example/50-seed.yaml

# Seed cluster registration manifest into which the control planes of Shoot clusters will be deployed.
---
apiVersion: core.gardener.cloud/v1beta1
kind: Seed
metadata:
  name: my-seed
spec:
  provider:
    type: <provider-name> # e.g., aws, azure, gcp, ...
    region: europe-1
  # providerConfig:
  #   <some-provider-specific-config-for-the-seed>
# Optional, only needed if controlled by a Gardenlet running outside
# secretRef:
#   name: seed-secret
#   namespace: garden
# Configuration of backup object store provider into which the backups will be stored.
# If you don't want to have backups then don't specify the `.spec.backup` key.
  backup:
    provider: <provider-name> # e.g., aws, azure, gcp, ...
  # providerConfig:
  #   <some-provider-specific-config-for-the-backup-buckets>
    region: europe-1
    secretRef:
      name: backup-secret
      namespace: garden
  dns:
    ingressDomain: ingress.dev.my-seed.example.com
#   provider:
#     type: aws-route53
#     secretRef:
#       name: ingress-secret
#       namespace: garden
#     domains:
#       include:
#       - my-custom-domain.com
#       - my-other-custom-domain.com
#       exclude:
#       - yet-another-custom-domain.com
#     zones:
#       include:
#       - zone-id-1
#       exclude:
#       - zone-id-2
# ingress: # If set then `.spec.dns.ingressDomain` must be nil and `.spec.dns.provider` must be set.
#   domain: ingress.dev.my-seed.example.com
#   controller:
#     kind: nginx
#     providerConfig:
#       <some-optional-config-for-the-nginx-ingress-controller>
  networks: # seed and shoot networks must be disjunct
    nodes: 10.240.0.0/16
    pods: 10.241.128.0/17
    services: 10.241.0.0/17
  # shootDefaults:
  #   pods: 100.96.0.0/11
  #   services: 100.64.0.0/13
    blockCIDRs:
    - 169.254.169.254/32
  settings:
    dependencyWatchdog:
      endpoint:
        enabled: true # crashlooping pods will be restarted onces their dependants become ready
      probe:
        enabled: true # shoot's kube-controller-managers get scaled down when the kube-apiserver is not reachable via external DNS
    excessCapacityReservation:
      enabled: true # this seed will deploy excess-capacity-reservation pods
    scheduling:
      visible: true # the gardener-scheduler will consider this seed for shoots
    shootDNS:
      enabled: true # all shoots on this seed will use DNS, if disabled they'll just use the plain IPs/hostnames
  # loadBalancerServices:
  #   annotations:
  #     foo: bar
    verticalPodAutoscaler:
      enabled: true # a Gardener-managed VPA deployment is enabled
    ownerChecks:
      enabled: true # owner checks are enabled for shoots scheduled on this seed
# taints:
# - key: seed.gardener.cloud/protected # only shoots in the `garden` namespace can use this seed
# - key: <some-key>
# volume:
#  minimumSize: 20Gi
#  providers:
#  - purpose: etcd-main
#    name: flexvolume