Documentation Index

Overview

• General Architecture
• Gardener landing page gardener.cloud
• "Gardener, the Kubernetes Botanist" blog on kubernetes.io
• "Gardener Project Update" blog on kubernetes.io

Concepts

• Components
  • Gardener API server
    • In-Tree Admission Plugins
  • Gardener Controller Manager
  • Gardener Scheduler
  • Gardener Admission Controller
  • Gardener Resource Manager
  • Gardener Operator
  • Gardener Node Agent
  • Gardenlet
  • Gardenadm
• Backup Restore
• etcd
• Relation between Gardener API and Cluster API

Usage

Gardener

• Gardener Info ConfigMap

Project

• Projects
• Service Account Manager
• NamespacedCloudProfiles

Shoot

• Accessing Shoot Clusters
• Hibernate a Cluster
• Shoot Info ConfigMap
• Shoot Kubernetes Minor Version Upgrades
• Shoot Cluster Limits
• Shoot Maintenance
• Shoot Cluster Purposes
• Shoot Scheduling Profiles
• Shoot Status
• Supported CPU Architectures for Shoot Worker Nodes
• Workerless Shoots
• Shoot Workers Settings
• Access Restrictions
• Workload Identity

Shoot Operations

• Shoot Credentials Rotation
• Trigger shoot operations
• Shoot Updates and Upgrades
• Shoot Kubernetes and Operating System Versioning
• Supported Kubernetes versions
• Controlling the Kubernetes versions for specific worker pools
• Migration from SecretBinding to CredentialsBinding
• Manual Worker Pool Rollout

High Availability

• Shoot High-Availability Control Plane
• Shoot High-Availability Best Practices

Security

• Default Seccomp Profile
• ETCD Encryption Config
• OpenIDConnect presets
• Admission Configuration for the PodSecurity Admission Plugin
• Audit a Kubernetes cluster
• Shoot ServiceAccount Configurations

Networking

• Custom CoreDNS configuration
• DNS Search Path Optimization
• ExposureClasses
• NodeLocalDNS feature
• Shoot KUBERNETES_SERVICE_HOST Environment Variable Injection
• Shoot Networking
• Dual-Stack Network Migration

Autoscaling

• DNS Autoscaling
• In-place Resource Updates
• Shoot Auto-Scaling Configuration
• Shoot Pod Auto-Scaling Best Practices

Observability

• Logging

Advanced

• containerd Registry Configuration
• Endpoints and Ports of a Shoot Control-Plane
• (Custom) CSI components
• Custom containerd configuration
• Readiness of Shoot Worker Nodes
• Cleanup of Shoot clusters in deletion
• Tolerations

Reference

• Well-known labels and annotations

API Reference

• authentication.gardener.cloud API Group
• core.gardener.cloud API Group
• extensions.gardener.cloud API Group
• operations.gardener.cloud API Group
• resources.gardener.cloud API Group
• security.gardener.cloud API Group
• seedmanagement.gardener.cloud API Group
• settings.gardener.cloud API Group

CLI Reference

• gardenadm

Development

• Getting started locally (using the local provider)
• Setting up a development environment (using a cloud provider)
• Testing (Unit, Integration, E2E Tests)
• Test Machinery Tests
• Dependency Management
• Kubernetes Clients in Gardener
• Validation Guidelines
• Logging Guidelines in Gardener Components
• Changing the API
• Secrets Management for Seed and Shoot Clusters
• IPv6 in Gardener Clusters
• Releases, Features, Hotfixes
• Reversed Cluster VPN
• Adding New Cloud Providers
• Adding Support For A New Kubernetes Version
• Removing Support For a Kubernetes Version
• Extending the Monitoring Stack
• Logging Stack
• How to create log parser for container into fluent-bit
• PriorityClasses in Gardener Clusters
• High Availability Of Deployed Components
• Checklist For Adding New Components
• Defaulting Strategy and Developer Guideline
• Autoscaling Specifics for Components
• Shoot Advertised Addresses

Extensions

• Extensibility overview
• Extension registration
• Cluster resource
• Extension points
  • General conventions
  • Trigger for reconcile operations
  • Deploy resources into the shoot cluster
  • Shoot resource customization webhooks
  • Logging and monitoring for extensions
  • Contributing to shoot health status conditions
    • Health Check Library
  • CA Rotation in Extensions
  • Blob storage providers
    • BackupBucket resource
    • BackupEntry resource
  • DNS providers
    • DNSRecord resources
  • IaaS/Cloud providers
    • Control plane customization webhooks
    • Bastion resource
    • ControlPlane resource
    • Infrastructure resource
    • Worker resource
  • Network plugin providers
    • Network resource
  • Operating systems
    • OperatingSystemConfig resource
  • Container runtimes
    • ContainerRuntime resource
  • Generic (non-essential) extensions
    • Extension resource
  • Extension Admission
  • Heartbeat controller
• Provider Local
• Access to the Garden Cluster
• Control plane migration
• Force Deletion
• Extending project roles
• Referenced resources
• Validation Guidelines For Extensions
• Static Manifest Propagation From Seed To Shoot

Deployment

• Getting started locally
• Getting started locally with extensions
• Getting started locally with Self-Hosted Shoot Clusters
• Setup Gardener on a Kubernetes cluster
• Version Skew Policy
• Deploying Gardenlets
  • Automatic Deployment of Gardenlets
  • Deploy a Gardenlet Manually
  • Deploy a Gardenlet via Gardener Operator
  • Scoped API Access for Gardenlets
• Overwrite image vector
• Migration from Gardener v0 to v1
• Feature Gates in Gardener
• Configuring the Logging stack
• SecretBinding Provider Controller

Operations

• Gardener configuration and usage
• Gardener Upgrade Guide
• Control Plane Migration
• Enabling In-place Resource Updates
• Immutable Backup Buckets
• Istio
• Kube API server load balancing
• ManagedSeeds: Register Shoot as Seed
• NetworkPolicys In Garden, Seed, Shoot Clusters
• Seed Bootstrapping
• Seed Settings
• Topology-Aware Traffic Routing
• Trusted TLS certificate for shoot control planes
• Trusted TLS certificate for garden runtime cluster
• Overlapping Network Ranges between Seeds and Shoots
• Disaster Recovery: Restoring a Garden Cluster to a new Runtime Cluster

Monitoring

• Alerting
• Connectivity
• Profiling Gardener Components