Gardener — Managed Kubernetes Service Across Any Infrastructure

Introduction

Gardener is an open-source Kubernetes-native system developed by SAP that manages the complete lifecycle of conformant Kubernetes clusters across multiple cloud providers and on-premises infrastructure. It follows the "Kubernetes manages Kubernetes" principle by running workload cluster control planes as pods in a seed cluster.

What Gardener Does

• Provisions and manages Kubernetes clusters (called Shoots) on AWS, Azure, GCP, OpenStack, and bare metal
• Runs workload cluster control planes as pods in seed clusters (hosted control planes)
• Automates Kubernetes version upgrades, OS updates, and certificate rotation
• Provides built-in monitoring, logging, and alerting stacks per cluster
• Supports hibernation of clusters to reduce costs during off-hours

Architecture Overview

Gardener uses a three-tier model: the Garden cluster hosts the Gardener API server and manages global state; Seed clusters host the control planes of workload clusters; Shoot clusters are the end-user Kubernetes clusters. Each Shoot's API server, etcd, and controllers run as pods in a Seed, while worker nodes run on the target infrastructure. Extensions allow adding support for new cloud providers, operating systems, and networking plugins.

Self-Hosting & Configuration

• Deploy the Garden cluster with the Gardener Operator, which manages the Gardener control plane components
• Register Seed clusters that will host Shoot control planes
• Define CloudProfiles describing available machine types, images, and Kubernetes versions per provider
• Create Shoot manifests specifying provider, networking, worker pools, and maintenance windows
• Use the Gardener Dashboard (web UI) for visual cluster management and monitoring

Key Features

• Hosted control planes reduce per-cluster overhead and improve security isolation
• Cluster hibernation and wake-up for cost optimization in dev/test environments
• Extensible architecture supports adding new infrastructure providers without modifying core code
• Automated credential rotation for kubeconfig, service account tokens, and etcd encryption keys
• Built-in vertical pod autoscaler and cluster autoscaler for workload and infrastructure scaling

Comparison with Similar Tools

• Cluster API — Kubernetes SIG project for cluster lifecycle; Gardener adds hosted control planes and operational automation
• Rancher — multi-cluster management UI; Gardener focuses on hosted control planes and provider abstraction
• EKS/GKE/AKS — cloud-native managed Kubernetes; Gardener provides a consistent experience across all providers
• KubeSphere — multi-cluster platform focused on developer experience and app store
• Crossplane — infrastructure provisioning via Kubernetes CRDs; complementary to Gardener's cluster management

FAQ

Q: What does "Kubernetes manages Kubernetes" mean in Gardener? A: Gardener uses standard Kubernetes primitives (pods, deployments, CRDs) in seed clusters to run and manage the control planes of workload (shoot) clusters.

Q: Which cloud providers does Gardener support? A: AWS, Azure, GCP, OpenStack, Alicloud, and bare metal via provider extensions. Community extensions add support for additional platforms.

Q: Can I run Gardener on-premises? A: Yes. With OpenStack or bare-metal provider extensions, Gardener manages clusters on private infrastructure the same way it manages cloud-based ones.

Q: How does Gardener handle upgrades? A: Gardener automates Kubernetes minor version upgrades and OS patch updates within configured maintenance windows, with rollback capabilities if health checks fail.

Sources

• https://github.com/gardener/gardener
• https://gardener.cloud/docs/