Skip to content

Shoot Spec Configuration settings

The following contains a description of several specifications of the Shoot manifest, which are useful to know or may be necessary to modify manually.

extensions

Extensions contain type and provider information for Shoot extensions.

kubernetes

Kubernetes contains the version and configuration settings of the control plane components.

maintenance

Maintenance contains information about the time window for maintenance operations and which operations should be performed.

monitoring

Monitoring contains information about custom monitoring configurations for the shoot.

networking (Required)

Networking contains information about cluster networking such as CNI Plugin type, CIDRs, ...etc.

provider (Required)

Provider contains all provider-specific and provider-relevant information.

provider.workers[].machineControllerManager

In this section it is possible to customize how the machine-controller-manager is behaving by setting some timeouts. Link to the Gardener documentation. The settings has to be applied to each worker group separately.

Example:

provider:
    type: onmetal
    workers:
      - name: my-worker-group
        machineControllerManager:
          machineDrainTimeout: 1h0m0s
          machineHealthTimeout: 1m0s
          machineCreationTimeout: 5m0s
          maxEvictRetries: 5
machineDrainTimeout

If a machine is deleted, and its pre-delete draining takes more time than the defined timeout, the MCM forcefully deletes the machine (default: 2h).

machineHealthTimeout

If the connection to a cluster Node is lost, the MCM will wait for the Node to return until this timeout expires. If this does not happen, it will be declared as failed (default: 10m).

machineCreationTimeout

If a new machine is created and it is not ready to join the cluster in the specified time, it would be declared as failed (default: 10m).

maxEvictRetries

Maximum number of times evicts would be attempted on a pod before it is forcibly deleted during the draining of a machine (default: 10).

nodeConditions

List of case-sensitive node-conditions which will change a machine to a Failed state if they persist longer than the period defined in machineHealthTimeout. (defaults: KernelDeadlock, ReadonlyFilesystem , DiskPressure).

purpose

Purpose is the purpose class for this cluster. More detailed information about Shoot purpose class.

region(Required)

Region is a name of a region. This field is immutable.

resources

Resources holds a list of named resource references that can be referred to in extension configs by their names.

secretBindingName(Required)

SecretBindingName is the name of the SecretBinding that has a reference to the IaaS provider secret. The credentials inside the provider secret will be used to create the shoot in the respective account.

seedName, seedSelector

Both of them are used to specify seed or group of seeds where shoot could be scheduled. SeedName is the name of the seed cluster that runs the control plane of the Shoot. SeedSelector is an optional selector which must match a seed's labels for the shoot to be scheduled on that seed.

Example:

seedSelector:
  matchLabels:
    purpose: <purpose of your seed>
systemComponents

Can be used to enable nodeLocalDNS or coreDNS which contains the settings of system components in the control or data plane of the Shoot cluster.

systemComponents.nodeLocalDNS

is designed to solve issues such as cloud provider limits for DNS lookup, unreliable UDP connections, inefficient load-balancing of services. The enabled field should be set to true.

Example:

systemComponents:
    nodeLocalDNS:
      enabled: true
tolerations

Another option how to control shoot scheduling by tolerations for taints on seed clusters. In same way as toleration is K8s.

kubeProxy

Contains configuration settings for the kube-proxy. The enabled field should be set to false, otherwise it may conflict with various applications or components.

Example:

kubernetes:
  kubeProxy:
    enabled: false
    mode: IPTables
controlPlane

Contains configuration settings for the controlPlane high availability mode. More detailed information about HA settings

Example:

controlPlane:
  highAvailability:
    failureTolerance:
      type: zone
kubeAPIServer

Contains configuration settings for the kube-apiserver.

kubeAPIServer.oidcConfig

OIDCConfig contains configuration settings for the OIDC provider. This needs to be configured in case OIDC will be used. More detailed information about OIDC configuration