What does a garden config look like

[dfishburn]

Describe the bug
I am finding difficulty configuring gardenctl for the features indicated.
I cannot find documentation which directly lists all the things than can / should go into the garden.config file.

To Reproduce

Version:

$ gardenctl version
gardenctl:
                version     : v0.24.1
                build date  : 2020-12-09
                go version  : go1.14.12
                go compiler : gc
                platform    : linux/amd64

I used this configuration:

email: [email protected]
githubURL: https://github.my.company
gardenClusters:
- name: devaws
  kubeConfig: ~/.kube/iotdevk8s--devawsk8s-cluster-admin.yaml
  dashboardUrl: http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/
  # No idea what any of this does
  # accessRestrictions:
  # - key: aws.eu6
  # - key: seed.gardener.cloud/eu-access
  #   notifyIf: true 
  #   msg: warning msg
  #   options:
  #   - key: support.gardener.cloud/eu-access-for-cluster-addons
  #     notifyIf: true
  #     msg: warning msg
  #   - key: support.gardener.cloud/eu-access-for-cluster-nodes
  #     notifyIf: true
  #     msg: warning msg
- name: prod
  kubeConfig: ~/clusters/prod/kubeconfig.yaml

Expected behavior

$ gardenctl ls
Error: command must be in the format: ls [gardens|projects|seeds|shoots|issues|namespaces]

Trying each of these commands:

$ gardenctl get target
target:
- kind: garden
  name: devaws

That worked as I set the target earlier.

$ gardenctl ls gardens
gardenClusters:
- name: devaws
- name: prod

I can see those came from my garden.conf file.

Now the remainder of the commands simply fail.

• No idea what changes I need to make them work.

$ gardenctl ls projects
Error: the server could not find the requested resource (get projects.core.gardener.cloud)

$ gardenctl ls seeds
2021/03/01 15:56:33 the server could not find the requested resource (get seeds.core.gardener.cloud)

$ gardenctl ls shoots
Error: the server could not find the requested resource (get projects.core.gardener.cloud)

Namespaces work, as I already had a target.

$ gardenctl ls namespaces
NAME                       STATUS   AGE
broker                     Active   3d2h
default                    Active   3d3h

What I am trying to do (connected to AWS) is:

• Choose a project inside Gardener
• Connect to a cluster
  • If possible, find the VpcId of the worker node
• List all the shoots created
  • Find the first once
  • Using the AWS Cli, look up the InstanceId, and the VpcId it is attached to

Just can't figure out how to get it to return the data I am interested in.

[tedteng]

Choose a project inside Gardener

Step 1 gardenctl target -g -devaws
Step 2 gardenctl ls projects then gardenctl target -p projectName
or gardenctl target -g devaws -p projectName directly

Connect to a cluster
If possible, find the VpcId of the worker node

Step 1 gardenctl target -g devaws -p projectName -t shootName
Step 2 gardenctl kubectl get cm to check vpcid from terraform status or use gardenctl aws xxxxx with aws cli

List all the shoots created
Find the first once

Step 1 gardenctl target -g devaws -p projectName
Step 2 gardenctl ls shoots

Using the AWS Cli, look up the InstanceId, and the VpcId it is attached to

Step 1 gardenctl aws ec2 describe-instances

[dfishburn]

Thank you for the response.
Things break on the first step:

$ gardenctl target -g -devaws
2021/03/02 08:20:03 no match for "-devaws"

So I removed the -

$ gardenctl target -g devaws
Garden:
KUBECONFIG=~/.kube/iotdevk8s--devawsk8s-cluster-admin.yaml

Projects doesn't work though

$ gardenctl ls projects
Error: the server could not find the requested resource (get projects.core.gardener.cloud)

This was really the only ls that worked

$ gardenctl ls gardens
gardenClusters:
- name: devaws
- name: prod

Still using the config as presented in the issue.

[tedteng]

oh, I missed one part.
I assume the ~/.kube/iotdevk8s--devawsk8s-cluster-admin.yaml is one of your project kubeconfig file which is Servicer Account download from Members page?

then gardenctl target -g devaws is target your project now. use gardenctl ls shoots will check how many shoots under the project.
if you need to switch other project gardenctl target -g prod

[petersutter]

name: devaws
kubeConfig: ~/.kube/iotdevk8s--devawsk8s-cluster-admin.yaml
dashboardUrl: http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/

gardenctl needs to be configured with the (virtual) garden kubeconfig, that you can download from the gardener dashboard.
You have two options:

• Download personalized kubeconfig by clicking on your avatar in the top right corner and then click on My Account. Under the Access card you can download your personalized kubeconfig (note that kubelogin kubectl plugin is required)
• Use technical service account kubeconfig: Navigate to the member section of your project and create a new service account and download the kubeconfig

Both kubeconfigs described above point to the (virtual) garden kubeconfig. You would not configure gardenctl with the kubeconfig of your shoot cluster.

The dashboardUrl in your config is actually the gardener dashboard url and not the kubernetes dashboard url. With this, you can target your project and cluster by just providing using the dashboard link of the cluster, e.g. gardenctl target dashboardUrl https://dashboard.garden.example.com/namespace/garden-myproject/shoots/mycluster/

You can skip the accessRestrictions configuration, this is only relevant for operators