gardenctl is a command-line client for the Gardener. It facilitates the administration of one or many garden, seed and shoot clusters. Use this tool to configure access to clusters and configure cloud provider CLI tools. It also provides support for accessing cluster nodes via ssh.
Install the latest release from Homebrew, Chocolatey or GitHub Releases.
# Homebrew (macOS and Linux)
brew install gardener/tap/gardenctl-v2
# Chocolatey (Windows)
choco install gardenctl-v2
Attention brew
users: gardenctl-v2
uses the same binary name as the legacy gardenctl
(gardener/gardenctl
) CLI. If you have an existing installation you should remove it with brew uninstall gardenctl
before attempting to install gardenctl-v2
. Alternatively, you can choose to link the binary using a different name. If you try to install without removing or relinking the old installation, brew will run into an error and provide instructions how to resolve it.
If you install via GitHub releases, you need to put the gardenctl
binary on your path. The other install methods do this for you.
# Example for macOS
# set operating system and architecture
os=darwin # choose between darwin, linux, windows
arch=amd64 # choose between amd64, arm64
# Get latest version. Alternatively set your desired version
version=$(curl -s https://raw.githubusercontent.com/gardener/gardenctl-v2/master/LATEST)
# Download gardenctl
curl -LO "https://github.com/gardener/gardenctl-v2/releases/download/${version}/gardenctl_v2_${os}_${arch}"
# Make the gardenctl binary executable
chmod +x "./gardenctl_v2_${os}_${arch}"
# Move the binary in to your PATH
sudo mv "./gardenctl_v2_${os}_${arch}" /usr/local/bin/gardenctl
gardenctl
requires a configuration file. The default location is in ~/.garden/gardenctl-v2.yaml
.
You can modify this file directly using the gardenctl config
command. It allows adding, modifying and deleting gardens.
Example config
command:
# Adapt the path to your kubeconfig file for the garden cluster
export KUBECONFIG=~/relative/path/to/kubeconfig.yaml
# Method 1 : Fetch cluster-identity of garden cluster from the configmap
cluster_identity=$(kubectl -n kube-system get configmap cluster-identity -ojsonpath={.data.cluster-identity})
# OR
# Method 2 : If you don't have access to the kube-system namespace in the garden cluster, the garden cluster-identity can also be extracted from every shoot's yaml
project="your-project-name" # Change to your project name
shoot="your-shoot-name" # Change to any shoot's name in your project
# Simply copy/paste the following lines
ns=$(kubectl get project $project -ojsonpath={.spec.namespace})
prefix="shoot--$project--$shoot-"$(kubectl get shoot -n $ns $shoot -ojsonpath={.metadata.uid})"-"
identity_status=$(kubectl get shoot -n $ns $shoot -ojsonpath={.status.clusterIdentity})
cluster_identity=$(echo ${identity_status#"$prefix"})
# Configure garden cluster
gardenctl config set-garden $cluster_identity --kubeconfig $KUBECONFIG
This command will create or update a garden with the provided identity and kubeconfig path of your garden cluster.
gardens:
- identity: landscape-dev # Unique identity of the garden cluster. See cluster-identity ConfigMap in kube-system namespace of the garden cluster
kubeconfig: ~/relative/path/to/kubeconfig.yaml
# context: different-context # Overrides the current-context of the garden cluster kubeconfig
# patterns: ~ # List of regex patterns for pattern targeting
Note: You need to have gardenlogin installed as kubectl
plugin in order to use the kubeconfig
s for Shoot
clusters provided by gardenctl
.
- The
gardenctl
config path can be overwritten with the environment variableGCTL_HOME
. - The
gardenctl
config name can be overwritten with the environment variableGCTL_CONFIG_NAME
.
export GCTL_HOME=/alternate/garden/config/dir
export GCTL_CONFIG_NAME=myconfig # without extension!
# config is expected to be under /alternate/garden/config/dir/myconfig.yaml
The state of gardenctl is bound to a shell session and is not shared across windows, tabs or panes.
A shell session is defined by the environment variable GCTL_SESSION_ID
. If this is not defined,
the value of the TERM_SESSION_ID
environment variable is used instead. If both are not defined,
this leads to an error and gardenctl cannot be executed. The target.yaml
and temporary
kubeconfig.*.yaml
files are store in the following directory ${TMPDIR}/garden/${GCTL_SESSION_ID}
.
You can make sure that GCTL_SESSION_ID
or TERM_SESSION_ID
is always present by adding
the following code to your terminal profile ~/.profile
, ~/.bashrc
or comparable file.
bash and zsh: [ -n "$GCTL_SESSION_ID" ] || [ -n "$TERM_SESSION_ID" ] || export GCTL_SESSION_ID=$(uuidgen)
fish: [ -n "$GCTL_SESSION_ID" ] || [ -n "$TERM_SESSION_ID" ] || set -gx GCTL_SESSION_ID (uuidgen)
powershell: if ( !(Test-Path Env:GCTL_SESSION_ID) -and !(Test-Path Env:TERM_SESSION_ID) ) { $Env:GCTL_SESSION_ID = [guid]::NewGuid().ToString() }
Gardenctl supports completion that will help you working with the CLI and save you typing effort.
It will also help you find clusters by providing suggestions for gardener resources such as shoots or projects.
Completion is supported for bash
, zsh
, fish
and powershell
.
You will find more information on how to configure your shell completion for gardenctl by executing the help for
your shell completion command. Example:
gardenctl completion bash --help
You can set a target to use it in subsequent commands. You can also overwrite the target for each command individually.
Note that this will not affect your KUBECONFIG env variable. To update the KUBECONFIG env for your current target see Configure KUBECONFIG section
Example:
# target control plane
gardenctl target --garden landscape-dev --project my-project --shoot my-shoot --control-plane
Find more information in the documentation.
Generate a script that points KUBECONFIG to the targeted cluster for the specified shell. Use together with eval
to configure your shell. Example for bash
:
eval $(gardenctl kubectl-env bash)
Generate the cloud provider CLI configuration script for the specified shell. Use together with eval
to configure your shell. Example for bash
:
eval $(gardenctl provider-env bash)
Establish an SSH connection to a Shoot cluster's node.
gardenctl ssh my-node