landscape.gardener.seedCandidateDeterminationStrategy has two possible values: SameRegion (default) and MinimalDistance. In the first case, shoots can only be created in regions where a seed exists and only those regions will show up in the dashboard. In the latter case, shoots can be created in any region listed in the cloudprofile and the geographically closest seed will be used.
If landscape.gardener.network-policies.active is set to true, garden-setup will deploy network policies into the garden namespace. Currently, these are only egress rules for the 'virtual' kube-apiserver and the Gardener dashboard, other components or incoming traffic are not affected for now.
The default for landscape.gardener.network-policies.active is false, because the network policies have been shown to cause problems in some environments. It is planned to enable the policies by default, though, once the problems have been solved.
The landscape.gardener.extensions is optional.
While garden-setup automatically decides which Gardener extensions to deploy, it is possible to overwrite this decision manually. By setting landscape.gardener.<extension_name>.active to true, the extension will be deployed, independently of whether it is needed or not. Similarly, setting the flag to false will deactivate the extension and it won't be deployed. You should handle the latter one with care, as most extensions which are deployed by default are needed and deactivating them will result in a broken Gardener landscape.
Some extensions come with admission controllers which can be deployed into the base cluster optionally. For chosen extensions, garden-setup is able to deploy the admission controller. To do this, it needs to be activated manually by setting landscape.gardener.<extension_name>.admissionController to true.
Currently, this feature can be used for the provider extensions (except vsphere) as well as the networking-calico and shoot-dns-service extensions.
Whatever is specified in landscape.gardener.extensions.<extensionName>.valueOverwrites will be given directly to the helm values for the extension, so you can overwrite the corresponding default values.
Some values are set by default (take a look in the deployment.yaml), this values can also overwrite with the landscape.gardener.extensions.<extensionName>.valueOverwrites.
The following extensions are available in landscape.gardener.extensions:
- os-ubuntu: values.yaml
- os-gardenlinux: values.yaml
- os-suse-chost: values.yaml
- os-coreos: values.yaml
- provider-aws: values.yaml
- provider-gcp: values.yaml
- provider-azure: values.yaml
- provider-openstack: values.yaml
- provider-alicloud: values.yaml
- provider-vsphere: values.yaml
- networking-calico: values.yaml
- shoot-cert-service: values.yaml
- shoot-dns-service: values.yaml
Example to set the imageVectorOverwrite (see values.yaml) for gardener-extension-networking-calico:
...
gardener:
...
extensions:
networking-calico:
valueOverwrites:
imageVectorOverwrite: |
images:
- name: calico-node
sourceRepository: github.com/projectcalico/calico
repository: some-other-registry/calico/node
- name: calico-cni
sourceRepository: github.com/projectcalico/cni-plugin
repository: some-other-registry/calico/cni
- name: calico-typha
sourceRepository: github.com/projectcalico/typha
repository: some-other-registry/calico/typha
...Per default all shoot api server domains are something like '..shoot.'. If you want to change the 'shoot' term you can use landscape.gardener.shootDomainPrefix and set a value you like.
It is possible to overwrite the default values for the resource requests/limits of the Gardener components by setting the corresponding values in landscape.gardener.resources.
...
gardener:
...
resources:
apiserver:
limits:
cpu: 300m
memory: 256Mi
requests:
cpu: 100m
memory: 100Mi
admission: <see above>
controller: <see above>
scheduler: <see above>All fields are optional.