From 992d470efc021a6ea0a4a6131972fb07d987dd72 Mon Sep 17 00:00:00 2001 From: Rafael Franzke Date: Sun, 4 Aug 2019 13:33:17 +0200 Subject: [PATCH] [GEP-4] Add proposal document for new APIs --- ...ation.svg => 02-backupinfra-migration.svg} | 0 ...upinfra-provisioning-sequence-diagram.svg} | 0 ...pinfra-provisioning-with-deletion-job.svg} | 0 docs/proposals/02-backupinfra.md | 6 +- ...king.md => 03-networking-extensibility.md} | 0 .../04-new-core-gardener-cloud-apis.md | 728 ++++++++++++++++++ 6 files changed, 731 insertions(+), 3 deletions(-) rename docs/proposals/{Backup-Migration.svg => 02-backupinfra-migration.svg} (100%) rename docs/proposals/{Backup-Infrastructure-Provisioning-sequence-diagram.svg => 02-backupinfra-provisioning-sequence-diagram.svg} (100%) rename docs/proposals/{Backup-Infrastructure-Provisioning-with-deletion-job.svg => 02-backupinfra-provisioning-with-deletion-job.svg} (100%) rename docs/proposals/{03-networking.md => 03-networking-extensibility.md} (100%) create mode 100644 docs/proposals/04-new-core-gardener-cloud-apis.md diff --git a/docs/proposals/Backup-Migration.svg b/docs/proposals/02-backupinfra-migration.svg similarity index 100% rename from docs/proposals/Backup-Migration.svg rename to docs/proposals/02-backupinfra-migration.svg diff --git a/docs/proposals/Backup-Infrastructure-Provisioning-sequence-diagram.svg b/docs/proposals/02-backupinfra-provisioning-sequence-diagram.svg similarity index 100% rename from docs/proposals/Backup-Infrastructure-Provisioning-sequence-diagram.svg rename to docs/proposals/02-backupinfra-provisioning-sequence-diagram.svg diff --git a/docs/proposals/Backup-Infrastructure-Provisioning-with-deletion-job.svg b/docs/proposals/02-backupinfra-provisioning-with-deletion-job.svg similarity index 100% rename from docs/proposals/Backup-Infrastructure-Provisioning-with-deletion-job.svg rename to docs/proposals/02-backupinfra-provisioning-with-deletion-job.svg diff --git a/docs/proposals/02-backupinfra.md b/docs/proposals/02-backupinfra.md index a9346202637..f98855a3022 100644 --- a/docs/proposals/02-backupinfra.md +++ b/docs/proposals/02-backupinfra.md @@ -168,7 +168,7 @@ Here CloudProfileController will interpret this spec as follows: Following diagram represent overall flow in details: -![sequence-diagram](Backup-Infrastructure-Provisioning-sequence-diagram.svg) +![sequence-diagram](02-backupinfra-provisioning-sequence-diagram.svg) #### Reconciliation @@ -181,7 +181,7 @@ Reconciliation on backup entry in seed cluster mostly comes in picture at the ti ### Alternative -![sequence-diagram](Backup-Infrastructure-Provisioning-with-deletion-job.svg) +![sequence-diagram](02-backupinfra-provisioning-with-deletion-job.svg) ## Discussion points / variations ### Manual vs dynamic bucket creation @@ -228,7 +228,7 @@ controllers: - Scale up etcd-main with new config. - Destroy Old bucket and old backup namespace. It can be immediate or preferrably __lazy__ deletion. -![backup-migration-sequence-diagram](./Backup-Migration.svg) +![backup-migration-sequence-diagram](./02-backupinfra-migration.svg) ### Legacy Mode alternative - If Backup namespace present in seed cluster, then follow the legacy approach. diff --git a/docs/proposals/03-networking.md b/docs/proposals/03-networking-extensibility.md similarity index 100% rename from docs/proposals/03-networking.md rename to docs/proposals/03-networking-extensibility.md diff --git a/docs/proposals/04-new-core-gardener-cloud-apis.md b/docs/proposals/04-new-core-gardener-cloud-apis.md new file mode 100644 index 00000000000..33dea987371 --- /dev/null +++ b/docs/proposals/04-new-core-gardener-cloud-apis.md @@ -0,0 +1,728 @@ +# New `core.gardener.cloud/v1alpha1` APIs required to extract cloud-specific/OS-specific knowledge out of Gardener core + +## Table of Contents + +* [Table of Contents](#table-of-contents) +* [Summary](#summary) +* [Motivation](#motivation) + * [Goals](#goals) + * [Non-Goals](#non-goals) +* [Proposal](#proposal) + * [`ProviderProfile` resource](#providerprofile-resource) + * [`Seed` resource](#seed-resource) + * [`SecretBinding` resource](#secretbinding-resource) + * [`Quota` resource](#quota-resource) + * [`BackupBucket` resource](#backupbucket-resource) + * [`BackupEntry` resource](#backupentry-resource) + * [`Shoot` resource](#shoot-resource) + * [`Plant` resource](#plant-resource) + +## Summary + +In [GEP-1](https://github.com/gardener/gardener/blob/master/docs/proposals/01-extensibility.md) we have proposed how to (re-)design Gardener to allow providers maintaining their provider-specific knowledge out of the core tree. +Meanwhile, we have progressed a lot and are about to remove the [`CloudBotanist` interface](https://github.com/gardener/gardener/blob/master/pkg/operation/cloudbotanist/types.go) entirely. +The only missing aspect that will allow providers to really maintain their code out of the core is to design new APIs. + +This proposal describes how the new `Shoot`, `Seed` etc. APIs will be re-designed to cope with the changes made with extensibility. +We already have the new `core.gardener.cloud/v1alpha1` API group that will be the new default soon. + +## Motivation + +We want to allow providers to individually maintain their specific knowledge without the necessity to touch the Gardener core code. +In order to achieve the same, we have to provide proper APIs. + +### Goals + +* Provide proper APIs to allow providers maintaining their code outside of the core codebase. +* Do not complicate the APIs for end-users such that they can easily create, delete, and maintain shoot clusters. + +### Non-Goals + +* Let's try to not split everything up into too many different resources. Instead, let's try to keep all relevant information in the same resources when possible/appropriate. + +## Proposal + +In GEP-1 we already have proposed a first version for new `CloudProfile` and `Shoot` resources. +In order to deprecate the existing/old `garden.sapcloud.io/v1beta1` API group (and remove it, eventually) we should move all existing resources to the new `core.gardener.cloud/v1alpha1` API group. + +### `ProviderProfile` resource + +Special note: The `CloudProfile` will be renamed to `ProviderProfile`. + +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: backup-secret + namespace: garden +type: Opaque +data: + # + # https://github.com/gardener/gardener-extensions/blob/master/controllers/provider-alicloud/example/30-backupbucket.yaml#L9-L11 + # https://github.com/gardener/gardener-extensions/blob/master/controllers/provider-aws/example/30-infrastructure.yaml#L9-L10 + # https://github.com/gardener/gardener-extensions/blob/master/controllers/provider-azure/example/30-backupbucket.yaml#L9-L10 + # https://github.com/gardener/gardener-extensions/blob/master/controllers/provider-gcp/example/30-backupbucket.yaml#L9 + # https://github.com/gardener/gardener-extensions/blob/master/controllers/provider-openstack/example/30-backupbucket.yaml#L9-L13 + +--- +apiVersion: core.gardener.cloud/v1alpha1 +kind: ProviderProfile +metadata: + name: providerprofile1 +spec: + type: # {aws,azure,gcp,...} +# Optional list of labels on `Seed` resources that marks those seeds whose shoots may use this provider profile. +# An empty list means that all seeds of the same provider type are supported. +# This is useful for environments that are of the same type (like openstack) but may have different "instances"/landscapes. +# seedSelector: +# matchLabels: +# foo: bar + kubernetes: + versions: + - version: 1.12.1 + - version: 1.11.0 + - version: 1.10.6 + - version: 1.10.5 + expirationDate: 2020-04-05T01:02:03Z # optional + backup: # See https://github.com/gardener/gardener/blob/master/docs/proposals/02-backupinfra.md. + type: # {aws,azure,gcp,...} + # region: eu-west-1 + secretRef: + name: backup-secret + namespace: garden + machineTypes: + - name: m5.large + cpu: "2" + gpu: "0" + memory: 8Gi + # storage: 20Gi # optional (not needed in every environment, may only be specified if no volumeTypes have been specified) + usable: true + volume: + minimumSize: 20Gi + types: # optional (not needed in every environment, may only be specified if no machineType has a `storage` field) + - name: gp2 + class: standard + - name: io1 + class: premium + machineImages: + - name: coreos + versions: + - version: 2023.5.0 + - version: 1967.5.0 + expirationDate: 2020-04-05T08:00:00Z + - name: ubuntu + versions: + - version: 18.04.201906170 + regions: + - name: europe-central-1 + zones: # optional (not needed in every environment) + - name: europe-central-1a + - name: europe-central-1b + - name: europe-central-1c + # unavailableMachineTypes: # optional, list of machine types defined above that are not available in this zone + # - name: m5.large + # unavailableVolumeTypes: # optional, list of volume types defined above that are not available in this zone + # - name: io1 +# CA bundle that will be installed onto every shoot machine that is using this provider profile. +# caBundle: | +# -----BEGIN CERTIFICATE----- +# ... +# -----END CERTIFICATE----- + providerConfig: + + # We don't have concrete examples for every existing provider yet, but these are the proposals: + # + # Example for Alicloud: + # + # apiVersion: alicloud.provider.extensions.gardener.cloud/v1alpha1 + # kind: ProviderProfileConfig + # machineImages: + # - name: coreos + # version: 2023.5.0 + # id: coreos_2023_4_0_64_30G_alibase_20190319.vhd + # + # + # Example for AWS: + # + # apiVersion: aws.provider.extensions.gardener.cloud/v1alpha1 + # kind: ProviderProfileConfig + # machineImages: + # - name: coreos + # version: 1967.5.0 + # regions: + # - name: europe-central-1 + # ami: ami-0f46c2ed46d8157aa + # + # + # Example for Azure: + # + # apiVersion: azure.provider.extensions.gardener.cloud/v1alpha1 + # kind: ProviderProfileConfig + # machineImages: + # - name: coreos + # version: 1967.5.0 + # publisher: CoreOS + # offer: CoreOS + # sku: Stable + # countFaultDomains: + # - region: westeurope + # count: 2 + # countUpdateDomains: + # - region: westeurope + # count: 5 + # + # + # Example for GCP: + # + # apiVersion: gcp.provider.extensions.gardener.cloud/v1alpha1 + # kind: ProviderProfileConfig + # machineImages: + # - name: coreos + # version: 2023.5.0 + # image: projects/coreos-cloud/global/images/coreos-stable-2023-5-0-v20190312 + # + # + # Example for OpenStack: + # + # apiVersion: openstack.provider.extensions.gardener.cloud/v1alpha1 + # kind: ProviderProfileConfig + # machineImages: + # - name: coreos + # version: 2023.5.0 + # image: coreos-2023.5.0 + # keyStoneURL: https://url-to-keystone/v3/ + # dnsServers: + # - 10.10.10.10 + # - 10.10.10.11 + # dhcpDomain: foo.bar + # requestTimeout: 30s + # constraints: + # loadBalancerProviders: + # - name: haproxy + # floatingPools: + # - name: fip1 + # loadBalancerClasses: + # - name: class1 + # floatingSubnetID: 04eed401-f85f-4610-8041-c4835c4beea6 + # floatingNetworkID: 23949a30-1cdd-4732-ba47-d03ced950acc + # subnetID: ac46c204-9d0d-4a4c-a90d-afefe40cfc35 + # + # + # Example for Packet: + # + # apiVersion: packet.provider.extensions.gardener.cloud/v1alpha1 + # kind: ProviderProfileConfig + # machineImages: + # - name: coreos + # version: 2079.3.0 + # id: d61c3912-8422-4daf-835e-854efa0062e4 +``` + +### `Seed` resource + +Special note: The proposal contains fields that are not yet existing in the current `garden.sapcloud.io/v1beta1.Seed` resource, but they should be implemented (open issues that require them are linked). + +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: seed-secret + namespace: garden +type: Opaque +data: + kubeconfig: base64(kubeconfig-for-seed-cluster) + +--- +apiVersion: core.gardener.cloud/v1alpha1 +kind: Seed +metadata: + name: seed1 +spec: + provider: + type: # {aws,azure,gcp,...} + region: europe-central-1 + secretRef: + name: seed-secret + namespace: garden + # Motivation for DNS section: https://github.com/gardener/gardener/issues/201. + dns: + provider: # {aws-route53, google-clouddns, ...} + secretName: my-dns-secret # must be in `garden` namespace + ingressDomain: seed1.dev.example.com + volume: # optional (introduced to get rid of `persistentvolume.garden.sapcloud.io/minimumSize` and `persistentvolume.garden.sapcloud.io/provider` annotations) + minimumSize: 20Gi + providers: + - name: foo + purpose: etcd-main + networks: # Seed and Shoot networks must be disjunct + nodes: 10.240.0.0/16 + pods: 10.241.128.0/17 + services: 10.241.0.0/17 + # Shoot default networks, see also https://github.com/gardener/gardener/issues/895. + # shootDefaults: + # pods: 100.96.0.0/11 + # services: 100.64.0.0/13 + taints: + - key: seed.gardener.cloud/protected + - key: seed.gardener.cloud/invisible + blockCIDRs: + - 169.254.169.254/32 +status: + conditions: + - lastTransitionTime: "2020-07-14T19:16:42Z" + lastUpdateTime: "2020-07-14T19:18:17Z" + message: all checks passed + reason: Passed + status: "True" + type: Available + gardener: + id: 4c9832b3823ee6784064877d3eb10c189fc26e98a1286c0d8a5bc82169ed702c + name: gardener-controller-manager-7fhn9ikan73n-7jhka + version: 1.0.0 + observedGeneration: 1 +``` + +### `SecretBinding` resource + +Special note: No modifications needed compared to the current `garden.sapcloud.io/v1beta1.SecretBinding` resource. + +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: secret1 + namespace: garden-core +type: Opaque +data: + # + # https://github.com/gardener/gardener-extensions/blob/master/controllers/provider-alicloud/example/30-infrastructure.yaml#L14-L15 + # https://github.com/gardener/gardener-extensions/blob/master/controllers/provider-aws/example/30-infrastructure.yaml#L9-L10 + # https://github.com/gardener/gardener-extensions/blob/master/controllers/provider-azure/example/30-infrastructure.yaml#L14-L17 + # https://github.com/gardener/gardener-extensions/blob/master/controllers/provider-gcp/example/30-infrastructure.yaml#L14 + # https://github.com/gardener/gardener-extensions/blob/master/controllers/provider-openstack/example/30-infrastructure.yaml#L15-L18 + # https://github.com/gardener/gardener-extensions/blob/master/controllers/provider-packet/example/30-infrastructure.yaml#L14-L15 + # + # If you use your own domain (not the default domain of your landscape) then you have to add additional keys to this secret. + # The reason is that the DNS management is not part of the Gardener core code base but externalized, hence, it might use other + # key names than Gardener itself. + # The actual values here depend on the DNS extension that is installed to your landscape. + # For example, check out https://github.com/gardener/external-dns-management and find a lot of example secret manifests here: + # https://github.com/gardener/external-dns-management/tree/master/examples + +--- +apiVersion: core.gardener.cloud/v1alpha1 +kind: SecretBinding +metadata: + name: secretbinding1 + namespace: garden-core +secretRef: + name: secret1 +# namespace: namespace-other-than-'garden-core' // optional +quotas: [] +# - name: quota-1 +# # namespace: namespace-other-than-'garden-core' // optional +``` + +### `Quota` resource + +Special note: No modifications needed compared to the current `garden.sapcloud.io/v1beta1.Quota` resource. + +```yaml +apiVersion: core.gardener.cloud/v1alpha1 +kind: Quota +metadata: + name: trial-quota + namespace: garden-trial +spec: + scope: + apiGroup: core.gardener.cloud + kind: Project +# clusterLifetimeDays: 14 + metrics: + cpu: "200" + gpu: "20" + memory: 4000Gi + storage.standard: 8000Gi + storage.premium: 2000Gi + loadbalancer: "100" +``` + +### `BackupBucket` resource + +Special note: This new resource is cluster-scoped. + +```yaml +# See also: https://github.com/gardener/gardener/blob/master/docs/proposals/02-backupinfra.md. + +apiVersion: v1 +kind: Secret +metadata: + name: backup-operator-provider + namespace: backup-garden +type: Opaque +data: + # + # https://github.com/gardener/gardener-extensions/blob/master/controllers/provider-alicloud/example/30-backupbucket.yaml#L9-L11 + # https://github.com/gardener/gardener-extensions/blob/master/controllers/provider-aws/example/30-backupbucket.yaml#L9-L10 + # https://github.com/gardener/gardener-extensions/blob/master/controllers/provider-azure/example/30-backupbucket.yaml#L9-L10 + # https://github.com/gardener/gardener-extensions/blob/master/controllers/provider-gcp/example/30-backupbucket.yaml#L9 + # https://github.com/gardener/gardener-extensions/blob/master/controllers/provider-openstack/example/30-backupbucket.yaml#L9-L13 + +--- +apiVersion: core.gardener.cloud/v1alpha1 +kind: BackupBucket +metadata: + name: providerprofile1-random[:5] + ownerReferences: + - kind: ProviderProfile + name: providerprofile1 +spec: + provider: + type: # {aws,azure,gcp,...} + region: europe-central-1 + seed: seed1 + secretRef: + name: backup-operator-provider + namespace: backup-garden +status: + lastOperation: + description: Backup bucket has been successfully reconciled. + lastUpdateTime: '2020-04-13T14:34:27Z' + progress: 100 + state: Succeeded + type: Reconcile + observedGeneration: 1 +``` + +### `BackupEntry` resource + +Special note: This new resource is cluster-scoped. + +```yaml +# See also: https://github.com/gardener/gardener/blob/master/docs/proposals/02-backupinfra.md. + +apiVersion: v1 +kind: Secret +metadata: + name: backup-operator-provider + namespace: backup-garden +type: Opaque +data: + # + # https://github.com/gardener/gardener-extensions/blob/master/controllers/provider-alicloud/example/30-backupbucket.yaml#L9-L11 + # https://github.com/gardener/gardener-extensions/blob/master/controllers/provider-aws/example/30-backupbucket.yaml#L9-L10 + # https://github.com/gardener/gardener-extensions/blob/master/controllers/provider-azure/example/30-backupbucket.yaml#L9-L10 + # https://github.com/gardener/gardener-extensions/blob/master/controllers/provider-gcp/example/30-backupbucket.yaml#L9 + # https://github.com/gardener/gardener-extensions/blob/master/controllers/provider-openstack/example/30-backupbucket.yaml#L9-L13 + +--- +apiVersion: core.gardener.cloud/v1alpha1 +kind: BackupEntry +metadata: + name: shoot--core--crazy-botany--3ef42 + namespace: garden-core + ownerReferences: + - apiVersion: core.gardener.cloud/v1alpha1 + blockOwnerDeletion: false + controller: true + kind: Shoot + name: crazy-botany + uid: 19a9538b-5058-11e9-b5a6-5e696cab3bc8 +spec: + bucketName: providerprofile1-random[:5] + seed: seed1 +status: + lastOperation: + description: Backup entry has been successfully reconciled. + lastUpdateTime: '2020-04-13T14:34:27Z' + progress: 100 + state: Succeeded + type: Reconcile + observedGeneration: 1 +``` + +### `Shoot` resource + +Special notes: + +* `kubelet` configuration in the worker pools may override the default `.spec.kubernetes.kubelet` configuration (that applies for all worker pools if not overridden). +* Moved remaining control plane configuration to new `.spec.provider.controlplane` section. + +```yaml +apiVersion: core.gardener.cloud/v1alpha1 +kind: Shoot +metadata: + name: crazy-botany + namespace: garden-core +spec: + secretBindingName: secretbinding1 +# seedName: seed1 + provider: + type: # {aws,azure,gcp,...} + profileName: providerprofile1 + region: europe-central-1 + infrastructure: + + # https://github.com/gardener/gardener-extensions/blob/master/controllers/provider-alicloud/example/30-infrastructure.yaml#L56-L64 + # https://github.com/gardener/gardener-extensions/blob/master/controllers/provider-aws/example/30-infrastructure.yaml#L43-L53 + # https://github.com/gardener/gardener-extensions/blob/master/controllers/provider-azure/example/30-infrastructure.yaml#L63-L71 + # https://github.com/gardener/gardener-extensions/blob/master/controllers/provider-gcp/example/30-infrastructure.yaml#L53-L57 + # https://github.com/gardener/gardener-extensions/blob/master/controllers/provider-openstack/example/30-infrastructure.yaml#L56-L64 + # https://github.com/gardener/gardener-extensions/blob/master/controllers/provider-packet/example/30-infrastructure.yaml#L48-L49 + controlplane: + providerConfig: + + # https://github.com/gardener/gardener-extensions/blob/master/controllers/provider-alicloud/example/30-controlplane.yaml#L60-L65 + # https://github.com/gardener/gardener-extensions/blob/master/controllers/provider-aws/example/30-controlplane.yaml#L60-L64 + # https://github.com/gardener/gardener-extensions/blob/master/controllers/provider-azure/example/30-controlplane.yaml#L61-L66 + # https://github.com/gardener/gardener-extensions/blob/master/controllers/provider-gcp/example/30-controlplane.yaml#L59-L64 + # https://github.com/gardener/gardener-extensions/blob/master/controllers/provider-openstack/example/30-controlplane.yaml#L64-L70 + # https://github.com/gardener/gardener-extensions/blob/master/controllers/provider-packet/example/30-controlplane.yaml#L60-L61 + # kubeAPIServer: + # featureGates: + # SomeKubernetesFeature: true + # runtimeConfig: + # scheduling.k8s.io/v1alpha1: true + # oidcConfig: + # caBundle: | + # -----BEGIN CERTIFICATE----- + # Li4u + # -----END CERTIFICATE----- + # clientID: client-id + # groupsClaim: groups-claim + # groupsPrefix: groups-prefix + # issuerURL: https://identity.example.com + # usernameClaim: username-claim + # usernamePrefix: username-prefix + # signingAlgs: RS256,some-other-algorithm + #-#-# only usable with Kubernetes >= 1.11 + # requiredClaims: + # key: value + # admissionPlugins: + # - name: PodNodeSelector + # config: | + # podNodeSelectorPluginConfig: + # clusterDefaultNodeSelector: + # namespace1: + # namespace2: + # auditConfig: + # auditPolicy: + # configMapRef: + # name: auditpolicy + # kubeControllerManager: + # featureGates: + # SomeKubernetesFeature: true + # horizontalPodAutoscaler: + # syncPeriod: 30s + # tolerance: 0.1 + #-#-# only usable with Kubernetes < 1.12 + # downscaleDelay: 15m0s + # upscaleDelay: 1m0s + #-#-# only usable with Kubernetes >= 1.12 + # downscaleStabilization: 5m0s + # initialReadinessDelay: 30s + # cpuInitializationPeriod: 5m0s + # kubeScheduler: + # featureGates: + # SomeKubernetesFeature: true + # kubeProxy: + # featureGates: + # SomeKubernetesFeature: true + # mode: IPVS + # kubelet: + # cpuCFSQuota: true + # cpuManagerPolicy: none + # podPidsLimit: 10 + # featureGates: + # SomeKubernetesFeature: true + # clusterAutoscaler: + # scaleDownUtilizationThreshold: 0.5 + # scaleDownUnneededTime: 30m + # scaleDownDelayAfterAdd: 60m + # scaleDownDelayAfterFailure: 10m + # scaleDownDelayAfterDelete: 10s + # scanInterval: 10s + workers: + - name: cpu-worker + minimum: 3 + maximum: 5 + # maxSurge: 1 + # maxUnavailable: 0 + machine: + type: m5.large + image: + name: + version: + # providerConfig: + # + volume: + type: gp2 + size: 20Gi + # providerConfig: + # + # labels: + # key: value + # annotations: + # key: value + # taints: # See also https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + # - key: foo + # value: bar + # effect: NoSchedule + # caBundle: + # kubernetes: + # kubelet: + # cpuCFSQuota: true + # cpuManagerPolicy: none + # podPidsLimit: 10 + # featureGates: + # SomeKubernetesFeature: true + zones: + - europe-central-1a + - europe-central-1b + kubernetes: + version: 1.15.1 + # allowPrivilegedContainers: true # 'true' means that all authenticated users can use the "gardener.privileged" PodSecurityPolicy, allowing full unrestricted access to Pod features. + dns: + # When the shoot shall use a cluster domain no domain and no providers need to be provided - Gardener will + # automatically compute a correct domain. + domain: crazy-botany.core.my-custom-domain.com + providers: + - type: aws-route53 + secretName: my-custom-domain-secret + domains: + include: + - my-custom-domain.com + - my-other-custom-domain.com + exclude: + - yet-another-custom-domain.com + extensions: + - type: foobar + # providerConfig: + # apiVersion: foobar.extensions.gardener.cloud/v1alpha1 + # kind: FooBarConfiguration + # foo: bar + networking: + type: calico + pods: 100.96.0.0/11 + services: 100.64.0.0/13 + nodes: 10.250.0.0/16 + # providerConfig: + # apiVersion: calico.extensions.gardener.cloud/v1alpha1 + # kind: NetworkConfig + # ipam: + # type: host-local + # cidr: usePodCIDR + # backend: bird + # See also: https://github.com/gardener/gardener/blob/master/docs/proposals/03-networking.md + maintenance: + timeWindow: + begin: 220000+0100 + end: 230000+0100 + autoUpdate: + kubernetesVersion: true + machineImageVersion: true +# hibernation: +# enabled: false +# schedules: +# - start: "0 20 * * *" # Start hibernation every day at 8PM +# end: "0 6 * * *" # Stop hibernation every day at 6AM +# location: "America/Los_Angeles" # Specify a location for the cron to run in + addons: + nginx-ingress: + enabled: false + # loadBalancerSourceRanges: [] + kubernetes-dashboard: + enabled: true + # authenticationMode: basic # allowed values: basic,token +status: + conditions: + - type: APIServerAvailable + status: 'True' + lastTransitionTime: '2020-01-30T10:38:15Z' + lastUpdateTime: '2020-04-13T14:35:21Z' + reason: HealthzRequestFailed + message: API server /healthz endpoint responded with success status code. [response_time:3ms] + - type: ControlPlaneHealthy + status: 'True' + lastTransitionTime: '2020-04-02T05:18:58Z' + lastUpdateTime: '2020-04-13T14:35:21Z' + reason: ControlPlaneRunning + message: All control plane components are healthy. + - type: EveryNodeReady + status: 'True' + lastTransitionTime: '2020-04-01T16:27:21Z' + lastUpdateTime: '2020-04-13T14:35:21Z' + reason: EveryNodeReady + message: Every node registered to the cluster is ready + - type: SystemComponentsHealthy + status: 'True' + lastTransitionTime: '2020-04-03T18:26:28Z' + lastUpdateTime: '2020-04-13T14:35:21Z' + reason: SystemComponentsRunning + message: All system components are healthy. + gardener: + id: 4c9832b3823ee6784064877d3eb10c189fc26e98a1286c0d8a5bc82169ed702c + name: gardener-controller-manager-7fhn9ikan73n-7jhka + version: 1.0.0 + lastOperation: + description: Shoot cluster state has been successfully reconciled. + lastUpdateTime: '2020-04-13T14:34:27Z' + progress: 100 + state: Succeeded + type: Reconcile + observedGeneration: 1 + seed: seed1 + hibernated: false + technicalID: shoot--core--crazy-botany + uid: d8608cfa-2856-11e8-8fdc-0a580af181af +``` + +### `Plant` resource + +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: crazy-plant-secret + namespace: garden-core +type: Opaque +data: + kubeconfig: base64(kubeconfig-for-plant-cluster) + +--- +apiVersion: core.gardener.cloud/v1alpha1 +kind: Plant +metadata: + name: crazy-plant + namespace: garden-core +spec: + secretRef: + name: crazy-plant-secret + endpoints: + - name: Cluster GitHub repository + purpose: management + url: https://github.com/my-org/my-cluster-repo + - name: GKE cluster page + purpose: management + url: https://console.cloud.google.com/kubernetes/clusters/details/europe-west1-b/plant?project=my-project&authuser=1&tab=details +status: + clusterInfo: + provider: + type: gce + region: europe-west4-c + kubernetes: + version: v1.11.10-gke.5 + conditions: + - lastTransitionTime: "2020-03-01T11:31:37Z" + lastUpdateTime: "2020-04-14T18:00:29Z" + message: API server /healthz endpoint responded with success status code. [response_time:8ms] + reason: HealthzRequestFailed + status: "True" + type: APIServerAvailable + - lastTransitionTime: "2020-04-01T06:26:56Z" + lastUpdateTime: "2020-04-14T18:00:29Z" + message: Every node registered to the cluster is ready + reason: EveryNodeReady + status: "True" + type: EveryNodeReady +```