An existing shoot can be registered as a seed by creating a ManagedSeed resource. This resource replaces the use-as-seed annotation that was previously used to create shooted seeds. It contains:
- The name of the shoot that should be registered as seed.
- An optional
seedTemplatesection that contains theSeedspec and parts of its metadata, such as labels and annotations. - An optional
gardenletsection that contains:gardenletdeployment parameters, such as the number of replicas, the image, etc.- The
GardenletConfigurationresource that contains controllers configuration, feature gates, and aseedConfigsection that contains theSeedspec and parts of its metadata. - Additional configuration parameters, such as the garden connection bootstrap mechanism (see TLS Bootstrapping), and whether to merge the provided configuration with the configuration of the parent
gardenlet.
Either the seedTemplate or the gardenlet section must be specified, but not both:
- If the
seedTemplatesection is specified,gardenletis not deployed to the shoot, and a newSeedresource is created based on the template. - If the
gardenletsection is specified,gardenletis deployed to the shoot, and it registers a new seed upon startup based on theseedConfigsection of theGardenletConfigurationresource.
Note the following important aspects:
- Unlike the
Seedresource, theManagedSeedresource is namespaced. Currently, managed seeds are restricted to thegardennamespace. - The newly created
Seedresource always has the same name as theManagedSeedresource. Attempting to specify a different name inseedTemplateorseedConfigwill fail. - The
ManagedSeedresource must always refer to an existing shoot. Attempting to create aManagedSeedreferring to a non-existing shoot will fail. - A shoot that is being referred to by a
ManagedSeedcannot be deleted. Attempting to delete such a shoot will fail. - You can omit practically everything from the
seedTemplateorgardenletsection, including all or most of theSeedspec fields. Proper defaults will be supplied in all cases, based either on the most common use cases or the information already available in theShootresource. - Some
Seedspec fields, for example the provider type and region, networking CIDRs for pods, services, and nodes, etc., must be the same as the correspondingShootspec fields of the shoot that is being registered as seed. Attempting to use different values (except empty ones, so that they are supplied by the defaulting mechanims) will fail.
To register a shoot as a seed and deploy gardenlet to the shoot using a default configuration, create a ManagedSeed resource similar to the following:
apiVersion: seedmanagement.gardener.cloud/v1alpha1
kind: ManagedSeed
metadata:
name: my-managed-seed
namespace: garden
spec:
shoot:
name: crazy-botany
gardenlet: {}For an example that uses non-default configuration, see 55-managed-seed-gardenlet.yaml
To register a shoot as a seed from a template without deploying gardenlet to the shoot using a default configuration, create a ManagedSeed resource similar to the following:
apiVersion: seedmanagement.gardener.cloud/v1alpha1
kind: ManagedSeed
metadata:
name: my-managed-seed
namespace: garden
spec:
shoot:
name: crazy-botany
seedTemplate:
metadata:
labels:
seed.gardener.cloud/gardenlet: local
spec:
dns:
ingressDomain: ""
networks:
pods: ""
services: ""
provider:
type: ""
region: ""Note the seed.gardener.cloud/gardenlet: local label above. It stands for the label that is used in a seedSelector field of a gardenlet that takes care of multiple seeds. This label can be omitted if the seedSelector field selects all seeds. If there is no gardenlet running outside the cluster and selecting the seed, it won't be reconciled and no shoots will be scheduled on it.
For an example that uses non-default configuration, see 55-managed-seed-seedtemplate.yaml