServiceExternalTrafficPolicy
|
(Optional)
ExternalTrafficPolicy specifies how nodes distribute service traffic they receive on one of the service's |
proxyProtocol
LoadBalancerServicesProxyProtocol
|
(Optional)
ProxyProtocol controls whether ProxyProtocol is (optionally) allowed for the load balancer services. |
SettingTopologyAwareRouting
(Appears on:Settings)
SettingTopologyAwareRouting controls certain settings for topology-aware traffic routing in the cluster. See https://github.com/gardener/gardener/blob/master/docs/operations/topology_aware_routing.md.
| Field | Description |
|---|---|
enabled
boolean
|
Enabled controls whether certain Services deployed in the cluster should be topology-aware. |
SettingVerticalPodAutoscaler
(Appears on:Settings)
SettingVerticalPodAutoscaler controls certain settings for the vertical pod autoscaler components deployed in the cluster.
| Field | Description |
|---|---|
enabled
boolean
|
(Optional)
Enabled controls whether the VPA components shall be deployed into this cluster. It is true by default because |
featureGates
object (keys:string, values:boolean)
|
(Optional)
FeatureGates contains information about enabled feature gates. |
Settings
(Appears on:RuntimeCluster)
Settings contains certain settings for this cluster.
| Field | Description |
|---|---|
loadBalancerServices
SettingLoadBalancerServices
|
(Optional)
LoadBalancerServices controls certain settings for services of type load balancer that are created in the runtime |
verticalPodAutoscaler
SettingVerticalPodAutoscaler
|
(Optional)
VerticalPodAutoscaler controls certain settings for the vertical pod autoscaler components deployed in the |
topologyAwareRouting
SettingTopologyAwareRouting
|
(Optional)
TopologyAwareRouting controls certain settings for topology-aware traffic routing in the cluster. |
Storage
(Appears on:ETCDEvents, ETCDMain)
Storage contains storage configuration.
| Field | Description |
|---|---|
capacity
Quantity
|
(Optional)
Capacity is the storage capacity for the volumes. |
className
string
|
(Optional)
ClassName is the name of a storage class. |
VirtualCluster
(Appears on:GardenSpec)
VirtualCluster contains configuration for the virtual cluster.
| Field | Description |
|---|---|
controlPlane
ControlPlane
|
(Optional)
ControlPlane holds information about the general settings for the control plane of the virtual cluster. |
dns
DNS
|
DNS holds information about DNS settings. |
etcd
ETCD
|
(Optional)
ETCD contains configuration for the etcds of the virtual garden cluster. |
gardener
Gardener
|
Gardener contains the configuration options for the Gardener control plane components. |
kubernetes
Kubernetes
|
Kubernetes contains the version and configuration options for the Kubernetes components of the virtual garden |
maintenance
Maintenance
|
Maintenance contains information about the time window for maintenance operations. |
networking
Networking
|
Networking contains information about cluster networking such as CIDRs, etc. |
Volume
(Appears on:RuntimeCluster)
Volume contains settings for persistent volumes created in the runtime cluster.
| Field | Description |
|---|---|
minimumSize
Quantity
|
(Optional)
MinimumSize defines the minimum size that should be used for PVCs in the runtime cluster. |
WorkloadIdentityKeyRotation
(Appears on:CredentialsRotation)
WorkloadIdentityKeyRotation contains information about the workload identity key credential rotation.
| Field | Description |
|---|---|
phase
CredentialsRotationPhase
|
Phase describes the phase of the workload identity key credential rotation. |
lastCompletionTime
Time
|
(Optional)
LastCompletionTime is the most recent time when the workload identity key credential rotation was successfully |
lastInitiationTime
Time
|
(Optional)
LastInitiationTime is the most recent time when the workload identity key credential rotation was initiated. |
lastInitiationFinishedTime
Time
|
(Optional)
LastInitiationFinishedTime is the recent time when the workload identity key credential rotation initiation was |
lastCompletionTriggeredTime
Time
|
(Optional)
LastCompletionTriggeredTime is the recent time when the workload identity key credential rotation completion was |